[ { "id": 33699, "indicator": "021e134c48cd9ce9eaf6a1c105197e5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 33651, "indicator": "23813c5bf6a7af322b40bd2fd94bd42e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "", "expiration": null, "is_active": 1 }, { "id": 33710, "indicator": "6508ee27afe517aa846f9447faef59b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "", "expiration": null, "is_active": 1 }, { "id": 33628, "indicator": "6f931c15789d234881be8ae8ccfe33f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "", "expiration": null, "is_active": 1 }, { "id": 33648, "indicator": "b8617302180d331e197cc0433fc5023d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 33707, "indicator": "d97aace631d6f089595f5ce177f54a39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2582668904, "indicator": "05b72be669daf775ad677f27af8adbb914453cf2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA1 of 6508ee27afe517aa846f9447faef59b8", "expiration": null, "is_active": 1 }, { "id": 2582686117, "indicator": "59066d5d1ee3ad918111ed6fcaf8513537ff49a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA1 of d97aace631d6f089595f5ce177f54a39", "expiration": null, "is_active": 1 }, { "id": 2582702786, "indicator": "a9a50673ac000a313f3ddba55d63d9773b9f4143", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA1 of b8617302180d331e197cc0433fc5023d", "expiration": null, "is_active": 1 }, { "id": 2582704196, "indicator": "b0740175d20eab79a5d62cdbe0ee1a89212a8472", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA1 of 6f931c15789d234881be8ae8ccfe33f4", "expiration": null, "is_active": 1 }, { "id": 1593597425, "indicator": "bb390f99bfde234bbed59f6a0d962ba874b2396c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA1 of 021e134c48cd9ce9eaf6a1c105197e5d", "expiration": null, "is_active": 1 }, { "id": 2582708373, "indicator": "c3aa52ff1d19e8fc6704777caf7c5bd120056845", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA1 of 23813c5bf6a7af322b40bd2fd94bd42e", "expiration": null, "is_active": 1 }, { "id": 2293842305, "indicator": "049dd4016eeaa16e0a4a88cd8b789a1260cb5e42f784d4e11a4b8e65366d3f21", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA256 of 6508ee27afe517aa846f9447faef59b8", "expiration": null, "is_active": 1 }, { "id": 1593597522, "indicator": "4539a7a77cc8efd531a6164e27afde755326e98061c6c23d7dd1c88147a0b8e1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA256 of 021e134c48cd9ce9eaf6a1c105197e5d", "expiration": null, "is_active": 1 }, { "id": 2293842303, "indicator": "464a283bffd7ae8193b21d00e2b52e15885ce0ebd8a0012c62d062b8dc4d3b8a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA256 of 6f931c15789d234881be8ae8ccfe33f4", "expiration": null, "is_active": 1 }, { "id": 2592900674, "indicator": "ccc9207a21ca1459b135f9afb5afde72409eda7a36a83441ebf5828a4c8434a0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Nuclear", "description": "SHA256 of 23813c5bf6a7af322b40bd2fd94bd42e", "expiration": null, "is_active": 1 }, { "id": 2294839956, "indicator": "cf57463942c165c613168f5c8e68e8e48bd6cb9522fdac08249e9da4e09e3748", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA256 of d97aace631d6f089595f5ce177f54a39", "expiration": null, "is_active": 1 }, { "id": 2592944488, "indicator": "db528ef62742f77fdd26580ebab7f386e6f5cc6ac619376851656effa629b2aa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32.Tavex.A", "description": "SHA256 of b8617302180d331e197cc0433fc5023d", "expiration": null, "is_active": 1 }, { "id": 33717, "indicator": "002e27938c9390a942cf4b4c319f1768", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33751, "indicator": "010ca5e1de980f5f45f9d82027e1606c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33735, "indicator": "01d2383152795e4ec98b874cd585da30", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33691, "indicator": "0570066887f44bc6c82ebe033cad0451", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33700, "indicator": "062fe1336459a851bd0ea271bb2afe35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33655, "indicator": "07bb30a2a42423e54f70af61e20edca3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33765, "indicator": "08b54f9b2b3fb19e388d390d278f3e44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33660, "indicator": "08f299c2d8cfe1ae64d71dfb15fe6e8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33749, "indicator": "09010917cd00dc8ddd21aeb066877aa2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lecna-21", "description": "", "expiration": null, "is_active": 1 }, { "id": 33750, "indicator": "0a4fdacde69a566f53833500a0d53a35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33706, "indicator": "0c4fcef3b583d0ffffc2b14b9297d3a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.I", "description": "", "expiration": null, "is_active": 1 }, { "id": 33755, "indicator": "0cdc35ffc222a714ee138b57d29c8749", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33682, "indicator": "0fcb4ffe2eb391421ec876286c9ddb6c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33739, "indicator": "10aa368899774463a355f1397e6e5151", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Ransom:Win32/Cobra", "description": "", "expiration": null, "is_active": 1 }, { "id": 33680, "indicator": "1133fe501fa4691b7f52e53706c80df9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5349, "indicator": "11876eaadeac34527c28f4ddfadd1e8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33708, "indicator": "12e1dcd71693b6f875a98aefbd4ec91a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33702, "indicator": "139158fe63a0e46639cc20b754a7c38c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33738, "indicator": "1612b392d6145bfb0c43f8a48d78c75f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33712, "indicator": "168d207d0599ed0bb5bcfca3b3e7a9d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33716, "indicator": "1b81b80ff0edf57da2440456d516cc90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33764, "indicator": "1dbb584e19499e26398fb0a7aa2a01b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33715, "indicator": "1e6ee89fddcf23132ee12802337add61", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33678, "indicator": "1f64afa4069036513604cbf651e53e0d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33626, "indicator": "28f2396a1e306d05519b97a3a46ee925", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33624, "indicator": "29395c528693b69233c1c12bef8a64b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33632, "indicator": "2a2b22aa94a59575ca1dea8dd489d2eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33643, "indicator": "2d75de9e1bb58fe61fd971bb720a49b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33675, "indicator": "310a4a62ba3765cbf8e8bbb9f324c503", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33768, "indicator": "3166baffecccd0934bdc657c01491094", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33742, "indicator": "35dfb55f419f476a54241f46e624a1a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33693, "indicator": "37aee58655f5859e60ece6b249107b87", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33703, "indicator": "37e568bed4ae057e548439dc811b4d3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33622, "indicator": "40601cf29c1bbfe0942d1ac914d8ce27", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33724, "indicator": "40f47850c5ebf768fd1303a32310c73e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33630, "indicator": "414854a9b40f7757ed7bfc6a1b01250f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33633, "indicator": "4154548e1f8e9e7eb39d48a4cd75bcd1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33666, "indicator": "428fc53c84e921ac518e54a5d055f54a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33665, "indicator": "42ccbccf48fe1cb63a81c9f094465ae2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33752, "indicator": "44992068aab25daa1decae93b25060af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33669, "indicator": "44b98f22155f420af4528d17bb4a5ec8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "", "expiration": null, "is_active": 1 }, { "id": 33696, "indicator": "49aca228674651cba776be727bdb7e60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 33756, "indicator": "49ee6365618b2a5819d36a48131e280c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33747, "indicator": "4a41c422e9eb29f5d722700b060bca11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33772, "indicator": "4b8531d294c020d5f856b58a5a23b238", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33690, "indicator": "4c10a1efed25b828e4785d9526507fbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33631, "indicator": "4c6b21e98ca03e0ef0910e07cef45dac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33642, "indicator": "4e5c116d874bbaaf7d6dadec7be926f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33744, "indicator": "4ee00c46da143ba70f7e6270960823be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33723, "indicator": "4f00235b5208c128440c5693b7b85366", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33672, "indicator": "4fffcbdd4804f6952e0daf2d67507946", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33733, "indicator": "53f1358cbc298da96ec56e9a08851b4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33659, "indicator": "550459b31d8dabaad1923565b7e50242", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33730, "indicator": "572c9cd4388699347c0b2edb7c6f5e25", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33736, "indicator": "592381dfa14e61bce089cd00c9b118ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_5", "description": "", "expiration": null, "is_active": 1 }, { "id": 33661, "indicator": "597805832d45d522c4882f21db800ecf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33770, "indicator": "59e055cee87d8faf6f701293e5830b5a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33726, "indicator": "5ae51243647b7d03a5cb20dccbc0d561", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33676, "indicator": "5b590798da581c894d8a87964763aa8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33645, "indicator": "5c7a6b3d1b85fad17333e02608844703", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5344, "indicator": "5d4f2871fd1818527ebd65b0ff930a77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-168714", "description": "", "expiration": null, "is_active": 1 }, { "id": 33741, "indicator": "5dd625af837e164dd2084b1f44a45808", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33695, "indicator": "5ddbd80720997f7a8ff53396e8e8b920", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33697, "indicator": "5eaf3deaaf2efac92c73ada82a651afe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33639, "indicator": "62e5d5e244059dc02654f497401615cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33658, "indicator": "646e2cfa6aa457013769e2b89454acf7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33668, "indicator": "649fa64127fef1305ba141dd58fb83a5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33688, "indicator": "65232a8d555d7c4f7bc0d7c5da08c593", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33701, "indicator": "65b984b198359003a5a3b8aaf91af234", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33653, "indicator": "6791254f160e98ac1f46b4d506b695ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33740, "indicator": "6ba315275561d99b1eb8fc614ff0b2b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "", "expiration": null, "is_active": 1 }, { "id": 33720, "indicator": "6bd422d56e85024e67cc12207e330984", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 33647, "indicator": "6e689351d94389ac6fdc341b859c7f6f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33663, "indicator": "71f25831681c19ea17b2f2a84a41bbfb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33636, "indicator": "74b87086887e0c67ffb035069b195ac7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33713, "indicator": "78c4fcee5b7fdbabf3b9941225d95166", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33650, "indicator": "7b111e1054b6b929de071c4f48386415", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33757, "indicator": "7c307ca84f922674049c0c43ca09bec1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33687, "indicator": "8022a4136a6200580962da94f3cdb905", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33704, "indicator": "80e39b656f9a77503fa3e6b7dd123ee3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33758, "indicator": "8214b0e18fbcd5db6b008884e7685f2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33683, "indicator": "82e13f3031130bd9d567c46a9c71ef2b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33727, "indicator": "853a20f5fc6d16202828df132c41a061", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 5358, "indicator": "8c713117af4ca6bbd69292a78069e75b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33718, "indicator": "8c9db773d387bf9b3f2b6a532e4c937c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33709, "indicator": "8da9373fc5b8320fb04d6202ca1eb6f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33743, "indicator": "8e2eee994cd1922e82dea58705cc9631", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33689, "indicator": "8ff473bedbcc77df2c49a91167b1abeb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33679, "indicator": "948a53450e1d7dc7535ea52ca7d5bddd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33760, "indicator": "95bb314fe8fdbe4df31a6d23b0d378bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33641, "indicator": "95bfe940816a89f168cacbc340eb4a5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33644, "indicator": "9982fd829c0048c8f89620691316763a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 33671, "indicator": "9c0cad1560cd0ffe2aa570621ef7d0a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33635, "indicator": "9c31551cd8087072d08c9004c0ce76c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33670, "indicator": "9cbcc68c9b913a5fda445fbc7558c658", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33725, "indicator": "9e27277ef0b6b25ccb2bb79dbf7554a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33714, "indicator": "9e3ef98abcfffcf3205261e09e06cba6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33677, "indicator": "a2e0203e665976a13cdffb4416917250", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33762, "indicator": "a5ca2c5b4d8c0c1bc93570ed13dcab1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33667, "indicator": "a813eba27b2166620bd75029cc1f04b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33692, "indicator": "a9e8e402a7ee459e4896d0ba83543684", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33623, "indicator": "ab153afbfbcfc8c67cf055b0111f0003", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5346, "indicator": "acb2ba25ef225d820ac8a5923b746cb8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33766, "indicator": "ad044dc0e2e1eaa19cf031dbcff9d770", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33684, "indicator": "af1c1c5d8031c4942630b6a10270d8f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33649, "indicator": "af670600dee2bf13a68eb962cce8f122", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5356, "indicator": "b2138a57f723326eda5a26d2dec56851", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 5359, "indicator": "b249bcf741e076f11b6c9553f6104f16", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33685, "indicator": "b493ad490b691b8732983dcca8ea8b6f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33681, "indicator": "b4ae0004094b37a40978ef06f311a75e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33721, "indicator": "b5546842e08950bc17a438d785b5a019", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33763, "indicator": "b590c15499448639c2748ff9e0d214b2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33654, "indicator": "b5a343d11e1f7340de99118ce9fc1bbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33625, "indicator": "b6c08fd8a9f32a17c3550d3b2d302dc5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Rukap.AG", "description": "", "expiration": null, "is_active": 1 }, { "id": 33656, "indicator": "b79d87ff6de654130da95c73f66c15fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33618, "indicator": "b7b282c9e3eca888cbdb5a856e07e8bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33662, "indicator": "b83d43e3b2f0b0a0e5cc047ef258c2cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33737, "indicator": "ba80e3ad617e6998f3c4b003397db840", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33728, "indicator": "baff5262ae01a9217b10fcd5dad9d1d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33711, "indicator": "bbb3cb030686748b1244276e15085153", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5351, "indicator": "bf8616bbed6d804a3dea09b230c2ab0c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33745, "indicator": "c2acc9fc9b0f050ec2103d3ba9cb11c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33627, "indicator": "c4c068200ad8033a0f0cf28507b51842", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33694, "indicator": "c4dec6d69d8035d481e4f2c86f580e81", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33748, "indicator": "c6e388ee5269239070e5ad7336d0bf59", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5345, "indicator": "c90f798ccfbedb4bbe6c4568e0f05b68", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33620, "indicator": "c9484902c7f1756b26244d6d644c9dd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33719, "indicator": "c95cd106c1fecbd500f4b97566d8dc96", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33761, "indicator": "cb1087b2add3245418257d648ac9e9a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33767, "indicator": "cc06815e8d8c0083263651877decb44b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33638, "indicator": "cd1aa1c8cdf4a4ba8dc4309ce30ec263", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33634, "indicator": "d28d67b4397b7ce1508d10bf3054ffe5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_9", "description": "", "expiration": null, "is_active": 1 }, { "id": 33754, "indicator": "d38e02eac7e3b299b46ff2607dd0f288", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33753, "indicator": "d55514d8b97999453621a8614090cbf0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33732, "indicator": "d591dc11ecffdfaf1626c1055417a50d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33769, "indicator": "d8248be5ed0f2f8f9787be331a18c36b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33621, "indicator": "d8e68db503f4155ed1aeba95d1f5e3e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33731, "indicator": "d93026b1c6c828d0905a0868e4cbc55f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33664, "indicator": "da92b863095ee730aef6c6c541ab7697", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33686, "indicator": "db3e5c2f2ce07c2d3fa38d6fc1ceb854", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33729, "indicator": "dc95b0e8ecb22ad607fc912219a640c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33734, "indicator": "df1799845b51300b03072c6569ab96d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33619, "indicator": "e26a2afaaddfb09d9ede505c6f1cc4e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33646, "indicator": "e39756bc99ee1b05e5ee92a1cdd5faf4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33640, "indicator": "e3ae3cbc024e39121c87d73e87bb2210", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 33771, "indicator": "e6289e7f9f26be692cbe6f335a706014", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33637, "indicator": "e62a63307deead5c9fcca6b9a2d51fb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33698, "indicator": "e9e514f8b1561011b4f034263c33a890", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33629, "indicator": "ebf42e8b532e2f3b19046b028b5dfb23", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33746, "indicator": "ec3905d8e100644ae96ad9b51d701a7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Lecna-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 33657, "indicator": "ed151602dea80f39173c2f7b1dd58e06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33722, "indicator": "ee1b23c97f809151805792f8778ead74", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "", "expiration": null, "is_active": 1 }, { "id": 5352, "indicator": "f18be055fae2490221c926e2ad55ab11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33705, "indicator": "f4a648a2382c51ca367be87d05628cff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33759, "indicator": "f97ec83d68362e4dff4756ed1101fea8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33673, "indicator": "fad06d7b4450c4631302264486611ec3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Lecna!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 33652, "indicator": "fe211c7a081c1dac46e3935f7c614549", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 33674, "indicator": "ff00682b0b8c8d13b797d722d9048ea2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2582667881, "indicator": "00e69b059ad6b51b76bc476a115325449d10b4c0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA1 of ee1b23c97f809151805792f8778ead74", "expiration": null, "is_active": 1 }, { "id": 1593597165, "indicator": "01f23e42898bf69528d766fada8b4551197c137e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lecna-21", "description": "SHA1 of 09010917cd00dc8ddd21aeb066877aa2", "expiration": null, "is_active": 1 }, { "id": 1593597365, "indicator": "0263de239ccef669c47399856d481e3361408e90", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of b590c15499448639c2748ff9e0d214b2", "expiration": null, "is_active": 1 }, { "id": 1593597424, "indicator": "0359ffbef6a752ee1a54447b26e272f4a5a35167", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c4dec6d69d8035d481e4f2c86f580e81", "expiration": null, "is_active": 1 }, { "id": 1593597405, "indicator": "0559ab9356dcc869da18b2c96f48b76478c472b3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4ee00c46da143ba70f7e6270960823be", "expiration": null, "is_active": 1 }, { "id": 1593597170, "indicator": "066d06ac08b48d3382d46bbeda6ad411b6d6130e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 37e568bed4ae057e548439dc811b4d3a", "expiration": null, "is_active": 1 }, { "id": 1593597371, "indicator": "0c0f53f7386609720269c552057c6d0f0f2a9ec5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d93026b1c6c828d0905a0868e4cbc55f", "expiration": null, "is_active": 1 }, { "id": 2582670512, "indicator": "0d17a58c24753e5f8fd5276f62c8c7394d8e1481", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Lecna!dha", "description": "SHA1 of fad06d7b4450c4631302264486611ec3", "expiration": null, "is_active": 1 }, { "id": 1593597177, "indicator": "12b2c3b8114e042e90f984d55e84af21cc4a38ce", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 550459b31d8dabaad1923565b7e50242", "expiration": null, "is_active": 1 }, { "id": 1593597413, "indicator": "1d93d5f5463cdf85e3c22c56ed1381957f4efaac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9c31551cd8087072d08c9004c0ce76c5", "expiration": null, "is_active": 1 }, { "id": 1593597404, "indicator": "1ef415bca310575944934fc97b0aa720943ba512", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4b8531d294c020d5f856b58a5a23b238", "expiration": null, "is_active": 1 }, { "id": 1593597381, "indicator": "2326537acbe1ab28b1da05912f221d00c76d99d2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 139158fe63a0e46639cc20b754a7c38c", "expiration": null, "is_active": 1 }, { "id": 1593597183, "indicator": "2415f661046fdbe3eea8cd276b6f13354019b1a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 853a20f5fc6d16202828df132c41a061", "expiration": null, "is_active": 1 }, { "id": 2582675711, "indicator": "263f094da3f64e72ef8dc3d02be4fb33de1fdb96", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_9", "description": "SHA1 of d28d67b4397b7ce1508d10bf3054ffe5", "expiration": null, "is_active": 1 }, { "id": 2582675935, "indicator": "27a2b981d4c0bb8c3628bfe990db4619ddfdff74", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Ransom:Win32/Cobra", "description": "SHA1 of 10aa368899774463a355f1397e6e5151", "expiration": null, "is_active": 1 }, { "id": 2582676308, "indicator": "29698edd5b2a9a98503b975f93bc0a2daaf69255", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "SHA1 of 9982fd829c0048c8f89620691316763a", "expiration": null, "is_active": 1 }, { "id": 1593597372, "indicator": "2a4c8752f3e7fde0139421b8d5713b29c720685d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of db3e5c2f2ce07c2d3fa38d6fc1ceb854", "expiration": null, "is_active": 1 }, { "id": 1593597422, "indicator": "342036ace2e9e6d504b0dec6399e4fa92de46c12", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a813eba27b2166620bd75029cc1f04b0", "expiration": null, "is_active": 1 }, { "id": 1593597364, "indicator": "355436a16d7a2eba8a284b63bb252a8bb1644751", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of b2138a57f723326eda5a26d2dec56851", "expiration": null, "is_active": 1 }, { "id": 1593597418, "indicator": "3ac73ec065ab218a3224e5ade0cf3451dbcb3aab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 37aee58655f5859e60ece6b249107b87\nSHA1 of 37aee58655f5859e60ece6b249107b87", "expiration": null, "is_active": 1 }, { "id": 1593597436, "indicator": "3b684fa40b4f096e99fbf535962c7da5cf0b4528", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of bf8616bbed6d804a3dea09b230c2ab0c", "expiration": null, "is_active": 1 }, { "id": 1593597168, "indicator": "4350e906d590dca5fcc90ed3215467524e0a4e3d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1f64afa4069036513604cbf651e53e0d", "expiration": null, "is_active": 1 }, { "id": 1593597375, "indicator": "442bf8690401a2087a340ce4a48151c39101652f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of e3ae3cbc024e39121c87d73e87bb2210", "expiration": null, "is_active": 1 }, { "id": 2582681760, "indicator": "44492c53715d7c79895904543843a321491cb23a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "SHA1 of 1b81b80ff0edf57da2440456d516cc90", "expiration": null, "is_active": 1 }, { "id": 1593597174, "indicator": "51ae5dd089fe2c186098f8028003f1e03ba29e0c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4c10a1efed25b828e4785d9526507fbc", "expiration": null, "is_active": 1 }, { "id": 1593597382, "indicator": "5257ba027abe3a2cf397bfcae87b13ab9c1e9019", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4a41c422e9eb29f5d722700b060bca11", "expiration": null, "is_active": 1 }, { "id": 2582685302, "indicator": "54b098f50c59f5ced1d782eb32907e6c6f070f78", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "SHA1 of 49aca228674651cba776be727bdb7e60", "expiration": null, "is_active": 1 }, { "id": 1593597415, "indicator": "57169cb4b8ef7a0d7ebd7aa039d1a1efd6eb639e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 310a4a62ba3765cbf8e8bbb9f324c503", "expiration": null, "is_active": 1 }, { "id": 1593597164, "indicator": "572caa09f2b600daa941c60db1fc410bef8d1771", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 062fe1336459a851bd0ea271bb2afe35", "expiration": null, "is_active": 1 }, { "id": 1593597376, "indicator": "591db6f211ba40199e0c09aa6860be97cc3728e9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of e62a63307deead5c9fcca6b9a2d51fb0", "expiration": null, "is_active": 1 }, { "id": 1593597390, "indicator": "5a5af7e88baf7c6973ea4009f9fb7dc400cb7709", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of dc95b0e8ecb22ad607fc912219a640c1", "expiration": null, "is_active": 1 }, { "id": 1593597379, "indicator": "5b770fe5824f963fbc4192042c06253989f6940c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 07bb30a2a42423e54f70af61e20edca3", "expiration": null, "is_active": 1 }, { "id": 1593597430, "indicator": "5c29e21bbe8873778f9363258f5e570dddcadeb9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA1 of 80e39b656f9a77503fa3e6b7dd123ee3", "expiration": null, "is_active": 1 }, { "id": 1593597423, "indicator": "5cdf397dfd9eb66ff5ff636777f6982c1254a37a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b4ae0004094b37a40978ef06f311a75e", "expiration": null, "is_active": 1 }, { "id": 1593597399, "indicator": "6b27bc0b0460b0a25b45d897ed4f399106c284d9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2a2b22aa94a59575ca1dea8dd489d2eb", "expiration": null, "is_active": 1 }, { "id": 1593597400, "indicator": "6df5b4b3da0964153bad22fb1f69483ae8316655", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2d75de9e1bb58fe61fd971bb720a49b7", "expiration": null, "is_active": 1 }, { "id": 1593597421, "indicator": "71fd952d58cc1948d2a3f67f10d446979f2faf14", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8ff473bedbcc77df2c49a91167b1abeb", "expiration": null, "is_active": 1 }, { "id": 1593597411, "indicator": "72dae031d885dbf492c0232dd1c792ab4785a2dc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8214b0e18fbcd5db6b008884e7685f2c", "expiration": null, "is_active": 1 }, { "id": 1593597167, "indicator": "74c6c0bac8cf2d069efc6c6408d959f48d439af5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 12e1dcd71693b6f875a98aefbd4ec91a\nSHA1 of 12e1dcd71693b6f875a98aefbd4ec91a", "expiration": null, "is_active": 1 }, { "id": 1593597435, "indicator": "75367d8b506031df5923c2d8d7f1b9f643a123cd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA1 of 6ba315275561d99b1eb8fc614ff0b2b3", "expiration": null, "is_active": 1 }, { "id": 1593597389, "indicator": "7c9a13f1fdd6452fb6d62067f958bfc5fec1d24e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of cc06815e8d8c0083263651877decb44b", "expiration": null, "is_active": 1 }, { "id": 1593597398, "indicator": "7e516ec04f28c76d67b8111ddfe58bbd628362cc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1133fe501fa4691b7f52e53706c80df9", "expiration": null, "is_active": 1 }, { "id": 1593597396, "indicator": "7f11f5c9475240e5dd2eea7726c9229972cffc1f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0570066887f44bc6c82ebe033cad0451", "expiration": null, "is_active": 1 }, { "id": 1593597176, "indicator": "856f89ec47bc356d91e2dba7d61844e096a0c670", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4e5c116d874bbaaf7d6dadec7be926f5", "expiration": null, "is_active": 1 }, { "id": 2582695557, "indicator": "8667f635fe089c5e2c666b3fe22eaf3ff8590a69", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.I", "description": "SHA1 of 0c4fcef3b583d0ffffc2b14b9297d3a4", "expiration": null, "is_active": 1 }, { "id": 1593597433, "indicator": "868d1f4c106a08bd2e5af4f23139f0e0cd798fba", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "SHA1 of 74b87086887e0c67ffb035069b195ac7", "expiration": null, "is_active": 1 }, { "id": 1593597370, "indicator": "8b4271167655787be1988574446125eae5043aca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d8e68db503f4155ed1aeba95d1f5e3e4", "expiration": null, "is_active": 1 }, { "id": 1593597175, "indicator": "8cea83299af8f5ec6c278247e649c9d91d4cf3bc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 4c6b21e98ca03e0ef0910e07cef45dac", "expiration": null, "is_active": 1 }, { "id": 1593597373, "indicator": "9404794c6521bbbcc4afe9bd87d9a26beff904e6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of df1799845b51300b03072c6569ab96d5", "expiration": null, "is_active": 1 }, { "id": 1593597397, "indicator": "94d3f91d1e50ecea729617729013c3d143bf2c3e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0a4fdacde69a566f53833500a0d53a35", "expiration": null, "is_active": 1 }, { "id": 2582698723, "indicator": "9531e21652143b8b129ab8c023dc05fef2a17cc3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA1 of 44b98f22155f420af4528d17bb4a5ec8", "expiration": null, "is_active": 1 }, { "id": 1593597369, "indicator": "959573261ca1d7e5ddcd19447475b2139ca24fe1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of d38e02eac7e3b299b46ff2607dd0f288", "expiration": null, "is_active": 1 }, { "id": 1593597408, "indicator": "95a3c812ca0ad104f045b26c483495129bcf37ca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6791254f160e98ac1f46b4d506b695ad", "expiration": null, "is_active": 1 }, { "id": 1593597394, "indicator": "973afd5d36d68d956c0dd5e5cca8187227461ba9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b5546842e08950bc17a438d785b5a019", "expiration": null, "is_active": 1 }, { "id": 1593597407, "indicator": "9967a99a1b627ddb6899919e32a0f544ea498b48", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 65b984b198359003a5a3b8aaf91af234", "expiration": null, "is_active": 1 }, { "id": 1593597384, "indicator": "9b9cba15a84f102ff4935eb33e8e550b7679b07c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 948a53450e1d7dc7535ea52ca7d5bddd", "expiration": null, "is_active": 1 }, { "id": 1593597386, "indicator": "9f49aa1090fa478b9857e15695be4a89f8f3e594", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of af1c1c5d8031c4942630b6a10270d8f4", "expiration": null, "is_active": 1 }, { "id": 1593597412, "indicator": "a2ccba46e40d0fb0dd3e1dba160ecbb5440862ec", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8da9373fc5b8320fb04d6202ca1eb6f1", "expiration": null, "is_active": 1 }, { "id": 1593597392, "indicator": "aa44328a9dcf8f0ddc3eda5876d7ac52668d3f54", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 572c9cd4388699347c0b2edb7c6f5e25", "expiration": null, "is_active": 1 }, { "id": 1593597395, "indicator": "aba8b9fa213e5e2f1f0404d13fecc20ea8651b57", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 010ca5e1de980f5f45f9d82027e1606c", "expiration": null, "is_active": 1 }, { "id": 1593597377, "indicator": "b1332cd547969b65271b7a85a04d029f3ec4f448", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Lecna-1", "description": "SHA1 of ec3905d8e100644ae96ad9b51d701a7f", "expiration": null, "is_active": 1 }, { "id": 1593597179, "indicator": "b1c37632e604a5d1f430c9351f87eb9e8ea911c0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 5ae51243647b7d03a5cb20dccbc0d561", "expiration": null, "is_active": 1 }, { "id": 1593597380, "indicator": "b3ed48e91bfbee64756457911fe44ac425d7e0e6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 08f299c2d8cfe1ae64d71dfb15fe6e8d", "expiration": null, "is_active": 1 }, { "id": 2582705529, "indicator": "b63cfa382c269d0d375f637633887d6049f00e78", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 649fa64127fef1305ba141dd58fb83a5", "expiration": null, "is_active": 1 }, { "id": 1593597401, "indicator": "b68bce61dfd8763c3003480ba4066b3cb1ef126e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 40601cf29c1bbfe0942d1ac914d8ce27", "expiration": null, "is_active": 1 }, { "id": 1593597429, "indicator": "b69b95db8a55a050d6d6c0cba13d73975b8219ca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA1 of 28f2396a1e306d05519b97a3a46ee925\nSHA1 of 28f2396a1e306d05519b97a3a46ee925", "expiration": null, "is_active": 1 }, { "id": 1593597406, "indicator": "b6f1fb0f8a2fb92a3c60e154f24cfbca1984529f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 5ddbd80720997f7a8ff53396e8e8b920", "expiration": null, "is_active": 1 }, { "id": 1593597367, "indicator": "b6fe32af3c0ab600003a6569acc1b6506a436d60", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ba80e3ad617e6998f3c4b003397db840", "expiration": null, "is_active": 1 }, { "id": 1593597163, "indicator": "b836d5d21c605a019936f5da1b78e03a01846ea6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 002e27938c9390a942cf4b4c319f1768", "expiration": null, "is_active": 1 }, { "id": 1593597393, "indicator": "b90ac3e58ed472829e2562023e6e892d2d61ac44", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6e689351d94389ac6fdc341b859c7f6f", "expiration": null, "is_active": 1 }, { "id": 2582707142, "indicator": "bddef041898aee72d6fe43acbfe0881b04999275", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Rukap.AG", "description": "SHA1 of b6c08fd8a9f32a17c3550d3b2d302dc5", "expiration": null, "is_active": 1 }, { "id": 1593597409, "indicator": "bde9a72b2113d18b4fa537cc080d8d8ba1a231e8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7b111e1054b6b929de071c4f48386415", "expiration": null, "is_active": 1 }, { "id": 1593597182, "indicator": "c3248fa667b21765106aca2ec0b5f46bfaf997af", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 65232a8d555d7c4f7bc0d7c5da08c593", "expiration": null, "is_active": 1 }, { "id": 1593597428, "indicator": "cb4263cab467845dae9fae427e3bbeb31c6a14c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 11876eaadeac34527c28f4ddfadd1e8d", "expiration": null, "is_active": 1 }, { "id": 2582709969, "indicator": "cb4833220c508182c0ccd4e0d5a867d6c4e675f8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_5", "description": "SHA1 of 592381dfa14e61bce089cd00c9b118ae", "expiration": null, "is_active": 1 }, { "id": 1593597403, "indicator": "cc124682246d098740cfa7d20aede850d49b6597", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 49ee6365618b2a5819d36a48131e280c", "expiration": null, "is_active": 1 }, { "id": 1593597171, "indicator": "cca54959dbb683bcad869e281d41c24ce6cb1404", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 40f47850c5ebf768fd1303a32310c73e", "expiration": null, "is_active": 1 }, { "id": 1593597410, "indicator": "ce1f53e06feab1e92f07ed544c288bf39c6fce19", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8022a4136a6200580962da94f3cdb905", "expiration": null, "is_active": 1 }, { "id": 1593597432, "indicator": "cfa438449715b61bffa20130df8af778ef011e15", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-168714", "description": "SHA1 of 5d4f2871fd1818527ebd65b0ff930a77", "expiration": null, "is_active": 1 }, { "id": 2582712028, "indicator": "d5cb07d178963f2dea2c754d261185ecc94e09d6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA1 of d591dc11ecffdfaf1626c1055417a50d", "expiration": null, "is_active": 1 }, { "id": 1593597169, "indicator": "d8509bdab6f801fbdf5ea3aa1b9bd45a12fafc38", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 29395c528693b69233c1c12bef8a64b3\nSHA1 of 29395c528693b69233c1c12bef8a64b3", "expiration": null, "is_active": 1 }, { "id": 1593597166, "indicator": "dd99fa8c41a0bb91035e247602777cc52ec51939", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 0fcb4ffe2eb391421ec876286c9ddb6c", "expiration": null, "is_active": 1 }, { "id": 1593597172, "indicator": "df48a7cd6c4a8f78f5847bad3776abc0458499a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 414854a9b40f7757ed7bfc6a1b01250f", "expiration": null, "is_active": 1 }, { "id": 1593597173, "indicator": "e26588113417bf68cb0c479638c9cd99a48e846d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 428fc53c84e921ac518e54a5d055f54a", "expiration": null, "is_active": 1 }, { "id": 1593597414, "indicator": "e72e67ba32946c2702b7662c510cc1242cffe802", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c90f798ccfbedb4bbe6c4568e0f05b68", "expiration": null, "is_active": 1 }, { "id": 1593597185, "indicator": "e814914079af78d9f1b71000fee3c29d31d9b586", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 9c0cad1560cd0ffe2aa570621ef7d0a0", "expiration": null, "is_active": 1 }, { "id": 1593597416, "indicator": "eb518cda3c4f4e6938aaaee07f1f7db8ee91c901", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8c713117af4ca6bbd69292a78069e75b", "expiration": null, "is_active": 1 }, { "id": 1593597420, "indicator": "eca53a9f6251ddf438508b28d8a483f91b99a3fd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 71f25831681c19ea17b2f2a84a41bbfb", "expiration": null, "is_active": 1 }, { "id": 2582717423, "indicator": "efca66680df9d40b0d40a76200df8f5cc01b2d69", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tavex.A", "description": "SHA1 of 6bd422d56e85024e67cc12207e330984", "expiration": null, "is_active": 1 }, { "id": 1593597427, "indicator": "f3be6514b68f4efb51c215415b4f0c4701fb45fa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of f18be055fae2490221c926e2ad55ab11", "expiration": null, "is_active": 1 }, { "id": 1593597499, "indicator": "00bd90d8deae6ed682e7967e528dcf43d84937fb67a829d72cb67adb908e48b9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 40601cf29c1bbfe0942d1ac914d8ce27", "expiration": null, "is_active": 1 }, { "id": 1593597512, "indicator": "017f4349170bd50e0abe565cd96ce7c65cf9a8308f76a20a0a7f391f73390012", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 310a4a62ba3765cbf8e8bbb9f324c503", "expiration": null, "is_active": 1 }, { "id": 1593597446, "indicator": "03d18579e9b4412d4f6cd37aed7d4b62a3ad95defd0968e3711807a5b055e41a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 414854a9b40f7757ed7bfc6a1b01250f", "expiration": null, "is_active": 1 }, { "id": 1593597482, "indicator": "095cee8f9f9f533b315843039a901d3613a31e6a0ae3322f52ca8711f8e3507b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 948a53450e1d7dc7535ea52ca7d5bddd", "expiration": null, "is_active": 1 }, { "id": 1593597493, "indicator": "0beb385415a07e576ed682751481be864af7aebb8281b3b0fb092efbbaf427f9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 010ca5e1de980f5f45f9d82027e1606c", "expiration": null, "is_active": 1 }, { "id": 246180214, "indicator": "10b94d3088a21b367c085e5f6493f022b47f279352e657719f7b8a5957964a1d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 11876eaadeac34527c28f4ddfadd1e8d", "expiration": null, "is_active": 1 }, { "id": 1593597496, "indicator": "1daa04c34d2f252f199403f2f719f355b020921bd3280e2d7676e59f6e7b802e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1133fe501fa4691b7f52e53706c80df9", "expiration": null, "is_active": 1 }, { "id": 1593597444, "indicator": "31a1336f9998313bc33db0bb58ba1c8de5d6d806471f8a3252c858ab073cdd07", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 37e568bed4ae057e548439dc811b4d3a", "expiration": null, "is_active": 1 }, { "id": 1593597451, "indicator": "391adffdda738ce1d1179e715655b0baafa2505e7757185688b2e3092b8b6b2c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 550459b31d8dabaad1923565b7e50242", "expiration": null, "is_active": 1 }, { "id": 1593597520, "indicator": "39a1d2f60602dd24a669bee6b10bdbcf4621a35ef339745e7ac384e46d6dc303", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b4ae0004094b37a40978ef06f311a75e", "expiration": null, "is_active": 1 }, { "id": 1593597441, "indicator": "3ada3cd02c9b7c3872b6c132b5916702d874270798c766db6eb347c7561deb1c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 12e1dcd71693b6f875a98aefbd4ec91a\nSHA256 of 12e1dcd71693b6f875a98aefbd4ec91a", "expiration": null, "is_active": 1 }, { "id": 1593597456, "indicator": "3b1defbeb51c1dc737ec14da04938c23a2a580412537ff826a5df75f262d3211", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 65232a8d555d7c4f7bc0d7c5da08c593", "expiration": null, "is_active": 1 }, { "id": 1593597465, "indicator": "3c81f658aea68df6aeac3a388d0a57b72874631f5f916824d45569dfb7382703", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ba80e3ad617e6998f3c4b003397db840", "expiration": null, "is_active": 1 }, { "id": 1593597492, "indicator": "3d42796c0611fbceb5ded8a315bea23690d684137161baa733aea4d19bc9902f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b5546842e08950bc17a438d785b5a019", "expiration": null, "is_active": 1 }, { "id": 2589343696, "indicator": "3f0542db6dee2a543e145acd7f71e7de4d7b11e2abb78af0d2e84986a527b807", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Rukap.AG", "description": "SHA256 of b6c08fd8a9f32a17c3550d3b2d302dc5", "expiration": null, "is_active": 1 }, { "id": 1593597519, "indicator": "3f62c49c723f80a728f574d29c2104ea16bc63d6caf2331d19c56e7f8011c34e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a813eba27b2166620bd75029cc1f04b0", "expiration": null, "is_active": 1 }, { "id": 1593597515, "indicator": "3ff2fe9a2ac6bdfd41f5743d4aef3927bbe89410f5f32ae9c965c3f67affcf7f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 37aee58655f5859e60ece6b249107b87\nSHA256 of 37aee58655f5859e60ece6b249107b87", "expiration": null, "is_active": 1 }, { "id": 1593597480, "indicator": "41009a7ee00d2c640e9f8681f65352b85eebc43f5536ea078ac91372a60f5ee7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4a41c422e9eb29f5d722700b060bca11", "expiration": null, "is_active": 1 }, { "id": 1593597443, "indicator": "4a3f19b7aefbd8c83d865c2d1e962cddc863ac6520eddb58417a14191231ea2e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 29395c528693b69233c1c12bef8a64b3\nSHA256 of 29395c528693b69233c1c12bef8a64b3", "expiration": null, "is_active": 1 }, { "id": 1593597510, "indicator": "4ac283b1f82e49d2eee206b03a0b0e081661fc844a7e449d59579367cb37da00", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8da9373fc5b8320fb04d6202ca1eb6f1", "expiration": null, "is_active": 1 }, { "id": 1593597507, "indicator": "4d155fd3a765cdda561161ae7d3202157af7fc44d4bbf14418b9d7ca6953e558", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7b111e1054b6b929de071c4f48386415", "expiration": null, "is_active": 1 }, { "id": 1593597449, "indicator": "4d977b50ad088fe37978095dce174c3d09abe011c80e38ee026fe5e640e2814d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 4c6b21e98ca03e0ef0910e07cef45dac", "expiration": null, "is_active": 1 }, { "id": 1593597487, "indicator": "4fa0e0cfe9406f6644613f91afda3e48418f147e0145712a3ac334492edba5af", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of cc06815e8d8c0083263651877decb44b", "expiration": null, "is_active": 1 }, { "id": 1593597501, "indicator": "50267aeb0e7618fd4bd3a57f2c6d2ee5bbd3e7219f3291d9862c1b65b83ce481", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 49ee6365618b2a5819d36a48131e280c", "expiration": null, "is_active": 1 }, { "id": 1593597528, "indicator": "50a9104e02e2fc6a1c3bc9b4f4e8be10c52f2c1c6943734c6497dd7ed4ef6172", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "SHA256 of 74b87086887e0c67ffb035069b195ac7", "expiration": null, "is_active": 1 }, { "id": 2296594766, "indicator": "5859e3fffc947cc9ef8787efc622d525347fdded3a6518ab55406228eac563ff", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Lecna!dha", "description": "SHA256 of fad06d7b4450c4631302264486611ec3", "expiration": null, "is_active": 1 }, { "id": 1593597525, "indicator": "5a07e6943e800d7951603b5a2dae22fd5b022fffa5f820ed1212820e2c357b0d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA256 of 28f2396a1e306d05519b97a3a46ee925\nSHA256 of 28f2396a1e306d05519b97a3a46ee925", "expiration": null, "is_active": 1 }, { "id": 2589474883, "indicator": "5ab066fabc14936b6e5253ac6d6e8547f8d5284270c7374a283de7bf42ee9ad2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_5", "description": "SHA256 of 592381dfa14e61bce089cd00c9b118ae", "expiration": null, "is_active": 1 }, { "id": 1593597469, "indicator": "5bc92c5fc35388b6ea7c07390031fee034ed3af30095101a696845efd1de8cab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d93026b1c6c828d0905a0868e4cbc55f", "expiration": null, "is_active": 1 }, { "id": 2242188715, "indicator": "5c17dcdb2a4f7450a9e0137584cde844f323bd6b570275181282bd0e8e4a5d85", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA256 of ee1b23c97f809151805792f8778ead74", "expiration": null, "is_active": 1 }, { "id": 2589482895, "indicator": "615c28236dc561e3866a2845bbe3457716bca0d98eb9c13a315d6ef7fcc9beb3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "SHA256 of 49aca228674651cba776be727bdb7e60", "expiration": null, "is_active": 1 }, { "id": 1593597502, "indicator": "616fdc57d3bb0c61e31979a788bd5c3030b6be6c7c666ddd48508bd3c3e941b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4b8531d294c020d5f856b58a5a23b238", "expiration": null, "is_active": 1 }, { "id": 2589504344, "indicator": "6279f19b1c0bfc07feca5fccdd44edb7ad4173f8f7d277d7ce1d20c330d5b535", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Tavex.A", "description": "SHA256 of 9982fd829c0048c8f89620691316763a", "expiration": null, "is_active": 1 }, { "id": 1593597477, "indicator": "70ff05fdeb51559c17696eb1c8577dd0aed7eaafb6922c711aa0b6721db246d9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 07bb30a2a42423e54f70af61e20edca3", "expiration": null, "is_active": 1 }, { "id": 1593597440, "indicator": "727ba0af318b26c3c650563b2db984f7a7f8f6616b9d8dfaa3805766aab9a915", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 0fcb4ffe2eb391421ec876286c9ddb6c", "expiration": null, "is_active": 1 }, { "id": 1593597508, "indicator": "805cc7b05686815be09b5173c4c7037eb91f14f27792ebbb8bd90f427d1ca5b1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8022a4136a6200580962da94f3cdb905", "expiration": null, "is_active": 1 }, { "id": 1593597488, "indicator": "80e1e8c7b7e69a46a97ca4e6f591b15e09ae288b4e0bb5ee457b26c61062da92", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of dc95b0e8ecb22ad607fc912219a640c1", "expiration": null, "is_active": 1 }, { "id": 2589614388, "indicator": "816251b3ca42089c057d5980079b1e36a0ef1c9c3ff1c9c20aa8c5ca0fef77d4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 649fa64127fef1305ba141dd58fb83a5", "expiration": null, "is_active": 1 }, { "id": 1593597439, "indicator": "823a77a64e1e5bb9078ec1af5b446f54a6d21c6308f02eb07d0d8dbf26a7940c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lecna-21", "description": "SHA256 of 09010917cd00dc8ddd21aeb066877aa2", "expiration": null, "is_active": 1 }, { "id": 1593597494, "indicator": "842d3b54c0d1a3cc1420a66ee2ea62851bfdfe2afbbe5b0832fbb6fbbe962ae8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0570066887f44bc6c82ebe033cad0451", "expiration": null, "is_active": 1 }, { "id": 1593597457, "indicator": "9226407939dc4f0c4d4d2b6f9811a9e8ee8c2b073b9f95f11590dec440253f2a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 853a20f5fc6d16202828df132c41a061", "expiration": null, "is_active": 1 }, { "id": 2296594768, "indicator": "965b9852fbb900d604e826b0a5614a23571c7b4c65580b189511f7f699a384ca", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Lecna.A!dha", "description": "SHA256 of 1b81b80ff0edf57da2440456d516cc90", "expiration": null, "is_active": 1 }, { "id": 1593597521, "indicator": "98f028dfd1ef15f10c1184823ae7199e329aa3c811d511d183ee83e68af3c980", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c4dec6d69d8035d481e4f2c86f580e81", "expiration": null, "is_active": 1 }, { "id": 1593597442, "indicator": "9b5b06159946f080dd4a7dc4ab01f6d275b19dc2a2b540d5567fbefa2fddc709", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1f64afa4069036513604cbf651e53e0d", "expiration": null, "is_active": 1 }, { "id": 1593597498, "indicator": "a1f3d348e433e89687fb4db003e2f9c15d808b28412729f72373d99d53a01a6d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2d75de9e1bb58fe61fd971bb720a49b7", "expiration": null, "is_active": 1 }, { "id": 1593597530, "indicator": "a3d488b01d0fb4cf211b8a47e7e0203dbc9c5b8d11221d2d4fefac3c53e6b049", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA256 of 6ba315275561d99b1eb8fc614ff0b2b3", "expiration": null, "is_active": 1 }, { "id": 1593597505, "indicator": "aad449dcfd2915cdae23b15062e34a78b21d929c584c18835c0f5dfaf9089a4a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 65b984b198359003a5a3b8aaf91af234", "expiration": null, "is_active": 1 }, { "id": 1593597517, "indicator": "ad410f7e25082e139b433814c370750ae74cf43727486cb2e0b35ad88b2c0910", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 71f25831681c19ea17b2f2a84a41bbfb", "expiration": null, "is_active": 1 }, { "id": 1593597511, "indicator": "b01780388d276f49b4b55e42aea3dedbda5b62fc7bce21f733d3efdd8ed2cb6d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9c31551cd8087072d08c9004c0ce76c5", "expiration": null, "is_active": 1 }, { "id": 1593597524, "indicator": "b2f3323418d20b0b91419e58b6ca2b57423286a7046f6729cafbe39178f65124", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of f18be055fae2490221c926e2ad55ab11", "expiration": null, "is_active": 1 }, { "id": 1593597491, "indicator": "b3098b9b3e16856481d195c80f6a6b4bd1841d31b0f3587e3516f847de345682", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6e689351d94389ac6fdc341b859c7f6f", "expiration": null, "is_active": 1 }, { "id": 1593597459, "indicator": "b4e93bb2693f2ea647c42c7e4bd63ef0ab61d6c53affa6799a52b06d8c99f719", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 9c0cad1560cd0ffe2aa570621ef7d0a0", "expiration": null, "is_active": 1 }, { "id": 1593597518, "indicator": "b5c32e139d5e9e3599dd5289f21bb1c5ca75762cc59e94582911c4fd85230de0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8ff473bedbcc77df2c49a91167b1abeb", "expiration": null, "is_active": 1 }, { "id": 246185087, "indicator": "b628e1951c0843b048cf8f4884753ef622bcbf3c06499c25f9f96201d8ce8def", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-168714", "description": "SHA256 of 5d4f2871fd1818527ebd65b0ff930a77", "expiration": null, "is_active": 1 }, { "id": 1593597526, "indicator": "b76a6090fdf004fd6d6e94f3dc90a7c75fb136f2b4d2fbfe6f086166c8db5b08", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA256 of 80e39b656f9a77503fa3e6b7dd123ee3", "expiration": null, "is_active": 1 }, { "id": 1593597445, "indicator": "b798d77517558d1a66d7480aa9e5d7878f9838bde54c2c8dd7976f9233878a17", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 40f47850c5ebf768fd1303a32310c73e", "expiration": null, "is_active": 1 }, { "id": 2592808744, "indicator": "ba15081f01bdc87dbe07329445c2b885fa4f6b9f3a775f369563897505e2ab4e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "APT30_Generic_9", "description": "SHA256 of d28d67b4397b7ce1508d10bf3054ffe5", "expiration": null, "is_active": 1 }, { "id": 1593597468, "indicator": "ba2e8bee0e14c1689cc2df494b92924c547fff8f95f0d36e8925db9c2c0db8e4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d8e68db503f4155ed1aeba95d1f5e3e4", "expiration": null, "is_active": 1 }, { "id": 1593597473, "indicator": "bb6d8ef6a44bfece920aab9139ddee1b9e66a79fcf307c6213fdf70221719cff", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of e3ae3cbc024e39121c87d73e87bb2210", "expiration": null, "is_active": 1 }, { "id": 2592838369, "indicator": "bd3373df99b455d28b63b4c70e706a67b4be9faaef1572db197eb9a5c9c14b30", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.I", "description": "SHA256 of 0c4fcef3b583d0ffffc2b14b9297d3a4", "expiration": null, "is_active": 1 }, { "id": 1593597484, "indicator": "c1e9dfa1f1b3037da9b72354edf25250c12084234bccfbb6d970b1c196cddda1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of af1c1c5d8031c4942630b6a10270d8f4", "expiration": null, "is_active": 1 }, { "id": 1593597506, "indicator": "c333a38ca6e76da8db172d4b5b7e7b8d1fafea4a14bac8bd5c36c0c57f6e3f27", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6791254f160e98ac1f46b4d506b695ad", "expiration": null, "is_active": 1 }, { "id": 1593597490, "indicator": "c3fd244badd96c81c40e63d7001ffc4a97336a930a882bdd555e8c4b1439411b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 572c9cd4388699347c0b2edb7c6f5e25", "expiration": null, "is_active": 1 }, { "id": 1593597513, "indicator": "c50a48ef605b1f57f37afb883d643d69233cf506065d2bf806dae639cac8c264", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8c713117af4ca6bbd69292a78069e75b", "expiration": null, "is_active": 1 }, { "id": 1593597495, "indicator": "c64598688487febdbc958218d9f989953491ff3946a7d7a2805f5a32149db38b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0a4fdacde69a566f53833500a0d53a35", "expiration": null, "is_active": 1 }, { "id": 1593597438, "indicator": "c806be534ad3fd83ec5a7c8d3a378c1f033856db152bea93b5778286d4db1e49", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 062fe1336459a851bd0ea271bb2afe35", "expiration": null, "is_active": 1 }, { "id": 1593597437, "indicator": "cd2d206d320a343bcc26714130c6c1160102afc41edd256f9fc944b7a3de9c36", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 002e27938c9390a942cf4b4c319f1768", "expiration": null, "is_active": 1 }, { "id": 1593597447, "indicator": "cde12cbc192669adfb9f4ecd35cb2152b3435276f42fde240671528bbae97ebb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 428fc53c84e921ac518e54a5d055f54a", "expiration": null, "is_active": 1 }, { "id": 1593597503, "indicator": "d00c63ac0935f97cb01b5bd4994d60fe7a326b9b075e9ac4e98c8f8e527af564", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4ee00c46da143ba70f7e6270960823be", "expiration": null, "is_active": 1 }, { "id": 1593597531, "indicator": "d02d16ca1d1f4e05f98771fabe09dd1ac16ccf7031e2652d29723af35d3d9e82", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of bf8616bbed6d804a3dea09b230c2ab0c", "expiration": null, "is_active": 1 }, { "id": 1593597463, "indicator": "d2c5e3ce8fcdbf70e06b63437c24788e6fca61742c8cce76374f5bcda95a0585", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of b590c15499448639c2748ff9e0d214b2", "expiration": null, "is_active": 1 }, { "id": 1593597474, "indicator": "d41bd6f092a77314eb885c91f5588003d8354630aebf51e6229ac3e14c9fe5e4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of e62a63307deead5c9fcca6b9a2d51fb0", "expiration": null, "is_active": 1 }, { "id": 1593597475, "indicator": "dc6c608733c5ec00633c9ddc9e79700719b47eca72c19d6dfd0b0b590830faf6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Lecna-1", "description": "SHA256 of ec3905d8e100644ae96ad9b51d701a7f", "expiration": null, "is_active": 1 }, { "id": 246185398, "indicator": "deaf20dce2aa4ba813396195db2dd1ff436a1ae8d740684a0f128fb9730f13d2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c90f798ccfbedb4bbe6c4568e0f05b68", "expiration": null, "is_active": 1 }, { "id": 2248109288, "indicator": "dec173444481ca304f478b9f656e2d34e822b250e594f1e07c889824e183826b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Shipup.F", "description": "SHA256 of 44b98f22155f420af4528d17bb4a5ec8", "expiration": null, "is_active": 1 }, { "id": 1593597497, "indicator": "df2fe088b74dc4b05109e29c4fa598311a261cffbba5e37e4a7f0676bb6fc6eb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2a2b22aa94a59575ca1dea8dd489d2eb", "expiration": null, "is_active": 1 }, { "id": 1593597504, "indicator": "e08b72e1a54d917d530802fc27b8c9948983600bb30893d5aadd6a22dd212418", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 5ddbd80720997f7a8ff53396e8e8b920", "expiration": null, "is_active": 1 }, { "id": 1593597479, "indicator": "e153e214ec22754fd6bbd4d4b62b87651216badda2d5c1124387aede2e1d66bb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 139158fe63a0e46639cc20b754a7c38c", "expiration": null, "is_active": 1 }, { "id": 1593597448, "indicator": "e3de8f876b8b8be249f7ab3d5d097dd66d8206f5735f4cdf72187bc5c7c61811", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4c10a1efed25b828e4785d9526507fbc", "expiration": null, "is_active": 1 }, { "id": 1593597462, "indicator": "e631e6220a9f438080f34b006ceab42b3011a97cf93116f1da644b75cb197afc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of b2138a57f723326eda5a26d2dec56851", "expiration": null, "is_active": 1 }, { "id": 1593597470, "indicator": "e84ba9087fb3f2f7f484f20e9cc0d97d3747047e47aeea510732f319f5c9d514", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of db3e5c2f2ce07c2d3fa38d6fc1ceb854", "expiration": null, "is_active": 1 }, { "id": 1593597509, "indicator": "e889a265b732bb35ab22639db281430b9b8a5b1dd808950a3ae392b433acb4dd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8214b0e18fbcd5db6b008884e7685f2c", "expiration": null, "is_active": 1 }, { "id": 1593597471, "indicator": "f20c16765660336755cbfaccafc47dbdebfdaa11c6fca159df6ceef7914480de", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of df1799845b51300b03072c6569ab96d5", "expiration": null, "is_active": 1 }, { "id": 1593597450, "indicator": "f2e91cf89d9bcc51f0344b327081466c6fad5c22c4ca1f556b752a8c0c3c1fb9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4e5c116d874bbaaf7d6dadec7be926f5", "expiration": null, "is_active": 1 }, { "id": 1593597453, "indicator": "f3fa5cfcc66c8e9cfd2df4c193881f27063578d4771bb59ead54623b4918c331", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 5ae51243647b7d03a5cb20dccbc0d561", "expiration": null, "is_active": 1 }, { "id": 2593038509, "indicator": "f48e3fe07160f67ff07852d9c0b133ceff8fec3552cdf8b555c7f632f5e6f985", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Ransom:Win32/Cobra", "description": "SHA256 of 10aa368899774463a355f1397e6e5151", "expiration": null, "is_active": 1 }, { "id": 2593039079, "indicator": "f4f27a1732fc0b9b969c11a1adb3a462a56b4df64f93aea40dc9f301b3dafd5a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tavex.A", "description": "SHA256 of 6bd422d56e85024e67cc12207e330984", "expiration": null, "is_active": 1 }, { "id": 2593060836, "indicator": "f5e8283b839820b7b47948beb8e326b4a0560547d4d986b5833080780fdfdd83", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "!#HSTR:Backdoor:Win32/Lecna.gen!dha", "description": "SHA256 of d591dc11ecffdfaf1626c1055417a50d", "expiration": null, "is_active": 1 }, { "id": 1593597467, "indicator": "fa573ebb8dcd4a224ddf857ab9d71e5da9646254724130045cc6f8de4b14a08b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of d38e02eac7e3b299b46ff2607dd0f288", "expiration": null, "is_active": 1 }, { "id": 1593597478, "indicator": "ffc168ec8e14618ce06ae38d8ea39dde690e2cdded0f451bc7846e18bd72c665", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 08f299c2d8cfe1ae64d71dfb15fe6e8d", "expiration": null, "is_active": 1 }, { "id": 3360563131, "indicator": "f210b74cf32def15aaf3b4120fd44fd5d07731d4", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_30 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_00-16-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"002e27938c9390a942cf4b4c319f1768\" \n \t\t hash2= \"010ca5e1de980f5f45f9d82027e1606c\" \n \t\t hash3= \"01d2383152795e4ec98b874cd585da30\" \n \t\t hash4= \"021e134c48cd9ce9eaf6a1c105197e5d\" \n \t\t hash5= \"0570066887f44bc6c82ebe033cad0451\" \n \t\t hash6= \"062fe1336459a851bd0ea271bb2afe35\" \n \t\t hash7= \"07bb30a2a42423e54f70af61e20edca3\" \n \t\t hash8= \"08b54f9b2b3fb19e388d390d278f3e44\" \n \t\t hash9= \"08f299c2d8cfe1ae64d71dfb15fe6e8d\" \n \t\t hash10= \"09010917cd00dc8ddd21aeb066877aa2\" \n \t\t hash11= \"0a4fdacde69a566f53833500a0d53a35\" \n \t\t hash12= \"0c4fcef3b583d0ffffc2b14b9297d3a4\" \n \t\t hash13= \"0cdc35ffc222a714ee138b57d29c8749\" \n \t\t hash14= \"0fcb4ffe2eb391421ec876286c9ddb6c\" \n \t\t hash15= \"10aa368899774463a355f1397e6e5151\" \n \t\t hash16= \"1133fe501fa4691b7f52e53706c80df9\" \n \t\t hash17= \"11876eaadeac34527c28f4ddfadd1e8d\" \n \t\t hash18= \"12e1dcd71693b6f875a98aefbd4ec91a\" \n \t\t hash19= \"139158fe63a0e46639cc20b754a7c38c\" \n \t\t hash20= \"1612b392d6145bfb0c43f8a48d78c75f\" \n \t\t hash21= \"168d207d0599ed0bb5bcfca3b3e7a9d3\" \n \t\t hash22= \"1b81b80ff0edf57da2440456d516cc90\" \n \t\t hash23= \"1dbb584e19499e26398fb0a7aa2a01b7\" \n \t\t hash24= \"1e6ee89fddcf23132ee12802337add61\" \n \t\t hash25= \"1f64afa4069036513604cbf651e53e0d\" \n \t\t hash26= \"23813c5bf6a7af322b40bd2fd94bd42e\" \n \t\t hash27= \"28f2396a1e306d05519b97a3a46ee925\" \n \t\t hash28= \"29395c528693b69233c1c12bef8a64b3\" \n \t\t hash29= \"2a2b22aa94a59575ca1dea8dd489d2eb\" \n \t\t hash30= \"2d75de9e1bb58fe61fd971bb720a49b7\" \n \t\t hash31= \"310a4a62ba3765cbf8e8bbb9f324c503\" \n \t\t hash32= \"3166baffecccd0934bdc657c01491094\" \n \t\t hash33= \"35dfb55f419f476a54241f46e624a1a4\" \n \t\t hash34= \"37aee58655f5859e60ece6b249107b87\" \n \t\t hash35= \"37e568bed4ae057e548439dc811b4d3a\" \n \t\t hash36= \"40601cf29c1bbfe0942d1ac914d8ce27\" \n \t\t hash37= \"40f47850c5ebf768fd1303a32310c73e\" \n \t\t hash38= \"414854a9b40f7757ed7bfc6a1b01250f\" \n \t\t hash39= \"4154548e1f8e9e7eb39d48a4cd75bcd1\" \n \t\t hash40= \"428fc53c84e921ac518e54a5d055f54a\" \n \t\t hash41= \"42ccbccf48fe1cb63a81c9f094465ae2\" \n \t\t hash42= \"44992068aab25daa1decae93b25060af\" \n \t\t hash43= \"44b98f22155f420af4528d17bb4a5ec8\" \n \t\t hash44= \"49aca228674651cba776be727bdb7e60\" \n \t\t hash45= \"49ee6365618b2a5819d36a48131e280c\" \n \t\t hash46= \"4a41c422e9eb29f5d722700b060bca11\" \n \t\t hash47= \"4b8531d294c020d5f856b58a5a23b238\" \n \t\t hash48= \"4c10a1efed25b828e4785d9526507fbc\" \n \t\t hash49= \"4c6b21e98ca03e0ef0910e07cef45dac\" \n \t\t hash50= \"4e5c116d874bbaaf7d6dadec7be926f5\" \n \t\t hash51= \"4ee00c46da143ba70f7e6270960823be\" \n \t\t hash52= \"4f00235b5208c128440c5693b7b85366\" \n \t\t hash53= \"4fffcbdd4804f6952e0daf2d67507946\" \n \t\t hash54= \"53f1358cbc298da96ec56e9a08851b4b\" \n \t\t hash55= \"550459b31d8dabaad1923565b7e50242\" \n \t\t hash56= \"572c9cd4388699347c0b2edb7c6f5e25\" \n \t\t hash57= \"592381dfa14e61bce089cd00c9b118ae\" \n \t\t hash58= \"597805832d45d522c4882f21db800ecf\" \n \t\t hash59= \"59e055cee87d8faf6f701293e5830b5a\" \n \t\t hash60= \"5ae51243647b7d03a5cb20dccbc0d561\" \n \t\t hash61= \"5b590798da581c894d8a87964763aa8b\" \n \t\t hash62= \"5c7a6b3d1b85fad17333e02608844703\" \n \t\t hash63= \"5d4f2871fd1818527ebd65b0ff930a77\" \n \t\t hash64= \"5dd625af837e164dd2084b1f44a45808\" \n \t\t hash65= \"5ddbd80720997f7a8ff53396e8e8b920\" \n \t\t hash66= \"5eaf3deaaf2efac92c73ada82a651afe\" \n \t\t hash67= \"62e5d5e244059dc02654f497401615cc\" \n \t\t hash68= \"646e2cfa6aa457013769e2b89454acf7\" \n \t\t hash69= \"649fa64127fef1305ba141dd58fb83a5\" \n \t\t hash70= \"6508ee27afe517aa846f9447faef59b8\" \n \t\t hash71= \"65232a8d555d7c4f7bc0d7c5da08c593\" \n \t\t hash72= \"65b984b198359003a5a3b8aaf91af234\" \n \t\t hash73= \"6791254f160e98ac1f46b4d506b695ad\" \n \t\t hash74= \"6ba315275561d99b1eb8fc614ff0b2b3\" \n \t\t hash75= \"6bd422d56e85024e67cc12207e330984\" \n \t\t hash76= \"6e689351d94389ac6fdc341b859c7f6f\" \n \t\t hash77= \"6f931c15789d234881be8ae8ccfe33f4\" \n \t\t hash78= \"71f25831681c19ea17b2f2a84a41bbfb\" \n \t\t hash79= \"74b87086887e0c67ffb035069b195ac7\" \n \t\t hash80= \"78c4fcee5b7fdbabf3b9941225d95166\" \n \t\t hash81= \"7b111e1054b6b929de071c4f48386415\" \n \t\t hash82= \"7c307ca84f922674049c0c43ca09bec1\" \n \t\t hash83= \"8022a4136a6200580962da94f3cdb905\" \n \t\t hash84= \"80e39b656f9a77503fa3e6b7dd123ee3\" \n \t\t hash85= \"8214b0e18fbcd5db6b008884e7685f2c\" \n \t\t hash86= \"82e13f3031130bd9d567c46a9c71ef2b\" \n \t\t hash87= \"853a20f5fc6d16202828df132c41a061\" \n \t\t hash88= \"8c713117af4ca6bbd69292a78069e75b\" \n \t\t hash89= \"8c9db773d387bf9b3f2b6a532e4c937c\" \n \t\t hash90= \"8da9373fc5b8320fb04d6202ca1eb6f1\" \n \t\t hash91= \"8e2eee994cd1922e82dea58705cc9631\" \n \t\t hash92= \"8ff473bedbcc77df2c49a91167b1abeb\" \n \t\t hash93= \"948a53450e1d7dc7535ea52ca7d5bddd\" \n \t\t hash94= \"95bb314fe8fdbe4df31a6d23b0d378bc\" \n \t\t hash95= \"95bfe940816a89f168cacbc340eb4a5f\" \n \t\t hash96= \"9982fd829c0048c8f89620691316763a\" \n \t\t hash97= \"9c0cad1560cd0ffe2aa570621ef7d0a0\" \n \t\t hash98= \"9c31551cd8087072d08c9004c0ce76c5\" \n \t\t hash99= \"9cbcc68c9b913a5fda445fbc7558c658\" \n \t\t hash100= \"9e27277ef0b6b25ccb2bb79dbf7554a7\" \n \t\t hash101= \"9e3ef98abcfffcf3205261e09e06cba6\" \n \t\t hash102= \"a2e0203e665976a13cdffb4416917250\" \n \t\t hash103= \"a5ca2c5b4d8c0c1bc93570ed13dcab1a\" \n \t\t hash104= \"a813eba27b2166620bd75029cc1f04b0\" \n \t\t hash105= \"a9e8e402a7ee459e4896d0ba83543684\" \n \t\t hash106= \"ab153afbfbcfc8c67cf055b0111f0003\" \n \t\t hash107= \"acb2ba25ef225d820ac8a5923b746cb8\" \n \t\t hash108= \"ad044dc0e2e1eaa19cf031dbcff9d770\" \n \t\t hash109= \"af1c1c5d8031c4942630b6a10270d8f4\" \n \t\t hash110= \"af670600dee2bf13a68eb962cce8f122\" \n \t\t hash111= \"b2138a57f723326eda5a26d2dec56851\" \n \t\t hash112= \"b249bcf741e076f11b6c9553f6104f16\" \n \t\t hash113= \"b493ad490b691b8732983dcca8ea8b6f\" \n \t\t hash114= \"b4ae0004094b37a40978ef06f311a75e\" \n \t\t hash115= \"b5546842e08950bc17a438d785b5a019\" \n \t\t hash116= \"b590c15499448639c2748ff9e0d214b2\" \n \t\t hash117= \"b5a343d11e1f7340de99118ce9fc1bbb\" \n \t\t hash118= \"b6c08fd8a9f32a17c3550d3b2d302dc5\" \n \t\t hash119= \"b79d87ff6de654130da95c73f66c15fa\" \n \t\t hash120= \"b7b282c9e3eca888cbdb5a856e07e8bd\" \n \t\t hash121= \"b83d43e3b2f0b0a0e5cc047ef258c2cb\" \n \t\t hash122= \"b8617302180d331e197cc0433fc5023d\" \n \t\t hash123= \"ba80e3ad617e6998f3c4b003397db840\" \n \t\t hash124= \"baff5262ae01a9217b10fcd5dad9d1d5\" \n \t\t hash125= \"bbb3cb030686748b1244276e15085153\" \n \t\t hash126= \"bf8616bbed6d804a3dea09b230c2ab0c\" \n \t\t hash127= \"c2acc9fc9b0f050ec2103d3ba9cb11c0\" \n \t\t hash128= \"c4c068200ad8033a0f0cf28507b51842\" \n \t\t hash129= \"c4dec6d69d8035d481e4f2c86f580e81\" \n \t\t hash130= \"c6e388ee5269239070e5ad7336d0bf59\" \n \t\t hash131= \"c90f798ccfbedb4bbe6c4568e0f05b68\" \n \t\t hash132= \"c9484902c7f1756b26244d6d644c9dd5\" \n \t\t hash133= \"c95cd106c1fecbd500f4b97566d8dc96\" \n \t\t hash134= \"cb1087b2add3245418257d648ac9e9a7\" \n \t\t hash135= \"cc06815e8d8c0083263651877decb44b\" \n \t\t hash136= \"cd1aa1c8cdf4a4ba8dc4309ce30ec263\" \n \t\t hash137= \"d28d67b4397b7ce1508d10bf3054ffe5\" \n \t\t hash138= \"d38e02eac7e3b299b46ff2607dd0f288\" \n \t\t hash139= \"d55514d8b97999453621a8614090cbf0\" \n \t\t hash140= \"d591dc11ecffdfaf1626c1055417a50d\" \n \t\t hash141= \"d8248be5ed0f2f8f9787be331a18c36b\" \n \t\t hash142= \"d8e68db503f4155ed1aeba95d1f5e3e4\" \n \t\t hash143= \"d93026b1c6c828d0905a0868e4cbc55f\" \n \t\t hash144= \"d97aace631d6f089595f5ce177f54a39\" \n \t\t hash145= \"da92b863095ee730aef6c6c541ab7697\" \n \t\t hash146= \"db3e5c2f2ce07c2d3fa38d6fc1ceb854\" \n \t\t hash147= \"dc95b0e8ecb22ad607fc912219a640c1\" \n \t\t hash148= \"df1799845b51300b03072c6569ab96d5\" \n \t\t hash149= \"e26a2afaaddfb09d9ede505c6f1cc4e3\" \n \t\t hash150= \"e39756bc99ee1b05e5ee92a1cdd5faf4\" \n \t\t hash151= \"e3ae3cbc024e39121c87d73e87bb2210\" \n \t\t hash152= \"e6289e7f9f26be692cbe6f335a706014\" \n \t\t hash153= \"e62a63307deead5c9fcca6b9a2d51fb0\" \n \t\t hash154= \"e9e514f8b1561011b4f034263c33a890\" \n \t\t hash155= \"ebf42e8b532e2f3b19046b028b5dfb23\" \n \t\t hash156= \"ec3905d8e100644ae96ad9b51d701a7f\" \n \t\t hash157= \"ed151602dea80f39173c2f7b1dd58e06\" \n \t\t hash158= \"ee1b23c97f809151805792f8778ead74\" \n \t\t hash159= \"f18be055fae2490221c926e2ad55ab11\" \n \t\t hash160= \"f4a648a2382c51ca367be87d05628cff\" \n \t\t hash161= \"f97ec83d68362e4dff4756ed1101fea8\" \n \t\t hash162= \"fad06d7b4450c4631302264486611ec3\" \n \t\t hash163= \"fe211c7a081c1dac46e3935f7c614549\" \n \t\t hash164= \"ff00682b0b8c8d13b797d722d9048ea2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $s2= \"5.1.2600.5512(xpsp.080413-0852)\" fullword wide \n \t\t $s3= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"h@AAD@EAH@IAL@MAP@QAT@UAX@YA@]A`@aAd@eAh@iAl@mAp@qAt@uAx@yA|@}A\" fullword ascii \n \t\t $a2= \"Okbps]naXIe_nkokbpXSej`ksoX?qnnajpRanoekjXLkhe_eaoXAtlhknanXNqj\" fullword ascii \n \t\t $a3= \"Plcqt^obYJf`olplcqYTfkaltpY@roobkqSbopflkYMlif`fbpYBumiloboYOrk\" fullword ascii \n \t\t $a4= \"SOFTWAREMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a5= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\" fullword ascii \n \t\t $a6= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShell\" fullword ascii \n \n \t\t $hex1= {2461313d2022684041} \n \t\t $hex2= {2461323d20224f6b62} \n \t\t $hex3= {2461333d2022506c63} \n \t\t $hex4= {2461343d2022534f46} \n \t\t $hex5= {2461353d2022536f66} \n \t\t $hex6= {2461363d2022536f66} \n \t\t $hex7= {2473313d2022352e31} \n \t\t $hex8= {2473323d2022352e31} \n \t\t $hex9= {2473333d2022362e30} \n \n \tcondition: \n \t\t20 of them \n ", "title": "", "description": "APTMalware_APT_30 Group", "expiration": null, "is_active": 1 }, { "id": 5525, "indicator": "002f5e401f705fe91f44263e49d6c216", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5769, "indicator": "0047c4a00161a8478df31dbdea44a19e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5710, "indicator": "00535dca6d6db97128f6e12451c1e04e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5716, "indicator": "0063bf5852ffb5baabcdc34ad4f8f0bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5614, "indicator": "00f5f27098d25a1961df56a1c58398e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5628, "indicator": "00fae15224f3a3c46d20f2667fb1ed89", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5727, "indicator": "02d5eb43f5fc03f7abc89c57b82c75f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5572, "indicator": "0333f6533573d7a08b4de47bd186ec65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5692, "indicator": "038e4ffbdf9334dd0b96f92104c4a5c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5801, "indicator": "03a5ae64c62eb66dd7303801785d3f7b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5799, "indicator": "03a64049747b2544a5ee08a2520495d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5523, "indicator": "04ddb75038698f66b9c43304a2c92240", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5913, "indicator": "05187aa4d312ff06187c93d12dd5f1d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5705, "indicator": "053895ae9a145a74738ba85667ae2cd1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5835, "indicator": "05a0274ddea1d4e2d938ee0804da41db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5816, "indicator": "05e58526f763f069b4c86d209416f50a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5696, "indicator": "063ad1284a8dfb82965b539efd965547", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5905, "indicator": "06a1824482848997877da3f5cb83f196", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5543, "indicator": "07988b3b1af58a47f7ee884e734d9a45", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5567, "indicator": "0915237a0b1f095aace0a50b82356571", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5652, "indicator": "09344144f44e598e516793b36de7822a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2230, "indicator": "0a209ac0de4ac033f31d6ba9191a8f7a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5745, "indicator": "0a704348bd37ea5ccd2e0a540eb010c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5658, "indicator": "0a78f4f0c5fc09c08dc1b54d7412bc58", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5712, "indicator": "0acbdd008b62cd40bb1434aca7500d5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5531, "indicator": "0b1fa00484e10f465533aaf08bd98b62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5669, "indicator": "0b2b5b9050bd5eb14fdbc618702a2ad3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5541, "indicator": "0b5f75e67b78d34dc4206bf49c7f09e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5648, "indicator": "0c4bd72bd7119c562f81588978ac9def", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5859, "indicator": "0d1248bd21ba2487c08691ee60b8d80e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5742, "indicator": "0e2313835ca0fa52d95500f83fe9f5d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5820, "indicator": "0f256b5884f46a15b80b60bba8876966", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5770, "indicator": "0fd329c0ecc34c45a87414e3daad5819", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5894, "indicator": "101bc932d760f12a308e450eb97effa5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5575, "indicator": "102a411051ef606241fbdc4361e55301", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5641, "indicator": "10a9caa724ae8edc30c09f8372241c32", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5594, "indicator": "1163ad598b617ef336dd75d119182ad4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5602, "indicator": "1173639e045c327554962500b6240eeb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5819, "indicator": "12298ef995a76c71fa54cbf279455a14", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5579, "indicator": "13429f4899618f3529669a8ce850b512", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5802, "indicator": "1355c1f173e78d3c1317ee2fb5cd95f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5513, "indicator": "13b67c888efeaf60a9a4fb1e4e182f2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5728, "indicator": "14222c1f10b2038f757bbc628c8da8ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5849, "indicator": "149b980e2495df13edcefed78716ba8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5707, "indicator": "151c7da8c611bf9795d813a5806d6364", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5722, "indicator": "152ad931b42a8da9149dd73a8bfcff69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5663, "indicator": "1643b9b5861ca495f83ed2da14480728", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646, "indicator": "168af91d1ba92a41679d5b5890dc71e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5874, "indicator": "17d287e868ab1dbafca87eb48b0f848f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5817, "indicator": "18cb3574825fa409d5cbc0f67e8cc162", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5860, "indicator": "1925b30a657ea0b5bfc62d3914f7855f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5571, "indicator": "194686907b35b69c508ae1a82d105acd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5854, "indicator": "19507f6adfad9e754c3d26695dd61993", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5764, "indicator": "199e39bda0af0a062ccc734faccf9213", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5850, "indicator": "19eb57e93ed64f2bb9aab0307ece4291", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5806, "indicator": "1b27ac722847f5a3304e3896f0528fa4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5676, "indicator": "1b9901d0f5f28c9275a697134d6e487a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5781, "indicator": "1cb7ae1bc76e139c89684f7797f520a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5792, "indicator": "1d6c98e55203f0c51c0821fe52218dd8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5683, "indicator": "1dc305dcb4a51ea0dd10854a02a41b06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5857, "indicator": "1dd86b28a2bc986b069c75bf5c6787b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5810, "indicator": "1ef39eb63ddff30a3e37feeffb8fc712", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5578, "indicator": "1f1dc3cf1d769d464db9752c8cecc872", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5762, "indicator": "1f69160f1d91bf9a0eda93829b75c583", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5852, "indicator": "1fd210ba936fd11b46781e04bbc0f8b5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5532, "indicator": "205fb6034381dfd9d19d076141397cf6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5638, "indicator": "2062d7b0d9145adbe0131cf1fb1fc35a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5904, "indicator": "21a6959a33909e3cdf27a455064d4d4d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5610, "indicator": "21a9c4073dbb1cb6127fdb932c95372c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5881, "indicator": "2249d5577d2c84ba1043376b77e6c24d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5654, "indicator": "22db66045fa1e39b5bf16fc63a850098", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5821, "indicator": "24132e1e00071f33221c405399271b74", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5549, "indicator": "242a7137788b0f0aefcea5c233c951b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5785, "indicator": "246272dd6e9193e31745ad54138f875d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5582, "indicator": "263b761fcea771137f2ea9918e381b47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5796, "indicator": "26c46a09cf1bdff5af503a406575809d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5587, "indicator": "27c5d028ee23a515df4203ea6026e23e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5906, "indicator": "2822d46611ad7fd71dfe5a1f4c79ab4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5880, "indicator": "29f2ab09fdffc4006a4407c05ba11b65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5560, "indicator": "29fdec2fd992c2ab38e1dd41500190b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5758, "indicator": "2a9f8131b996add197067b3bc9fa2f5a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5813, "indicator": "2bb52b4c1bc0788bf701e6f5ee761a9b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5761, "indicator": "2c029be8e3b0c9448ed5e88b52852ade", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5744, "indicator": "2c35ed272225b4e134333bea2b657a3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5674, "indicator": "2c6595834dd5528235e8a9815276563e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "", "expiration": null, "is_active": 1 }, { "id": 5639, "indicator": "2c87a3442c60c72f639ca7eb6754746a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5726, "indicator": "2d088e08fd1b90342cae128770063dbe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5647, "indicator": "2da059a8bf3bc00bb809b28770044ff6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5630, "indicator": "2e0e43f2b0499d631edf1dd92f09bd2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5616, "indicator": "2e208b3d5953bd92c84031d3a7b8a231", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5510, "indicator": "2ebd5bd711ceb8d6b4f6eba38d087bc9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5902, "indicator": "2f2a8deca2539923b489d51de9a278f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5600, "indicator": "303b7527db5b417719daf9b0ae5b89aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5733, "indicator": "31457cb30ccad20cdbc77b8c4b6f9b3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5782, "indicator": "3177e1e3fcdf7ae79d5da1eca123e01a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5851, "indicator": "318d5e8b3da6c6f5e5041250ceb5d836", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5576, "indicator": "34a72bd61c9573c304d737a5ca5892b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5507, "indicator": "36601898373e4153062db98d1e7a3a28", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5699, "indicator": "37085d946c77f521c3092f822bc3983f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5730, "indicator": "380258de6e47749952b60e5307d22dc0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5750, "indicator": "38430b3311314a4dc01c2cdcd29a0d10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5695, "indicator": "3a3fee2e8e1abdd99a020eeb8ee2d271", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5855, "indicator": "3a431d965b9537721be721a48cccdf0a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5895, "indicator": "3a57adb8740da3ebec1673d21f20d0fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5886, "indicator": "3a71446564b4c060d99a8ccd2eb5d161", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5809, "indicator": "3ac8bc5e416d59666905489aea3be51e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5606, "indicator": "3b496b8cd19789fabf00584475b607c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5815, "indicator": "3de3419f6441a7f4d664077a43fb404b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5903, "indicator": "3fbd798bcd7214fcbf5fab05faf9fd71", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5772, "indicator": "40000b4f52dcdedb1e1d3bfd5c185cec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5613, "indicator": "40fee20fe98995acbda82dbcde0b674b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5577, "indicator": "41d1e22fabd1ce4d21f5f7be352b3a07", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5583, "indicator": "42d6b187e323e939781a813baba5e7fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5711, "indicator": "42db500fc0359f9f794d4b7775e41c99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5834, "indicator": "430f70cb70fe9d7e812f298f8b5b7df4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5655, "indicator": "44149d509bea6c8c0c9fb86bbd0828e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5636, "indicator": "44bd4cf5e28d78cc66b828a57c99ca74", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5842, "indicator": "4509385e247ef538cfb8cd42944ee480", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5756, "indicator": "450a3edece8808f483203fe8988c4437", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5840, "indicator": "4605a7396d892bba0646bc73a02b28e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5629, "indicator": "4810559ed364a18843178f1c4fca49fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "", "expiration": null, "is_active": 1 }, { "id": 5653, "indicator": "487e79347d92f44507200792a7795c7b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5672, "indicator": "48bc620f4c5b14e30f173b0d02887840", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5657, "indicator": "48e958e3785be0d5e074ad2cfcf2fee4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5590, "indicator": "4902cd32c4ae98008ba24c0f40189e51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5836, "indicator": "49622ddf195628f7a3400b7a9f98e60a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5713, "indicator": "4984608139e2c5430a87028f84a2bbb7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5511, "indicator": "49cb69039308b2613664515c5fa323e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Worm.Autorun-3719", "description": "", "expiration": null, "is_active": 1 }, { "id": 5615, "indicator": "4a3b537879f3f29cd8d446c53e6b06c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5659, "indicator": "4ad2f62ce2eb72eff45c61699bdcb1e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5702, "indicator": "4bc0fb2dc90112926ab2471fef99beb3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5581, "indicator": "4c31fe56ff4a46fbcd87b28651235177", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5534, "indicator": "4e58bd45a388e458c9f8ff09eb905cc0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5607, "indicator": "4ea931a432bb9555483b41b3bc8e78e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5530, "indicator": "4f79981d1f7091be6aadcc4595ef5f76", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5843, "indicator": "4fd969cefb161cbbfe26897f097eda71", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5808, "indicator": "5118f69983a1544caf4e3d244e195304", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5708, "indicator": "5328361825d0b1ccb0b157ceff4e883e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5771, "indicator": "545bee90a5f356b114ca3a4823f14990", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5561, "indicator": "54c7657b4d19c6afaaf003a332704907", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5759, "indicator": "54d7826f13c1116b0be9077334713f1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5637, "indicator": "564950a5f4b3ca0e6ade94c5ca5d8de1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5866, "indicator": "5686e5cdb415f7fb65a4a3d971f24e1c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5516, "indicator": "56897704c43dbfb60847a6dca00de2b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5620, "indicator": "56d85656c527242b493d9b19cb95370e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5757, "indicator": "56f2494e349e7449fbb551d55272bc57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5872, "indicator": "56f9632349458ab6253da1f302326620", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5524, "indicator": "56ff71e1f28e1f149e0e4cf8ce9811d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5551, "indicator": "57b64a212b4b3982793916a18fa4f489", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5858, "indicator": "5821380182c7bfaa6646db4313449917", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5589, "indicator": "58786e35fa1d61d1bcd671987d103957", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5865, "indicator": "58ef8790939fca73a20c6a04717a2659", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645, "indicator": "595b08353458a0749d292e0e81c0fc01", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5685, "indicator": "5a5bed7fae336b93c44b370a955182da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5721, "indicator": "5a723d3ef02db234061c2f61a6e3b6a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5529, "indicator": "5a7dacc0c0f34005ab9710e666128500", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5554, "indicator": "5b0f5f62ef3ae981fe48b6c29d7beab2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5564, "indicator": "5bec4783c551c46b15f7c5b20f94f4b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5870, "indicator": "5dc172e2c96b79ea7d855339f1b2403c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5693, "indicator": "5e171b3a31279f9fcf21888ac0034b06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5774, "indicator": "5f0e8984886b551cae3eaafa73d9b72b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5790, "indicator": "5f5abbe2e637d4f0b8afe7f2342c2942", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5644, "indicator": "5ff0e69bf258375e7eefcc5ac3bdcf24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5884, "indicator": "600984d541d399b1894745b917e5380b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5841, "indicator": "60d21ee6548de4673cbddef2d779ed24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5627, "indicator": "63b2f98548174142f92fdfd995a2c70a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5847, "indicator": "63ecb7fe79a5b541c35765caf424a021", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5818, "indicator": "6436a4fb7a8f37ac934c275d325208e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5593, "indicator": "64a58cf7e810a77a5105d56b81ae8200", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5512, "indicator": "66a2a7ac521be856deed54fd8072d0e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5877, "indicator": "6814b21455deb552df3b452ef0551ec1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5734, "indicator": "682c987506651fcae56c32ffa1f70170", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5846, "indicator": "687f8bec9484257500976c336e103a08", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5803, "indicator": "688526edbea2d61664ec629f6558365c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5901, "indicator": "68892e329fa28fe751b9eb16928ea98d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5526, "indicator": "68e6ee88ba44ed0b9de93d6812b5255e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5608, "indicator": "6abb5fbca4ab9fc730ba83f56c0b8c7a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5899, "indicator": "6b28afbf2362222fc501ed22f40a93ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5793, "indicator": "6c28e8ed7b09dd7e052302614a3ef8d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5791, "indicator": "6d10eb87d57fc0b3eb1c41cccf0319f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5777, "indicator": "6da22f42139a4a2365e7a9068d7b908a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5662, "indicator": "6de614ad2b4d03f9dfcdf0251737d33d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5732, "indicator": "6e4f77dcdbb034cb4073d8c46bf23ae3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5879, "indicator": "6f073003704cc5b5265a0a9f8ee851d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5640, "indicator": "70b0214530810773e46afa469a723ce3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5873, "indicator": "72312f1e2ae6900f169a2b7a88e14d93", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5729, "indicator": "72b16929f43533ac4bf953d90a52eb37", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5555, "indicator": "72f244452df28865b37317369c33927d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5720, "indicator": "74621a05bafb868bda8aeb6562dd36df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5900, "indicator": "74ad35f0f4342f45038860ca0564ab8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5678, "indicator": "75ac44f173af6ace7cc06e8406b03d33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5798, "indicator": "769c62fdd6e1d2c5d51094e2882886b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5839, "indicator": "7808586dec24d04567582f9cbd26ead8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5883, "indicator": "782e5c2d319063405414d4e55d3dcfb3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5533, "indicator": "7835cc94917b3a2b01b2d18925111dad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5515, "indicator": "78b1ff3b04fac35c890462225c5fbc49", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5514, "indicator": "7946d685c6e7e2d6370b6ade5c6a2e8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5703, "indicator": "7a8518e46a1a7713653e34bbfb2b9ad8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5671, "indicator": "7ad2bfab78fa74538dcdbe28da54f1f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5763, "indicator": "7b8d11cc2ed0cebc39ef590ef6c890b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5670, "indicator": "7bc77cfdfefb70225ddb57ef20c554ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5609, "indicator": "7cccaf9b08301d2c2acb647ea04ca8e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5649, "indicator": "7e6348f56508e43c900265ee5297b577", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5747, "indicator": "7faabce7d2564176480769a9d7b34a2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5666, "indicator": "8010af50404647200a7bb51de08ab960", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5673, "indicator": "8051e04bab3a6db6226cc4d08890e934", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5625, "indicator": "8274ab71f9f67ea7ad141a48acf8747a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5863, "indicator": "82c23b110c074e9630699d1f478ca070", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5724, "indicator": "83d4fd333c3fe0aa2e38c73fb31f68fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5805, "indicator": "84e505227fdb2dd5d7d004659e5d34a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5631, "indicator": "852ff77fc22fcc54f932540d1b0affba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5556, "indicator": "8568a1cfa314525f49c98fafbf85d14b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5569, "indicator": "85cee5aaa59cacad80bf9792869845ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5570, "indicator": "86d89bac8a165fce91426bf84eb7b7fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5749, "indicator": "872e8e7c381fb805b87b88f31f77a772", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5539, "indicator": "8738e487218905e86bf6ad7988929ecb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5709, "indicator": "878a3d4b91875e10f032b58d5da3ddf1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5885, "indicator": "88e4147efaba886ff16d6f058e8a25a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5833, "indicator": "89c216df6b2b1a335738847a1f1a6cbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5592, "indicator": "8a41a5ad3ae353f16ff2fd92e8046ac3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5740, "indicator": "8ad46bb2d0bef97548ebbed2f6eea2e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Eqtonapt.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 5632, "indicator": "8b1fe26a399f54cee44493859c6e82ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5661, "indicator": "8baadb392a85a187360fca5a4e56e6cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5738, "indicator": "8bb0c5181d8ab57b879dea3f987fbedf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5780, "indicator": "8c7ef91a96e75c3d05ea5e54a0e9356c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5697, "indicator": "8e555220bd7f8c183abf58071851e2b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5573, "indicator": "8f2795ef9d0f8d7bab6bce6917bd95c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5867, "indicator": "8fe19689cc16fea06bdfc9c39c515fa3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5731, "indicator": "90c8a317cba47d7e3525b69862ddef58", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5706, "indicator": "9120c2a26e1f4dc362ca338b8e014b20", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5786, "indicator": "91b1f4a4fa5c26473ab678408edcb913", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5701, "indicator": "939706730193e6bcfeb991de4387bd3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5739, "indicator": "93b22ecc56a91f251d5e023a5c20b3a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5878, "indicator": "94271ae895e359b606252395df952f5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5690, "indicator": "948603bd138dd8487faab3c0da5eb573", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5574, "indicator": "9563fd4ab7d619d565b47cd16104dc66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5552, "indicator": "963a24b864524dfa64ba4310537ce0e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5700, "indicator": "97b0a0ef6cb6b1eb8e325eb20ba0a8e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5910, "indicator": "98e6b678b40329dac41d8f42652c17a2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5765, "indicator": "99e8d4f1d2069ef84d9725aa206d6ba7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5787, "indicator": "9a7165d3c7b84fe0e22881f653eadf7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5596, "indicator": "9a8def5ccee1b32f4d237c1dd1eba8c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5603, "indicator": "9ad117b2e847f0786b09a2f80c4d9540", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5626, "indicator": "9b6dbf8fe2da2a6c5ec28d2a649aacb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5566, "indicator": "9ceaa8e3e7a105775b27976e79e22ad6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5748, "indicator": "9e4d760c04565a8cbaf3e4ebdca23092", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5506, "indicator": "9fb98b0d1a5b38b6a89cb478943c285b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5681, "indicator": "9fc2aa4d538b34651705b904c7823c6f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5538, "indicator": "a00101cfc1edd423cb34f758f8d0c62e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5889, "indicator": "a2c52ad8f66a14f7979c6bafc4978142", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5908, "indicator": "a397a581c20bf93eb5c22cad5a2afcdd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5562, "indicator": "a43f67af43730552864f84e2b051deb4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5542, "indicator": "a498fcac85dc2e97281781a08b1c1041", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5890, "indicator": "a4e2ed5ff620a786c2f2e15a5f8a2d2f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "", "expiration": null, "is_active": 1 }, { "id": 5598, "indicator": "a5e169e47ba828dd68417875aa8c0c94", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5760, "indicator": "a5f2c5ca6b51a6bf48d795fb5ae63203", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5814, "indicator": "a5f389947f03902a5abd742b61637363", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5544, "indicator": "a62be32440d0602c76a72f96235567ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5868, "indicator": "a67e937c6c33b0a9cd83946ccfa666ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5509, "indicator": "a68a56b4b3412e07436c7d195891e8be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5605, "indicator": "a6bcacab7e155a0c1b79bc5c8c96e5af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5893, "indicator": "a76dc2f716aa5ed5cbbd23bbf1de3005", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5804, "indicator": "a7f4eee46463be30615903e395a323c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5797, "indicator": "a801668543b30fcc3a254de8183b2ba5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5714, "indicator": "a82d41cfc3ee376d9252dd4912e35894", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5828, "indicator": "a84fd0164200ad1ad0e34eee9c663949", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5718, "indicator": "a8a973b3861c8d2f18039432b9f38335", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5743, "indicator": "a95b2ec5b67f8fdda547a4a5a4b85543", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5557, "indicator": "a96dc17d52986bb9ba201550d5d41186", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5687, "indicator": "aaa06c8458f01bedcac5ec638c5c8b24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5612, "indicator": "ab75c7bf5ad32af82d331b5ee76f2eca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5565, "indicator": "abff989fba8b34539cddbdff0a79ee8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5892, "indicator": "ac50c31d680c763cce26b4d979a11a5c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5527, "indicator": "ac7a5c23b475e8bf54a1e60ae1a85f67", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5682, "indicator": "ae58e6c03d7339da70d061399f6deff3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5768, "indicator": "ae668f29edc14c02be17de3b4c00ad05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5825, "indicator": "af426f4980ce7e2f771742bee1cc43df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5517, "indicator": "af8f1bfccb6530e41b2f19ff0de8bab5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5897, "indicator": "aff10dd15b2d39c18ae9ee96511a9d83", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5688, "indicator": "b11dbc0c4e98b4ca224c18344cc5191d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5891, "indicator": "b1c4ed725cb3443d16be55ee5f00dcbd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5563, "indicator": "b1cceb79f74d48c94ca7e680a609bc65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5882, "indicator": "b322fb54b5e53f4ea93e04e5a2abccbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5783, "indicator": "b38a91b1a5d23d418c5c6d6a0b066c30", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5550, "indicator": "b4b05bb97521494b342da8524a6181ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5779, "indicator": "b5738307bab3fbf4cf2bdd652b0ac88a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5735, "indicator": "b59f5c408fba0e2cf503e0942ac46c56", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5875, "indicator": "b747bb2edc15a07ce61bce4fd1a33ead", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5618, "indicator": "b78e9c9a49aa507cb1f905fdd455ca35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5694, "indicator": "b9407c2933384f3e9461eafb02749fec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5773, "indicator": "ba38163fc6e75bb6acd73bc7cf89089b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5522, "indicator": "ba43976bb23531a9d4dc5f0afd07327a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5668, "indicator": "bac9a35d7cdf8c217b51c189a7b7b2fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5643, "indicator": "bb5aa3e042c802c294fa233c4db41393", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5689, "indicator": "bcc5d198a60878c03a114e45acdfe417", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5548, "indicator": "bd7a693767de2eae08b4c63aaa84db43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5536, "indicator": "bd9e6f35dc7fe987eefa048adc94d346", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5553, "indicator": "bdc3474d7a5566916dc0a2b3075d10be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5568, "indicator": "bed58d25c152bd5b4a9c022b5b863c72", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5679, "indicator": "bfde4b5cd6cc89c6996c5e30c36f0273", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5665, "indicator": "c05255625bb00eb12eaf95cb41fcc7f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5621, "indicator": "c1f171a7689958eb500079ab0185915f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5767, "indicator": "c303afe1648d3b70591feeffe78125ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5831, "indicator": "c3da3234a3764ca81d694c3935bf55cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5691, "indicator": "c47de651ef941fecc5f1738984094689", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5784, "indicator": "c69dfb1302032d28df98ae70474809f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5558, "indicator": "c6e8841104d7d93f8aa11c1ac6e669ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5753, "indicator": "ca0080102edc1380ffbf6e3e690c9229", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5807, "indicator": "ca67e52f1948802a3ed95c345d7c221a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5845, "indicator": "cbfad455f0b313001ddc5b898a9527df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5912, "indicator": "cc9d8c6b3479dd4fb626080bb121fad9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5911, "indicator": "cd6f75dcc55e022e3010e27e1f657535", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5642, "indicator": "ce632c26186f93444c1f7ee67d63e367", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5704, "indicator": "cead6e447e17eea51551c8d9ece28996", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5619, "indicator": "cef313d70ff3c31316958d5cd2a4c23a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5751, "indicator": "cfb84687e933ddad2cbcd7ba2bc1d0a5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5778, "indicator": "cfe2ab3f0ff585d3ac41241def6e5818", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5827, "indicator": "d181c6651911946b12c089ee638b01c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5519, "indicator": "d34aacf1f8f1697b6eeec0c696c79b44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5907, "indicator": "d3e9d526eb2b257a9f1f9cef22bb2911", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5624, "indicator": "d427c593b863638ed09fc852b8a3b9e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5737, "indicator": "d5e736b9fede558542ac3588e308108e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5622, "indicator": "d602e83e0dcc3af6a18a906257d37670", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5635, "indicator": "d6ad56e705ae3c26e3d632c40cd686c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5823, "indicator": "d725169048109cd96322a492a56cdb19", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5634, "indicator": "d725ad28ed161f160d6f8e9611cbd0d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5856, "indicator": "d74485ae9cbd57132084caf8261d00f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5540, "indicator": "d794c1e3a6a3118d8e0a89f15b9629da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5788, "indicator": "d7e241ea4619ceed15fa3fa31751c97f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5650, "indicator": "d7eb64f9644b83fcf9933f73a4c3d6e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5680, "indicator": "d7f18dafa65f16590ae0544a637886e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5776, "indicator": "d8a7aad5247b224246dc79bacbbf3105", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5597, "indicator": "d8c6e712bb308bfd98e9406bb2c742eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5559, "indicator": "d97413ab3d1312e3c10ce532427fcb16", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5853, "indicator": "d9c5634687173631dd12e168b98016c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5822, "indicator": "d9cca3c8f623d823f76cd2997cf51e4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5546, "indicator": "da066470d7db99848edb677e5896e02c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5584, "indicator": "da1ff92d6c6fce304264140515cbad62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5824, "indicator": "da9d9ef2aa44b33f1ab01f852e82f40e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5837, "indicator": "dafb3935eea5cd4da3065a837728a093", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5601, "indicator": "db19266d25990725150da793a93809a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5723, "indicator": "db296461b2e02e2370ca05680879760e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5888, "indicator": "db37630df9e74e83769c1e283cf2a47d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5508, "indicator": "db7eac1f97e3a75f7c373c16fd57b836", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5844, "indicator": "dc30e98aee84b6c92b4e3eecdf96dd89", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5604, "indicator": "dc7ad1008509d0a67dbafde8ecffb4be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5848, "indicator": "dd304f6023f506c82f1df68adb005c16", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5528, "indicator": "ddeff291518f4677c5fa7518f2a3d716", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5520, "indicator": "dead476e45fdbd19d2caf657112442e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5667, "indicator": "dee0d7b094a7c7689cfc66dee54e0ecd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5869, "indicator": "e07d0dff23b5fabe22f107ed634d026e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5656, "indicator": "e10a9df3745684581ea3cf5ab22e3e90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5871, "indicator": "e10f5edee21623e734753f6f35672dae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5789, "indicator": "e2320f490cbb2e082e699ebeb0faa917", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5660, "indicator": "e2e44e5a156563e3d1902e8c34b295d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5812, "indicator": "e33894883c1a1a5ddbe8e391225cd1fb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5684, "indicator": "e3515334bb2bcb77d10eceedd9661beb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5887, "indicator": "e4678ec7825df4ac71e4f8dc9d806c7b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5811, "indicator": "e4e25db65c227926956000ffdc428eaf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5736, "indicator": "e62eda3959d7ac27754ae1a97996d03b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5746, "indicator": "e68c8bebc21a93e0cc638b793e345f63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5909, "indicator": "e762b8fcd20d62049db35327d31d2709", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5829, "indicator": "e76f734b6f717bb5987cd972ed9d0389", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5741, "indicator": "e78a4e8beca2ccd7e77889b3bedbb729", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5633, "indicator": "e81665906732c73d27f005157b552a43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5832, "indicator": "ea943c7cc83d853de678c58b838fbd65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5775, "indicator": "eafd1a95d51662c41577e5833f290875", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5752, "indicator": "ece7aa61be647e85ddbe3b2a757837fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5617, "indicator": "ed2e8bd08b3a4b90383bcec3a9b41273", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5864, "indicator": "ee083c9213978f517e80faa5c8557110", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5521, "indicator": "ee119065aa37ed346db35b62003a720e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5715, "indicator": "eef3a1f9eae6cba0c00529a12b0666ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5677, "indicator": "f1ecc7ff709f4386c1a3d2ff448fd5f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5826, "indicator": "f22cf337f70b2306f3ca740338086912", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5623, "indicator": "f26cde2983041867edef171af7f7da73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5766, "indicator": "f30d4488e520c6db3ae59a87ee0245b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5755, "indicator": "f3417efc13a1ed1284625ca97aa49377", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5717, "indicator": "f38544f22c57f7969915ff1919ac882f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5545, "indicator": "f4482216c514f5c59f1e9a91fbf84f3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5686, "indicator": "f4776d8f718f1bb836e6fba9ebcb1e77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5898, "indicator": "f493229f25a16952cea321fd932f6976", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5675, "indicator": "f5879f2121aee5e49dfa7b39fc97f073", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5862, "indicator": "f5af8d37cabe19ef922306fd4a8f913d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5585, "indicator": "f5f92322b0ea96fe78a3755188eb669e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5896, "indicator": "f72b462536299d3063b1b2e1ad883429", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5588, "indicator": "f77534ebe9c8ccc5009b6a6ba06668cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5754, "indicator": "f7de4d38fe0fbcc9d362d471a5e0282b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5537, "indicator": "f8406d97147f90c3255aaa32452c7683", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5599, "indicator": "fa1a156581f808628696e300c28ab9ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5651, "indicator": "fa8c3438e459e7a437f5a2f551ba02ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5830, "indicator": "fb82e3dd585746b14a0489b5f10e22d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5794, "indicator": "fcc3bcad73ba57207cbf5cc00077e5b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5664, "indicator": "fe53a01127659a1a1e6eb451b55ffcaa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5876, "indicator": "ff7da1d4cb2aa4acc862033293be699c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5591, "indicator": "ffad870f291acccbe148673f579689db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360563531, "indicator": "0160ebe4b5de960a66c1583501df88774021bf5a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0f256b5884f46a15b80b60bba8876966", "expiration": null, "is_active": 1 }, { "id": 3360563532, "indicator": "03c356c47f8cc77726a4eba42a79c3f875f5ac0e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 246272dd6e9193e31745ad54138f875d", "expiration": null, "is_active": 1 }, { "id": 3360563533, "indicator": "04a188ea6f75841a22da3f7cd0fa1046bf83dca2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 8baadb392a85a187360fca5a4e56e6cf", "expiration": null, "is_active": 1 }, { "id": 3360563534, "indicator": "0c138f7b16514786e0906e698c11f16295cfff89", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 44bd4cf5e28d78cc66b828a57c99ca74", "expiration": null, "is_active": 1 }, { "id": 3360563535, "indicator": "0eed84db27841ad467f437ed1087dec01a53a009", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 3177e1e3fcdf7ae79d5da1eca123e01a", "expiration": null, "is_active": 1 }, { "id": 3360563536, "indicator": "1666dcfcb0d11a45a80bf937cb575396103db936", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 91b1f4a4fa5c26473ab678408edcb913", "expiration": null, "is_active": 1 }, { "id": 3360563537, "indicator": "1688b5418d6132091cc1726af3b765cf70a9c017", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 84e505227fdb2dd5d7d004659e5d34a0", "expiration": null, "is_active": 1 }, { "id": 3360563538, "indicator": "190af0f778cbe279196d23e612d77f00ba1305c6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 5f5abbe2e637d4f0b8afe7f2342c2942", "expiration": null, "is_active": 1 }, { "id": 105926389, "indicator": "1c7240bfda825cff2628b60a335df01d5d65fc98", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1d6c98e55203f0c51c0821fe52218dd8", "expiration": null, "is_active": 1 }, { "id": 30285908, "indicator": "1f0ae54ac3f10d533013f74f48849de4e65817a7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0a209ac0de4ac033f31d6ba9191a8f7a", "expiration": null, "is_active": 1 }, { "id": 3360563539, "indicator": "234d6db999a7db3e12f211ab64c56b996d74bac0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0b5f75e67b78d34dc4206bf49c7f09e9", "expiration": null, "is_active": 1 }, { "id": 3360563540, "indicator": "24120f1fffd58138b36d3d64d6a9c9218ef0ffac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 3a431d965b9537721be721a48cccdf0a", "expiration": null, "is_active": 1 }, { "id": 3360563541, "indicator": "26ac3297b4901e9ebe6fa18adab104d1e1191e50", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Eqtonapt.A!dha", "description": "SHA1 of 8ad46bb2d0bef97548ebbed2f6eea2e1", "expiration": null, "is_active": 1 }, { "id": 3360563542, "indicator": "276bac38da7b557ba7c4ec3757dbd327646b2058", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 63b2f98548174142f92fdfd995a2c70a", "expiration": null, "is_active": 1 }, { "id": 3360563543, "indicator": "2ec8ece25c07bd2a44800b07ac843839e712d62e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "SHA1 of 4810559ed364a18843178f1c4fca49fc", "expiration": null, "is_active": 1 }, { "id": 3360563544, "indicator": "2ff3034a0d773070ad2f14b2bcdfd59b3d2e68ea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 5b0f5f62ef3ae981fe48b6c29d7beab2", "expiration": null, "is_active": 1 }, { "id": 3360563545, "indicator": "301acfc16c22fe17686e499784ac6e921ee853a9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1b9901d0f5f28c9275a697134d6e487a", "expiration": null, "is_active": 1 }, { "id": 3360563546, "indicator": "39bcf6fd9da9ad437ca1d6133aa891e83938661f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 038e4ffbdf9334dd0b96f92104c4a5c0", "expiration": null, "is_active": 1 }, { "id": 3360563547, "indicator": "3b2d4cdd7527074bccac919912e2660e64a198ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 58786e35fa1d61d1bcd671987d103957", "expiration": null, "is_active": 1 }, { "id": 3360563548, "indicator": "3cd969ffd6044fa4d3d605edaf7766e8049fd21e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 053895ae9a145a74738ba85667ae2cd1", "expiration": null, "is_active": 1 }, { "id": 3360563549, "indicator": "3ce895dcaafd5ab5c1b308b5e6974e4f66e19298", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 149b980e2495df13edcefed78716ba8d", "expiration": null, "is_active": 1 }, { "id": 3360563550, "indicator": "400c164ae374b46e70ca9794786f0e577b5e73f1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 34a72bd61c9573c304d737a5ca5892b4", "expiration": null, "is_active": 1 }, { "id": 3360563551, "indicator": "4090f9b8d13c15038e473a47dde28580bac06490", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 74621a05bafb868bda8aeb6562dd36df", "expiration": null, "is_active": 1 }, { "id": 3360563552, "indicator": "417e850329783e91d1167b1a4718b386f5991d60", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7bc77cfdfefb70225ddb57ef20c554ac", "expiration": null, "is_active": 1 }, { "id": 3360563553, "indicator": "448c108c046053981e4073d2b9ba46843aca451d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 2c35ed272225b4e134333bea2b657a3f", "expiration": null, "is_active": 1 }, { "id": 3360563554, "indicator": "471cdd3f4a53ecf634b6cb22b042a81fafc6105c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 70b0214530810773e46afa469a723ce3", "expiration": null, "is_active": 1 }, { "id": 3360563555, "indicator": "4777644e0b87b0ac5948f096c9aa5797edaeb10f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 24132e1e00071f33221c405399271b74", "expiration": null, "is_active": 1 }, { "id": 3360563556, "indicator": "4b42e74e0604922b2697820d13147c00b7e659f9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 00535dca6d6db97128f6e12451c1e04e", "expiration": null, "is_active": 1 }, { "id": 3360563557, "indicator": "4e4bf9bf2ef6b8e591fe639e6ed124e4a9bff99f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 545bee90a5f356b114ca3a4823f14990", "expiration": null, "is_active": 1 }, { "id": 3360563558, "indicator": "4fc1eeb6442e9c3c881b664787e6c7b9b26be55c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 37085d946c77f521c3092f822bc3983f", "expiration": null, "is_active": 1 }, { "id": 3360563559, "indicator": "4fd5fd704fe97cb9ed96ece40ae89ef416b17749", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of a43f67af43730552864f84e2b051deb4", "expiration": null, "is_active": 1 }, { "id": 3360563560, "indicator": "4ffa087beac8f31b2be456a52b90e9c64faa5c19", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1dd86b28a2bc986b069c75bf5c6787b9", "expiration": null, "is_active": 1 }, { "id": 3360563561, "indicator": "507f532fa684bbcddacf9666671c031d4b3210d3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 21a6959a33909e3cdf27a455064d4d4d", "expiration": null, "is_active": 1 }, { "id": 3360563562, "indicator": "53dc39b2c49022248d806d66d67c1ac21309b280", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 2e208b3d5953bd92c84031d3a7b8a231", "expiration": null, "is_active": 1 }, { "id": 3360563563, "indicator": "549e81bcd74c557b36d747f6234248dcf9b508a9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 29f2ab09fdffc4006a4407c05ba11b65", "expiration": null, "is_active": 1 }, { "id": 3360563564, "indicator": "559a64d63e0ca4de04900f33001f61d61cb49de5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 88e4147efaba886ff16d6f058e8a25a6", "expiration": null, "is_active": 1 }, { "id": 3360563565, "indicator": "560ff33cc684350bdf4e045a78ed0e85474bdc51", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 14222c1f10b2038f757bbc628c8da8ba", "expiration": null, "is_active": 1 }, { "id": 3360563566, "indicator": "5b8dd6ae0d014bc26a4ba395229f31d07d05c641", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 450a3edece8808f483203fe8988c4437", "expiration": null, "is_active": 1 }, { "id": 3360563567, "indicator": "628da23827374a5c4f4056288dbd7925d8bf6650", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0b2b5b9050bd5eb14fdbc618702a2ad3", "expiration": null, "is_active": 1 }, { "id": 3360563568, "indicator": "652de4daca207aff3ab2746c564681911b854463", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7a8518e46a1a7713653e34bbfb2b9ad8", "expiration": null, "is_active": 1 }, { "id": 3360563569, "indicator": "655c47bbe5851746ec4821d1876f97fdbbe70fe4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 27c5d028ee23a515df4203ea6026e23e", "expiration": null, "is_active": 1 }, { "id": 3360563570, "indicator": "6666915ed3dadef398f456d9bf63febb647f978c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1f69160f1d91bf9a0eda93829b75c583", "expiration": null, "is_active": 1 }, { "id": 3360563571, "indicator": "6669f257b467354c9946291c35af553479a5878c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 4bc0fb2dc90112926ab2471fef99beb3", "expiration": null, "is_active": 1 }, { "id": 3360563572, "indicator": "685b19128971aff0b8a64c4cd08f0d9dcc42a812", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 66a2a7ac521be856deed54fd8072d0e8", "expiration": null, "is_active": 1 }, { "id": 3360563573, "indicator": "6ce2f30b7b06c6bcd0ee190814111e0c9795e9ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 878a3d4b91875e10f032b58d5da3ddf1", "expiration": null, "is_active": 1 }, { "id": 3360563574, "indicator": "7089f5c025bdfa3029724c5e79774068137886b8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 2f2a8deca2539923b489d51de9a278f4", "expiration": null, "is_active": 1 }, { "id": 3360563575, "indicator": "74182071f453cf87a43bb8f3b4d777515d3c1dc9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7ad2bfab78fa74538dcdbe28da54f1f4", "expiration": null, "is_active": 1 }, { "id": 3360563576, "indicator": "7640b1a91d48a1e20c7df7304a2e15df07e6a966", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 6f073003704cc5b5265a0a9f8ee851d1", "expiration": null, "is_active": 1 }, { "id": 3360563731, "indicator": "7b6021cea7310da3bfed52195757c4ba94fb3130", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 90c8a317cba47d7e3525b69862ddef58", "expiration": null, "is_active": 1 }, { "id": 3360563732, "indicator": "7f41bad7709b39b21d49edac0920bb4d50b5ac87", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 194686907b35b69c508ae1a82d105acd", "expiration": null, "is_active": 1 }, { "id": 3360563733, "indicator": "805939e975239110e2c27ae004af46813c6a213d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 26c46a09cf1bdff5af503a406575809d", "expiration": null, "is_active": 1 }, { "id": 3360563734, "indicator": "81942647715f125efbe24141af54a8e996a8c932", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 31457cb30ccad20cdbc77b8c4b6f9b3f", "expiration": null, "is_active": 1 }, { "id": 3360563735, "indicator": "85f9523a0fa37f5a27dd6f4975a0b59b4f4089d4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7835cc94917b3a2b01b2d18925111dad", "expiration": null, "is_active": 1 }, { "id": 3360563736, "indicator": "8baa208c33199859d2cd60c960dc5fe0f2dd01ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 42db500fc0359f9f794d4b7775e41c99", "expiration": null, "is_active": 1 }, { "id": 3360563737, "indicator": "8d4474e34f118e62cbe4fb975e84194f39814166", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 40fee20fe98995acbda82dbcde0b674b", "expiration": null, "is_active": 1 }, { "id": 3360563738, "indicator": "90bac2e7e98886db9bad63560537fd03556b4aa7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 3b496b8cd19789fabf00584475b607c7", "expiration": null, "is_active": 1 }, { "id": 3360563739, "indicator": "90dad7e643b866e852e76837c5dccdbbdbf0b09a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 002f5e401f705fe91f44263e49d6c216", "expiration": null, "is_active": 1 }, { "id": 3360563740, "indicator": "96475e3e4b7dce57ea9e1efc947244cc13c0432d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 564950a5f4b3ca0e6ade94c5ca5d8de1", "expiration": null, "is_active": 1 }, { "id": 3360563741, "indicator": "9686f7af88d344174d64069f4e78556402043b70", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 5f0e8984886b551cae3eaafa73d9b72b", "expiration": null, "is_active": 1 }, { "id": 3360563742, "indicator": "98ae9cd2387b2f6a58cd02955322c119aefb3cec", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 56d85656c527242b493d9b19cb95370e", "expiration": null, "is_active": 1 }, { "id": 3360563743, "indicator": "990517613743dd24a09ffd560393499a958e2824", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 5dc172e2c96b79ea7d855339f1b2403c", "expiration": null, "is_active": 1 }, { "id": 3360563744, "indicator": "a5571feba37ab917ef6742a33c4443ba6cfc888c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of a4e2ed5ff620a786c2f2e15a5f8a2d2f", "expiration": null, "is_active": 1 }, { "id": 3360563745, "indicator": "aa0be8faad903da72a0647009b18541e5b02e837", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 58ef8790939fca73a20c6a04717a2659", "expiration": null, "is_active": 1 }, { "id": 3360563746, "indicator": "ac07787fafa25352c85d17710f15108ae6cac91a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 60d21ee6548de4673cbddef2d779ed24", "expiration": null, "is_active": 1 }, { "id": 3360563747, "indicator": "acce0294849de4af44ad51d03e84b8e0f19439d6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 29fdec2fd992c2ab38e1dd41500190b9", "expiration": null, "is_active": 1 }, { "id": 3360563748, "indicator": "b0cff67579934f54d560f70fde6a78c18981d287", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 6e4f77dcdbb034cb4073d8c46bf23ae3", "expiration": null, "is_active": 1 }, { "id": 3360563749, "indicator": "b3032241f87d06c0c3981d3eb983cddb378a4f60", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 8568a1cfa314525f49c98fafbf85d14b", "expiration": null, "is_active": 1 }, { "id": 3360563750, "indicator": "b7ab5a63e5038e26bb73950ade34c29863509b9f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 5686e5cdb415f7fb65a4a3d971f24e1c", "expiration": null, "is_active": 1 }, { "id": 3360563751, "indicator": "b9598b2e61918e17855599e03ee2608669e3938b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 151c7da8c611bf9795d813a5806d6364", "expiration": null, "is_active": 1 }, { "id": 3360563752, "indicator": "b970110fb6419a9717d9f36b128582577285ef00", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 199e39bda0af0a062ccc734faccf9213", "expiration": null, "is_active": 1 }, { "id": 3360563753, "indicator": "b9c32ade15db6535780b786e1d8723d4060349c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 93b22ecc56a91f251d5e023a5c20b3a4", "expiration": null, "is_active": 1 }, { "id": 3360563754, "indicator": "bb4a7d7f918f2ecf70832d35c69f60a714c2cd0c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 4f79981d1f7091be6aadcc4595ef5f76", "expiration": null, "is_active": 1 }, { "id": 3360563755, "indicator": "be182f8582f28b7e0b2271e01363536d69bcb40a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 688526edbea2d61664ec629f6558365c", "expiration": null, "is_active": 1 }, { "id": 3360563756, "indicator": "c0dd286892009f87582d07e4cf69f8910f6cac0f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 9fb98b0d1a5b38b6a89cb478943c285b", "expiration": null, "is_active": 1 }, { "id": 3360563757, "indicator": "c124990a2a1465452b2b8d6ccb93f8380e81bb23", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 17d287e868ab1dbafca87eb48b0f848f", "expiration": null, "is_active": 1 }, { "id": 3360563758, "indicator": "c3f48ecccd299b93c94f33342bd50aed3afed639", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 74ad35f0f4342f45038860ca0564ab8b", "expiration": null, "is_active": 1 }, { "id": 3360563759, "indicator": "cd6fddaa492a38629fd80c46bb2c2d37ec80444c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 2c029be8e3b0c9448ed5e88b52852ade", "expiration": null, "is_active": 1 }, { "id": 3360563760, "indicator": "d19c8371f2e28800f5b432ac7e02000085f8d67c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1dc305dcb4a51ea0dd10854a02a41b06", "expiration": null, "is_active": 1 }, { "id": 3360563761, "indicator": "d26c6f9a38306ffe877b4737d55183268401a72e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 2822d46611ad7fd71dfe5a1f4c79ab4b", "expiration": null, "is_active": 1 }, { "id": 3360563762, "indicator": "d296576ddb5a730bf57bc5a1bdbe10a9fd51360d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1355c1f173e78d3c1317ee2fb5cd95f1", "expiration": null, "is_active": 1 }, { "id": 3360563763, "indicator": "d3d9f4062b037f828a0f03a7a83c848fb0d62dd7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 3fbd798bcd7214fcbf5fab05faf9fd71", "expiration": null, "is_active": 1 }, { "id": 3360563764, "indicator": "d56463347189237ba5ada511d4cb67d0f0414b81", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 3de3419f6441a7f4d664077a43fb404b", "expiration": null, "is_active": 1 }, { "id": 3360563765, "indicator": "d56a99e8db4c606df7fc18ab965343e774e08926", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Worm.Autorun-3719", "description": "SHA1 of 49cb69039308b2613664515c5fa323e1", "expiration": null, "is_active": 1 }, { "id": 3360563766, "indicator": "d7d6cb32b8161d349055fce1f1d2028290f2071a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0b1fa00484e10f465533aaf08bd98b62", "expiration": null, "is_active": 1 }, { "id": 3360563767, "indicator": "e29f529275d791aa5809b7ebfb8ebe4013e58185", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 6da22f42139a4a2365e7a9068d7b908a", "expiration": null, "is_active": 1 }, { "id": 3360563768, "indicator": "e3589a2a9b40ebb8c901a2e53f0551b6e8f2f812", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 9b6dbf8fe2da2a6c5ec28d2a649aacb6", "expiration": null, "is_active": 1 }, { "id": 3360563769, "indicator": "e4a976c726d4cd8daf70be50f527baaf2e52349e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7cccaf9b08301d2c2acb647ea04ca8e1", "expiration": null, "is_active": 1 }, { "id": 1822912759, "indicator": "e6f4b67a392aff82a8c019ea319182fba598add3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 682c987506651fcae56c32ffa1f70170", "expiration": null, "is_active": 1 }, { "id": 3360563770, "indicator": "e79661357ef4185bcbf664af958eb54591c80529", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 487e79347d92f44507200792a7795c7b", "expiration": null, "is_active": 1 }, { "id": 3360563771, "indicator": "e7cd80c95e2eb45925ed512e378413e781927bea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 13429f4899618f3529669a8ce850b512", "expiration": null, "is_active": 1 }, { "id": 3360563772, "indicator": "e80fca8b2b1d62367b3b716c04ab5e4643ab3aaa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 1163ad598b617ef336dd75d119182ad4", "expiration": null, "is_active": 1 }, { "id": 3360563773, "indicator": "e9f15d8d2da2aa844362ab7dad6b1ac4803b81ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "SHA1 of 2c6595834dd5528235e8a9815276563e", "expiration": null, "is_active": 1 }, { "id": 3360563774, "indicator": "eb837b9e3e16cfbf9a71a322f023b03615a2c549", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 152ad931b42a8da9149dd73a8bfcff69", "expiration": null, "is_active": 1 }, { "id": 3360563775, "indicator": "ee74de67b88c3947ed43a1b7f229b60d4029c658", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 0333f6533573d7a08b4de47bd186ec65", "expiration": null, "is_active": 1 }, { "id": 3360563776, "indicator": "f19c43432241e2350397ac3074d6b5af47159299", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 72312f1e2ae6900f169a2b7a88e14d93", "expiration": null, "is_active": 1 }, { "id": 1404856762, "indicator": "f262f92f8ff7768de40c688309b879706f4ef77a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 4605a7396d892bba0646bc73a02b28e9", "expiration": null, "is_active": 1 }, { "id": 3360563777, "indicator": "f593e38e22017268709ee89c71cc7205f2aff8d5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 05a0274ddea1d4e2d938ee0804da41db", "expiration": null, "is_active": 1 }, { "id": 3360563778, "indicator": "fa55caacedb65bc8cef814e826805f29b1fcfc9c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 6de614ad2b4d03f9dfcdf0251737d33d", "expiration": null, "is_active": 1 }, { "id": 3360563779, "indicator": "fb8430d71719b6a3bf4d25d0c38a4260be8d38c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of 7faabce7d2564176480769a9d7b34a2c", "expiration": null, "is_active": 1 }, { "id": 3360563780, "indicator": "fcdbe7a7f3e6725bc970152fb7efd83d39242b37", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA1 of a498fcac85dc2e97281781a08b1c1041", "expiration": null, "is_active": 1 }, { "id": 2222467561, "indicator": "003315b0aea2fcb9f77d29223dd8947d0e6792b3a0227e054be8eb2a11f443d9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0a209ac0de4ac033f31d6ba9191a8f7a", "expiration": null, "is_active": 1 }, { "id": 3360563781, "indicator": "022224bfad26bab87cf5f4b17981a4224ef8fa6919520b3bc2946234efda1e11", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 60d21ee6548de4673cbddef2d779ed24", "expiration": null, "is_active": 1 }, { "id": 3360563782, "indicator": "037bdc95919b1d3d65af6202e8c9c9ca3caba7a863e4e39162b93fa032881feb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1f69160f1d91bf9a0eda93829b75c583", "expiration": null, "is_active": 1 }, { "id": 3360563783, "indicator": "0404b8957c27de20bebb133d3cf0a28e30700f667f7c2f3fe7fde7e726b691cd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 3177e1e3fcdf7ae79d5da1eca123e01a", "expiration": null, "is_active": 1 }, { "id": 3360563784, "indicator": "07d57be320708e478b4b6075928302e1bf7c15856de36adaa0c02be36282e453", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 34a72bd61c9573c304d737a5ca5892b4", "expiration": null, "is_active": 1 }, { "id": 3360563785, "indicator": "083c64c404ac1ea6df1a4cb6eafa91ef90b7abacc54547cf008cd74e77195746", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 74621a05bafb868bda8aeb6562dd36df", "expiration": null, "is_active": 1 }, { "id": 3360563786, "indicator": "0a39d48ce6fddd2feb5aefb26c3f437cf460dbf8670544ae9f1bd594856ac178", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 151c7da8c611bf9795d813a5806d6364", "expiration": null, "is_active": 1 }, { "id": 3360563787, "indicator": "0ac533252bd0595e5f983da38c18f89aa8cb6fbba6c85acd19be57b614338bdf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 29fdec2fd992c2ab38e1dd41500190b9", "expiration": null, "is_active": 1 }, { "id": 3360563788, "indicator": "0b1d25f2aaf6deb1d069f344e7787d0bc68a3152f50e1a0a9e16c7da55956872", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 5f0e8984886b551cae3eaafa73d9b72b", "expiration": null, "is_active": 1 }, { "id": 3360563789, "indicator": "0c7197a94954fa6041de64a397f6145c5d43d9bc4e91f45a5c2a79a1661cef3b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 24132e1e00071f33221c405399271b74", "expiration": null, "is_active": 1 }, { "id": 3360563790, "indicator": "0caa92abb6c880dde4b7924fc38ba31cf8af1ec3d51f9f5a93ba222dfd2db5d4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 58786e35fa1d61d1bcd671987d103957", "expiration": null, "is_active": 1 }, { "id": 3360563791, "indicator": "0cd47b2ab3960c0f0ea3519ff81490792eebf615fa959e9e8c17a4fc9291a17f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 13429f4899618f3529669a8ce850b512", "expiration": null, "is_active": 1 }, { "id": 3360563792, "indicator": "0fcf248a159e054b7f910ce9331dede223a3c7687b466221048080a593936439", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 3fbd798bcd7214fcbf5fab05faf9fd71", "expiration": null, "is_active": 1 }, { "id": 3360563793, "indicator": "1049513add53616cd878f6e2e0788424d9dd01d8516ce3191cc3ab54860b8c47", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 2c029be8e3b0c9448ed5e88b52852ade", "expiration": null, "is_active": 1 }, { "id": 3360563794, "indicator": "10fd36cd818e6efc40e0871645a31024e6668de32d62b932d7ecd16dfad0a32d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 152ad931b42a8da9149dd73a8bfcff69", "expiration": null, "is_active": 1 }, { "id": 1755839018, "indicator": "1175779f91d1ac474636dc200671cc46352f018b1d3292b0b94b3bdb6b047c82", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 682c987506651fcae56c32ffa1f70170", "expiration": null, "is_active": 1 }, { "id": 3360563795, "indicator": "12d6beda17e2078641304395c1999c33b931b9b703a4e4d9eb9550bdbcc148d9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0b1fa00484e10f465533aaf08bd98b62", "expiration": null, "is_active": 1 }, { "id": 3360563796, "indicator": "12d9d59c8e659d9245f10d5877805a4779d4b42b592633f3f4c5e2d3ecb7f594", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0b5f75e67b78d34dc4206bf49c7f09e9", "expiration": null, "is_active": 1 }, { "id": 3360563797, "indicator": "12e8654f7ce06a2bfad58884cb44f745db618feae49dc17419857b491fbdca0c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 194686907b35b69c508ae1a82d105acd", "expiration": null, "is_active": 1 }, { "id": 3360563798, "indicator": "137a7f3834fa48fd128a5f73621de37c94f33fa5722f3f2873d25a6177cf6a82", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Worm.Autorun-3719", "description": "SHA256 of 49cb69039308b2613664515c5fa323e1", "expiration": null, "is_active": 1 }, { "id": 3360563799, "indicator": "140405af287d7d44ae06fdd169e8c3ee9033a7b3a43890a72114efb16b5a17cc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 8baadb392a85a187360fca5a4e56e6cf", "expiration": null, "is_active": 1 }, { "id": 3360563800, "indicator": "141fc8ae2f5ea5240a438fbf9cdbad065883aa69e10cbc854de4a942b8b53e84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 27c5d028ee23a515df4203ea6026e23e", "expiration": null, "is_active": 1 }, { "id": 3360563801, "indicator": "14217cd3e5da10e59d3e0e3e187071d3e5d38fef3cabdcee166c0146d5ca3b36", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 246272dd6e9193e31745ad54138f875d", "expiration": null, "is_active": 1 }, { "id": 3360563802, "indicator": "15db806d19b07c94c15afc2beadbc41b5fd96502c8e707dc4873a08ce8ba4be5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 5b0f5f62ef3ae981fe48b6c29d7beab2", "expiration": null, "is_active": 1 }, { "id": 3360563803, "indicator": "1602651be80bc74bf30447d120365ee845ed81bed93c691774c027439026c641", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 00535dca6d6db97128f6e12451c1e04e", "expiration": null, "is_active": 1 }, { "id": 3360563804, "indicator": "160eb5bd98c22eb10b9d25f9e39610ecb9f9b0d68b2e978193d6bfc6848896d7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 545bee90a5f356b114ca3a4823f14990", "expiration": null, "is_active": 1 }, { "id": 3360563805, "indicator": "17b9934fa636876cbf5adc76c0b5c40f0baf4d9541716d3638cad5552aa13df8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7bc77cfdfefb70225ddb57ef20c554ac", "expiration": null, "is_active": 1 }, { "id": 3360563806, "indicator": "1831e4e58f062f9b1da66e7b02772122eab3959f91e9cafe71b4c1a2a4e606e5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 4bc0fb2dc90112926ab2471fef99beb3", "expiration": null, "is_active": 1 }, { "id": 3360563807, "indicator": "18e8fb40c060d34cce03e7cff581d0d6e223bdfe98eb5f0c194cfd71b127ccd4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 2e208b3d5953bd92c84031d3a7b8a231", "expiration": null, "is_active": 1 }, { "id": 3360563808, "indicator": "191a01424777f8655d7602c076ed8f17fb84464f6e353f682cf34b31c137ba30", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 17d287e868ab1dbafca87eb48b0f848f", "expiration": null, "is_active": 1 }, { "id": 3360563809, "indicator": "1cb938f4f96770bd4646ad2fbe8c7ad7d6d2e75557ffe78b7765943db3a93a5a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 63b2f98548174142f92fdfd995a2c70a", "expiration": null, "is_active": 1 }, { "id": 3360563810, "indicator": "1d4071ca9ee225ca7c4171fb5f51e1a3ad1b79412538ff6903bc9693485cdab0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 8568a1cfa314525f49c98fafbf85d14b", "expiration": null, "is_active": 1 }, { "id": 3360563811, "indicator": "1d83a5d4cc0a0fde07bce3a641a4df279a5723f26f07ee7373ff3074dc8b429d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 29f2ab09fdffc4006a4407c05ba11b65", "expiration": null, "is_active": 1 }, { "id": 3360563812, "indicator": "1e5a7e7211cdc41099c5cce7fc865c1ad8f0074e4afe23735c7087bc00227688", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 5f5abbe2e637d4f0b8afe7f2342c2942", "expiration": null, "is_active": 1 }, { "id": 3360563813, "indicator": "1eb7b8332b8d5830e17ee66c7c5597b862981a1dd362aef8f91552409cde73c7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 9fb98b0d1a5b38b6a89cb478943c285b", "expiration": null, "is_active": 1 }, { "id": 3360563814, "indicator": "254b08a2c43ff7c4237ef704b2f601f29d27305541ccc90fe3cba01853b0b85b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 5dc172e2c96b79ea7d855339f1b2403c", "expiration": null, "is_active": 1 }, { "id": 105938389, "indicator": "25df2f399be3ca95950499bba7030524eac7409d4a7a555b1d8bb0ca7c6d7c49", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1d6c98e55203f0c51c0821fe52218dd8", "expiration": null, "is_active": 1 }, { "id": 3360563815, "indicator": "25ea29b10b3edf24179ca26cad69ff2c999b35a4401b6f21c377727f96058716", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 450a3edece8808f483203fe8988c4437", "expiration": null, "is_active": 1 }, { "id": 3360563816, "indicator": "261360bc0f66d48dc2a9f1ffea34a65931096c7265c02c028a8e32607d8bafe2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 6de614ad2b4d03f9dfcdf0251737d33d", "expiration": null, "is_active": 1 }, { "id": 3360563817, "indicator": "26e8eea90a31a7275f6172270cfbb1ec3aa30380571b0dfeefcc17e9b222cb9d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 84e505227fdb2dd5d7d004659e5d34a0", "expiration": null, "is_active": 1 }, { "id": 3360563818, "indicator": "277032657dad420b1f0fbbd5bcb2e1a375fe3ede9461e19d21161d8ef2191d71", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 6da22f42139a4a2365e7a9068d7b908a", "expiration": null, "is_active": 1 }, { "id": 3360563819, "indicator": "2c1e59d4273d76003d3a2481aa4c2fc6a1708fb255d20e14a66db417a417f422", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 149b980e2495df13edcefed78716ba8d", "expiration": null, "is_active": 1 }, { "id": 3360563820, "indicator": "30efc294f0d55a3f56461698e6fb6923e2f6e650f1adde5e7a4e963747b6dd7d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 4f79981d1f7091be6aadcc4595ef5f76", "expiration": null, "is_active": 1 }, { "id": 3360563821, "indicator": "34cbc0080c1d1074cd8798eac5fe0167cf255b4db92a9017b316dfc1a967dfe4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 3de3419f6441a7f4d664077a43fb404b", "expiration": null, "is_active": 1 }, { "id": 3360563822, "indicator": "36dacc9e50230061dd57615e49155726211e197cb7365ec72cbfdee29903c866", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of a498fcac85dc2e97281781a08b1c1041", "expiration": null, "is_active": 1 }, { "id": 3360563823, "indicator": "37e311f86ef8271acaaee19bf0e86c3cd4c580d1c529279b3a034840d106f412", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1355c1f173e78d3c1317ee2fb5cd95f1", "expiration": null, "is_active": 1 }, { "id": 3360563824, "indicator": "39b3fd4fe8cd4514901b9ed762e74ede581dbbea9f8be7eb3a7f077af16035dc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 5686e5cdb415f7fb65a4a3d971f24e1c", "expiration": null, "is_active": 1 }, { "id": 2788217623, "indicator": "39f954d0804239accbdc3d7c0c3a98fff327d47ae92a111022823c528f6ebb03", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 44bd4cf5e28d78cc66b828a57c99ca74", "expiration": null, "is_active": 1 }, { "id": 3360563825, "indicator": "3b0520cb529168cad100ab5512fc4c520d28fa239237f01c5a09cc4df7bd8eeb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1dd86b28a2bc986b069c75bf5c6787b9", "expiration": null, "is_active": 1 }, { "id": 3360563826, "indicator": "3b96240880b2fc4d9d05e85e4e47e5cf1f431c551b77a88ee9f21eacd4c5d157", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7faabce7d2564176480769a9d7b34a2c", "expiration": null, "is_active": 1 }, { "id": 3360563827, "indicator": "3cd206c2a54145e5a9221f83d2f7ecde0cf2df261e5a433a9115dc3b537307b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of a4e2ed5ff620a786c2f2e15a5f8a2d2f", "expiration": null, "is_active": 1 }, { "id": 3360563828, "indicator": "3d7093b50b2fa9481e6dc4f4c19105d917d1e72cebdd31a642a193d322320c71", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 05a0274ddea1d4e2d938ee0804da41db", "expiration": null, "is_active": 1 }, { "id": 3360563829, "indicator": "3e528f788396f2b591d684ce8b4283bfdac8da59ef97de1f3779c87f7b6f6118", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 72312f1e2ae6900f169a2b7a88e14d93", "expiration": null, "is_active": 1 }, { "id": 3360563830, "indicator": "3ee093ba4872dc47d28b2437cc5fa404f69209339cc75e0d172b7fd38d324410", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 2c35ed272225b4e134333bea2b657a3f", "expiration": null, "is_active": 1 }, { "id": 3360563831, "indicator": "3fb77b4fa1705c3d3a80b563b5570375d860010bf1ffc8658d8d04826e7294ba", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 6f073003704cc5b5265a0a9f8ee851d1", "expiration": null, "is_active": 1 }, { "id": 3360563832, "indicator": "401280d3336332de06d99d485a5e6c93b5c233029f74d14718875cc30aebfefd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 88e4147efaba886ff16d6f058e8a25a6", "expiration": null, "is_active": 1 }, { "id": 3360563833, "indicator": "4186370b9bce5b85e49332c046255edc635c059869e113ec37d0619c48b54ed8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 37085d946c77f521c3092f822bc3983f", "expiration": null, "is_active": 1 }, { "id": 3360563834, "indicator": "422343a0ebaaf5fdcb6e89698e362d74f76b0c9e167f4167e0face49eeb12805", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 564950a5f4b3ca0e6ade94c5ca5d8de1", "expiration": null, "is_active": 1 }, { "id": 2788218636, "indicator": "427c68a1c5ecb37a15af1cdfbaf9cc35448a4c148514f7b6c06a7ac266f76068", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 70b0214530810773e46afa469a723ce3", "expiration": null, "is_active": 1 }, { "id": 3360563835, "indicator": "42d73057b7e8fc22de168763479576af49eccac6b49fa7ae21afe1ca6cac6455", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7cccaf9b08301d2c2acb647ea04ca8e1", "expiration": null, "is_active": 1 }, { "id": 3360563836, "indicator": "44bba6ff442292cb25acc4bf4d90afc01d28344b32f4c220b93c9555a833e8d2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 3b496b8cd19789fabf00584475b607c7", "expiration": null, "is_active": 1 }, { "id": 3360563837, "indicator": "45ac93f3cffdd6d6013bb4b371a607ff42b38a2832af4769031b71cffacd0593", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "SHA256 of 2c6595834dd5528235e8a9815276563e", "expiration": null, "is_active": 1 }, { "id": 2658422190, "indicator": "4629fe32a233a8c0e5d6a9eff62808d7ace3fa3018c7b618fc031d8403fab1c6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 40fee20fe98995acbda82dbcde0b674b", "expiration": null, "is_active": 1 }, { "id": 3360563838, "indicator": "4669dc7326ba0071ffcddb3df6ee9421aba6bde58aee2758ac3324ba309156a4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 2822d46611ad7fd71dfe5a1f4c79ab4b", "expiration": null, "is_active": 1 }, { "id": 3360563839, "indicator": "46a34b0908947087dbd4f7333fc45c26c7f343259927c1489772fc189470615d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 199e39bda0af0a062ccc734faccf9213", "expiration": null, "is_active": 1 }, { "id": 3360563840, "indicator": "49c9890ecb9ea469b092eb19e9609c47a5abbcadd40986562eade9d50365f479", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0f256b5884f46a15b80b60bba8876966", "expiration": null, "is_active": 1 }, { "id": 3360563841, "indicator": "4a7262c1489d0d3c6109eed6c6b43052dcb294566dd2f9e21b3711d1681b0bd6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 053895ae9a145a74738ba85667ae2cd1", "expiration": null, "is_active": 1 }, { "id": 3360563842, "indicator": "4b12187e239b9089047eea0b718cccab6f89597e03d5bd33dcbc8c7266b0c707", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 038e4ffbdf9334dd0b96f92104c4a5c0", "expiration": null, "is_active": 1 }, { "id": 3360563843, "indicator": "4d851f4f0d1ee0f05e844fe8fcb6ef6d81d811114b127377cda1a3fe2aea42dd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 688526edbea2d61664ec629f6558365c", "expiration": null, "is_active": 1 }, { "id": 3360563844, "indicator": "4ea1df5fe82b36d1d067dbe15ac8bfe36c267830e41cbd21d99d30892480f594", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 74ad35f0f4342f45038860ca0564ab8b", "expiration": null, "is_active": 1 }, { "id": 1404857762, "indicator": "503e21e26b5e7badf58351e27a25e86f0733ac1fa2341095b251ef6cf3db0305", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 4605a7396d892bba0646bc73a02b28e9", "expiration": null, "is_active": 1 }, { "id": 3360563845, "indicator": "5234f3184e3f92553b7a2fb5d994b7fc4f39cdaacb3629fa3938b19f961e68e8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 93b22ecc56a91f251d5e023a5c20b3a4", "expiration": null, "is_active": 1 }, { "id": 3360563846, "indicator": "5428923285ce1a69ac08293c715478b791b143d6837f67e7a71a5d5516cc06a6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 9b6dbf8fe2da2a6c5ec28d2a649aacb6", "expiration": null, "is_active": 1 }, { "id": 3360563847, "indicator": "546ceab706c19116fadddf2c8b011ea6bcd1f4a6f7a1b842d8dbde09cf383b4e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 14222c1f10b2038f757bbc628c8da8ba", "expiration": null, "is_active": 1 }, { "id": 3360563848, "indicator": "54a0c42a920a1080f6478054d0a73296c14e22096bcf901177ef0d28baa1728e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 002f5e401f705fe91f44263e49d6c216", "expiration": null, "is_active": 1 }, { "id": 2700192872, "indicator": "55de19ce32b6bd6ea1dc298a4950c426510238aee3a4f49136cde75ae2e14b6b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 42db500fc0359f9f794d4b7775e41c99", "expiration": null, "is_active": 1 }, { "id": 3360563849, "indicator": "55fdee091e91f39f73bc04dffc91582fbb8ae2bc249eeff18df1313d09147ab6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 26c46a09cf1bdff5af503a406575809d", "expiration": null, "is_active": 1 }, { "id": 3360563850, "indicator": "5699688d81cb45006b31e9a5ba71812dfe0cf303e6a7deaceb7beac19158aa63", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7a8518e46a1a7713653e34bbfb2b9ad8", "expiration": null, "is_active": 1 }, { "id": 3360563851, "indicator": "574e6f4175253b4a98aaee4977645cd12995f1bf5bae723bfeaebbe8242a3a25", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 91b1f4a4fa5c26473ab678408edcb913", "expiration": null, "is_active": 1 }, { "id": 3360563852, "indicator": "5972cd6336b5997a664f67a5f2b7d757724a82b2879eafbbc9bc9027592bc570", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Eqtonapt.A!dha", "description": "SHA256 of 8ad46bb2d0bef97548ebbed2f6eea2e1", "expiration": null, "is_active": 1 }, { "id": 3360563853, "indicator": "5a377a90dddb9050b9863e26ea8d64fdde9d47d6790101d2af36bd34dc0e29ac", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 21a6959a33909e3cdf27a455064d4d4d", "expiration": null, "is_active": 1 }, { "id": 3360563854, "indicator": "5b71802e765548793aec6905d81509037684347dda8fc075d252cc5a21ea60d9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1dc305dcb4a51ea0dd10854a02a41b06", "expiration": null, "is_active": 1 }, { "id": 3360563855, "indicator": "5c84e85c70c595de7363d29607229951a6cb4a988b90eb10e5223b01e971fcec", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 2f2a8deca2539923b489d51de9a278f4", "expiration": null, "is_active": 1 }, { "id": 3360563856, "indicator": "5e7755b3bf9e3408771e14b40c79045ea311181e7dbd4b7f6f4122cff45924e8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 58ef8790939fca73a20c6a04717a2659", "expiration": null, "is_active": 1 }, { "id": 3360563857, "indicator": "62e95aa7304ebba1d1e06645155a290d3adbd8e304f9c22f6287ac0556ee38ef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 3a431d965b9537721be721a48cccdf0a", "expiration": null, "is_active": 1 }, { "id": 3360563858, "indicator": "6364ddf44f0276889b16ba8139028c61b6d2fcfad08abad89e79f84983b26e21", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of a43f67af43730552864f84e2b051deb4", "expiration": null, "is_active": 1 }, { "id": 3360563859, "indicator": "67d516e9a104266bbb4ad4250ec77908617c78d0f172113c28c08391cd5d7c8f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 56d85656c527242b493d9b19cb95370e", "expiration": null, "is_active": 1 }, { "id": 3360563860, "indicator": "689f8aba901983ba2430fa5d46a7b912692a58dd75ba09d0a877409b770753c0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7ad2bfab78fa74538dcdbe28da54f1f4", "expiration": null, "is_active": 1 }, { "id": 3360563861, "indicator": "6af16f8b2d94f1bc92242d8f5a170dec882fed23b3f75ca82772bfcd28ee552e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 878a3d4b91875e10f032b58d5da3ddf1", "expiration": null, "is_active": 1 }, { "id": 3360563862, "indicator": "6b6128b97d804d6cdafb3a7d4fb26eea711475574f518c1a5f30f8da2609585b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 7835cc94917b3a2b01b2d18925111dad", "expiration": null, "is_active": 1 }, { "id": 3360563863, "indicator": "6d022edd2d29dc3607023a3f47771036215fffcbc4d4145d6077f8eb0aca1847", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1163ad598b617ef336dd75d119182ad4", "expiration": null, "is_active": 1 }, { "id": 3360563864, "indicator": "70633d93e529483200d1f3908d6de365786419635280bcb2dc99e53b1e1e9024", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0333f6533573d7a08b4de47bd186ec65", "expiration": null, "is_active": 1 }, { "id": 3360563865, "indicator": "725231e82cb33aab8d0e96cbf8b8cbea675877764f2b3dded0bdfb30645f1069", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 90c8a317cba47d7e3525b69862ddef58", "expiration": null, "is_active": 1 }, { "id": 3360563866, "indicator": "761226f29e1667760a83873e575dd4414eefdd9697e10198e405f81135d3b43c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 487e79347d92f44507200792a7795c7b", "expiration": null, "is_active": 1 }, { "id": 3360563867, "indicator": "7686674b9291f42908f23bad20ff7040c963c75b0f763c7379ddd4301fc8c0fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 66a2a7ac521be856deed54fd8072d0e8", "expiration": null, "is_active": 1 }, { "id": 3360563868, "indicator": "79436047ec2e804b8c5c6226fb790da5272ab6df60a9c5d5ca55e453624c9f5f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 31457cb30ccad20cdbc77b8c4b6f9b3f", "expiration": null, "is_active": 1 }, { "id": 3360563869, "indicator": "7b8d6f2147d3c778d609654faff42f18e85c2898cddd2fa74c2aa6baa2567bcd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 6e4f77dcdbb034cb4073d8c46bf23ae3", "expiration": null, "is_active": 1 }, { "id": 3360563870, "indicator": "7bb2fa5601d0b13a3e3a025915cfba937f9e0e36ac4dafc98852888b85e0b333", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 0b2b5b9050bd5eb14fdbc618702a2ad3", "expiration": null, "is_active": 1 }, { "id": 3360563871, "indicator": "7bb476083dafaadf7fdb53b53b9dd1c67da9f9ba71d6ed7030657b47baa7bb4b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-4316", "description": "SHA256 of 4810559ed364a18843178f1c4fca49fc", "expiration": null, "is_active": 1 }, { "id": 3360563872, "indicator": "7be97197eaf74da364a18f4bdd393a80b26e91c3db19a6cb2f7605e42ac43423", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Worm.Autorun-7642", "description": "SHA256 of 1b9901d0f5f28c9275a697134d6e487a", "expiration": null, "is_active": 1 }, { "id": 3360563873, "indicator": "7a8baaff5fa90d3de29a9488eea57e13fbc9d0e1", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_Equation_Group { \n \tmeta: \n \t\t description= \"APTMalware_Equation_Group Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_00-26-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"002f5e401f705fe91f44263e49d6c216\" \n \t\t hash2= \"0047c4a00161a8478df31dbdea44a19e\" \n \t\t hash3= \"00535dca6d6db97128f6e12451c1e04e\" \n \t\t hash4= \"0063bf5852ffb5baabcdc34ad4f8f0bf\" \n \t\t hash5= \"00f5f27098d25a1961df56a1c58398e2\" \n \t\t hash6= \"00fae15224f3a3c46d20f2667fb1ed89\" \n \t\t hash7= \"02d5eb43f5fc03f7abc89c57b82c75f8\" \n \t\t hash8= \"0333f6533573d7a08b4de47bd186ec65\" \n \t\t hash9= \"038e4ffbdf9334dd0b96f92104c4a5c0\" \n \t\t hash10= \"03a5ae64c62eb66dd7303801785d3f7b\" \n \t\t hash11= \"03a64049747b2544a5ee08a2520495d8\" \n \t\t hash12= \"04ddb75038698f66b9c43304a2c92240\" \n \t\t hash13= \"05187aa4d312ff06187c93d12dd5f1d0\" \n \t\t hash14= \"053895ae9a145a74738ba85667ae2cd1\" \n \t\t hash15= \"05a0274ddea1d4e2d938ee0804da41db\" \n \t\t hash16= \"05e58526f763f069b4c86d209416f50a\" \n \t\t hash17= \"063ad1284a8dfb82965b539efd965547\" \n \t\t hash18= \"06a1824482848997877da3f5cb83f196\" \n \t\t hash19= \"07988b3b1af58a47f7ee884e734d9a45\" \n \t\t hash20= \"0915237a0b1f095aace0a50b82356571\" \n \t\t hash21= \"09344144f44e598e516793b36de7822a\" \n \t\t hash22= \"0a209ac0de4ac033f31d6ba9191a8f7a\" \n \t\t hash23= \"0a704348bd37ea5ccd2e0a540eb010c2\" \n \t\t hash24= \"0a78f4f0c5fc09c08dc1b54d7412bc58\" \n \t\t hash25= \"0acbdd008b62cd40bb1434aca7500d5b\" \n \t\t hash26= \"0b1fa00484e10f465533aaf08bd98b62\" \n \t\t hash27= \"0b2b5b9050bd5eb14fdbc618702a2ad3\" \n \t\t hash28= \"0b5f75e67b78d34dc4206bf49c7f09e9\" \n \t\t hash29= \"0c4bd72bd7119c562f81588978ac9def\" \n \t\t hash30= \"0d1248bd21ba2487c08691ee60b8d80e\" \n \t\t hash31= \"0e2313835ca0fa52d95500f83fe9f5d2\" \n \t\t hash32= \"0f256b5884f46a15b80b60bba8876966\" \n \t\t hash33= \"0fd329c0ecc34c45a87414e3daad5819\" \n \t\t hash34= \"101bc932d760f12a308e450eb97effa5\" \n \t\t hash35= \"102a411051ef606241fbdc4361e55301\" \n \t\t hash36= \"10a9caa724ae8edc30c09f8372241c32\" \n \t\t hash37= \"1163ad598b617ef336dd75d119182ad4\" \n \t\t hash38= \"1173639e045c327554962500b6240eeb\" \n \t\t hash39= \"12298ef995a76c71fa54cbf279455a14\" \n \t\t hash40= \"13429f4899618f3529669a8ce850b512\" \n \t\t hash41= \"1355c1f173e78d3c1317ee2fb5cd95f1\" \n \t\t hash42= \"13b67c888efeaf60a9a4fb1e4e182f2d\" \n \t\t hash43= \"14222c1f10b2038f757bbc628c8da8ba\" \n \t\t hash44= \"149b980e2495df13edcefed78716ba8d\" \n \t\t hash45= \"151c7da8c611bf9795d813a5806d6364\" \n \t\t hash46= \"152ad931b42a8da9149dd73a8bfcff69\" \n \t\t hash47= \"1643b9b5861ca495f83ed2da14480728\" \n \t\t hash48= \"168af91d1ba92a41679d5b5890dc71e7\" \n \t\t hash49= \"17d287e868ab1dbafca87eb48b0f848f\" \n \t\t hash50= \"18cb3574825fa409d5cbc0f67e8cc162\" \n \t\t hash51= \"1925b30a657ea0b5bfc62d3914f7855f\" \n \t\t hash52= \"194686907b35b69c508ae1a82d105acd\" \n \t\t hash53= \"19507f6adfad9e754c3d26695dd61993\" \n \t\t hash54= \"199e39bda0af0a062ccc734faccf9213\" \n \t\t hash55= \"19eb57e93ed64f2bb9aab0307ece4291\" \n \t\t hash56= \"1b27ac722847f5a3304e3896f0528fa4\" \n \t\t hash57= \"1b9901d0f5f28c9275a697134d6e487a\" \n \t\t hash58= \"1cb7ae1bc76e139c89684f7797f520a1\" \n \t\t hash59= \"1d6c98e55203f0c51c0821fe52218dd8\" \n \t\t hash60= \"1dc305dcb4a51ea0dd10854a02a41b06\" \n \t\t hash61= \"1dd86b28a2bc986b069c75bf5c6787b9\" \n \t\t hash62= \"1ef39eb63ddff30a3e37feeffb8fc712\" \n \t\t hash63= \"1f1dc3cf1d769d464db9752c8cecc872\" \n \t\t hash64= \"1f69160f1d91bf9a0eda93829b75c583\" \n \t\t hash65= \"1fd210ba936fd11b46781e04bbc0f8b5\" \n \t\t hash66= \"205fb6034381dfd9d19d076141397cf6\" \n \t\t hash67= \"2062d7b0d9145adbe0131cf1fb1fc35a\" \n \t\t hash68= \"21a6959a33909e3cdf27a455064d4d4d\" \n \t\t hash69= \"21a9c4073dbb1cb6127fdb932c95372c\" \n \t\t hash70= \"2249d5577d2c84ba1043376b77e6c24d\" \n \t\t hash71= \"22db66045fa1e39b5bf16fc63a850098\" \n \t\t hash72= \"24132e1e00071f33221c405399271b74\" \n \t\t hash73= \"242a7137788b0f0aefcea5c233c951b7\" \n \t\t hash74= \"246272dd6e9193e31745ad54138f875d\" \n \t\t hash75= \"263b761fcea771137f2ea9918e381b47\" \n \t\t hash76= \"26c46a09cf1bdff5af503a406575809d\" \n \t\t hash77= \"27c5d028ee23a515df4203ea6026e23e\" \n \t\t hash78= \"2822d46611ad7fd71dfe5a1f4c79ab4b\" \n \t\t hash79= \"29f2ab09fdffc4006a4407c05ba11b65\" \n \t\t hash80= \"29fdec2fd992c2ab38e1dd41500190b9\" \n \t\t hash81= \"2a9f8131b996add197067b3bc9fa2f5a\" \n \t\t hash82= \"2bb52b4c1bc0788bf701e6f5ee761a9b\" \n \t\t hash83= \"2c029be8e3b0c9448ed5e88b52852ade\" \n \t\t hash84= \"2c35ed272225b4e134333bea2b657a3f\" \n \t\t hash85= \"2c6595834dd5528235e8a9815276563e\" \n \t\t hash86= \"2c87a3442c60c72f639ca7eb6754746a\" \n \t\t hash87= \"2d088e08fd1b90342cae128770063dbe\" \n \t\t hash88= \"2da059a8bf3bc00bb809b28770044ff6\" \n \t\t hash89= \"2e0e43f2b0499d631edf1dd92f09bd2c\" \n \t\t hash90= \"2e208b3d5953bd92c84031d3a7b8a231\" \n \t\t hash91= \"2ebd5bd711ceb8d6b4f6eba38d087bc9\" \n \t\t hash92= \"2f2a8deca2539923b489d51de9a278f4\" \n \t\t hash93= \"303b7527db5b417719daf9b0ae5b89aa\" \n \t\t hash94= \"31457cb30ccad20cdbc77b8c4b6f9b3f\" \n \t\t hash95= \"3177e1e3fcdf7ae79d5da1eca123e01a\" \n \t\t hash96= \"318d5e8b3da6c6f5e5041250ceb5d836\" \n \t\t hash97= \"34a72bd61c9573c304d737a5ca5892b4\" \n \t\t hash98= \"36601898373e4153062db98d1e7a3a28\" \n \t\t hash99= \"37085d946c77f521c3092f822bc3983f\" \n \t\t hash100= \"380258de6e47749952b60e5307d22dc0\" \n \t\t hash101= \"38430b3311314a4dc01c2cdcd29a0d10\" \n \t\t hash102= \"3a3fee2e8e1abdd99a020eeb8ee2d271\" \n \t\t hash103= \"3a431d965b9537721be721a48cccdf0a\" \n \t\t hash104= \"3a57adb8740da3ebec1673d21f20d0fe\" \n \t\t hash105= \"3a71446564b4c060d99a8ccd2eb5d161\" \n \t\t hash106= \"3ac8bc5e416d59666905489aea3be51e\" \n \t\t hash107= \"3b496b8cd19789fabf00584475b607c7\" \n \t\t hash108= \"3de3419f6441a7f4d664077a43fb404b\" \n \t\t hash109= \"3fbd798bcd7214fcbf5fab05faf9fd71\" \n \t\t hash110= \"40000b4f52dcdedb1e1d3bfd5c185cec\" \n \t\t hash111= \"40fee20fe98995acbda82dbcde0b674b\" \n \t\t hash112= \"41d1e22fabd1ce4d21f5f7be352b3a07\" \n \t\t hash113= \"42d6b187e323e939781a813baba5e7fc\" \n \t\t hash114= \"42db500fc0359f9f794d4b7775e41c99\" \n \t\t hash115= \"430f70cb70fe9d7e812f298f8b5b7df4\" \n \t\t hash116= \"44149d509bea6c8c0c9fb86bbd0828e1\" \n \t\t hash117= \"44bd4cf5e28d78cc66b828a57c99ca74\" \n \t\t hash118= \"4509385e247ef538cfb8cd42944ee480\" \n \t\t hash119= \"450a3edece8808f483203fe8988c4437\" \n \t\t hash120= \"4605a7396d892bba0646bc73a02b28e9\" \n \t\t hash121= \"4810559ed364a18843178f1c4fca49fc\" \n \t\t hash122= \"487e79347d92f44507200792a7795c7b\" \n \t\t hash123= \"48bc620f4c5b14e30f173b0d02887840\" \n \t\t hash124= \"48e958e3785be0d5e074ad2cfcf2fee4\" \n \t\t hash125= \"4902cd32c4ae98008ba24c0f40189e51\" \n \t\t hash126= \"49622ddf195628f7a3400b7a9f98e60a\" \n \t\t hash127= \"4984608139e2c5430a87028f84a2bbb7\" \n \t\t hash128= \"49cb69039308b2613664515c5fa323e1\" \n \t\t hash129= \"4a3b537879f3f29cd8d446c53e6b06c3\" \n \t\t hash130= \"4ad2f62ce2eb72eff45c61699bdcb1e3\" \n \t\t hash131= \"4bc0fb2dc90112926ab2471fef99beb3\" \n \t\t hash132= \"4c31fe56ff4a46fbcd87b28651235177\" \n \t\t hash133= \"4e58bd45a388e458c9f8ff09eb905cc0\" \n \t\t hash134= \"4ea931a432bb9555483b41b3bc8e78e4\" \n \t\t hash135= \"4f79981d1f7091be6aadcc4595ef5f76\" \n \t\t hash136= \"4fd969cefb161cbbfe26897f097eda71\" \n \t\t hash137= \"5118f69983a1544caf4e3d244e195304\" \n \t\t hash138= \"5328361825d0b1ccb0b157ceff4e883e\" \n \t\t hash139= \"545bee90a5f356b114ca3a4823f14990\" \n \t\t hash140= \"54c7657b4d19c6afaaf003a332704907\" \n \t\t hash141= \"54d7826f13c1116b0be9077334713f1a\" \n \t\t hash142= \"564950a5f4b3ca0e6ade94c5ca5d8de1\" \n \t\t hash143= \"5686e5cdb415f7fb65a4a3d971f24e1c\" \n \t\t hash144= \"56897704c43dbfb60847a6dca00de2b0\" \n \t\t hash145= \"56d85656c527242b493d9b19cb95370e\" \n \t\t hash146= \"56f2494e349e7449fbb551d55272bc57\" \n \t\t hash147= \"56f9632349458ab6253da1f302326620\" \n \t\t hash148= \"56ff71e1f28e1f149e0e4cf8ce9811d1\" \n \t\t hash149= \"57b64a212b4b3982793916a18fa4f489\" \n \t\t hash150= \"5821380182c7bfaa6646db4313449917\" \n \t\t hash151= \"58786e35fa1d61d1bcd671987d103957\" \n \t\t hash152= \"58ef8790939fca73a20c6a04717a2659\" \n \t\t hash153= \"595b08353458a0749d292e0e81c0fc01\" \n \t\t hash154= \"5a5bed7fae336b93c44b370a955182da\" \n \t\t hash155= \"5a723d3ef02db234061c2f61a6e3b6a4\" \n \t\t hash156= \"5a7dacc0c0f34005ab9710e666128500\" \n \t\t hash157= \"5b0f5f62ef3ae981fe48b6c29d7beab2\" \n \t\t hash158= \"5bec4783c551c46b15f7c5b20f94f4b9\" \n \t\t hash159= \"5dc172e2c96b79ea7d855339f1b2403c\" \n \t\t hash160= \"5e171b3a31279f9fcf21888ac0034b06\" \n \t\t hash161= \"5f0e8984886b551cae3eaafa73d9b72b\" \n \t\t hash162= \"5f5abbe2e637d4f0b8afe7f2342c2942\" \n \t\t hash163= \"5ff0e69bf258375e7eefcc5ac3bdcf24\" \n \t\t hash164= \"600984d541d399b1894745b917e5380b\" \n \t\t hash165= \"60d21ee6548de4673cbddef2d779ed24\" \n \t\t hash166= \"63b2f98548174142f92fdfd995a2c70a\" \n \t\t hash167= \"63ecb7fe79a5b541c35765caf424a021\" \n \t\t hash168= \"6436a4fb7a8f37ac934c275d325208e6\" \n \t\t hash169= \"64a58cf7e810a77a5105d56b81ae8200\" \n \t\t hash170= \"66a2a7ac521be856deed54fd8072d0e8\" \n \t\t hash171= \"6814b21455deb552df3b452ef0551ec1\" \n \t\t hash172= \"682c987506651fcae56c32ffa1f70170\" \n \t\t hash173= \"687f8bec9484257500976c336e103a08\" \n \t\t hash174= \"688526edbea2d61664ec629f6558365c\" \n \t\t hash175= \"68892e329fa28fe751b9eb16928ea98d\" \n \t\t hash176= \"68e6ee88ba44ed0b9de93d6812b5255e\" \n \t\t hash177= \"6abb5fbca4ab9fc730ba83f56c0b8c7a\" \n \t\t hash178= \"6b28afbf2362222fc501ed22f40a93ce\" \n \t\t hash179= \"6c28e8ed7b09dd7e052302614a3ef8d5\" \n \t\t hash180= \"6d10eb87d57fc0b3eb1c41cccf0319f4\" \n \t\t hash181= \"6da22f42139a4a2365e7a9068d7b908a\" \n \t\t hash182= \"6de614ad2b4d03f9dfcdf0251737d33d\" \n \t\t hash183= \"6e4f77dcdbb034cb4073d8c46bf23ae3\" \n \t\t hash184= \"6f073003704cc5b5265a0a9f8ee851d1\" \n \t\t hash185= \"70b0214530810773e46afa469a723ce3\" \n \t\t hash186= \"72312f1e2ae6900f169a2b7a88e14d93\" \n ", "title": "", "description": "APTMalware_Equation_Group Group", "expiration": null, "is_active": 1 }, { "id": 2931441, "indicator": "006c4561499da562a4e337e2c146cf1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384920, "indicator": "011815cb37f49a1d14d3db895a5e705f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546466, "indicator": "011858556ad3a5ef1a6bbc6ad9eaae09", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546467, "indicator": "013cd79973f9e26cd86719a988227c0c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384890, "indicator": "01f1204f54c645a13368e1ba54179779", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384827, "indicator": "024cc9872d9f413292d0f952920547ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546468, "indicator": "027eb2cda9f1c8df00e26641ce4ef12d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546470, "indicator": "031cb00db70f12ba917cd5675658f2c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931436, "indicator": "0393eebedbde6e5ee868f81ac024b401", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Bleedor", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546471, "indicator": "045fd6e98a51a3c4e55a99bb6696f4de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546472, "indicator": "04dc04a1a61769f33b234ad0f19fdc53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931469, "indicator": "04f3fbaaaf5026df29e0d7d317194043", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931471, "indicator": "0613d67070679fb97ddefc5973c4d604", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931415, "indicator": "06d8b1468f09d10aa5c4b115544ccc6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931425, "indicator": "0751ca6f8b652cae6f2b650f0cf9036a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931413, "indicator": "07a18ad4d859c67f208ccb76a7e6a184", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384940, "indicator": "07e40089cdf338e8d1423b3d97332a4d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546473, "indicator": "07f33ec44f655fe5386b342a10ae48a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546474, "indicator": "0810959693b40e9b61046f594f86bdb4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384829, "indicator": "095a6a3b6eba996d2786b5ec919b1a7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546475, "indicator": "095cd159b460d9232123cadfa3670158", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931421, "indicator": "099116c83c9b95ea71e75e1760fced28", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546476, "indicator": "0ae61e7f2dd01e6293b9df2e2787caca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931424, "indicator": "0af3761919bffa0019e7899333846b27", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931433, "indicator": "0b105cd6ecdfe5724c7db52135aa47ef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546477, "indicator": "0b6019cb7d872112837e3459266e1337", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546478, "indicator": "0c5861504dd9156b601c0db63eebaf52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384932, "indicator": "0cd07490fc02e2a602781bb939d0bc3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546479, "indicator": "0e7c4616c04c1a200a95b908ecd70027", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384830, "indicator": "0f3c15de074f934499f5bbc095d5557f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546481, "indicator": "0f8a8eaf95c7b3b5d9b60a73140fc2bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931419, "indicator": "1014374a0b4972adec93a015df6e4558", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546482, "indicator": "108137d380650c99a682077255e95418", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931484, "indicator": "115dc2627483aba7119ad4ceab1e042a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546483, "indicator": "11898306703dcbeb1ca2cd7746384829", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931481, "indicator": "11ed89f0ab17cf3973e2bf970879661a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384831, "indicator": "128cb2a5de0d0422d69bab6d23ebb0aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546484, "indicator": "12c8dfe94914c793c8a72b024d9334f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384917, "indicator": "130a799edeb0753164cdb76ccf8fd64c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546485, "indicator": "14a9d379d3b16146ac58bc1fd0f3561a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546486, "indicator": "15c700bc1e4ec53af996f5628e97a541", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546487, "indicator": "15ce067a4d370afae742db91646d26ee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931463, "indicator": "15d6249e0e7e03b3e00cc3917431cf64", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546488, "indicator": "15d909f3761b4ed5b85428bea971fc3b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546489, "indicator": "16406aeff6ded69b102b7442324bcd37", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546490, "indicator": "1670b57851c73813cb17479b302f84c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546491, "indicator": "171ffa1fb15a298bcca8d8108fe913a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546492, "indicator": "175c7694d32191091334e20509a7b2c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931472, "indicator": "17c72e0cde2e4019a6b885f8188ac410", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546493, "indicator": "1826efb7b1a4f135785ccfc8b0e79094", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384921, "indicator": "18677c3a2af1476aa8cbc73cfb74d8c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384832, "indicator": "18813863417608b4ad14babebcafcb57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546494, "indicator": "18b2e353c4628013c27aa1528cd7bd9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546495, "indicator": "19e137dc5974cfad5db62f96e3ba9fd1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931411, "indicator": "1a5da850993681e685893547d1aa2eaf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384833, "indicator": "1ab7360a9438fb816f01ac00c17c9da4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931468, "indicator": "1b0753f717d7a33defc389e399b20d57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546496, "indicator": "1c1157f3fbd1587527e5ade92f8f2f7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546497, "indicator": "1caa2b7cc66d901994a0893baecd2e06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931464, "indicator": "1d688ca3148df378a15796f43242b77c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546498, "indicator": "1ec70a07ec2aa63ba568160d22a78611", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546499, "indicator": "1fee79f50848493f08c5e5736594dab2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Zox-8", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384834, "indicator": "2128b6c7ec7848b73aeb6f211cef7615", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546500, "indicator": "218b1cd127a95a107dbaf4abe001d364", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546502, "indicator": "22de97c025f3cc9ad3f835d97b0a7fab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546503, "indicator": "231257eb290ad0335ebf4556f156fc68", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546504, "indicator": "254d87bdd1f358de19ec50a3203d771a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546505, "indicator": "270bba9ad5d6a8cf7e828870e4ae323f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546506, "indicator": "276aaea14d125f69fe7e80e5a30180d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546508, "indicator": "285a2e9216dbf83edf5ef12ba063a511", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546509, "indicator": "28af0e2520713b81659c95430220d2b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546510, "indicator": "28c3fa62b1f6a9baf71e18d78d0b97ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384922, "indicator": "29525be71ba4846739e553a0835ab460", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931416, "indicator": "296220a85742a8722b1335977dd98251", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931456, "indicator": "2989b78ac3a752bf6792ac9ac606fdf0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546511, "indicator": "2a312a7fcd5fd20e4a50e73b6b9c93de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384891, "indicator": "2ad67673a4facf2b493ca5989839d8e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931445, "indicator": "2d0950f69e206486c5272f2b0fc3aa22", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546514, "indicator": "2ea30517938dda8a084aa00e5ee921f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931437, "indicator": "2ec43703cc80323ae32fed751bedfff1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-F\\ [Trj]", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384923, "indicator": "2ffc739a927b62d4b7096e636951b77d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931414, "indicator": "3047ed57acac30c2327e74070b3864b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546516, "indicator": "30498006ce28019ec4a879484d67a6b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384933, "indicator": "3358c54a22d186ec9de0f15bc4bb2698", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546518, "indicator": "33d385520a2677cb4232d25fdd49407f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931467, "indicator": "35bdc5a2acf35bdf9fb9169e1a47d3e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2127946246, "indicator": "36711896cfeb67f599305b590f195aec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384835, "indicator": "379251974ebcd5c397f92ca45bb9620d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546519, "indicator": "37bb8eacc454aa619ef35e8d82ae85bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546520, "indicator": "37c37e327a766a1b2db2fb9c934ff16e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614465, "indicator": "38fb6993c3c94ea6df01235f44be4e77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546521, "indicator": "3a9503ce79a0ac3b6f2f38163d55554d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546522, "indicator": "3af5259a62cd4fd5ff0df1a54478997e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546523, "indicator": "3b56e91ed28d1bef96ee80ebb7ec90a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546524, "indicator": "3b58e122d9e17121416b146daab4db9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546525, "indicator": "3beaa003e5e1eaf60fe18c7a5b039a62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_procs", "description": "", "expiration": null, "is_active": 1 }, { "id": 2615069, "indicator": "3c722f0bea82e5bb8958f7fab012c911", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384924, "indicator": "3d107d5bdf554c6ae8d05c886080a18d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931430, "indicator": "3ecbc145dd593ec431145dd84e1e50cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546526, "indicator": "3f0649854d60a43ef8bea236a0eecee2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546527, "indicator": "3f3f0205a6526fc87a23a4e123e55d55", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "BackdoorWin32Dervec", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384836, "indicator": "4038fb208d4b50e1f5f765811fdac174", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931454, "indicator": "4197499923ab6125e2ee5e950b21ec91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546528, "indicator": "41b0e32592c9f846915d2452d1cab758", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931422, "indicator": "41ff77ea7d4960c75d272a6a6fc31e7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931443, "indicator": "43da75e7f8e7e1893dce276bd5b2e680", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546529, "indicator": "43fec0660c9e28ac046c0ffa8c987ed9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384837, "indicator": "4402db68df6682bfe3e1e855a2474444", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546530, "indicator": "44c4afc43c0be6b8710226e64d3b58f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384925, "indicator": "453021b8cc10f9077fa80d60d09c631d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931442, "indicator": "4591d01a291b700efbc5b263c67a266c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546532, "indicator": "459323ec0efc8d4e0f7c4908e08035fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546533, "indicator": "4617b5821d3d378addf68450ca6db761", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931489, "indicator": "4722c665196fb6c7450980eafde6ac86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546534, "indicator": "47a69704566f37e8626bb8bb5fa784c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546535, "indicator": "485ca8d140169ebbc8e5b3d7eaed544f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546536, "indicator": "48c21badebacdc9239416a9848b4855c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546537, "indicator": "494bedc21836a3323f88717066150abf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546538, "indicator": "49984ae27318351a541fae53522d3bef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546539, "indicator": "49b1ca0752d166c2cc5e04cbab8b71ee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384892, "indicator": "4a02ce3d6c6696ddda2a673298870e16", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931455, "indicator": "4b8fd1ee47f17164e61194f6b2dbfa40", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384926, "indicator": "4d028c7a47c1b0d00e894ad351a61996", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384838, "indicator": "4e8f1c053dbe449c93f04e11d4afa352", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384930, "indicator": "4fbb502ba8c7e8d81ec98a5974b9001a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546540, "indicator": "5042398cd279b93c2b76a3d0e78b5887", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546541, "indicator": "5048a96b8a0abb9dc9c068e16373598b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384839, "indicator": "50635147a579a8c8859a49c609f9d3d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931450, "indicator": "50678adefc49735a4f236e06e83c089d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384893, "indicator": "508f0af84d83e093bf6910dbab45421f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931435, "indicator": "509c562db69f8332b9fc3298236e8ffa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546542, "indicator": "50f7c822562c1213d244e1389d3895c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "!UPX_1_20", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384840, "indicator": "5156bc9f1dd8ef1c1055933bb9c89c91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931420, "indicator": "516fe9d2fe8b047fa8ba993692f44482", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384841, "indicator": "5171b030750f364a3459d5de22bc875d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546543, "indicator": "527bfd801206c4b382487320ce2a245e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384918, "indicator": "535ede2d69a7e07a097ef6648b12e417", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546544, "indicator": "54a0136213c408a489b9a158d1dcc5de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931496, "indicator": "5618bc41af50c790c8e8680ba30030ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546545, "indicator": "5620be18199c15296f3b23ba5831e2d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931449, "indicator": "5654424ea88de69d5c6031f7009f0428", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546546, "indicator": "5747b40d886fb05e5e05298549c9caa5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384934, "indicator": "5778178a1b259c3127b678a49cd23e53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546548, "indicator": "5919b59b61b3807b18be08a35d7c4633", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-985282", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546550, "indicator": "5a44818722a4f61602c9490012a8658e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546551, "indicator": "5a69a3d1520260bea2c34adf3cb92c03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931440, "indicator": "5a93c03ddfe3edeb2573b72d12ebe0e5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546552, "indicator": "5ad07321baed16a6d1187169c3160df4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546553, "indicator": "5c7828e1f193ef222b083c6ef8c888f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931444, "indicator": "5c865404f27f5e5b83b6fcfd94068118", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931491, "indicator": "5ce790274b7507740e9983d2efe69c17", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384842, "indicator": "5db7ba6e771cef48c623ae48fbb4740b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546554, "indicator": "5ed62492675e5577f5df02b349339195", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546555, "indicator": "603854698d11963ae116bc735a8b40ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384899, "indicator": "604c8b4f2f82e016cff74ebc4a359e34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931408, "indicator": "60bd5a9ab78f6c614b824ddcb47dfd7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546556, "indicator": "6103f34ec409f99762e9c3714dfa1262", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931499, "indicator": "624db864fe644bc08c16cdbdb8f4bdfb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546557, "indicator": "6255f40b4000abad8b9e795280fddfd1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546558, "indicator": "6275219b8a353f7e093c7dd2e9301567", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931477, "indicator": "629c0a9d3d0f471005c87d06aed45113", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384843, "indicator": "64d225a757686db6263e5df919e9dfd6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546560, "indicator": "65e4bd4dddd164e3f331d677922ee288", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931417, "indicator": "66de2aaad67446aabbe5adeb873b4b24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546561, "indicator": "66f915ebdde2f98e2f802a52f1a4e85e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384900, "indicator": "677c3236b3acac70f528de8b4cf62539", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384910, "indicator": "679ba94211a4e027c2b56b959e62c8e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546562, "indicator": "68af93fd6d813c4110ad7850ed027b69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931428, "indicator": "6b4ab6ca6808e955a6fd11ae5ffea1f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931497, "indicator": "6db0e662dad6407f666aa0ea4b995e7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931452, "indicator": "6dfcdc4c8edc77642f15592143f34569", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546563, "indicator": "6e4846b1029fed9118bbfaa0bd66f0a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931476, "indicator": "6e83c0e6739a2782ce385632f5e982c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384901, "indicator": "6e927175a6224add534a6072bc6a6170", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931474, "indicator": "6e9b47f2ae1f9e7260b8793f35fbbd3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546564, "indicator": "6eefa1529bcf192f7ccea1f5aeefe707", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546565, "indicator": "6f4ce475c83bbb9890c3180973a2f75b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384911, "indicator": "6f5a10edc2c7319b8d7abc0a606e5ce6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384941, "indicator": "7024ea8285cee098829ac8f2b1de4455", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546566, "indicator": "70e41bc5daa6ff811317afef75498062", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546567, "indicator": "71f0e9068a8d3f9a81aecccad7571535", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546568, "indicator": "71f8fb73be84e3d5045d4cfbf7ed4f53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546569, "indicator": "727dfef3918db48b9922ac75796aed55", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546570, "indicator": "72b1bfaf65ad9ec596860c1ea3bfb4cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546571, "indicator": "73497bb006c082008a49c09fbcdc7787", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546572, "indicator": "740249492922bf531821692b4c23498e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384844, "indicator": "7460f35e3b24db9b92bc4cccb6c3f3ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546573, "indicator": "74ec010ca8ff895b1ab801a03e6282bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931487, "indicator": "7529e41a101170eadb83bcb77bf29e65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546574, "indicator": "75b713b8d54403c51317679b4038a6ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546575, "indicator": "75c775cbfaf9bd40c504c3737e93fafd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546577, "indicator": "76c9bce4beb37cc8c00a05f3efafe89a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546578, "indicator": "773afaa800f539ce195540e2f1882270", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546580, "indicator": "7b218f72c4baf98673340cf4789ec012", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546581, "indicator": "7b6ca860c3e6bdc75b0be26db70a603a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546582, "indicator": "7c086172be6d1eed7fd65a1a4a8df59f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2128230964, "indicator": "7d51ea0230d4692eeedc2d5a4cd66d2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546583, "indicator": "7d673e07393b45960e99b14bd2ebce77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931447, "indicator": "7ea57ad96cee3db9baf5a36b43ba9abc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384845, "indicator": "814001293e4a50d12cf55563e0b95ffe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931479, "indicator": "81b27822a6619a7c78eebbd6dc4b889d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546585, "indicator": "8349691b6c37d9e5fa75ee6365b40bf5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546586, "indicator": "840b05e6fefc3ce01bb181e0454c6bf5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384908, "indicator": "8505e92a2c3812ec298acd6bb20437a2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546587, "indicator": "8674e3c77e8051cfdf1c4d321a7188bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546588, "indicator": "86fd00eb911c241c9367bf0d4c079300", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546589, "indicator": "88d2b57c8bf755c886b1bf30a4be87eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384894, "indicator": "8a0a00b1676c3b65b3c56dab7f8feb99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384927, "indicator": "8a1d1965b2d8501e692394bb801f58ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546590, "indicator": "8a8ee6f199438776f6842aab67fb953d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546591, "indicator": "8a8f14c3513b3e14bc57a7ac111341e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931498, "indicator": "8acb42de94427141f7caffed74f9fc43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546592, "indicator": "8b2db1c9d8ba805d5a310910fd6aff7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546593, "indicator": "8cb10b202c47c41e1a2c11a721851654", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546594, "indicator": "8d20017f576fbd58cce25637d29826ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546595, "indicator": "8e3e4b006af3c1835ef3b7b4dcd3f1de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546596, "indicator": "8e4a973b7440e8bb3f6d272660d6c06d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546597, "indicator": "8eabdff3d7d6bd826c109a37b10b218b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384929, "indicator": "8f54cf08ee45a8d5eb31d05dbab4b561", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546598, "indicator": "905fd186adf773404041648fec09f13e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931418, "indicator": "91ae694e565f4a2f52d5f792d8353fcd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546599, "indicator": "92274d90c221b0aad382f816026a4781", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384846, "indicator": "9251ff253c38c437bad4926378981ad0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384902, "indicator": "92fd35efabf8d774cf5bb4c2be8b733c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546600, "indicator": "953c183445b67059e2a2378f8d1b6709", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384895, "indicator": "95df76f2abdb9b133003d4db637dc67b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931410, "indicator": "961954bbc411d4eafd72efad94a6e160", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931439, "indicator": "9642c7ee5819f5f8f3f8354da0845190", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546601, "indicator": "97734c735b031143a3347fb89915f477", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931434, "indicator": "97f64270b59b0f6b83ec93efc41543fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-V", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546602, "indicator": "98a073e1e545075aa0030995cc07745a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931446, "indicator": "9a575f37ffa684d56d1f5ffebc24b8f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384935, "indicator": "9a83cd3f8e619c8b1b38b0b5ceeea357", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546603, "indicator": "9b06c85682f8486d665f481e56ad65c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546604, "indicator": "9d77a9318c53affe7c170710644491fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546605, "indicator": "9e3b5b7988c0307a60b9a2c15161c1ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546638, "indicator": "9ec4bc6990635c847d95271bf8c77794", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931432, "indicator": "9f5b4f39699fda67ffa65f98086f7451", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384903, "indicator": "a00c66d502453524a7fe411ce7bbfea4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931462, "indicator": "a0629962c34ed9594b18493f459560a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2128230969, "indicator": "a0a96138b57ee24eed31b652ddf60d4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546639, "indicator": "a0aaf3c9d5f30645453953cb2bb87f3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.VBS-148", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546641, "indicator": "a22af4fc7fe011069704a15296634ca6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931486, "indicator": "a2c3fa86d43eca498c2b6ee8b5ecafb1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384914, "indicator": "a374be9091ed1791424fc236144e9d81", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546642, "indicator": "a445d0bfafe5947492e4044cb49eda13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546643, "indicator": "a4c07dbaa8ce969fd0f347d01776d03b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384847, "indicator": "a62afe6d59ae1ac32e8afbb88345ba03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546644, "indicator": "a765a20055059148af311023c95b9239", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546645, "indicator": "a7b7b485c266605e219ea185292443c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931459, "indicator": "a91f69fc4b353d4228990464ca791705", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546646, "indicator": "a9f392eee93215109b2afc0c887128dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546647, "indicator": "aaee989b391dea8163ce5a0d6f55b317", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546648, "indicator": "ace2ace58cc68db21c38b43a0182fc8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546649, "indicator": "ad48e2b0520b1deb70e0ecd32ffca96a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384848, "indicator": "ada3fb277229d6a12df364fd856f00c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384928, "indicator": "ada515709be09e495bc9c1206069e796", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931473, "indicator": "afe4ec9a88f84fbf9c1eb0f3ff47a12b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931482, "indicator": "b01145e9d0c0f9d2822a250df95d888e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931478, "indicator": "b062063cf2d5b7fcc4abd8390e4f0090", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546650, "indicator": "b07cf2bb96ccebfe563c6c8f7046143a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Strigy.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546651, "indicator": "b15f9a6a0d6a5e52abc7a8134f856949", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384849, "indicator": "b28a68036b34e5d74672b289591aefa4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546652, "indicator": "b38b2eae598ee1f5204ef5198d16dcdf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546653, "indicator": "b5e7832464bff54896b1d42a76760dbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546654, "indicator": "b676ec7b387de8795833b691a367d3d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546655, "indicator": "b68cab0a6da7244532c051073c8ba2f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546656, "indicator": "b6be3f0864354a2e68144d17c3884d3b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546657, "indicator": "b6e2518f9c9028e9bf452551637ed2ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546658, "indicator": "b714e63b420932b63ec4db269fba8689", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546659, "indicator": "b745534a50459b4950ef8cefd9f0a078", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384909, "indicator": "b8f03b556ae4255ba8d828b6d9909b08", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546660, "indicator": "b9c4386e1b32283598c1630be5a12503", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931470, "indicator": "babd625bb2284d58a9c1884a80f07bdd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546661, "indicator": "bb775b77c3a546fa432264a142c24a3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384850, "indicator": "bb79348412e72e77a8254fc289244829", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931458, "indicator": "bbbb9bb5c7a59b98f18b06344ac8980f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931460, "indicator": "bc3ffe2761d210fa05dde9ced4ed4869", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931412, "indicator": "be594ee2a7e4b11878de020cf724205f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384851, "indicator": "be8b2bf704a1165d5b8b4e26fff4180c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546662, "indicator": "bea51d525ee6ea6d4272c7adc23dfb7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931431, "indicator": "bfcd3417b513a6c3fed4b5466055d939", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546663, "indicator": "bffc195107e60a7ea58e44125df33dc6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931448, "indicator": "c050c1ca31e8509f7b12824824ba2ddd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546664, "indicator": "c176286e35c0629ea526e299c369dc6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384852, "indicator": "c181065a366ea6f8c6791fd87fcb86d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546665, "indicator": "c1d4b96374cfe485179b547ebacc1ee1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546666, "indicator": "c202654790c1e7321fdcb9604d5d5221", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384931, "indicator": "c206992f7c6836ec6a227a6e29ae7609", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546667, "indicator": "c214dc7763e98f2744dd5e7a44e80bba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931493, "indicator": "c248c15622cfb0985fb421c29771d6ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384883, "indicator": "c2ac3d2f0299633e2c588d2fa43d0d63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931490, "indicator": "c2c2eb5f0762db8068bd4031bd6b59bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384884, "indicator": "c35180bd2138fd81469805d8eb3480bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546668, "indicator": "c3869609968c97fd27e3dc71f26d98d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546669, "indicator": "c3f45d748021f8a9acbf00fdc3cfcd6b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546670, "indicator": "c4db0ac33c0676bd3633ac030111192c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546671, "indicator": "c8bc4425a6953c09f23a7e5d4333988c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546672, "indicator": "c91efaa99a5d9c51dfe86ea286fab519", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384904, "indicator": "c9e55d71b7d8f05324c3ad041a943103", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931492, "indicator": "c9e9b8103077d9a9bb21e563f14ef738", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931480, "indicator": "ca04aa367e6f090903018131245296ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931461, "indicator": "ca69ffc76e74e9d17f26f5f5b20a1db7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546673, "indicator": "cbcff0eb404183902457332e72915d07", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546674, "indicator": "cd82d1dc730eb9e7e19802500417e58a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384905, "indicator": "ce3eecc1cc27e753b3eeae50074c3edd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384896, "indicator": "ce3f94fea7f57ce5a9a5a26e51b617fb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546675, "indicator": "ce96cb57fde2ec600f9549f73acfd6bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546676, "indicator": "cf1d926f21bf93b958b55a43ee5317dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546677, "indicator": "cfb08ee3399604d37470797d49c01f72", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614623, "indicator": "d07f8aa768f7886400bb725c23fd2421", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546678, "indicator": "d0e6ddf740f811d823193ccc67afccb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931427, "indicator": "d194316fc5a7f7b433d26ed9da09b249", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546679, "indicator": "d1cdff47853aae8fd697e569a0897d5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546680, "indicator": "d1eac0815f7244e799cf0883aab8ec3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384885, "indicator": "d202ca2b2e04b2b730c43e5a13927096", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384937, "indicator": "d23237edbdcc4118b538454b45c00021", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546681, "indicator": "d31e57fcb728a4f36e21764b164a9e57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931423, "indicator": "d350ae5dc15bcc18fde382b84f4bb3d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546682, "indicator": "d3bf38bcf3a88e22eb6f5aad42f52846", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931426, "indicator": "d4a2060a5086c56f7ff65eaa65de81ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546683, "indicator": "d4bc7b620ab9ee2ded2ac783ad77dd6d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546684, "indicator": "d661dc2ad44bd056f7ca292727007693", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546685, "indicator": "d73d232a9ae0e948c589148b061ccf03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546686, "indicator": "d848d4ec24e678727b63251e54a0a5de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931453, "indicator": "d8e289fba6a22cb853d737676ab1545d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384897, "indicator": "d9792b5f7bf497a3584d0c0d388f6b16", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546687, "indicator": "db01783710e0c5aff92156a0e76deade", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546688, "indicator": "db60f645e5efcb872ff843a696c6fe04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546689, "indicator": "db68a610468969288cea1b845b38789f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546690, "indicator": "dc0fccad4972db4cf6cb85a4eabe8087", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384938, "indicator": "dc22d742a15f8d6d8edf49d1c8cc8be9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546691, "indicator": "dc38409bb31c27f90a780c0546139cbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384906, "indicator": "de1ea8d6c20d8ecdd1c29219e30d4984", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546692, "indicator": "de7d2d4a6b093365013e6acf3e1d5a41", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546693, "indicator": "de82407423aadb8009e378e406515c92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546694, "indicator": "dee54d45b64fc48e35c80962fb44f73f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546695, "indicator": "dfee3a4e1a137eda06e90540f3604ecb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384886, "indicator": "e0df537f91f3bc3713a5ec5cf41f9e2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546696, "indicator": "e244f2d62ae2b0b0db324e4586dc860d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384919, "indicator": "e252d9ec48bca3d261f5acdd33bfd1cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931457, "indicator": "e2e314cbdcf493bcd14cea9cdd887786", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546697, "indicator": "e32dc66f1337cb8b1ed4f87a441e9457", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546698, "indicator": "e4192340a54d73dca73685ce999dc561", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546699, "indicator": "e49a27232b010e51124d98926122503f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931475, "indicator": "e5338b89c4721482df24f9aa5a3c6389", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931488, "indicator": "e58c7b9b2576c63ac60743a99310664b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546700, "indicator": "e5d73a4ed51e05968869ebb9506b3338", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546701, "indicator": "e61a40e9ddccc2412435d2f22b4227c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546702, "indicator": "e64ce6079f46bf98c213d967f1994d43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546703, "indicator": "e64d1b662f98aa977e0dbb424b2c344d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546704, "indicator": "e72a55235a65811e4afe31b857c5294d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 116428483, "indicator": "e798cfe49e6afb61f58d79a53f06d785", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931466, "indicator": "e7e5c5c991e6d66fca16c988c891e10f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931409, "indicator": "e867dba9d96acae55552777a8729a45a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384912, "indicator": "e8e1f133ef1a303e2e901e59329af1dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546705, "indicator": "ea4babbd8f7c614f51c2bec44c8267a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546706, "indicator": "eaaa0408c3cd686a30871fedf31ce241", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546707, "indicator": "eb272fe923ccf3e66fde1bf309cbc464", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546708, "indicator": "eb94043d9fe8cf170b016e243f1188b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546709, "indicator": "ec2be7eeb812d87e9c995542dbd8f064", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384907, "indicator": "ec6d53e1a030e166acbc6f357362c195", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546710, "indicator": "ef1b7fd90b274d872ee15a3f2ca35193", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546711, "indicator": "efac2baa9941d9a066256bdbbf20e080", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931451, "indicator": "efb16a33a0c9da12a71ef44e7d688233", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931483, "indicator": "efdda5d0a14810ff86e60a70c5baa6b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931485, "indicator": "f06ec81a1f416812ffcc47fd5f709b50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546712, "indicator": "f1059405feaaae373c59860fdec66fd0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546713, "indicator": "f11b3dc0c2818931e0bfe5c0b9fafe05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546714, "indicator": "f2449ecf637a370b6a0632a4b45cd554", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546715, "indicator": "f2a0df6b2a8de26d2f6e86ec46683808", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546716, "indicator": "f34567a507b8d531c31be32f354e234e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546717, "indicator": "f3917d618a37342eadfee90f8539b3b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384889, "indicator": "f39fda34f2e332ddb1363f5e0e541c26", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931429, "indicator": "f454ba447eef28f96dafe3398df82a7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384939, "indicator": "f4c9bc4f045b90c496df4b75398dfa5c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546718, "indicator": "f765686eed32f57071762fadd32b8b6d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384915, "indicator": "f809eea8170afacd2dfe2c45ba86861e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546719, "indicator": "f8a3b026f90a3b33f11fe850c870b063", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384898, "indicator": "f975d016b83880c898b334714c1291b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614941, "indicator": "faa77eacaa7de27b0f04c3139066d73c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2931438, "indicator": "fc293476226d1471c8de65ab65af7b2f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546720, "indicator": "fc650a1292ade32e41d3fdc2fb7dd3f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546721, "indicator": "fcec72d588c1cdd03361a334f29c125b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546722, "indicator": "fe9971fe78f3bc22c8df0553dced52ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546723, "indicator": "feea14f4bba2326a8d9b0baca0ee5a5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 701546724, "indicator": "ff7611be7e3137708a68ea8523093419", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2128230947, "indicator": "03de2118aac6f20786043c7ef0324ef01dcf4265", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "SHA1 of a0a96138b57ee24eed31b652ddf60d4e", "expiration": null, "is_active": 1 }, { "id": 3360564131, "indicator": "049f76b3720deeb8a2a48f93d526eea696592ca1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Bleedor", "description": "SHA1 of 0393eebedbde6e5ee868f81ac024b401", "expiration": null, "is_active": 1 }, { "id": 3360564132, "indicator": "04c2a3c8ac63785382a1b3c3516565b63fb30354", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 3f0649854d60a43ef8bea236a0eecee2", "expiration": null, "is_active": 1 }, { "id": 2824087755, "indicator": "06cac4a3ffdc0544f09e6a65da451b31867ca0a9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA1 of 2a312a7fcd5fd20e4a50e73b6b9c93de", "expiration": null, "is_active": 1 }, { "id": 2582669483, "indicator": "082e0a332cfe712cf0b0b7127f39be16a1c423c1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA1 of 88d2b57c8bf755c886b1bf30a4be87eb", "expiration": null, "is_active": 1 }, { "id": 2688541078, "indicator": "0aa54dd8d4a04ce073833004d9879e12695188b6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 1670b57851c73813cb17479b302f84c0", "expiration": null, "is_active": 1 }, { "id": 2128230948, "indicator": "1036a7088b060250bb66b6de91f0c6ac462dc24c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "SHA1 of 36711896cfeb67f599305b590f195aec", "expiration": null, "is_active": 1 }, { "id": 2688541073, "indicator": "129795530434171de2b4bfd5ec5db3ed90e8a5d0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of bb775b77c3a546fa432264a142c24a3d", "expiration": null, "is_active": 1 }, { "id": 2582671953, "indicator": "14427ea5871a866d4dac529632043123b805c38c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 494bedc21836a3323f88717066150abf", "expiration": null, "is_active": 1 }, { "id": 1593588605, "indicator": "15fe8f796299b176202c821501be784a402b0ded", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Zox-8", "description": "SHA1 of 1fee79f50848493f08c5e5736594dab2", "expiration": null, "is_active": 1 }, { "id": 2582672335, "indicator": "16094cda354c54432e1b136a90d1b1cdd550ef29", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 285a2e9216dbf83edf5ef12ba063a511", "expiration": null, "is_active": 1 }, { "id": 3360564133, "indicator": "168eb0b38894be08634d7846945944fbe3a15167", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 7b218f72c4baf98673340cf4789ec012", "expiration": null, "is_active": 1 }, { "id": 3360564134, "indicator": "23347ad06aa58885293b50084aa63682eb228d78", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 92274d90c221b0aad382f816026a4781", "expiration": null, "is_active": 1 }, { "id": 3360564135, "indicator": "24b9dbbebfa9dbed3a5f339d8f725685fb92edf0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-F\\ [Trj]", "description": "SHA1 of 2ec43703cc80323ae32fed751bedfff1", "expiration": null, "is_active": 1 }, { "id": 2582675549, "indicator": "25accfee71c837e8457ccbf41058257ed47eb89d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 30498006ce28019ec4a879484d67a6b4", "expiration": null, "is_active": 1 }, { "id": 2582676333, "indicator": "299cfd2286d84d544173ad6e91486c23cbf2decf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8a8ee6f199438776f6842aab67fb953d", "expiration": null, "is_active": 1 }, { "id": 3360564136, "indicator": "2a75069d14b0f578e8407bd16ffeed70e4f28228", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA1 of c181065a366ea6f8c6791fd87fcb86d6", "expiration": null, "is_active": 1 }, { "id": 3360564137, "indicator": "2bfd12ad6238754f8a399e1a3a01f74281b1f637", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of ada515709be09e495bc9c1206069e796", "expiration": null, "is_active": 1 }, { "id": 2582677891, "indicator": "30f38143e4c8353ab05e1cbcb99e1f4b09f910be", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 9b06c85682f8486d665f481e56ad65c7", "expiration": null, "is_active": 1 }, { "id": 2582678337, "indicator": "3355a57a8dce9089641b8024186b068f05e563bc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "!UPX_1_20", "description": "SHA1 of 50f7c822562c1213d244e1389d3895c8", "expiration": null, "is_active": 1 }, { "id": 3360564138, "indicator": "345b2f484e7279adf7b55a0c9f940485b13c4395", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 459323ec0efc8d4e0f7c4908e08035fd", "expiration": null, "is_active": 1 }, { "id": 3360564139, "indicator": "3ca283e1b60ac0b6e9d091612c99b2709bd793a9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 5620be18199c15296f3b23ba5831e2d4", "expiration": null, "is_active": 1 }, { "id": 3360564140, "indicator": "4206c2eaf266d71deef7a2a032894774ae437529", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "SHA1 of 5a93c03ddfe3edeb2573b72d12ebe0e5", "expiration": null, "is_active": 1 }, { "id": 2582681945, "indicator": "4530be5b70f709d4445604148feaae73993215fe", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA1 of 8349691b6c37d9e5fa75ee6365b40bf5", "expiration": null, "is_active": 1 }, { "id": 3360564141, "indicator": "455225be1792320dd9fbbaf55916077558a0fd06", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 9ec4bc6990635c847d95271bf8c77794", "expiration": null, "is_active": 1 }, { "id": 2606761109, "indicator": "484c076344b3e9bbc2b12e1224ccd7e648bc0fbe", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "SHA1 of 6dfcdc4c8edc77642f15592143f34569", "expiration": null, "is_active": 1 }, { "id": 2688541191, "indicator": "492a82b24bd1bfa41960591f2f1bdd79bed66a0e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of b6be3f0864354a2e68144d17c3884d3b", "expiration": null, "is_active": 1 }, { "id": 3360564142, "indicator": "4c425fdfcd35d7773ffe0154ac87bc6705efe6b2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA1 of 8e4a973b7440e8bb3f6d272660d6c06d", "expiration": null, "is_active": 1 }, { "id": 2688541077, "indicator": "4d31dba07d732f47aed67fdf3867ac6546e9e7d2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_procs", "description": "SHA1 of 3beaa003e5e1eaf60fe18c7a5b039a62", "expiration": null, "is_active": 1 }, { "id": 2688541067, "indicator": "4dac1f414ebe3f245afa57a9d4ac84991131875d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.VBS-148", "description": "SHA1 of a0aaf3c9d5f30645453953cb2bb87f3f", "expiration": null, "is_active": 1 }, { "id": 2582684974, "indicator": "53bfac12403c84993f959e511daec16d87b47161", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 76c9bce4beb37cc8c00a05f3efafe89a", "expiration": null, "is_active": 1 }, { "id": 3360564143, "indicator": "5678ced83018dfdb1566ea111b6bd79a43026643", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA1 of 64d225a757686db6263e5df919e9dfd6", "expiration": null, "is_active": 1 }, { "id": 2582685715, "indicator": "56dee9cc02f6165314ca2306667c43c58b62c047", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 28af0e2520713b81659c95430220d2b9", "expiration": null, "is_active": 1 }, { "id": 3360564144, "indicator": "59345369a906c91dcf3cc954c00c2f451eb98d74", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 49b1ca0752d166c2cc5e04cbab8b71ee", "expiration": null, "is_active": 1 }, { "id": 2582686143, "indicator": "5944ee41586d74476e4b5d33cd457f2f254d5f5d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 485ca8d140169ebbc8e5b3d7eaed544f", "expiration": null, "is_active": 1 }, { "id": 3360564145, "indicator": "5c642165febb7093fa4d4b94efb4383d33c9ca3e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA1 of 0af3761919bffa0019e7899333846b27", "expiration": null, "is_active": 1 }, { "id": 2128230960, "indicator": "5ee7c57dc84391f63eaa3824c53cc10eafc9e388", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA1 of 7d51ea0230d4692eeedc2d5a4cd66d2d", "expiration": null, "is_active": 1 }, { "id": 2582688714, "indicator": "6514c336709be32079d3182fbdb2258c68d45523", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 727dfef3918db48b9922ac75796aed55", "expiration": null, "is_active": 1 }, { "id": 2582688774, "indicator": "65e8271d5a6984ece83195621908063015e25347", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-985282", "description": "SHA1 of 5919b59b61b3807b18be08a35d7c4633", "expiration": null, "is_active": 1 }, { "id": 2582689152, "indicator": "67a71b471908c6881b09d6da4b5f7f5419145b43", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of aaee989b391dea8163ce5a0d6f55b317", "expiration": null, "is_active": 1 }, { "id": 2688541194, "indicator": "69de6e807271bc79657aa4e53326f4ba5a3c848c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of b9c4386e1b32283598c1630be5a12503", "expiration": null, "is_active": 1 }, { "id": 3360564146, "indicator": "6a1254a8027b7217612bfa3161a68e74b118d5a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 0c5861504dd9156b601c0db63eebaf52", "expiration": null, "is_active": 1 }, { "id": 3360564147, "indicator": "6a5ffd17e18b40491c7dcfcac8dd94c1be03e6de", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA1 of 679ba94211a4e027c2b56b959e62c8e3", "expiration": null, "is_active": 1 }, { "id": 3360564148, "indicator": "6bc094422cc012d99f260f9e7d1c25bcd25f84b2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 75c775cbfaf9bd40c504c3737e93fafd", "expiration": null, "is_active": 1 }, { "id": 3360564149, "indicator": "6cdbaf73a07a3a1f4bd14722098f80da32f6a7bd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-V", "description": "SHA1 of 97f64270b59b0f6b83ec93efc41543fd", "expiration": null, "is_active": 1 }, { "id": 2582690764, "indicator": "6fc558273513ef957a9a0792f42fa1f278539ea0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA1 of a9f392eee93215109b2afc0c887128dc", "expiration": null, "is_active": 1 }, { "id": 2582690975, "indicator": "70a17e47329b5f5e178052772e16b5a43be5e30b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 231257eb290ad0335ebf4556f156fc68", "expiration": null, "is_active": 1 }, { "id": 3360564150, "indicator": "71ec1adaade5ceac89c108fde8ae78e2b89470ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "SHA1 of 81b27822a6619a7c78eebbd6dc4b889d", "expiration": null, "is_active": 1 }, { "id": 2582691537, "indicator": "731335466523a958c16a512c3ebf244823d6b85d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 71f8fb73be84e3d5045d4cfbf7ed4f53", "expiration": null, "is_active": 1 }, { "id": 3360564151, "indicator": "75cd8e107f074c8017fec6ed2461850986d8ceb8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 28c3fa62b1f6a9baf71e18d78d0b97ca", "expiration": null, "is_active": 1 }, { "id": 3360564152, "indicator": "78ca184395da8cdd4e4770ba83a4c234f72d3a31", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA1 of 5654424ea88de69d5c6031f7009f0428", "expiration": null, "is_active": 1 }, { "id": 2582692931, "indicator": "79e86b4d2e692bb8c480c444925fd909abc96f4e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 527bfd801206c4b382487320ce2a245e", "expiration": null, "is_active": 1 }, { "id": 3360564153, "indicator": "7ec7b385c5cfa8ee1b8fc2b318ef2978121ea11e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA1 of 1c1157f3fbd1587527e5ade92f8f2f7f", "expiration": null, "is_active": 1 }, { "id": 3360564154, "indicator": "7f0414d04c4ee2ed4044d2f9d7d4d71192b4c866", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 3af5259a62cd4fd5ff0df1a54478997e", "expiration": null, "is_active": 1 }, { "id": 2582694765, "indicator": "82add74d91e26a2a8e0ccc20f4081c903c0b5137", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of c1d4b96374cfe485179b547ebacc1ee1", "expiration": null, "is_active": 1 }, { "id": 2582694945, "indicator": "83769b96fdc9405703675d8d66b1df7c1d9ecbc9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA1 of 19e137dc5974cfad5db62f96e3ba9fd1", "expiration": null, "is_active": 1 }, { "id": 2233947349, "indicator": "83cae4ad979ed6f5d2f64b2d9ff5c1b089eebd7b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 603854698d11963ae116bc735a8b40ca", "expiration": null, "is_active": 1 }, { "id": 3360564155, "indicator": "85965146d0c1b702171e6f958c890d51b81b4207", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 65e4bd4dddd164e3f331d677922ee288", "expiration": null, "is_active": 1 }, { "id": 2688541186, "indicator": "876d0b7a0495451169dd1edeea97409a7b1080df", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 4617b5821d3d378addf68450ca6db761", "expiration": null, "is_active": 1 }, { "id": 2688541196, "indicator": "888fd746d6271b8a4c8b8860bf8baab923096efc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Strigy.A", "description": "SHA1 of b07cf2bb96ccebfe563c6c8f7046143a", "expiration": null, "is_active": 1 }, { "id": 2912756619, "indicator": "8a446e36895443daf744d9866724d5f617e6d0ba", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA1 of 3358c54a22d186ec9de0f15bc4bb2698", "expiration": null, "is_active": 1 }, { "id": 3360564331, "indicator": "90a8fb1d200e621251e6bf784a207d67f5e84a8f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA1 of 0f3c15de074f934499f5bbc095d5557f", "expiration": null, "is_active": 1 }, { "id": 3360564332, "indicator": "98cf14886b8610160e5f811eff6bc8c4b277b496", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA1 of 2989b78ac3a752bf6792ac9ac606fdf0", "expiration": null, "is_active": 1 }, { "id": 2606761123, "indicator": "9b9feb27e2951bdc3212b919b974201e41315c72", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9a83cd3f8e619c8b1b38b0b5ceeea357", "expiration": null, "is_active": 1 }, { "id": 3360564333, "indicator": "9d5392aa42b9f516a48cbe8e75f3bcb9245248d4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA1 of 2ffc739a927b62d4b7096e636951b77d", "expiration": null, "is_active": 1 }, { "id": 3360564334, "indicator": "a34591abefb327e3aa317ca49b0246caae8d7c5d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6b4ab6ca6808e955a6fd11ae5ffea1f6", "expiration": null, "is_active": 1 }, { "id": 2582702354, "indicator": "a749d72133b9aaaad516641175423c8d81b34a1d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA1 of 6255f40b4000abad8b9e795280fddfd1", "expiration": null, "is_active": 1 }, { "id": 2582703195, "indicator": "abcf6be357c375773a9c66022aa781832f85354e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 011858556ad3a5ef1a6bbc6ad9eaae09", "expiration": null, "is_active": 1 }, { "id": 2688541189, "indicator": "b3dbcc74d6b53dd85724b0311295935b28e77a3e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA1 of 0ae61e7f2dd01e6293b9df2e2787caca", "expiration": null, "is_active": 1 }, { "id": 1593589289, "indicator": "b6d0630ec76d09e744722bb1a1fc634c5a58e36a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 49984ae27318351a541fae53522d3bef", "expiration": null, "is_active": 1 }, { "id": 2582705587, "indicator": "b6eab6a8dce6be32bba2be2883d20deec7dcd6e7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA1 of a765a20055059148af311023c95b9239", "expiration": null, "is_active": 1 }, { "id": 3360564335, "indicator": "ba1e1d6c3aa9cb10a49f40a497585254da9c0970", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA1 of 0f8a8eaf95c7b3b5d9b60a73140fc2bb", "expiration": null, "is_active": 1 }, { "id": 3360564336, "indicator": "bddefd4a89d978d3f8065ac6ef97bf474deeda43", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 8e3e4b006af3c1835ef3b7b4dcd3f1de", "expiration": null, "is_active": 1 }, { "id": 2688541070, "indicator": "bfad4e70735e25bb31db5c55b7575e99ff3d3771", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 9e3b5b7988c0307a60b9a2c15161c1ff", "expiration": null, "is_active": 1 }, { "id": 2582707775, "indicator": "c0e14fcbe4398ae8207cebbf06624ea9c18d89f2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ace2ace58cc68db21c38b43a0182fc8b", "expiration": null, "is_active": 1 }, { "id": 2582708014, "indicator": "c25bada5e449519795fbca3b66bce715ad61079b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of c176286e35c0629ea526e299c369dc6e", "expiration": null, "is_active": 1 }, { "id": 2582708606, "indicator": "c4e181f24563804cb67f5ff89262b18faa91ac2d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 6103f34ec409f99762e9c3714dfa1262", "expiration": null, "is_active": 1 }, { "id": 2582708612, "indicator": "c4fb0a974cdc68ab1d735a0796f3765e5b21bfe9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA1 of 840b05e6fefc3ce01bb181e0454c6bf5", "expiration": null, "is_active": 1 }, { "id": 2912756620, "indicator": "c86d917c8a9849b1a0a56d76e32719428c0e8c0d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "SHA1 of 7024ea8285cee098829ac8f2b1de4455", "expiration": null, "is_active": 1 }, { "id": 3360564337, "indicator": "caef3a12b0db94350350330f2ab32f9bd2c2c386", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A", "description": "SHA1 of 43da75e7f8e7e1893dce276bd5b2e680", "expiration": null, "is_active": 1 }, { "id": 2582709973, "indicator": "cb56904366c53281e3c03f2a5dc4445dd5e82b98", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 8d20017f576fbd58cce25637d29826ca", "expiration": null, "is_active": 1 }, { "id": 2627789687, "indicator": "cb86582b63282e1e68eadf0726158704015ed360", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA1 of 2d0950f69e206486c5272f2b0fc3aa22", "expiration": null, "is_active": 1 }, { "id": 2688541190, "indicator": "cbe76542aba8a5904d23ffb81f24e85d5706df79", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 12c8dfe94914c793c8a72b024d9334f6", "expiration": null, "is_active": 1 }, { "id": 2233949963, "indicator": "cf53833b17b67b488f3ccc209242c639f7308f5a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of a22af4fc7fe011069704a15296634ca6", "expiration": null, "is_active": 1 }, { "id": 3360564338, "indicator": "cfd0c6b3b080bb1dfde1e4353dcf34493dbce5e0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 270bba9ad5d6a8cf7e828870e4ae323f", "expiration": null, "is_active": 1 }, { "id": 2688541192, "indicator": "d1aadb63a0619254b41bf5f8def32a1169e2ab31", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of b68cab0a6da7244532c051073c8ba2f3", "expiration": null, "is_active": 1 }, { "id": 3360564339, "indicator": "d1ab54ac55cb64faf95321b6d674e2562b120417", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 74ec010ca8ff895b1ab801a03e6282bb", "expiration": null, "is_active": 1 }, { "id": 2582712227, "indicator": "d6bb45c5fe27ecb84da12819fc4ee798200df442", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 8cb10b202c47c41e1a2c11a721851654", "expiration": null, "is_active": 1 }, { "id": 2233950581, "indicator": "e36843ea2d3c62a2c86db4d5b8ba4d544e92fc84", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 0810959693b40e9b61046f594f86bdb4", "expiration": null, "is_active": 1 }, { "id": 2582715197, "indicator": "e4fda33b4cbdaa583f03531028d969901b48bd95", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA1 of 254d87bdd1f358de19ec50a3203d771a", "expiration": null, "is_active": 1 }, { "id": 3360564340, "indicator": "e794b6f19f7ff346335e76ecf5a4a2a6c59a6c2f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9642c7ee5819f5f8f3f8354da0845190", "expiration": null, "is_active": 1 }, { "id": 3360564341, "indicator": "e9f7ca58a73cd6a4a5e6281cc41329509bd623bb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA1 of 97734c735b031143a3347fb89915f477", "expiration": null, "is_active": 1 }, { "id": 2688541188, "indicator": "eb52fb5c3643868bd6c78b99b3e09746e7857320", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of 0e7c4616c04c1a200a95b908ecd70027", "expiration": null, "is_active": 1 }, { "id": 3360564342, "indicator": "ec17dddda9ef4d7281eb9205b5589202b70cbf6c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA1 of 6f4ce475c83bbb9890c3180973a2f75b", "expiration": null, "is_active": 1 }, { "id": 2582718877, "indicator": "f6ca9983dc12d0062d335d7f2b9e8ef34b6c4aca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA1 of 37c37e327a766a1b2db2fb9c934ff16e", "expiration": null, "is_active": 1 }, { "id": 2582719834, "indicator": "fb11254b731b5ea1da450ed88e5c3e1b778b2421", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of b5e7832464bff54896b1d42a76760dbc", "expiration": null, "is_active": 1 }, { "id": 3360564343, "indicator": "fd5e8fe61168ca4f0e7f0a8df0b581894df46bd3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "BackdoorWin32Dervec", "description": "SHA1 of 3f3f0205a6526fc87a23a4e123e55d55", "expiration": null, "is_active": 1 }, { "id": 3360564344, "indicator": "fe0fa842403442754b95904cec898db66e07999b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA1 of 1a5da850993681e685893547d1aa2eaf", "expiration": null, "is_active": 1 }, { "id": 2582720809, "indicator": "ffba49737bf426edbc3f7cf4215565189ceaffab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 2ea30517938dda8a084aa00e5ee921f6", "expiration": null, "is_active": 1 }, { "id": 2688541197, "indicator": "fff81ee37e5f7f7d1721cca5a45661c695f0fece", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA1 of 8674e3c77e8051cfdf1c4d321a7188bf", "expiration": null, "is_active": 1 }, { "id": 30345542, "indicator": "009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 8d20017f576fbd58cce25637d29826ca", "expiration": null, "is_active": 1 }, { "id": 30345543, "indicator": "016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA256 of 8349691b6c37d9e5fa75ee6365b40bf5", "expiration": null, "is_active": 1 }, { "id": 3360564345, "indicator": "02815b72ed3449fd6004e007940ea8a8ab09bae4132739a4c7c705c2db0a1f89", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 75c775cbfaf9bd40c504c3737e93fafd", "expiration": null, "is_active": 1 }, { "id": 30345545, "indicator": "03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 28af0e2520713b81659c95430220d2b9", "expiration": null, "is_active": 1 }, { "id": 2688541024, "indicator": "05e2912f2a593ba16a5a094d319d96715cbecf025bf88bb0293caaf6beb8bc20", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of b9c4386e1b32283598c1630be5a12503", "expiration": null, "is_active": 1 }, { "id": 431037356, "indicator": "0845bfa3b949b34b94376f62a033e4ea4ab21aedadd82608f3295831877b3bfa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "SHA256 of 6dfcdc4c8edc77642f15592143f34569", "expiration": null, "is_active": 1 }, { "id": 431038882, "indicator": "08fd9e58621b57895811791b6b5dbe5e180488723d1426a9f9def35259842ce6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA256 of 64d225a757686db6263e5df919e9dfd6", "expiration": null, "is_active": 1 }, { "id": 3360564346, "indicator": "09363703be63e851ed775d7b59ba437c4b08922f2ad29b3c675d763e10e6de90", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 92274d90c221b0aad382f816026a4781", "expiration": null, "is_active": 1 }, { "id": 3360564347, "indicator": "0afc891b710b2fb08c6a7b15b0250ce0343b696f9d52bece0bb68fa9e1c62b24", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA256 of 0af3761919bffa0019e7899333846b27", "expiration": null, "is_active": 1 }, { "id": 3360564348, "indicator": "0b694909ec53291a6b6356eb046297df96887f9e7e2792e132d5211e9a6eb5fa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Bleedor", "description": "SHA256 of 0393eebedbde6e5ee868f81ac024b401", "expiration": null, "is_active": 1 }, { "id": 3360564349, "indicator": "0cb82719fc06867ca9a896eb878474efe4245fc9c25f8c9d5b38eddde3c2a5f6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-V", "description": "SHA256 of 97f64270b59b0f6b83ec93efc41543fd", "expiration": null, "is_active": 1 }, { "id": 30345547, "indicator": "0cf6d9a5aa3b390f97f20b2fbd2cd9df76c5bb018c997c26d2e16eb44127c624", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 494bedc21836a3323f88717066150abf", "expiration": null, "is_active": 1 }, { "id": 431037361, "indicator": "0d10069773715beb5da7a4433fb5a432b0de4662e1495251e4698781a3be8be7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "SHA256 of 5a93c03ddfe3edeb2573b72d12ebe0e5", "expiration": null, "is_active": 1 }, { "id": 30345548, "indicator": "0f290612b26349a551a148304a0bd3b0d0651e9563425d7c362f30bd492d8665", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA256 of 254d87bdd1f358de19ec50a3203d771a", "expiration": null, "is_active": 1 }, { "id": 30345549, "indicator": "1253e1778714a41b79662dbf9a353afd01a8e72097b3202cc207dd9896c6d7a6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA256 of a9f392eee93215109b2afc0c887128dc", "expiration": null, "is_active": 1 }, { "id": 431039155, "indicator": "13c4b244bd9f0e609a60e5dd9062006fc0f845146756f3ec74ea2c4a48d58485", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA256 of 3358c54a22d186ec9de0f15bc4bb2698", "expiration": null, "is_active": 1 }, { "id": 2688541020, "indicator": "1419ba36aae1daecc7a81a2dfb96631537365a5b34247533d59a70c1c9f58da2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 4617b5821d3d378addf68450ca6db761", "expiration": null, "is_active": 1 }, { "id": 30345550, "indicator": "14da1add073c48c57da5d14ab55c461bca2ece5d06d5a3d563f14eda56d806fa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 9b06c85682f8486d665f481e56ad65c7", "expiration": null, "is_active": 1 }, { "id": 1595564248, "indicator": "165aec991a1e1be2960d796b3c3fe8b5e0fcbc6e4b72c3182cc719e518fe0ecc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti!dha", "description": "SHA256 of 7024ea8285cee098829ac8f2b1de4455", "expiration": null, "is_active": 1 }, { "id": 3360564350, "indicator": "16bfdbbea405d961db3e57bbd3c90111a62a0b1aaeafcc996bd5b26f08f31418", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 7b218f72c4baf98673340cf4789ec012", "expiration": null, "is_active": 1 }, { "id": 30345551, "indicator": "16c4e5c26e072d3b50b58d3c2b1e3985405a686867dedc75d75bd44d84ac4434", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 231257eb290ad0335ebf4556f156fc68", "expiration": null, "is_active": 1 }, { "id": 2688541052, "indicator": "172cd90fd9e31ba70e47f0cc76c07d53e512da4cbfd197772c179fe604b75369", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of bb775b77c3a546fa432264a142c24a3d", "expiration": null, "is_active": 1 }, { "id": 2688541034, "indicator": "1a4a64f01b101c16e8b5928b52231211e744e695f125e056ef7a9412da04bb91", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA256 of 0ae61e7f2dd01e6293b9df2e2787caca", "expiration": null, "is_active": 1 }, { "id": 3360564351, "indicator": "1da13de2fea970749141cc8069f9082b2128b9af1518c2c50b91fb2c62480e6c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "BackdoorWin32Dervec", "description": "SHA256 of 3f3f0205a6526fc87a23a4e123e55d55", "expiration": null, "is_active": 1 }, { "id": 3360564352, "indicator": "1e1fd03d363949f90909580947fe8de4657b540eb2e990b8f0d7bfbad426aabc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 3f0649854d60a43ef8bea236a0eecee2", "expiration": null, "is_active": 1 }, { "id": 2688541018, "indicator": "1e462d8968e8b6e8784d7ecd1d60249b41cf600975d2a894f15433a7fdf07a0f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 9e3b5b7988c0307a60b9a2c15161c1ff", "expiration": null, "is_active": 1 }, { "id": 30345554, "indicator": "1e8fe3ee0fffc8144c6252035c7f247bac129e7aa5c4537cf5e3f25531e04a67", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA256 of a765a20055059148af311023c95b9239", "expiration": null, "is_active": 1 }, { "id": 2571996522, "indicator": "1e9905a134140356cc21f1f7e7f976ebf18df7c55c2d72c4c7d533fcf5c5a1b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of ada515709be09e495bc9c1206069e796", "expiration": null, "is_active": 1 }, { "id": 431038881, "indicator": "1ff62aba804284a9b96bf84c1ec27a1be95ec16a90fdc1e2ab2be93912696d1e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Rootkitdrv.A", "description": "SHA256 of 1a5da850993681e685893547d1aa2eaf", "expiration": null, "is_active": 1 }, { "id": 30345555, "indicator": "200ba936cd229cce4dc0b45a6ab78a5a3e84c5884d56adcc41c7fa7d5b9c831a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 527bfd801206c4b382487320ce2a245e", "expiration": null, "is_active": 1 }, { "id": 30345556, "indicator": "21566f5ff7d46cc9256dae8bc7e4c57f2b9261f95f6ad2ac921558582ea50dfb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-985282", "description": "SHA256 of 5919b59b61b3807b18be08a35d7c4633", "expiration": null, "is_active": 1 }, { "id": 3360564353, "indicator": "236ba1b13c148c496198607fb1ae1f2efeccdb90f56fee813de8d96876731503", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 270bba9ad5d6a8cf7e828870e4ae323f", "expiration": null, "is_active": 1 }, { "id": 2688541025, "indicator": "23f28b5c4e94d0ad86341c0b9054f197c63389133fcd81dd5e0cf59f774ce54b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_procs", "description": "SHA256 of 3beaa003e5e1eaf60fe18c7a5b039a62", "expiration": null, "is_active": 1 }, { "id": 431037355, "indicator": "248617aad3233a9235cd141d70d9a38f3a05b0162d12306a7c3330551dd20044", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.B!dha", "description": "SHA256 of 81b27822a6619a7c78eebbd6dc4b889d", "expiration": null, "is_active": 1 }, { "id": 30345558, "indicator": "24e3ea78835748c9995e0d0c64f4f6bd3a0ca1b495b61a601703eb19b8c27f95", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of b5e7832464bff54896b1d42a76760dbc", "expiration": null, "is_active": 1 }, { "id": 30345561, "indicator": "28c7575b2368a9b58d0d1bf22257c4811bd3c212bd606afc7e65904041c29ce1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of c176286e35c0629ea526e299c369dc6e", "expiration": null, "is_active": 1 }, { "id": 30345562, "indicator": "2936ae7f7099c32e701c3b956a7eb7ef800bf5748122c883819c834ec61af44a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 6103f34ec409f99762e9c3714dfa1262", "expiration": null, "is_active": 1 }, { "id": 2782647532, "indicator": "2a93cf9550f3622f65b837c97ce2b2415f1c5f8cc764b2d634a5936feb73ce14", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 5620be18199c15296f3b23ba5831e2d4", "expiration": null, "is_active": 1 }, { "id": 30345563, "indicator": "2acc78ece9cb1a7865341e69fb72097a2debf2c82f41976554132bf6d3181c25", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA256 of 840b05e6fefc3ce01bb181e0454c6bf5", "expiration": null, "is_active": 1 }, { "id": 30345564, "indicator": "2d0be850cc137540d163e9c035f4c99f27caa5bb8cdb1cea6182b5da49cff0f2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 285a2e9216dbf83edf5ef12ba063a511", "expiration": null, "is_active": 1 }, { "id": 2696826335, "indicator": "2e0b30fb6220888fa619640281cf7409ccf7fc19bde62aa9776d8449d82d2323", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Winnti-F\\ [Trj]", "description": "SHA256 of 2ec43703cc80323ae32fed751bedfff1", "expiration": null, "is_active": 1 }, { "id": 3360564354, "indicator": "31941dfa5396b2ed574b8e1ce36af2ef568a2c3de25b001819f72563d27ee5c8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A", "description": "SHA256 of 43da75e7f8e7e1893dce276bd5b2e680", "expiration": null, "is_active": 1 }, { "id": 2688541027, "indicator": "35db8e6a2eb5cf09cd98bf5d31f6356d0deaf4951b353fc513ce98918b91439c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Strigy.A", "description": "SHA256 of b07cf2bb96ccebfe563c6c8f7046143a", "expiration": null, "is_active": 1 }, { "id": 3360564355, "indicator": "373d538c75193ce514cd9ee6315dc30726a5caea3fb78ce4787465c9cf4a10eb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9642c7ee5819f5f8f3f8354da0845190", "expiration": null, "is_active": 1 }, { "id": 30345567, "indicator": "3810d95692613bb4f719d6af64230f9bd6ca7db3a004e089af92a07bed560c01", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA256 of 19e137dc5974cfad5db62f96e3ba9fd1", "expiration": null, "is_active": 1 }, { "id": 2688541019, "indicator": "388ef4b4e12a04eab451bd6393860b8d12948f2bce12e5c9022996a9167f4972", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of 0e7c4616c04c1a200a95b908ecd70027", "expiration": null, "is_active": 1 }, { "id": 3360564356, "indicator": "3919d56109a3cb0d4a1ccde6bffb61573bbb44cb22e7714ff2d57733abbe74f6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 9ec4bc6990635c847d95271bf8c77794", "expiration": null, "is_active": 1 }, { "id": 2688541055, "indicator": "3cdc149e387ec4a64cce1191fc30b8588df4a2947d54127eae43955ce3d08a01", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA256 of 8674e3c77e8051cfdf1c4d321a7188bf", "expiration": null, "is_active": 1 }, { "id": 3360564357, "indicator": "3ed9ae6e596446f33dd13e44f3d54c8d1ca210242fc3b38b2d6398b1d0a97763", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 74ec010ca8ff895b1ab801a03e6282bb", "expiration": null, "is_active": 1 }, { "id": 3360564358, "indicator": "40bd6a44c7de50545623a8c9709c1fb2b62e3f1ec4e1571d3b0a68c944a957ed", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6b4ab6ca6808e955a6fd11ae5ffea1f6", "expiration": null, "is_active": 1 }, { "id": 30345569, "indicator": "4672f4ebe2d93d52424a92298740994daf232b07e68c13ac88d80f5c64cbfea0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 727dfef3918db48b9922ac75796aed55", "expiration": null, "is_active": 1 }, { "id": 3360564359, "indicator": "4694d2bbebbdc6dfe9590e2ad07546b06a2a7aed715db19e2b153975e0b182e6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA256 of c181065a366ea6f8c6791fd87fcb86d6", "expiration": null, "is_active": 1 }, { "id": 30345572, "indicator": "4769732228d757ee48547fbb27c74495437381f13924039c75c48993f85b930f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 011858556ad3a5ef1a6bbc6ad9eaae09", "expiration": null, "is_active": 1 }, { "id": 1593585245, "indicator": "48f0bbc3b679aac6b1a71c06f19bb182123e74df8bb0b6b04ebe99100c57a41e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 0810959693b40e9b61046f594f86bdb4", "expiration": null, "is_active": 1 }, { "id": 30345573, "indicator": "48f8c31530d621de0cb401fb32c282eecc91bdac602aac9bd4ddbe8c6a6ceb39", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 485ca8d140169ebbc8e5b3d7eaed544f", "expiration": null, "is_active": 1 }, { "id": 2127969588, "indicator": "490c3e4af829e85751a44d21b25de1781cfe4961afdef6bb5759d9451f530994", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "SHA256 of 36711896cfeb67f599305b590f195aec", "expiration": null, "is_active": 1 }, { "id": 1404116335, "indicator": "49ef2b98b414c321bcdbab107b8fa71a537958fe1e05ae62aaa01fe7773c3b4b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of b6be3f0864354a2e68144d17c3884d3b", "expiration": null, "is_active": 1 }, { "id": 2688541026, "indicator": "4b7b9c2a9d5080ccc4e9934f2fd14b9d4e8f6f500889bf9750f1d672c8724438", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.VBS-148", "description": "SHA256 of a0aaf3c9d5f30645453953cb2bb87f3f", "expiration": null, "is_active": 1 }, { "id": 3360564360, "indicator": "4dfc539ef568e1a3cff0841fbf08756c21117e6451e142b77da18a5f41970877", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA256 of 8e4a973b7440e8bb3f6d272660d6c06d", "expiration": null, "is_active": 1 }, { "id": 30345574, "indicator": "4e6b30db935e41231a108cba1c5d4cacde03cf262e9e85d24387950ae5a369c6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of aaee989b391dea8163ce5a0d6f55b317", "expiration": null, "is_active": 1 }, { "id": 2824087754, "indicator": "4e8dc34e7b93faebc05c43efcee6a1d6b7f619c569a3e029e81a0006a3573ca2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA256 of 2a312a7fcd5fd20e4a50e73b6b9c93de", "expiration": null, "is_active": 1 }, { "id": 1593585246, "indicator": "528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 49984ae27318351a541fae53522d3bef", "expiration": null, "is_active": 1 }, { "id": 30345576, "indicator": "529adca3e873d5db03dc3c8c1ab184ed19135fbe0c8fde80429b7b0072ef41ad", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "vad_contains_network_strings", "description": "SHA256 of 88d2b57c8bf755c886b1bf30a4be87eb", "expiration": null, "is_active": 1 }, { "id": 30345578, "indicator": "557647451b5727f7bb56fbf4f00bf29b103db0022b5dbd9741dbfab4bc1def97", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA256 of 37c37e327a766a1b2db2fb9c934ff16e", "expiration": null, "is_active": 1 }, { "id": 3360564361, "indicator": "58a9e1a0558d77473c4bce16f75e403f3ace83910002f8beb233f7ff7cbf5e0d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 0c5861504dd9156b601c0db63eebaf52", "expiration": null, "is_active": 1 }, { "id": 30345580, "indicator": "5a723f65da58bdcfc639f557f490213ca8c5009db0ddde7fffef8d2bcf3966f5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8a8ee6f199438776f6842aab67fb953d", "expiration": null, "is_active": 1 }, { "id": 2688541038, "indicator": "5c12379cd7ab3cb03dac354d0e850769873d45bb486c266a893c0daa452aa03c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of b68cab0a6da7244532c051073c8ba2f3", "expiration": null, "is_active": 1 }, { "id": 30345581, "indicator": "5d6986f440e89f4a309a62f9df8ea5989a8880229dc02b132dd1bb3d0e0083d1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of c1d4b96374cfe485179b547ebacc1ee1", "expiration": null, "is_active": 1 }, { "id": 3360564362, "indicator": "5fffdc8fb72d60f873d8693f2ae0218d7341ed0bcd390dde448e0c4b4c4139f0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 28c3fa62b1f6a9baf71e18d78d0b97ca", "expiration": null, "is_active": 1 }, { "id": 2602930109, "indicator": "60a53eb8dd79772ae2989f880925aa09b3b0feb786940ddef8dc8959d8185b11", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA256 of 2ffc739a927b62d4b7096e636951b77d", "expiration": null, "is_active": 1 }, { "id": 3360564363, "indicator": "63e63ffb95be2d5b8b7989a87c18aac16bfd0621209cfec55f8f63decc8a371e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA256 of 6f4ce475c83bbb9890c3180973a2f75b", "expiration": null, "is_active": 1 }, { "id": 2127969593, "indicator": "63e8ed9692810d562adb80f27bb1aeaf48849e468bf5fd157bc83ca83139b6d7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA256 of 7d51ea0230d4692eeedc2d5a4cd66d2d", "expiration": null, "is_active": 1 }, { "id": 2133319260, "indicator": "650619946a36ec2a6bb74c95a69cd485b60e38656b67f7d814692492bf51c409", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA256 of 5654424ea88de69d5c6031f7009f0428", "expiration": null, "is_active": 1 }, { "id": 30345583, "indicator": "66a1514ea0b833d9108f7ad1ec39a568cedcb46839f956ab330fb72791fd827d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 76c9bce4beb37cc8c00a05f3efafe89a", "expiration": null, "is_active": 1 }, { "id": 3360564364, "indicator": "66dc249bcd33189aa07a1c8fe294e4031b5954434b6747b24a7993985bb7a51b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 49b1ca0752d166c2cc5e04cbab8b71ee", "expiration": null, "is_active": 1 }, { "id": 1593585249, "indicator": "674ba1d7103cab6082ac34940962711b1f5bb7ae152b81051aa92ed6b9d6326e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of a22af4fc7fe011069704a15296634ca6", "expiration": null, "is_active": 1 }, { "id": 3360564365, "indicator": "67811f70e72693b266938c3a15a2a4b2634550e5934571e80e163c4313833d9d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-533325", "description": "SHA256 of 0f8a8eaf95c7b3b5d9b60a73140fc2bb", "expiration": null, "is_active": 1 }, { "id": 30345585, "indicator": "6899f3db419b711739120e09320345815717ae79f8091768b1216a142648e54b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 30498006ce28019ec4a879484d67a6b4", "expiration": null, "is_active": 1 }, { "id": 3360564366, "indicator": "6aa8a859fd6d30d544269056930f6528dbd840fdae098842bf674e8d62bc8c05", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 3af5259a62cd4fd5ff0df1a54478997e", "expiration": null, "is_active": 1 }, { "id": 3360564367, "indicator": "706b927576e03f13daac88ad2a00b981e479302103948704fe20af21b6c6146c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 8e3e4b006af3c1835ef3b7b4dcd3f1de", "expiration": null, "is_active": 1 }, { "id": 1593585250, "indicator": "70992a72412c5d62d003a29c3967fcb0687189d3290ebbc8671fa630829f6694", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 603854698d11963ae116bc735a8b40ca", "expiration": null, "is_active": 1 }, { "id": 3360564368, "indicator": "719989e438d7bb37a2ab4aa6cb39df259aba33ed058d474909bdc100dd76a201", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 97734c735b031143a3347fb89915f477", "expiration": null, "is_active": 1 }, { "id": 2688541033, "indicator": "73270fe9bca94fead1b5b38ddf69fae6a42e574e3150d3e3ab369f5d37d93d88", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 12c8dfe94914c793c8a72b024d9334f6", "expiration": null, "is_active": 1 }, { "id": 431039156, "indicator": "732a026d8c1b9f4f67b700086b4803776f10a8b6e27e82e0c7d1a5873ccd4212", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti!dha", "description": "SHA256 of 2d0950f69e206486c5272f2b0fc3aa22", "expiration": null, "is_active": 1 }, { "id": 30345586, "indicator": "73d3ae3798e4357e9a162911530f647dcb5f5e07aadad6c9e88a7237135daa56", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "!UPX_1_20", "description": "SHA256 of 50f7c822562c1213d244e1389d3895c8", "expiration": null, "is_active": 1 }, { "id": 2688541054, "indicator": "74e348068f8851fec1b3de54550fe09d07fb85b7481ca6b61404823b473885bb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 1670b57851c73813cb17479b302f84c0", "expiration": null, "is_active": 1 }, { "id": 3360564369, "indicator": "7559beadca3c5fdf80045bedb580221dab46cbbbbb6c7f87535164addaa0d893", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA256 of 0f3c15de074f934499f5bbc095d5557f", "expiration": null, "is_active": 1 }, { "id": 3360564370, "indicator": "75ca2c792d1d92b1d0888cb9b8d59b90c86a455ec251d5bf24dcab33525f02db", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 459323ec0efc8d4e0f7c4908e08035fd", "expiration": null, "is_active": 1 }, { "id": 1593585251, "indicator": "76b3f7186bd9e6b24b708fdcd9283b824c1b42f562979e28e5d1291e56090770", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Zox-8", "description": "SHA256 of 1fee79f50848493f08c5e5736594dab2", "expiration": null, "is_active": 1 }, { "id": 30345588, "indicator": "774efc29c19254714c986423aee968bfb03daf4ce79fddbef4ec3b4b5eee3f8f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VMProtectSDK", "description": "SHA256 of 6255f40b4000abad8b9e795280fddfd1", "expiration": null, "is_active": 1 }, { "id": 30345589, "indicator": "77a15c0e45c1dfa42d135321576c725c40f890d95e9ad44bdabeae9eb5d71a9f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 8cb10b202c47c41e1a2c11a721851654", "expiration": null, "is_active": 1 }, { "id": 30345590, "indicator": "78b588fa57b027cda856a05638b25454c59d1896670701f9a8177b8e0c39596d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ace2ace58cc68db21c38b43a0182fc8b", "expiration": null, "is_active": 1 }, { "id": 2127969585, "indicator": "79190925bd1c3fae65b0d11db40ac8e61fb9326ccfed9b7e09084b891089602d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Winnti.A!dha", "description": "SHA256 of a0a96138b57ee24eed31b652ddf60d4e", "expiration": null, "is_active": 1 }, { "id": 431039154, "indicator": "7b108c9a51643faa140edcad8b13b00c30c6fefdd21667318a24474cde44f796", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA256 of 679ba94211a4e027c2b56b959e62c8e3", "expiration": null, "is_active": 1 }, { "id": 2606761103, "indicator": "7bb5bcc1cb2f8ab248ed20e717d42fdafe6ee107e112e1356af51866212c3642", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9a83cd3f8e619c8b1b38b0b5ceeea357", "expiration": null, "is_active": 1 }, { "id": 30345592, "indicator": "7c32885c258a6d5be37ebe83643f00165da3ebf963471503909781540204752e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 2ea30517938dda8a084aa00e5ee921f6", "expiration": null, "is_active": 1 }, { "id": 3360564371, "indicator": "7db60fa41226602b7b8d67e59ff398feeba4974591d9c6f6ef8898118122c7f4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win64/Winnti.A", "description": "SHA256 of 2989b78ac3a752bf6792ac9ac606fdf0", "expiration": null, "is_active": 1 }, { "id": 3360564372, "indicator": "7ea4591a4ba94d2be4346b3af502bf6d34bcf98ae05a040907c8d7bac28cbc01", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Zoxpng.B", "description": "SHA256 of 65e4bd4dddd164e3f331d677922ee288", "expiration": null, "is_active": 1 }, { "id": 2782633333, "indicator": "7ec61a2f01663a9bbcad9cc1db923780cd2b0443ec0787c07ecfef0abbfa1c34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_strings", "description": "SHA256 of 1c1157f3fbd1587527e5ade92f8f2f7f", "expiration": null, "is_active": 1 }, { "id": 30345594, "indicator": "7eecb8af098ead93e9bf2d5a4e86ff3f172e94566d296f061971410036a22a0f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 71f8fb73be84e3d5045d4cfbf7ed4f53", "expiration": null, "is_active": 1 }, { "id": 3360564373, "indicator": "d4f9517b55da48b21b8bc0853964db1b8764e0bb", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_Winnti { \n \tmeta: \n \t\t description= \"APTMalware_Winnti Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_00-37-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"006c4561499da562a4e337e2c146cf1a\" \n \t\t hash2= \"011815cb37f49a1d14d3db895a5e705f\" \n \t\t hash3= \"011858556ad3a5ef1a6bbc6ad9eaae09\" \n \t\t hash4= \"013cd79973f9e26cd86719a988227c0c\" \n \t\t hash5= \"01f1204f54c645a13368e1ba54179779\" \n \t\t hash6= \"024cc9872d9f413292d0f952920547ca\" \n \t\t hash7= \"027eb2cda9f1c8df00e26641ce4ef12d\" \n \t\t hash8= \"031cb00db70f12ba917cd5675658f2c7\" \n \t\t hash9= \"0393eebedbde6e5ee868f81ac024b401\" \n \t\t hash10= \"045fd6e98a51a3c4e55a99bb6696f4de\" \n \t\t hash11= \"04dc04a1a61769f33b234ad0f19fdc53\" \n \t\t hash12= \"04f3fbaaaf5026df29e0d7d317194043\" \n \t\t hash13= \"0613d67070679fb97ddefc5973c4d604\" \n \t\t hash14= \"06d8b1468f09d10aa5c4b115544ccc6e\" \n \t\t hash15= \"0751ca6f8b652cae6f2b650f0cf9036a\" \n \t\t hash16= \"07a18ad4d859c67f208ccb76a7e6a184\" \n \t\t hash17= \"07e40089cdf338e8d1423b3d97332a4d\" \n \t\t hash18= \"07f33ec44f655fe5386b342a10ae48a6\" \n \t\t hash19= \"0810959693b40e9b61046f594f86bdb4\" \n \t\t hash20= \"095a6a3b6eba996d2786b5ec919b1a7e\" \n \t\t hash21= \"095cd159b460d9232123cadfa3670158\" \n \t\t hash22= \"099116c83c9b95ea71e75e1760fced28\" \n \t\t hash23= \"0ae61e7f2dd01e6293b9df2e2787caca\" \n \t\t hash24= \"0af3761919bffa0019e7899333846b27\" \n \t\t hash25= \"0b105cd6ecdfe5724c7db52135aa47ef\" \n \t\t hash26= \"0b6019cb7d872112837e3459266e1337\" \n \t\t hash27= \"0c5861504dd9156b601c0db63eebaf52\" \n \t\t hash28= \"0cd07490fc02e2a602781bb939d0bc3d\" \n \t\t hash29= \"0e7c4616c04c1a200a95b908ecd70027\" \n \t\t hash30= \"0f3c15de074f934499f5bbc095d5557f\" \n \t\t hash31= \"0f8a8eaf95c7b3b5d9b60a73140fc2bb\" \n \t\t hash32= \"1014374a0b4972adec93a015df6e4558\" \n \t\t hash33= \"108137d380650c99a682077255e95418\" \n \t\t hash34= \"115dc2627483aba7119ad4ceab1e042a\" \n \t\t hash35= \"11898306703dcbeb1ca2cd7746384829\" \n \t\t hash36= \"11ed89f0ab17cf3973e2bf970879661a\" \n \t\t hash37= \"128cb2a5de0d0422d69bab6d23ebb0aa\" \n \t\t hash38= \"12c8dfe94914c793c8a72b024d9334f6\" \n \t\t hash39= \"130a799edeb0753164cdb76ccf8fd64c\" \n \t\t hash40= \"14a9d379d3b16146ac58bc1fd0f3561a\" \n \t\t hash41= \"15c700bc1e4ec53af996f5628e97a541\" \n \t\t hash42= \"15ce067a4d370afae742db91646d26ee\" \n \t\t hash43= \"15d6249e0e7e03b3e00cc3917431cf64\" \n \t\t hash44= \"15d909f3761b4ed5b85428bea971fc3b\" \n \t\t hash45= \"16406aeff6ded69b102b7442324bcd37\" \n \t\t hash46= \"1670b57851c73813cb17479b302f84c0\" \n \t\t hash47= \"171ffa1fb15a298bcca8d8108fe913a9\" \n \t\t hash48= \"175c7694d32191091334e20509a7b2c0\" \n \t\t hash49= \"17c72e0cde2e4019a6b885f8188ac410\" \n \t\t hash50= \"1826efb7b1a4f135785ccfc8b0e79094\" \n \t\t hash51= \"18677c3a2af1476aa8cbc73cfb74d8c1\" \n \t\t hash52= \"18813863417608b4ad14babebcafcb57\" \n \t\t hash53= \"18b2e353c4628013c27aa1528cd7bd9c\" \n \t\t hash54= \"19e137dc5974cfad5db62f96e3ba9fd1\" \n \t\t hash55= \"1a5da850993681e685893547d1aa2eaf\" \n \t\t hash56= \"1ab7360a9438fb816f01ac00c17c9da4\" \n \t\t hash57= \"1b0753f717d7a33defc389e399b20d57\" \n \t\t hash58= \"1c1157f3fbd1587527e5ade92f8f2f7f\" \n \t\t hash59= \"1caa2b7cc66d901994a0893baecd2e06\" \n \t\t hash60= \"1d688ca3148df378a15796f43242b77c\" \n \t\t hash61= \"1ec70a07ec2aa63ba568160d22a78611\" \n \t\t hash62= \"1fee79f50848493f08c5e5736594dab2\" \n \t\t hash63= \"2128b6c7ec7848b73aeb6f211cef7615\" \n \t\t hash64= \"218b1cd127a95a107dbaf4abe001d364\" \n \t\t hash65= \"22de97c025f3cc9ad3f835d97b0a7fab\" \n \t\t hash66= \"231257eb290ad0335ebf4556f156fc68\" \n \t\t hash67= \"254d87bdd1f358de19ec50a3203d771a\" \n \t\t hash68= \"270bba9ad5d6a8cf7e828870e4ae323f\" \n \t\t hash69= \"276aaea14d125f69fe7e80e5a30180d7\" \n \t\t hash70= \"285a2e9216dbf83edf5ef12ba063a511\" \n \t\t hash71= \"28af0e2520713b81659c95430220d2b9\" \n \t\t hash72= \"28c3fa62b1f6a9baf71e18d78d0b97ca\" \n \t\t hash73= \"29525be71ba4846739e553a0835ab460\" \n \t\t hash74= \"296220a85742a8722b1335977dd98251\" \n \t\t hash75= \"2989b78ac3a752bf6792ac9ac606fdf0\" \n \t\t hash76= \"2a312a7fcd5fd20e4a50e73b6b9c93de\" \n \t\t hash77= \"2ad67673a4facf2b493ca5989839d8e3\" \n \t\t hash78= \"2d0950f69e206486c5272f2b0fc3aa22\" \n \t\t hash79= \"2ea30517938dda8a084aa00e5ee921f6\" \n \t\t hash80= \"2ec43703cc80323ae32fed751bedfff1\" \n \t\t hash81= \"2ffc739a927b62d4b7096e636951b77d\" \n \t\t hash82= \"3047ed57acac30c2327e74070b3864b7\" \n \t\t hash83= \"30498006ce28019ec4a879484d67a6b4\" \n \t\t hash84= \"3358c54a22d186ec9de0f15bc4bb2698\" \n \t\t hash85= \"33d385520a2677cb4232d25fdd49407f\" \n \t\t hash86= \"35bdc5a2acf35bdf9fb9169e1a47d3e7\" \n \t\t hash87= \"36711896cfeb67f599305b590f195aec\" \n \t\t hash88= \"379251974ebcd5c397f92ca45bb9620d\" \n \t\t hash89= \"37bb8eacc454aa619ef35e8d82ae85bd\" \n \t\t hash90= \"37c37e327a766a1b2db2fb9c934ff16e\" \n \t\t hash91= \"38fb6993c3c94ea6df01235f44be4e77\" \n \t\t hash92= \"3a9503ce79a0ac3b6f2f38163d55554d\" \n \t\t hash93= \"3af5259a62cd4fd5ff0df1a54478997e\" \n \t\t hash94= \"3b56e91ed28d1bef96ee80ebb7ec90a3\" \n \t\t hash95= \"3b58e122d9e17121416b146daab4db9d\" \n \t\t hash96= \"3beaa003e5e1eaf60fe18c7a5b039a62\" \n \t\t hash97= \"3c722f0bea82e5bb8958f7fab012c911\" \n \t\t hash98= \"3d107d5bdf554c6ae8d05c886080a18d\" \n \t\t hash99= \"3ecbc145dd593ec431145dd84e1e50cb\" \n \t\t hash100= \"3f0649854d60a43ef8bea236a0eecee2\" \n \t\t hash101= \"3f3f0205a6526fc87a23a4e123e55d55\" \n \t\t hash102= \"4038fb208d4b50e1f5f765811fdac174\" \n \t\t hash103= \"4197499923ab6125e2ee5e950b21ec91\" \n \t\t hash104= \"41b0e32592c9f846915d2452d1cab758\" \n \t\t hash105= \"41ff77ea7d4960c75d272a6a6fc31e7c\" \n \t\t hash106= \"43da75e7f8e7e1893dce276bd5b2e680\" \n \t\t hash107= \"43fec0660c9e28ac046c0ffa8c987ed9\" \n \t\t hash108= \"4402db68df6682bfe3e1e855a2474444\" \n \t\t hash109= \"44c4afc43c0be6b8710226e64d3b58f9\" \n \t\t hash110= \"453021b8cc10f9077fa80d60d09c631d\" \n \t\t hash111= \"4591d01a291b700efbc5b263c67a266c\" \n \t\t hash112= \"459323ec0efc8d4e0f7c4908e08035fd\" \n \t\t hash113= \"4617b5821d3d378addf68450ca6db761\" \n \t\t hash114= \"4722c665196fb6c7450980eafde6ac86\" \n \t\t hash115= \"47a69704566f37e8626bb8bb5fa784c8\" \n \t\t hash116= \"485ca8d140169ebbc8e5b3d7eaed544f\" \n \t\t hash117= \"48c21badebacdc9239416a9848b4855c\" \n \t\t hash118= \"494bedc21836a3323f88717066150abf\" \n \t\t hash119= \"49984ae27318351a541fae53522d3bef\" \n \t\t hash120= \"49b1ca0752d166c2cc5e04cbab8b71ee\" \n \t\t hash121= \"4a02ce3d6c6696ddda2a673298870e16\" \n \t\t hash122= \"4b8fd1ee47f17164e61194f6b2dbfa40\" \n \t\t hash123= \"4d028c7a47c1b0d00e894ad351a61996\" \n \t\t hash124= \"4e8f1c053dbe449c93f04e11d4afa352\" \n \t\t hash125= \"4fbb502ba8c7e8d81ec98a5974b9001a\" \n \t\t hash126= \"5042398cd279b93c2b76a3d0e78b5887\" \n \t\t hash127= \"5048a96b8a0abb9dc9c068e16373598b\" \n \t\t hash128= \"50635147a579a8c8859a49c609f9d3d2\" \n \t\t hash129= \"50678adefc49735a4f236e06e83c089d\" \n \t\t hash130= \"508f0af84d83e093bf6910dbab45421f\" \n \t\t hash131= \"509c562db69f8332b9fc3298236e8ffa\" \n \t\t hash132= \"50f7c822562c1213d244e1389d3895c8\" \n \t\t hash133= \"5156bc9f1dd8ef1c1055933bb9c89c91\" \n \t\t hash134= \"516fe9d2fe8b047fa8ba993692f44482\" \n \t\t hash135= \"5171b030750f364a3459d5de22bc875d\" \n \t\t hash136= \"527bfd801206c4b382487320ce2a245e\" \n \t\t hash137= \"535ede2d69a7e07a097ef6648b12e417\" \n \t\t hash138= \"54a0136213c408a489b9a158d1dcc5de\" \n \t\t hash139= \"5618bc41af50c790c8e8680ba30030ed\" \n \t\t hash140= \"5620be18199c15296f3b23ba5831e2d4\" \n \t\t hash141= \"5654424ea88de69d5c6031f7009f0428\" \n \t\t hash142= \"5747b40d886fb05e5e05298549c9caa5\" \n \t\t hash143= \"5778178a1b259c3127b678a49cd23e53\" \n \t\t hash144= \"5919b59b61b3807b18be08a35d7c4633\" \n \t\t hash145= \"5a44818722a4f61602c9490012a8658e\" \n \t\t hash146= \"5a69a3d1520260bea2c34adf3cb92c03\" \n \t\t hash147= \"5a93c03ddfe3edeb2573b72d12ebe0e5\" \n \t\t hash148= \"5ad07321baed16a6d1187169c3160df4\" \n \t\t hash149= \"5c7828e1f193ef222b083c6ef8c888f6\" \n \t\t hash150= \"5c865404f27f5e5b83b6fcfd94068118\" \n \t\t hash151= \"5ce790274b7507740e9983d2efe69c17\" \n \t\t hash152= \"5db7ba6e771cef48c623ae48fbb4740b\" \n \t\t hash153= \"5ed62492675e5577f5df02b349339195\" \n \t\t hash154= \"603854698d11963ae116bc735a8b40ca\" \n \t\t hash155= \"604c8b4f2f82e016cff74ebc4a359e34\" \n \t\t hash156= \"60bd5a9ab78f6c614b824ddcb47dfd7c\" \n \t\t hash157= \"6103f34ec409f99762e9c3714dfa1262\" \n \t\t hash158= \"624db864fe644bc08c16cdbdb8f4bdfb\" \n \t\t hash159= \"6255f40b4000abad8b9e795280fddfd1\" \n \t\t hash160= \"6275219b8a353f7e093c7dd2e9301567\" \n \t\t hash161= \"629c0a9d3d0f471005c87d06aed45113\" \n \t\t hash162= \"64d225a757686db6263e5df919e9dfd6\" \n \t\t hash163= \"65e4bd4dddd164e3f331d677922ee288\" \n \t\t hash164= \"66de2aaad67446aabbe5adeb873b4b24\" \n \t\t hash165= \"66f915ebdde2f98e2f802a52f1a4e85e\" \n \t\t hash166= \"677c3236b3acac70f528de8b4cf62539\" \n \t\t hash167= \"679ba94211a4e027c2b56b959e62c8e3\" \n \t\t hash168= \"68af93fd6d813c4110ad7850ed027b69\" \n \t\t hash169= \"6b4ab6ca6808e955a6fd11ae5ffea1f6\" \n \t\t hash170= \"6db0e662dad6407f666aa0ea4b995e7f\" \n \t\t hash171= \"6dfcdc4c8edc77642f15592143f34569\" \n \t\t hash172= \"6e4846b1029fed9118bbfaa0bd66f0a9\" \n \t\t hash173= \"6e83c0e6739a2782ce385632f5e982c3\" \n \t\t hash174= \"6e927175a6224add534a6072bc6a6170\" \n \t\t hash175= \"6e9b47f2ae1f9e7260b8793f35fbbd3a\" \n \t\t hash176= \"6eefa1529bcf192f7ccea1f5aeefe707\" \n \t\t hash177= \"6f4ce475c83bbb9890c3180973a2f75b\" \n \t\t hash178= \"6f5a10edc2c7319b8d7abc0a606e5ce6\" \n \t\t hash179= \"7024ea8285cee098829ac8f2b1de4455\" \n \t\t hash180= \"70e41bc5daa6ff811317afef75498062\" \n \t\t hash181= \"71f0e9068a8d3f9a81aecccad7571535\" \n \t\t hash182= \"71f8fb73be84e3d5045d4cfbf7ed4f53\" \n \t\t hash183= \"727dfef3918db48b9922ac75796aed55\" \n \t\t hash184= \"72b1bfaf65ad9ec596860c1ea3bfb4cc\" \n \t\t hash185= \"73497bb006c082008a49c09fbcdc7787\" \n \t\t hash186= \"740249492922bf531821692b4c23498e\" \n \t\t hash187= \"74", "title": "", "description": "APTMalware_Winnti Group", "expiration": null, "is_active": 1 }, { "id": 3360564374, "indicator": "03637d861d1b58863a212d4993fe4d2f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2823947166, "indicator": "038707ae48c5db96548aa8853bf8988a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584449039, "indicator": "0443582a0b7f27698eec0aaa85ccf4d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564375, "indicator": "05bcca25fe3e1a0e4356916cfe305802", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384172, "indicator": "08bc1dfc6dfb8f50743814b8ec2d3000", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564376, "indicator": "094e63b3e14ca69f261c3695130f7d4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564377, "indicator": "0a51c323960139f425ccd83188df96eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5516605, "indicator": "0a9ae7fdcd9a9fe0d8c5c106e8940701", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nullsoft_NSIS", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564378, "indicator": "0c3ae22a2b7c196cea3b0a46c720c79f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384170, "indicator": "0ce1af7315a59b162db2a3526ae13ff0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564379, "indicator": "106d5c778fdb6cc9ae4c4e57c4adabc5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5516606, "indicator": "1080e27b83c37dfeaa0daaa619bdf478", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564380, "indicator": "149d6631ad66a915ca64cb853487337e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2823977831, "indicator": "176260be8d712d85435087899a941ee9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564381, "indicator": "188adb469567fcef3a6fae98d3877bd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564382, "indicator": "19de1f992adde4cb22c7ad7472866434", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 5516607, "indicator": "1d6b11f85debdda27e873662e721289e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Havex-B\\ [Trj]", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564383, "indicator": "28b5dba21cb3ad1f1c659cfbcac8f5f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384372, "indicator": "294a393eb4bb474ee4089d4228dee0d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564384, "indicator": "2ad96c6eced12e76c45ac0e81cb7a526", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564385, "indicator": "2b846203387b5d3985d7cd7e5b08ada4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405212, "indicator": "2e39e7bd5d566893fe3df0c7e145d83a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2617419, "indicator": "34dfc78cb68213ff25d6fb426a3665ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564386, "indicator": "36228593bb258ddd0a385dea5d770a8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564387, "indicator": "39a7da76126aa097efe80f83f469f2c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564388, "indicator": "3a922a167415d3e5abcaca21f6de0b3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564389, "indicator": "3be007dd6616cd2147af73777edac417", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564390, "indicator": "3cc770e20f45626e7bd7d0645f1264f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629902, "indicator": "3f1fe2e5b3b8aac8f86d7363b92c71e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 2631284, "indicator": "3f67bad86fb911ca4ab29bda9be1f1e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 578291940, "indicator": "4102f370aaf46629575daffbd5a0b3c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564391, "indicator": "418bfc05240ec86b91181f38bd751ccb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564392, "indicator": "4200bcaaa71d7c6e3f00bae88d576f2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564393, "indicator": "44033c271dc323ffb6ac158e8220ff8a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564394, "indicator": "44652b7ac9cabecbe34364dea33d09e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564395, "indicator": "471896be829b9a48a1256d2e65b66282", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564396, "indicator": "4b095643f65a1dd876c01dd6b841493b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2824119791, "indicator": "4f7d8fb908c7ba76a2f6655cadb7ddc7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 301894469, "indicator": "51502d7d6d188ad87213ca5942f232cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564397, "indicator": "55bcc745895af1c6f459750b740cd628", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564398, "indicator": "56fc63042b5539d9f2ab2fcfd01cf998", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564399, "indicator": "5c0dd3c31b2ebd2ae4adfdabe247d1c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564400, "indicator": "5c37059ac24031745b99cd62b8cc200d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384169, "indicator": "635821f2e915c3534d1865725b45af9a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564401, "indicator": "666a43f1b710a4e8b8d2a97118e7af06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384166, "indicator": "6807138f242b08e0310dca0d3004140e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564402, "indicator": "68a5f818c807a73466041c6d2593d873", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564403, "indicator": "6a78052d3f9eb96acec8f1b647050525", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564404, "indicator": "6b1b40b5b9eeb38eb548a50e59bfbb6b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 578291941, "indicator": "6bfc42f7cb1364ef0bfd749776ac6d38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564405, "indicator": "6d67262c09c19d676aa6f73be19d181b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564406, "indicator": "6f26aa8f74da02c4b13af1560ad158fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564407, "indicator": "71c097357affb0bcffcf6307a9f3d5b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614715, "indicator": "7218f41670107e58971223c9880923ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564408, "indicator": "73dd306044e5c2dc2b713328f415096d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564409, "indicator": "75a63d9b3378abe997b80a8effb9654d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564410, "indicator": "78c6551e85a8d4788ea7b2bf138e4fde", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564529, "indicator": "7b28d8a54fc15a96b8da49dd3fcc1dae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584507859, "indicator": "81b0eb1c665ff0d57263040632764cad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564531, "indicator": "875b0702ef3cc2d909ecf720bb4079c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564532, "indicator": "879f04b0cd5ea72fb34b8ca7d1a9d5dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-506227", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564533, "indicator": "881af5234f3107e96ad1a9a60056d4a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384158, "indicator": "88a13d7d3398f5c388089a9b3e92eb65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564534, "indicator": "8a35fea299b2ec9b16bce86f01a1ba38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663917120, "indicator": "8bf9eef3ae42ad998e7948035117c37a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564535, "indicator": "8e8fbb8de350882a77599bccc5c1ef6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2616940, "indicator": "8f6da02534186226e11749ca54450006", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584514059, "indicator": "8f8471acff7e18f61dc2def2bc353574", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564536, "indicator": "92f584ca90d0f242fecb14235c505119", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564537, "indicator": "93f121983ec74731c3af1f966395ded8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384370, "indicator": "979464521c927226ac683ec4c88c6218", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564538, "indicator": "9878cf9e6b555470d3a2ae25cc2ec7f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564539, "indicator": "9a2ae074419c019aac28d5fa02a95849", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564540, "indicator": "9cc5d4b3b9ae503fabb56cd114211ae1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564541, "indicator": "9d897336c0ebee45d51dc2e8c8444c39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584520661, "indicator": "9e5cf794fe50442c8b8fb6b132507d41", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564542, "indicator": "a1740aa640d38783113498d8c3b53c20", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564543, "indicator": "a1bf39cec32e5cd41170722ee0a2a4c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564544, "indicator": "a75d7a68da32fdd4954ea74e2e95352c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564545, "indicator": "a79ba17784e0183120cee6dfbf49e476", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564546, "indicator": "ab977ad5550ff745edc2aa70c4ba3b01", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564547, "indicator": "acd25fab4f920de8e6ab8a6e38a591cd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384168, "indicator": "b146d70132f44cc0229354a6c448dde9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564548, "indicator": "b2a88f7e5e2c45b9d624019e6b20be72", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384167, "indicator": "b2fb91d0d5aa76630e6b1819021a0e60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564549, "indicator": "b42296359ebcd003e3064fe33ba4eec7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564550, "indicator": "b61d0080133fe0910048cf811ed7d049", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2664208256, "indicator": "b662660b6e6e3cc24ae7fefcb7edb4e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384157, "indicator": "b7a6f203da2a8fe289465c71351e029a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564551, "indicator": "ba3272410c091320f145e1324b0f7ae0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2284771, "indicator": "ba8da708b8784afd36c44bb5f1f436bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2824096670, "indicator": "bc175f186cbfadffbaddff7adb2f1cac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384163, "indicator": "bda42195bd9bb32b50a88b6a31f9a1e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 31040980, "indicator": "bddd4e2b84fa2ad61eb065e7797270ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564552, "indicator": "be30d12507c220c2c0944ad0623a02e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564553, "indicator": "c209ba19628173c84d54316af28ac54d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2823979875, "indicator": "c6cd8ca870dc15999ee858981eb322ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2665592641, "indicator": "c839220da67b00963276d95cafe176c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564554, "indicator": "c83ed3fcf47b9fd327233efcf80f7810", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629862, "indicator": "c88ad88125757a2e76a98f3137e4a048", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564555, "indicator": "cac9802d99e36b04da32680cc4955c22", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564556, "indicator": "cfceef37dd8338f11a022f9afce0c451", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564557, "indicator": "d0b34a66a63a00425e9fa0adb02b2842", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564558, "indicator": "d153b77e32901546849ec44a71227694", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564559, "indicator": "d2b05031f9dfb300d88305376cefc2ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564560, "indicator": "d2fd01e25fbfa28b6c61548b3d1e68fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384162, "indicator": "d4ae9eb1a009aa60096d0c662db02d54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405215, "indicator": "d532eb6835126e53e7ae491ae29fd8b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564561, "indicator": "d610b84def0f32e139cd4e852f34882f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2617797, "indicator": "d844b2434aab1d73078d2f729393638f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564562, "indicator": "d87b3a4dec9e059503193f9e4f54c57a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564563, "indicator": "d985dec3ee9e99ad3a2c9c8237e74772", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384161, "indicator": "dae25368fc5742fe8e770658fb8c747f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663903882, "indicator": "db6adb2765915346799d9f21329eaf80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.7062405", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384160, "indicator": "dd6cab90d45bad6378160dba9ea742e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663903880, "indicator": "ddbd1ecfd473ef77ef63b2e94b1c8e44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564564, "indicator": "e1aab3f34dce501546a83d08cd956eaa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564565, "indicator": "e85c8feed568eff781dfd185f3f6e4c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564566, "indicator": "e8b9d2e83ef757a6ad6fea28dfe8a0ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2823947161, "indicator": "e8e94430093fb159161b20485970dacb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564567, "indicator": "e932ec2d100968987c3d7520688a1408", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580384159, "indicator": "eaa3391b1e8af72e0e9aff96ae12a758", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405210, "indicator": "eb0dacdc8b346f44c8c370408bad4306", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663894159, "indicator": "eb883545fb2757a875b192779d06b0c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564568, "indicator": "ec23ff3932191a8e091c5aec3652b610", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564569, "indicator": "f0f36f6c1f5d3ff37ac9ed9adf94cca2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WIN.Trojan.Agent-356542", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564570, "indicator": "f1641106efc438564dcb285d5ca8c336", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564571, "indicator": "f27b0469a9f5d75437bdd2e782033d21", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564572, "indicator": "f282255cff4eab6714bed3fb55577010", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564573, "indicator": "f549a310572a8ead930f8fb4008eb02f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584562094, "indicator": "f9fd935b8e70dce6cfd72716050ad41e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2618142, "indicator": "fd6edc9082dcb2bf1b324b3a0cba2062", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564574, "indicator": "02e9eefb1d1c49894c1a234e19a4a9fd07cc323d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 71c097357affb0bcffcf6307a9f3d5b3", "expiration": null, "is_active": 1 }, { "id": 3360564575, "indicator": "0c5940b1a928b00f5b1f647878feab26691f0c93", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 39a7da76126aa097efe80f83f469f2c2", "expiration": null, "is_active": 1 }, { "id": 3360564576, "indicator": "16df6ed9b4bbe72f1fa3a0e3eba36f64810a9d5b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 28b5dba21cb3ad1f1c659cfbcac8f5f5", "expiration": null, "is_active": 1 }, { "id": 2284786, "indicator": "1c90ecf995a70af8f1d15e9c355b075b4800b4de", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ba8da708b8784afd36c44bb5f1f436bc", "expiration": null, "is_active": 1 }, { "id": 3360564577, "indicator": "1fcaba91c77844a7e2fbae80e9417934ff5f7085", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ab977ad5550ff745edc2aa70c4ba3b01", "expiration": null, "is_active": 1 }, { "id": 3360564578, "indicator": "21d878ddc7532abe8cf30af64acd0d50cbeae5ad", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c83ed3fcf47b9fd327233efcf80f7810\nSHA1 of c83ed3fcf47b9fd327233efcf80f7810", "expiration": null, "is_active": 1 }, { "id": 3360564579, "indicator": "273bb41a64a484e15216a6e41d29f8c4f18a96e4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 19de1f992adde4cb22c7ad7472866434", "expiration": null, "is_active": 1 }, { "id": 3360564580, "indicator": "2a50f40af9e32664feeb978b27aac4bebe4b0fad", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-506227", "description": "SHA1 of 879f04b0cd5ea72fb34b8ca7d1a9d5dd", "expiration": null, "is_active": 1 }, { "id": 2584656404, "indicator": "2abfa187fb4747c74584b3a0b395ebc81fd742dc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-1", "description": "SHA1 of 1080e27b83c37dfeaa0daaa619bdf478", "expiration": null, "is_active": 1 }, { "id": 3360564581, "indicator": "2ac415b5f95284364cbec1f3135488da250c6366", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of eb0dacdc8b346f44c8c370408bad4306", "expiration": null, "is_active": 1 }, { "id": 301895287, "indicator": "2ad2b07a9e09034975fc479acc3ef6e9cacc4620", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nullsoft_NSIS", "description": "SHA1 of 0a9ae7fdcd9a9fe0d8c5c106e8940701", "expiration": null, "is_active": 1 }, { "id": 3360564582, "indicator": "2bb517ae16b28c76b3851fbdb926c3dfb429a9bf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 0c3ae22a2b7c196cea3b0a46c720c79f", "expiration": null, "is_active": 1 }, { "id": 301895469, "indicator": "317fd58d53aa3fe0fec209702a879aefb77c148c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 51502d7d6d188ad87213ca5942f232cf", "expiration": null, "is_active": 1 }, { "id": 2582678937, "indicator": "361c0a4f8213693e974b6ae55bf0ad16c74adf61", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A!dha", "description": "SHA1 of 875b0702ef3cc2d909ecf720bb4079c2", "expiration": null, "is_active": 1 }, { "id": 3360564583, "indicator": "3c0ff434e27768ac2e0a3761efb2dd6413996d6c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of d532eb6835126e53e7ae491ae29fd8b3", "expiration": null, "is_active": 1 }, { "id": 3360564584, "indicator": "435dd67fe8c7cfee1fa701c6389690a86ab6a73d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 92f584ca90d0f242fecb14235c505119", "expiration": null, "is_active": 1 }, { "id": 3360564585, "indicator": "4f6b77d4c901b76c27f63b74e782809fde2e6f2c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d2fd01e25fbfa28b6c61548b3d1e68fe", "expiration": null, "is_active": 1 }, { "id": 2823977830, "indicator": "5220fa4288c5db7bd896a8aa23976ac34f104115", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 176260be8d712d85435087899a941ee9", "expiration": null, "is_active": 1 }, { "id": 3360564586, "indicator": "531ed66a90e7ac92a77a457f7b7176ca4427e068", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of d844b2434aab1d73078d2f729393638f\nSHA1 of d844b2434aab1d73078d2f729393638f", "expiration": null, "is_active": 1 }, { "id": 2663903883, "indicator": "674eeebc55e27c98476c305a98029fc90b7f8219", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.7062405", "description": "SHA1 of db6adb2765915346799d9f21329eaf80", "expiration": null, "is_active": 1 }, { "id": 3360564587, "indicator": "7001f9e2d48e10fc5dd63ea8ff04c1d5c9de30c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 75a63d9b3378abe997b80a8effb9654d", "expiration": null, "is_active": 1 }, { "id": 3360564588, "indicator": "758715edf9cc7e6fb3c0fefef5fbb5e8c3ac6272", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c209ba19628173c84d54316af28ac54d", "expiration": null, "is_active": 1 }, { "id": 3360564589, "indicator": "786ba38648bf40c3f6383c5f031ca53714d4be75", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of be30d12507c220c2c0944ad0623a02e6", "expiration": null, "is_active": 1 }, { "id": 2582692924, "indicator": "79d89ea862e2031f6d3e9e21fadd2b02821c691d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of b7a6f203da2a8fe289465c71351e029a", "expiration": null, "is_active": 1 }, { "id": 2584657901, "indicator": "7b77767525de24c43d8b992e2d919eb3252e4152", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of f9fd935b8e70dce6cfd72716050ad41e", "expiration": null, "is_active": 1 }, { "id": 3360564590, "indicator": "7e8860555b04cf17baf153c08fbb05e93efe40aa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of f282255cff4eab6714bed3fb55577010\nSHA1 of f282255cff4eab6714bed3fb55577010", "expiration": null, "is_active": 1 }, { "id": 2284785, "indicator": "7f249736efc0c31c44e96fb72c1efcc028857ac7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Havex-B\\ [Trj]", "description": "SHA1 of 1d6b11f85debdda27e873662e721289e", "expiration": null, "is_active": 1 }, { "id": 3360564591, "indicator": "82ba366bdbab0c1c0b4c4f65fe4c7b6129d07417", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of d0b34a66a63a00425e9fa0adb02b2842\nSHA1 of d0b34a66a63a00425e9fa0adb02b2842", "expiration": null, "is_active": 1 }, { "id": 3360564592, "indicator": "832635581d5f8a45bfdf8b9b5722c875796725d0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of a1740aa640d38783113498d8c3b53c20", "expiration": null, "is_active": 1 }, { "id": 3360564593, "indicator": "83d9664827365016ef4556ea8fc3ec891401edd7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of f1641106efc438564dcb285d5ca8c336\nSHA1 of f1641106efc438564dcb285d5ca8c336", "expiration": null, "is_active": 1 }, { "id": 3360564594, "indicator": "84365f6e1ef0603e6975df27e92a840e2f96b1d0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of b42296359ebcd003e3064fe33ba4eec7", "expiration": null, "is_active": 1 }, { "id": 3360564595, "indicator": "870153e6cbc0534a1d769a3e2f60637d40e4a6a4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B", "description": "SHA1 of 418bfc05240ec86b91181f38bd751ccb", "expiration": null, "is_active": 1 }, { "id": 3360564596, "indicator": "8836e61780c77c7ebe733dbd8af9453660e23d9b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9878cf9e6b555470d3a2ae25cc2ec7f5", "expiration": null, "is_active": 1 }, { "id": 2663917119, "indicator": "941874b38c36f3e955100ae5c71e51334d16c9ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 8bf9eef3ae42ad998e7948035117c37a", "expiration": null, "is_active": 1 }, { "id": 2663903881, "indicator": "a00d3ce9e30a96bceb18f1aa423413c8434cdcd8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of ddbd1ecfd473ef77ef63b2e94b1c8e44\nSHA1 of ddbd1ecfd473ef77ef63b2e94b1c8e44", "expiration": null, "is_active": 1 }, { "id": 3360564597, "indicator": "a6d595a42570a50da8e8129d77d93693d81ee77c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 73dd306044e5c2dc2b713328f415096d", "expiration": null, "is_active": 1 }, { "id": 3360564598, "indicator": "a8acca8c97f10543d96e47bae2e22f9530f6e5c3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 55bcc745895af1c6f459750b740cd628\nSHA1 of 55bcc745895af1c6f459750b740cd628", "expiration": null, "is_active": 1 }, { "id": 2688595440, "indicator": "b4e657dbe1b1568fafa2595e559507979b17acab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of bddd4e2b84fa2ad61eb065e7797270ff", "expiration": null, "is_active": 1 }, { "id": 3360564599, "indicator": "b5e5872ab2dfa58a3f938f2dac402098bc89c179", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of fd6edc9082dcb2bf1b324b3a0cba2062", "expiration": null, "is_active": 1 }, { "id": 3360564600, "indicator": "b76b154766e1c6414cdb08cbb14a1b22aef15014", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 4b095643f65a1dd876c01dd6b841493b", "expiration": null, "is_active": 1 }, { "id": 3360564601, "indicator": "b85e08d43cc9455a4e0a4798825f825d378eb4f8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of f27b0469a9f5d75437bdd2e782033d21\nSHA1 of f27b0469a9f5d75437bdd2e782033d21", "expiration": null, "is_active": 1 }, { "id": 2582706565, "indicator": "bb59cc5e0040ede227332e7da1942264cd75ec4c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-3", "description": "SHA1 of 3f1fe2e5b3b8aac8f86d7363b92c71e0", "expiration": null, "is_active": 1 }, { "id": 3360564602, "indicator": "c06178c8e6b2ce66a273abbe7d73cf4278329519", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WIN.Trojan.Agent-356542", "description": "SHA1 of f0f36f6c1f5d3ff37ac9ed9adf94cca2", "expiration": null, "is_active": 1 }, { "id": 2582712849, "indicator": "d9a2cb3ce4900c7ed92ccaf798b0c1a4d93e6ac2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 979464521c927226ac683ec4c88c6218", "expiration": null, "is_active": 1 }, { "id": 3360564603, "indicator": "d9bac9d41f812112e871843dbef692bae5d551bf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 68a5f818c807a73466041c6d2593d873", "expiration": null, "is_active": 1 }, { "id": 3360564604, "indicator": "e66b19f16e757730a116f6b7ab0293e3e4b52050", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 2ad96c6eced12e76c45ac0e81cb7a526", "expiration": null, "is_active": 1 }, { "id": 3360564605, "indicator": "eba2bd4df7073faf2c59266d5104e71caed75a28", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of 881af5234f3107e96ad1a9a60056d4a1", "expiration": null, "is_active": 1 }, { "id": 3360564606, "indicator": "ef79111db594d0e7a433d70a135b3bfb8514d3f2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of d153b77e32901546849ec44a71227694", "expiration": null, "is_active": 1 }, { "id": 2284784, "indicator": "efe9462bfa3564fe031b5ff0f2e4f8db8ef22882", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A", "description": "SHA1 of 4102f370aaf46629575daffbd5a0b3c9", "expiration": null, "is_active": 1 }, { "id": 3360564607, "indicator": "fe0de4815687455851ac71e64e9006f25d7592ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA1 of e8b9d2e83ef757a6ad6fea28dfe8a0ae", "expiration": null, "is_active": 1 }, { "id": 5516600, "indicator": "0007ccdddb12491e14c64317f314c15e0628c666b619b10aed199eefcfe09705", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-1", "description": "SHA256 of 1080e27b83c37dfeaa0daaa619bdf478", "expiration": null, "is_active": 1 }, { "id": 3084133, "indicator": "004c99be0c355e1265b783aae557c198bcc92ee84ed49df70db927a726c842f3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A", "description": "SHA256 of 4102f370aaf46629575daffbd5a0b3c9", "expiration": null, "is_active": 1 }, { "id": 3084126, "indicator": "0850c39a7fcaa7091aaea333d33c71902b263935df5321edcd5089d10e4bbebb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of f27b0469a9f5d75437bdd2e782033d21\nSHA256 of f27b0469a9f5d75437bdd2e782033d21", "expiration": null, "is_active": 1 }, { "id": 5516601, "indicator": "0b74282d9c03affb25bbecf28d5155c582e246f0ce21be27b75504f1779707f5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Havex-B\\ [Trj]", "description": "SHA256 of 1d6b11f85debdda27e873662e721289e", "expiration": null, "is_active": 1 }, { "id": 3084221, "indicator": "0c9b20f4cb0b3206f81c2afbb2ee4d995c28f74f38216f7d35454af624af8876", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9878cf9e6b555470d3a2ae25cc2ec7f5", "expiration": null, "is_active": 1 }, { "id": 3084229, "indicator": "0e34262813677090938983039ba9ff3ade0748a3aba25e28d19e2831c036b095", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 75a63d9b3378abe997b80a8effb9654d", "expiration": null, "is_active": 1 }, { "id": 3084113, "indicator": "0ea750a8545252b73f08fe87db08376f789fe7e58a69f5017afa2806046380a5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 176260be8d712d85435087899a941ee9", "expiration": null, "is_active": 1 }, { "id": 3084130, "indicator": "13da3fe28302a8543dd527d9e09723caeed98006c3064c5ed7b059d6d7f36554", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 28b5dba21cb3ad1f1c659cfbcac8f5f5", "expiration": null, "is_active": 1 }, { "id": 3084123, "indicator": "269ea4b883de65f235a04441144519cf6cac80ef666eccf073eedd5f9319be0f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of fd6edc9082dcb2bf1b324b3a0cba2062", "expiration": null, "is_active": 1 }, { "id": 3084128, "indicator": "2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of be30d12507c220c2c0944ad0623a02e6", "expiration": null, "is_active": 1 }, { "id": 2589404751, "indicator": "4b547b3992838cfb3b61cb25f059c0b56c2f7caaa3b894dbc20bf7b33dadc5a1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of f9fd935b8e70dce6cfd72716050ad41e", "expiration": null, "is_active": 1 }, { "id": 3084116, "indicator": "4c5c02fbd6f35cad2e0a6f15e769bc6d4413219ce059cc11be7589f5d54645ea", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 55bcc745895af1c6f459750b740cd628\nSHA256 of 55bcc745895af1c6f459750b740cd628", "expiration": null, "is_active": 1 }, { "id": 3084114, "indicator": "4f3ceab96fb55d0b05380a1d95bb494ca44d7a9d7f10ded02d5b6fc27c92cb05", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of ddbd1ecfd473ef77ef63b2e94b1c8e44\nSHA256 of ddbd1ecfd473ef77ef63b2e94b1c8e44", "expiration": null, "is_active": 1 }, { "id": 3084109, "indicator": "4ff5f102f0f1284a189485fc4c387c977dd92f0bc6a30c4d837e864aed257129", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of d0b34a66a63a00425e9fa0adb02b2842\nSHA256 of d0b34a66a63a00425e9fa0adb02b2842", "expiration": null, "is_active": 1 }, { "id": 3084135, "indicator": "56a1513bcf959d5df3ff01476ddb4b158ce533658ab7d8dd439324b16f193ac2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of d844b2434aab1d73078d2f729393638f\nSHA256 of d844b2434aab1d73078d2f729393638f", "expiration": null, "is_active": 1 }, { "id": 3084237, "indicator": "593849098bd288b7bed9646e877fa0448dcb25ef5b4482291fdf7123de867911", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c83ed3fcf47b9fd327233efcf80f7810\nSHA256 of c83ed3fcf47b9fd327233efcf80f7810", "expiration": null, "is_active": 1 }, { "id": 3084165, "indicator": "59af70f71cdf933f117ab97d6f1c1bab82fd15dbe654ba1b27212d7bc20cec8c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of f282255cff4eab6714bed3fb55577010\nSHA256 of f282255cff4eab6714bed3fb55577010", "expiration": null, "is_active": 1 }, { "id": 3084132, "indicator": "61969cd978cd2de3a13a10510d0dea5d0d3b212209804563ed3d42033a9d0f54", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of f1641106efc438564dcb285d5ca8c336\nSHA256 of f1641106efc438564dcb285d5ca8c336", "expiration": null, "is_active": 1 }, { "id": 3084257, "indicator": "646c94a0194ca70fbe68c444a0c9b444e195280f9a0d19f12393421311653552", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-506227", "description": "SHA256 of 879f04b0cd5ea72fb34b8ca7d1a9d5dd", "expiration": null, "is_active": 1 }, { "id": 3084187, "indicator": "6606dd9a5d5182280c12d009a03b8ed6179872fcb08be9aa16f098250cc5b7a7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c209ba19628173c84d54316af28ac54d", "expiration": null, "is_active": 1 }, { "id": 5516603, "indicator": "70103c1078d6eb28b665a89ad0b3d11c1cbca61a05a18f87f6a16c79b501dfa9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of eb0dacdc8b346f44c8c370408bad4306", "expiration": null, "is_active": 1 }, { "id": 3084180, "indicator": "7933809aecb1a9d2110a6fd8a18009f2d9c58b3c7dbda770251096d4fcc18849", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ba8da708b8784afd36c44bb5f1f436bc", "expiration": null, "is_active": 1 }, { "id": 3084122, "indicator": "7c1136d6f5b10c22698f7e049dbc493be6e0ce03316a86c422ca9b670cb133aa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 4b095643f65a1dd876c01dd6b841493b", "expiration": null, "is_active": 1 }, { "id": 3084243, "indicator": "81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Havex-3", "description": "SHA256 of 3f1fe2e5b3b8aac8f86d7363b92c71e0", "expiration": null, "is_active": 1 }, { "id": 3084143, "indicator": "8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 881af5234f3107e96ad1a9a60056d4a1", "expiration": null, "is_active": 1 }, { "id": 3084153, "indicator": "8da93bc4d20e5f38d599ac89db26fc2f1eecbf36c14209302978d46fc4ce5412", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.7062405", "description": "SHA256 of db6adb2765915346799d9f21329eaf80", "expiration": null, "is_active": 1 }, { "id": 3084127, "indicator": "8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 0c3ae22a2b7c196cea3b0a46c720c79f", "expiration": null, "is_active": 1 }, { "id": 3084190, "indicator": "913c21141966750cfe80d1f64f7c819ae59e401b47f0b5031fd2486c10403c91", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 73dd306044e5c2dc2b713328f415096d", "expiration": null, "is_active": 1 }, { "id": 3084193, "indicator": "9a2a8cb8a0f4c29a7c2c63ee58e55aada0a3895382abe7470de4822a4d868ee6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of bddd4e2b84fa2ad61eb065e7797270ff", "expiration": null, "is_active": 1 }, { "id": 3084124, "indicator": "a05b53260c2855829226dffd814022b7ff4750d278d6c46f2e8e0dc58a36a1f9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ab977ad5550ff745edc2aa70c4ba3b01", "expiration": null, "is_active": 1 }, { "id": 3084146, "indicator": "a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.A!dha", "description": "SHA256 of 875b0702ef3cc2d909ecf720bb4079c2", "expiration": null, "is_active": 1 }, { "id": 3084209, "indicator": "abdb2da30435430f808b229f8b6856fafc154a386ef4f7c5e8de4a746e350e0c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WIN.Trojan.Agent-356542", "description": "SHA256 of f0f36f6c1f5d3ff37ac9ed9adf94cca2", "expiration": null, "is_active": 1 }, { "id": 3084134, "indicator": "b0faba6156c7b0cd59b94eeded37d8c1041d4b8dfa6aacd6520a6d28c3f02a5e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d2fd01e25fbfa28b6c61548b3d1e68fe", "expiration": null, "is_active": 1 }, { "id": 3084119, "indicator": "bcdcb4b5e9aaaee2c46d5b0ed16aca629de9faa5e787c672191e0bdf64619a95", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of a1740aa640d38783113498d8c3b53c20", "expiration": null, "is_active": 1 }, { "id": 5516604, "indicator": "c32277fba70c82b237a86e9b542eb11b2b49e4995817b7c2da3ef67f6a971d4a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nullsoft_NSIS", "description": "SHA256 of 0a9ae7fdcd9a9fe0d8c5c106e8940701", "expiration": null, "is_active": 1 }, { "id": 3084120, "indicator": "c4e2e341689799281eaef47de75f59edceaba281398b41fe7616436f247ab93d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of b42296359ebcd003e3064fe33ba4eec7", "expiration": null, "is_active": 1 }, { "id": 3084108, "indicator": "c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of d153b77e32901546849ec44a71227694", "expiration": null, "is_active": 1 }, { "id": 3084210, "indicator": "cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of b7a6f203da2a8fe289465c71351e029a", "expiration": null, "is_active": 1 }, { "id": 3084234, "indicator": "ce99e5f64f2d1e58454f23b4c1de33d71ee0b9fcd52c9eb69569f1c420332235", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 68a5f818c807a73466041c6d2593d873", "expiration": null, "is_active": 1 }, { "id": 3084111, "indicator": "d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 8bf9eef3ae42ad998e7948035117c37a", "expiration": null, "is_active": 1 }, { "id": 3084107, "indicator": "d5687b5c5cec11c851e84a1d40af3ef52607575487a70224f63458c24481076c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 51502d7d6d188ad87213ca5942f232cf", "expiration": null, "is_active": 1 }, { "id": 3084110, "indicator": "d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B", "description": "SHA256 of 418bfc05240ec86b91181f38bd751ccb", "expiration": null, "is_active": 1 }, { "id": 3084129, "indicator": "d755904743d48c31bdff791bfa440e79cfe1c3fc9458eb708cf8bb78f117dd07", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 19de1f992adde4cb22c7ad7472866434", "expiration": null, "is_active": 1 }, { "id": 3084230, "indicator": "da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of d532eb6835126e53e7ae491ae29fd8b3", "expiration": null, "is_active": 1 }, { "id": 3084206, "indicator": "ebb16c9536e6387e7f6988448a3142d17ab695b2894624f33bd591ceb3e46633", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 979464521c927226ac683ec4c88c6218", "expiration": null, "is_active": 1 }, { "id": 3084112, "indicator": "ecb097f3367f0155887dde9f891ff823ff54ddfe5217cdbb391ea5b10c5a08dc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 39a7da76126aa097efe80f83f469f2c2", "expiration": null, "is_active": 1 }, { "id": 3084105, "indicator": "edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 92f584ca90d0f242fecb14235c505119", "expiration": null, "is_active": 1 }, { "id": 3084131, "indicator": "f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 71c097357affb0bcffcf6307a9f3d5b3", "expiration": null, "is_active": 1 }, { "id": 3084239, "indicator": "f6aab09e1c52925fe599246dfdb4c1d06bea5c380c4c3e9c33661c869d41a23a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of e8b9d2e83ef757a6ad6fea28dfe8a0ae", "expiration": null, "is_active": 1 }, { "id": 3084118, "indicator": "fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Havex.B!dha", "description": "SHA256 of 2ad96c6eced12e76c45ac0e81cb7a526", "expiration": null, "is_active": 1 }, { "id": 404887, "indicator": "http://7adharat.com/forum/includes/search/index_search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405058, "indicator": "http://abainternationaltoursandtravel.com/hiking_Safaris/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2590272044, "indicator": "http://adultfriendfrance.com/wp-includes/pomo/src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405068, "indicator": "http://adultfriendgermany.com/wp-includes/pomo/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405000, "indicator": "http://adultfrienditaly.com/wp-includes/pomo/src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404923, "indicator": "http://al-mashkoor.com/php/mail/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404931, "indicator": "http://alexvernigor.com/includes/phpmailer/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404966, "indicator": "http://alpikaclub.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404967, "indicator": "http://anymax.ru/modules/mod_search/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564608, "indicator": "http://aptguide.3dtour.com/includes/cloudfusion/sc4.class.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405032, "indicator": "http://arsch-anus.com/engine/modules/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564609, "indicator": "http://artem.sataev.com/blog/wp-includes/pomo/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404869, "indicator": "http://artsepid.com/plugin/contact-form/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404937, "indicator": "http://ask.az/chat/cgi-bin/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405033, "indicator": "http://atampy.com/wordpress/wp-includes/pomo/dx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405010, "indicator": "http://baneh2net.com/wp-includes/pomo/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404968, "indicator": "http://basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405103, "indicator": "http://bbpdx.com/includes/xpath/xpath.src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405087, "indicator": "http://blog.iclt.am/wp-includes/pomo/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405043, "indicator": "http://blog.vraert.com/wp-includes/pomo/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405011, "indicator": "http://bukzahid.org.ua/engine/modules/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404978, "indicator": "http://cadlab.ru/components/com_search/com_search.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404956, "indicator": "http://chimesy.com/kurdish/modules/Statistics/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405124, "indicator": "http://coma.nsourcer.com/modules/search/frontend/default/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404980, "indicator": "http://crm.mayanks.com/vtigercrm/modules/Services/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404917, "indicator": "http://dayniilecom.com/index_files/iibka300_files/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404905, "indicator": "http://dominioparayoani.com/wp-includes/pomo/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404892, "indicator": "http://entirenetwork.ru/components/com_search/search.src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404948, "indicator": "http://familienieuwland.com/Schotland_files/_vti_cnf/index2.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404894, "indicator": "http://fasdalf.ru/modules/forum/forum-src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405083, "indicator": "http://finadmition.ru/wp-includes/pomo/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405073, "indicator": "http://forum.unmondeparfait.org/includes/search/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405107, "indicator": "http://geointeres.com/engine/modules/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405024, "indicator": "http://giant99.com/site-admin/pages/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404900, "indicator": "http://grafics.kz/plugins/search/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405089, "indicator": "http://grafics.kz/plugins/search/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404941, "indicator": "http://hq.mission1701.com/include/plugins/search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405069, "indicator": "http://hram-gelendzhik.ru/modules/mod_search/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405061, "indicator": "http://iclt.am/style/default/search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404873, "indicator": "http://ijbeta.com/wp-includes/pomo/dx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564731, "indicator": "http://insurancelower.com/tareas/include/_php.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564732, "indicator": "http://intimit.ru/includes/phpmailer/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564733, "indicator": "http://iqaws.com/catalog/install/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405035, "indicator": "http://ispacs.com/cna/pages.cn/cna_source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564734, "indicator": "http://it-newest.ru/modules/mod_search/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564735, "indicator": "http://joomware.org/modules/mod_search/search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405092, "indicator": "http://ktbits.com/engine/modules/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404969, "indicator": "http://lafollettewines.com/includes/phpInputFilter/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405003, "indicator": "http://lkgames.com/fr/free-game-action-ball-2/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405025, "indicator": "http://medpunkt.biz/includes/modules/FCKeditor/fcksource.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404995, "indicator": "http://mohsenmeghdari.com/includes/exifer1_5/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405023, "indicator": "http://motahariblog.com/core/date/date.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404910, "indicator": "http://motorjo.com/z/j/tiny_mce/plugins/media/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405093, "indicator": "http://naturexperts.com/themes/bluemarine/node.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405079, "indicator": "http://newdawnkenya.com/modules/mod_search/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404998, "indicator": "http://nsourcer.com/modules/menu/menu.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405080, "indicator": "http://ogizni.ru/wp-includes/pomo/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404975, "indicator": "http://ojoobo.com/modules/forum/forum-source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405063, "indicator": "http://peterbogdanov.com/php/phpmailer/phpdoc/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564736, "indicator": "http://photo-23.ru/modules/forum/functions/search.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564737, "indicator": "http://popolnyalka.uz/math/wp-includes/pomo/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564738, "indicator": "http://pornoxxx1.com/engine/ajax/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404874, "indicator": "http://productosmiller.com/includes/modules/iddx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564739, "indicator": "http://radiolocator.ru/includes/domit/dom_xmlrpc_builder_src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404888, "indicator": "http://randallweil.com/cms/tinymce/examples/access.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564740, "indicator": "http://raznyi-content.ru/wp-includes/pomo/idx.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404979, "indicator": "http://rcdm-global.de/plugins/search/content/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564741, "indicator": "http://rchdmtnez.com/modules/mod_search/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405051, "indicator": "http://red-opus.com/_vti_bin/_vti_aut/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405084, "indicator": "http://rosesci.com/mail/q.source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564742, "indicator": "http://roxsuite.com/modules/mod_search/mod_search.src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404993, "indicator": "http://sabioq.com/Connections/_notes/dxml.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405037, "indicator": "http://serviciosglobal.com/TPV/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405059, "indicator": "http://serviciosglobal.com/inc/search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564743, "indicator": "http://shizgara59.ru/wp-includes/pomo/pomo.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404939, "indicator": "http://stalprof.com.ua/includes/domit/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405055, "indicator": "http://strategyofroulette.com/app/usr/usr_src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405111, "indicator": "http://swissitaly.com/includes/phpmailer/class.pop3.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405026, "indicator": "http://tallhoody.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404986, "indicator": "http://thecafe7.com/modules/mod_newsflash/mod_newsflash_idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404901, "indicator": "http://thecafe7.com/modules/mod_whosonline/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564744, "indicator": "http://theluvsite.com/modules/search/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405053, "indicator": "http://topco-co.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404921, "indicator": "http://topstonet.ru/modules/mod_search/source.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564745, "indicator": "http://tripstoasia.com/wp-content/plugins/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405050, "indicator": "http://vamcart.com/modules/system/blocks/system.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404915, "indicator": "http://waytomiracle.com/physics/wp-includes/pomo/src.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405036, "indicator": "http://wildlifehc.org/nest/services/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564746, "indicator": "http://www.activateav.com/wp-includes/pomo/dx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405065, "indicator": "http://www.behrendt-pasewalk.de/blog/wp-content/plugins/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564747, "indicator": "http://www.cetlot.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404875, "indicator": "http://www.cometothetruth.com/cms/tinymce/examples/src.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564748, "indicator": "http://www.cubasitours.com/htmlMimeMail5/ejemplo/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564749, "indicator": "http://www.eriell.com/services/photo/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404960, "indicator": "http://www.expathiring.com/generator/pages/page-index.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564750, "indicator": "http://www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405102, "indicator": "http://www.insigmaus.com/wp-includes/pomo/dx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404862, "indicator": "http://www.intellbet.com/_lib/db_simple/Mysqli.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564751, "indicator": "http://www.jterps.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405014, "indicator": "http://www.kino24.kz/blog/engine/modules/plugin/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564752, "indicator": "http://www.meortemple.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564753, "indicator": "http://www.nahoonservices.com/wp-includes/pomo/idx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405120, "indicator": "http://www.onehellofaride.com/wp-includes/pomo/dsx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564754, "indicator": "http://www.prosperis.com/cms/email/mail.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564755, "indicator": "http://www.prosperis.com/cms/sections/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404884, "indicator": "http://www.recomiendalos.com/inc/eml_templates/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404957, "indicator": "http://www.rscarcare.com/modules/Manufacturers/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564756, "indicator": "http://www.rutravel.com/admin/include/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564757, "indicator": "http://www.sdfgdsdf2354235il.com/inc/eml_templates/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404972, "indicator": "http://www.snow-lab.com/modules/mod_search/tmpl/search.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564758, "indicator": "http://www.soluciones4web.com/wp-includes/pomo/dx.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404938, "indicator": "http://www.suma-shop.ir/modules/sekeywords/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404992, "indicator": "http://xezri.net/chat/etiraf/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405004, "indicator": "http://ytu.am/modules/mod_search/source.php?id=", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564759, "indicator": "554735b6b6b1800312c30affb4aff9cd86ad1b02", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_Energetic_Bear { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_00-26-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"03637d861d1b58863a212d4993fe4d2f\" \n \t\t hash2= \"038707ae48c5db96548aa8853bf8988a\" \n \t\t hash3= \"0443582a0b7f27698eec0aaa85ccf4d3\" \n \t\t hash4= \"05bcca25fe3e1a0e4356916cfe305802\" \n \t\t hash5= \"08bc1dfc6dfb8f50743814b8ec2d3000\" \n \t\t hash6= \"094e63b3e14ca69f261c3695130f7d4e\" \n \t\t hash7= \"0a51c323960139f425ccd83188df96eb\" \n \t\t hash8= \"0a9ae7fdcd9a9fe0d8c5c106e8940701\" \n \t\t hash9= \"0c3ae22a2b7c196cea3b0a46c720c79f\" \n \t\t hash10= \"0ce1af7315a59b162db2a3526ae13ff0\" \n \t\t hash11= \"106d5c778fdb6cc9ae4c4e57c4adabc5\" \n \t\t hash12= \"1080e27b83c37dfeaa0daaa619bdf478\" \n \t\t hash13= \"149d6631ad66a915ca64cb853487337e\" \n \t\t hash14= \"176260be8d712d85435087899a941ee9\" \n \t\t hash15= \"188adb469567fcef3a6fae98d3877bd5\" \n \t\t hash16= \"19de1f992adde4cb22c7ad7472866434\" \n \t\t hash17= \"1d6b11f85debdda27e873662e721289e\" \n \t\t hash18= \"28b5dba21cb3ad1f1c659cfbcac8f5f5\" \n \t\t hash19= \"294a393eb4bb474ee4089d4228dee0d9\" \n \t\t hash20= \"2ad96c6eced12e76c45ac0e81cb7a526\" \n \t\t hash21= \"2b846203387b5d3985d7cd7e5b08ada4\" \n \t\t hash22= \"2e39e7bd5d566893fe3df0c7e145d83a\" \n \t\t hash23= \"34dfc78cb68213ff25d6fb426a3665ed\" \n \t\t hash24= \"36228593bb258ddd0a385dea5d770a8b\" \n \t\t hash25= \"39a7da76126aa097efe80f83f469f2c2\" \n \t\t hash26= \"3a922a167415d3e5abcaca21f6de0b3a\" \n \t\t hash27= \"3be007dd6616cd2147af73777edac417\" \n \t\t hash28= \"3cc770e20f45626e7bd7d0645f1264f9\" \n \t\t hash29= \"3f1fe2e5b3b8aac8f86d7363b92c71e0\" \n \t\t hash30= \"3f67bad86fb911ca4ab29bda9be1f1e7\" \n \t\t hash31= \"4102f370aaf46629575daffbd5a0b3c9\" \n \t\t hash32= \"418bfc05240ec86b91181f38bd751ccb\" \n \t\t hash33= \"4200bcaaa71d7c6e3f00bae88d576f2a\" \n \t\t hash34= \"44033c271dc323ffb6ac158e8220ff8a\" \n \t\t hash35= \"44652b7ac9cabecbe34364dea33d09e3\" \n \t\t hash36= \"471896be829b9a48a1256d2e65b66282\" \n \t\t hash37= \"4b095643f65a1dd876c01dd6b841493b\" \n \t\t hash38= \"4f7d8fb908c7ba76a2f6655cadb7ddc7\" \n \t\t hash39= \"51502d7d6d188ad87213ca5942f232cf\" \n \t\t hash40= \"55bcc745895af1c6f459750b740cd628\" \n \t\t hash41= \"56fc63042b5539d9f2ab2fcfd01cf998\" \n \t\t hash42= \"5c0dd3c31b2ebd2ae4adfdabe247d1c5\" \n \t\t hash43= \"5c37059ac24031745b99cd62b8cc200d\" \n \t\t hash44= \"635821f2e915c3534d1865725b45af9a\" \n \t\t hash45= \"666a43f1b710a4e8b8d2a97118e7af06\" \n \t\t hash46= \"6807138f242b08e0310dca0d3004140e\" \n \t\t hash47= \"68a5f818c807a73466041c6d2593d873\" \n \t\t hash48= \"6a78052d3f9eb96acec8f1b647050525\" \n \t\t hash49= \"6b1b40b5b9eeb38eb548a50e59bfbb6b\" \n \t\t hash50= \"6bfc42f7cb1364ef0bfd749776ac6d38\" \n \t\t hash51= \"6d67262c09c19d676aa6f73be19d181b\" \n \t\t hash52= \"6f26aa8f74da02c4b13af1560ad158fe\" \n \t\t hash53= \"71c097357affb0bcffcf6307a9f3d5b3\" \n \t\t hash54= \"7218f41670107e58971223c9880923ca\" \n \t\t hash55= \"73dd306044e5c2dc2b713328f415096d\" \n \t\t hash56= \"75a63d9b3378abe997b80a8effb9654d\" \n \t\t hash57= \"78c6551e85a8d4788ea7b2bf138e4fde\" \n \t\t hash58= \"7b28d8a54fc15a96b8da49dd3fcc1dae\" \n \t\t hash59= \"81b0eb1c665ff0d57263040632764cad\" \n \t\t hash60= \"875b0702ef3cc2d909ecf720bb4079c2\" \n \t\t hash61= \"879f04b0cd5ea72fb34b8ca7d1a9d5dd\" \n \t\t hash62= \"881af5234f3107e96ad1a9a60056d4a1\" \n \t\t hash63= \"88a13d7d3398f5c388089a9b3e92eb65\" \n \t\t hash64= \"8a35fea299b2ec9b16bce86f01a1ba38\" \n \t\t hash65= \"8bf9eef3ae42ad998e7948035117c37a\" \n \t\t hash66= \"8e8fbb8de350882a77599bccc5c1ef6a\" \n \t\t hash67= \"8f6da02534186226e11749ca54450006\" \n \t\t hash68= \"8f8471acff7e18f61dc2def2bc353574\" \n \t\t hash69= \"92f584ca90d0f242fecb14235c505119\" \n \t\t hash70= \"93f121983ec74731c3af1f966395ded8\" \n \t\t hash71= \"979464521c927226ac683ec4c88c6218\" \n \t\t hash72= \"9878cf9e6b555470d3a2ae25cc2ec7f5\" \n \t\t hash73= \"9a2ae074419c019aac28d5fa02a95849\" \n \t\t hash74= \"9cc5d4b3b9ae503fabb56cd114211ae1\" \n \t\t hash75= \"9d897336c0ebee45d51dc2e8c8444c39\" \n \t\t hash76= \"9e5cf794fe50442c8b8fb6b132507d41\" \n \t\t hash77= \"a1740aa640d38783113498d8c3b53c20\" \n \t\t hash78= \"a1bf39cec32e5cd41170722ee0a2a4c2\" \n \t\t hash79= \"a75d7a68da32fdd4954ea74e2e95352c\" \n \t\t hash80= \"a79ba17784e0183120cee6dfbf49e476\" \n \t\t hash81= \"ab977ad5550ff745edc2aa70c4ba3b01\" \n \t\t hash82= \"acd25fab4f920de8e6ab8a6e38a591cd\" \n \t\t hash83= \"b146d70132f44cc0229354a6c448dde9\" \n \t\t hash84= \"b2a88f7e5e2c45b9d624019e6b20be72\" \n \t\t hash85= \"b2fb91d0d5aa76630e6b1819021a0e60\" \n \t\t hash86= \"b42296359ebcd003e3064fe33ba4eec7\" \n \t\t hash87= \"b61d0080133fe0910048cf811ed7d049\" \n \t\t hash88= \"b662660b6e6e3cc24ae7fefcb7edb4e8\" \n \t\t hash89= \"b7a6f203da2a8fe289465c71351e029a\" \n \t\t hash90= \"ba3272410c091320f145e1324b0f7ae0\" \n \t\t hash91= \"ba8da708b8784afd36c44bb5f1f436bc\" \n \t\t hash92= \"bc175f186cbfadffbaddff7adb2f1cac\" \n \t\t hash93= \"bda42195bd9bb32b50a88b6a31f9a1e7\" \n \t\t hash94= \"bddd4e2b84fa2ad61eb065e7797270ff\" \n \t\t hash95= \"be30d12507c220c2c0944ad0623a02e6\" \n \t\t hash96= \"c209ba19628173c84d54316af28ac54d\" \n \t\t hash97= \"c6cd8ca870dc15999ee858981eb322ab\" \n \t\t hash98= \"c839220da67b00963276d95cafe176c1\" \n \t\t hash99= \"c83ed3fcf47b9fd327233efcf80f7810\" \n \t\t hash100= \"c88ad88125757a2e76a98f3137e4a048\" \n \t\t hash101= \"cac9802d99e36b04da32680cc4955c22\" \n \t\t hash102= \"cfceef37dd8338f11a022f9afce0c451\" \n \t\t hash103= \"d0b34a66a63a00425e9fa0adb02b2842\" \n \t\t hash104= \"d153b77e32901546849ec44a71227694\" \n \t\t hash105= \"d2b05031f9dfb300d88305376cefc2ab\" \n \t\t hash106= \"d2fd01e25fbfa28b6c61548b3d1e68fe\" \n \t\t hash107= \"d4ae9eb1a009aa60096d0c662db02d54\" \n \t\t hash108= \"d532eb6835126e53e7ae491ae29fd8b3\" \n \t\t hash109= \"d610b84def0f32e139cd4e852f34882f\" \n \t\t hash110= \"d844b2434aab1d73078d2f729393638f\" \n \t\t hash111= \"d87b3a4dec9e059503193f9e4f54c57a\" \n \t\t hash112= \"d985dec3ee9e99ad3a2c9c8237e74772\" \n \t\t hash113= \"dae25368fc5742fe8e770658fb8c747f\" \n \t\t hash114= \"db6adb2765915346799d9f21329eaf80\" \n \t\t hash115= \"dd6cab90d45bad6378160dba9ea742e4\" \n \t\t hash116= \"ddbd1ecfd473ef77ef63b2e94b1c8e44\" \n \t\t hash117= \"e1aab3f34dce501546a83d08cd956eaa\" \n \t\t hash118= \"e85c8feed568eff781dfd185f3f6e4c9\" \n \t\t hash119= \"e8b9d2e83ef757a6ad6fea28dfe8a0ae\" \n \t\t hash120= \"e8e94430093fb159161b20485970dacb\" \n \t\t hash121= \"e932ec2d100968987c3d7520688a1408\" \n \t\t hash122= \"eaa3391b1e8af72e0e9aff96ae12a758\" \n \t\t hash123= \"eb0dacdc8b346f44c8c370408bad4306\" \n \t\t hash124= \"eb883545fb2757a875b192779d06b0c6\" \n \t\t hash125= \"ec23ff3932191a8e091c5aec3652b610\" \n \t\t hash126= \"f0f36f6c1f5d3ff37ac9ed9adf94cca2\" \n \t\t hash127= \"f1641106efc438564dcb285d5ca8c336\" \n \t\t hash128= \"f27b0469a9f5d75437bdd2e782033d21\" \n \t\t hash129= \"f282255cff4eab6714bed3fb55577010\" \n \t\t hash130= \"f549a310572a8ead930f8fb4008eb02f\" \n \t\t hash131= \"f9fd935b8e70dce6cfd72716050ad41e\" \n \t\t hash132= \"fd6edc9082dcb2bf1b324b3a0cba2062\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5265882854508EFCF958F979E4\" fullword wide \n \t\t $s2= \"7adharat.com/forum/includes/search/index_search.php?id=\" fullword wide \n \t\t $s3= \"abainternationaltoursandtravel.com/hiking_Safaris/source.php?id=\" fullword wide \n \t\t $s4= \"Accept-Encoding: gzip,deflate,bzip2,sdch\" fullword wide \n \t\t $s5= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s6= \"adultfriendfrance.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s7= \"adultfriendgermany.com/wp-includes/pomo/source.php\" fullword wide \n \t\t $s8= \"adultfrienditaly.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s9= \"alexvernigor.com/includes/phpmailer/source.php?id=\" fullword wide \n \t\t $s10= \"al-mashkoor.com/php/mail/source.php?id=\" fullword wide \n \t\t $s11= \"alpikaclub.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $s12= \"anymax.ru/modules/mod_search/source.php\" fullword wide \n \t\t $s13= \"aptguide.3dtour.com/includes/cloudfusion/sc4.class.php?id=\" fullword wide \n \t\t $s14= \"arsch-anus.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s15= \"artem.sataev.com/blog/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s16= \"artsepid.com/plugin/contact-form/source.php?id=\" fullword wide \n \t\t $s17= \"ask.az/chat/cgi-bin/source.php\" fullword wide \n \t\t $s18= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s19= \"baneh2net.com/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s20= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s21= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s22= \"blog.iclt.am/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s23= \"blog.vraert.com/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s24= \"bukzahid.org.ua/engine/modules/src.php?id=\" fullword wide \n \t\t $s25= \"cadlab.ru/components/com_search/com_search.php\" fullword wide \n \t\t $s26= \"chimesy.com/kurdish/modules/Statistics/source.php?id=\" fullword wide \n \t\t $s27= \"coma.nsourcer.com/modules/search/frontend/default/src.php?id=\" fullword wide \n \t\t $s28= \"Content-Type: application/x-www-form-urlencoded\" fullword wide \n \t\t $s29= \"Control PanelInternational\" fullword wide \n \t\t $s30= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s31= \"crm.mayanks.com/vtigercrm/modules/Services/source.php?id=\" fullword wide \n \t\t $s32= \"dayniilecom.com/index_files/iibka300_files/source.php?id=\" fullword wide \n \t\t $s33= \"dominioparayoani.com/wp-includes/pomo/source.php?id=\" fullword wide \n \t\t $s34= \"entirenetwork.ru/components/com_search/search.src.php\" fullword wide \n \t\t $s35= \"familienieuwland.com/Schotland_files/_vti_cnf/index2.php?id=\" fullword wide \n \t\t $s36= \"fasdalf.ru/modules/forum/forum-src.php\" fullword wide \n \t\t $s37= \"finadmition.ru/wp-inc", "title": "", "description": "APTMalware_Energetic_Bear Group", "expiration": null, "is_active": 1 }, { "id": 404766, "indicator": "7adharat.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404823, "indicator": "abainternationaltoursandtravel.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404840, "indicator": "adultfriendfrance.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404784, "indicator": "adultfriendgermany.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404758, "indicator": "adultfrienditaly.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404790, "indicator": "al-mashkoor.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404748, "indicator": "alexvernigor.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404782, "indicator": "alpikaclub.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404777, "indicator": "anymax.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404808, "indicator": "arsch-anus.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404838, "indicator": "artsepid.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404755, "indicator": "atampy.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404778, "indicator": "baneh2net.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404817, "indicator": "bbpdx.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404815, "indicator": "bukzahid.org.ua", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404833, "indicator": "cadlab.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404759, "indicator": "chimesy.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404794, "indicator": "dayniilecom.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404761, "indicator": "dominioparayoani.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404851, "indicator": "entirenetwork.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404771, "indicator": "familienieuwland.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404767, "indicator": "fasdalf.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404796, "indicator": "finadmition.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404749, "indicator": "geointeres.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404826, "indicator": "giant99.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404836, "indicator": "grafics.kz", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404807, "indicator": "hram-gelendzhik.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663682394, "indicator": "iclt.am", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404825, "indicator": "ijbeta.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404795, "indicator": "insurancelower.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404797, "indicator": "intimit.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404801, "indicator": "iqaws.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404785, "indicator": "ispacs.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564760, "indicator": "it-newest.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404753, "indicator": "joomware.org", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404800, "indicator": "ktbits.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404745, "indicator": "lafollettewines.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404776, "indicator": "lkgames.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404813, "indicator": "medpunkt.biz", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404841, "indicator": "mohsenmeghdari.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404844, "indicator": "motahariblog.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404832, "indicator": "motorjo.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404843, "indicator": "naturexperts.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404805, "indicator": "newdawnkenya.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2132659310, "indicator": "nsourcer.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404774, "indicator": "ogizni.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404827, "indicator": "ojoobo.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564761, "indicator": "pages.cn", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404799, "indicator": "peterbogdanov.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564762, "indicator": "photo-23.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404853, "indicator": "popolnyalka.uz", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404818, "indicator": "pornoxxx1.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404811, "indicator": "productosmiller.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404750, "indicator": "radiolocator.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404746, "indicator": "randallweil.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404773, "indicator": "raznyi-content.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404858, "indicator": "rcdm-global.de", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404781, "indicator": "rchdmtnez.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404769, "indicator": "red-opus.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404848, "indicator": "rosesci.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 491550, "indicator": "roxsuite.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404860, "indicator": "sabioq.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404762, "indicator": "serviciosglobal.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564763, "indicator": "shizgara59.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404793, "indicator": "stalprof.com.ua", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404798, "indicator": "strategyofroulette.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404834, "indicator": "swissitaly.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404828, "indicator": "tallhoody.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404780, "indicator": "thecafe7.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404791, "indicator": "theluvsite.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404802, "indicator": "topco-co.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404809, "indicator": "topstonet.ru", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404842, "indicator": "tripstoasia.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404845, "indicator": "vamcart.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404824, "indicator": "waytomiracle.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404779, "indicator": "wildlifehc.org", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 404835, "indicator": "xezri.net", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405202, "indicator": "aptguide.3dtour.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405154, "indicator": "artem.sataev.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405203, "indicator": "basecamp.turbomilk.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405198, "indicator": "blog.iclt.am", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405189, "indicator": "blog.vraert.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405135, "indicator": "coma.nsourcer.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405171, "indicator": "crm.mayanks.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405186, "indicator": "forum.unmondeparfait.org", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405170, "indicator": "hq.mission1701.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405201, "indicator": "www.activateav.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405180, "indicator": "www.behrendt-pasewalk.de", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405167, "indicator": "www.cetlot.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405187, "indicator": "www.cometothetruth.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405193, "indicator": "www.cubasitours.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405139, "indicator": "www.eriell.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405153, "indicator": "www.expathiring.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405168, "indicator": "www.idweb.ru", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405165, "indicator": "www.insigmaus.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405182, "indicator": "www.intellbet.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405131, "indicator": "www.jterps.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405199, "indicator": "www.kino24.kz", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405183, "indicator": "www.meortemple.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405158, "indicator": "www.nahoonservices.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405128, "indicator": "www.onehellofaride.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405169, "indicator": "www.prosperis.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405196, "indicator": "www.recomiendalos.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405126, "indicator": "www.rscarcare.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405129, "indicator": "www.rutravel.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405149, "indicator": "www.sdfgdsdf2354235il.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405146, "indicator": "www.snow-lab.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405148, "indicator": "www.soluciones4web.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 405174, "indicator": "www.suma-shop.ir", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360564764, "indicator": "http://www.splashup.com/splashup/", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "HTML document, ASCII text, with CRLF line terminators", "description": "8cf065293ca696f2560a8dde153a0ddd3144a32a9c3f10a82caf58d6e0b64c3c", "expiration": null, "is_active": 1 }, { "id": 5645945, "indicator": "00d8dd7ec8545134bdc2527b4190078b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645947, "indicator": "033d922f3f56f9ea7c976f31107e366a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486254, "indicator": "04461ee7c724b6805820df79e343aa49", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645951, "indicator": "058efdf7d94c5da920a3c32cbadac2d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "", "expiration": null, "is_active": 1 }, { "id": 2615070, "indicator": "17c99725043fa1573fd650e57c3c75d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614218, "indicator": "1ec49ae6d535bfb3789d498f4fd0224f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486277, "indicator": "2024679f61cf9ab60342eca58360737f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645973, "indicator": "25102d64dbc9b6495c5713f3178dd7f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486283, "indicator": "268d17f3763246ac27de7dc8024f23fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645975, "indicator": "26b7b5d019d7500efdb866f1d20d2000", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Garveep.E, Win32/Roficor.A, Garveep", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614963, "indicator": "3165b7472a9dd45cde49538561cba59f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "", "expiration": null, "is_active": 1 }, { "id": 2636321, "indicator": "326b44e73fccece89326fd865da61f7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645985, "indicator": "3f39c6dea5311167cc7ff62befd4ea7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486470, "indicator": "4d840625c5ca9a4f1cbd35d4b1ca2452", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646004, "indicator": "5cb91f0c3a1452176007dcc594ec02ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646011, "indicator": "6bb1a12416c92f5ef12947e2dc5748f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646013, "indicator": "6de1b481ae52fbacd7db84789a081b74", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629687, "indicator": "82ab0b8246c6677f9866b17794b72e2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646023, "indicator": "864cd4a59215a7db2740dfbe4a648053", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Garveep", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646025, "indicator": "8f7a7d003cafa56c63e9402f553f9521", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614723, "indicator": "9a0963dbee2361fa9cebaa6e0e517774", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487064, "indicator": "b7d1c3a03e92b24e9052e75ea381ea4a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487069, "indicator": "c12fe91f0c39c2460ea304ffc250918d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "", "expiration": null, "is_active": 1 }, { "id": 3254614100, "indicator": "0d55b66b0416ff1093187d9a68724b80c72ed88d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA1 of 6bb1a12416c92f5ef12947e2dc5748f9", "expiration": null, "is_active": 1 }, { "id": 3254635834, "indicator": "11da63eb6dd66c0829052db78598d6a71ecc554f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA1 of 4d840625c5ca9a4f1cbd35d4b1ca2452", "expiration": null, "is_active": 1 }, { "id": 3254628372, "indicator": "1368af1819e7ecaf9186072affa5176a9b07500f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA1 of 17c99725043fa1573fd650e57c3c75d3", "expiration": null, "is_active": 1 }, { "id": 1593602824, "indicator": "23eda5538d21e678e32919bf61330be6a7b85866", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA1 of 3165b7472a9dd45cde49538561cba59f\nSHA1 of 3165b7472a9dd45cde49538561cba59f", "expiration": null, "is_active": 1 }, { "id": 3254632461, "indicator": "2d1c383143c39ca05cecbef35004bf9085d1d742", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA1 of 00d8dd7ec8545134bdc2527b4190078b", "expiration": null, "is_active": 1 }, { "id": 3254625792, "indicator": "3670e86d024ccecc39c2a237d550b2ce7e7d95b1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Garveep", "description": "SHA1 of 864cd4a59215a7db2740dfbe4a648053", "expiration": null, "is_active": 1 }, { "id": 3254620764, "indicator": "3a0078d34029f2949d726ccffb429df300a49935", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA1 of 3f39c6dea5311167cc7ff62befd4ea7e\nSHA1 of 3f39c6dea5311167cc7ff62befd4ea7e", "expiration": null, "is_active": 1 }, { "id": 3254606842, "indicator": "3ba5d0d7cb62f822368c71e6eea8d4d134586532", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA1 of 8f7a7d003cafa56c63e9402f553f9521", "expiration": null, "is_active": 1 }, { "id": 3254616349, "indicator": "5999ee59499e8df41c8d5a631bfd536b9152929c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA1 of 2024679f61cf9ab60342eca58360737f", "expiration": null, "is_active": 1 }, { "id": 3254622911, "indicator": "62b1340b64ef6ef9e500c249385f304d7ba20ba4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA1 of c12fe91f0c39c2460ea304ffc250918d", "expiration": null, "is_active": 1 }, { "id": 3254619364, "indicator": "687b801a91383a1d3c7977e5cb27c68c7fbb83a8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA1 of 268d17f3763246ac27de7dc8024f23fa", "expiration": null, "is_active": 1 }, { "id": 3254629945, "indicator": "779c363d6bf580dba670e585a1e6a150697e7337", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA1 of 25102d64dbc9b6495c5713f3178dd7f1\nSHA1 of 25102d64dbc9b6495c5713f3178dd7f1", "expiration": null, "is_active": 1 }, { "id": 3254608614, "indicator": "7d3245a9383329d138cee72c704d9194ead682ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA1 of 033d922f3f56f9ea7c976f31107e366a", "expiration": null, "is_active": 1 }, { "id": 3254627805, "indicator": "80c609720d1c3696a5e3b7343d2722772a4bab51", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA1 of 1ec49ae6d535bfb3789d498f4fd0224f\nSHA1 of 1ec49ae6d535bfb3789d498f4fd0224f", "expiration": null, "is_active": 1 }, { "id": 3254640666, "indicator": "8789d9f98ecb9cf93e121c78bf84dd0f07b4de1a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA1 of 82ab0b8246c6677f9866b17794b72e2d", "expiration": null, "is_active": 1 }, { "id": 3254636645, "indicator": "8ee1b9a665b4c4a71f98dac6a0b14330314991ef", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Garveep.E, Win32/Roficor.A, Garveep", "description": "SHA1 of 26b7b5d019d7500efdb866f1d20d2000", "expiration": null, "is_active": 1 }, { "id": 3254599574, "indicator": "9fd2e4e16a379b9364b25b486690abaa2f2475c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA1 of 326b44e73fccece89326fd865da61f7f", "expiration": null, "is_active": 1 }, { "id": 3254635699, "indicator": "b14b6d57a54f34367f595833967a44176e20c3ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA1 of b7d1c3a03e92b24e9052e75ea381ea4a", "expiration": null, "is_active": 1 }, { "id": 3254610047, "indicator": "ce57e820b6dd76a8aa0ff3c99a21768a87285ecb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA1 of 058efdf7d94c5da920a3c32cbadac2d0", "expiration": null, "is_active": 1 }, { "id": 3254639603, "indicator": "d5859d3f88287dab56b848acc0ec39a80922d40f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA1 of 6de1b481ae52fbacd7db84789a081b74", "expiration": null, "is_active": 1 }, { "id": 3254640055, "indicator": "d5ee88f37d337e3ee44fc049da89bad50fac374a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA1 of 5cb91f0c3a1452176007dcc594ec02ce\nSHA1 of 5cb91f0c3a1452176007dcc594ec02ce", "expiration": null, "is_active": 1 }, { "id": 3254607881, "indicator": "dd315a00a37dbad7465dafb6bd70dd34a389e908", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA1 of 04461ee7c724b6805820df79e343aa49", "expiration": null, "is_active": 1 }, { "id": 3254612230, "indicator": "efa499354b533739c7ab867a29e3c5003cfec259", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA1 of 9a0963dbee2361fa9cebaa6e0e517774", "expiration": null, "is_active": 1 }, { "id": 2658302961, "indicator": "00f60edc9acb15a56d49296418a018da4fd7477315e943a8eed26f8c3b6e8651", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA256 of 17c99725043fa1573fd650e57c3c75d3", "expiration": null, "is_active": 1 }, { "id": 3254612231, "indicator": "014d68b2e2dc957c6b6fdabcd754780cf8f5aa223f38c31fd47d713d9cfd21f7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA256 of 9a0963dbee2361fa9cebaa6e0e517774", "expiration": null, "is_active": 1 }, { "id": 2697087922, "indicator": "3b4febef59033c09e0f7136670d1bcb3874379b8fa8621ecd78e11da303a2585", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA256 of 3f39c6dea5311167cc7ff62befd4ea7e\nSHA256 of 3f39c6dea5311167cc7ff62befd4ea7e", "expiration": null, "is_active": 1 }, { "id": 1593602823, "indicator": "402a8e7c29135edeed5936c7b5d3524f095bdab37658999fc3fa636b6b38e027", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA256 of 3165b7472a9dd45cde49538561cba59f\nSHA256 of 3165b7472a9dd45cde49538561cba59f", "expiration": null, "is_active": 1 }, { "id": 3254635700, "indicator": "4a6bc09f95104718232449d85f7442c954a0ad8821fea2e62d74a1dc3b53d535", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA256 of b7d1c3a03e92b24e9052e75ea381ea4a", "expiration": null, "is_active": 1 }, { "id": 2688906717, "indicator": "4b44f3b2644278620283953593072306aa9e15693a3f2de5f38f61bfa46d1517", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA256 of 25102d64dbc9b6495c5713f3178dd7f1\nSHA256 of 25102d64dbc9b6495c5713f3178dd7f1", "expiration": null, "is_active": 1 }, { "id": 3254640056, "indicator": "5d0e080fb7b6541c020f110be64e7f106fa6fe0ab1cc65d2d39cf2435781e7b7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA256 of 5cb91f0c3a1452176007dcc594ec02ce\nSHA256 of 5cb91f0c3a1452176007dcc594ec02ce", "expiration": null, "is_active": 1 }, { "id": 3254627806, "indicator": "5f23a3442fa4515ebba8e24f2254b52b3e4b000f12843a4f612da65de38db1de", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA256 of 1ec49ae6d535bfb3789d498f4fd0224f\nSHA256 of 1ec49ae6d535bfb3789d498f4fd0224f", "expiration": null, "is_active": 1 }, { "id": 2697247396, "indicator": "69049aac5caba2e8b4adbb47bcb6c80887ddde702e2e51f181d79b3661ac2101", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA256 of 8f7a7d003cafa56c63e9402f553f9521", "expiration": null, "is_active": 1 }, { "id": 3254616350, "indicator": "8582ad6a157bbd9e483a334ccf8e6c417db6b23587904549fbc89089979b395b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA256 of 2024679f61cf9ab60342eca58360737f", "expiration": null, "is_active": 1 }, { "id": 431200672, "indicator": "86af764b489e838982a4c5c1685ec3b43781d8b76c1ecda6edc238cfd7ee61d5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA256 of 033d922f3f56f9ea7c976f31107e366a", "expiration": null, "is_active": 1 }, { "id": 431160811, "indicator": "9bc2309d5e391dd14c2948c55551105572ec0ae5cfc1f31bbd767b171a0bc99f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA256 of 4d840625c5ca9a4f1cbd35d4b1ca2452", "expiration": null, "is_active": 1 }, { "id": 2798576300, "indicator": "a6dde34a97c90c12400c1db92ea43b291a4736670324067f7a0b0c5c6a77000b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Garveep", "description": "SHA256 of 864cd4a59215a7db2740dfbe4a648053", "expiration": null, "is_active": 1 }, { "id": 3254640667, "indicator": "ab478166ea93e9dac3e37a9ad7457aa58249046003238e3b3bc5b9b45b09d7a8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim, Hiloti", "description": "SHA256 of 82ab0b8246c6677f9866b17794b72e2d", "expiration": null, "is_active": 1 }, { "id": 3254622912, "indicator": "b09d6ef6c8608adabf1c540407fef37e69da3d939daeaf7868e3802043ee7615", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux", "description": "SHA256 of c12fe91f0c39c2460ea304ffc250918d", "expiration": null, "is_active": 1 }, { "id": 431200671, "indicator": "b1a26fec4b71446f5f12ddfd7d714fb5d452ba065e768ead0ed22778b3d10645", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA256 of 058efdf7d94c5da920a3c32cbadac2d0", "expiration": null, "is_active": 1 }, { "id": 3254599575, "indicator": "b2d9ca6d886cc64b206036b94241fd0d8599978ef43b9d48913e36ec3384a5c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA256 of 326b44e73fccece89326fd865da61f7f", "expiration": null, "is_active": 1 }, { "id": 3254636646, "indicator": "bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32/Garveep.E, Win32/Roficor.A, Garveep", "description": "SHA256 of 26b7b5d019d7500efdb866f1d20d2000", "expiration": null, "is_active": 1 }, { "id": 3254639604, "indicator": "e551b11266a2734c8dba4d72224185ae728fa372b90a4e736bd49d2f0b52822b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Tapaoux, Hiloti", "description": "SHA256 of 6de1b481ae52fbacd7db84789a081b74", "expiration": null, "is_active": 1 }, { "id": 3254607882, "indicator": "f47508db8224c783dc4b078a7c15ed1c9b46a0cde80314fd75ff07237597e313", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA256 of 04461ee7c724b6805820df79e343aa49", "expiration": null, "is_active": 1 }, { "id": 3254614101, "indicator": "f7d1ce7807bda75a7198f3e918e73fa984d7d309d4107740899d58840eedeb88", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "W32.Nemim", "description": "SHA256 of 6bb1a12416c92f5ef12947e2dc5748f9", "expiration": null, "is_active": 1 }, { "id": 3254619365, "indicator": "fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA256 of 268d17f3763246ac27de7dc8024f23fa", "expiration": null, "is_active": 1 }, { "id": 431200673, "indicator": "ffa97eb4875129646376bc88e9ff99ffeff2c6bba3a06f6727d5f343fc7f6b51", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TROJ_MOTMOT.CI", "description": "SHA256 of 00d8dd7ec8545134bdc2527b4190078b", "expiration": null, "is_active": 1 }, { "id": 5645944, "indicator": "000c907d39924de62b5891f8d0e03116", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486249, "indicator": "00ca5c0558dc9eba1a8a4dd639e74899", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645946, "indicator": "0183bac55ebfad2850a360d6cd93d941", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614121, "indicator": "01cbd90ba5cf7e9595b208e4ca2d2d15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486250, "indicator": "01d09407d09355a821ba23ffb58ec40d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2615087, "indicator": "032a7c67332a3abf6da179ed265e6e04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "", "expiration": null, "is_active": 1 }, { "id": 96368, "indicator": "0367f890595cf28c6c195dfabae53ba5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614634, "indicator": "0393036f35a7102a34fadfd77680b292", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486252, "indicator": "0396f7af9842dc5c8c0df1a44c01068c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645948, "indicator": "03a611a8c2f84e26c7b089d3f1640687", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486253, "indicator": "03d35ef3fdf353fe4dc65f3d11137172", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127369, "indicator": "043c84cef3e011e3dc731d643a205f4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645949, "indicator": "043d308bfda76e35122567cf933e1b2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2615065, "indicator": "043f0dcea6f6fbd1305571e6bf0fa78c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645950, "indicator": "05059c5a5e388e36eed09a9f8093db92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486255, "indicator": "061e3d50125dc78c86302b7cfa7e4935", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Riberow.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645952, "indicator": "06206fe97fed0f338fd02cb39ed63174", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614105, "indicator": "06ac12b8c51aec71cefcf8a507d82ce4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127396, "indicator": "08a41624e624d8fb26eeed7a3b1f5009", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645953, "indicator": "08b04d6ef94d2764bfafd1457eb0d2a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486257, "indicator": "09e7b0ecd5530b8e87190dee0f362e13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486259, "indicator": "0b6caacd4081d3b18e847a40c1b6a7f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645955, "indicator": "0b727001dfc90cc354bd2ccabe3c23a5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645956, "indicator": "0bd1677c0691c8a3c7327bf93b0a9e59", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486260, "indicator": "0bfbd26a1a6e3349606d37a8ece04627", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 96301, "indicator": "0bfc8e7fa0b026a8bf51bbea3d766890", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486262, "indicator": "0d3e3fd44faa32e0d83b02c8b7cff49c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645957, "indicator": "0d48f948b3c47d0c08e8ee026b8f4670", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645958, "indicator": "0d75157d3f7fbf13264df3f8a18b3905", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.H", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486263, "indicator": "0fb91846ab9a4e9667c81154829f888b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614829, "indicator": "0fe3daf9e8b69255e592c8af97d24649", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629972, "indicator": "101244381e0590adecf5f2b18d1b6042", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486264, "indicator": "11e85a6e127802204561b6996d4224b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645959, "indicator": "121a9ea93f3ed16a1b191187b16b7592", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanProxy:Win32/Roficor.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486265, "indicator": "12b88e36170472413a49ae71b1ac9a33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645960, "indicator": "12df4869b3a885d71c8e871f1a1b0fde", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486266, "indicator": "1300244219cb756df01536692edebdbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645961, "indicator": "131c5f8e98605f9d8074ca02fd1b9c34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486267, "indicator": "131c625a92dc721c5d4dae3fb65591fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pabosp", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645962, "indicator": "140b27db7d156d6a63281e1f6fc6075d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486269, "indicator": "15097b11e3898cb0be995e44a79431f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645963, "indicator": "151115ddf1cd4b474a9106cfebcb82e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614271, "indicator": "16139ce9025274a388a4281fef65049e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645964, "indicator": "16e378d5f0a15fbd521b087c0951a2ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486271, "indicator": "173abb95e39f03415cd95b76e8a2f58f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486272, "indicator": "175aa0d1bdebfa60de29b90ab2c62189", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645966, "indicator": "178f7fe2d3a2bda46c0e78f679ca5a62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645967, "indicator": "18527b303c0afe91f5ae86d34b52eb29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486274, "indicator": "1971ee25847d246116835c7157cf7f89", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127502, "indicator": "1b0c2c6c19404112306a78ecf366f90b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630301, "indicator": "1bfc1b606fc8aa85e1094b01b08eafd6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645969, "indicator": "1d399370e82b314ba20c21ff4ee82205", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127520, "indicator": "1ee6676e122fcd22e80b6ae0dc40c979", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614569, "indicator": "1ef21e634f9779280710e87ff17a83af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127521, "indicator": "1f29ec5ab8a7c2ccda21576f29cbb13b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486275, "indicator": "1f9d915d331f7e363c39108f41145c44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645970, "indicator": "1fcaa239cf4d627078179f6de299f320", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629964, "indicator": "216088053dac46fcd95938568c469fa6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645971, "indicator": "21ba9d9d914d8140c1e34030e84213f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486279, "indicator": "236df260f858f9a6ca056bcdec6f754f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645972, "indicator": "2431db868ebec1b967f5ad38abfd95c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127540, "indicator": "255f7842c6f07a6a1500a30fb4d27d54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645974, "indicator": "2600671b87dedbb50ca728285eb141b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614260, "indicator": "275e0786b6294ffd05f45df435df842c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645976, "indicator": "27db26077f849e26ba89fcafd2f0db92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486284, "indicator": "27f2f32ba938b1747f28ffdd2f56c691", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645977, "indicator": "2802c47b48cced7f1f027f3b278d6bb3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "JS:Pdfka-ANQ\\ [Expl]", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486449, "indicator": "28b1569109fcae8cfcdcfbe9c4431b66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486450, "indicator": "29d76d34d8878f7ac703837ec774f26a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645978, "indicator": "2aac9d340620da09d96929ba570978c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 132127559, "indicator": "2b443cc331fec486a6ccbcfcd92e76a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614909, "indicator": "2be3a8dd0059e291022ad32bbce0e5d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645979, "indicator": "3260c9f881eb815b7ef3f5f295fc5174", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645980, "indicator": "35994a29128c08bed6f5d4aad28f102b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645981, "indicator": "35a15355c96be225507ebed1ec434d57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486456, "indicator": "35cd5ca2e33400a67345b00ef6db3ff6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486457, "indicator": "378177ddc1fd7d213b79c033da26327d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645982, "indicator": "38b919f37501fc3d54f8f1b956448a92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645983, "indicator": "3961cab50c32e8f32fe45836b9715ce5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630270, "indicator": "39fc4a3ea44ab9822ed5e77808803727", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645984, "indicator": "3e38b8ccd38682ad4ec1f0fcfc1fb16a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645986, "indicator": "40591b4ba82e0347b33098f6652640d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645987, "indicator": "41b816289a6a639f7f2a72b6c9e6a695", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486462, "indicator": "4286ee45e9fcc2db3ddfad38426b7f50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486463, "indicator": "428eb3305d4d4c9a8831e1d54160ed65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645988, "indicator": "42a3bb917778454fa96034ad4fb17832", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486464, "indicator": "42b9fea2ec56a90cefeecee3c84aade0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645989, "indicator": "436b853cbc87ba3a99131ce2d64a512d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486465, "indicator": "44300d48fccd5aaf27f4c863421c0d47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645990, "indicator": "44e520bec8a3e35f6f6ad52e97911e14", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486466, "indicator": "45a4c8c01ec94e1db83b86e05dc9e851", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645991, "indicator": "45b94e90cab94d9f873478151a80703d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486467, "indicator": "48888cca68db492c87892524146e8ae3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645992, "indicator": "4a0fa9be43cc84b5beb0b484227edfcb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645993, "indicator": "4d275adbd318f182fa0ec0275cf217b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645994, "indicator": "4e01e648645d041d52af9dbb09e442ef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645996, "indicator": "4f377a8344baa76afe9103ca843e315f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486472, "indicator": "4fc1b3dbf9dc44278f990d57913d96f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486473, "indicator": "51c1b9b3df00de5e08c4aa3a2b864a54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645998, "indicator": "51d3e2bd306495de50bfd0f2f4e19ae9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629613, "indicator": "51eaec282b845bc54dbd4fbce5bb09d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5645999, "indicator": "522cd120fa4b1517a60fcf8be3e71ff4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646000, "indicator": "53bc1a9d19aae7f783e019ec7613c366", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614994, "indicator": "53dc9866fd77fe4933eea3c08666c7bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646001, "indicator": "55b125da1310d2b37f18ea4e2ae8192b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486476, "indicator": "5607a3ccdaf748fd5cd2d1bec4a771bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486477, "indicator": "56217179283737f5c46c0a64ebe28a82", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646002, "indicator": "57099403f28d2ce79cba11469c8be971", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486478, "indicator": "57dfd2ec5401d9a3d68b4d125e1eb308", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_string", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646003, "indicator": "5b7b8d3b844b4dbc22875a2a6866a862", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486650, "indicator": "5bbdb09ec6ec333a20de74fd430b2bc2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646005, "indicator": "5dee5ad9f12f89fcf9fdcf07ebab3e5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486651, "indicator": "5f05acd53cfd91fb4dba3660ad1e3add", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486652, "indicator": "5f05b4aff89a07dbac9914ae3cf1314f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 96351, "indicator": "60af79fb0bd2c9f33375035609c931cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646006, "indicator": "611c4440aa2587f54702e7e58b7be75f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486653, "indicator": "63409ddbd5316bae8e956595c81121ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486654, "indicator": "64c4d56457516a646d10732f24214cf2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629555, "indicator": "65460ec31dce97c456991ba5215d9c43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486655, "indicator": "65f7b330bcc7aeebf8d84afa0b23bf02", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646007, "indicator": "67b96c2265e44ccfad708c9387570ab4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486656, "indicator": "686738eb5bb8027c524303751117e8a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646008, "indicator": "687b8d2112f25e330820143ede7fedce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486657, "indicator": "68ca3d3fc4901d1af8d3adc3170af6ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646009, "indicator": "697e77c5ef4cf91d5a84b0b3f0617887", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486659, "indicator": "69fa0bfd74d0db4ad734b9944ea71ec3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486661, "indicator": "6a37ba1bac5fb990fbd1c34effcb0b9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646010, "indicator": "6a79c842a6edca3460b0026cd16c3670", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486662, "indicator": "6acd47c45a3e031411af351b3be5f82e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646012, "indicator": "6d3839c312976ba96e89ab6a243aef8f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486665, "indicator": "6f1a828a2490099a3ce9f873823cce7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486666, "indicator": "6f7ec5ff103e4ee038a54816c6b9bc09", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646015, "indicator": "720af0fa1f2633b1b73c278a0a016559", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486668, "indicator": "72869fc63d0ba875dfc539d2bcd48e4d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486669, "indicator": "729a2f6c7e95075ff36947bc5811a5d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646016, "indicator": "74d403244db05f7c294ca0777a9f7a9e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646017, "indicator": "752c351778a8a18245f132dafdc54599", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486670, "indicator": "76dd289fa3dd8f36972593a006b771cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646018, "indicator": "77669d11c3248a6553d3c15cd1d8a60e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.A!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486671, "indicator": "7a5256dda43cb459e99c0073f1e8f07b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646019, "indicator": "7ad3b74bec51678622e21f57fb82e136", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486673, "indicator": "7bab3a69ab65b90e47d5cc0724531914", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646020, "indicator": "7c2eeda3bb66b2c29aa425ba74c780c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486674, "indicator": "7d304a9cdcda75b1cb9537618f5ed398", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486675, "indicator": "7f608ebfb9b1c81cb07eb8f26fd7647a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646021, "indicator": "804dceb3fa2b9bcf65595109b9465bbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486676, "indicator": "822871578022c1292c9cb051cceedfe2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646022, "indicator": "83f0f16fb86d6f67ca158d66c195884e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486677, "indicator": "86b18e99072ba72d5d36bce9a00fc052", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486679, "indicator": "873f26caddfe1e9af18181d8f5f18368", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630151, "indicator": "89de19ff50dd58eda2b136b65feb3fb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486681, "indicator": "8c01d9a2c13ebc8dc32956336a6bc4f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646024, "indicator": "8cdd3b6c577a17b698333337dd1cf3e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486850, "indicator": "8def236d23dea950d9b1b222cb9a463a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614872, "indicator": "90f26c5c4b3c592352fcbddf41dc18aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646026, "indicator": "910a1f150a5de21f377cf771ed53261f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486851, "indicator": "912a8c7cf1ad78cd4543bfb594c7db58", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646027, "indicator": "9305008e17b0805118a6a9bb45493441", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486853, "indicator": "93283599dbf3b2d47872dafae12afb21", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Siromost.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486855, "indicator": "965e7d4785d23ba6b6608c1245586eba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646028, "indicator": "98b07144f4f5cc95348b39d6bfaeb56a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486856, "indicator": "9978ced410a7dfd3a21ff59cbe1e4303", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646029, "indicator": "99a2cca89d044148aa3379cdf2e899fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646030, "indicator": "9a2f2291686080a29f4c68bdc530887f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2636294, "indicator": "9a56bb6c022b3a2ab40d2b308ddf7015", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646031, "indicator": "9ba119cf7107d6f4f910447c90c4985d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486858, "indicator": "9bc355cbb5473f4f248f3e2be028ec0b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486859, "indicator": "9c3b06ab28840239cf1d0ecf4a45f6f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646032, "indicator": "9c5cd8f4a5988acae6c2e2dce563446a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Pdf.Exploit.Agent-30120", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486861, "indicator": "9d248e5cc726f2aa2fa4f06566a2d5b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646034, "indicator": "9eae89f27c8fbc5896fc7e540e4cfd4a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630374, "indicator": "9eeae870f22350694eb2e7a4852dbb7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630294, "indicator": "9f08b8182c987181fe3f3906f7463eac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486863, "indicator": "9f56c7f03370692f1d4761ddb848daf5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530486868, "indicator": "a07db3237b6bd9789b5f1126ea7b0195", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646035, "indicator": "a0b0389eb9bbfe1839d3da7a1995da3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646090, "indicator": "a1467e57ea55030e45325d3987db9fca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646093, "indicator": "a47f6878da6480089c2ff3bdddbd7104", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614574, "indicator": "a49780f2da2067dd904135fad3af8a90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487049, "indicator": "a6b0406dff68430aac6a5b738731e7d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646095, "indicator": "a71f240abb41eb1e37ff240613d14277", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487050, "indicator": "a7b226c220e1282320fca291a5100f93", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630352, "indicator": "a8151939085ce837b3a7deec58efa7b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646096, "indicator": "a855b983f1f414461de0e813e2f72b24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487052, "indicator": "a9faa01c7cf7150054600fc2ab63e4b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646097, "indicator": "aaeb3b0651720a3f37a0c2f57c92429c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487053, "indicator": "abdcde9cd1f9135e412f7bb0a9cafbc9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646098, "indicator": "ad0f9ba1a355c5e8048c476736c90217", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487054, "indicator": "ad35db962130becfac1de2f803a119ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487055, "indicator": "adab033d420206fcd2503643d443956e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487057, "indicator": "af26f60a80171c4337117133f1c2ba5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646099, "indicator": "b07f6065011621c569fc2decd27056df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487058, "indicator": "b1048d7d2464f27a19b2adbf310158b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646100, "indicator": "b164febacafd2ab33f203fc5faecd531", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646101, "indicator": "b2b29dcb1251c8b1c380f00834297857", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487060, "indicator": "b44a988d18264735f39efc2001b29c63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487061, "indicator": "b4cbafc20d19b06a4ab670129a3ae5aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487063, "indicator": "b5ab66687d53914a65447aacc8fb3e88", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2629549, "indicator": "b6428851df75dc91bb46583b97d9a566", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Apptom.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487066, "indicator": "be7acfaf90c8fab44393345704dd2b69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646104, "indicator": "bf700fa187cc22d591e1ec4e7442145a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487070, "indicator": "c25d146b4cf05f7aaa9aebbe8d1563db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646105, "indicator": "c2d00fef0659640c1345967d2f554278", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646106, "indicator": "c322e499729291451437d46c6f05b920", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646107, "indicator": "c34eb5aa60373119a03cfd90a5fea121", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924376, "indicator": "c49e6114fa3de4f823010e852d891896", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924380, "indicator": "c4ac4924544877cd100e53f1115c7df9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924378, "indicator": "c5a9ec966196a03e53fd1869764d8507", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924379, "indicator": "c82ca00476d7e8532d055bf2cc2c9d59", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646108, "indicator": "ca7e5ff32b729d0d61340911a01a479a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487072, "indicator": "cd1134ad11d21b4626e28cf5a9eb6f0c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924377, "indicator": "cdd5afba31e91706412ba58fff2b4d31", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487073, "indicator": "cdf5267225e6994b4670bf49ba50595a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924373, "indicator": "cf95ab8c4cc222088de00dbb20374d69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646109, "indicator": "d46204e579808d520affcc71a7d35cda", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 924381, "indicator": "d580cab0c05dd78215fd6252934c240f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2636448, "indicator": "d73b08376c7cdf355d31b05a71c8c5ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646111, "indicator": "da608f216594653a1716edd5734cd6e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646112, "indicator": "da6c390915639c853612cb665ac635f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487076, "indicator": "da6ed3cc582b4424c96b8ca73aaeb8ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614400, "indicator": "dd555740dcabb3dab3ea1fc71273e493", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487078, "indicator": "dd6c020e4a9c112c1776215b763f7525", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487081, "indicator": "e271ba345eada5f56471c5413acf52f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646113, "indicator": "e2b5c47156508a31b74a1f48e814fbe7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646114, "indicator": "e2ed43a6bbb72c927a4e083768e47254", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.E!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646115, "indicator": "e4fe6fa6e540cdb77807401aa2121858", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487249, "indicator": "e52b7d5391152da89b1db64060ba96ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487250, "indicator": "e579157fb503b5cbd59ce66f5381575c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646116, "indicator": "e5a31be7717c12a3cf9a173428ac7c38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646117, "indicator": "e65fddac2ada261adcdcde87b4dc5540", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614134, "indicator": "e8190374c3d962f5c2cbb5e30007216c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 96377, "indicator": "e9f89d406e32ca88c32ac22852c25841", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487255, "indicator": "ebe6b78006ecffe1511f46c86d16f4aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646118, "indicator": "ec4be1af573e5c55023b35bd02efe394", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2614057, "indicator": "ed2119548aff161ff97d6837e6a08e84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646119, "indicator": "ed9f539ddabdab8a88491ee38f638b64", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487256, "indicator": "ede6a67f7956686f753819c46f496c84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646120, "indicator": "efda0c1d8593d3ab3a7c079b71a0f2bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646121, "indicator": "f1368a2e56ae66587847a1655265d3c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487258, "indicator": "f2231ce84551fbd8a57e75fb07d7f6c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646122, "indicator": "f47cdf5bfc7227382e18f8361249212b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487260, "indicator": "f5d745e7a575b7aecae302623acd6277", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646123, "indicator": "f602fe96deb8615ab8cefbd959e1d438", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487261, "indicator": "f7084cf91278eb8176c815ec4e269851", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2636955, "indicator": "f7d0d5fc6b01a2e0f3a1c021bab49437", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646124, "indicator": "f97ec1cc844914a9aa8dfa00d1ead62e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646125, "indicator": "fcd2458376398b0be09eaa34f4f4d091", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5646126, "indicator": "fda0320d1e28bc022e4d9e9aae544db4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1530487266, "indicator": "fe7efa9f0417ba001c058b513518f4cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2631257, "indicator": "fe95141837ae86cb02a1bbf6a070cbb4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3254624383, "indicator": "01b4d310e510b3b77fc1a19be35d4f92afbffa76", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "SHA1 of 4d275adbd318f182fa0ec0275cf217b4", "expiration": null, "is_active": 1 }, { "id": 3254615958, "indicator": "076a498a77c9cbad8bf1ce0a4d6d65bf27108e33", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_string", "description": "SHA1 of 57dfd2ec5401d9a3d68b4d125e1eb308", "expiration": null, "is_active": 1 }, { "id": 3254622512, "indicator": "0d941f58d554a9970e50adb353193ea3525f9c8f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 043d308bfda76e35122567cf933e1b2a", "expiration": null, "is_active": 1 }, { "id": 3254632868, "indicator": "1305948cd5247793ab79d28c0be08fcc1b3978e1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 0183bac55ebfad2850a360d6cd93d941", "expiration": null, "is_active": 1 }, { "id": 3254631381, "indicator": "13404ebde73c15ccf156e90e78cbf5941d1c18b9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA1 of 043f0dcea6f6fbd1305571e6bf0fa78c", "expiration": null, "is_active": 1 }, { "id": 1514269626, "indicator": "18272cf888d8779d466901864537b732f842c351", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Pdf.Exploit.Agent-30120", "description": "SHA1 of 9c5cd8f4a5988acae6c2e2dce563446a", "expiration": null, "is_active": 1 }, { "id": 2599644047, "indicator": "1ccf74cbc164eab0f07da29e87cbb09dbcad7300", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 140b27db7d156d6a63281e1f6fc6075d", "expiration": null, "is_active": 1 }, { "id": 3254607996, "indicator": "1cff25bcd38b389436e66a357d90f27589ae21cb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA1 of 131c5f8e98605f9d8074ca02fd1b9c34", "expiration": null, "is_active": 1 }, { "id": 3254620917, "indicator": "1dc00b14cc8eb714a3cc8ce52fda3956a72a0cdd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1fcaa239cf4d627078179f6de299f320", "expiration": null, "is_active": 1 }, { "id": 3254608799, "indicator": "1dc6cac574736388a73610c57a9ed5ce1567121d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.E!dha", "description": "SHA1 of e2ed43a6bbb72c927a4e083768e47254", "expiration": null, "is_active": 1 }, { "id": 1593602671, "indicator": "206407f68d83df6ac1f69c7f13e64bcadff9b911", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA1 of 01cbd90ba5cf7e9595b208e4ca2d2d15\nSHA1 of 01cbd90ba5cf7e9595b208e4ca2d2d15", "expiration": null, "is_active": 1 }, { "id": 2599644039, "indicator": "24620848450863c080a386d1fee2524b84cd6b46", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 06206fe97fed0f338fd02cb39ed63174", "expiration": null, "is_active": 1 }, { "id": 3254621315, "indicator": "2f0620ea57b6fe36e85d8163f574d79ccc83056d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "JS:Pdfka-ANQ\\ [Expl]", "description": "SHA1 of 2802c47b48cced7f1f027f3b278d6bb3", "expiration": null, "is_active": 1 }, { "id": 3254624577, "indicator": "31fbc571213e73817243af8ab516e98724869c4f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA1 of 0367f890595cf28c6c195dfabae53ba5", "expiration": null, "is_active": 1 }, { "id": 3254637448, "indicator": "33256fbd9196402e5253357f243dc13f88473e23", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 687b8d2112f25e330820143ede7fedce", "expiration": null, "is_active": 1 }, { "id": 3254637876, "indicator": "41308106d1331304db35d81a1d38e9451befd241", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 822871578022c1292c9cb051cceedfe2", "expiration": null, "is_active": 1 }, { "id": 3254628189, "indicator": "42973e51b315d0d40a76730d33b529385856d594", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA1 of 08b04d6ef94d2764bfafd1457eb0d2a0", "expiration": null, "is_active": 1 }, { "id": 3254608281, "indicator": "48de817415d1fee29edb6e7a1639ef05c3989bc7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA1 of 0393036f35a7102a34fadfd77680b292", "expiration": null, "is_active": 1 }, { "id": 3254607290, "indicator": "49b973555890f1bda67a12a5927de1a9691005ca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 4286ee45e9fcc2db3ddfad38426b7f50", "expiration": null, "is_active": 1 }, { "id": 3254635656, "indicator": "4cd9a63ff7e50b7bb52cbcc1dc07115fef806c8e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pabosp", "description": "SHA1 of 131c625a92dc721c5d4dae3fb65591fc", "expiration": null, "is_active": 1 }, { "id": 3254615181, "indicator": "5406aceadc3555cdb3e3760c94019189b32245b5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.A", "description": "SHA1 of 0bd1677c0691c8a3c7327bf93b0a9e59", "expiration": null, "is_active": 1 }, { "id": 3254599147, "indicator": "561bcf75b693b2c2610533f6faabb6a063da61b9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA1 of 9bc355cbb5473f4f248f3e2be028ec0b", "expiration": null, "is_active": 1 }, { "id": 3254607629, "indicator": "5d724d2b0a92cdbccc06d568a9c6eacb2902b573", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "SHA1 of 18527b303c0afe91f5ae86d34b52eb29", "expiration": null, "is_active": 1 }, { "id": 3254618930, "indicator": "6635e1ed92df4b225de32cc3ea3976eced2af159", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 6a79c842a6edca3460b0026cd16c3670", "expiration": null, "is_active": 1 }, { "id": 3254616557, "indicator": "67a5a4da7d63a20c9a5d906e5c3bdd4692954cb6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA1 of 0d48f948b3c47d0c08e8ee026b8f4670", "expiration": null, "is_active": 1 }, { "id": 3254628773, "indicator": "6841881e4ce3e9cd7ea7fa81aa3b669c6192b3b4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 101244381e0590adecf5f2b18d1b6042", "expiration": null, "is_active": 1 }, { "id": 3254613344, "indicator": "6886a65a0f7ac4072a151c20312fbe0707db5fc2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 05059c5a5e388e36eed09a9f8093db92", "expiration": null, "is_active": 1 }, { "id": 3254640852, "indicator": "69b8bbc7939e89d0aaf54a141afc6449daf315ef", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 8def236d23dea950d9b1b222cb9a463a", "expiration": null, "is_active": 1 }, { "id": 3254625561, "indicator": "6fb4721fa96cd7604e85335a4373e7b52b572904", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "SHA1 of 16139ce9025274a388a4281fef65049e\nSHA1 of 16139ce9025274a388a4281fef65049e", "expiration": null, "is_active": 1 }, { "id": 3254607225, "indicator": "74c620fa0deaf30b211ccb9f6f2b1ccf29f73f40", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA1 of 06ac12b8c51aec71cefcf8a507d82ce4", "expiration": null, "is_active": 1 }, { "id": 3254613526, "indicator": "7589e991b0f47751d7fa3774490f0985f8a367e1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of f602fe96deb8615ab8cefbd959e1d438", "expiration": null, "is_active": 1 }, { "id": 1582947300, "indicator": "75a3cbc4f032fdacb958332acb4591712be907f5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA1 of 000c907d39924de62b5891f8d0e03116", "expiration": null, "is_active": 1 }, { "id": 3254612654, "indicator": "80277aa12244d6c4d707f3ddfbcc34493cc9b428", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA1 of 0bfc8e7fa0b026a8bf51bbea3d766890\nSHA1 of 0bfc8e7fa0b026a8bf51bbea3d766890", "expiration": null, "is_active": 1 }, { "id": 3254637221, "indicator": "8748407b0970ed118a5a0df28759e7d0b3116787", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA1 of 032a7c67332a3abf6da179ed265e6e04", "expiration": null, "is_active": 1 }, { "id": 3254606878, "indicator": "880947995d46e5528c423153d8b644c41bd0ad6b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.A!dha", "description": "SHA1 of 77669d11c3248a6553d3c15cd1d8a60e\nSHA1 of 77669d11c3248a6553d3c15cd1d8a60e", "expiration": null, "is_active": 1 }, { "id": 3254607496, "indicator": "8c4d8bfb6940647ff03f990271eb1de86545e8ed", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 03a611a8c2f84e26c7b089d3f1640687", "expiration": null, "is_active": 1 }, { "id": 3254598710, "indicator": "8d941454c00dcd5d030d10e85e19f22ddeaa2276", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA1 of 42b9fea2ec56a90cefeecee3c84aade0\nSHA1 of 42b9fea2ec56a90cefeecee3c84aade0", "expiration": null, "is_active": 1 }, { "id": 3254612118, "indicator": "8ddcccc4a6639d7df439084eca629ffedbaab223", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 86b18e99072ba72d5d36bce9a00fc052", "expiration": null, "is_active": 1 }, { "id": 3254612296, "indicator": "937a1c07e1c4c99ae1d0244360a9ce0db1da33db", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanProxy:Win32/Roficor.A", "description": "SHA1 of 121a9ea93f3ed16a1b191187b16b7592", "expiration": null, "is_active": 1 }, { "id": 3254626580, "indicator": "9436162993833660daee892d1c1b419d44925b23", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Riberow.A", "description": "SHA1 of 061e3d50125dc78c86302b7cfa7e4935", "expiration": null, "is_active": 1 }, { "id": 3254616918, "indicator": "94cd22a1c07ec9d9e8081db872b2b58e14dd29bf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 9f56c7f03370692f1d4761ddb848daf5", "expiration": null, "is_active": 1 }, { "id": 3254623718, "indicator": "979888ad8da108d8c259207d2c66c3c6c071ad49", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 9305008e17b0805118a6a9bb45493441", "expiration": null, "is_active": 1 }, { "id": 3254635209, "indicator": "9e0c524057c359a3e550da79dd4cda8d0d3f1d3a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.H", "description": "SHA1 of 0d75157d3f7fbf13264df3f8a18b3905", "expiration": null, "is_active": 1 }, { "id": 3254631619, "indicator": "9ef1a2d168aa688a5106d5705db5253ac6db73f9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 175aa0d1bdebfa60de29b90ab2c62189\nSHA1 of 175aa0d1bdebfa60de29b90ab2c62189", "expiration": null, "is_active": 1 }, { "id": 3254615688, "indicator": "a435868938adb53d403e8f8afc4e8fcf6e961717", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tapaoux.A", "description": "SHA1 of e9f89d406e32ca88c32ac22852c25841", "expiration": null, "is_active": 1 }, { "id": 3254624527, "indicator": "a6c141c38b44644fa0bad0df169e00ef1e8b4162", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "SHA1 of 15097b11e3898cb0be995e44a79431f2", "expiration": null, "is_active": 1 }, { "id": 3254639713, "indicator": "ad2ebe58b0ae2322b3ca6590f617c5a8ecc7b411", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 686738eb5bb8027c524303751117e8a9", "expiration": null, "is_active": 1 }, { "id": 3254638894, "indicator": "b00fa08c86dba7d4065018e7234b850d2a541799", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 1971ee25847d246116835c7157cf7f89", "expiration": null, "is_active": 1 }, { "id": 3254622175, "indicator": "b0a354a1ab28710b278d9ba1c29119593f648166", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA1 of 12df4869b3a885d71c8e871f1a1b0fde\nSHA1 of 12df4869b3a885d71c8e871f1a1b0fde", "expiration": null, "is_active": 1 }, { "id": 3254612047, "indicator": "b2e57b39fd0e698ac1bd48b8e024d20830596c1e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Siromost.A", "description": "SHA1 of 93283599dbf3b2d47872dafae12afb21", "expiration": null, "is_active": 1 }, { "id": 3254611687, "indicator": "b78e8bf3498c500c8f5286aa911890b840a56032", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 0b727001dfc90cc354bd2ccabe3c23a5", "expiration": null, "is_active": 1 }, { "id": 3254609624, "indicator": "b94613662a0bd98d389c34c0fad8e6536d755ce5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c5a9ec966196a03e53fd1869764d8507", "expiration": null, "is_active": 1 }, { "id": 3254624792, "indicator": "bbd24fe828905b6e64981283b74fa0f0c9c06b2a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of a47f6878da6480089c2ff3bdddbd7104", "expiration": null, "is_active": 1 }, { "id": 3254609634, "indicator": "ca183cdd468c88d37d1f8328d618f9f8f4b9b744", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 720af0fa1f2633b1b73c278a0a016559", "expiration": null, "is_active": 1 }, { "id": 3254623999, "indicator": "d589836634848e97d3bf62ec77e3fc8b3e685b31", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Apptom.D", "description": "SHA1 of b6428851df75dc91bb46583b97d9a566", "expiration": null, "is_active": 1 }, { "id": 3254639240, "indicator": "d59122c0b5ad7957509b7fe0dfe65853e407c809", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.B", "description": "SHA1 of 1300244219cb756df01536692edebdbb", "expiration": null, "is_active": 1 }, { "id": 3254614954, "indicator": "d64945b015034188e7993ef505df428d4797bb7e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 2600671b87dedbb50ca728285eb141b8", "expiration": null, "is_active": 1 }, { "id": 3254617916, "indicator": "e05e8450d3a1354e3824c45123822bd06055f6eb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c2d00fef0659640c1345967d2f554278", "expiration": null, "is_active": 1 }, { "id": 3254618140, "indicator": "e90064d817deb0f0b4ee47a77780df71c7c99c51", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA1 of 64c4d56457516a646d10732f24214cf2", "expiration": null, "is_active": 1 }, { "id": 3254620285, "indicator": "ea7ac0e9954fa908a0955073b59cdd668a311738", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ad0f9ba1a355c5e8048c476736c90217", "expiration": null, "is_active": 1 }, { "id": 3254634976, "indicator": "ec250d2fb7169496a6236e90a27cdaf5279bd594", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA1 of 12b88e36170472413a49ae71b1ac9a33", "expiration": null, "is_active": 1 }, { "id": 3254616497, "indicator": "ed083c37c38b5c5db789409ff083649ddc7cd998", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA1 of 03d35ef3fdf353fe4dc65f3d11137172\nSHA1 of 03d35ef3fdf353fe4dc65f3d11137172", "expiration": null, "is_active": 1 }, { "id": 3254619739, "indicator": "ee7c5cf5f68ed174e07fed1fc55febe72c313cd4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 0d3e3fd44faa32e0d83b02c8b7cff49c", "expiration": null, "is_active": 1 }, { "id": 3254636458, "indicator": "f667edddedcc45074f4189a4535ea6bc5cd5f634", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of ad35db962130becfac1de2f803a119ae", "expiration": null, "is_active": 1 }, { "id": 427880425, "indicator": "067a43ed319859460d531c7947018673ca6745ae376f1f2f2ca7e26a7acf821f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA256 of 0bfc8e7fa0b026a8bf51bbea3d766890\nSHA256 of 0bfc8e7fa0b026a8bf51bbea3d766890", "expiration": null, "is_active": 1 }, { "id": 2599643846, "indicator": "0a812976b9412ed28aee3ac3de57873fafe1ddfa0e6b9026078017b810d1b24e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 175aa0d1bdebfa60de29b90ab2c62189\nSHA256 of 175aa0d1bdebfa60de29b90ab2c62189", "expiration": null, "is_active": 1 }, { "id": 3254619740, "indicator": "1203693a4ad21c5c12ec157f4ebbede35132188f02de8ce0f3ee6780788dae55", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 0d3e3fd44faa32e0d83b02c8b7cff49c", "expiration": null, "is_active": 1 }, { "id": 431160802, "indicator": "1ec2e4d02a89277afc0ee35d2d72009a5dbe96f88e1bc70bbfb3a9224478b7d5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 140b27db7d156d6a63281e1f6fc6075d", "expiration": null, "is_active": 1 }, { "id": 78533144, "indicator": "21090d03f70a632203c414d4fcb18ca144481a2c2ebba7ea3b3e95b5520d2b2e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "JS:Pdfka-ANQ\\ [Expl]", "description": "SHA256 of 2802c47b48cced7f1f027f3b278d6bb3", "expiration": null, "is_active": 1 }, { "id": 2784182216, "indicator": "2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA256 of 131c5f8e98605f9d8074ca02fd1b9c34", "expiration": null, "is_active": 1 }, { "id": 3254624793, "indicator": "276a6c74b79740aff136d8eebb1c78e7a5be438c454847832e9426a7be4fa6c0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of a47f6878da6480089c2ff3bdddbd7104", "expiration": null, "is_active": 1 }, { "id": 430383451, "indicator": "2db8a9c401911c7317e8a89c35d979d0e8e9ba718ae13a0a0cfedd957654ec10", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 043d308bfda76e35122567cf933e1b2a", "expiration": null, "is_active": 1 }, { "id": 431160807, "indicator": "2e835c7496fb4fc1c53665ef89fffdcbcc8dc49bea0baecc5b8496006ea601bb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 06206fe97fed0f338fd02cb39ed63174", "expiration": null, "is_active": 1 }, { "id": 3254614955, "indicator": "2e8d265191a86af4195ff0cdc24113d74369a05128a72b5212cbac6d7f94306c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 2600671b87dedbb50ca728285eb141b8", "expiration": null, "is_active": 1 }, { "id": 430383454, "indicator": "2eeae7447df15f4222baac0355552e52c54115845c8811a537f547cb6dc44b1f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 6a79c842a6edca3460b0026cd16c3670", "expiration": null, "is_active": 1 }, { "id": 3254608282, "indicator": "32edd18cc8c458186b76cfa546fe7a394de3c48366ea4854e6f6a75727026780", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA256 of 0393036f35a7102a34fadfd77680b292", "expiration": null, "is_active": 1 }, { "id": 3254612119, "indicator": "35126db85bbd6a57eb4d2eb79ead123bb9057845af862ca63cfd5748b3eaeb64", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 86b18e99072ba72d5d36bce9a00fc052", "expiration": null, "is_active": 1 }, { "id": 3254625562, "indicator": "38f1e3b2fa64fb1cead2e022521998a1fb89416973d60e5492e589a99d92a13e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "SHA256 of 16139ce9025274a388a4281fef65049e\nSHA256 of 16139ce9025274a388a4281fef65049e", "expiration": null, "is_active": 1 }, { "id": 431160804, "indicator": "39514ebac4feec4eab0a385c99ada3b52f7c460d87a8b990f01ac90506928fa6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 12df4869b3a885d71c8e871f1a1b0fde\nSHA256 of 12df4869b3a885d71c8e871f1a1b0fde", "expiration": null, "is_active": 1 }, { "id": 2697087920, "indicator": "3f7c3bd8619fcbf81d21b9cc259dcdf857c4570065315934de497b88bca06708", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.A!dha", "description": "SHA256 of 77669d11c3248a6553d3c15cd1d8a60e\nSHA256 of 77669d11c3248a6553d3c15cd1d8a60e", "expiration": null, "is_active": 1 }, { "id": 3254616498, "indicator": "47a9bd47efbb3ae928f8dd43b567145b5b60f3513122f346ade42939f323b1c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA256 of 03d35ef3fdf353fe4dc65f3d11137172\nSHA256 of 03d35ef3fdf353fe4dc65f3d11137172", "expiration": null, "is_active": 1 }, { "id": 3254598711, "indicator": "58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA256 of 42b9fea2ec56a90cefeecee3c84aade0\nSHA256 of 42b9fea2ec56a90cefeecee3c84aade0", "expiration": null, "is_active": 1 }, { "id": 3254624384, "indicator": "5bb93bd97851c570c6654e64e7c23330e6ef03bd14b3aa4d055d230115a08247", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "SHA256 of 4d275adbd318f182fa0ec0275cf217b4", "expiration": null, "is_active": 1 }, { "id": 1567185705, "indicator": "5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA256 of 01cbd90ba5cf7e9595b208e4ca2d2d15\nSHA256 of 01cbd90ba5cf7e9595b208e4ca2d2d15", "expiration": null, "is_active": 1 }, { "id": 3254636459, "indicator": "6350ea625ca0dbfe316539fcc04696cc45ce5ed3e9960591a03a3bfec4d5ce1d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of ad35db962130becfac1de2f803a119ae", "expiration": null, "is_active": 1 }, { "id": 3254616919, "indicator": "6c095b01ee712bbca41dc10d9bcc7875db2a87b1fa9a71f60b39d46f2b87983b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 9f56c7f03370692f1d4761ddb848daf5", "expiration": null, "is_active": 1 }, { "id": 3254639241, "indicator": "70c91ab469092ba56bd050a1e1d3f03a76ee8273b43f96233ac5519f989eefad", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.B", "description": "SHA256 of 1300244219cb756df01536692edebdbb", "expiration": null, "is_active": 1 }, { "id": 427880424, "indicator": "77fd82b9c32cc158df0d50e3bf32a775b35fa8dae5eba43a4f2132c7b84cd976", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA256 of 0d48f948b3c47d0c08e8ee026b8f4670", "expiration": null, "is_active": 1 }, { "id": 3254613527, "indicator": "8119f075b901142e437224b2f4fc059d36d1080b31b3f92a68400c10c1fa3d56", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of f602fe96deb8615ab8cefbd959e1d438", "expiration": null, "is_active": 1 }, { "id": 431160805, "indicator": "8407c9d6116d300bea75eb15b7b20c9646b6372428f083ab0e6814ecd9a5deb2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.H", "description": "SHA256 of 0d75157d3f7fbf13264df3f8a18b3905", "expiration": null, "is_active": 1 }, { "id": 431200674, "indicator": "85dffbf4e989fd9c86261cb8b790f198f7407fc63eace1601ab3a2494e4b4914", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 4286ee45e9fcc2db3ddfad38426b7f50", "expiration": null, "is_active": 1 }, { "id": 3254626581, "indicator": "88b900d76a02b8c72e806f090df7d9d8efaf19ff92075a4590ca7ee07c0d5d5a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Riberow.A", "description": "SHA256 of 061e3d50125dc78c86302b7cfa7e4935", "expiration": null, "is_active": 1 }, { "id": 427880426, "indicator": "8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Nemain.A", "description": "SHA256 of 0367f890595cf28c6c195dfabae53ba5", "expiration": null, "is_active": 1 }, { "id": 3254637877, "indicator": "8d78ba7e47fa48bde3707313fcef9ce42ef2190e4df03d1b9b4ad576d5f49a02", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 822871578022c1292c9cb051cceedfe2", "expiration": null, "is_active": 1 }, { "id": 3254624000, "indicator": "90ab35c72748b39fb60b9652b7aaca89248b48f7e88707334e104fdb146bb978", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDropper:Win32/Apptom.D", "description": "SHA256 of b6428851df75dc91bb46583b97d9a566", "expiration": null, "is_active": 1 }, { "id": 431200670, "indicator": "90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 0b727001dfc90cc354bd2ccabe3c23a5", "expiration": null, "is_active": 1 }, { "id": 3254608800, "indicator": "9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "ALFPER:CERT:Asruex.E!dha", "description": "SHA256 of e2ed43a6bbb72c927a4e083768e47254", "expiration": null, "is_active": 1 }, { "id": 431160806, "indicator": "94dfa93843f6ed3eab479de62d345cadfe2e99e7175dc065f5e57098dae2e792", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.A", "description": "SHA256 of 0bd1677c0691c8a3c7327bf93b0a9e59", "expiration": null, "is_active": 1 }, { "id": 3254615959, "indicator": "9c1b6e78e61eff42724eb4d7b009636fea0fa69b830d94344019c0988ef2aebe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "stack_string", "description": "SHA256 of 57dfd2ec5401d9a3d68b4d125e1eb308", "expiration": null, "is_active": 1 }, { "id": 431172213, "indicator": "a754eec020d6561fd81387e4efe21a3085e972be64f8a9380cdf96a94952873a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanProxy:Win32/Roficor.A", "description": "SHA256 of 121a9ea93f3ed16a1b191187b16b7592", "expiration": null, "is_active": 1 }, { "id": 3254609625, "indicator": "ab2db41bdca08f7f6997439a398a4042472045e8c376e3b848645b9813c59776", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c5a9ec966196a03e53fd1869764d8507", "expiration": null, "is_active": 1 }, { "id": 3254620286, "indicator": "b217cc0ab459e802c8a91ccee045eaf30bd3648a8cc1d4a6907319e2ce806ede", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ad0f9ba1a355c5e8048c476736c90217", "expiration": null, "is_active": 1 }, { "id": 432486831, "indicator": "b2aac98ec07bed90d8c1caf24605eccece8a953aef13ae0e02770e790e82f521", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tapaoux.A", "description": "SHA256 of e9f89d406e32ca88c32ac22852c25841", "expiration": null, "is_active": 1 }, { "id": 3254617917, "indicator": "b5f71acac5b5eb9ad1b05d040729880da1d3617e5ec1e92805d14dcd94712da9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c2d00fef0659640c1345967d2f554278", "expiration": null, "is_active": 1 }, { "id": 3254612048, "indicator": "b71a3882d901af1e1eeaa6c954081ab673cb3a3d0e3e10c32036e3635ff1e1c8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Siromost.A", "description": "SHA256 of 93283599dbf3b2d47872dafae12afb21", "expiration": null, "is_active": 1 }, { "id": 3254609635, "indicator": "babf823e9cd1af89ab0388a5acc884c0e1367d0ab014f440bfe4a70b4d2207b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 720af0fa1f2633b1b73c278a0a016559", "expiration": null, "is_active": 1 }, { "id": 3254637222, "indicator": "cb09c377721de670a698db9d56716be19946225ed7eb3dfccef283be28d7780d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA256 of 032a7c67332a3abf6da179ed265e6e04", "expiration": null, "is_active": 1 }, { "id": 3254640853, "indicator": "ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 8def236d23dea950d9b1b222cb9a463a", "expiration": null, "is_active": 1 }, { "id": 3254631382, "indicator": "cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA256 of 043f0dcea6f6fbd1305571e6bf0fa78c", "expiration": null, "is_active": 1 }, { "id": 3254618141, "indicator": "d4a15ab2af2be3d1b5697ffc27d5532b1dbc0b62c9466b6a1911386faa8f1d9c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 64c4d56457516a646d10732f24214cf2", "expiration": null, "is_active": 1 }, { "id": 78533146, "indicator": "d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Pdf.Exploit.Agent-30120", "description": "SHA256 of 9c5cd8f4a5988acae6c2e2dce563446a", "expiration": null, "is_active": 1 }, { "id": 3254635657, "indicator": "d55f64be74e8ca9e775ddbc5553937f90473722319397359dd73d794cad284f8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pabosp", "description": "SHA256 of 131c625a92dc721c5d4dae3fb65591fc", "expiration": null, "is_active": 1 }, { "id": 3254623719, "indicator": "d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 9305008e17b0805118a6a9bb45493441", "expiration": null, "is_active": 1 }, { "id": 430383452, "indicator": "d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 686738eb5bb8027c524303751117e8a9", "expiration": null, "is_active": 1 }, { "id": 78533147, "indicator": "d6d089fcbd886363cfbc23c237cab8d99d5033eff9f6a4a3eeb95e32f5b80113", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 687b8d2112f25e330820143ede7fedce", "expiration": null, "is_active": 1 }, { "id": 2667035095, "indicator": "d94693192be45aef92ac2d729029312e1c2f5b2559df7c8ed21e2d794880045e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Roficor.A", "description": "SHA256 of 15097b11e3898cb0be995e44a79431f2", "expiration": null, "is_active": 1 }, { "id": 431160803, "indicator": "d9a64222883854a0809cbabc2958f9522de1ce5230766e0710bdb09eb1b70770", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 101244381e0590adecf5f2b18d1b6042", "expiration": null, "is_active": 1 }, { "id": 3254628190, "indicator": "da7f9bab52597e36d5b90881a7acc4f2b92b5addff24bf0e350a446c51a600a1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA256 of 08b04d6ef94d2764bfafd1457eb0d2a0", "expiration": null, "is_active": 1 }, { "id": 432483202, "indicator": "de4ff8901766e8fc89e8443f8732394618bf925ce29b6a8aafe1d60f496e7f0e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tapaoux.A", "description": "SHA256 of 1971ee25847d246116835c7157cf7f89", "expiration": null, "is_active": 1 }, { "id": 3254599148, "indicator": "e3cb14970160faf8181481af8c7d830f31b91d4a7ea95bb2891fbfccb6e43a87", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA256 of 9bc355cbb5473f4f248f3e2be028ec0b", "expiration": null, "is_active": 1 }, { "id": 3254607630, "indicator": "e804e7eb921ca09660da2d530125122f370d679f25b4e1e6b2224cd0a6d71f19", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.I", "description": "SHA256 of 18527b303c0afe91f5ae86d34b52eb29", "expiration": null, "is_active": 1 }, { "id": 431160808, "indicator": "e8aa2f98fe34a9be82fd0ac4c71eaefd42593d2d1491eb998c32b1da2eeb6ee1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 05059c5a5e388e36eed09a9f8093db92", "expiration": null, "is_active": 1 }, { "id": 431160809, "indicator": "e9820ccf83d85d5042b1769d1c1d73181894f432025cb683b10183c4751db115", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.B", "description": "SHA256 of 03a611a8c2f84e26c7b089d3f1640687", "expiration": null, "is_active": 1 }, { "id": 3254632869, "indicator": "e9a09290906bfc57e81a367f3c25c65d86eec525e50eea5a06bce31068ba29d6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 0183bac55ebfad2850a360d6cd93d941", "expiration": null, "is_active": 1 }, { "id": 3254607226, "indicator": "eb8eefea77fb258bde014c3dfd9dc92c9b69598ecdbd74750d0ca609afc8808c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Kazy-813", "description": "SHA256 of 06ac12b8c51aec71cefcf8a507d82ce4", "expiration": null, "is_active": 1 }, { "id": 3254620918, "indicator": "f0c8f28e2daf82b080c80113243cb063c0512bce7d02a1977a399067618c4900", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1fcaa239cf4d627078179f6de299f320", "expiration": null, "is_active": 1 }, { "id": 3254634977, "indicator": "f14fdcad36ae519139aef52e796ff1eacec38db30bbe93dd6b4bfa2d928d1738", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA256 of 12b88e36170472413a49ae71b1ac9a33", "expiration": null, "is_active": 1 }, { "id": 431160810, "indicator": "f37940a7b52fad1b54a96abc767cb329d9bcd4bafc7bfa9a5e07b0aaeb8ebff1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA256 of 000c907d39924de62b5891f8d0e03116", "expiration": null, "is_active": 1 }, { "id": 3360565332, "indicator": "http://164.125.36.47/urimal-spellcheck.html", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565333, "indicator": "http://164.125.36.48/PronunCom/pronunc/pronunc.htm", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565334, "indicator": "http://164.125.36.48/RomanSearch/Roman.htm", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565335, "indicator": "http://164.125.36.48/romanWebDll/romanweb.htm", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565336, "indicator": "http://secure.zapak.com/mail/zapakmail.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565337, "indicator": "http://ukino.com/?mid=tileset", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565338, "indicator": "http://ukino.com/dreamnote_kor.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565339, "indicator": "http://ukino.com/toy/Ukino_CharacterBoard.swf", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565340, "indicator": "a405962ee897d590676a65ad6b0d009061df55a9", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_Dark_Hotel { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_00-16-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"000c907d39924de62b5891f8d0e03116\" \n \t\t hash2= \"00ca5c0558dc9eba1a8a4dd639e74899\" \n \t\t hash3= \"00d8dd7ec8545134bdc2527b4190078b\" \n \t\t hash4= \"0183bac55ebfad2850a360d6cd93d941\" \n \t\t hash5= \"01cbd90ba5cf7e9595b208e4ca2d2d15\" \n \t\t hash6= \"01d09407d09355a821ba23ffb58ec40d\" \n \t\t hash7= \"032a7c67332a3abf6da179ed265e6e04\" \n \t\t hash8= \"033d922f3f56f9ea7c976f31107e366a\" \n \t\t hash9= \"0367f890595cf28c6c195dfabae53ba5\" \n \t\t hash10= \"0393036f35a7102a34fadfd77680b292\" \n \t\t hash11= \"0396f7af9842dc5c8c0df1a44c01068c\" \n \t\t hash12= \"03a611a8c2f84e26c7b089d3f1640687\" \n \t\t hash13= \"03d35ef3fdf353fe4dc65f3d11137172\" \n \t\t hash14= \"043c84cef3e011e3dc731d643a205f4e\" \n \t\t hash15= \"043d308bfda76e35122567cf933e1b2a\" \n \t\t hash16= \"043f0dcea6f6fbd1305571e6bf0fa78c\" \n \t\t hash17= \"04461ee7c724b6805820df79e343aa49\" \n \t\t hash18= \"05059c5a5e388e36eed09a9f8093db92\" \n \t\t hash19= \"058efdf7d94c5da920a3c32cbadac2d0\" \n \t\t hash20= \"061e3d50125dc78c86302b7cfa7e4935\" \n \t\t hash21= \"06206fe97fed0f338fd02cb39ed63174\" \n \t\t hash22= \"06ac12b8c51aec71cefcf8a507d82ce4\" \n \t\t hash23= \"08a41624e624d8fb26eeed7a3b1f5009\" \n \t\t hash24= \"08b04d6ef94d2764bfafd1457eb0d2a0\" \n \t\t hash25= \"09e7b0ecd5530b8e87190dee0f362e13\" \n \t\t hash26= \"0b6caacd4081d3b18e847a40c1b6a7f3\" \n \t\t hash27= \"0b727001dfc90cc354bd2ccabe3c23a5\" \n \t\t hash28= \"0bd1677c0691c8a3c7327bf93b0a9e59\" \n \t\t hash29= \"0bfbd26a1a6e3349606d37a8ece04627\" \n \t\t hash30= \"0bfc8e7fa0b026a8bf51bbea3d766890\" \n \t\t hash31= \"0d3e3fd44faa32e0d83b02c8b7cff49c\" \n \t\t hash32= \"0d48f948b3c47d0c08e8ee026b8f4670\" \n \t\t hash33= \"0d75157d3f7fbf13264df3f8a18b3905\" \n \t\t hash34= \"0fb91846ab9a4e9667c81154829f888b\" \n \t\t hash35= \"0fe3daf9e8b69255e592c8af97d24649\" \n \t\t hash36= \"101244381e0590adecf5f2b18d1b6042\" \n \t\t hash37= \"11e85a6e127802204561b6996d4224b6\" \n \t\t hash38= \"121a9ea93f3ed16a1b191187b16b7592\" \n \t\t hash39= \"12b88e36170472413a49ae71b1ac9a33\" \n \t\t hash40= \"12df4869b3a885d71c8e871f1a1b0fde\" \n \t\t hash41= \"1300244219cb756df01536692edebdbb\" \n \t\t hash42= \"131c5f8e98605f9d8074ca02fd1b9c34\" \n \t\t hash43= \"131c625a92dc721c5d4dae3fb65591fc\" \n \t\t hash44= \"140b27db7d156d6a63281e1f6fc6075d\" \n \t\t hash45= \"15097b11e3898cb0be995e44a79431f2\" \n \t\t hash46= \"151115ddf1cd4b474a9106cfebcb82e4\" \n \t\t hash47= \"16139ce9025274a388a4281fef65049e\" \n \t\t hash48= \"16e378d5f0a15fbd521b087c0951a2ab\" \n \t\t hash49= \"173abb95e39f03415cd95b76e8a2f58f\" \n \t\t hash50= \"175aa0d1bdebfa60de29b90ab2c62189\" \n \t\t hash51= \"178f7fe2d3a2bda46c0e78f679ca5a62\" \n \t\t hash52= \"17c99725043fa1573fd650e57c3c75d3\" \n \t\t hash53= \"18527b303c0afe91f5ae86d34b52eb29\" \n \t\t hash54= \"1971ee25847d246116835c7157cf7f89\" \n \t\t hash55= \"1b0c2c6c19404112306a78ecf366f90b\" \n \t\t hash56= \"1bfc1b606fc8aa85e1094b01b08eafd6\" \n \t\t hash57= \"1d399370e82b314ba20c21ff4ee82205\" \n \t\t hash58= \"1ec49ae6d535bfb3789d498f4fd0224f\" \n \t\t hash59= \"1ee6676e122fcd22e80b6ae0dc40c979\" \n \t\t hash60= \"1ef21e634f9779280710e87ff17a83af\" \n \t\t hash61= \"1f29ec5ab8a7c2ccda21576f29cbb13b\" \n \t\t hash62= \"1f9d915d331f7e363c39108f41145c44\" \n \t\t hash63= \"1fcaa239cf4d627078179f6de299f320\" \n \t\t hash64= \"2024679f61cf9ab60342eca58360737f\" \n \t\t hash65= \"216088053dac46fcd95938568c469fa6\" \n \t\t hash66= \"21ba9d9d914d8140c1e34030e84213f4\" \n \t\t hash67= \"236df260f858f9a6ca056bcdec6f754f\" \n \t\t hash68= \"2431db868ebec1b967f5ad38abfd95c4\" \n \t\t hash69= \"25102d64dbc9b6495c5713f3178dd7f1\" \n \t\t hash70= \"255f7842c6f07a6a1500a30fb4d27d54\" \n \t\t hash71= \"2600671b87dedbb50ca728285eb141b8\" \n \t\t hash72= \"268d17f3763246ac27de7dc8024f23fa\" \n \t\t hash73= \"26b7b5d019d7500efdb866f1d20d2000\" \n \t\t hash74= \"275e0786b6294ffd05f45df435df842c\" \n \t\t hash75= \"27db26077f849e26ba89fcafd2f0db92\" \n \t\t hash76= \"27f2f32ba938b1747f28ffdd2f56c691\" \n \t\t hash77= \"2802c47b48cced7f1f027f3b278d6bb3\" \n \t\t hash78= \"28b1569109fcae8cfcdcfbe9c4431b66\" \n \t\t hash79= \"29d76d34d8878f7ac703837ec774f26a\" \n \t\t hash80= \"2aac9d340620da09d96929ba570978c4\" \n \t\t hash81= \"2b443cc331fec486a6ccbcfcd92e76a4\" \n \t\t hash82= \"2be3a8dd0059e291022ad32bbce0e5d1\" \n \t\t hash83= \"3165b7472a9dd45cde49538561cba59f\" \n \t\t hash84= \"3260c9f881eb815b7ef3f5f295fc5174\" \n \t\t hash85= \"326b44e73fccece89326fd865da61f7f\" \n \t\t hash86= \"35994a29128c08bed6f5d4aad28f102b\" \n \t\t hash87= \"35a15355c96be225507ebed1ec434d57\" \n \t\t hash88= \"35cd5ca2e33400a67345b00ef6db3ff6\" \n \t\t hash89= \"378177ddc1fd7d213b79c033da26327d\" \n \t\t hash90= \"38b919f37501fc3d54f8f1b956448a92\" \n \t\t hash91= \"3961cab50c32e8f32fe45836b9715ce5\" \n \t\t hash92= \"39fc4a3ea44ab9822ed5e77808803727\" \n \t\t hash93= \"3e38b8ccd38682ad4ec1f0fcfc1fb16a\" \n \t\t hash94= \"3f39c6dea5311167cc7ff62befd4ea7e\" \n \t\t hash95= \"40591b4ba82e0347b33098f6652640d6\" \n \t\t hash96= \"41b816289a6a639f7f2a72b6c9e6a695\" \n \t\t hash97= \"4286ee45e9fcc2db3ddfad38426b7f50\" \n \t\t hash98= \"428eb3305d4d4c9a8831e1d54160ed65\" \n \t\t hash99= \"42a3bb917778454fa96034ad4fb17832\" \n \t\t hash100= \"42b9fea2ec56a90cefeecee3c84aade0\" \n \t\t hash101= \"436b853cbc87ba3a99131ce2d64a512d\" \n \t\t hash102= \"44300d48fccd5aaf27f4c863421c0d47\" \n \t\t hash103= \"44e520bec8a3e35f6f6ad52e97911e14\" \n \t\t hash104= \"45a4c8c01ec94e1db83b86e05dc9e851\" \n \t\t hash105= \"45b94e90cab94d9f873478151a80703d\" \n \t\t hash106= \"48888cca68db492c87892524146e8ae3\" \n \t\t hash107= \"4a0fa9be43cc84b5beb0b484227edfcb\" \n \t\t hash108= \"4d275adbd318f182fa0ec0275cf217b4\" \n \t\t hash109= \"4d840625c5ca9a4f1cbd35d4b1ca2452\" \n \t\t hash110= \"4e01e648645d041d52af9dbb09e442ef\" \n \t\t hash111= \"4f377a8344baa76afe9103ca843e315f\" \n \t\t hash112= \"4fc1b3dbf9dc44278f990d57913d96f6\" \n \t\t hash113= \"51c1b9b3df00de5e08c4aa3a2b864a54\" \n \t\t hash114= \"51d3e2bd306495de50bfd0f2f4e19ae9\" \n \t\t hash115= \"51eaec282b845bc54dbd4fbce5bb09d8\" \n \t\t hash116= \"522cd120fa4b1517a60fcf8be3e71ff4\" \n \t\t hash117= \"53bc1a9d19aae7f783e019ec7613c366\" \n \t\t hash118= \"53dc9866fd77fe4933eea3c08666c7bb\" \n \t\t hash119= \"55b125da1310d2b37f18ea4e2ae8192b\" \n \t\t hash120= \"5607a3ccdaf748fd5cd2d1bec4a771bd\" \n \t\t hash121= \"56217179283737f5c46c0a64ebe28a82\" \n \t\t hash122= \"57099403f28d2ce79cba11469c8be971\" \n \t\t hash123= \"57dfd2ec5401d9a3d68b4d125e1eb308\" \n \t\t hash124= \"5b7b8d3b844b4dbc22875a2a6866a862\" \n \t\t hash125= \"5bbdb09ec6ec333a20de74fd430b2bc2\" \n \t\t hash126= \"5cb91f0c3a1452176007dcc594ec02ce\" \n \t\t hash127= \"5dee5ad9f12f89fcf9fdcf07ebab3e5e\" \n \t\t hash128= \"5f05acd53cfd91fb4dba3660ad1e3add\" \n \t\t hash129= \"5f05b4aff89a07dbac9914ae3cf1314f\" \n \t\t hash130= \"60af79fb0bd2c9f33375035609c931cb\" \n \t\t hash131= \"611c4440aa2587f54702e7e58b7be75f\" \n \t\t hash132= \"63409ddbd5316bae8e956595c81121ab\" \n \t\t hash133= \"64c4d56457516a646d10732f24214cf2\" \n \t\t hash134= \"65460ec31dce97c456991ba5215d9c43\" \n \t\t hash135= \"65f7b330bcc7aeebf8d84afa0b23bf02\" \n \t\t hash136= \"67b96c2265e44ccfad708c9387570ab4\" \n \t\t hash137= \"686738eb5bb8027c524303751117e8a9\" \n \t\t hash138= \"687b8d2112f25e330820143ede7fedce\" \n \t\t hash139= \"68ca3d3fc4901d1af8d3adc3170af6ad\" \n \t\t hash140= \"697e77c5ef4cf91d5a84b0b3f0617887\" \n \t\t hash141= \"69fa0bfd74d0db4ad734b9944ea71ec3\" \n \t\t hash142= \"6a37ba1bac5fb990fbd1c34effcb0b9d\" \n \t\t hash143= \"6a79c842a6edca3460b0026cd16c3670\" \n \t\t hash144= \"6acd47c45a3e031411af351b3be5f82e\" \n \t\t hash145= \"6bb1a12416c92f5ef12947e2dc5748f9\" \n \t\t hash146= \"6d3839c312976ba96e89ab6a243aef8f\" \n \t\t hash147= \"6de1b481ae52fbacd7db84789a081b74\" \n \t\t hash148= \"6f1a828a2490099a3ce9f873823cce7c\" \n \t\t hash149= \"6f7ec5ff103e4ee038a54816c6b9bc09\" \n \t\t hash150= \"720af0fa1f2633b1b73c278a0a016559\" \n \t\t hash151= \"72869fc63d0ba875dfc539d2bcd48e4d\" \n \t\t hash152= \"729a2f6c7e95075ff36947bc5811a5d3\" \n \t\t hash153= \"74d403244db05f7c294ca0777a9f7a9e\" \n \t\t hash154= \"752c351778a8a18245f132dafdc54599\" \n \t\t hash155= \"76dd289fa3dd8f36972593a006b771cc\" \n \t\t hash156= \"77669d11c3248a6553d3c15cd1d8a60e\" \n \t\t hash157= \"7a5256dda43cb459e99c0073f1e8f07b\" \n \t\t hash158= \"7ad3b74bec51678622e21f57fb82e136\" \n \t\t hash159= \"7bab3a69ab65b90e47d5cc0724531914\" \n \t\t hash160= \"7c2eeda3bb66b2c29aa425ba74c780c3\" \n \t\t hash161= \"7d304a9cdcda75b1cb9537618f5ed398\" \n \t\t hash162= \"7f608ebfb9b1c81cb07eb8f26fd7647a\" \n \t\t hash163= \"804dceb3fa2b9bcf65595109b9465bbc\" \n \t\t hash164= \"822871578022c1292c9cb051cceedfe2\" \n \t\t hash165= \"82ab0b8246c6677f9866b17794b72e2d\" \n \t\t hash166= \"83f0f16fb86d6f67ca158d66c195884e\" \n \t\t hash167= \"864cd4a59215a7db2740dfbe4a648053\" \n \t\t hash168= \"86b18e99072ba72d5d36bce9a00fc052\" \n \t\t hash169= \"873f26caddfe1e9af18181d8f5f18368\" \n \t\t hash170= \"89de19ff50dd58eda2b136b65feb3fb0\" \n \t\t hash171= \"8c01d9a2c13ebc8dc32956336a6bc4f5\" \n \t\t hash172= \"8cdd3b6c577a17b698333337dd1cf3e0\" \n \t\t hash173= \"8def236d23dea950d9b1b222cb9a463a\" \n \t\t hash174= \"8f7a7d003cafa56c63e9402f553f9521\" \n \t\t hash175= \"90f26c5c4b3c592352fcbddf41dc18aa\" \n \t\t hash176= \"910a1f150a5de21f377cf771ed53261f\" \n \t\t hash177= \"912a8c7cf1ad78cd4543bfb594c7db58\" \n \t\t hash178= \"9305008e17b0805118a6a9bb45493441\" \n \t\t hash179= \"93283599dbf3b2d47872dafae12afb21\" \n \t\t hash180= \"965e7d4785d23ba6b6608c1245586eba\" \n \t\t hash181= \"98b07144f4f5cc95348b39d6bfaeb56a\" \n \t\t hash182= \"9978ced410a7dfd3a21ff59cbe1e4303\" \n \t\t hash183= \"99a2cca89d044148aa3379cdf2e899fa\" \n \t\t hash184= \"9a0963dbee2361fa9cebaa6e0e517774\" \n \t\t hash185= \"9a2f2291686080a29f4c68bdc530887f\" \n \t\t hash186= \"9a56bb6c022b3a2ab40d2b308ddf7015\" \n \t\t hash", "title": "", "description": "APTMalware_Dark_Hotel Group", "expiration": null, "is_active": 1 }, { "id": 3360565341, "indicator": "ukino.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565342, "indicator": "secure.zapak.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565343, "indicator": "www.ctforumgroup.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565344, "indicator": "www.splashup.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2438, "indicator": "02fab24461956458d70aeed1a028eb9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2436, "indicator": "0a9545f9fc7a6d8596cf07a59f400fd3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_Derusbi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3512, "indicator": "14c04f88dc97aef3e9b516ef208a2bf5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 185881, "indicator": "16652d4213991ae58e268ae03a4c4e97", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 179621, "indicator": "1cb673679f37b6a3f482bb59b52423ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584462660, "indicator": "1faf6402f643c306bba4aa50c536f4e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3143144623, "indicator": "22823fed979903f8dfe3b5d28537eb47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2437, "indicator": "230d8a7a60a07df28a291b13ddf3351f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580438488, "indicator": "24e9870973cea42e6faf705b14208e52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 179618, "indicator": "26e863f917da0b3f7a48304eb6d1b1d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565345, "indicator": "2b5b8070c460bb085921eb3a9e12fa87", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 185880, "indicator": "2c7bad4f4a4df3025aa1345db27c7408", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3511, "indicator": "2dce7fc3f52a692d8a84a0c182519133", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:MSIL/Njogv.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 370825, "indicator": "3e4fbb9190227848af32dacb17e9fd17", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580438486, "indicator": "3f3d35208bfe32e64f82593ee89ff462", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580438487, "indicator": "422f3353164aae7afa7429e6721703cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3510, "indicator": "47619fca20895abc83807321cbb80a3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 3143144637, "indicator": "4a23e0f2c6f926a41b28d574cbc6ac30", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580438485, "indicator": "52a1b0de364dfa9bafabde0c07bd90c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580438489, "indicator": "6668e339d1f11a724aa286593c192472", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12304, "indicator": "740561c8d5d2c658d2134d5107802a9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580447127, "indicator": "7f466312a3b1176f052f8c05f7781715", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 179620, "indicator": "8afecc8e61fe3805fdd41d4591710976", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12518, "indicator": "8ee244ad6b6f2b814d34d26dae880f12", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2439, "indicator": "98721c78dfbf8a45d152a888c804427c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565346, "indicator": "9b66d0c215af19241631673bd6d9c7d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3143053093, "indicator": "a26e600652c33dd054731b4693bf5b01", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 370827, "indicator": "b93197e2aa147fe6b70695ae7bb298b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 179617, "indicator": "cd8c2bb644496d46bf1e91ad8a8f882b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3509, "indicator": "dae6b9b3b8e39b08b10a51a6457444d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3513, "indicator": "de7500fc1065a081180841f32f06a537", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Derusbi!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580447138, "indicator": "e81f9dadbdc7eea937e586afc9fb59f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "#Trojan:Win32/FunkMaster!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2582668294, "indicator": "030042c4574bd856fd873c23ffb24067553724c3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 02fab24461956458d70aeed1a028eb9c\nSHA1 of 02fab24461956458d70aeed1a028eb9c", "expiration": null, "is_active": 1 }, { "id": 1593535075, "indicator": "0559cf194ec7c750966cb277348ef4278bde9cea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_Derusbi", "description": "SHA1 of 0a9545f9fc7a6d8596cf07a59f400fd3", "expiration": null, "is_active": 1 }, { "id": 2582674495, "indicator": "2004f191a052cee6b033acc518f1c64bb0b00ecd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Derusbi!dha", "description": "SHA1 of de7500fc1065a081180841f32f06a537", "expiration": null, "is_active": 1 }, { "id": 2582677336, "indicator": "2e836934d65c9c5465ca46e3af6d372baf5ca113", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 422f3353164aae7afa7429e6721703cc", "expiration": null, "is_active": 1 }, { "id": 122933, "indicator": "48e04cb52f1077b5f5aab75baff6c27b0ee4ade1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "SHA1 of 14c04f88dc97aef3e9b516ef208a2bf5", "expiration": null, "is_active": 1 }, { "id": 1593605827, "indicator": "4a152785c8b092166cfb164688fc767c22dd3932", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3e4fbb9190227848af32dacb17e9fd17", "expiration": null, "is_active": 1 }, { "id": 2582684155, "indicator": "4fbf550f6977729ab7801450ca7168b2a15ad680", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7f466312a3b1176f052f8c05f7781715\nSHA1 of 7f466312a3b1176f052f8c05f7781715", "expiration": null, "is_active": 1 }, { "id": 1593551564, "indicator": "5988431f4a18ae89ce22d540b2872c3b349a3eba", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8ee244ad6b6f2b814d34d26dae880f12", "expiration": null, "is_active": 1 }, { "id": 179627, "indicator": "615b022a56e2473b92c22efa9198a2210f21bdc3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8afecc8e61fe3805fdd41d4591710976", "expiration": null, "is_active": 1 }, { "id": 1593605826, "indicator": "71c2407eaa08c7093316b62bc1f8eecaa089f775", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b93197e2aa147fe6b70695ae7bb298b0", "expiration": null, "is_active": 1 }, { "id": 2582691722, "indicator": "741310d9dfec1e75129b5e4f6e67d8c51d006e31", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 16652d4213991ae58e268ae03a4c4e97", "expiration": null, "is_active": 1 }, { "id": 1593550969, "indicator": "7994c126ece4d430c6b9eba2e81304c26492e6a9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 740561c8d5d2c658d2134d5107802a9d", "expiration": null, "is_active": 1 }, { "id": 2582695388, "indicator": "85dca90a8d769829dc13f4be6885ed5f783ed766", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3f3d35208bfe32e64f82593ee89ff462", "expiration": null, "is_active": 1 }, { "id": 18509, "indicator": "93d7fe1ec1f49e1e18c052050e7ff5df4bff4b2c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2c7bad4f4a4df3025aa1345db27c7408", "expiration": null, "is_active": 1 }, { "id": 179628, "indicator": "b630b7a8fe065e1a6f51ee74869b3938dc411126", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1cb673679f37b6a3f482bb59b52423ab", "expiration": null, "is_active": 1 }, { "id": 2582705728, "indicator": "b7299006f66080e4b61c66735f2401fec2150503", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 24e9870973cea42e6faf705b14208e52\nSHA1 of 24e9870973cea42e6faf705b14208e52", "expiration": null, "is_active": 1 }, { "id": 3360565347, "indicator": "c7f1b1c27cbd92926ae045b2f3ef2a6587110711", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "SHA1 of 47619fca20895abc83807321cbb80a3d", "expiration": null, "is_active": 1 }, { "id": 179630, "indicator": "cc6ebeea48a12b396c5fa797e595a0c3b96942de", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of cd8c2bb644496d46bf1e91ad8a8f882b\nSHA1 of cd8c2bb644496d46bf1e91ad8a8f882b", "expiration": null, "is_active": 1 }, { "id": 2582712408, "indicator": "d79e1029c401bb8c05572647647cb95db75913f4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "#Trojan:Win32/FunkMaster!dha", "description": "SHA1 of e81f9dadbdc7eea937e586afc9fb59f8", "expiration": null, "is_active": 1 }, { "id": 2582713194, "indicator": "dafb845bde3ae54e55cf7e7285415caf16ee3cc4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6668e339d1f11a724aa286593c192472", "expiration": null, "is_active": 1 }, { "id": 1593535074, "indicator": "de71fd21781ae1eed0dbba6bf915a65cc4c0f984", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 230d8a7a60a07df28a291b13ddf3351f", "expiration": null, "is_active": 1 }, { "id": 2582714791, "indicator": "e2feb31b9a0b20e46ab324b05bd59c2e59dcdfea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 52a1b0de364dfa9bafabde0c07bd90c2", "expiration": null, "is_active": 1 }, { "id": 1593536309, "indicator": "e8d06bd24e600f95b67786db6ff37da1c8995854", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 98721c78dfbf8a45d152a888c804427c", "expiration": null, "is_active": 1 }, { "id": 179629, "indicator": "f7984427093ba1fc08412f8594944cefe2d86cbf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 26e863f917da0b3f7a48304eb6d1b1d3", "expiration": null, "is_active": 1 }, { "id": 2582719417, "indicator": "f8f84a9e3a331dbd72e53c16965ecc6ca02895b2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:MSIL/Njogv.A", "description": "SHA1 of 2dce7fc3f52a692d8a84a0c182519133", "expiration": null, "is_active": 1 }, { "id": 2584660468, "indicator": "fe278f4cf5837a09098bb4acb741049599f3d0b9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1faf6402f643c306bba4aa50c536f4e1", "expiration": null, "is_active": 1 }, { "id": 163544, "indicator": "1b449121300b0188ff9f6a8c399fb818d0cf53fd36cf012e6908a2665a27f016", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6668e339d1f11a724aa286593c192472", "expiration": null, "is_active": 1 }, { "id": 2589318466, "indicator": "32f303469030ee68b20c03e239ff9fdc801a747ba5148f36032d94ee41dcdf56", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "#Trojan:Win32/FunkMaster!dha", "description": "SHA256 of e81f9dadbdc7eea937e586afc9fb59f8", "expiration": null, "is_active": 1 }, { "id": 179608, "indicator": "3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 26e863f917da0b3f7a48304eb6d1b1d3", "expiration": null, "is_active": 1 }, { "id": 179607, "indicator": "3ea6b2b51050fe7c07e2cf9fa232de6a602aa5eff66a2e997b25785f7cf50daa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of cd8c2bb644496d46bf1e91ad8a8f882b\nSHA256 of cd8c2bb644496d46bf1e91ad8a8f882b", "expiration": null, "is_active": 1 }, { "id": 30929330, "indicator": "3fe208273288fc4d8db1bf20078d550e321d9bc5b9ab80c93d79d2cb05cbf8c2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 02fab24461956458d70aeed1a028eb9c\nSHA256 of 02fab24461956458d70aeed1a028eb9c", "expiration": null, "is_active": 1 }, { "id": 2589403126, "indicator": "49f7c45453c3a478393ff841b0423ae011d1c2ef26fdf6b9ca4009e3810d9d93", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7f466312a3b1176f052f8c05f7781715\nSHA256 of 7f466312a3b1176f052f8c05f7781715", "expiration": null, "is_active": 1 }, { "id": 163542, "indicator": "50174311e524b97ea5cb4f3ea571dd477d1f0eee06cd3ed73af39a15f3e6484a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 24e9870973cea42e6faf705b14208e52\nSHA256 of 24e9870973cea42e6faf705b14208e52", "expiration": null, "is_active": 1 }, { "id": 163543, "indicator": "6cdb65dbfb2c236b6d149fd9836cb484d0608ea082cf5bd88edde31ad11a0d58", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 422f3353164aae7afa7429e6721703cc", "expiration": null, "is_active": 1 }, { "id": 122934, "indicator": "7522bc3e366c19ab63381bacd0f03eb09980ecb915ada08ae76d8c3e538600de", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "SHA256 of 14c04f88dc97aef3e9b516ef208a2bf5", "expiration": null, "is_active": 1 }, { "id": 163546, "indicator": "75c3b22899e39333c0313e80c4e6958d6612381c535d70b691f5f42afc8c214f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 52a1b0de364dfa9bafabde0c07bd90c2", "expiration": null, "is_active": 1 }, { "id": 246182799, "indicator": "77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_Derusbi", "description": "SHA256 of 0a9545f9fc7a6d8596cf07a59f400fd3", "expiration": null, "is_active": 1 }, { "id": 427781117, "indicator": "77b5e11b30aa9edffaa2cfe2bb6614d269b32b321c9599f803f037a958bd42d0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:MSIL/Njogv.A", "description": "SHA256 of 2dce7fc3f52a692d8a84a0c182519133", "expiration": null, "is_active": 1 }, { "id": 1593550968, "indicator": "81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 740561c8d5d2c658d2134d5107802a9d", "expiration": null, "is_active": 1 }, { "id": 30929331, "indicator": "8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 98721c78dfbf8a45d152a888c804427c", "expiration": null, "is_active": 1 }, { "id": 427874457, "indicator": "95e08990fdf11251e9ee935f0b2e075667133758bc68c4d390e82f041a54e4b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Derusbi!dha", "description": "SHA256 of de7500fc1065a081180841f32f06a537", "expiration": null, "is_active": 1 }, { "id": 246183606, "indicator": "9c4053485b37ebc972c95abd98ea4ee386feb745cc012b9e57dc689469ea064f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3e4fbb9190227848af32dacb17e9fd17", "expiration": null, "is_active": 1 }, { "id": 179606, "indicator": "b690394540cab9b7f8cc6c98fd95b4522b84d1a5203b19c4974b58829889da4c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1cb673679f37b6a3f482bb59b52423ab", "expiration": null, "is_active": 1 }, { "id": 30285422, "indicator": "b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2c7bad4f4a4df3025aa1345db27c7408", "expiration": null, "is_active": 1 }, { "id": 2778832034, "indicator": "c177df78fa62496bf86b7fcbe5c8cb51e25da6d139345710700e963f6911eeab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1faf6402f643c306bba4aa50c536f4e1", "expiration": null, "is_active": 1 }, { "id": 2592845591, "indicator": "c317733322bd1c42601cefb6428e72eec2623ca2c0bfcaf8fb4d7256208f8748", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 16652d4213991ae58e268ae03a4c4e97", "expiration": null, "is_active": 1 }, { "id": 1593605825, "indicator": "c6f1a8f9ea60286b24db87d6022991a4342bea473a520569b996a5883332788c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b93197e2aa147fe6b70695ae7bb298b0", "expiration": null, "is_active": 1 }, { "id": 1593551563, "indicator": "c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8ee244ad6b6f2b814d34d26dae880f12", "expiration": null, "is_active": 1 }, { "id": 3360565456, "indicator": "d426869f3dc8c7ffa65d1cf6e4fff8470ac5c0b39a03daff4d6caa0ac806e7c9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Venik.E!dha", "description": "SHA256 of 47619fca20895abc83807321cbb80a3d", "expiration": null, "is_active": 1 }, { "id": 30929332, "indicator": "d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 230d8a7a60a07df28a291b13ddf3351f", "expiration": null, "is_active": 1 }, { "id": 179605, "indicator": "de33dfce8143f9f929abda910632f7536ffa809603ec027a4193d5e57880b292", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8afecc8e61fe3805fdd41d4591710976", "expiration": null, "is_active": 1 }, { "id": 163545, "indicator": "e27fb16dce7fff714f4b05f2cef53e1919a34d7ec0e595f2eaa155861a213e59", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3f3d35208bfe32e64f82593ee89ff462", "expiration": null, "is_active": 1 }, { "id": 3360565457, "indicator": "5f980c567e426e30376b632845f226f24d5556c6", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_19 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-58-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"02fab24461956458d70aeed1a028eb9c\" \n \t\t hash2= \"0a9545f9fc7a6d8596cf07a59f400fd3\" \n \t\t hash3= \"14c04f88dc97aef3e9b516ef208a2bf5\" \n \t\t hash4= \"16652d4213991ae58e268ae03a4c4e97\" \n \t\t hash5= \"1cb673679f37b6a3f482bb59b52423ab\" \n \t\t hash6= \"1faf6402f643c306bba4aa50c536f4e1\" \n \t\t hash7= \"22823fed979903f8dfe3b5d28537eb47\" \n \t\t hash8= \"230d8a7a60a07df28a291b13ddf3351f\" \n \t\t hash9= \"24e9870973cea42e6faf705b14208e52\" \n \t\t hash10= \"26e863f917da0b3f7a48304eb6d1b1d3\" \n \t\t hash11= \"2b5b8070c460bb085921eb3a9e12fa87\" \n \t\t hash12= \"2c7bad4f4a4df3025aa1345db27c7408\" \n \t\t hash13= \"2dce7fc3f52a692d8a84a0c182519133\" \n \t\t hash14= \"3e4fbb9190227848af32dacb17e9fd17\" \n \t\t hash15= \"3f3d35208bfe32e64f82593ee89ff462\" \n \t\t hash16= \"422f3353164aae7afa7429e6721703cc\" \n \t\t hash17= \"47619fca20895abc83807321cbb80a3d\" \n \t\t hash18= \"4a23e0f2c6f926a41b28d574cbc6ac30\" \n \t\t hash19= \"52a1b0de364dfa9bafabde0c07bd90c2\" \n \t\t hash20= \"6668e339d1f11a724aa286593c192472\" \n \t\t hash21= \"740561c8d5d2c658d2134d5107802a9d\" \n \t\t hash22= \"7f466312a3b1176f052f8c05f7781715\" \n \t\t hash23= \"8afecc8e61fe3805fdd41d4591710976\" \n \t\t hash24= \"8ee244ad6b6f2b814d34d26dae880f12\" \n \t\t hash25= \"98721c78dfbf8a45d152a888c804427c\" \n \t\t hash26= \"9b66d0c215af19241631673bd6d9c7d9\" \n \t\t hash27= \"a26e600652c33dd054731b4693bf5b01\" \n \t\t hash28= \"b93197e2aa147fe6b70695ae7bb298b0\" \n \t\t hash29= \"cd8c2bb644496d46bf1e91ad8a8f882b\" \n \t\t hash30= \"dae6b9b3b8e39b08b10a51a6457444d8\" \n \t\t hash31= \"de7500fc1065a081180841f32f06a537\" \n \t\t hash32= \"e81f9dadbdc7eea937e586afc9fb59f8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%08lX%04X%04x%02X%02X%02X%02X%02X%02X%02X%02X\" fullword wide \n \t\t $s2= \"%08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X\" fullword wide \n \t\t $s3= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s4= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s5= \"{3n{y#3n{y#3n{y#3n{y#3n{y#3n{y#3\" fullword wide \n \t\t $s6= \"6.2.9200.16384 (win8_rtm.120725-1247)\" fullword wide \n \t\t $s7= \"{6AB5E732-DFA9-4618-AF1C-F0D9DEF0E222}\" fullword wide \n \t\t $s8= \"{AE2A3887-A30A-4B39-A5E6-AC891A07AFF3}\" fullword wide \n \t\t $s9= \"AFX_WM_CHANGE_CURRENT_FOLDER\" fullword wide \n \t\t $s10= \"AFX_WM_CHANGEVISUALMANAGER\" fullword wide \n \t\t $s11= \"AFX_WM_ON_AFTER_SHELL_COMMAND\" fullword wide \n \t\t $s12= \"AFX_WM_ON_BEFORE_SHOW_RIBBON_ITEM_MENU\" fullword wide \n \t\t $s13= \"AFX_WM_ONCHANGE_ACTIVE_TAB\" fullword wide \n \t\t $s14= \"AFX_WM_ON_CHANGE_RIBBON_CATEGORY\" fullword wide \n \t\t $s15= \"AFX_WM_ON_CHANGING_ACTIVE_TAB\" fullword wide \n \t\t $s16= \"AFX_WM_ON_GET_TAB_TOOLTIP\" fullword wide \n \t\t $s17= \"AFX_WM_ON_HIGHLIGHT_RIBBON_LIST_ITEM\" fullword wide \n \t\t $s18= \"AFX_WM_ON_MOVETABCOMPLETE\" fullword wide \n \t\t $s19= \"AFX_WM_ON_PRESS_CLOSE_BUTTON\" fullword wide \n \t\t $s20= \"AFX_WM_ON_RIBBON_CUSTOMIZE\" fullword wide \n \t\t $s21= \"AFX_WM_ON_TABGROUPMOUSEMOVE\" fullword wide \n \t\t $s22= \"AFX_WM_POSTSETPREVIEWFRAME\" fullword wide \n \t\t $s23= \"BaseNamedObjects{8CB2ff21-0166-4cf1-BD8F-E190BC7902DC}\" fullword wide \n \t\t $s24= \"CDockingPaneAndPaneDividers\" fullword wide \n \t\t $s25= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s26= \"commdlg_LBSelChangedNotify\" fullword wide \n \t\t $s27= \"ConsentPromptBehaviorAdmin\" fullword wide \n \t\t $s28= \"C:WindowsSystem32sysprep\" fullword wide \n \t\t $s29= \"C:WindowsSystem32sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s30= \"C:WindowsSystem32sysprepsysprep.exe\" fullword wide \n \t\t $s31= \"DMFCMaskedEdit_ValidChars\" fullword wide \n \t\t $s32= \"ENABLE_TOOLTIPS_DESCRIPTION\" fullword wide \n \t\t $s33= \"Enpi)Vmrqs$Mmnm-Bivesahl$Dvirev\" fullword wide \n \t\t $s34= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin1.inl\" fullword wide \n \t\t $s35= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin2.inl\" fullword wide \n \t\t $s36= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcappcore.cpp\" fullword wide \n \t\t $s37= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcarray_s.cpp\" fullword wide \n \t\t $s38= \"@f:ddvctoolsvc7libsshipatlmfcsrcmfcauxdata.cpp\" fullword wide \n \t\t $s39= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcauxdata.cpp\" fullword wide \n \t\t $s40= \"@f:ddvctoolsvc7libsshipatlmfcsrcmfcfilecore.cpp\" fullword wide \n \t\t $s41= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcoleipfrm.cpp\" fullword wide \n \t\t $s42= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcolestrm.cpp\" fullword wide \n \t\t $s43= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcviewcore.cpp\" fullword wide \n \t\t $s44= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcwinctrl2.cpp\" fullword wide \n \t\t $s45= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcwinfrm.cpp\" fullword wide \n \t\t $s46= \"FMFCShellTreeCtrl_EnableShellContextMenu\" fullword wide \n \t\t $s47= \"http://myip.dnsomatic.com/\" fullword wide \n \t\t $s48= \"L$_RasDefaultCredentials#0\" fullword wide \n \t\t $s49= \"@MFCColorButton_ColumnsCount\" fullword wide \n \t\t $s50= \"MFCColorButton_EnableAutomaticButton\" fullword wide \n \t\t $s51= \"MFCColorButton_EnableOtherButton\" fullword wide \n \t\t $s52= \"MFCComboBox_DrawUsingFont\" fullword wide \n \t\t $s53= \"@MFCComboBox_ShowDeviceTypeFonts\" fullword wide \n \t\t $s54= \"MFCComboBox_ShowRasterTypeFonts\" fullword wide \n \t\t $s55= \"MFCComboBox_ShowTrueTypeFonts\" fullword wide \n \t\t $s56= \"MFCMaskedEdit_DefaultChar\" fullword wide \n \t\t $s57= \"MFCMaskedEdit_InputTemplate\" fullword wide \n \t\t $s58= \"MFCMaskedEdit_SelectByGroup\" fullword wide \n \t\t $s59= \"MFCMenuButton_DefaultClick\" fullword wide \n \t\t $s60= \"MFCMenuButton_StayPressed\" fullword wide \n \t\t $s61= \"MFCPropertyGrid_AlphabeticMode\" fullword wide \n \t\t $s62= \"MFCPropertyGrid_DescriptionArea\" fullword wide \n \t\t $s63= \"MFCPropertyGrid_DescriptionRows\" fullword wide \n \t\t $s64= \"MFCPropertyGrid_HeaderCtrl\" fullword wide \n \t\t $s65= \"MFCPropertyGrid_ModifiedProperties\" fullword wide \n \t\t $s66= \"MFCPropertyGrid_VSDotNetLook\" fullword wide \n \t\t $s67= \"MFCShellListCtrl_EnableShellContextMenu\" fullword wide \n \t\t $s68= \"MFCVSListbox_BrowseButton\" fullword wide \n \t\t $s69= \"MFCVSListbox_RemoveButton\" fullword wide \n \t\t $s70= \"Nf:ddvctoolsvc7libsshipatlmfcsrcmfcoledrop2.cpp\" fullword wide \n \t\t $s71= \"NTOOLBAR__GETDOCUMENTCOLORS\" fullword wide \n \t\t $s72= \"Preparing Installation...\" fullword wide \n \t\t $s73= \"REGISTRYMachineSoftwareNovell\" fullword wide \n \t\t $s74= \"REGISTRYMACHINESYSTEMControlSet001Services\" fullword wide \n \t\t $s75= \"RegistryMachineSYSTEMCurrentControlSetControlWMI\" fullword wide \n \t\t $s76= \"RegistryMachineSystemCurrentControlSetServices\" fullword wide \n \t\t $s77= \"%sDockablePaneAdapter-%d%x\" fullword wide \n \t\t $s78= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s79= \"SOFTWAREMicrosoftInternet Explorer\" fullword wide \n \t\t $s80= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s81= \"SOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0\" fullword wide \n \t\t $s82= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesComdlg32\" fullword wide \n \t\t $s83= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer\" fullword wide \n \t\t $s84= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesNetwork\" fullword wide \n \t\t $s85= \"SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem\" fullword wide \n \t\t $s86= \"sSYSTEMCurrentControlSetServices\" fullword wide \n \t\t $s87= \"SYSTEMCurrentControlSetControlPnp\" fullword wide \n \t\t $s88= \"SystemCurrentControlSetServices\" fullword wide \n \t\t $s89= \"SYSTEMCurrentControlSetServices\" fullword wide \n \t\t $s90= \"U_i=V`j>Wak?Xbl@YcmAZdnB[eoCfpD]gq\" fullword wide \n \t\t $s91= \"%WINDIR%PCHealthHelpCtrBinariespchsvc.dll\" fullword wide \n \t\t $s92= \"WINDOWSSYSTEM32INETSRVW3WP.EXE\" fullword wide \n \t\t $s93= \"WINDOWSSYSTEM32WINLOGON.EXE\" fullword wide \n \t\t $s94= \";WV\" fullword wide \n \t\t $s95= \"WYWCKRA.54*4*0*412$F57(F58\" fullword wide \n \t\t $a1= \"LQgiBpZcu/Br5mZudO12J76Wv2aM+fMl9owZzKiXLA+91PkiFocyvGpyGIjkJNFw\" fullword ascii \n \t\t $a2= \"MIIBCAKCAQEAraWJCGOetmHnY0QnEbybkBR2JDGA9wWSyXPkA1GDsLB0/nM5vHIX\" fullword ascii \n \n \t\t $hex1= {2461313d20224c5167} \n \t\t $hex2= {2461323d20224d4949} \n \t\t $hex3= {247331303d20224146} \n \t\t $hex4= {247331313d20224146} \n \t\t $hex5= {247331323d20224146} \n \t\t $hex6= {247331333d20224146} \n \t\t $hex7= {247331343d20224146} \n \t\t $hex8= {247331353d20224146} \n \t\t $hex9= {247331363d20224146} \n \t\t $hex10= {247331373d20224146} \n \t\t $hex11= {247331383d20224146} \n \t\t $hex12= {247331393d20224146} \n \t\t $hex13= {2473313d2022253038} \n \t\t $hex14= {247332303d20224146} \n \t\t $hex15= {247332313d20224146} \n \t\t $hex16= {247332323d20224146} \n \t\t $hex17= {247332333d20224261} \n \t\t $hex18= {247332343d20224344} \n \t\t $hex19= {247332353d2022434c} \n \t\t $hex20= {247332363d2022636f} \n \t\t $hex21= {247332373d2022436f} \n \t\t $hex22= {247332383d2022433a} \n \t\t $hex23= {247332393d2022433a} \n \t\t $hex24= {2473323d2022253038} \n \t\t $hex25= {247333303d2022433a} \n \t\t $hex26= {247333313d2022444d} \n \t\t $hex27= {247333323d2022454e} \n \t\t $hex28= {247333333d2022456e} \n \t\t $hex29= {247333343d2022663a} \n \t\t $hex30= {247333353d2022663a} \n \t\t $hex31= {247333363d2022663a} \n \t\t $hex32= {247333373d2022663a} \n \t\t $hex33= {247333383d20224066} \n \t\t $hex34= {247333393d2022663a} \n \t\t $hex35= {2473333d2022253270} \n \t\t $hex36= {247334303d20224066} \n \t\t $hex37= {247334313d2022663a} \n \t\t $hex38= {247334323d2022663a} \n \t\t $hex39= {247334333d2022663a} \n \t\t $hex40= {247334343d2022663a} \n \t\t $hex41= {247334353d2022663a} \n \t\t $hex42= {247334363d2022464d} \n \t\t", "title": "", "description": "APTMalware_APT_19 Group", "expiration": null, "is_active": 1 }, { "id": 2709008, "indicator": "19610f0d343657f6842d2045e8818f09", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708964, "indicator": "3cbb5664d70bbe62f19ee28f26f21d7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708959, "indicator": "684888079aaf7ed25e725b55a3695062", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726554, "indicator": "d316848ce47c098ccfe72aa7311aaffa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "PlugX", "description": "", "expiration": null, "is_active": 1 }, { "id": 12129081, "indicator": "2d0ee3b718ec4e391753616853286c22be7bf521", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA1 of 684888079aaf7ed25e725b55a3695062", "expiration": null, "is_active": 1 }, { "id": 10993767, "indicator": "4132068417bcbffec16ac655a14f29aa74189fcb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "PlugX", "description": "SHA1 of d316848ce47c098ccfe72aa7311aaffa", "expiration": null, "is_active": 1 }, { "id": 10993768, "indicator": "42d5c9c4c02e6d5c88ec0acce72327389a92f0d7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA1 of 19610f0d343657f6842d2045e8818f09", "expiration": null, "is_active": 1 }, { "id": 10993774, "indicator": "6edd9bb17a999b5f5abcf123a2701e4ea4ada9a2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA1 of 3cbb5664d70bbe62f19ee28f26f21d7e", "expiration": null, "is_active": 1 }, { "id": 2150320, "indicator": "2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA256 of 684888079aaf7ed25e725b55a3695062", "expiration": null, "is_active": 1 }, { "id": 2663217, "indicator": "4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA256 of 19610f0d343657f6842d2045e8818f09", "expiration": null, "is_active": 1 }, { "id": 2663218, "indicator": "4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "ChChes, PlugX", "description": "SHA256 of 3cbb5664d70bbe62f19ee28f26f21d7e", "expiration": null, "is_active": 1 }, { "id": 2663230, "indicator": "6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "PlugX", "description": "SHA256 of d316848ce47c098ccfe72aa7311aaffa", "expiration": null, "is_active": 1 }, { "id": 151283, "indicator": "001b8f696b6576798517168cd0a0fb44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726335, "indicator": "007f5599898ab9013672226b4c5f57e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726336, "indicator": "01468a69ca8676b51a357676e0856c88", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305792, "indicator": "018509c1165817d4b0a3e728eab41ea0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726337, "indicator": "0232172544079ff42890db4fd248cc11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726339, "indicator": "0506cf6d4e86c9ad1d4ea985f43582c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726340, "indicator": "05138bd38f7c63313cb72b4ed5c241fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726343, "indicator": "05c974fa1e5c11e472706f98c9923f61", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726345, "indicator": "076ec3aa6b0cb93e7d4cd607f3ced946", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709006, "indicator": "07abd6583295061eac2435ae470eff78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305855, "indicator": "08709f35581e0958d1ca4e50b7d86dba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128718, "indicator": "08a268a4c473f9920b254a6b6fc62548", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726347, "indicator": "08f10881e2c57eb6f7368b7c06735826", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128719, "indicator": "0921d7b4bf06276f4f59c85eb240da29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709017, "indicator": "098bfd5c1e7a5cf9f914c09abacb58f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708969, "indicator": "0ad3ed5588eec7ba4988c8892a5c2946", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2036547, "indicator": "0b6845fbfa54511f21d93ef90f77c8de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726349, "indicator": "0b87f38f9151ef81e07c2cdd8a602335", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708985, "indicator": "0c0a39e1cab4fc9896bdf5ef3c96a716", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981834, "indicator": "0dc209a146d163f70a8f7d2a6cfd33e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708977, "indicator": "0f6b00b0c5a26a5aa8942ae356329945", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726352, "indicator": "102494d665b137bf91e902076f339185", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726353, "indicator": "10c13a817bf7622b2359d1816be4c122", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305645, "indicator": "11ea8d8dd0ffde8285f3c0049861a442", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708987, "indicator": "13cdd0d9f222a47589c5c71fa3ac2cbe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726357, "indicator": "15faecbbc412a7c3bd1049d77bc7618b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331061, "indicator": "16ab92cc9a5d40cf0e3fa01fed0dd80f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128720, "indicator": "17b8e6ac3830ad58afe1a70df4319fae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726358, "indicator": "184dd07bc91cc915aebf157a8b28066d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128721, "indicator": "19417f7551bc54db6783823325557773", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331063, "indicator": "1a14bd60f4c49d1aebd245968a3a654f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726361, "indicator": "1b50e838babcd80ab95cff14bdf22a69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305689, "indicator": "1b851bb23578033c79b8b15313b9c382", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709003, "indicator": "1b891bc2e5038615efafabe48920f200", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726362, "indicator": "1bc481cb01b205095c86174a171676d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726363, "indicator": "1c3fe3ec1148fa72c18e2fcc3cdb354f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709004, "indicator": "1d0105cf8e076b33ed499f1dfef9a46b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726365, "indicator": "1d3ebced0619f8e399a91735a05cf617", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726366, "indicator": "1ecbff1a46a8ec9a0c3ee45a390950a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726368, "indicator": "200c06f1be562a09cafab07d22838767", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150717, "indicator": "21567cce2c26e7543b977a205845ba77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305676, "indicator": "223d1396f2b5b7719702c980cbd1d6c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128725, "indicator": "22d799e3fe58e5d10341080d370b683e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726370, "indicator": "233368858a54e5f41f28dbbb7b9bb245", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709002, "indicator": "234257c192caa419d14096f104b03e06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 2304405, "indicator": "23d03ee4bf57de7087055b230dae7c5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708973, "indicator": "24c2661aece1c089aa57c6efa7380e9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726372, "indicator": "250495a936dd186b689438aab3cea65b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726373, "indicator": "251a5361efa82fb66e0832cc2de63b93", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709007, "indicator": "257b3ed1145c25e3e67f83f61a637034", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726374, "indicator": "25a11276aa992478f4c21c64ee409b35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128726, "indicator": "25a2bb2eda3c432a4c1ce481d9ceb2e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128727, "indicator": "2685d8eb6009fd7f03956928f08071de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726375, "indicator": "26c7326f4449c1337fc42e43ca0790dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726378, "indicator": "291976ba47cec4b3c0e31cbc50ab1923", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981836, "indicator": "2a92aff566d6b1253e5c63336c32df73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331064, "indicator": "2b7db3f35255c34676570dcff88cc7b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128728, "indicator": "2bd698ae474b18cf4748edd99bd6c9e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Plugx.L!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2262294, "indicator": "2d1e048030c27e2d57f0448df78142f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.9442646-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981837, "indicator": "312d49a05b6effe1f2ef2775c13b4382", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331065, "indicator": "3160654955f818072f6f8a8782e0f16f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Poison.CD", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981838, "indicator": "32d85825a7f627cdf8070a379b6b464f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709012, "indicator": "354b40f155beefcac3a41c2ffabbf6c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726387, "indicator": "35947b085e4593ccf38a5eb26ca4d4cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726388, "indicator": "37a5d27d49385f4e8edb94ad83b38164", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Rbot-EUH", "description": "", "expiration": null, "is_active": 1 }, { "id": 2304403, "indicator": "37c89f291dbe880b1f3ac036e6b9c558", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5365655, "indicator": "392f15c431c00f049bb1282847d8967f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708986, "indicator": "3afa9243b3aeb534e02426569d85e517", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726392, "indicator": "3d83df756cc1e575755a7a3a8d9d8afc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "BC.Legacy.Exploit.CVE_2010_3333-5", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981839, "indicator": "3dca6cbf1981ab987987966228d95e55", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726396, "indicator": "40ae680e0f9cf3ae344ad97c55723aa9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708967, "indicator": "429f5048462fd037e3ad7f8a211004c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708998, "indicator": "42c6e38375e46075eb1abd7a41ae15c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331067, "indicator": "433f5dc5546d98cc9e4597b342df31cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128730, "indicator": "45f5b2404eefe7672534bcd13466987d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709005, "indicator": "472b1710794d5c420b9d921c484ca9e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331068, "indicator": "4840ee7971322e1a6da801643432b25f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726400, "indicator": "492c9ea17e215053db1c214bb369684f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305789, "indicator": "494e65cf21ad559fccf3dacdd69acc94", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-14191", "description": "", "expiration": null, "is_active": 1 }, { "id": 18385, "indicator": "4a076785e9786324bb852dd5bc27f10b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981840, "indicator": "4b7cc736e85f6c2d128a78c69280f12c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331069, "indicator": "4d3c31e95879ca85caadaad0c91974e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Pincav-2543", "description": "", "expiration": null, "is_active": 1 }, { "id": 2617054, "indicator": "4d449395552584ef28c7dea47e54cb30", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726403, "indicator": "4d4ecaa074e5bab3ecc0c68de10687e5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981841, "indicator": "4e6bf299554a356e91e9d230014075fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726405, "indicator": "4f505ca0ea4540e6662def1c1ddadd03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331071, "indicator": "50b03a4d7ff45c2d8724de1292c1b8f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726407, "indicator": "52f6a991feb2785451d66b49f287e588", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981843, "indicator": "531a86012f2250e97a75323b9b64d63a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708988, "indicator": "53c8096033db54e5ec3d5eb9ac080fc4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726410, "indicator": "55b8690c0aae4e500e645d5f49ce5a13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128731, "indicator": "578b17334312f81934adfed048ffdafd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708975, "indicator": "583ab1678588b754899b9d2c58f20aa2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331260, "indicator": "584f13c639ecf696781515a593234deb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981844, "indicator": "58553dcf4f13b6ec1dde8ba2a58ec8e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726411, "indicator": "588f58afc2298e6b31e44ebc86aee104", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.24465-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726412, "indicator": "59a3ff3496740ceea97ff70a980bc3ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726413, "indicator": "5a78974df88ab6a67bb72a5c7a437fb2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128732, "indicator": "5b425dcf90df36706bcdd21438d6d32a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305670, "indicator": "5c5401fd7d32f481570511c73083e9a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981845, "indicator": "5e0091c529d7d43f803c2cfff5de28d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331261, "indicator": "5e8d1e8518d10893eab0b1b1ebb6c97d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726416, "indicator": "5ed1cb6e270a66d593478ebfefd7213d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331262, "indicator": "5ef46462597297547be10a6ac9a28247", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726417, "indicator": "5f3b25e36f6c6637eb08dcca1c3a8ed6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726419, "indicator": "6285cba13fc5c2538e31c7f2529c7069", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708999, "indicator": "62898b77bd9e8e286d6bc760f3e28981", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128733, "indicator": "667989ffa5e77943f3384e78adf93510", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2304401, "indicator": "686bb59ea637fb3af214c8c21761cda8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_OpCloudHopper_Malware_3", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981846, "indicator": "69f8ac18b047aa0c70eaf982fa1e483c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 148173, "indicator": "6a3b8d24c125f3a3c7cff526e63297f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726422, "indicator": "6b27330b779541ae8f3de7a491a19d8f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5365664, "indicator": "6f3d15cf788e28ca504a6370c4ff6a1e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2036548, "indicator": "6f5648ea4ca8a65c36c328c5ae8ac096", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726424, "indicator": "6fea7954ab3d31414946d95e72f3152c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305838, "indicator": "6ff16afc92ce09acd2e3890b780efd86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726425, "indicator": "726788726dfb19231c6fc9c83ee2f392", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726426, "indicator": "72f50a28656fa65b6d770af89ed82d69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709021, "indicator": "75500bb4143a052795ec7d2e61ac3261", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709018, "indicator": "7891f00dcab0e4a2f928422062e94213", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726429, "indicator": "78c309be8437e7c1d2dd3f12d7c034c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726430, "indicator": "79e5a1d9adad4d64c8f5be2eb8345605", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709013, "indicator": "7af04a468de09c519681dcb0bd77030b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1339067", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726431, "indicator": "7bee1d0709169e07db6182e65dc50b60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726434, "indicator": "7f9692ba1a14c9c5ea97d6182f07051b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709030, "indicator": "7fe3e44991c645642119fcc683bd62df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726435, "indicator": "80fa12d221adba53b8e7f9514960f945", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305877, "indicator": "82f926009c06dfa452714608da21cb77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981848, "indicator": "8312e9bd38f9116214d32c5a829e9529", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726436, "indicator": "83448fc10f297a6968aeda7c02b09051", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331267, "indicator": "841dfe3eaafe68cc0b989fbf55a34c9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726437, "indicator": "84e767032054e0c2fef5764fb60679f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726438, "indicator": "850a7e877d8e68188714ff5344f6fc15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2148502, "indicator": "8a21337be17e1e921eeb4d1b9c1b4773", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Posploi.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709011, "indicator": "8a93859e5f7079d6746832a3a22ff65c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981851, "indicator": "8af979b96c28131f394e267c6210ba91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726441, "indicator": "8c9e843d62ff89f15c25517eff02497b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726442, "indicator": "8d6b6e023b4221bae8ed37bb18407516", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708989, "indicator": "8ece7de82e1bdd4659a122c06ea9533e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726443, "indicator": "923c0e5dec753e3b7eb6d8f441a7206f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331268, "indicator": "93a4328e1e347447044146b53972cd37", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726447, "indicator": "95da3987c6ebd2646e90b7c2a42c19a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709025, "indicator": "99d33c40d22a14f90dd6cdb1d639163b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305810, "indicator": "9a014c33f9a9958ffbcf99d2a71d52fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 8901081, "indicator": "9a8c76271210324d97a232974ca0a6a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726450, "indicator": "9af4c1e5bb81bf2df607653fcc25915a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331269, "indicator": "9da42d0bce9f5dbf22d33df77c561bda", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981852, "indicator": "9df608f5bd1e6d2cac11950cf8a75a80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726452, "indicator": "9ed1164f4f6a337cde2ba6e7c72730cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128739, "indicator": "9ee006601c5ee9f6f1992ec38fed63f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331270, "indicator": "9ee1d2df2abe915b84980af9675f4180", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981853, "indicator": "9fb73e749107447fccd5bb48627fd6a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2005", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726453, "indicator": "a07fea56b45d0d1ebb6df4589e750464", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726455, "indicator": "a1942d1cc7552387393b91a14c9a3d73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128740, "indicator": "a1d0f8895052b60c4d2860556494f233", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331271, "indicator": "a2768b46a48c72e6f183c99333c14ff6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709029, "indicator": "a32468828c12657497cddf57190f5700", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726456, "indicator": "a50c5ba8a92c7b199ac9e20a815d9e69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128741, "indicator": "a75bea992cef46c1a4ee5146150540aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981855, "indicator": "a79f96647c4ca5527e56057d5173ab47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331272, "indicator": "ab57a44d58dad47314048c8b3ccff60b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708993, "indicator": "ac0ff4bad83350b7dde27af8728a469f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708963, "indicator": "ac725400d9a5fe832dd40a1afb2951f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726460, "indicator": "ac86c256b30534d5ede4a0df1019507e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331273, "indicator": "ae3c3741c6fc6fe9bafae5fd352e58f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981856, "indicator": "aed6ec002370818ddab2ca164a6b4e18", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709010, "indicator": "b0649c1f7fb15796805ca983fd8f95a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726462, "indicator": "b0f541cd6bff77de916e58d493f54b10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128742, "indicator": "b18a316b2ce6e099fe7fbf69283cbc5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726464, "indicator": "b2dfe6d3be38cef08e9a3141ca3599c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8981857, "indicator": "b3139b26a2dabb9b6e728884d8fa8b33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726535, "indicator": "b332234f01ec229a03c0c60045f37072", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708971, "indicator": "b34402586a077b7ed11b44d042c7aabf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726537, "indicator": "b4bea824c539785dedb83c8599c90255", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331276, "indicator": "babd8cd2f24c809fedec1a5642b5fe46", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726541, "indicator": "bd1ae82185d3eb0a8c8c615e710240ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-7350", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726542, "indicator": "bd64660692b84e2b6fcb25d02cecbbcb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726543, "indicator": "bdd054de9e710830ac04b6f076fc5f71", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2663243, "indicator": "c0c8dcc9dad39da8278bf8956e30a3fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2323958, "indicator": "c1cb28327d3364768d1c1e4ce0d9bc07", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331277, "indicator": "c1e5c46e4ef284f2922bb458c9ba3ce2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708996, "indicator": "c2a07ca21ecad714821df647ada8ecaa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331278, "indicator": "c32c1cc761f92e60dd3d92f895ecd4db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726546, "indicator": "c578b8db3869d92482fc77eeedf41eb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726547, "indicator": "c7f6e98e4539bd127573cd5934256c91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709014, "indicator": "c870ce1cbc120f74059e5f1bb1f76040", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726548, "indicator": "c93eef1b06805a23e655c3856e7c7a17", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128744, "indicator": "ca507b0dd178471e9cadf4ca313a67e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2323965, "indicator": "ca9644ef0f7ed355a842f6e2d4511546", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726551, "indicator": "cddfa154bbe89d4627210eba087c3504", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150760, "indicator": "d108706282a7ec7a9a9452e6e88e33ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331280, "indicator": "d1adc4f3a766b1bc55e3508c380c6d3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709024, "indicator": "d1bab4a30f2889ad392d17573302f097", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 18252, "indicator": "d32be2f813971ec66c54697d78229653", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726555, "indicator": "d3ae29e3719d5fd68d31bf3c4d9eac30", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128745, "indicator": "d4398f6f7ba070b6cdee7204f6862bd9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726557, "indicator": "d508147fed6e41bfc31ad8151bc0bb13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726558, "indicator": "d537ce1bb88d7bd0d9d30f0554b91f51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726560, "indicator": "d67e2f5e6a0b046ae3bf5c61f1f384ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709016, "indicator": "d69598758998cf5f677be9312b807938", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726561, "indicator": "d7dc970923cc80be272aaf6bd1a59fe7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2617486, "indicator": "d81b91cd4c6f42eb7049109cb42461ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2305652, "indicator": "d84851ad131424f04fbffc3bbac03bff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726562, "indicator": "d9a958d55d457d745998ee70cf025cb9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726563, "indicator": "d9f87e744dbc898212a9eaa4594301b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8982017, "indicator": "da5ee020bef41dc95c3532cbaa1ea8f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8813844, "indicator": "db212129be94fe77362751c557d0e893", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709015, "indicator": "dbb867c2250b5be4e67d1977fcf721fb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331281, "indicator": "dc6ffd15d88f15f129f6f00f4fb82a0a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726565, "indicator": "de32915056d480b8b722e0a93164dbfe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331282, "indicator": "e0593f81fdf39eefd17427adac3825e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8982019, "indicator": "e0ab70ff814592a18864eb05a516a711", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 18232, "indicator": "e1663b6462115ba929b05bb75a61ed5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726567, "indicator": "e1fbf8d74b622fde3cf765a3a51ca39f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8982020, "indicator": "e61c043005c16028dd55c04b14041f5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726570, "indicator": "e68ac9e407477b29073ebe4a15e1f520", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708994, "indicator": "e696b38ac71b23f50ee68da06a004af3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128747, "indicator": "e6c596cfa163fe9b8883c7618d594018", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726575, "indicator": "e84b87db6ae7c34fc7e6bc2f0bef4ae4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709027, "indicator": "e85005524e8e6a8612c9d0899bb952d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128748, "indicator": "e8f3790cfac1b104965dead841dc20b2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708966, "indicator": "e975d5b29d988929e5ad3a8fa19083d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726577, "indicator": "edfa6607207ddbca961ae7b78405f761", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128749, "indicator": "ef9d8cd06de03bd5f07b01c1cce9761f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 365035, "indicator": "f01a9a2d1e31332ed36c1a4d2839f412", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709022, "indicator": "f03f70d331c6564aec8931f481949188", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8982022, "indicator": "f0be554b1d9b394bc2a90322ca944fce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 364913, "indicator": "f310584eb1538cb78ca8c225038b2e54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331283, "indicator": "f41023d4b0fe091eaeb778c621ac38d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2709020, "indicator": "f5744d72c6919f994ff452b0e758ffee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708997, "indicator": "f586edd88023f49bc4f9d84f9fb6bd7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8982023, "indicator": "f68008057ff5dbc67c938b3f5f68a54d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726584, "indicator": "f6a79b54c6351c32fe35cda9a78b607f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726585, "indicator": "f6caa0160a6f0e5264fd16fa5ae95696", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 6128750, "indicator": "f86c912661dbda535cbab464e79e26be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2708979, "indicator": "faacabea42afbc6cd5ce684e1bbfb073", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726587, "indicator": "faf9576ce2af23aac67d3087eb85a92b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331285, "indicator": "fb0c714cd2ebdcc6f33817abe7813c36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 8726589, "indicator": "fc26ad639598a92546af2daa6f6a7afd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 9331286, "indicator": "fc7487a7f35a510246280589f228ecfc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360565531, "indicator": "00721596976fa4fcad58b494ae9bd230e0557fb5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 9a014c33f9a9958ffbcf99d2a71d52fe", "expiration": null, "is_active": 1 }, { "id": 2663246, "indicator": "009b639441ad5c1260f55afde2d5d21fc5b4f96c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c0c8dcc9dad39da8278bf8956e30a3fc", "expiration": null, "is_active": 1 }, { "id": 1598534657, "indicator": "01d6e50b2fbba59ca22930075c1022b840c4b240", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ac725400d9a5fe832dd40a1afb2951f8", "expiration": null, "is_active": 1 }, { "id": 3360565731, "indicator": "03547dc9ebb66642a49c38491ef9f40faa0dc80f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 55b8690c0aae4e500e645d5f49ce5a13", "expiration": null, "is_active": 1 }, { "id": 2824088446, "indicator": "051a3725a6c4d3531ba02ba037c83452a4d86972", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 8d6b6e023b4221bae8ed37bb18407516", "expiration": null, "is_active": 1 }, { "id": 3254663162, "indicator": "058871fbe4a0d1c74503ae63319837bc16f700d7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9ee006601c5ee9f6f1992ec38fed63f6", "expiration": null, "is_active": 1 }, { "id": 3360565732, "indicator": "0cfca7bd4964abb241af2b047da9e71eba09e8a0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA1 of ae3c3741c6fc6fe9bafae5fd352e58f7", "expiration": null, "is_active": 1 }, { "id": 3254663173, "indicator": "0d1563d91b6505b127b05a69e7d8559c658d1316", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 16ab92cc9a5d40cf0e3fa01fed0dd80f", "expiration": null, "is_active": 1 }, { "id": 3190220652, "indicator": "0fbad19225d208b3b3a31d8dbba2415e586fc10f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA1 of 15faecbbc412a7c3bd1049d77bc7618b", "expiration": null, "is_active": 1 }, { "id": 3254663362, "indicator": "0ffd734acd75d09b6c1acd6237a568828beef7f7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Poison.CD", "description": "SHA1 of 3160654955f818072f6f8a8782e0f16f", "expiration": null, "is_active": 1 }, { "id": 3190220653, "indicator": "112ae3b5c9f3576693a17ea2f2ea2d306fc85494", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 433f5dc5546d98cc9e4597b342df31cf", "expiration": null, "is_active": 1 }, { "id": 2150335, "indicator": "154669ce22c0b29af28e0677bc65c43fc35cdd6a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6f5648ea4ca8a65c36c328c5ae8ac096", "expiration": null, "is_active": 1 }, { "id": 3190220654, "indicator": "175fd1bf1511d358de62154cecf79b4d143b921d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 79e5a1d9adad4d64c8f5be2eb8345605", "expiration": null, "is_active": 1 }, { "id": 3254663193, "indicator": "1a306edde3747adb4da4c4bfc908c190ab525513", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2685d8eb6009fd7f03956928f08071de", "expiration": null, "is_active": 1 }, { "id": 3078137886, "indicator": "1b9754a3f9ff90fb6b39a503981561bcb72b9ab1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0506cf6d4e86c9ad1d4ea985f43582c6", "expiration": null, "is_active": 1 }, { "id": 18646, "indicator": "1c6a50e51203fda640b8535268bee657591d0ac5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 62898b77bd9e8e286d6bc760f3e28981", "expiration": null, "is_active": 1 }, { "id": 3078137885, "indicator": "1cb03560f401f055a97d7c5d1cdbd4b03219e766", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 007f5599898ab9013672226b4c5f57e1", "expiration": null, "is_active": 1 }, { "id": 3190220655, "indicator": "1d38ae76fd3622e2a0b0e960e0fab48f46c7d5c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2a92aff566d6b1253e5c63336c32df73", "expiration": null, "is_active": 1 }, { "id": 10993762, "indicator": "1f412a62f50ff71f0b2b2f54aaa980962ebfd8a4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0f6b00b0c5a26a5aa8942ae356329945", "expiration": null, "is_active": 1 }, { "id": 3360565733, "indicator": "2607eeb1bbacb766b1c54e53e8eeda2527b58791", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 11ea8d8dd0ffde8285f3c0049861a442", "expiration": null, "is_active": 1 }, { "id": 3190220659, "indicator": "2664b3eed644cb281275fea8446296f413c8b0ca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 0b87f38f9151ef81e07c2cdd8a602335", "expiration": null, "is_active": 1 }, { "id": 3078137888, "indicator": "295dea6637df777d60b337abb76b63afe4b7f771", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 076ec3aa6b0cb93e7d4cd607f3ced946", "expiration": null, "is_active": 1 }, { "id": 3254663160, "indicator": "2c10358634f2b96ffe284341e96801e8b57c80e0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of 841dfe3eaafe68cc0b989fbf55a34c9c", "expiration": null, "is_active": 1 }, { "id": 3190220660, "indicator": "2c1744267343452845c21c797abcdae81bb25f66", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 312d49a05b6effe1f2ef2775c13b4382", "expiration": null, "is_active": 1 }, { "id": 10993765, "indicator": "2d5c5e210c7db4ba6012bd761154db0d1f5cd658", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 19417f7551bc54db6783823325557773", "expiration": null, "is_active": 1 }, { "id": 3190220663, "indicator": "2e6381a3ea62686bcc6bd1601b5a154ae952f79c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 233368858a54e5f41f28dbbb7b9bb245", "expiration": null, "is_active": 1 }, { "id": 3360565734, "indicator": "3185d5b242c46d7eeac2b0fb548af1c939c1ee2a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of 9af4c1e5bb81bf2df607653fcc25915a", "expiration": null, "is_active": 1 }, { "id": 3360565735, "indicator": "32c1ce0e3c8072f218d5db7909be4e5ece1c85b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of bd64660692b84e2b6fcb25d02cecbbcb", "expiration": null, "is_active": 1 }, { "id": 3190220665, "indicator": "347c693ac2a013945b2f6e42f57be3ad08c38e84", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA1 of 1d3ebced0619f8e399a91735a05cf617", "expiration": null, "is_active": 1 }, { "id": 3190220667, "indicator": "348cacce2b998f7b5540e7f0ef76474d5dbca67a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 5e8d1e8518d10893eab0b1b1ebb6c97d", "expiration": null, "is_active": 1 }, { "id": 3360565736, "indicator": "34a716a9952986f09524137638830538e2c0cc11", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "BC.Legacy.Exploit.CVE_2010_3333-5", "description": "SHA1 of 3d83df756cc1e575755a7a3a8d9d8afc", "expiration": null, "is_active": 1 }, { "id": 3190220668, "indicator": "3543ce7edb422c9e66a1b9c3b1b30de17938f1a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.24465-1", "description": "SHA1 of 588f58afc2298e6b31e44ebc86aee104", "expiration": null, "is_active": 1 }, { "id": 1458453899, "indicator": "3976e91df305c07542aebd5ade6c42af21cab039", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9ee1d2df2abe915b84980af9675f4180", "expiration": null, "is_active": 1 }, { "id": 3008023397, "indicator": "3ad9848c2cc59208007e3ee95af9565b52223ac7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-14191", "description": "SHA1 of 494e65cf21ad559fccf3dacdd69acc94", "expiration": null, "is_active": 1 }, { "id": 3254663363, "indicator": "3cc3170ecf3d636aab744bda3a9063de8d446396", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1a14bd60f4c49d1aebd245968a3a654f", "expiration": null, "is_active": 1 }, { "id": 3078137889, "indicator": "42e012f825d2a0bf947abda7d3a1c74f1441e4c7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 08a268a4c473f9920b254a6b6fc62548", "expiration": null, "is_active": 1 }, { "id": 3360565737, "indicator": "4fd2827f8f35f69ce024b3d8519fe75580dd15a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 82f926009c06dfa452714608da21cb77", "expiration": null, "is_active": 1 }, { "id": 3360565738, "indicator": "592e468269be785121d62b4322f1cb0e4c2c2286", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6b27330b779541ae8f3de7a491a19d8f", "expiration": null, "is_active": 1 }, { "id": 3254663189, "indicator": "5afd083d7ef4d7b6efe145e50d4d41753f87fe6f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 583ab1678588b754899b9d2c58f20aa2", "expiration": null, "is_active": 1 }, { "id": 10993771, "indicator": "5b045d98606f000a236b1bd4ac4c9e482b3f5475", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d1bab4a30f2889ad392d17573302f097", "expiration": null, "is_active": 1 }, { "id": 2262435, "indicator": "5c01fe7c7200be9bdca1da34b6af1ac4e089712b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.9442646-1", "description": "SHA1 of 2d1e048030c27e2d57f0448df78142f6", "expiration": null, "is_active": 1 }, { "id": 3254663172, "indicator": "5e3270117d45f5cb6de96ce5f6038f0f629a4c3f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 13cdd0d9f222a47589c5c71fa3ac2cbe", "expiration": null, "is_active": 1 }, { "id": 3360565739, "indicator": "616923abe3859fc58ec2b0aa8ecc27fd97631128", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of c578b8db3869d92482fc77eeedf41eb0", "expiration": null, "is_active": 1 }, { "id": 16317698, "indicator": "729f0b2521c30cb58a2d5278786be286574d7748", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of ac0ff4bad83350b7dde27af8728a469f", "expiration": null, "is_active": 1 }, { "id": 10993775, "indicator": "741e955a9e458a70b5c085b3bfba800fdfb4ccde", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c1cb28327d3364768d1c1e4ce0d9bc07", "expiration": null, "is_active": 1 }, { "id": 3360565740, "indicator": "7a9fc4f7777c4f3c6732189c4794df46b60e4af7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 83448fc10f297a6968aeda7c02b09051", "expiration": null, "is_active": 1 }, { "id": 10993938, "indicator": "83d419bc812d08c9d09baa49a4313a81eda54702", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8ece7de82e1bdd4659a122c06ea9533e", "expiration": null, "is_active": 1 }, { "id": 3254663163, "indicator": "840e57e85d066dc4d2f913f741dbf10e64bd7936", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d4398f6f7ba070b6cdee7204f6862bd9", "expiration": null, "is_active": 1 }, { "id": 3360565741, "indicator": "86cc332cd9c2590828640dfba215a52c7e9cd14f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-7350", "description": "SHA1 of bd1ae82185d3eb0a8c8c615e710240ac", "expiration": null, "is_active": 1 }, { "id": 3190220681, "indicator": "8dd140a51e2de68f22455dae51aa6312fabf8701", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 72f50a28656fa65b6d770af89ed82d69", "expiration": null, "is_active": 1 }, { "id": 3190220682, "indicator": "90b6ff5c3d22315c2749d691d156fd1845c7668e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Rbot-EUH", "description": "SHA1 of 37a5d27d49385f4e8edb94ad83b38164", "expiration": null, "is_active": 1 }, { "id": 3190220683, "indicator": "943a8daed587b412689f4ef972592417afa858c7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 250495a936dd186b689438aab3cea65b", "expiration": null, "is_active": 1 }, { "id": 3360565742, "indicator": "951cfa2ae5234eab2e335a0b7e13499e52a30ea2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of a1942d1cc7552387393b91a14c9a3d73", "expiration": null, "is_active": 1 }, { "id": 3254663069, "indicator": "95ae603333f702c6d6ab8949c0712572cd8dc5b5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c870ce1cbc120f74059e5f1bb1f76040", "expiration": null, "is_active": 1 }, { "id": 2582701920, "indicator": "a517b360d8b0749cbd30f2b19e4675af6f745d96", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 429f5048462fd037e3ad7f8a211004c6", "expiration": null, "is_active": 1 }, { "id": 10993944, "indicator": "a7d0b38bda630c927820380d311ddc70a9606407", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 75500bb4143a052795ec7d2e61ac3261", "expiration": null, "is_active": 1 }, { "id": 10993951, "indicator": "aee17dbab01ed334bb94506fcbc2ed259242159e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 667989ffa5e77943f3384e78adf93510", "expiration": null, "is_active": 1 }, { "id": 3360565743, "indicator": "b00bfb120c4d6688bd7b31cc9359743609138347", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 59a3ff3496740ceea97ff70a980bc3ae", "expiration": null, "is_active": 1 }, { "id": 1598534709, "indicator": "b0686c67fe1ab7a70d3a00eb7416938206e4d667", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9a8c76271210324d97a232974ca0a6a3", "expiration": null, "is_active": 1 }, { "id": 3190220685, "indicator": "b0d925a6cff86161569d0bb53376b12529b37b64", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Pincav-2543", "description": "SHA1 of 4d3c31e95879ca85caadaad0c91974e3", "expiration": null, "is_active": 1 }, { "id": 1530146951, "indicator": "b1bf4111980cf3eaf33433914de10dd6f39f8602", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_OpCloudHopper_Malware_3", "description": "SHA1 of 686bb59ea637fb3af214c8c21761cda8", "expiration": null, "is_active": 1 }, { "id": 12129085, "indicator": "b23d698df6594f690f3462e238e1e9f2ec029bbf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4f505ca0ea4540e6662def1c1ddadd03", "expiration": null, "is_active": 1 }, { "id": 3360565744, "indicator": "b6b44b550359eb83d824ae1023c14ba1b72a285b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 17b8e6ac3830ad58afe1a70df4319fae", "expiration": null, "is_active": 1 }, { "id": 2233965403, "indicator": "b6d17ae3900e72df2e9ffbf7f03d18e6d7112942", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a32468828c12657497cddf57190f5700", "expiration": null, "is_active": 1 }, { "id": 3360565745, "indicator": "b7bc146e9a2bbad4a2fa3e0fb41ecd6a22f66d36", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of a1d0f8895052b60c4d2860556494f233", "expiration": null, "is_active": 1 }, { "id": 3254663067, "indicator": "b8e7b21b1c7ab8c222d1b789c11caf211a4c443d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1339067", "description": "SHA1 of 7af04a468de09c519681dcb0bd77030b", "expiration": null, "is_active": 1 }, { "id": 3360565746, "indicator": "ba2b8502837366848b0b7bf7d02b0903f330f469", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Plugx.L!dha", "description": "SHA1 of 2bd698ae474b18cf4748edd99bd6c9e7", "expiration": null, "is_active": 1 }, { "id": 3360565747, "indicator": "bd4c29fb11e9e818b27a782f6ffb1b06d7535f44", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 35947b085e4593ccf38a5eb26ca4d4cf", "expiration": null, "is_active": 1 }, { "id": 3360565748, "indicator": "bda73b2b3e3c26b7e27d6519c24a0e06e51a19a0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 45f5b2404eefe7672534bcd13466987d", "expiration": null, "is_active": 1 }, { "id": 2582708997, "indicator": "c6be8931dc7cdbea53c324f76e7f950996b3f26d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of 4a076785e9786324bb852dd5bc27f10b", "expiration": null, "is_active": 1 }, { "id": 3254663182, "indicator": "c96005437e3a6cf93a1edf9e1c329ac9c89aa05f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b18a316b2ce6e099fe7fbf69283cbc5e", "expiration": null, "is_active": 1 }, { "id": 2150337, "indicator": "cc3b6cafdbb88bd8dac122e73d3d0f067cf63091", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0b6845fbfa54511f21d93ef90f77c8de", "expiration": null, "is_active": 1 }, { "id": 3190220691, "indicator": "ce7e289812b1a84f274a7541cb1a7eb030815b16", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7f9692ba1a14c9c5ea97d6182f07051b", "expiration": null, "is_active": 1 }, { "id": 3254663187, "indicator": "cec24e1bec075432c2ef96e9f03927ecef759bde", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2005", "description": "SHA1 of 9fb73e749107447fccd5bb48627fd6a9", "expiration": null, "is_active": 1 }, { "id": 3190220692, "indicator": "d01174b574a9f921b2541a76249c40a41abefcee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 234257c192caa419d14096f104b03e06", "expiration": null, "is_active": 1 }, { "id": 1593570586, "indicator": "d16da0dc12aea0b64abd3871a794cd9af38f2db4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Posploi.A", "description": "SHA1 of 8a21337be17e1e921eeb4d1b9c1b4773", "expiration": null, "is_active": 1 }, { "id": 3254663071, "indicator": "da3ece27fd167fd4a7c7ba4c9c71c9ee84e7b8e8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0ad3ed5588eec7ba4988c8892a5c2946", "expiration": null, "is_active": 1 }, { "id": 3254663175, "indicator": "da7e3d4a030390e54f453de858d67b95cb6e9e5f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ca507b0dd178471e9cadf4ca313a67e3", "expiration": null, "is_active": 1 }, { "id": 3360565749, "indicator": "db94cdb261adc2134a6064edc42338c2f100b62c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of d1adc4f3a766b1bc55e3508c380c6d3d", "expiration": null, "is_active": 1 }, { "id": 10999534, "indicator": "de5672c7940e4fad3c8145ce9e8a5fcb1da0fcee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b3139b26a2dabb9b6e728884d8fa8b33", "expiration": null, "is_active": 1 }, { "id": 10993957, "indicator": "de5af856804974ba3df03928fff03447e8f4c9c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0c0a39e1cab4fc9896bdf5ef3c96a716", "expiration": null, "is_active": 1 }, { "id": 2688538985, "indicator": "de97ef30bacccf99461050331f4b568fe914c1c5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b332234f01ec229a03c0c60045f37072", "expiration": null, "is_active": 1 }, { "id": 10993958, "indicator": "df8f49a3fdf8a9d550b22d65d21a8006ff593ac4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3afa9243b3aeb534e02426569d85e517", "expiration": null, "is_active": 1 }, { "id": 3190220695, "indicator": "e113eaf3f50a796548a862df722799f9b98285d1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4840ee7971322e1a6da801643432b25f", "expiration": null, "is_active": 1 }, { "id": 3254663176, "indicator": "e36f671dd6e6bc5f447ec27acc074d95dc7fc9b2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of c1e5c46e4ef284f2922bb458c9ba3ce2", "expiration": null, "is_active": 1 }, { "id": 2416212445, "indicator": "e39e05358407baad3000b5772a103db9ef6149d7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 93a4328e1e347447044146b53972cd37", "expiration": null, "is_active": 1 }, { "id": 2688538979, "indicator": "ebb6f0ba5554926811b2dcb324201de8e5602146", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of b4bea824c539785dedb83c8599c90255", "expiration": null, "is_active": 1 }, { "id": 3190220696, "indicator": "eeda8e053837212a402baf438630d3ae4bddd33e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA1 of 726788726dfb19231c6fc9c83ee2f392", "expiration": null, "is_active": 1 }, { "id": 3190220699, "indicator": "f13ea2f9ec5442f10f16eece7850e912a0763cbc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of 1c3fe3ec1148fa72c18e2fcc3cdb354f", "expiration": null, "is_active": 1 }, { "id": 3190220700, "indicator": "f14bb7baf803f5d44b8130fd374b1ca81edede97", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 5f3b25e36f6c6637eb08dcca1c3a8ed6", "expiration": null, "is_active": 1 }, { "id": 2302294670, "indicator": "f162ca373442e0e66a10432bc711e20e4cfcf1a0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of 1b50e838babcd80ab95cff14bdf22a69", "expiration": null, "is_active": 1 }, { "id": 3254663072, "indicator": "f1675aa95ef6761522173f80989f4de4440b4d5f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3dca6cbf1981ab987987966228d95e55", "expiration": null, "is_active": 1 }, { "id": 3190220705, "indicator": "f8c7b5fdc4ebac469c958bdc2a6a5f69460204d4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 53c8096033db54e5ec3d5eb9ac080fc4", "expiration": null, "is_active": 1 }, { "id": 3190220847, "indicator": "f8d6aecbb210e7f860e4760b82cac66e5b55ff0c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA1 of 354b40f155beefcac3a41c2ffabbf6c8", "expiration": null, "is_active": 1 }, { "id": 3360565750, "indicator": "f9aa6f2f3baa4b93e227d3698dc95f82cc7040cc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA1 of 7bee1d0709169e07db6182e65dc50b60", "expiration": null, "is_active": 1 }, { "id": 3360565751, "indicator": "fe906d8fa97b41df64344b688471f8489fff5ac0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 184dd07bc91cc915aebf157a8b28066d", "expiration": null, "is_active": 1 }, { "id": 537843, "indicator": "012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 429f5048462fd037e3ad7f8a211004c6", "expiration": null, "is_active": 1 }, { "id": 1598883355, "indicator": "01f8b2524a0322e2e32b9725155685e20bac5c111d2d253d1a60639faf616b2f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 35947b085e4593ccf38a5eb26ca4d4cf", "expiration": null, "is_active": 1 }, { "id": 1294676580, "indicator": "033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_OpCloudHopper_Malware_3", "description": "SHA256 of 686bb59ea637fb3af214c8c21761cda8", "expiration": null, "is_active": 1 }, { "id": 1598883356, "indicator": "06a07e78b844910886c95d493c0a23cbe3f27422a436afde35f6bbb1ed8fe620", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA256 of 726788726dfb19231c6fc9c83ee2f392", "expiration": null, "is_active": 1 }, { "id": 1598883358, "indicator": "091c4c37d3666c0d82ea58d536b96bc4fbf5c2d4be99116139fe5bd5eced479c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.24465-1", "description": "SHA256 of 588f58afc2298e6b31e44ebc86aee104", "expiration": null, "is_active": 1 }, { "id": 1598883360, "indicator": "0ba8f399daf0e85789ac415274ef578e528dd2d68f3dc70e18243c34d18f276e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 55b8690c0aae4e500e645d5f49ce5a13", "expiration": null, "is_active": 1 }, { "id": 1598883362, "indicator": "0d6fe94c8b4bab0b4fc5bea4f0ba93a44e7695c1a46377e60da251fac9b7b74a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA256 of 7bee1d0709169e07db6182e65dc50b60", "expiration": null, "is_active": 1 }, { "id": 3360565752, "indicator": "0d9b14ee7ece5b54a6fb0a0de9af9e556d6364a9f84e78a6b120fd96957a16ee", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9ee1d2df2abe915b84980af9675f4180", "expiration": null, "is_active": 1 }, { "id": 3254663174, "indicator": "104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 16ab92cc9a5d40cf0e3fa01fed0dd80f", "expiration": null, "is_active": 1 }, { "id": 1636610853, "indicator": "12dc5c7b9c08f0654f31c274ba84c39af5ab8514b762a07b7b48439323f85bcd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d1adc4f3a766b1bc55e3508c380c6d3d", "expiration": null, "is_active": 1 }, { "id": 1569304743, "indicator": "133a6da1230b2842655f511c2d6a498bdcd6e531277754655fe992456bec3b71", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ca507b0dd178471e9cadf4ca313a67e3", "expiration": null, "is_active": 1 }, { "id": 1294676596, "indicator": "180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0ad3ed5588eec7ba4988c8892a5c2946", "expiration": null, "is_active": 1 }, { "id": 2150312, "indicator": "19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 75500bb4143a052795ec7d2e61ac3261", "expiration": null, "is_active": 1 }, { "id": 1294676598, "indicator": "1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 13cdd0d9f222a47589c5c71fa3ac2cbe", "expiration": null, "is_active": 1 }, { "id": 2708537, "indicator": "1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1339067", "description": "SHA256 of 7af04a468de09c519681dcb0bd77030b", "expiration": null, "is_active": 1 }, { "id": 3360565753, "indicator": "1fbff7f86bb1bed28a7c25553ad525bbdc14ea8a77620d53d87160eaa8f4607d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA256 of ae3c3741c6fc6fe9bafae5fd352e58f7", "expiration": null, "is_active": 1 }, { "id": 1598883365, "indicator": "21b717aec3c02bc57adb465aae610e9a7fe1b889321b373c2808187eade50397", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 82f926009c06dfa452714608da21cb77", "expiration": null, "is_active": 1 }, { "id": 1598883366, "indicator": "21bc328ed8ae81151e7537c27c0d6df6d47ba8909aebd61333e32155d01f3b11", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b332234f01ec229a03c0c60045f37072", "expiration": null, "is_active": 1 }, { "id": 1636610881, "indicator": "27edf822ce1c97b6421c5811efacf614fe7966d490db419378dfb4af467e55e7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Poison.CD", "description": "SHA256 of 3160654955f818072f6f8a8782e0f16f", "expiration": null, "is_active": 1 }, { "id": 2708564, "indicator": "2893e1ee82d3354a8c9dae8fad81975ca8599eacfb7926502b15d79757dff536", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "BC.Legacy.Exploit.CVE_2010_3333-5", "description": "SHA256 of 3d83df756cc1e575755a7a3a8d9d8afc", "expiration": null, "is_active": 1 }, { "id": 1598883368, "indicator": "28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 007f5599898ab9013672226b4c5f57e1", "expiration": null, "is_active": 1 }, { "id": 1598883369, "indicator": "299bc5eea940440c65fc4aadeeb2336b75db250c5f9d4ef3447dc32b70e89256", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2685d8eb6009fd7f03956928f08071de", "expiration": null, "is_active": 1 }, { "id": 2150305, "indicator": "2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c1cb28327d3364768d1c1e4ce0d9bc07", "expiration": null, "is_active": 1 }, { "id": 2708566, "indicator": "2ddcb1dc466e22388485118bcf3089014348881c4d315aca452c6bb44b6c7bee", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a32468828c12657497cddf57190f5700", "expiration": null, "is_active": 1 }, { "id": 1598883374, "indicator": "30ed11afe657695c221d2623bae7ae4e6361998c54b4655f4970cf069f65da22", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0506cf6d4e86c9ad1d4ea985f43582c6", "expiration": null, "is_active": 1 }, { "id": 2150325, "indicator": "312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d1bab4a30f2889ad392d17573302f097", "expiration": null, "is_active": 1 }, { "id": 2150308, "indicator": "316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0c0a39e1cab4fc9896bdf5ef3c96a716", "expiration": null, "is_active": 1 }, { "id": 1598883375, "indicator": "328e16b06dcd881c190f073fe9b3edcd94330bec8419ae2626403ab2cfe28243", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 59a3ff3496740ceea97ff70a980bc3ae", "expiration": null, "is_active": 1 }, { "id": 1598883377, "indicator": "343699abfca6e7cca993f99d085ce7169a73095c0ff473d0be401acd9673216f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 45f5b2404eefe7672534bcd13466987d", "expiration": null, "is_active": 1 }, { "id": 1597037142, "indicator": "34fad20789823d98f153a187dd315b8e9037db9a366a9473597348c468275bd9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9a8c76271210324d97a232974ca0a6a3", "expiration": null, "is_active": 1 }, { "id": 1598883378, "indicator": "35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 076ec3aa6b0cb93e7d4cd607f3ced946", "expiration": null, "is_active": 1 }, { "id": 1569304742, "indicator": "37b2ec1ef108536132a493ac21bda5557f6f2b3e5dbf4a0779d43af66884737a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of c1e5c46e4ef284f2922bb458c9ba3ce2", "expiration": null, "is_active": 1 }, { "id": 1598883379, "indicator": "3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 83448fc10f297a6968aeda7c02b09051", "expiration": null, "is_active": 1 }, { "id": 2708540, "indicator": "3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 583ab1678588b754899b9d2c58f20aa2", "expiration": null, "is_active": 1 }, { "id": 1598883381, "indicator": "3a3f50f69463fce29e3560e5eddcbc1366da47938d180c0930e53ea22d7385b2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 0b87f38f9151ef81e07c2cdd8a602335", "expiration": null, "is_active": 1 }, { "id": 1598883382, "indicator": "3a7f2746838d785a45a9fd3b02829f7f5dd3d0ec122d6be69fd1ba7225454910", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of c578b8db3869d92482fc77eeedf41eb0", "expiration": null, "is_active": 1 }, { "id": 1598883383, "indicator": "3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 72f50a28656fa65b6d770af89ed82d69", "expiration": null, "is_active": 1 }, { "id": 1598883384, "indicator": "3ba35e0c61597852e9e3636f33432f040684a50e7b70e5ee4febccebc24b3f55", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 5f3b25e36f6c6637eb08dcca1c3a8ed6", "expiration": null, "is_active": 1 }, { "id": 1598883385, "indicator": "3c93f21e96a82a41ccb27cd1a9742b346f2294fced71736869761aaf95c829f5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of 1b50e838babcd80ab95cff14bdf22a69", "expiration": null, "is_active": 1 }, { "id": 1636610908, "indicator": "3ccd3ae38824b0b4794d0fbe6a1d50e5340ae060ef748246705efb24cad5e314", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of d4398f6f7ba070b6cdee7204f6862bd9", "expiration": null, "is_active": 1 }, { "id": 1598883386, "indicator": "3d03a48e83f31ca6bf4385cbcb61602f77adeec83d69a999f94bb09774f3430c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of 9af4c1e5bb81bf2df607653fcc25915a", "expiration": null, "is_active": 1 }, { "id": 3254663183, "indicator": "3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b18a316b2ce6e099fe7fbf69283cbc5e", "expiration": null, "is_active": 1 }, { "id": 1636610914, "indicator": "3de4f547b6ef69c9d60c1670d9dc93807eafeb15ffcf510fb1142b552b7214e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of 1c3fe3ec1148fa72c18e2fcc3cdb354f", "expiration": null, "is_active": 1 }, { "id": 1569304744, "indicator": "3ef397c75107adbbe179cd889735f8934a580971981cd42b404dd00330bedb61", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 08a268a4c473f9920b254a6b6fc62548", "expiration": null, "is_active": 1 }, { "id": 1598883387, "indicator": "3f908cdc830a589b02ed6eaccd20a371fb2e9ea85ec300aca0e9f76705da8ac7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of bd64660692b84e2b6fcb25d02cecbbcb", "expiration": null, "is_active": 1 }, { "id": 1294676627, "indicator": "446bbb96cf8518d60d652ba8df0bbaa78f5a23ac1abdfc93d0182d3bcb06bf4e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 53c8096033db54e5ec3d5eb9ac080fc4", "expiration": null, "is_active": 1 }, { "id": 1636610917, "indicator": "44a700a18b4cf050bfde1f9218b822bb37c770d16431052bf827f2544cd51ec0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 433f5dc5546d98cc9e4597b342df31cf", "expiration": null, "is_active": 1 }, { "id": 2663225, "indicator": "44a7bea8a08f4c2feb74c6a00ff1114ba251f3dc6922ea5ffab9e749c98cbdce", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4f505ca0ea4540e6662def1c1ddadd03", "expiration": null, "is_active": 1 }, { "id": 1598883389, "indicator": "48c6e04e72dfd0df816c4d44dc7a1cdc64c704d34be8b8e6c23a1500927f4b97", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA256 of 15faecbbc412a7c3bd1049d77bc7618b", "expiration": null, "is_active": 1 }, { "id": 1598883390, "indicator": "4994822460df6734a914406bd1c6cae1cda6dba631d5914c23ceb169f0311643", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Rbot-EUH", "description": "SHA256 of 37a5d27d49385f4e8edb94ad83b38164", "expiration": null, "is_active": 1 }, { "id": 1598883391, "indicator": "49e9a0249c3c4290e51953225efb6ef2c384e75c0489ff1e835f16b78d29a62f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-14191", "description": "SHA256 of 494e65cf21ad559fccf3dacdd69acc94", "expiration": null, "is_active": 1 }, { "id": 1636610930, "indicator": "4a1c9b93147e641b5655fa4caae238aa5d9ec22048f64b7e5a875ff14d7f4162", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4840ee7971322e1a6da801643432b25f", "expiration": null, "is_active": 1 }, { "id": 2262138, "indicator": "4b024f439385e7c1e850801526c58c9de201645a82b543f52e8b46c465c6f94a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.9442646-1", "description": "SHA256 of 2d1e048030c27e2d57f0448df78142f6", "expiration": null, "is_active": 1 }, { "id": 3190220848, "indicator": "4bd85bd7b7c293fa95ed3ce78704badb0a762f90818c63451b941e9c530b2583", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7f9692ba1a14c9c5ea97d6182f07051b", "expiration": null, "is_active": 1 }, { "id": 1294676635, "indicator": "4cc5c6bd9984ba49dde35639667ffa758d58b5e15a51c51e019c0a5aa6cc2a40", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 312d49a05b6effe1f2ef2775c13b4382", "expiration": null, "is_active": 1 }, { "id": 1636611027, "indicator": "4f7684e8a44267d4f954681a0840fb4d8b125684c13c5593c4b73795b3787154", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of 354b40f155beefcac3a41c2ffabbf6c8", "expiration": null, "is_active": 1 }, { "id": 2150314, "indicator": "4ff6a97d06e2e843755be8697f3324be36e1ebeb280bb45724962ce4b6710297", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6f5648ea4ca8a65c36c328c5ae8ac096", "expiration": null, "is_active": 1 }, { "id": 8633544, "indicator": "5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b3139b26a2dabb9b6e728884d8fa8b33", "expiration": null, "is_active": 1 }, { "id": 1636611032, "indicator": "53229d2ef14689e5888298bb89704d3dc62232480d4d60adeb6504044cc53c67", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA256 of 1d3ebced0619f8e399a91735a05cf617", "expiration": null, "is_active": 1 }, { "id": 1598883394, "indicator": "53aa3c17646509eccf1701ffbe01236bb7487bb661d680a03c933a08240ff20d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 250495a936dd186b689438aab3cea65b", "expiration": null, "is_active": 1 }, { "id": 2663234, "indicator": "5412cddde0a2f2d78ec9de0f9a02ac2b22882543c9f15724ebe14b3a0bf8cbda", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8ece7de82e1bdd4659a122c06ea9533e", "expiration": null, "is_active": 1 }, { "id": 2657050311, "indicator": "550a0aad89af313026de29f2d99308923ecd9e4ddb686271f7a35840ff1ffe8b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Pincav-2543", "description": "SHA256 of 4d3c31e95879ca85caadaad0c91974e3", "expiration": null, "is_active": 1 }, { "id": 1598883397, "indicator": "5765f755db1cfb449ba22bafec5b646aebabddb51430a00cf02493aa522ab248", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 79e5a1d9adad4d64c8f5be2eb8345605", "expiration": null, "is_active": 1 }, { "id": 2708561, "indicator": "583f72102c90cca921e1d3607be04a916192ad60431c9f1f156d1bad526b8e92", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9ee006601c5ee9f6f1992ec38fed63f6", "expiration": null, "is_active": 1 }, { "id": 2708569, "indicator": "590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ac725400d9a5fe832dd40a1afb2951f8", "expiration": null, "is_active": 1 }, { "id": 2150324, "indicator": "5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3afa9243b3aeb534e02426569d85e517", "expiration": null, "is_active": 1 }, { "id": 1598883399, "indicator": "5b4028728d8011a2003b7ce6b9ec663dd6a60b7adcc20e2125da318e2d9e13f4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of b4bea824c539785dedb83c8599c90255", "expiration": null, "is_active": 1 }, { "id": 1598883400, "indicator": "5ba23fd19bc743eb0139f661e0c4521fd1c131628664bd0b6617eeb8fedc8237", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 234257c192caa419d14096f104b03e06", "expiration": null, "is_active": 1 }, { "id": 1636611049, "indicator": "5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 93a4328e1e347447044146b53972cd37", "expiration": null, "is_active": 1 }, { "id": 1636611050, "indicator": "5bb956a9ae970bde4b273f33fc2424882174c0c70205dc191b2dd479a218a947", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2a92aff566d6b1253e5c63336c32df73", "expiration": null, "is_active": 1 }, { "id": 2708545, "indicator": "5c7efef3d8e3c13913f261425fb503df05d6246362c88c25ce2d41622fd58aef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Inject-7350", "description": "SHA256 of bd1ae82185d3eb0a8c8c615e710240ac", "expiration": null, "is_active": 1 }, { "id": 1598883401, "indicator": "5d731406a57beb742a69105397a9db85f5cfccf38a2cb939e45d0e0309281d5b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of a1d0f8895052b60c4d2860556494f233", "expiration": null, "is_active": 1 }, { "id": 2708560, "indicator": "5e57aed3bf9d7625ed853f40cc59c2e0c872ca7b9b63cf7d252b5bb106c806bf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 9a014c33f9a9958ffbcf99d2a71d52fe", "expiration": null, "is_active": 1 }, { "id": 3190220849, "indicator": "61cb44173b89652524fedbe975b7a43614aacf107b492edf3e3407a7e70d1cb0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 233368858a54e5f41f28dbbb7b9bb245", "expiration": null, "is_active": 1 }, { "id": 3190220850, "indicator": "6235eb409e3f1e47191e46005f8c49ff0ca8c6fb0a94c96829f38ace16090527", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 5e8d1e8518d10893eab0b1b1ebb6c97d", "expiration": null, "is_active": 1 }, { "id": 2663219, "indicator": "6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0f6b00b0c5a26a5aa8942ae356329945", "expiration": null, "is_active": 1 }, { "id": 1598883402, "indicator": "643c66aba4481abfa7f5201653f3383c114b00e06b4242e94931598ab0bcb51d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 8d6b6e023b4221bae8ed37bb18407516", "expiration": null, "is_active": 1 }, { "id": 2663232, "indicator": "6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c0c8dcc9dad39da8278bf8956e30a3fc", "expiration": null, "is_active": 1 }, { "id": 2708567, "indicator": "677cbeea7c87e4e03da87d71137897b200e2b0170950ddc958a72c09674b1685", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov171", "description": "SHA256 of 4a076785e9786324bb852dd5bc27f10b", "expiration": null, "is_active": 1 }, { "id": 2708532, "indicator": "67d5a5e1f737776f077a886fdf984b0cee6478dddfd9fa65619dc9b8bcdd1a35", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 17b8e6ac3830ad58afe1a70df4319fae", "expiration": null, "is_active": 1 }, { "id": 1598883405, "indicator": "68399ae5728856c8b2a8419572648dbfd68ebe5f25c2c80130c7796800f03f34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6b27330b779541ae8f3de7a491a19d8f", "expiration": null, "is_active": 1 }, { "id": 1598883406, "indicator": "68ddf05f1381260be8208ef9dcc15c506b5874ec40c4c1e1f7f72c2d303c5bef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 11ea8d8dd0ffde8285f3c0049861a442", "expiration": null, "is_active": 1 }, { "id": 16317657, "indicator": "6d910cd88c712beac63accbc62d510820f44f630b8281ee8b39382c24c01c5fe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0b6845fbfa54511f21d93ef90f77c8de", "expiration": null, "is_active": 1 }, { "id": 1294676656, "indicator": "6de873f013f846403cacf6adf867b5b84c56adfd28c1242dd0e8ebaa22a6487b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1a14bd60f4c49d1aebd245968a3a654f", "expiration": null, "is_active": 1 }, { "id": 1294676658, "indicator": "715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3dca6cbf1981ab987987966228d95e55", "expiration": null, "is_active": 1 }, { "id": 2708553, "indicator": "7186b669182e1a690044375cff136682cbef09f481ee6f5d4d0fd2f043e68480", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c870ce1cbc120f74059e5f1bb1f76040", "expiration": null, "is_active": 1 }, { "id": 1636611081, "indicator": "72d40c0fa8f179c2917455df6d1ae7ab7736e71ce5752955dc58da18310ebb8c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of 841dfe3eaafe68cc0b989fbf55a34c9c", "expiration": null, "is_active": 1 }, { "id": 16317547, "indicator": "73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of ac0ff4bad83350b7dde27af8728a469f", "expiration": null, "is_active": 1 }, { "id": 1598883411, "indicator": "737d2fbf51c72f4642056bbb0bee8e04259ee1a0cc4174549cfae11faac7e6f8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of a1942d1cc7552387393b91a14c9a3d73", "expiration": null, "is_active": 1 }, { "id": 3254663188, "indicator": "74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2005", "description": "SHA256 of 9fb73e749107447fccd5bb48627fd6a9", "expiration": null, "is_active": 1 }, { "id": 2708571, "indicator": "759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 62898b77bd9e8e286d6bc760f3e28981", "expiration": null, "is_active": 1 }, { "id": 2150318, "indicator": "75ef6ea0265d2629c920a6a1c0d1dd91d3c0eda86445c7d67ebb9b30e35a2a9f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Posploi.A", "description": "SHA256 of 8a21337be17e1e921eeb4d1b9c1b4773", "expiration": null, "is_active": 1 }, { "id": 1636611087, "indicator": "7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Plugx.L!dha", "description": "SHA256 of 2bd698ae474b18cf4748edd99bd6c9e7", "expiration": null, "is_active": 1 }, { "id": 2663222, "indicator": "76721d08b83aae945aa00fe69319f896b92c456def4df5b203357cf443074c03", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 19417f7551bc54db6783823325557773", "expiration": null, "is_active": 1 }, { "id": 1598883412, "indicator": "7cf636ef15ffdfec2f4d5209880183d0c44103d6557eced172124fd993a6d967", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 184dd07bc91cc915aebf157a8b28066d", "expiration": null, "is_active": 1 }, { "id": 2663214, "indicator": "7eeaa97d346bc3f8090e5b742f42e8900127703420295279ac7e04d06ebe0a04", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 667989ffa5e77943f3384e78adf93510", "expiration": null, "is_active": 1 }, { "id": 3360565920, "indicator": "608a2b076bdd7f7c94e4b09203c6509593d4282b", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_10 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-57-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"001b8f696b6576798517168cd0a0fb44\" \n \t\t hash2= \"007f5599898ab9013672226b4c5f57e1\" \n \t\t hash3= \"01468a69ca8676b51a357676e0856c88\" \n \t\t hash4= \"018509c1165817d4b0a3e728eab41ea0\" \n \t\t hash5= \"0232172544079ff42890db4fd248cc11\" \n \t\t hash6= \"0506cf6d4e86c9ad1d4ea985f43582c6\" \n \t\t hash7= \"05138bd38f7c63313cb72b4ed5c241fa\" \n \t\t hash8= \"05c974fa1e5c11e472706f98c9923f61\" \n \t\t hash9= \"076ec3aa6b0cb93e7d4cd607f3ced946\" \n \t\t hash10= \"07abd6583295061eac2435ae470eff78\" \n \t\t hash11= \"08709f35581e0958d1ca4e50b7d86dba\" \n \t\t hash12= \"08a268a4c473f9920b254a6b6fc62548\" \n \t\t hash13= \"08f10881e2c57eb6f7368b7c06735826\" \n \t\t hash14= \"0921d7b4bf06276f4f59c85eb240da29\" \n \t\t hash15= \"098bfd5c1e7a5cf9f914c09abacb58f9\" \n \t\t hash16= \"0ad3ed5588eec7ba4988c8892a5c2946\" \n \t\t hash17= \"0b6845fbfa54511f21d93ef90f77c8de\" \n \t\t hash18= \"0b87f38f9151ef81e07c2cdd8a602335\" \n \t\t hash19= \"0c0a39e1cab4fc9896bdf5ef3c96a716\" \n \t\t hash20= \"0dc209a146d163f70a8f7d2a6cfd33e1\" \n \t\t hash21= \"0f6b00b0c5a26a5aa8942ae356329945\" \n \t\t hash22= \"102494d665b137bf91e902076f339185\" \n \t\t hash23= \"10c13a817bf7622b2359d1816be4c122\" \n \t\t hash24= \"11ea8d8dd0ffde8285f3c0049861a442\" \n \t\t hash25= \"13cdd0d9f222a47589c5c71fa3ac2cbe\" \n \t\t hash26= \"15faecbbc412a7c3bd1049d77bc7618b\" \n \t\t hash27= \"16ab92cc9a5d40cf0e3fa01fed0dd80f\" \n \t\t hash28= \"17b8e6ac3830ad58afe1a70df4319fae\" \n \t\t hash29= \"184dd07bc91cc915aebf157a8b28066d\" \n \t\t hash30= \"19417f7551bc54db6783823325557773\" \n \t\t hash31= \"19610f0d343657f6842d2045e8818f09\" \n \t\t hash32= \"1a14bd60f4c49d1aebd245968a3a654f\" \n \t\t hash33= \"1b50e838babcd80ab95cff14bdf22a69\" \n \t\t hash34= \"1b851bb23578033c79b8b15313b9c382\" \n \t\t hash35= \"1b891bc2e5038615efafabe48920f200\" \n \t\t hash36= \"1bc481cb01b205095c86174a171676d8\" \n \t\t hash37= \"1c3fe3ec1148fa72c18e2fcc3cdb354f\" \n \t\t hash38= \"1d0105cf8e076b33ed499f1dfef9a46b\" \n \t\t hash39= \"1d3ebced0619f8e399a91735a05cf617\" \n \t\t hash40= \"1ecbff1a46a8ec9a0c3ee45a390950a0\" \n \t\t hash41= \"200c06f1be562a09cafab07d22838767\" \n \t\t hash42= \"21567cce2c26e7543b977a205845ba77\" \n \t\t hash43= \"223d1396f2b5b7719702c980cbd1d6c0\" \n \t\t hash44= \"22d799e3fe58e5d10341080d370b683e\" \n \t\t hash45= \"233368858a54e5f41f28dbbb7b9bb245\" \n \t\t hash46= \"234257c192caa419d14096f104b03e06\" \n \t\t hash47= \"23d03ee4bf57de7087055b230dae7c5b\" \n \t\t hash48= \"24c2661aece1c089aa57c6efa7380e9d\" \n \t\t hash49= \"250495a936dd186b689438aab3cea65b\" \n \t\t hash50= \"251a5361efa82fb66e0832cc2de63b93\" \n \t\t hash51= \"257b3ed1145c25e3e67f83f61a637034\" \n \t\t hash52= \"25a11276aa992478f4c21c64ee409b35\" \n \t\t hash53= \"25a2bb2eda3c432a4c1ce481d9ceb2e6\" \n \t\t hash54= \"2685d8eb6009fd7f03956928f08071de\" \n \t\t hash55= \"26c7326f4449c1337fc42e43ca0790dd\" \n \t\t hash56= \"291976ba47cec4b3c0e31cbc50ab1923\" \n \t\t hash57= \"2a92aff566d6b1253e5c63336c32df73\" \n \t\t hash58= \"2b7db3f35255c34676570dcff88cc7b3\" \n \t\t hash59= \"2bd698ae474b18cf4748edd99bd6c9e7\" \n \t\t hash60= \"2d1e048030c27e2d57f0448df78142f6\" \n \t\t hash61= \"312d49a05b6effe1f2ef2775c13b4382\" \n \t\t hash62= \"3160654955f818072f6f8a8782e0f16f\" \n \t\t hash63= \"32d85825a7f627cdf8070a379b6b464f\" \n \t\t hash64= \"354b40f155beefcac3a41c2ffabbf6c8\" \n \t\t hash65= \"35947b085e4593ccf38a5eb26ca4d4cf\" \n \t\t hash66= \"37a5d27d49385f4e8edb94ad83b38164\" \n \t\t hash67= \"37c89f291dbe880b1f3ac036e6b9c558\" \n \t\t hash68= \"392f15c431c00f049bb1282847d8967f\" \n \t\t hash69= \"3afa9243b3aeb534e02426569d85e517\" \n \t\t hash70= \"3cbb5664d70bbe62f19ee28f26f21d7e\" \n \t\t hash71= \"3d83df756cc1e575755a7a3a8d9d8afc\" \n \t\t hash72= \"3dca6cbf1981ab987987966228d95e55\" \n \t\t hash73= \"40ae680e0f9cf3ae344ad97c55723aa9\" \n \t\t hash74= \"429f5048462fd037e3ad7f8a211004c6\" \n \t\t hash75= \"42c6e38375e46075eb1abd7a41ae15c5\" \n \t\t hash76= \"433f5dc5546d98cc9e4597b342df31cf\" \n \t\t hash77= \"45f5b2404eefe7672534bcd13466987d\" \n \t\t hash78= \"472b1710794d5c420b9d921c484ca9e8\" \n \t\t hash79= \"4840ee7971322e1a6da801643432b25f\" \n \t\t hash80= \"492c9ea17e215053db1c214bb369684f\" \n \t\t hash81= \"494e65cf21ad559fccf3dacdd69acc94\" \n \t\t hash82= \"4a076785e9786324bb852dd5bc27f10b\" \n \t\t hash83= \"4b7cc736e85f6c2d128a78c69280f12c\" \n \t\t hash84= \"4d3c31e95879ca85caadaad0c91974e3\" \n \t\t hash85= \"4d449395552584ef28c7dea47e54cb30\" \n \t\t hash86= \"4d4ecaa074e5bab3ecc0c68de10687e5\" \n \t\t hash87= \"4e6bf299554a356e91e9d230014075fc\" \n \t\t hash88= \"4f505ca0ea4540e6662def1c1ddadd03\" \n \t\t hash89= \"50b03a4d7ff45c2d8724de1292c1b8f4\" \n \t\t hash90= \"52f6a991feb2785451d66b49f287e588\" \n \t\t hash91= \"531a86012f2250e97a75323b9b64d63a\" \n \t\t hash92= \"53c8096033db54e5ec3d5eb9ac080fc4\" \n \t\t hash93= \"55b8690c0aae4e500e645d5f49ce5a13\" \n \t\t hash94= \"578b17334312f81934adfed048ffdafd\" \n \t\t hash95= \"583ab1678588b754899b9d2c58f20aa2\" \n \t\t hash96= \"584f13c639ecf696781515a593234deb\" \n \t\t hash97= \"58553dcf4f13b6ec1dde8ba2a58ec8e9\" \n \t\t hash98= \"588f58afc2298e6b31e44ebc86aee104\" \n \t\t hash99= \"59a3ff3496740ceea97ff70a980bc3ae\" \n \t\t hash100= \"5a78974df88ab6a67bb72a5c7a437fb2\" \n \t\t hash101= \"5b425dcf90df36706bcdd21438d6d32a\" \n \t\t hash102= \"5c5401fd7d32f481570511c73083e9a1\" \n \t\t hash103= \"5e0091c529d7d43f803c2cfff5de28d7\" \n \t\t hash104= \"5e8d1e8518d10893eab0b1b1ebb6c97d\" \n \t\t hash105= \"5ed1cb6e270a66d593478ebfefd7213d\" \n \t\t hash106= \"5ef46462597297547be10a6ac9a28247\" \n \t\t hash107= \"5f3b25e36f6c6637eb08dcca1c3a8ed6\" \n \t\t hash108= \"6285cba13fc5c2538e31c7f2529c7069\" \n \t\t hash109= \"62898b77bd9e8e286d6bc760f3e28981\" \n \t\t hash110= \"667989ffa5e77943f3384e78adf93510\" \n \t\t hash111= \"684888079aaf7ed25e725b55a3695062\" \n \t\t hash112= \"686bb59ea637fb3af214c8c21761cda8\" \n \t\t hash113= \"69f8ac18b047aa0c70eaf982fa1e483c\" \n \t\t hash114= \"6a3b8d24c125f3a3c7cff526e63297f3\" \n \t\t hash115= \"6b27330b779541ae8f3de7a491a19d8f\" \n \t\t hash116= \"6f3d15cf788e28ca504a6370c4ff6a1e\" \n \t\t hash117= \"6f5648ea4ca8a65c36c328c5ae8ac096\" \n \t\t hash118= \"6fea7954ab3d31414946d95e72f3152c\" \n \t\t hash119= \"6ff16afc92ce09acd2e3890b780efd86\" \n \t\t hash120= \"726788726dfb19231c6fc9c83ee2f392\" \n \t\t hash121= \"72f50a28656fa65b6d770af89ed82d69\" \n \t\t hash122= \"75500bb4143a052795ec7d2e61ac3261\" \n \t\t hash123= \"7891f00dcab0e4a2f928422062e94213\" \n \t\t hash124= \"78c309be8437e7c1d2dd3f12d7c034c8\" \n \t\t hash125= \"79e5a1d9adad4d64c8f5be2eb8345605\" \n \t\t hash126= \"7af04a468de09c519681dcb0bd77030b\" \n \t\t hash127= \"7bee1d0709169e07db6182e65dc50b60\" \n \t\t hash128= \"7f9692ba1a14c9c5ea97d6182f07051b\" \n \t\t hash129= \"7fe3e44991c645642119fcc683bd62df\" \n \t\t hash130= \"80fa12d221adba53b8e7f9514960f945\" \n \t\t hash131= \"82f926009c06dfa452714608da21cb77\" \n \t\t hash132= \"8312e9bd38f9116214d32c5a829e9529\" \n \t\t hash133= \"83448fc10f297a6968aeda7c02b09051\" \n \t\t hash134= \"841dfe3eaafe68cc0b989fbf55a34c9c\" \n \t\t hash135= \"84e767032054e0c2fef5764fb60679f4\" \n \t\t hash136= \"850a7e877d8e68188714ff5344f6fc15\" \n \t\t hash137= \"8a21337be17e1e921eeb4d1b9c1b4773\" \n \t\t hash138= \"8a93859e5f7079d6746832a3a22ff65c\" \n \t\t hash139= \"8af979b96c28131f394e267c6210ba91\" \n \t\t hash140= \"8c9e843d62ff89f15c25517eff02497b\" \n \t\t hash141= \"8d6b6e023b4221bae8ed37bb18407516\" \n \t\t hash142= \"8ece7de82e1bdd4659a122c06ea9533e\" \n \t\t hash143= \"923c0e5dec753e3b7eb6d8f441a7206f\" \n \t\t hash144= \"93a4328e1e347447044146b53972cd37\" \n \t\t hash145= \"95da3987c6ebd2646e90b7c2a42c19a7\" \n \t\t hash146= \"99d33c40d22a14f90dd6cdb1d639163b\" \n \t\t hash147= \"9a014c33f9a9958ffbcf99d2a71d52fe\" \n \t\t hash148= \"9a8c76271210324d97a232974ca0a6a3\" \n \t\t hash149= \"9af4c1e5bb81bf2df607653fcc25915a\" \n \t\t hash150= \"9da42d0bce9f5dbf22d33df77c561bda\" \n \t\t hash151= \"9df608f5bd1e6d2cac11950cf8a75a80\" \n \t\t hash152= \"9ed1164f4f6a337cde2ba6e7c72730cf\" \n \t\t hash153= \"9ee006601c5ee9f6f1992ec38fed63f6\" \n \t\t hash154= \"9ee1d2df2abe915b84980af9675f4180\" \n \t\t hash155= \"9fb73e749107447fccd5bb48627fd6a9\" \n \t\t hash156= \"a07fea56b45d0d1ebb6df4589e750464\" \n \t\t hash157= \"a1942d1cc7552387393b91a14c9a3d73\" \n \t\t hash158= \"a1d0f8895052b60c4d2860556494f233\" \n \t\t hash159= \"a2768b46a48c72e6f183c99333c14ff6\" \n \t\t hash160= \"a32468828c12657497cddf57190f5700\" \n \t\t hash161= \"a50c5ba8a92c7b199ac9e20a815d9e69\" \n \t\t hash162= \"a75bea992cef46c1a4ee5146150540aa\" \n \t\t hash163= \"a79f96647c4ca5527e56057d5173ab47\" \n \t\t hash164= \"ab57a44d58dad47314048c8b3ccff60b\" \n \t\t hash165= \"ac0ff4bad83350b7dde27af8728a469f\" \n \t\t hash166= \"ac725400d9a5fe832dd40a1afb2951f8\" \n \t\t hash167= \"ac86c256b30534d5ede4a0df1019507e\" \n \t\t hash168= \"ae3c3741c6fc6fe9bafae5fd352e58f7\" \n \t\t hash169= \"aed6ec002370818ddab2ca164a6b4e18\" \n \t\t hash170= \"b0649c1f7fb15796805ca983fd8f95a3\" \n \t\t hash171= \"b0f541cd6bff77de916e58d493f54b10\" \n \t\t hash172= \"b18a316b2ce6e099fe7fbf69283cbc5e\" \n \t\t hash173= \"b2dfe6d3be38cef08e9a3141ca3599c0\" \n \t\t hash174= \"b3139b26a2dabb9b6e728884d8fa8b33\" \n \t\t hash175= \"b332234f01ec229a03c0c60045f37072\" \n \t\t hash176= \"b34402586a077b7ed11b44d042c7aabf\" \n \t\t hash177= \"b4bea824c539785dedb83c8599c90255\" \n \t\t hash178= \"babd8cd2f24c809fedec1a5642b5fe46\" \n \t\t hash179= \"bd1ae82185d3eb0a8c8c615e710240ac\" \n \t\t hash180= \"bd64660692b84e2b6fcb25d02cecbbcb\" \n \t\t hash181= \"bdd054de9e710830ac04b6f076fc5f71\" \n \t\t hash182= \"c0c8dcc9dad39da8278bf8956e30a3fc\" \n \t\t hash183= \"c1cb28327d3364768d1c1e4ce0d9bc07\" \n \t\t hash184= \"c1e5c46e4ef284f2922bb458c9ba3ce2\" \n \t\t hash185= \"c2a07ca21ecad714821df647ada8ecaa\" \n \t\t hash186= \"c32c1cc761f92e60dd3d92f895ecd4db\" \n \t\t hash187= \"c5", "title": "", "description": "APTMalware_APT_10 Group", "expiration": null, "is_active": 1 }, { "id": 2656230215, "indicator": "http://www.slutsstuff.com", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "HTML document, ASCII text, with CRLF line terminators", "description": "8cf065293ca696f2560a8dde153a0ddd3144a32a9c3f10a82caf58d6e0b64c3c", "expiration": null, "is_active": 1 }, { "id": 1404541264, "indicator": "0295fb28f715a19e2b0c497b5dd55629", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Exploit-260", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657692, "indicator": "05d10323111f02233163a6742556c974", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540969, "indicator": "0753697172046fcfb03d6445fff1f093", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150426, "indicator": "07660a9b83b7fbc7ab372a911c69a85b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598953, "indicator": "0775a35e939a14a382b562c95845cb50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4804, "indicator": "08709ef0e3d467ce843af4deb77d74d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599167, "indicator": "0b78ad10bb56a3f69f13297e427806cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541183, "indicator": "0be02d5f66f84ebd03f362ad4b4a06e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-755694", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541017, "indicator": "0e0182694c381f8b68afc5f3ff4c4653", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540947, "indicator": "0ea4ccf2737f7095b367eda58e475e1f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541343, "indicator": "0ee0f7fd55843d1ef7c9d6396bbcb99b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541334, "indicator": "1270217794b67491365048584a27a5ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Generickd-618", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541023, "indicator": "14d779777af6eb7c556ae338b462c48d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657809, "indicator": "1528567b1a2f1da31d602ce1ddfd8918", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540940, "indicator": "16bb0f9d98eb7a832b6db1e92f4e4f1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541006, "indicator": "181a88c911b10d0fcb4682ae552c0de3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657776, "indicator": "18e64b8e5ce5bdd33ce8bd9e00af672c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541235, "indicator": "18edd6bc785e56990f6721cd553c24ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540955, "indicator": "19aca5da05ee8e5862e1d1ee50e84cec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4777, "indicator": "1a262a7bfecd981d7874633f41ea5de8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 4791, "indicator": "1a42acbdb285a7fba17f95068822ea4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541217, "indicator": "1a874e5ecd67dffab45e17e9b730daed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540979, "indicator": "1aa8a941ec22a3ffe32d079323a2e6c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930971, "indicator": "1c658719e6dedb929a6d85359c59682d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Agent-301636", "description": "", "expiration": null, "is_active": 1 }, { "id": 148558, "indicator": "1dde02ff744fa4e261168e2008fd613a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930956, "indicator": "1de51ec5d2b8466f0d424e1c8dcd6454", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657674, "indicator": "1e1b0d16a16cf5c7f3a7c053ce78f515", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 603904, "indicator": "1e417aa350346731f6e0c936d725f1a5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540987, "indicator": "209a4a102a977b698544c99d8236e9ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603800, "indicator": "20d86cb4ebbffb739faa47f7354ee134", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599047, "indicator": "210834cfcde3f416b82263c521eefa78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 605820, "indicator": "22a46be630c877e2885c51147de10863", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541225, "indicator": "23273a83bfd7aed10b9403e23a8bcba9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541190, "indicator": "2337a4fa99547eb0cf7600601ab44dda", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599032, "indicator": "2384eb7914fd9d8d11be72bb83046445", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541368, "indicator": "23d2592db15c251382706515cf4fd37e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930935, "indicator": "2530f54b87508e6f09a6bc5ab863b5db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599178, "indicator": "26e8b95dfbc6a8aafe40ab84b1d2ab5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmu-211", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541049, "indicator": "270ca8368cd4216b1813281d3efe485d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150116, "indicator": "27f3d0556c59e32791567a09236507d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540945, "indicator": "28f96a57fa5ff663926e9bad51a1d0cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657693, "indicator": "297ef5bf99b5e4fd413f3755ba6aad79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541219, "indicator": "2a998ce2750335079d73e6b2eb2bd011", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603877, "indicator": "2aa2a6e004159b9e3a590c63a0cc47b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657708, "indicator": "2ab25d33d61cf4cfbac92c26c7c0598e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541209, "indicator": "2bd46a980dde8eaa13e3defffb87e1e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-66", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541328, "indicator": "2c6a49568e1733b66ef9dd2fa659aedb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657806, "indicator": "2d87ab160291664d62445548a2164c60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540944, "indicator": "2d96b4c95152819a888deccf7ec965d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657725, "indicator": "2dcd049c591644e35102921a48799975", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599351, "indicator": "2e30fd352b659557b5da83dcba6195c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541012, "indicator": "2ef51f1ca11ce73fa20b54a5886ad1dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12837, "indicator": "3195110045f64a3c83fc3e043c46d253", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541375, "indicator": "335160cad23e28d4597c1546458042c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540546, "indicator": "33548f84763edb22ea6039dbbd064aeb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-54", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540541, "indicator": "33c87cf8895a81706ca582efd922601b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541187, "indicator": "345adb4594e3a2b02041c7e2b5fde46b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541243, "indicator": "351c913e4120081d8f04317121654a39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541196, "indicator": "35c6928790ce08309af997654ed6d719", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541239, "indicator": "3729a14be6b3a92265cf6d8e14c79abe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603791, "indicator": "37369a91ad462f1fac9004f3a86bb3ac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541205, "indicator": "37c394e3e15d211a050446bc90edac94", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657767, "indicator": "381691b297f7f5694709e21ad61ec645", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603864, "indicator": "39e1b41b4118f4ea3ce2119c054b29e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12842, "indicator": "3a04a5d7ed785daa16f4ebfd3acf0867", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541350, "indicator": "3a2ba475bf6a60dbe3ed59330c53c3f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540953, "indicator": "3a6b45a7c8fa74bc342b69e926079960", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541180, "indicator": "3adea70969f52d365c119b3d25619de9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541251, "indicator": "3c0ca0ab63a76dbf836725c95e2a5b7a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4786, "indicator": "3d3363598f87c78826c859077606e514", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149415, "indicator": "416db420e781c709bb71acee0b79282f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930966, "indicator": "423bb8914078a587d08b54d16bbd527c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12850, "indicator": "42ffc84c6381a18b1f6d000b94c74b09", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540992, "indicator": "43c012086c1ae0a67c38b0926d6cba3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657704, "indicator": "441ee6a307e672c24d334d66cd7b2e1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599097, "indicator": "45fb9f8733b3f0b26d38195b2c5ae54e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540553, "indicator": "4638a4e7faf5a9343551cc6e9668d143", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540965, "indicator": "4649609b8394283ec36ada132b02a0c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657718, "indicator": "48bbce47e4d2d51811ea99d5a771cd1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657754, "indicator": "4c6608203e751cf27f627220269d6835", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540733, "indicator": "4d3a94134aaf590ae8ece0a57257e129", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 147456, "indicator": "4f148ffeac50df60f9f9015b909d8ed0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541169, "indicator": "5080bc705217c614b9cbf67a679979a8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541213, "indicator": "50a56d98be79a1e6f04a1964e170a5d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540928, "indicator": "50bf9c6de53b7de6906c2d5ed6177c28", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 599398, "indicator": "51a96f279e790d2f861bb0ff843a7328", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930960, "indicator": "527537cc28705e01af8d8006ae8308a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599090, "indicator": "52c73a7801a186077ed27a4cb7c7f887", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541247, "indicator": "5400d3db044befebbc39087ee1fe9533", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 150963, "indicator": "556b9eca4a85f52e2f3176c306e18661", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541152, "indicator": "561017f887865b8d13f85c5474cdcbb8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599304, "indicator": "573b0f9dc06833bcfaea2147d28bcffc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4792, "indicator": "57a1f0658712ee7b3a724b6d07e97259", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540933, "indicator": "591a5ef38c1be504fbbc88219eb39692", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540537, "indicator": "59571740dcf8266c2205b901b6b489d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541229, "indicator": "5a7659b691a3caf107e6636d8906dcb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541028, "indicator": "5b4250a6bb4c6915ce962d489ee912d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540530, "indicator": "5bc3b701819a4f2004b000d7db4b1b63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541348, "indicator": "5dabff44971cc53bef7d8e17e85dda73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541207, "indicator": "608b22fcd2d067730176e335d3c6454b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541043, "indicator": "612fba96383a5098c26fe1a222e1e755", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603781, "indicator": "61c6d0076ee4187f9ec31841aa645d42", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4808, "indicator": "62c4ce93050e48d623569c7dcc4d0278", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541019, "indicator": "6332176672744320e9fee2117b059193", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603862, "indicator": "6542cd548182d6adc08a63c942f9bc54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541373, "indicator": "6571a2d3892ca937697e96f8bb795e42", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540959, "indicator": "65c40b01a0870250fb358efc8b201192", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541249, "indicator": "6629b432266d78f9eb74d2d1a71d0d32", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmicduke-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 603803, "indicator": "664b149ae8469cbda7fd7ed48c7dc9b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598973, "indicator": "685d678b3ffd72fce3f8b48d82a76f60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541260, "indicator": "68f6d84ac9a28c2fea59ff5e04577911", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "", "expiration": null, "is_active": 1 }, { "id": 599197, "indicator": "69232da84dc7d9b2fdf1f1daade6eaae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930939, "indicator": "6942f1dfd61d231df8acb7ed0f6310c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540951, "indicator": "6a5a0ac42161333e9758589ecabed3c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541357, "indicator": "6d45f34e6d29391ee6f0e91bf344a7d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541355, "indicator": "6f5a73931c6c109bd6504a5ee0476ae7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541038, "indicator": "7040ee4cd4be4b84f8510c04663a2500", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541200, "indicator": "704381812f4cc3c5b3875ea33232c842", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12835, "indicator": "70f5574e4e7ad360f4f5c2117a7a1ca7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 169013, "indicator": "72512c49401bd3d04a8ef6c7a6475307", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2631153, "indicator": "738c60fff066934b6f33e368cfe9a88c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930980, "indicator": "73931351f883cff5dbdcc54cc4eb10a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541161, "indicator": "74593127f50abff5327b3f7038b456d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541383, "indicator": "75368a54b28acb89b2705b636ed5ec61", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit.PDF-22607", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540985, "indicator": "75457cc94b1d1dfa3f5d1aedc2edb044", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541202, "indicator": "75c97ca9b085411af1860523c3c884b5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541253, "indicator": "75d15f552aba5ed0df80ec2c16ab683e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4790, "indicator": "7688be226b946e231e0cd36e6b708d20", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599106, "indicator": "78c6245367e6ef00ca76b8106eb73816", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630868, "indicator": "78e51be60eab2c6e952c9538a46ab521", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541361, "indicator": "7ad50c9e4a4bab73bba38860906220b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4796, "indicator": "7f6bca4f08c63e597bed969f5b729c56", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603824, "indicator": "8019dea970331823a504baaa90d3470f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540937, "indicator": "80a93e5dd3a3ea22f9a9af1547f797ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541041, "indicator": "810de1b9fa0a9396acae23dcd113a60d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657810, "indicator": "811f66d6dd2c713073c0b0aebbe74ce8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540528, "indicator": "823760d749db5f3f28c7d9366acd0f64", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657703, "indicator": "8282eb6d6f20c5de6e7f4ae3a42438d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 148504, "indicator": "837b522730ff896435682b36f7b27a3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4798, "indicator": "83f57f0116a3b3d69ef7b1dbe9943801", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541365, "indicator": "84137c8e7509a0e9cf7ff71ba060cdb5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149313, "indicator": "8473fae7fdae7ee5a8b0fb64ebb596c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540731, "indicator": "856b224da7525ea5192efbef7a9b8112", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4795, "indicator": "8670710bc9477431a01a576b6b5c1b2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541331, "indicator": "868915de8b23cfc87765525efbdb4fa0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630987, "indicator": "86ef8f5f62ae8590d6edf45e04806515", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599044, "indicator": "87f235c00e8c3960b264192621f594ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541346, "indicator": "8988f29396515f47de0457f9daa1dd62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598858, "indicator": "89b1e1c3c927f43d6d8108cf1422287a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540963, "indicator": "89b3cf1023825cc49efe59b06092dba1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599450, "indicator": "89c6c5439a2747d7f2a7305521dddcbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541142, "indicator": "8d3542af992b1de4cf1f587f61dddb50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598872, "indicator": "8dcd3cb1e615edbfade8c2d9d6ef4c67", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541245, "indicator": "8e5106565fd96df1308d208d1e3426a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598814, "indicator": "9003e1d69cd29280d2233c1634370c60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12853, "indicator": "9018fa0826f237342471895f315dbf39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4778, "indicator": "90bd910ee161b71c7a37ac642f910059", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603913, "indicator": "91a50a90cb31fad48908d5c6294e92ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541015, "indicator": "91aaf47843a34a9d8d1bb715a6d4acec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541223, "indicator": "925b37a936304a5914941ac4584e346c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4802, "indicator": "93176df76e351b3ea829e0e6c6832bdf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577409886, "indicator": "933b3c5d3728ef6e08af4ae579c00d11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657722, "indicator": "935892bb70d954efdc5ee1b0c5f97184", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 147571, "indicator": "964e4b516d72b7717aabb71ad7cc7bf6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540926, "indicator": "97886672cc570ba4a5d6a162e92d0155", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4806, "indicator": "98a6484533fa12a9ba6b1bd9df1899dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540973, "indicator": "9993445521ca03ac3a693625b5ca1f36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4797, "indicator": "9ad55b83f2eec0c19873a770b0c86a2f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541256, "indicator": "9d95c8f09f991a5fc37b79c45ebd2043", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603823, "indicator": "9dc3d5da2f68b4ed9336c5b78b955780", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4785, "indicator": "9e3f3b5e9ece79102d257e8cf982e09e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930932, "indicator": "9f13dc03904dbd45374acc2134477273", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540981, "indicator": "9f65e3b320ec91380ebc28d4fdff4895", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540555, "indicator": "a250c5ca9968e4ce2336462fc839bb90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12811, "indicator": "a25ec7749b2de12c2a86167afa88a4dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603883, "indicator": "a4008cf300fd22f470c38489da9e25cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657745, "indicator": "a4ad6b55b1bc9e16123de1388f6ef9bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540957, "indicator": "a4c77494cccb41aaa8849176bd58055e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150440, "indicator": "a4f3e00b3da3e9d9382840dfbdbef311", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657800, "indicator": "a58e8e935341b6f5cc1369c616de3765", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4799, "indicator": "a5d6ad8ad82c266fda96e076335a5080", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657712, "indicator": "a67ad3e2a020f690d892b727102a759b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12854, "indicator": "a9c045c401afb9766e2ca838dc6f47a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598903, "indicator": "ab24962ba63d32a62cefd3c68c54a2ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657787, "indicator": "ab2d8a0d5b03d40f148f2f907b55f9f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541377, "indicator": "ab7a66ed3c6de1b7449d6054a8b46d7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541004, "indicator": "ac7a22d1af180c21b0061b8d512586d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541173, "indicator": "acac7584d7dc066d27555997d0f6d6cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4803, "indicator": "acffb2823fc655637657dcbd25f35af8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599454, "indicator": "ad02edae5173d0b7ba39a3065c9d5d63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540975, "indicator": "af534ba7bfc624c76e718ceab3477118", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12845, "indicator": "b0a9a175e2407352214b2d005253bc0c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657798, "indicator": "b100d530d67cfbe76394bb0160567382", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541194, "indicator": "b2737204531a80c31bb30e9be9a1cc4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599298, "indicator": "b5304f94cd5baae6fb5dad19c2759d2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4775, "indicator": "b5553645fe819a93aafe2894da13dae7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 268974757, "indicator": "b59199877e0d68a5e93fc8ea76374ed1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540971, "indicator": "b602adb677d0560601e7668eaf158605", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657812, "indicator": "b68677e04fcc9103560bb0a5e5c7303f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657697, "indicator": "b798c968cbfd53f878e13c7698610d9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657716, "indicator": "b8088f6594dd8cba31b4f52a2d91f40e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599216, "indicator": "b84a148f40c3a694b930c5374f7a90cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540729, "indicator": "b8690064dc61333c591252c4204fbbb3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657689, "indicator": "b8e89f9908262b5385623c0e39d6b940", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599309, "indicator": "baffad69d3ce95853a6db80711b74a38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598921, "indicator": "bc304fb92a79bab73b75772427d14ffa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541025, "indicator": "bd52b2a371ff397c90b891b7a4f04c66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598790, "indicator": "bf839cb54473c333b2c151ad627eb39f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 151145, "indicator": "bfd2d6bf8e99332157a0fe46a4a91c52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540942, "indicator": "c0f27bcdede7fe36664770dfe9f84044", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540561, "indicator": "c166d00faa2baf4851e51e46933461dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657749, "indicator": "c519eef57001ad3ae60cdcb0009bf778", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540543, "indicator": "c728dc7b8b9cf927a8c3aa29a1e935b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657775, "indicator": "c786a4cdfe08dbe7c64972a14669c4d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541381, "indicator": "c8cab28e550f60468099f60a0b6ccb81", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4807, "indicator": "c8eb6040fd02d77660d19057a38ff769", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657684, "indicator": "c92252487615d5379317febc22dba7d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541352, "indicator": "cb8624999aa959b873e9bdb60ee65c0f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540949, "indicator": "ccb6d74a8577ca44ca56cfc7fa6332b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599457, "indicator": "cce1577e03093dcf195449d208e544d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541231, "indicator": "cd012e8f5340d2e148d2c2cbac4270a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599152, "indicator": "cf2041ddfdc177b863a23ab7ade78043", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2630959, "indicator": "cf59ed2b5473281cc2e083eba3f4b662", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540938, "indicator": "d1ce79089578da2d41f1ad901f7b1014", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541258, "indicator": "d22c02dafb1ee0ef8d4ea90ac48a6988", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540967, "indicator": "d26ff50f81e76dffd1382fbf16783b47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657710, "indicator": "d2f39019bfa05c7e71748d0624be9a94", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 14089, "indicator": "d3109c83e07dd5d7fe032dc80c581d08", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540935, "indicator": "d33e91246924adb5edc97ceae8a60084", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599237, "indicator": "d34c6d5875f5d2aab929d1f7ce968860", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541198, "indicator": "d47b25667effc0f88ab460c6edeecc55", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4794, "indicator": "d543904651b180fd5e4dc1584e639b5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541010, "indicator": "d5a82520ebf38a0c595367ff0ca89fae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541215, "indicator": "d729fbb50665932fe529f7073acca9c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4783, "indicator": "d7af9a4010c75af6756a603fd6aef5a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603905, "indicator": "d824cbf08604dea9724ab8e707bb9fec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599286, "indicator": "db159b7a543cf0c0b84f00bd982482fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540961, "indicator": "db9ccc6fa0f7605f39d93487fbaba866", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603765, "indicator": "dc6cc442c0900104a5601a6049354fad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541233, "indicator": "dc92eba92885f2e937cb6f694647eb71", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540535, "indicator": "ddeeebb34da3deea82ea1f4ff4c894a5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930929, "indicator": "ded2f80457aaefe1a80a9cefd1f4645d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603814, "indicator": "dee4b9c620a390be143a79f555225c85", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603822, "indicator": "dffcd7f930f8874dc9f5115d0ae50b57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12844, "indicator": "e00bf9b8261410744c10ae3fe2ce9049", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540734, "indicator": "e163d9a91f97f133b0e3f2bbe4dc226a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 603890, "indicator": "e175be029dd2b78c059278a567b3ada1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657823, "indicator": "e1a659473ae1e828508309b77da13783", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540977, "indicator": "e1db6b72ec26311b175663b7d88e3c00", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566131, "indicator": "e268e5c53da8361d4f7b6a884d7dfc8a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 605895, "indicator": "e315436c42e681962a8e174ef7fad480", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541363, "indicator": "e36d73c6c8e832b7955c442b484472e5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541048, "indicator": "e48fb57ce3d9c56ca3cf6c4aed8ad0ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540999, "indicator": "e8510a7ae4919a3fcedad985fbbca352", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2930973, "indicator": "e863737773f64498091cd775c7abde66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657795, "indicator": "e990e0d1ee90cd10c4be7bfde6cc3e5a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4787, "indicator": "eb22b99d44223866e24872d80a4ddefd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541175, "indicator": "edf7a81dab0bf0520bfb8204a010b730", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540996, "indicator": "f02da961eb7b87b41aee5fd9537022f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541021, "indicator": "f0a6436ffee12558a434a0fc24b3b33f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541359, "indicator": "f1583641033d66873ed1604e2f1bea1b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4776, "indicator": "f16dff8ec8702518471f637eb5313ab2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657747, "indicator": "f19345e0e5aecc0da45b4c110591bdd9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541241, "indicator": "f22606385080d35551e7f8e8f49b7de9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541177, "indicator": "f239e79e87f09000c247ff7e91ab9603", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540931, "indicator": "f23a89f3b7b6fa1312e6a10ede4e23a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4788, "indicator": "f2b05e6b01be3b6cb14e9068e7a66fc1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149393, "indicator": "f338e21422eca3a52239089f821519d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4781, "indicator": "f58a4369b8176edbde4396dc977c9008", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 599243, "indicator": "f5cc1c0c90fb89e4b4fc048c5a03b46f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541192, "indicator": "f611f8b0655a8980cf71a252536c7a5a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404540558, "indicator": "f7367f89d23e17d036a53662cc82882b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541033, "indicator": "f78f1359fcf04e89e3bb0fbdf74c1e05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541379, "indicator": "f81f858335b253d4708fbdfa6ca92ee9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598856, "indicator": "fa3b44b8a4a2a2b473cd5d934d1ec4bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 598942, "indicator": "fa52383868abf82d027b971e799a599a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404541370, "indicator": "fc0e380447be2bbdf9f06fc3358f8648", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 4793, "indicator": "fd8e27f820bdbdf6cb80a46c67fd978a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149276, "indicator": "ff83dad77ac2b526849930f1860dfd3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150508, "indicator": "ffb407dc2b20357302a4550a73f6c342", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2657763, "indicator": "ffefe16d581340c1e49f585a576a1fd8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5136, "indicator": "04aefbf1527536159d72d20dea907cbd080793e3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1a42acbdb285a7fba17f95068822ea4e", "expiration": null, "is_active": 1 }, { "id": 44794, "indicator": "073faad9c18dbe0e0285b2747eae0c629e56830c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1aa8a941ec22a3ffe32d079323a2e6c4", "expiration": null, "is_active": 1 }, { "id": 44826, "indicator": "0cf68d706c38ab112e0b667498c24626aec730f6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2e30fd352b659557b5da83dcba6195c0", "expiration": null, "is_active": 1 }, { "id": 44766, "indicator": "0d8f41fe09dbd75ab953f9e64a6cdbbbc198bf2b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0ee0f7fd55843d1ef7c9d6396bbcb99b", "expiration": null, "is_active": 1 }, { "id": 44764, "indicator": "0e020c03fffabc6d20eca67f559c46b4939bb4f4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 83f57f0116a3b3d69ef7b1dbe9943801", "expiration": null, "is_active": 1 }, { "id": 44860, "indicator": "0e263d80c46d5a538115f71e077a6175168abc5c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA1 of 78e51be60eab2c6e952c9538a46ab521", "expiration": null, "is_active": 1 }, { "id": 44725, "indicator": "103c37f6276059a5ff47117b7f638013ccffe407", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 74593127f50abff5327b3f7038b456d2", "expiration": null, "is_active": 1 }, { "id": 44790, "indicator": "10b31a17449705be20890ddd8ad97a2feb093674", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3a04a5d7ed785daa16f4ebfd3acf0867", "expiration": null, "is_active": 1 }, { "id": 44761, "indicator": "11b5cfb37efb45d2c721cbf20cab7c1f5c1aa44b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 51a96f279e790d2f861bb0ff843a7328", "expiration": null, "is_active": 1 }, { "id": 44731, "indicator": "15c75472f160f082f6905d57a98de94c026e2c56", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA1 of 738c60fff066934b6f33e368cfe9a88c", "expiration": null, "is_active": 1 }, { "id": 44738, "indicator": "17df96e423320ddfb7664413bf562a6b1aaef9d4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 210834cfcde3f416b82263c521eefa78", "expiration": null, "is_active": 1 }, { "id": 44739, "indicator": "1ce049522c4df595a1c4c9e9ca24be72dc5c6b28", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Generickd-618", "description": "SHA1 of 1270217794b67491365048584a27a5ed", "expiration": null, "is_active": 1 }, { "id": 44852, "indicator": "1df78a1dc0aa3382fcc6fac172b70aafd0ed8d3d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 39e1b41b4118f4ea3ce2119c054b29e8", "expiration": null, "is_active": 1 }, { "id": 44781, "indicator": "207be5648c0a2e48be98dc4dc1d5d16944189219", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 14d779777af6eb7c556ae338b462c48d", "expiration": null, "is_active": 1 }, { "id": 44881, "indicator": "25b6c73124f11f70474f2687ad1de407343ac025", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6332176672744320e9fee2117b059193", "expiration": null, "is_active": 1 }, { "id": 44910, "indicator": "25e0af331b8e9fed64dc0df71a2687be348100e8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0753697172046fcfb03d6445fff1f093", "expiration": null, "is_active": 1 }, { "id": 44929, "indicator": "28a43eac3be1b96c68a1e7463ae91367434a2ac4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 297ef5bf99b5e4fd413f3755ba6aad79", "expiration": null, "is_active": 1 }, { "id": 44823, "indicator": "2a13ae3806de8e2c7adba6465c4b2a7bb347f0f5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 561017f887865b8d13f85c5474cdcbb8", "expiration": null, "is_active": 1 }, { "id": 44896, "indicator": "2ceae0f5f3efe366ebded0a413e5ea264fbf2a33", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 441ee6a307e672c24d334d66cd7b2e1a", "expiration": null, "is_active": 1 }, { "id": 13169, "indicator": "2f53bfcd2016d506674d0a05852318f9e8188ee1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 07660a9b83b7fbc7ab372a911c69a85b", "expiration": null, "is_active": 1 }, { "id": 5172, "indicator": "32b0c8c46f8baaba0159967c5602f58dd73ebde9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0e0182694c381f8b68afc5f3ff4c4653", "expiration": null, "is_active": 1 }, { "id": 44836, "indicator": "365f61c7886ca82bfdf8ee19ce0f92c4f7d0901e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Exploit-260", "description": "SHA1 of 0295fb28f715a19e2b0c497b5dd55629", "expiration": null, "is_active": 1 }, { "id": 44803, "indicator": "383fc3c218b9fb0d4224d69af66caf09869b4c73", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2384eb7914fd9d8d11be72bb83046445", "expiration": null, "is_active": 1 }, { "id": 44933, "indicator": "3f4a5bf72a15b7a8638655b24eb3359e229b9aea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "SHA1 of 8019dea970331823a504baaa90d3470f", "expiration": null, "is_active": 1 }, { "id": 44717, "indicator": "412d488e88deef81225d15959f48479fc8d387b3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 335160cad23e28d4597c1546458042c4", "expiration": null, "is_active": 1 }, { "id": 44724, "indicator": "416d1035168b99cc8ba7227d4c7c3c6bc1ce169a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA1 of 811f66d6dd2c713073c0b0aebbe74ce8", "expiration": null, "is_active": 1 }, { "id": 44759, "indicator": "42429d0c0cade08cfe4f72dcd77892b883e8a4bc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4649609b8394283ec36ada132b02a0c6", "expiration": null, "is_active": 1 }, { "id": 44726, "indicator": "45ee9aa9f8ef3a9cc0b4b250766e7a9368a30934", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 573b0f9dc06833bcfaea2147d28bcffc", "expiration": null, "is_active": 1 }, { "id": 13171, "indicator": "476099ea132bf16fa96a5f618cb44f87446e3b02", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 27f3d0556c59e32791567a09236507d9", "expiration": null, "is_active": 1 }, { "id": 44732, "indicator": "47f26990d063c947debbde0e10bd267fb0f32719", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 42ffc84c6381a18b1f6d000b94c74b09", "expiration": null, "is_active": 1 }, { "id": 13167, "indicator": "4800d67ea326e6d037198abd3d95f4ed59449313", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8473fae7fdae7ee5a8b0fb64ebb596c1", "expiration": null, "is_active": 1 }, { "id": 5149, "indicator": "49fb759d133eeaab3fcc78cec64418e44ed649ab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 08709ef0e3d467ce843af4deb77d74d5", "expiration": null, "is_active": 1 }, { "id": 44722, "indicator": "4a9875f646c5410f8317191ef2a91f934ce76f57", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "SHA1 of 68f6d84ac9a28c2fea59ff5e04577911", "expiration": null, "is_active": 1 }, { "id": 44758, "indicator": "4ec769c15a9e318d41fd4a1997ec13c029976fc2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 05d10323111f02233163a6742556c974", "expiration": null, "is_active": 1 }, { "id": 44938, "indicator": "4fd46c30fb1b6f5431c12a38430d684ed1ff5a75", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 75d15f552aba5ed0df80ec2c16ab683e", "expiration": null, "is_active": 1 }, { "id": 44853, "indicator": "50f8ea7eb685656c02a83420b3910d14ac588c8b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit.PDF-22607", "description": "SHA1 of 75368a54b28acb89b2705b636ed5ec61", "expiration": null, "is_active": 1 }, { "id": 5186, "indicator": "5150174a4d5e5bb0bccc568e82dbb86406487510", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2ef51f1ca11ce73fa20b54a5886ad1dd", "expiration": null, "is_active": 1 }, { "id": 44901, "indicator": "52164782fc9f8a2a6c4be2b9cd000e4a60a860ed", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-54", "description": "SHA1 of 33548f84763edb22ea6039dbbd064aeb", "expiration": null, "is_active": 1 }, { "id": 44841, "indicator": "5295b09592d5a651ca3f748f0e6401bd48fe7bda", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6571a2d3892ca937697e96f8bb795e42", "expiration": null, "is_active": 1 }, { "id": 44937, "indicator": "541816260c71535cfebc743b9e2770a3a601acdf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmicduke-3", "description": "SHA1 of 6629b432266d78f9eb74d2d1a71d0d32", "expiration": null, "is_active": 1 }, { "id": 44856, "indicator": "558f1d400be521f8286b6a51f56d362d64278132", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 5400d3db044befebbc39087ee1fe9533", "expiration": null, "is_active": 1 }, { "id": 44747, "indicator": "6483ed51bd244c7b2cf97db62602b19c27fa3059", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1e417aa350346731f6e0c936d725f1a5", "expiration": null, "is_active": 1 }, { "id": 44821, "indicator": "65681390d203871e9c21c68075dbf38944e782e8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6542cd548182d6adc08a63c942f9bc54", "expiration": null, "is_active": 1 }, { "id": 44786, "indicator": "658db78c0ce62e08e86b51988a222b5fb5fbb913", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA1 of 18edd6bc785e56990f6721cd553c24ad", "expiration": null, "is_active": 1 }, { "id": 44880, "indicator": "694fa03160d50865dce0c35227dc97ffa1acfa48", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6942f1dfd61d231df8acb7ed0f6310c4", "expiration": null, "is_active": 1 }, { "id": 13163, "indicator": "6a3c2ad9919ad09ef6cdffc80940286814a0aa2c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 50bf9c6de53b7de6906c2d5ed6177c28", "expiration": null, "is_active": 1 }, { "id": 44806, "indicator": "6b0721a9ced806076f84e828d9c65504a77d106c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 57a1f0658712ee7b3a724b6d07e97259", "expiration": null, "is_active": 1 }, { "id": 44889, "indicator": "6b0b8ad038c7ae2efbad066b8ba22de859b81f98", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7ad50c9e4a4bab73bba38860906220b6", "expiration": null, "is_active": 1 }, { "id": 44755, "indicator": "6b3b42f584b6dc1e0a7b0e0c389f1fbe040968aa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 65c40b01a0870250fb358efc8b201192", "expiration": null, "is_active": 1 }, { "id": 44867, "indicator": "7371eecafbaeefd0dc5f4dd5737f745586133f59", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 45fb9f8733b3f0b26d38195b2c5ae54e", "expiration": null, "is_active": 1 }, { "id": 44907, "indicator": "7631f1db92e61504596790057ce674ee90570755", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 20d86cb4ebbffb739faa47f7354ee134", "expiration": null, "is_active": 1 }, { "id": 44815, "indicator": "78d1c1e11ebae22849bccb3eb154ec986d992364", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 23273a83bfd7aed10b9403e23a8bcba9", "expiration": null, "is_active": 1 }, { "id": 5169, "indicator": "78e9960cc5819583fb98fb619b33bff7768ee861", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 181a88c911b10d0fcb4682ae552c0de3", "expiration": null, "is_active": 1 }, { "id": 44918, "indicator": "7b3652f8d51bf74174e1e5364dbbf901a2ebcba1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 19aca5da05ee8e5862e1d1ee50e84cec", "expiration": null, "is_active": 1 }, { "id": 44858, "indicator": "7d871a2d467474178893cd017e4e3e04e589c9a0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3a6b45a7c8fa74bc342b69e926079960", "expiration": null, "is_active": 1 }, { "id": 44883, "indicator": "7efd300efed0a42c7d1f568e309c45b2b641f5c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6a5a0ac42161333e9758589ecabed3c6", "expiration": null, "is_active": 1 }, { "id": 44807, "indicator": "84ba6b6a0a3999c0932f35298948f149ee05bc02", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 70f5574e4e7ad360f4f5c2117a7a1ca7", "expiration": null, "is_active": 1 }, { "id": 44787, "indicator": "88b7ead7c0bf8b3d8a54b4a9c8871f44d1577ce7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 664b149ae8469cbda7fd7ed48c7dc9b6", "expiration": null, "is_active": 1 }, { "id": 44838, "indicator": "8aa9f5d426428ec360229f4cb9f722388f0e535c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA1 of 1a874e5ecd67dffab45e17e9b730daed", "expiration": null, "is_active": 1 }, { "id": 44846, "indicator": "909d369c42125e84e0650f7e1183abe740486f58", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 423bb8914078a587d08b54d16bbd527c", "expiration": null, "is_active": 1 }, { "id": 44840, "indicator": "926046f0c727358d1a6fbdd6ff3e28bc67d5e2f6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-66", "description": "SHA1 of 2bd46a980dde8eaa13e3defffb87e1e0", "expiration": null, "is_active": 1 }, { "id": 44715, "indicator": "9700c8a41a929449cfba6567a648e9c5e4a14e70", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 608b22fcd2d067730176e335d3c6454b", "expiration": null, "is_active": 1 }, { "id": 44839, "indicator": "97c62e04b0ce401bd338224cdd58f5943f47c8de", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 37c394e3e15d211a050446bc90edac94", "expiration": null, "is_active": 1 }, { "id": 44905, "indicator": "9a277a63e41d32d9af3eddea1710056be0d42347", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0ea4ccf2737f7095b367eda58e475e1f", "expiration": null, "is_active": 1 }, { "id": 44827, "indicator": "a10f2dc5dbdbf1a11ebe4c3e59a4c0e5d14bcc8a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 33c87cf8895a81706ca582efd922601b", "expiration": null, "is_active": 1 }, { "id": 44720, "indicator": "a32817e9ff07bc69974221d9b7a9b980fa80b677", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1528567b1a2f1da31d602ce1ddfd8918", "expiration": null, "is_active": 1 }, { "id": 44721, "indicator": "a421e0758f1007527fec4d72fa2668da340554c9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 75c97ca9b085411af1860523c3c884b5", "expiration": null, "is_active": 1 }, { "id": 44808, "indicator": "a74eceea45207a6b46f461d436b73314b2065756", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 704381812f4cc3c5b3875ea33232c842", "expiration": null, "is_active": 1 }, { "id": 44832, "indicator": "aa7cf4f1269fa7bca784a18e5cecab962b901cc2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA1 of 22a46be630c877e2885c51147de10863", "expiration": null, "is_active": 1 }, { "id": 44926, "indicator": "b14b9241197c667f00f86d096d71c47d6fa9aca6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6d45f34e6d29391ee6f0e91bf344a7d0", "expiration": null, "is_active": 1 }, { "id": 44898, "indicator": "b3873d2c969d224b0fd17b5f886ea253ac1bfb5b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2d96b4c95152819a888deccf7ec965d6", "expiration": null, "is_active": 1 }, { "id": 44733, "indicator": "bbe24aa5e554002f8fd092fc5af7747931307a15", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmu-211", "description": "SHA1 of 26e8b95dfbc6a8aafe40ab84b1d2ab5e", "expiration": null, "is_active": 1 }, { "id": 5197, "indicator": "bdd2bae83c3bab9ba0c199492fe57e70c6425dd3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 416db420e781c709bb71acee0b79282f", "expiration": null, "is_active": 1 }, { "id": 5209, "indicator": "bf265227f9a8e22ea1c0035ac4d2449ceed43e2b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1dde02ff744fa4e261168e2008fd613a", "expiration": null, "is_active": 1 }, { "id": 5135, "indicator": "bf9d3a45273608caf90084c1157de2074322a230", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 43c012086c1ae0a67c38b0926d6cba3f", "expiration": null, "is_active": 1 }, { "id": 44814, "indicator": "c17ad20e3790ba674e3fe6f01b9c10270bf0f0e4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Agent-301636", "description": "SHA1 of 1c658719e6dedb929a6d85359c59682d", "expiration": null, "is_active": 1 }, { "id": 44932, "indicator": "c2b5aff3435a7241637f288fedef722541c4dad8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 345adb4594e3a2b02041c7e2b5fde46b", "expiration": null, "is_active": 1 }, { "id": 44920, "indicator": "c671786abd87d214a28d136b6bafd4e33ee66951", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2aa2a6e004159b9e3a590c63a0cc47b3", "expiration": null, "is_active": 1 }, { "id": 44870, "indicator": "ccb29875222527af4e58b9dd8994c3c7ef617fd8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-755694", "description": "SHA1 of 0be02d5f66f84ebd03f362ad4b4a06e6", "expiration": null, "is_active": 1 }, { "id": 44770, "indicator": "cce5b3a2965c500de8fa75e1429b8be5aa744e14", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 16bb0f9d98eb7a832b6db1e92f4e4f1a", "expiration": null, "is_active": 1 }, { "id": 44935, "indicator": "cd50170a70b9cc767aa4b21a150c136cb25fbd44", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2530f54b87508e6f09a6bc5ab863b5db", "expiration": null, "is_active": 1 }, { "id": 44855, "indicator": "cd7116fc6a5fa170690590e161c7589d502bd6a7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "SHA1 of 37369a91ad462f1fac9004f3a86bb3ac", "expiration": null, "is_active": 1 }, { "id": 44775, "indicator": "cdcfac3e9d60aae54586b30fa5b99f180839deed", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7040ee4cd4be4b84f8510c04663a2500", "expiration": null, "is_active": 1 }, { "id": 44750, "indicator": "d303a6ddd63ce993a8432f4daab5132732748843", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3adea70969f52d365c119b3d25619de9", "expiration": null, "is_active": 1 }, { "id": 44745, "indicator": "d7f7aef824265136ad077ae4f874d265ae45a6b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3195110045f64a3c83fc3e043c46d253", "expiration": null, "is_active": 1 }, { "id": 44783, "indicator": "de8e9def2553f4d211cc0b34a3972d9814f156aa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA1 of 1e1b0d16a16cf5c7f3a7c053ce78f515", "expiration": null, "is_active": 1 }, { "id": 13166, "indicator": "dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4d3a94134aaf590ae8ece0a57257e129", "expiration": null, "is_active": 1 }, { "id": 44713, "indicator": "dea73f04e52917dc71cc4e9d7592b6317e09a054", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7688be226b946e231e0cd36e6b708d20", "expiration": null, "is_active": 1 }, { "id": 5156, "indicator": "e0779ac6e5cc76e91fca71efeade2a5d7f099c80", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 209a4a102a977b698544c99d8236e9ca", "expiration": null, "is_active": 1 }, { "id": 44894, "indicator": "e09f283ade693ff89864f6ec9c2354091fbd186e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 80a93e5dd3a3ea22f9a9af1547f797ab", "expiration": null, "is_active": 1 }, { "id": 44802, "indicator": "e4add0b118113b2627143c7ef1d5b1327de395f1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA1 of 18e64b8e5ce5bdd33ce8bd9e00af672c", "expiration": null, "is_active": 1 }, { "id": 5203, "indicator": "e76da232ec020d133530fdd52ffcc38b7c1d7662", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 62c4ce93050e48d623569c7dcc4d0278", "expiration": null, "is_active": 1 }, { "id": 44872, "indicator": "e7720ab728cb18ea329c7dd7c9b7408e266c986b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "SHA1 of 5bc3b701819a4f2004b000d7db4b1b63", "expiration": null, "is_active": 1 }, { "id": 5155, "indicator": "e99a03ebe3462d2399f1b819f48384f6714dcba1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of 1a262a7bfecd981d7874633f41ea5de8", "expiration": null, "is_active": 1 }, { "id": 44874, "indicator": "edf74413a6e2763147184b5e1b8732537a854365", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8282eb6d6f20c5de6e7f4ae3a42438d2", "expiration": null, "is_active": 1 }, { "id": 44885, "indicator": "f1f1ace3906080cef52ca4948185b665d1d7b13e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 84137c8e7509a0e9cf7ff71ba060cdb5", "expiration": null, "is_active": 1 }, { "id": 44897, "indicator": "f2b4b1605360d7f4e0c47932e555b36707f287be", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 591a5ef38c1be504fbbc88219eb39692", "expiration": null, "is_active": 1 }, { "id": 44911, "indicator": "fbf290f6adad79ae9628ec6d5703e5ffb86cf8f1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 5080bc705217c614b9cbf67a679979a8", "expiration": null, "is_active": 1 }, { "id": 44737, "indicator": "fdc65f38f458ceddf5a5e3f4b44df7337a1fb415", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 823760d749db5f3f28c7d9366acd0f64", "expiration": null, "is_active": 1 }, { "id": 44921, "indicator": "fdfd9abbaafe0bee747c0f1d7963d903174359df", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 69232da84dc7d9b2fdf1f1daade6eaae", "expiration": null, "is_active": 1 }, { "id": 1404540978, "indicator": "0474111e44b9aa56d6e6024c6f278e915d57b7862ceb927672fc3417f76a3ba3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1aa8a941ec22a3ffe32d079323a2e6c4", "expiration": null, "is_active": 1 }, { "id": 1404541182, "indicator": "04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-755694", "description": "SHA256 of 0be02d5f66f84ebd03f362ad4b4a06e6", "expiration": null, "is_active": 1 }, { "id": 1404541162, "indicator": "05e4224d4dd4e5fbd381ed33edb5bf847fbc138fbe9f57cb7d1f8fc9fa9a382d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA256 of 78e51be60eab2c6e952c9538a46ab521", "expiration": null, "is_active": 1 }, { "id": 1404540983, "indicator": "099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 1a262a7bfecd981d7874633f41ea5de8", "expiration": null, "is_active": 1 }, { "id": 1404541333, "indicator": "0a013787f9c1731213059f2d8e1a7514f610783aaaea8fa5736063ab7793c0d7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Generickd-618", "description": "SHA256 of 1270217794b67491365048584a27a5ed", "expiration": null, "is_active": 1 }, { "id": 1404541234, "indicator": "38c0252f75b1c6b3980e40bb69cb932773a6e0b189fc8a80efc2dcb455209eab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA256 of 18edd6bc785e56990f6721cd553c24ad", "expiration": null, "is_active": 1 }, { "id": 1404540952, "indicator": "3af9cfb2797bed22e1d12970d068d794270a0f07d3f3dcfdcdb9abfc3a80e0f8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3a6b45a7c8fa74bc342b69e926079960", "expiration": null, "is_active": 1 }, { "id": 1404540991, "indicator": "3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 43c012086c1ae0a67c38b0926d6cba3f", "expiration": null, "is_active": 1 }, { "id": 1404540988, "indicator": "3f0ebe892ab87ea24db172ae96cfc216b591d3967821c9d2581a9e11faccde28", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7688be226b946e231e0cd36e6b708d20", "expiration": null, "is_active": 1 }, { "id": 545888, "indicator": "418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1dde02ff744fa4e261168e2008fd613a", "expiration": null, "is_active": 1 }, { "id": 545861, "indicator": "4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1a42acbdb285a7fba17f95068822ea4e", "expiration": null, "is_active": 1 }, { "id": 1404541145, "indicator": "4809c2c7fa19acfa011f97946205f979afb54ac2c166f48ab35a20cd9d53a2ca", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA256 of 811f66d6dd2c713073c0b0aebbe74ce8", "expiration": null, "is_active": 1 }, { "id": 1404540946, "indicator": "489d448514a3ddf30144cc1634e6623e529dd3aee54a050a920a3d4342b4b96a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0ea4ccf2737f7095b367eda58e475e1f", "expiration": null, "is_active": 1 }, { "id": 1404541181, "indicator": "4bc8280a99d07165055fabed11049d8da275f27f5d8cffc4ed10a68be2d0cb84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "SHA256 of 37369a91ad462f1fac9004f3a86bb3ac", "expiration": null, "is_active": 1 }, { "id": 548359, "indicator": "4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 416db420e781c709bb71acee0b79282f", "expiration": null, "is_active": 1 }, { "id": 1404540547, "indicator": "4e31304e1ea66c267b5882f9335a2384eea18a6617a49308846ce624b68e7489", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 573b0f9dc06833bcfaea2147d28bcffc", "expiration": null, "is_active": 1 }, { "id": 1404541220, "indicator": "4f9b6a88245f782d81e9eec9315b9444c83d68941f9fc23641e3909c8da9db9d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 664b149ae8469cbda7fd7ed48c7dc9b6", "expiration": null, "is_active": 1 }, { "id": 1404541206, "indicator": "4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 608b22fcd2d067730176e335d3c6454b", "expiration": null, "is_active": 1 }, { "id": 1404541216, "indicator": "51b4e69183f3d02124f3314cc64a7869425f053d8021c74c12f21d7c2afe2163", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA256 of 1a874e5ecd67dffab45e17e9b730daed", "expiration": null, "is_active": 1 }, { "id": 30285380, "indicator": "51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 50bf9c6de53b7de6906c2d5ed6177c28", "expiration": null, "is_active": 1 }, { "id": 1404540544, "indicator": "51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade61725fd124ba40f82", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 45fb9f8733b3f0b26d38195b2c5ae54e", "expiration": null, "is_active": 1 }, { "id": 1404540559, "indicator": "52ba22dc22f5a85f66e2a9a530a8f848eabeff19b02edda7a88c68f519bf91a8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2e30fd352b659557b5da83dcba6195c0", "expiration": null, "is_active": 1 }, { "id": 1404541332, "indicator": "52d1b5387739dcf6a68efb21e8ccf83b9b29fb29724091d7a8084d2315f81d80", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 39e1b41b4118f4ea3ce2119c054b29e8", "expiration": null, "is_active": 1 }, { "id": 1404541160, "indicator": "55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 74593127f50abff5327b3f7038b456d2", "expiration": null, "is_active": 1 }, { "id": 1404540964, "indicator": "567332c2a6813d529bcb9196102ad45eceb982143e9d2f326f02cec1511954b0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4649609b8394283ec36ada132b02a0c6", "expiration": null, "is_active": 1 }, { "id": 1404541039, "indicator": "56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2530f54b87508e6f09a6bc5ab863b5db", "expiration": null, "is_active": 1 }, { "id": 1404541382, "indicator": "5704c7e80eb4b35e05970558918f3268a9287cead8e20a63063ed4f231263f9a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit.PDF-22607", "description": "SHA256 of 75368a54b28acb89b2705b636ed5ec61", "expiration": null, "is_active": 1 }, { "id": 1404541259, "indicator": "5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "SHA256 of 68f6d84ac9a28c2fea59ff5e04577911", "expiration": null, "is_active": 1 }, { "id": 1404541339, "indicator": "620da58f80640661ccec202a3b20f138b8a0c9f374fb1fb5525dd3fe00ac5a8c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 51a96f279e790d2f861bb0ff843a7328", "expiration": null, "is_active": 1 }, { "id": 1404541140, "indicator": "62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 05d10323111f02233163a6742556c974", "expiration": null, "is_active": 1 }, { "id": 1404540732, "indicator": "80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4d3a94134aaf590ae8ece0a57257e129", "expiration": null, "is_active": 1 }, { "id": 1404541261, "indicator": "82670519b8d63d36967c611bc94659e5bff867837129ac93bcffe7589af46384", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Cosmu-200", "description": "SHA256 of 8019dea970331823a504baaa90d3470f", "expiration": null, "is_active": 1 }, { "id": 1404541236, "indicator": "8290b324f5cdb5c3ea17fa48a74bc11c856f0da0b049d07d9316d161f71f26a5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1e417aa350346731f6e0c936d725f1a5", "expiration": null, "is_active": 1 }, { "id": 1404541248, "indicator": "831267e0977becf098b5064aac6fd39b5f8e6fd975c06d4b8540cea71d402317", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmicduke-3", "description": "SHA256 of 6629b432266d78f9eb74d2d1a71d0d32", "expiration": null, "is_active": 1 }, { "id": 1404541201, "indicator": "85d75a3eddc2f849e1dee40b47629ea0d1e3a1da6ba3cd9078177bb61a63f4fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 75c97ca9b085411af1860523c3c884b5", "expiration": null, "is_active": 1 }, { "id": 1404540986, "indicator": "86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 209a4a102a977b698544c99d8236e9ca", "expiration": null, "is_active": 1 }, { "id": 1404541371, "indicator": "880ae80fdc874002a6d9c807802794d4a35c384551d73bb36277b2f1e63d67e2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6542cd548182d6adc08a63c942f9bc54", "expiration": null, "is_active": 1 }, { "id": 30285382, "indicator": "88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3195110045f64a3c83fc3e043c46d253", "expiration": null, "is_active": 1 }, { "id": 1404541011, "indicator": "89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2ef51f1ca11ce73fa20b54a5886ad1dd", "expiration": null, "is_active": 1 }, { "id": 1404540526, "indicator": "8b7427620d6537aa905727af48f7dec1e003a8b7c74d417f0a5ded7926a7d590", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 69232da84dc7d9b2fdf1f1daade6eaae", "expiration": null, "is_active": 1 }, { "id": 1404541372, "indicator": "8c6c57f7e9c81fcf194d17a752f8da4295fab5dad8eb79bd289256b9cdb7415e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6571a2d3892ca937697e96f8bb795e42", "expiration": null, "is_active": 1 }, { "id": 1404541129, "indicator": "8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1528567b1a2f1da31d602ce1ddfd8918", "expiration": null, "is_active": 1 }, { "id": 1404541188, "indicator": "910a016a7b6e0a76bc7ddf12f9135090e0b23d00c382d70084b46bea4bbbcae7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Cosmu-211", "description": "SHA256 of 26e8b95dfbc6a8aafe40ab84b1d2ab5e", "expiration": null, "is_active": 1 }, { "id": 1404541046, "indicator": "91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Agent-301636", "description": "SHA256 of 1c658719e6dedb929a6d85359c59682d", "expiration": null, "is_active": 1 }, { "id": 30285383, "indicator": "97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8473fae7fdae7ee5a8b0fb64ebb596c1", "expiration": null, "is_active": 1 }, { "id": 1404540556, "indicator": "98cd87a544ca06ae249e4f3c9790efbd63d8954e0ff695d2404e92f2383871bf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 210834cfcde3f416b82263c521eefa78", "expiration": null, "is_active": 1 }, { "id": 3015637, "indicator": "a1015f0b99106ae2852d740f366e15c1d5c711f57680a2f04be0283e8310f69e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA256 of 1e1b0d16a16cf5c7f3a7c053ce78f515", "expiration": null, "is_active": 1 }, { "id": 1404541252, "indicator": "a1176b60ca96cfeb37dde61bde935f645a64fabd8e300f072fc355434b711dcf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 75d15f552aba5ed0df80ec2c16ab683e", "expiration": null, "is_active": 1 }, { "id": 1404541005, "indicator": "a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 181a88c911b10d0fcb4682ae552c0de3", "expiration": null, "is_active": 1 }, { "id": 1404540527, "indicator": "a607fa51662afdc089dd3f80bf6863d4cc00a73d74d4ddb9d7b74ed1b0337bf1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 823760d749db5f3f28c7d9366acd0f64", "expiration": null, "is_active": 1 }, { "id": 548337, "indicator": "a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 70f5574e4e7ad360f4f5c2117a7a1ca7", "expiration": null, "is_active": 1 }, { "id": 1404541199, "indicator": "a7b230593aa43c701c30862d3054b4510ed1dea1fd5f219b1c3bc11321bab73b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 704381812f4cc3c5b3875ea33232c842", "expiration": null, "is_active": 1 }, { "id": 1404541342, "indicator": "a8200a476f72ef77f4cd6bd71ebae9f473e923b140600b9da0bbaf1f22e1cecb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0ee0f7fd55843d1ef7c9d6396bbcb99b", "expiration": null, "is_active": 1 }, { "id": 1404540943, "indicator": "ac9c7ac457a605ff836eb6fe127eabc7a251dd73ea0a1fa59a591de30fa75d3f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2d96b4c95152819a888deccf7ec965d6", "expiration": null, "is_active": 1 }, { "id": 1404541374, "indicator": "afbd1f13132c2f047861b2ea90c18d546a326dbfca4dfeffd8b4ebf852204275", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 335160cad23e28d4597c1546458042c4", "expiration": null, "is_active": 1 }, { "id": 1404541034, "indicator": "b1584a6f1059ad1c24bde2a9a8ae83ffc6679eb531d30f3f1c69f81e3a3819dc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA256 of 18e64b8e5ce5bdd33ce8bd9e00af672c", "expiration": null, "is_active": 1 }, { "id": 1404540545, "indicator": "b2417de25ad9e6bed08229561eb96d4f2e83ab63b4407c7601a0113ed193fe84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-54", "description": "SHA256 of 33548f84763edb22ea6039dbbd064aeb", "expiration": null, "is_active": 1 }, { "id": 3360566331, "indicator": "b3bf1b4415afcdda6b7fbe07302fab1d865d1dc8fc6b024c98366a633e0612cb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 27f3d0556c59e32791567a09236507d9", "expiration": null, "is_active": 1 }, { "id": 1404541022, "indicator": "b9ea2cc39808780ade1fe51287072e958448be7e3a7b32bfd48438453592018c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 14d779777af6eb7c556ae338b462c48d", "expiration": null, "is_active": 1 }, { "id": 1404541366, "indicator": "ba35aa14ccc0e4fa8e47b621ea1d1efe1b012b623afd469e56015c0857fec646", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2aa2a6e004159b9e3a590c63a0cc47b3", "expiration": null, "is_active": 1 }, { "id": 1404541360, "indicator": "bc54acf4e60688ea668ef40ef965f2bad41dcf260ddae26d28b5551461c4b402", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7ad50c9e4a4bab73bba38860906220b6", "expiration": null, "is_active": 1 }, { "id": 1404541008, "indicator": "bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 57a1f0658712ee7b3a724b6d07e97259", "expiration": null, "is_active": 1 }, { "id": 542925, "indicator": "bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 08709ef0e3d467ce843af4deb77d74d5", "expiration": null, "is_active": 1 }, { "id": 1404540968, "indicator": "bd589360b299dc4803aa35abca527137a51feadae2b1e3bc2b5a301bb5b245da", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0753697172046fcfb03d6445fff1f093", "expiration": null, "is_active": 1 }, { "id": 1404541186, "indicator": "bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 345adb4594e3a2b02041c7e2b5fde46b", "expiration": null, "is_active": 1 }, { "id": 1819957, "indicator": "c11212ff6474a15402ac848d1e4b9c6ced3deafb959b59837f14b834e5d0ad15", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_2008", "description": "SHA256 of 22a46be630c877e2885c51147de10863", "expiration": null, "is_active": 1 }, { "id": 1404541131, "indicator": "c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 423bb8914078a587d08b54d16bbd527c", "expiration": null, "is_active": 1 }, { "id": 1404541016, "indicator": "c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0e0182694c381f8b68afc5f3ff4c4653", "expiration": null, "is_active": 1 }, { "id": 1404540929, "indicator": "c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 42ffc84c6381a18b1f6d000b94c74b09", "expiration": null, "is_active": 1 }, { "id": 1404540958, "indicator": "c218b779461d83d70791e0578175503cd69128c9723f2c5d7d36b85073b0f2f9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 65c40b01a0870250fb358efc8b201192", "expiration": null, "is_active": 1 }, { "id": 1404540950, "indicator": "c47f2973f077f21abfb202b54ea18ee2a182e4305ee0046c1bc6d15a1179a43c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6a5a0ac42161333e9758589ecabed3c6", "expiration": null, "is_active": 1 }, { "id": 1404541154, "indicator": "c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 297ef5bf99b5e4fd413f3755ba6aad79", "expiration": null, "is_active": 1 }, { "id": 1404541179, "indicator": "c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3adea70969f52d365c119b3d25619de9", "expiration": null, "is_active": 1 }, { "id": 1404541263, "indicator": "cae1277446cb62f1ed3674e7ea87063a28b9d364e3638fa779fe8e3d6e1fb15f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Exploit-260", "description": "SHA256 of 0295fb28f715a19e2b0c497b5dd55629", "expiration": null, "is_active": 1 }, { "id": 1404541356, "indicator": "ce2c4dd21b99407bfa7066a6a57d180c00527e7db8ee52558c597550ac8b5d7c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6d45f34e6d29391ee6f0e91bf344a7d0", "expiration": null, "is_active": 1 }, { "id": 1404540932, "indicator": "d04bef6765408d528fdf82a46c157b44e8b5e7762a15b0264033c9558ccc48dd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 591a5ef38c1be504fbbc88219eb39692", "expiration": null, "is_active": 1 }, { "id": 1404541018, "indicator": "d469000ca9e6af92876334e3a460ea4ac8a61c1a6ee819eefbfd0c79ea4fb315", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6332176672744320e9fee2117b059193", "expiration": null, "is_active": 1 }, { "id": 1404541227, "indicator": "d5f1d8d2629b91744fe812207cb3f0bebfd1aec9937b7744a263d1a4e3421063", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 20d86cb4ebbffb739faa47f7354ee134", "expiration": null, "is_active": 1 }, { "id": 1404540548, "indicator": "d88bd6947eef00bd3baadc55ff1c55b3cdcff5ba8fd145d5b5bf8894c42a7fd3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2384eb7914fd9d8d11be72bb83046445", "expiration": null, "is_active": 1 }, { "id": 1404540529, "indicator": "dd29a6b5c62d8726a3073b6f7d20e6f34d00616de61fc55d04bda9e7824cd598", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "avdetect_procs", "description": "SHA256 of 5bc3b701819a4f2004b000d7db4b1b63", "expiration": null, "is_active": 1 }, { "id": 1404540939, "indicator": "ddce4b5e1c03d04bb82780a2d0f08469bb589b6fe8f0d4cc2a140b16344f5bd1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 16bb0f9d98eb7a832b6db1e92f4e4f1a", "expiration": null, "is_active": 1 }, { "id": 1404541158, "indicator": "de8184c6850d17f90e861309828af1f7b7e3b1695ebe5d303d3d4b6ef4ba1218", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Miniduke-2", "description": "SHA256 of 738c60fff066934b6f33e368cfe9a88c", "expiration": null, "is_active": 1 }, { "id": 1404540540, "indicator": "ded70a8fc7074ea0ceb7f489b2ebb1198154a2507538fc73cbb74712d5fc6d19", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 33c87cf8895a81706ca582efd922601b", "expiration": null, "is_active": 1 }, { "id": 1404540936, "indicator": "df03f0ae0622f5040bf449ab8b7559a97da7f746cc2ce24a8ad5336b18699296", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 80a93e5dd3a3ea22f9a9af1547f797ab", "expiration": null, "is_active": 1 }, { "id": 1404540954, "indicator": "df818c2dccacc532ba0205749329b7e46d1f6616b40da55e0d994105bd988bd2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 19aca5da05ee8e5862e1d1ee50e84cec", "expiration": null, "is_active": 1 }, { "id": 1404541151, "indicator": "dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 561017f887865b8d13f85c5474cdcbb8", "expiration": null, "is_active": 1 }, { "id": 169008, "indicator": "e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 07660a9b83b7fbc7ab372a911c69a85b", "expiration": null, "is_active": 1 }, { "id": 1404541037, "indicator": "e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7040ee4cd4be4b84f8510c04663a2500", "expiration": null, "is_active": 1 }, { "id": 1404541364, "indicator": "e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 84137c8e7509a0e9cf7ff71ba060cdb5", "expiration": null, "is_active": 1 }, { "id": 1404541204, "indicator": "ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 37c394e3e15d211a050446bc90edac94", "expiration": null, "is_active": 1 }, { "id": 548499, "indicator": "ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3a04a5d7ed785daa16f4ebfd3acf0867", "expiration": null, "is_active": 1 }, { "id": 1404541134, "indicator": "f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6942f1dfd61d231df8acb7ed0f6310c4", "expiration": null, "is_active": 1 }, { "id": 1404541168, "indicator": "f21794d0b0938643e2aabe9f2ed762528e631a2ebda76020d0b59ce91fb51e41", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 5080bc705217c614b9cbf67a679979a8", "expiration": null, "is_active": 1 }, { "id": 548461, "indicator": "f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of 62c4ce93050e48d623569c7dcc4d0278", "expiration": null, "is_active": 1 }, { "id": 1404541150, "indicator": "f4b01a3a299b09d2b4418cb66e80c34e3ec04016ed27199c472515cf95a023d0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 441ee6a307e672c24d334d66cd7b2e1a", "expiration": null, "is_active": 1 }, { "id": 1404541208, "indicator": "f6af08e31471c98adcc26f9916e26d41aa0c47ff94949d3174d55c320032be26", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Iespy-66", "description": "SHA256 of 2bd46a980dde8eaa13e3defffb87e1e0", "expiration": null, "is_active": 1 }, { "id": 1404541224, "indicator": "f6c62f9f846b3d100d60b1f2ae57a71c91dd8dc215dce652e2c85dff60c0197f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 23273a83bfd7aed10b9403e23a8bcba9", "expiration": null, "is_active": 1 }, { "id": 1404541026, "indicator": "fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 83f57f0116a3b3d69ef7b1dbe9943801", "expiration": null, "is_active": 1 }, { "id": 1404541031, "indicator": "fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8282eb6d6f20c5de6e7f4ae3a42438d2", "expiration": null, "is_active": 1 }, { "id": 1404541246, "indicator": "fede980fc70a86f949828b834edc0847490d497efcbd3a1155b7d3afe7c32543", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 5400d3db044befebbc39087ee1fe9533", "expiration": null, "is_active": 1 }, { "id": 2787242363, "indicator": "http://188.40.13.99/manual/en/db.class.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2870124485, "indicator": "http://64.18.143.66/modules/en/db.class.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566332, "indicator": "http://64.18.143.90/modules/en/app.class.php?F=1", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2656230214, "indicator": "http://82.146.51.22/dir.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1819914, "indicator": "http://82.146.51.22/xbrk.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2787241827, "indicator": "http://83.149.74.73/dir.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566333, "indicator": "c806ae7f2771df082aa62ae04806d2d48d9bbcbd", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_29 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-59-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0295fb28f715a19e2b0c497b5dd55629\" \n \t\t hash2= \"05d10323111f02233163a6742556c974\" \n \t\t hash3= \"0753697172046fcfb03d6445fff1f093\" \n \t\t hash4= \"07660a9b83b7fbc7ab372a911c69a85b\" \n \t\t hash5= \"0775a35e939a14a382b562c95845cb50\" \n \t\t hash6= \"08709ef0e3d467ce843af4deb77d74d5\" \n \t\t hash7= \"0b78ad10bb56a3f69f13297e427806cf\" \n \t\t hash8= \"0be02d5f66f84ebd03f362ad4b4a06e6\" \n \t\t hash9= \"0e0182694c381f8b68afc5f3ff4c4653\" \n \t\t hash10= \"0ea4ccf2737f7095b367eda58e475e1f\" \n \t\t hash11= \"0ee0f7fd55843d1ef7c9d6396bbcb99b\" \n \t\t hash12= \"1270217794b67491365048584a27a5ed\" \n \t\t hash13= \"14d779777af6eb7c556ae338b462c48d\" \n \t\t hash14= \"1528567b1a2f1da31d602ce1ddfd8918\" \n \t\t hash15= \"16bb0f9d98eb7a832b6db1e92f4e4f1a\" \n \t\t hash16= \"181a88c911b10d0fcb4682ae552c0de3\" \n \t\t hash17= \"18e64b8e5ce5bdd33ce8bd9e00af672c\" \n \t\t hash18= \"18edd6bc785e56990f6721cd553c24ad\" \n \t\t hash19= \"19aca5da05ee8e5862e1d1ee50e84cec\" \n \t\t hash20= \"1a262a7bfecd981d7874633f41ea5de8\" \n \t\t hash21= \"1a42acbdb285a7fba17f95068822ea4e\" \n \t\t hash22= \"1a874e5ecd67dffab45e17e9b730daed\" \n \t\t hash23= \"1aa8a941ec22a3ffe32d079323a2e6c4\" \n \t\t hash24= \"1c658719e6dedb929a6d85359c59682d\" \n \t\t hash25= \"1dde02ff744fa4e261168e2008fd613a\" \n \t\t hash26= \"1de51ec5d2b8466f0d424e1c8dcd6454\" \n \t\t hash27= \"1e1b0d16a16cf5c7f3a7c053ce78f515\" \n \t\t hash28= \"1e417aa350346731f6e0c936d725f1a5\" \n \t\t hash29= \"209a4a102a977b698544c99d8236e9ca\" \n \t\t hash30= \"20d86cb4ebbffb739faa47f7354ee134\" \n \t\t hash31= \"210834cfcde3f416b82263c521eefa78\" \n \t\t hash32= \"22a46be630c877e2885c51147de10863\" \n \t\t hash33= \"23273a83bfd7aed10b9403e23a8bcba9\" \n \t\t hash34= \"2337a4fa99547eb0cf7600601ab44dda\" \n \t\t hash35= \"2384eb7914fd9d8d11be72bb83046445\" \n \t\t hash36= \"23d2592db15c251382706515cf4fd37e\" \n \t\t hash37= \"2530f54b87508e6f09a6bc5ab863b5db\" \n \t\t hash38= \"26e8b95dfbc6a8aafe40ab84b1d2ab5e\" \n \t\t hash39= \"270ca8368cd4216b1813281d3efe485d\" \n \t\t hash40= \"27f3d0556c59e32791567a09236507d9\" \n \t\t hash41= \"28f96a57fa5ff663926e9bad51a1d0cb\" \n \t\t hash42= \"297ef5bf99b5e4fd413f3755ba6aad79\" \n \t\t hash43= \"2a998ce2750335079d73e6b2eb2bd011\" \n \t\t hash44= \"2aa2a6e004159b9e3a590c63a0cc47b3\" \n \t\t hash45= \"2ab25d33d61cf4cfbac92c26c7c0598e\" \n \t\t hash46= \"2bd46a980dde8eaa13e3defffb87e1e0\" \n \t\t hash47= \"2c6a49568e1733b66ef9dd2fa659aedb\" \n \t\t hash48= \"2d87ab160291664d62445548a2164c60\" \n \t\t hash49= \"2d96b4c95152819a888deccf7ec965d6\" \n \t\t hash50= \"2dcd049c591644e35102921a48799975\" \n \t\t hash51= \"2e30fd352b659557b5da83dcba6195c0\" \n \t\t hash52= \"2ef51f1ca11ce73fa20b54a5886ad1dd\" \n \t\t hash53= \"3195110045f64a3c83fc3e043c46d253\" \n \t\t hash54= \"335160cad23e28d4597c1546458042c4\" \n \t\t hash55= \"33548f84763edb22ea6039dbbd064aeb\" \n \t\t hash56= \"33c87cf8895a81706ca582efd922601b\" \n \t\t hash57= \"345adb4594e3a2b02041c7e2b5fde46b\" \n \t\t hash58= \"351c913e4120081d8f04317121654a39\" \n \t\t hash59= \"35c6928790ce08309af997654ed6d719\" \n \t\t hash60= \"3729a14be6b3a92265cf6d8e14c79abe\" \n \t\t hash61= \"37369a91ad462f1fac9004f3a86bb3ac\" \n \t\t hash62= \"37c394e3e15d211a050446bc90edac94\" \n \t\t hash63= \"381691b297f7f5694709e21ad61ec645\" \n \t\t hash64= \"39e1b41b4118f4ea3ce2119c054b29e8\" \n \t\t hash65= \"3a04a5d7ed785daa16f4ebfd3acf0867\" \n \t\t hash66= \"3a2ba475bf6a60dbe3ed59330c53c3f7\" \n \t\t hash67= \"3a6b45a7c8fa74bc342b69e926079960\" \n \t\t hash68= \"3adea70969f52d365c119b3d25619de9\" \n \t\t hash69= \"3c0ca0ab63a76dbf836725c95e2a5b7a\" \n \t\t hash70= \"3d3363598f87c78826c859077606e514\" \n \t\t hash71= \"416db420e781c709bb71acee0b79282f\" \n \t\t hash72= \"423bb8914078a587d08b54d16bbd527c\" \n \t\t hash73= \"42ffc84c6381a18b1f6d000b94c74b09\" \n \t\t hash74= \"43c012086c1ae0a67c38b0926d6cba3f\" \n \t\t hash75= \"441ee6a307e672c24d334d66cd7b2e1a\" \n \t\t hash76= \"45fb9f8733b3f0b26d38195b2c5ae54e\" \n \t\t hash77= \"4638a4e7faf5a9343551cc6e9668d143\" \n \t\t hash78= \"4649609b8394283ec36ada132b02a0c6\" \n \t\t hash79= \"48bbce47e4d2d51811ea99d5a771cd1a\" \n \t\t hash80= \"4c6608203e751cf27f627220269d6835\" \n \t\t hash81= \"4d3a94134aaf590ae8ece0a57257e129\" \n \t\t hash82= \"4f148ffeac50df60f9f9015b909d8ed0\" \n \t\t hash83= \"5080bc705217c614b9cbf67a679979a8\" \n \t\t hash84= \"50a56d98be79a1e6f04a1964e170a5d7\" \n \t\t hash85= \"50bf9c6de53b7de6906c2d5ed6177c28\" \n \t\t hash86= \"51a96f279e790d2f861bb0ff843a7328\" \n \t\t hash87= \"527537cc28705e01af8d8006ae8308a9\" \n \t\t hash88= \"52c73a7801a186077ed27a4cb7c7f887\" \n \t\t hash89= \"5400d3db044befebbc39087ee1fe9533\" \n \t\t hash90= \"556b9eca4a85f52e2f3176c306e18661\" \n \t\t hash91= \"561017f887865b8d13f85c5474cdcbb8\" \n \t\t hash92= \"573b0f9dc06833bcfaea2147d28bcffc\" \n \t\t hash93= \"57a1f0658712ee7b3a724b6d07e97259\" \n \t\t hash94= \"591a5ef38c1be504fbbc88219eb39692\" \n \t\t hash95= \"59571740dcf8266c2205b901b6b489d1\" \n \t\t hash96= \"5a7659b691a3caf107e6636d8906dcb0\" \n \t\t hash97= \"5b4250a6bb4c6915ce962d489ee912d6\" \n \t\t hash98= \"5bc3b701819a4f2004b000d7db4b1b63\" \n \t\t hash99= \"5dabff44971cc53bef7d8e17e85dda73\" \n \t\t hash100= \"608b22fcd2d067730176e335d3c6454b\" \n \t\t hash101= \"612fba96383a5098c26fe1a222e1e755\" \n \t\t hash102= \"61c6d0076ee4187f9ec31841aa645d42\" \n \t\t hash103= \"62c4ce93050e48d623569c7dcc4d0278\" \n \t\t hash104= \"6332176672744320e9fee2117b059193\" \n \t\t hash105= \"6542cd548182d6adc08a63c942f9bc54\" \n \t\t hash106= \"6571a2d3892ca937697e96f8bb795e42\" \n \t\t hash107= \"65c40b01a0870250fb358efc8b201192\" \n \t\t hash108= \"6629b432266d78f9eb74d2d1a71d0d32\" \n \t\t hash109= \"664b149ae8469cbda7fd7ed48c7dc9b6\" \n \t\t hash110= \"685d678b3ffd72fce3f8b48d82a76f60\" \n \t\t hash111= \"68f6d84ac9a28c2fea59ff5e04577911\" \n \t\t hash112= \"69232da84dc7d9b2fdf1f1daade6eaae\" \n \t\t hash113= \"6942f1dfd61d231df8acb7ed0f6310c4\" \n \t\t hash114= \"6a5a0ac42161333e9758589ecabed3c6\" \n \t\t hash115= \"6d45f34e6d29391ee6f0e91bf344a7d0\" \n \t\t hash116= \"6f5a73931c6c109bd6504a5ee0476ae7\" \n \t\t hash117= \"7040ee4cd4be4b84f8510c04663a2500\" \n \t\t hash118= \"704381812f4cc3c5b3875ea33232c842\" \n \t\t hash119= \"70f5574e4e7ad360f4f5c2117a7a1ca7\" \n \t\t hash120= \"72512c49401bd3d04a8ef6c7a6475307\" \n \t\t hash121= \"738c60fff066934b6f33e368cfe9a88c\" \n \t\t hash122= \"73931351f883cff5dbdcc54cc4eb10a7\" \n \t\t hash123= \"74593127f50abff5327b3f7038b456d2\" \n \t\t hash124= \"75368a54b28acb89b2705b636ed5ec61\" \n \t\t hash125= \"75457cc94b1d1dfa3f5d1aedc2edb044\" \n \t\t hash126= \"75c97ca9b085411af1860523c3c884b5\" \n \t\t hash127= \"75d15f552aba5ed0df80ec2c16ab683e\" \n \t\t hash128= \"7688be226b946e231e0cd36e6b708d20\" \n \t\t hash129= \"78c6245367e6ef00ca76b8106eb73816\" \n \t\t hash130= \"78e51be60eab2c6e952c9538a46ab521\" \n \t\t hash131= \"7ad50c9e4a4bab73bba38860906220b6\" \n \t\t hash132= \"7f6bca4f08c63e597bed969f5b729c56\" \n \t\t hash133= \"8019dea970331823a504baaa90d3470f\" \n \t\t hash134= \"80a93e5dd3a3ea22f9a9af1547f797ab\" \n \t\t hash135= \"810de1b9fa0a9396acae23dcd113a60d\" \n \t\t hash136= \"811f66d6dd2c713073c0b0aebbe74ce8\" \n \t\t hash137= \"823760d749db5f3f28c7d9366acd0f64\" \n \t\t hash138= \"8282eb6d6f20c5de6e7f4ae3a42438d2\" \n \t\t hash139= \"837b522730ff896435682b36f7b27a3e\" \n \t\t hash140= \"83f57f0116a3b3d69ef7b1dbe9943801\" \n \t\t hash141= \"84137c8e7509a0e9cf7ff71ba060cdb5\" \n \t\t hash142= \"8473fae7fdae7ee5a8b0fb64ebb596c1\" \n \t\t hash143= \"856b224da7525ea5192efbef7a9b8112\" \n \t\t hash144= \"8670710bc9477431a01a576b6b5c1b2a\" \n \t\t hash145= \"868915de8b23cfc87765525efbdb4fa0\" \n \t\t hash146= \"86ef8f5f62ae8590d6edf45e04806515\" \n \t\t hash147= \"87f235c00e8c3960b264192621f594ae\" \n \t\t hash148= \"8988f29396515f47de0457f9daa1dd62\" \n \t\t hash149= \"89b1e1c3c927f43d6d8108cf1422287a\" \n \t\t hash150= \"89b3cf1023825cc49efe59b06092dba1\" \n \t\t hash151= \"89c6c5439a2747d7f2a7305521dddcbb\" \n \t\t hash152= \"8d3542af992b1de4cf1f587f61dddb50\" \n \t\t hash153= \"8dcd3cb1e615edbfade8c2d9d6ef4c67\" \n \t\t hash154= \"8e5106565fd96df1308d208d1e3426a3\" \n \t\t hash155= \"9003e1d69cd29280d2233c1634370c60\" \n \t\t hash156= \"9018fa0826f237342471895f315dbf39\" \n \t\t hash157= \"90bd910ee161b71c7a37ac642f910059\" \n \t\t hash158= \"91a50a90cb31fad48908d5c6294e92ba\" \n \t\t hash159= \"91aaf47843a34a9d8d1bb715a6d4acec\" \n \t\t hash160= \"925b37a936304a5914941ac4584e346c\" \n \t\t hash161= \"93176df76e351b3ea829e0e6c6832bdf\" \n \t\t hash162= \"933b3c5d3728ef6e08af4ae579c00d11\" \n \t\t hash163= \"935892bb70d954efdc5ee1b0c5f97184\" \n \t\t hash164= \"964e4b516d72b7717aabb71ad7cc7bf6\" \n \t\t hash165= \"97886672cc570ba4a5d6a162e92d0155\" \n \t\t hash166= \"98a6484533fa12a9ba6b1bd9df1899dc\" \n \t\t hash167= \"9993445521ca03ac3a693625b5ca1f36\" \n \t\t hash168= \"9ad55b83f2eec0c19873a770b0c86a2f\" \n \t\t hash169= \"9d95c8f09f991a5fc37b79c45ebd2043\" \n \t\t hash170= \"9dc3d5da2f68b4ed9336c5b78b955780\" \n \t\t hash171= \"9e3f3b5e9ece79102d257e8cf982e09e\" \n \t\t hash172= \"9f13dc03904dbd45374acc2134477273\" \n \t\t hash173= \"9f65e3b320ec91380ebc28d4fdff4895\" \n \t\t hash174= \"a250c5ca9968e4ce2336462fc839bb90\" \n \t\t hash175= \"a25ec7749b2de12c2a86167afa88a4dd\" \n \t\t hash176= \"a4008cf300fd22f470c38489da9e25cf\" \n \t\t hash177= \"a4ad6b55b1bc9e16123de1388f6ef9bf\" \n \t\t hash178= \"a4c77494cccb41aaa8849176bd58055e\" \n \t\t hash179= \"a4f3e00b3da3e9d9382840dfbdbef311\" \n \t\t hash180= \"a58e8e935341b6f5cc1369c616de3765\" \n \t\t hash181= \"a5d6ad8ad82c266fda96e076335a5080\" \n \t\t hash182= \"a67ad3e2a020f690d892b727102a759b\" \n \t\t hash183= \"a9c045c401afb9766e2ca838dc6f47a4\" \n \t\t hash184= \"ab24962ba63d32a62cefd3c68c54a2ec\" \n \t\t hash185= \"ab2d8a0d5b03d40f148f2f907b55f9f1\" \n \t\t hash186= \"ab7a66ed3c6de1b7449d6054a8b46d7f\" \n \t\t hash187= \"ac", "title": "", "description": "APTMalware_APT_29 Group", "expiration": null, "is_active": 1 }, { "id": 2607533305, "indicator": "www.slutsstuff.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183965, "indicator": "4b19a2a6d40a5825e868c6ef25ae445e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "WEBC2-UGX", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584658049, "indicator": "822e67adf6c2c217286383fd90b31fed395e5bea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "WEBC2-UGX", "description": "SHA1 of 4b19a2a6d40a5825e868c6ef25ae445e", "expiration": null, "is_active": 1 }, { "id": 431162053, "indicator": "5d6729f5079b61a685bf5091f7009609b55d771dc0ca2a3dfe9cbb3d3b576584", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "WEBC2-UGX", "description": "SHA256 of 4b19a2a6d40a5825e868c6ef25ae445e", "expiration": null, "is_active": 1 }, { "id": 183542, "indicator": "001dd76872d80801692ff942308c64e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 183544, "indicator": "002325a0a67fded0381b5648d7fe9b8e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "", "expiration": null, "is_active": 1 }, { "id": 184489, "indicator": "00dbb9e1c09dbdafb360f3163ba5a3de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "", "expiration": null, "is_active": 1 }, { "id": 184460, "indicator": "0149b7bd7218aab4e257d28469fddb0d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184126, "indicator": "01e0dc079d4e33d8edd050c4900818da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "", "expiration": null, "is_active": 1 }, { "id": 183502, "indicator": "0285bd1fbdd70fd5165260a490564ac8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MANITSME_APT1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183904, "indicator": "02c65973b6018f5d473d701b3e7508b2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Jepesroot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184176, "indicator": "034374db2d35cf9da6558f54cec8a455", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184533, "indicator": "0496e3b17cf40c45f495188a368c203a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183531, "indicator": "052ec04866e4a67f31845d656531830d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "", "expiration": null, "is_active": 1 }, { "id": 184479, "indicator": "065e63afdfa539727f63af7530b22d2f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195587", "description": "", "expiration": null, "is_active": 1 }, { "id": 184457, "indicator": "079028d315d039da0ffec2728b2c9ef6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184078, "indicator": "0908d8b3e459551039bade50930e4c1b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183987, "indicator": "09531f851ef74a7238685fd287a395bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183752, "indicator": "097b5abb53a3d84fa9eabda02fef9e91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Muntsib.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183853, "indicator": "09d372e4259980ac95fdadf1846578d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dielel.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184300, "indicator": "0b506c6dde8d07f9eeb82fd01a6f97d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184426, "indicator": "0b680e7bd5c0501d5dd73164122a7faf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183982, "indicator": "0c28ad34f90950bc784339ec9f50d288", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "", "expiration": null, "is_active": 1 }, { "id": 183961, "indicator": "0c5e9f564115bfcbee66377a829de55f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 184336, "indicator": "0ca6e2ad69826c8e3287fc8576112814", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184342, "indicator": "0cad42671e5771574df44a23b3634f32", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184248, "indicator": "0cf9e999c574ec89595263446978dc9f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tartober.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183510, "indicator": "0d0240672a314a7547d328f824642da8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184328, "indicator": "0dd3677594632ce270bcf8af94819caf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183985, "indicator": "0f23d5b93c30681655d8a4258b8de129", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183893, "indicator": "0ff20d023d6b54661d66fb3ce09afe3c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184518, "indicator": "106338ad223b84fbc2528a55e3e22302", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-752550", "description": "", "expiration": null, "is_active": 1 }, { "id": 184072, "indicator": "11504971bb85cdacb8ef7d45e6e2aeb7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "", "expiration": null, "is_active": 1 }, { "id": 184314, "indicator": "120c2e085992ff59a21ba401ec29fec9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184028, "indicator": "123505024f9e5ff74cb6aa67d7fcc392", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184341, "indicator": "12f25ce81596aeb19e75cc7ef08f3a38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30709", "description": "", "expiration": null, "is_active": 1 }, { "id": 184493, "indicator": "1328eaceb140a3863951d18661b097af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183917, "indicator": "13835f0d5aafbeda50560afc92c8b7b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 184442, "indicator": "13f0b56c28995e4efc8da784ad862853", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184564, "indicator": "1415eb8519d13328091cc5c76a624e3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195573", "description": "", "expiration": null, "is_active": 1 }, { "id": 184030, "indicator": "150c4c1f589c4baa794160276a3d4aba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150613, "indicator": "15244d2321faa3a271ff0b1e5a23148f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184291, "indicator": "15901ddbccc5e9e0579fc5b42f754fe8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Bitsto.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183586, "indicator": "165ef79e7caa806f13f82cc2bbf3dedd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 183525, "indicator": "17199ddac616938f383a0339f416c890", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184074, "indicator": "173cd315008897e56fa812f2b2843f83", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tooki.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184040, "indicator": "17f5a2e0997b59449ca2120b20b5b7ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Namsoth.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183504, "indicator": "1a0c7e61bcc50d57b7bcf9d9af691de5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184212, "indicator": "1c16bd1488163c03cd506c2f71486a0f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184149, "indicator": "1ca3ca9ec20474d07fc798f2b41e2625", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30603", "description": "", "expiration": null, "is_active": 1 }, { "id": 183644, "indicator": "1ce4605e771a04e375e0d1083f183e8e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184166, "indicator": "1e314c972075b8058099fd8759c11ce8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-528266", "description": "", "expiration": null, "is_active": 1 }, { "id": 183639, "indicator": "1e5ec6c06e4f6bb958dcbb9fc636009d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 183498, "indicator": "1ea61a0945bde3c6f41e12bc01928d37", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184368, "indicator": "1ede2c69d50e0efbe23f758d902216e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183693, "indicator": "1f2eb7b090018d975e6d9b40868c94ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183911, "indicator": "1f92ff8711716ca795fbd81c477e45f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183938, "indicator": "1f9b32bac55ba4c015181ebf55767752", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184301, "indicator": "1fb4ce2e56ced51ddf1edff8ed15c21b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184164, "indicator": "225e33508861984dd2a774760bfdfc52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 183920, "indicator": "23059de2797774bbdd9b21f979aaec51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 184083, "indicator": "24259ae8b0018b0ce9992fb1d9b69e2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184241, "indicator": "2479a9a50308cb72fcd5e4e18ef06468", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184448, "indicator": "255cd53f9bdb6f3755e621885cb34382", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184233, "indicator": "268988aa1df82ab073f527b5b6c8bff7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "HackTool:Win32/Elsashes.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184054, "indicator": "268eef019bf65b2987e945afaf29643f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183983, "indicator": "270d42f292105951ee81e4085ea45054", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183559, "indicator": "277964807a66aeeb6bd81dbfcaa3e4e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 184114, "indicator": "28dbd86bd86eb9153ecb20d883c41ae0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184024, "indicator": "29c691978af80dc23c4df96b5f6076bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183954, "indicator": "2b659d71ae168e774faaf38db30f4a84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 183695, "indicator": "2ba0d0083976a5c1e3315413cdcffcd2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184419, "indicator": "2bd02b41817d227058522cca40acd390", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195570", "description": "", "expiration": null, "is_active": 1 }, { "id": 183646, "indicator": "2bdc196cdac4478ae325c94bab433732", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184240, "indicator": "2c49f47c98203b110799ab622265f4ef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184404, "indicator": "2daa4a4574ba06aa3203ae0e0b45b3b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183744, "indicator": "2dd892986b2249b5214639ecc8ac0223", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183548, "indicator": "2f930d92dc5ebc9d53ad2a2b451ebf65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 184398, "indicator": "2fccaa39533de02490b1c6395878dd79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184372, "indicator": "30a7aa13b1f8d272cb36576952e8b6c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184010, "indicator": "30e78d186b27d2023a2a7319bb679c3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 184017, "indicator": "3107de21e480ab1f2d67725f419b28d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184216, "indicator": "3120fc8630c5252002f26f6e11b09eca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-515998", "description": "", "expiration": null, "is_active": 1 }, { "id": 183905, "indicator": "31e5e58dbdfad05175613e795298ebb5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30564", "description": "", "expiration": null, "is_active": 1 }, { "id": 184002, "indicator": "321d75c9990408db812e5a248a74f8c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184361, "indicator": "3364813bcbd111fc5ec1e4265c533506", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184345, "indicator": "338782d2df367156a2c7e12e9526c600", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183726, "indicator": "33de5067a433a6ec5c328067dc18ec37", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184422, "indicator": "341f5e7215826d07ada1ed2b96264c0d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183647, "indicator": "36c0d3f109aede4d76b05431f8a64f9e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184413, "indicator": "36cd49ad631e99125a3bb2786e405cea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Barkiofork!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 184224, "indicator": "36d5c8fc4b14559f73b6136d85b94198", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 183943, "indicator": "37cf3f25895c27ca5e647bbfdc1d5b2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov1xxv2xx", "description": "", "expiration": null, "is_active": 1 }, { "id": 184079, "indicator": "37ddd3d72ead03c7518f5d47650c8572", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 184394, "indicator": "37eee514b04167f8e17e2caa3bfd3049", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Sharat.gen!A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183884, "indicator": "390d1f2a620912104f53c034c8aef14b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30559", "description": "", "expiration": null, "is_active": 1 }, { "id": 184411, "indicator": "39e28f48c138dc156d1436fd02222e45", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 184497, "indicator": "3a45d4bfd1f919f167ce4a5e5ba00e15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184452, "indicator": "3b1b190407b868406c5c155a79f3d146", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Ruce.gen!A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184292, "indicator": "3c1b2fabb7d74bc5be0820eae4107f8a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184354, "indicator": "3c4066b252722c873348d43b4c3ec0e5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184366, "indicator": "3d0c1dc5ac55f6d0e6b7fabfeb5158f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ripinip.M", "description": "", "expiration": null, "is_active": 1 }, { "id": 21031, "indicator": "3de1bd0f2107198931177b2b23877df4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184587, "indicator": "3de60420845a582b0e44081b1138a7e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 183991, "indicator": "3e69945e5865ccc861f69b24bc1166b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 184531, "indicator": "3e6ed3ee47bce9946e2541332cb34c69", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183553, "indicator": "3e87051b1dc3463f378c7e1fe398dc7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183869, "indicator": "3f243b304358041fb163007e0c066d4a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184330, "indicator": "3f8682ab074a097ebbaadbf26dfff560", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Downloader-83571", "description": "", "expiration": null, "is_active": 1 }, { "id": 184071, "indicator": "3fb8f4cdcb4d1d48be2e473fd8727239", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183826, "indicator": "3fc26910f9c31bd9ba3ccb09132d9ca3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183565, "indicator": "4192479b055b2b21cb7e6c803b765d34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-27353", "description": "", "expiration": null, "is_active": 1 }, { "id": 184569, "indicator": "41a5d40ecc735172b18b61e01a30a178", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184237, "indicator": "41bb847963a8fce70ad21e70dd786107", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184365, "indicator": "435991e0c67f0c0b4504355b6d4493f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183842, "indicator": "438983192903f3fecf77500a39459ee6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tosct.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184552, "indicator": "43b844c35e1a933e9214588be81ce772", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184019, "indicator": "44066f29aab6a9379f8dd30f6bec257d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183654, "indicator": "468ff2c12cffc7e5b2fe0ee6bb3b239e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 184535, "indicator": "46c36c11238100e155f6d418332869ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184031, "indicator": "471005f73280264c48f769e1c21fbcc1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184096, "indicator": "476fea8761a03bef16e322996c2f6666", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183962, "indicator": "47e7f92419eb4b98ff4124c3ca11b738", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 21046, "indicator": "4a54d7878d4170c3d4e3c3606365c42c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183683, "indicator": "4c6bddcca2695d6202df38708e14fc7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184433, "indicator": "4c858a80df0d6de5d69824c9502b65cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 184468, "indicator": "4c9c9dbf388a8d81d8cfb4d3fc05f8e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "", "expiration": null, "is_active": 1 }, { "id": 183997, "indicator": "4cabfaef26fd8e5aec01d0c4b90a32f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 184290, "indicator": "4e551abcd14506092a0f8d54a45f3569", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 184469, "indicator": "4f763b07a7b8a80f1f9408e590f79532", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183567, "indicator": "50f35b7c86aede891a72fcb85f06b0b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184584, "indicator": "5100f0a34695c4c9dc7e915177041cad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 183864, "indicator": "51326bf40da5a5357a143dd9a6e6a11c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183566, "indicator": "51ce169debea41314f591290839fd55f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-404343", "description": "", "expiration": null, "is_active": 1 }, { "id": 183966, "indicator": "522d32a505f78f09303e689999a3e461", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-138969", "description": "", "expiration": null, "is_active": 1 }, { "id": 183933, "indicator": "523cf1c9741f5f9d11388a58de6a83a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30555", "description": "", "expiration": null, "is_active": 1 }, { "id": 184566, "indicator": "523f56515221161579ee6090c962e5b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183500, "indicator": "53b263dd41838aa178a5ced338a207f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184014, "indicator": "543c283d691939d99667e22bcb7be610", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184548, "indicator": "543e03cc5872e9ed870b2d64363f518b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184559, "indicator": "54d5d171a482278cc8eacf08d9175fd7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Pingbed.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183552, "indicator": "55886d571c2a57984ea9659b57e1c63a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "", "expiration": null, "is_active": 1 }, { "id": 183642, "indicator": "55fb1409170c91740359d1d96364f17b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184358, "indicator": "56de2854ef64d869b5df7af5e4effe3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184351, "indicator": "57326cd78a56d26e349bbd4bcc5b9fa2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183568, "indicator": "575836ebb1b8849f04e994e9160370e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Goolelo.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184244, "indicator": "57e79f7df13c0cb01910d0c688fcd296", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183876, "indicator": "57f98d16ac439a11012860f88db21831", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 184344, "indicator": "580a4c05982accc678a72c366b45815d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184509, "indicator": "585691777080b419b523938edd3ba2d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184273, "indicator": "58b020fd3bc0d34e8c4eaf0a3f3135af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183903, "indicator": "5a728cb9ce56763dccb32b5298d0f050", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "", "expiration": null, "is_active": 1 }, { "id": 183979, "indicator": "5aeaa53340a281074fcb539967438e3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183848, "indicator": "5bcaa2f4bc7567f6ffd5507a161e221a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184165, "indicator": "5bd5a22d42c04db7ac1343a2a9f471fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183959, "indicator": "5c4806b5859b35a3df03763e9c7ecbf6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184554, "indicator": "5c6f30cc369cd164d44941d381e282cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183882, "indicator": "5cd578614afb50b925008b68b3accdb9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183896, "indicator": "5cf0959687427850a92d7f69edd41b86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184269, "indicator": "5d8129be965fab8115eca34fc84bd7f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184236, "indicator": "5e42780f52763c77d592044e535e4b01", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183885, "indicator": "5e686bd284022e35559a9c6118df8f1e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184295, "indicator": "5f837bbfd3b458321070e2aebca4ec46", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183499, "indicator": "5ff3269faca4a67d1a4c537154aaad4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184362, "indicator": "605c1dc91a5c85024160ce78dfac842d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184588, "indicator": "611c8f862864af818202865b78ad7ca8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183611, "indicator": "620c6a6cff832e35090487680123f52b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184513, "indicator": "62a35021454e17f4a913e577d7ecd22f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184034, "indicator": "6377ec0c87f4ec1e7897751dd85d73d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184178, "indicator": "6461ea41f179e660c40ed65aee1a4a2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183595, "indicator": "649d54bc9eef5a60a4b9d8b889fee139", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183699, "indicator": "65018cd542145a3792ba09985734c12a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183725, "indicator": "650a6fca433ee243391e4b4c11f09438", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184076, "indicator": "6510cee34da30c7ef5e5e39980402257", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184058, "indicator": "6570163cd34454b3d1476c134d44b9d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183723, "indicator": "6576c196385407b0f7f4b1b537d88983", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183576, "indicator": "66c287675cd4c7172590f71181e723a8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184183, "indicator": "67504a0c2c2bf47efccdab5ca981ad7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184536, "indicator": "6808ec6dbb23f0fa7637c108f44c5c80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184367, "indicator": "689dcd40d5eae8c0d315265f3d90ffae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184107, "indicator": "68c67a6e26855ebc2569d67689c69a6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183909, "indicator": "69dc1e1ee273e531e91c60eb86396cc8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184286, "indicator": "6a4fbcfb44717eae2145c761c1c99b6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184346, "indicator": "6b3d19cc86d82b06f5db3ae9d5ba8a5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184527, "indicator": "6bf8f1f99ac5bba0db1b66518df378a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183519, "indicator": "6c5c5e4049265fffc87973f3e4978b26", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184128, "indicator": "6c65c697bcff935484a5cd2e7dd2e7d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184427, "indicator": "6d2320af561b2315c1241e3efd86067f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183630, "indicator": "6deae79fc82df523ba99852266a33f9e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183747, "indicator": "6e442c5ef460bee4c9457c6bf7a132d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184215, "indicator": "6e8f302794cfaae731840e345063e652", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183631, "indicator": "6ebd05a02459d3b22a9d4a79b8626bf1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149975, "indicator": "6f9992c486195edcf0bf2f6ee6c3ec74", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183738, "indicator": "6faa4740f99408d4d2dddd0b09bbdefd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183949, "indicator": "6fbf667e82c1477c4ce635b57b83bfa0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184162, "indicator": "70a55fdc712c6e31e013e6b5d412b0d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183661, "indicator": "727a6800991eead454e53e8af164a99c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183931, "indicator": "7388d67561d0a7989202ad4d37eff24f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183569, "indicator": "73d125f84503bd87f8142cf2ba8ab05e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184541, "indicator": "759b320aca72ba446e7e156407ebc10d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183883, "indicator": "75dad1ccabae8adeb5bae899d0c630f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184050, "indicator": "75ff4bd6b209b6f10472c4cd22e3f9e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184549, "indicator": "769aeae232c6162cedcb6c7255640c4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184109, "indicator": "7704ad9e8e0e3d75075e4c294f698d53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183948, "indicator": "7712d05c8b499fc7a1f4a6a6b6dee825", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183614, "indicator": "77fbfed235d6062212a3e43211a5706e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183704, "indicator": "785003a405bc7a4ebcbb21ddb757bf3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184521, "indicator": "7a660a9e48f6065333f388f2c0a67bd8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184350, "indicator": "7a670d13d4d014169c4080328b8feb86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184270, "indicator": "7a7a46e8fbc25a624d58e897dee04ffa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184228, "indicator": "7acb0d1df51706536f33bbdb990041d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184307, "indicator": "7aecb34616245eb6b2906358151be55b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184200, "indicator": "7aef47f9fd84669976c4b152910a6328", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183598, "indicator": "7b42b35832855ab4ff37ae9b8fa9e571", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184483, "indicator": "7bfeb0eaa1c51513e60bc0abafb1be9f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184382, "indicator": "7c82cd17b0fa420f09f97e060621ed7b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184027, "indicator": "7cb055ac3acbf53e07e20b65ec9126a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183561, "indicator": "7d3140bd028f70f1fa865364b69c5999", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184526, "indicator": "7f1a4bc267ace340a5aa7a0b79cbf349", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184239, "indicator": "7fc52a32337386d867a952a2c8644353", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184185, "indicator": "80856bd8ef7d5dbc3dc774f581855549", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183612, "indicator": "81b03cbcfc4b9d090cd8f5e5da816895", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184563, "indicator": "827040a5f5ae8de281a63899224b2f3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184532, "indicator": "830a748959bdd1ad3b6a1f72aab6f063", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149490, "indicator": "831a67dc75e2d4505180888747bc8ea9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183702, "indicator": "8442ae37b91f279a9f06de4c60b286a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184047, "indicator": "8454918f639a1b0719e00627f211d2ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184101, "indicator": "8462a62f13f92c34e4b89a7d13a185ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184443, "indicator": "86dd715a8d28788e68a575207d66df34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184075, "indicator": "871cc547feb9dbec0285321068e392b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184502, "indicator": "8725870a43192cb0176c82012996910a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 21068, "indicator": "8845cb5b4e450cb10a3b6ca41a9b4319", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184060, "indicator": "88b5f635ac9031bcdeda1f751952f966", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183582, "indicator": "88c7c50cd4130561d57a1d3b82c5b953", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184278, "indicator": "88dbcc682635b4013bcba5ad28bb976b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184102, "indicator": "8913ac72cdb8afd98bd8446896e1595a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184000, "indicator": "8934aeed5d213fe29e858eee616a6ec7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183550, "indicator": "8a86df3d382bfd1e4c4165f4cacfdff8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183698, "indicator": "8b75bcbff174c25a0161f30758509a44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184252, "indicator": "8d251ef81b1e2251601a7b2b0c03ec05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184547, "indicator": "8e1ec7e556b8c6612b6c34e310c50b66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183663, "indicator": "8e8622c393d7e832d39e620ead5d3b49", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184158, "indicator": "8f3d20c983f9d82a8ff17466f45ee757", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184303, "indicator": "8f4863b4dfb52d8362c031d3720a6d97", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184190, "indicator": "91deceb64c795927c6ea07f695f67334", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183620, "indicator": "929802a27737cebc59d19da724fdf30a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184486, "indicator": "933b11bc4799f8d9f65466fb2e3ea659", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184056, "indicator": "94a59ce0fadf84f6efa10fe7d5ee3a03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184428, "indicator": "9548e5ed4fbacd0ed4a9d6a27f5d8fec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184213, "indicator": "95d85aa629a786bb67439a064c4349ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184412, "indicator": "95f25d3afc5370f5d9fd8e65c17d3599", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149638, "indicator": "9675827a495f4ba6a4efd4dd70932b7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183585, "indicator": "973f4a238d6d19bdc7b42977b07b9cef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184069, "indicator": "97c83d85bd76a38b13cea960a1a97f70", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183889, "indicator": "98409dbf432419024dbf028c004344c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184395, "indicator": "989b797c2a63fbfc8e1c6e8a8ccd6204", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183739, "indicator": "99a39866a657a10949fcb6d634bb30d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183517, "indicator": "9e860622fee66074dfe81dcfcc40c4e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183692, "indicator": "9ea3c16194ce354c244c1b74c46cd92e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183831, "indicator": "9f11bc08af048c5c3a110e567082fe0b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184221, "indicator": "9fc3ed6c9b8056fbf155f79569ca7cb1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184340, "indicator": "a039a61e4c274811b0388aa517d29fbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184065, "indicator": "a241eec892637dec971bd925a40d3efb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183847, "indicator": "a2534e9b7e4146368ea3245381830eb0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183974, "indicator": "a2cd1189860b9ba214421aab86ecbc8a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183740, "indicator": "a316d5aeca269ca865077e7fff356e7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183555, "indicator": "a38a367d6696ba90b2e778a5a4bf98fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183746, "indicator": "a40e20ff8b991308f508239625f275d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184352, "indicator": "a4ad7335aa391519cc5fc9140f2562f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184435, "indicator": "a565682d8a13a5719977223e0d9c7aa4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183873, "indicator": "a5b581c0600815b1112ca2fed578928b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184418, "indicator": "a5d4ebc0285f0213e0c29d23bc410889", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184117, "indicator": "a639f598d4c0b9aa7a4691d05f27d977", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184420, "indicator": "a7f17c75519fb8a39d37c47617202b05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184193, "indicator": "a8b2ac446c614fd5d4880d95369deb3b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184135, "indicator": "a8f259bb36e00d124963cfa9b86f502e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183955, "indicator": "a99e06e2f90db4e506ef1347a8774dd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184206, "indicator": "aa4f1ecc4d25b33395196b5d51a06790", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183897, "indicator": "ab00b38179851c8aa3f9bc80ed7baa23", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183910, "indicator": "ab208f0b517ba9850f1551c9555b5313", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183976, "indicator": "ac87816b9a371e72512d8fd82f61c737", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184155, "indicator": "ad3cccbe9ddff04b670d353b938f5da9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184198, "indicator": "af2745e8888f2ba17a9cf2e0779d3874", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184371, "indicator": "af2f7b070245c90bd2a0a0845314173a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184122, "indicator": "af719814507fdca4b96184f33b6b92ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183712, "indicator": "b07322743778b5868475dbe66eedac4f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184522, "indicator": "b145e4d19f5ecfaad45c795aee69c8dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184322, "indicator": "b1838a6c341260fbdaf288795cc63900", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184259, "indicator": "b1912db011633d98bc40ac568a4167a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183574, "indicator": "b1ee00cec6c2318fa86f320dd7fc99a8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183988, "indicator": "b1ff1ef983a1aee3a395788ec441d006", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184434, "indicator": "b36168ea438520875c621f5603db003f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184333, "indicator": "b3848edbabfbce246a9faf5466e743bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184415, "indicator": "b3bc979d8de3be09728c5de1a0297c4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183672, "indicator": "b3defdbd173738d44137f88a571647e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184033, "indicator": "b5e9ce72771217680efaeecfafe3da3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183580, "indicator": "b74022a7b9b63fdc541ae0848b28a962", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184446, "indicator": "b7dba6184f07b1e824362a2307d91ae2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184081, "indicator": "b8277cce81e0a372bc35d33a0c9483c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183940, "indicator": "b86e89a42a1c1bc6ea15096c68e38ba4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184097, "indicator": "b8f61242e28f2edf6cb1be8781438491", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183645, "indicator": "ba0c4d3dbf07d407211b5828405a9b91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184235, "indicator": "baabd9b76bff84ed27fd432cfc6df241", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184111, "indicator": "bac2e89bd92ce23e1e93a63d26dea01a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184416, "indicator": "bc723e4f93a3bf85f4d1e1910393d1a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184023, "indicator": "bc756bb6bf4e7b2058e8dce6ba8b1a79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183856, "indicator": "bcb087f69792b69494a3edad51a842bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183514, "indicator": "bcbdef1678049378be04719ed29078d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184576, "indicator": "bcdf8cb0868daaec3ba6176e3e7d3cfc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183652, "indicator": "bd8b082b7711bc980252f988bb0ca936", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184384, "indicator": "bdc5e16aec2c3796fb879a5c260d6ca9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183835, "indicator": "bdd2ad4c0e1e5667d117810ae9e36c4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183849, "indicator": "bf0ee4367ea32f8e3b911c304258e439", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183852, "indicator": "bf80dbf969b73790253f683cd723fd71", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184481, "indicator": "bfcae0468de0c7bcf92e9989589082f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184267, "indicator": "c0134285a276ab933e2a2b9b33b103cd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184461, "indicator": "c044715c2626ab515f6c85a21c47c7dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183623, "indicator": "c04c796ef126ad7429be7d55720fe392", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183734, "indicator": "c0a33a1b472a8c16123fd696a5ce5ebb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184093, "indicator": "c110f08399c5dca64d7dc4539eb82083", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184490, "indicator": "c1bd23ece59e36143d80f7eec0e38c52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184204, "indicator": "c39e272e9ea15d61e0c8e6b749a1ad46", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184477, "indicator": "c3af09a9fc487314eb4c9fe92a01845a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184153, "indicator": "c3e5603a38e700274d1ab30ce93d08b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184396, "indicator": "c41e44045cebebfba234063de8fd7c4d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184480, "indicator": "c425b8782075da33cba5aae5ad612582", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183606, "indicator": "c4c638750526e28f68d6d71fd1266bdf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184391, "indicator": "c6a4bb1a4e4f69ec71855d70d6960859", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184539, "indicator": "c763e041c8e85c195ade90e120338be7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184309, "indicator": "c799e1d25839e1efb2b3d42d6d6efd26", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183608, "indicator": "c9172b3e83c782bc930c06b628f31fa5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184401, "indicator": "c91eacab7655870764d13ba741aa9a73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184519, "indicator": "c99fa835350aa9e2427ce69323b061a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184186, "indicator": "c9f77569aa98f71cc42644d66d9f371c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184231, "indicator": "ca327bc83fbe38b3689cd1a5505dfc33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 21104, "indicator": "ca6fe7a1315af5afeac2961460a80569", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184377, "indicator": "cc17fe9f2d254ad28d050bf5c1df983d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183928, "indicator": "cc3a9a7b026bfe0e55ff219fd6aa7d94", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184488, "indicator": "ccfb7a84bb87cc8f86ddd260ad38ed5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183944, "indicator": "cd2102c5db1ed828a9c196448c40af3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183628, "indicator": "cf038194f0fe222f31ec24cb80941bb1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183622, "indicator": "cf9c2d5a8fbdd1c5adc20cfc5e663c21", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184103, "indicator": "cfc6112254a69030521d0d2bba152d4d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184582, "indicator": "cfce9478c880934b3548c3022a956e14", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184436, "indicator": "d0d5a20c5a6c4fddab4d43b85632b6a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184249, "indicator": "d16947b200afa74a917f055597b772c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183570, "indicator": "d22863c5e6f098a4b52688b021beef0a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183751, "indicator": "d262cb8267beb0e218f6d11d6af9052e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184334, "indicator": "d271ae0f4e9230af3b61eafe7f671fde", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183632, "indicator": "d2f1be7e10ed39aa8bc0f7f671d824d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183963, "indicator": "d34e357461c55d90c52309c1ff952b4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184451, "indicator": "d4ba6430996fb4021241efc97c607504", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184256, "indicator": "d4c7f1f80883412f9796f1270accff50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183526, "indicator": "d5fd1ce9189cd54f157d691e317c0821", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184011, "indicator": "d60ee4a39667a733c075bb7f7b36285a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183998, "indicator": "d62cd4ad2a919b6acfa6d49d446dffdb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184561, "indicator": "d7796209412da17b2ee2ccf2309b4abf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184218, "indicator": "d7aa32b7465f55c368230bb52d52d885", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183497, "indicator": "d8238e950608e5aba3d3e9e83e9ee2cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184180, "indicator": "d8b7b276710127d233abcdb7313aac36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183886, "indicator": "d9b1c95fb4424cf69a0ac8e40b3ab39b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183728, "indicator": "d9fbf759f527af373e34673dc3aca462", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184553, "indicator": "da383cc098a5ea8fbb87643611e4bfb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184403, "indicator": "da6b0ee7ec735029d1ff4fa863a71de8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183670, "indicator": "db05df0498b59b42a8e493cf3c10c578", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184181, "indicator": "db2580f5675f04716481b24bb7af468e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183872, "indicator": "db50416d9e67f4982e89e0ffb0ade6f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184123, "indicator": "dd21d1ea2146861a4219b1cbdaefe59b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184363, "indicator": "ddf3db31f9fa21cd43ff19dde393aba8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183913, "indicator": "dffd04ea26c03d3f6c67e10405abc5ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184324, "indicator": "e0fc0fae758d7c6091cdb11d5ef98e0e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183678, "indicator": "e1b6940985a23e5639450f8391820655", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183613, "indicator": "e476e4a24f8b4ff4c8a0b260aa35fc9f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184184, "indicator": "e480c8839e819eaa9b19d53acfa95052", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184573, "indicator": "e4be1e46775081b1d5405b3dd7dd1c64", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183643, "indicator": "e54ce5f0112c9fdfe86db17e85a5e2c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184274, "indicator": "e689b1fb0610b752f42adafc403fa49f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183641, "indicator": "e83f60fb0e0396ea309faf0aed64e53f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184087, "indicator": "ea1b44094ae4d8e2b63a1771a3e61fd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184277, "indicator": "ea502cd3504e74bac454835bd23e019b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183915, "indicator": "ea8b6c2c083d6b7b2b6ebc015b0488ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184008, "indicator": "ec3a2197ca6b63ee1454d99a6ae145ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183719, "indicator": "ec8aa67b05407c01094184c33d2b5a44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183584, "indicator": "ec8c89aa5e521572c74e2dd02a4daf78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183951, "indicator": "eef80511aa490b2168ed4c9fa5eafef0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183587, "indicator": "ef29229f7b633f634db3a5c49a3f4a1c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184132, "indicator": "ef6c375e3e6930e2b50e1e97fe6fbcc9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183664, "indicator": "ef8e0fb20e7228c7492ccdc59d87c690", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183577, "indicator": "f1e5d9bf7705b4dc5be0b8a90b73a863", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184355, "indicator": "f3611c5c793f521f7ff2a69c22d4174e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184276, "indicator": "f4ed3b7a8a58453052db4b5be3707342", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183684, "indicator": "f4f8067d501bfef385274912d2a833b5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183578, "indicator": "f627990bbe2ec5c48c180f724490c332", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183718, "indicator": "f6655e39465c2ff5b016980d918ea028", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184409, "indicator": "f7c63592ffb87b81ce45c89d207e9403", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184551, "indicator": "f7f85d7f628ce62d1d8f7b39d8940472", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183560, "indicator": "f802b6e448c054c9c16b97ff85646825", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183742, "indicator": "f8437e44748d2c3fcf84019766f4e6dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184337, "indicator": "f8892c6dacbf7ac756abb361e48bbc82", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184528, "indicator": "f904ea9bc8e2d7ce13a6007183da5957", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183907, "indicator": "fab6b0b33d59f393e142000f128a9652", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184127, "indicator": "fb671e6de6e301c892d2fdaa58f9cd9a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184214, "indicator": "fc1937c1aa536b3744ebdfb1716fd54d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184517, "indicator": "fc89424a2d33ea5af3f49b02e743773b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184349, "indicator": "fc9d20d555a88fc827f3a2bfec4dfa36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183941, "indicator": "fcdaa67e33357f64bc4ce7b57491fc53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184210, "indicator": "fe8ff84a23feb673a59d8571575fee0b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 184121, "indicator": "fefa3638e4d6f2e00b5194ae3fa0c931", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2584655607, "indicator": "02351b416307a523071086a08ba0d33aeac6febe", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA1 of 3107de21e480ab1f2d67725f419b28d0", "expiration": null, "is_active": 1 }, { "id": 2584655679, "indicator": "08884dc1744818a05873c11b0288737babedf15d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MANITSME_APT1", "description": "SHA1 of 0285bd1fbdd70fd5165260a490564ac8", "expiration": null, "is_active": 1 }, { "id": 2584655791, "indicator": "0bfceffb5d78ceab6cfae711c9728fbd9a5e2edc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 15244d2321faa3a271ff0b1e5a23148f", "expiration": null, "is_active": 1 }, { "id": 2584655813, "indicator": "0d3e36ac8f19f1eb5854c3ed3a9167c8d1b33600", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-27353", "description": "SHA1 of 4192479b055b2b21cb7e6c803b765d34", "expiration": null, "is_active": 1 }, { "id": 2584655858, "indicator": "1022428fab864c7591ca9af9aec11efdafaabc4e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA1 of 4f763b07a7b8a80f1f9408e590f79532", "expiration": null, "is_active": 1 }, { "id": 2584655897, "indicator": "12f12f03151c58b28a7d7246c7006888af2419e4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tosct.A", "description": "SHA1 of 438983192903f3fecf77500a39459ee6", "expiration": null, "is_active": 1 }, { "id": 2584655993, "indicator": "1571105b3fcbc117dd7c9308286af30d34787a92", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 13f0b56c28995e4efc8da784ad862853", "expiration": null, "is_active": 1 }, { "id": 2584656031, "indicator": "17d68ab51cb4c4e8b54c76c105eb82f91ae95568", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Ruce.gen!A", "description": "SHA1 of 3b1b190407b868406c5c155a79f3d146", "expiration": null, "is_active": 1 }, { "id": 2584656053, "indicator": "192b5ba67b87e366d92d187488c7746854e69eda", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-528266", "description": "SHA1 of 1e314c972075b8058099fd8759c11ce8", "expiration": null, "is_active": 1 }, { "id": 2584656276, "indicator": "263fa1d6aa945aaca30be60fe633ee96946d33f0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 4c9c9dbf388a8d81d8cfb4d3fc05f8e4", "expiration": null, "is_active": 1 }, { "id": 2584656376, "indicator": "283280b5f520fee6192ffb3439f9c97928fb68e7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-138969", "description": "SHA1 of 522d32a505f78f09303e689999a3e461", "expiration": null, "is_active": 1 }, { "id": 2584656378, "indicator": "28904dba741e9d0208237a9b991cf19bae17e39e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 3de60420845a582b0e44081b1138a7e4", "expiration": null, "is_active": 1 }, { "id": 2582676762, "indicator": "2bf7f0e84a5ae908af9e846cdab04327bcc83b72", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tooki.A", "description": "SHA1 of 173cd315008897e56fa812f2b2843f83", "expiration": null, "is_active": 1 }, { "id": 2584656448, "indicator": "2d804e04f95275817b7d2fb264299124e413cff8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "SHA1 of 33de5067a433a6ec5c328067dc18ec37", "expiration": null, "is_active": 1 }, { "id": 2584656475, "indicator": "2f52c34ba852041f339941b404c5034ba243d827", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 0c5e9f564115bfcbee66377a829de55f", "expiration": null, "is_active": 1 }, { "id": 2584656477, "indicator": "2f7ba414a7394c8b713e9e500af76263cc8783a1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA1 of 1328eaceb140a3863951d18661b097af", "expiration": null, "is_active": 1 }, { "id": 2584656486, "indicator": "2fdf87688130103d554eace7c19262e238cedd32", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA1 of 123505024f9e5ff74cb6aa67d7fcc392", "expiration": null, "is_active": 1 }, { "id": 2584656498, "indicator": "3084f2b95260503c62196ea2b3d11c0fec34d775", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 43b844c35e1a933e9214588be81ce772", "expiration": null, "is_active": 1 }, { "id": 2584656499, "indicator": "30a7ea8cf59d1531106cc052cd41cbcf873c7f3d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 13835f0d5aafbeda50560afc92c8b7b7", "expiration": null, "is_active": 1 }, { "id": 2584656587, "indicator": "3295364b89ddeec45fbcdf777ce47d031692d566", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-404343", "description": "SHA1 of 51ce169debea41314f591290839fd55f", "expiration": null, "is_active": 1 }, { "id": 2584656637, "indicator": "362bb45f85d7f2e224ab56dd81680dc47f839fab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-752550", "description": "SHA1 of 106338ad223b84fbc2528a55e3e22302", "expiration": null, "is_active": 1 }, { "id": 2584656686, "indicator": "39fdf1bfd3b7f1c11ef67be8d07309446fc41aae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4a54d7878d4170c3d4e3c3606365c42c", "expiration": null, "is_active": 1 }, { "id": 2584656701, "indicator": "3b80c6d8acf80404071cbc948d45b2df4d4b6021", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Namsoth.B", "description": "SHA1 of 17f5a2e0997b59449ca2120b20b5b7ce", "expiration": null, "is_active": 1 }, { "id": 2584656815, "indicator": "408fcda1685f62fa77729fec6ab6f658683f93e5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 39e28f48c138dc156d1436fd02222e45", "expiration": null, "is_active": 1 }, { "id": 2584656841, "indicator": "4306e84279b53feb6c5e9792e7304b9780c133ea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 37ddd3d72ead03c7518f5d47650c8572", "expiration": null, "is_active": 1 }, { "id": 1567312308, "indicator": "457cca2b8490e33c44634b69db18a94d5cef519f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195587", "description": "SHA1 of 065e63afdfa539727f63af7530b22d2f", "expiration": null, "is_active": 1 }, { "id": 2584656897, "indicator": "46d4e1b66d9b460913522df3c5fd220502b9e435", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA1 of 0b506c6dde8d07f9eeb82fd01a6f97d4", "expiration": null, "is_active": 1 }, { "id": 2584656975, "indicator": "478f27a3165a89fdc27bef345d3c31c3502daf75", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 277964807a66aeeb6bd81dbfcaa3e4e6", "expiration": null, "is_active": 1 }, { "id": 2584657020, "indicator": "4adfb93a1fdc82458ab769ae193d4236d1532179", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of 3e69945e5865ccc861f69b24bc1166b6", "expiration": null, "is_active": 1 }, { "id": 2584657022, "indicator": "4b065a7df70a897c92f2bc8dde1b8f8ce9c64a4d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "SHA1 of 53b263dd41838aa178a5ced338a207f3", "expiration": null, "is_active": 1 }, { "id": 2584657031, "indicator": "4ba0ae26a11623b8138247e65daf345480645da6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195573", "description": "SHA1 of 1415eb8519d13328091cc5c76a624e3d", "expiration": null, "is_active": 1 }, { "id": 2584657061, "indicator": "4d987277e07fff688662c685ef2228df3791b250", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30559", "description": "SHA1 of 390d1f2a620912104f53c034c8aef14b", "expiration": null, "is_active": 1 }, { "id": 2584657194, "indicator": "53be0518357b99231676e5ddda574fae8f899827", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA1 of 11504971bb85cdacb8ef7d45e6e2aeb7", "expiration": null, "is_active": 1 }, { "id": 2584657237, "indicator": "565a1b0b23f7c8f8e89030bc13b51e80df264a13", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 079028d315d039da0ffec2728b2c9ef6", "expiration": null, "is_active": 1 }, { "id": 2584657290, "indicator": "5a4a5a634e6d1ffa6313cccbd3f207d0095fb169", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 2b659d71ae168e774faaf38db30f4a84", "expiration": null, "is_active": 1 }, { "id": 2584657291, "indicator": "5a52e53f4ac4a56f23883494a7108e3b631ba428", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tartober.A", "description": "SHA1 of 0cf9e999c574ec89595263446978dc9f", "expiration": null, "is_active": 1 }, { "id": 2584657305, "indicator": "5b9ecd51724f241f4800eede92dce38f8a3787a2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 034374db2d35cf9da6558f54cec8a455", "expiration": null, "is_active": 1 }, { "id": 2584657406, "indicator": "5ec7cf3e20db710886fed42720a3b5493ff4e976", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "HackTool:Win32/Elsashes.A", "description": "SHA1 of 268988aa1df82ab073f527b5b6c8bff7", "expiration": null, "is_active": 1 }, { "id": 2584657458, "indicator": "62d0cde5ccc9406eea421cacc5f73216389dd17a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "SHA1 of 0496e3b17cf40c45f495188a368c203a", "expiration": null, "is_active": 1 }, { "id": 2584657468, "indicator": "635afd8cdf2e1d86f8efdd74f6beb8cefeb57b32", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "SHA1 of 4c858a80df0d6de5d69824c9502b65cf", "expiration": null, "is_active": 1 }, { "id": 2584657504, "indicator": "65ee8aa7f2972e8fccdce66c3fffaf1d99d402c6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of 1f92ff8711716ca795fbd81c477e45f5", "expiration": null, "is_active": 1 }, { "id": 2584657612, "indicator": "6a28bcb44c173e62d8a85aa7284e23ddbdce7961", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA1 of 2daa4a4574ba06aa3203ae0e0b45b3b8", "expiration": null, "is_active": 1 }, { "id": 2584657694, "indicator": "70e4f9fbad0a75194f8fe4ac3b05dfc90186cfdf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA1 of 0d0240672a314a7547d328f824642da8", "expiration": null, "is_active": 1 }, { "id": 2584657699, "indicator": "71886b7ae6de179d17cbb0209f772f96987c48a5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of 30e78d186b27d2023a2a7319bb679c3f", "expiration": null, "is_active": 1 }, { "id": 2584657703, "indicator": "71afc0989a17954d0eb6c480257c378f5d81847a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 09531f851ef74a7238685fd287a395bd", "expiration": null, "is_active": 1 }, { "id": 956207399, "indicator": "7299410fb5275944fe887b0746310b235009ceb1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Jepesroot.A", "description": "SHA1 of 02c65973b6018f5d473d701b3e7508b2", "expiration": null, "is_active": 1 }, { "id": 2582691513, "indicator": "72dc23f99bc6192f6ccfc8456a76eff00adc9700", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of 57e79f7df13c0cb01910d0c688fcd296", "expiration": null, "is_active": 1 }, { "id": 2584657838, "indicator": "770c8aa91e3a761f28f41f8311d0e751c0ebd084", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Goolelo.A", "description": "SHA1 of 575836ebb1b8849f04e994e9160370e4", "expiration": null, "is_active": 1 }, { "id": 2584657874, "indicator": "7977853c72150edda1c311376360a652fb768f38", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA1 of 17199ddac616938f383a0339f416c890", "expiration": null, "is_active": 1 }, { "id": 2584657893, "indicator": "7b15688bc1f6e893c63285d8d12f1a721bb00c23", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "SHA1 of 1f2eb7b090018d975e6d9b40868c94ca", "expiration": null, "is_active": 1 }, { "id": 2584657996, "indicator": "7e4d54a682416d574fe19366ba0f7b09262d70fd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA1 of 51326bf40da5a5357a143dd9a6e6a11c", "expiration": null, "is_active": 1 }, { "id": 2584658009, "indicator": "7f4d6745b9053583b55b87bb16a88840e56e5621", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA1 of 001dd76872d80801692ff942308c64e6", "expiration": null, "is_active": 1 }, { "id": 2584658053, "indicator": "825f05f7972280c55ef3a207a9950e6c9b43c857", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Sharat.gen!A", "description": "SHA1 of 37eee514b04167f8e17e2caa3bfd3049", "expiration": null, "is_active": 1 }, { "id": 107408578, "indicator": "8351103946b0664ace5384b09a978fdf49c85b90", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "SHA1 of 1ce4605e771a04e375e0d1083f183e8e", "expiration": null, "is_active": 1 }, { "id": 2584658208, "indicator": "88a09e244e3a6077e1170f103e034583478309da", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA1 of 44066f29aab6a9379f8dd30f6bec257d", "expiration": null, "is_active": 1 }, { "id": 2584658211, "indicator": "88c1d6807a7a2b5aba9c1e9d9fd0bf69ab2aa36a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dielel.A", "description": "SHA1 of 09d372e4259980ac95fdadf1846578d9", "expiration": null, "is_active": 1 }, { "id": 2584658218, "indicator": "8944c8f738e137a90e1538844dbbffdc13235bd9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 47e7f92419eb4b98ff4124c3ca11b738", "expiration": null, "is_active": 1 }, { "id": 2584658245, "indicator": "8b987a014507cec07da4b1fe36d0d25aa458ba21", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30603", "description": "SHA1 of 1ca3ca9ec20474d07fc798f2b41e2625", "expiration": null, "is_active": 1 }, { "id": 2584658251, "indicator": "8be60fb562a9ec626ab650b22bc2bf3087a0d77b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA1 of 4c6bddcca2695d6202df38708e14fc7e", "expiration": null, "is_active": 1 }, { "id": 2584658261, "indicator": "8cc8bad3bbde7e47cfdd11d3c5b50bc19c876ef2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 120c2e085992ff59a21ba401ec29fec9", "expiration": null, "is_active": 1 }, { "id": 888929230, "indicator": "8f096561d4021978f781cc3978a55d0f621fc837", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA1 of 00dbb9e1c09dbdafb360f3163ba5a3de", "expiration": null, "is_active": 1 }, { "id": 2584658403, "indicator": "92a1d5ebe85183286e2708d73a8f87d4ba6b3d43", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 23059de2797774bbdd9b21f979aaec51", "expiration": null, "is_active": 1 }, { "id": 2584658404, "indicator": "92a79e86cee85278cf6e0a16e0bf980b96e04cc6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov1xxv2xx", "description": "SHA1 of 37cf3f25895c27ca5e647bbfdc1d5b2d", "expiration": null, "is_active": 1 }, { "id": 2584658440, "indicator": "94bac6bdb3d2aa3b7dda94a9ddf505a8e67bb75a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Downloader-83571", "description": "SHA1 of 3f8682ab074a097ebbaadbf26dfff560", "expiration": null, "is_active": 1 }, { "id": 2584658462, "indicator": "963f0343a24536fbb164071d31c334bf3e466242", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.B", "description": "SHA1 of 468ff2c12cffc7e5b2fe0ee6bb3b239e", "expiration": null, "is_active": 1 }, { "id": 2584658485, "indicator": "9860de85ea0d2b3022fa3d7bbbee0a13796258e6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA1 of 052ec04866e4a67f31845d656531830d", "expiration": null, "is_active": 1 }, { "id": 2584658594, "indicator": "9c8d91dcc2973f774b0747f5fe7f308a9e45054d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Barkiofork!dha", "description": "SHA1 of 36cd49ad631e99125a3bb2786e405cea", "expiration": null, "is_active": 1 }, { "id": 2584658656, "indicator": "a15225f96a894515e7b3cfc7ce238feafbfb81c6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30709", "description": "SHA1 of 12f25ce81596aeb19e75cc7ef08f3a38", "expiration": null, "is_active": 1 }, { "id": 2584658703, "indicator": "a49718feddf874a62049809af51e858ad41897c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA1 of 4e551abcd14506092a0f8d54a45f3569", "expiration": null, "is_active": 1 }, { "id": 2584658824, "indicator": "a8c2c7097b0f3e8ad482ffd5c11db76d54715188", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 225e33508861984dd2a774760bfdfc52", "expiration": null, "is_active": 1 }, { "id": 2582702768, "indicator": "a96db41d4c9e010ce5a16ea423b1108148cb435b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Bitsto.A", "description": "SHA1 of 15901ddbccc5e9e0579fc5b42f754fe8", "expiration": null, "is_active": 1 }, { "id": 2584658907, "indicator": "aed7687aeea801a772faef74d448128e1fd440f8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 165ef79e7caa806f13f82cc2bbf3dedd", "expiration": null, "is_active": 1 }, { "id": 2584659057, "indicator": "b6cf24c96925f04e01a64704852b00d40452ce7c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ripinip.M", "description": "SHA1 of 3d0c1dc5ac55f6d0e6b7fabfeb5158f5", "expiration": null, "is_active": 1 }, { "id": 2584659098, "indicator": "b931373c3869a67d4448c818b91a3fd11821f95b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 4cabfaef26fd8e5aec01d0c4b90a32f3", "expiration": null, "is_active": 1 }, { "id": 2584659195, "indicator": "bc843f4898f95650d6e9708539e226ba09c55745", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA1 of 0c28ad34f90950bc784339ec9f50d288", "expiration": null, "is_active": 1 }, { "id": 2584659202, "indicator": "bcf6827b3f5a0215465f6bc1a20ca421b6e6a5c8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.A", "description": "SHA1 of 1c16bd1488163c03cd506c2f71486a0f", "expiration": null, "is_active": 1 }, { "id": 2584659239, "indicator": "c07c8e95992870d296f42feaee361b817932e885", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Pingbed.A", "description": "SHA1 of 54d5d171a482278cc8eacf08d9175fd7", "expiration": null, "is_active": 1 }, { "id": 2584659288, "indicator": "c3ef46409124951026cfd279ecb7810da6cbf181", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 2479a9a50308cb72fcd5e4e18ef06468", "expiration": null, "is_active": 1 }, { "id": 2584659374, "indicator": "c50d07e289821b8c67aa96ae55d8c082cde4a817", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195570", "description": "SHA1 of 2bd02b41817d227058522cca40acd390", "expiration": null, "is_active": 1 }, { "id": 2584659451, "indicator": "ca3960d33bfdda53967d6b6b29efb21a251af1fb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "SHA1 of 523f56515221161579ee6090c962e5b1", "expiration": null, "is_active": 1 }, { "id": 2584659492, "indicator": "cd853ad1c9880bfd2ee288d49ddb3a8433702f44", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA1 of 3c1b2fabb7d74bc5be0820eae4107f8a", "expiration": null, "is_active": 1 }, { "id": 1567312473, "indicator": "cff0b920bb2aeda46f8635936d1a5119b681f9a5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA1 of 01e0dc079d4e33d8edd050c4900818da", "expiration": null, "is_active": 1 }, { "id": 2584659608, "indicator": "d1c2d599ad796197d808835a692c6d369fcc3429", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "SHA1 of 270d42f292105951ee81e4085ea45054", "expiration": null, "is_active": 1 }, { "id": 2584659706, "indicator": "d8a93ccc6985aab10a558eb05168edfd860a1cd6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA1 of 55886d571c2a57984ea9659b57e1c63a", "expiration": null, "is_active": 1 }, { "id": 2584659785, "indicator": "da65112645b479cdb50499b3938bd5713b64e0e0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30564", "description": "SHA1 of 31e5e58dbdfad05175613e795298ebb5", "expiration": null, "is_active": 1 }, { "id": 2582714001, "indicator": "df145b00a0071b6aad2b733088e797ecab04e85e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 5100f0a34695c4c9dc7e915177041cad", "expiration": null, "is_active": 1 }, { "id": 2584659852, "indicator": "df81b2f577aa544311eea4729ccdcb68c0944365", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA1 of 2f930d92dc5ebc9d53ad2a2b451ebf65", "expiration": null, "is_active": 1 }, { "id": 2584659855, "indicator": "dfb803d6003347a15b769eb5ffa3caaa9a249cca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA1 of 36d5c8fc4b14559f73b6136d85b94198", "expiration": null, "is_active": 1 }, { "id": 2584659866, "indicator": "e0be423b622a5a53bd07300bfd821f0529a18ea9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-515998", "description": "SHA1 of 3120fc8630c5252002f26f6e11b09eca", "expiration": null, "is_active": 1 }, { "id": 2584659990, "indicator": "e4caaee7a60672e5699ebe153b3c835e8dc35cc2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 5a728cb9ce56763dccb32b5298d0f050", "expiration": null, "is_active": 1 }, { "id": 2584660102, "indicator": "ed47563dd5cc300716a9ba7946424d538f095ce6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 1e5ec6c06e4f6bb958dcbb9fc636009d", "expiration": null, "is_active": 1 }, { "id": 2584660179, "indicator": "ee1183fcf26263d45ec1c26ddeccf36ce64b5a25", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "SHA1 of 1ea61a0945bde3c6f41e12bc01928d37", "expiration": null, "is_active": 1 }, { "id": 1011903693, "indicator": "ee4c025731e791fb358f5f03e9d95fc86ee0a723", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA1 of 002325a0a67fded0381b5648d7fe9b8e", "expiration": null, "is_active": 1 }, { "id": 2584660203, "indicator": "ef6b4afea678eaa80b8ea3ba1fea485c9e678a6e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA1 of 57f98d16ac439a11012860f88db21831", "expiration": null, "is_active": 1 }, { "id": 2584660219, "indicator": "f1074b08993946dc0ea48229fc832bdb7a7b8d1d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Muntsib.A", "description": "SHA1 of 097b5abb53a3d84fa9eabda02fef9e91", "expiration": null, "is_active": 1 }, { "id": 2584660227, "indicator": "f192ca6e6b143ecbcff10d76407832e184ea88b3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA1 of 1a0c7e61bcc50d57b7bcf9d9af691de5", "expiration": null, "is_active": 1 }, { "id": 2584660235, "indicator": "f205b430a105030f87f0298e2fd9760363cedbac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of 41a5d40ecc735172b18b61e01a30a178", "expiration": null, "is_active": 1 }, { "id": 2584660283, "indicator": "f60973d256757c057b5e40ae0a5631ad314ab981", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "SHA1 of 36c0d3f109aede4d76b05431f8a64f9e", "expiration": null, "is_active": 1 }, { "id": 2584660416, "indicator": "fb144982544fccb617332092920d566671af1a25", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30555", "description": "SHA1 of 523cf1c9741f5f9d11388a58de6a83a4", "expiration": null, "is_active": 1 }, { "id": 2589235601, "indicator": "051f9ff45c531ad265489f563e6babca55f4a3f94604ff56e37140743f30badc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-404343", "description": "SHA256 of 51ce169debea41314f591290839fd55f", "expiration": null, "is_active": 1 }, { "id": 431148057, "indicator": "082323fd0f3d24f8fe31895ad1246ae2116aee78d01be83a28c3cbb856541003", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "SHA256 of 33de5067a433a6ec5c328067dc18ec37", "expiration": null, "is_active": 1 }, { "id": 2589240266, "indicator": "08d0eb1b10cdc8b5ba6d87d7b330fb69791f5e64b528feed19fc25a969a4034c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA256 of 2daa4a4574ba06aa3203ae0e0b45b3b8", "expiration": null, "is_active": 1 }, { "id": 431135836, "indicator": "3aecfdeb8e233fccec5f899c280d78fa8e47a3c4a02715fbe4881bb0cd7f914a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA256 of 4f763b07a7b8a80f1f9408e590f79532", "expiration": null, "is_active": 1 }, { "id": 430172570, "indicator": "3bff207897f6d8cd8f8e178a565d5efdd7d65c6bc270636995d328c768b02af2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA256 of 002325a0a67fded0381b5648d7fe9b8e", "expiration": null, "is_active": 1 }, { "id": 427873763, "indicator": "3d3da3e3c062b5b73de6dac3cef8a90c4c7eed5622dafdd9a47ea35af9056297", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 5a728cb9ce56763dccb32b5298d0f050", "expiration": null, "is_active": 1 }, { "id": 431141328, "indicator": "3d40846f4e20e2ca1dbab1a480a6ed9987f2c236b289122d606ecfac3299e299", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.B", "description": "SHA256 of 468ff2c12cffc7e5b2fe0ee6bb3b239e", "expiration": null, "is_active": 1 }, { "id": 2589341705, "indicator": "3d70e03b2da89a1aec0685c23a53d516a98e8df3e8a055a74e509389c107e3fe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30555", "description": "SHA256 of 523cf1c9741f5f9d11388a58de6a83a4", "expiration": null, "is_active": 1 }, { "id": 431141124, "indicator": "3eaa53ec7fe5fb610bb9a0dd3d0b93480869b829aac3733d2dc0cd83e77ec2fe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA256 of 01e0dc079d4e33d8edd050c4900818da", "expiration": null, "is_active": 1 }, { "id": 2589343467, "indicator": "3eca4278063b047dfa87e109c8b0ee7809f582d96e528c4db2f9596c897e92be", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 0c5e9f564115bfcbee66377a829de55f", "expiration": null, "is_active": 1 }, { "id": 431142120, "indicator": "4075f872440ec3a85bc7dd0ec5bc386f451a734dfb680f7e5f2559b735df9a6d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "SHA256 of 270d42f292105951ee81e4085ea45054", "expiration": null, "is_active": 1 }, { "id": 431139994, "indicator": "40d45fb455cf2db58dda6a57d437e626d5d7d86d4598d4afccab0ac7ff6d6b3e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA256 of 17199ddac616938f383a0339f416c890", "expiration": null, "is_active": 1 }, { "id": 2589369195, "indicator": "4123011354d8259e919fbdf605be1973a79100074959dca9d0cd1955667b8e93", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 079028d315d039da0ffec2728b2c9ef6", "expiration": null, "is_active": 1 }, { "id": 431139265, "indicator": "4144820d9b31c4d3c54025a4368b32f727077c3ec253753360349a783846747f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of 1f92ff8711716ca795fbd81c477e45f5", "expiration": null, "is_active": 1 }, { "id": 427871009, "indicator": "415a49754486b222b7a38355988c17fcbd671109020c67109aefca2f90d7ef41", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Barkiofork!dha", "description": "SHA256 of 36cd49ad631e99125a3bb2786e405cea", "expiration": null, "is_active": 1 }, { "id": 431135838, "indicator": "42df046e2728ef98042283530a8b0ab7d70b3f819cb83fd560ce5ce5caa0c462", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA256 of 123505024f9e5ff74cb6aa67d7fcc392", "expiration": null, "is_active": 1 }, { "id": 427873767, "indicator": "45985ca9eb04546745cec575d95b1684adc71130d1e0a8db2e36ad6d8df8b2a8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 43b844c35e1a933e9214588be81ce772", "expiration": null, "is_active": 1 }, { "id": 431139261, "indicator": "468bef292236e98a053333983f7094f64551a05509837c775fa65fdb785ca95a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "SHA256 of 36c0d3f109aede4d76b05431f8a64f9e", "expiration": null, "is_active": 1 }, { "id": 2589376170, "indicator": "46ec4b32dc3e293a2076d218bae721315f4f718b7c068ca368a798d2d19613e5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-752550", "description": "SHA256 of 106338ad223b84fbc2528a55e3e22302", "expiration": null, "is_active": 1 }, { "id": 2130652411, "indicator": "471bcf0fe2115ca50b075edddd179ea11336fe9431ceba9892f910f91f6407e0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 23059de2797774bbdd9b21f979aaec51", "expiration": null, "is_active": 1 }, { "id": 2589405711, "indicator": "4c157d7f94ac5a4c7bcf4782508a766b296c52b4df34cf94cc006fc613dc57e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan.Downloader-83571", "description": "SHA256 of 3f8682ab074a097ebbaadbf26dfff560", "expiration": null, "is_active": 1 }, { "id": 430172563, "indicator": "4c930517f6ff6da9bf7b988c29391d271907dc4b193a64b9a7deba84de0e9cda", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA256 of 55886d571c2a57984ea9659b57e1c63a", "expiration": null, "is_active": 1 }, { "id": 431041911, "indicator": "4fe6757544c655c0228ca9fbcdb3e197cd921e1e12776f5ad391cb9ac32d3667", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "SHA256 of 53b263dd41838aa178a5ced338a207f3", "expiration": null, "is_active": 1 }, { "id": 2589439737, "indicator": "52ad0acb46717dd6603195b4f33dc3bf32611a487eec89a83a9ee7744285562f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 277964807a66aeeb6bd81dbfcaa3e4e6", "expiration": null, "is_active": 1 }, { "id": 246181998, "indicator": "558e7b6df77b986f4213a39ea5aee28f56cc2110277746d08bb65e52256d1cf9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 5100f0a34695c4c9dc7e915177041cad", "expiration": null, "is_active": 1 }, { "id": 2589444117, "indicator": "563d94123f459e99dea894d79d707eede2a9f67fc044c4340f869e99606d1d85", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30559", "description": "SHA256 of 390d1f2a620912104f53c034c8aef14b", "expiration": null, "is_active": 1 }, { "id": 427873777, "indicator": "57866e54b1808069092ade9ac8e243650f18198a24924899d83746d97a66f400", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 034374db2d35cf9da6558f54cec8a455", "expiration": null, "is_active": 1 }, { "id": 431145079, "indicator": "57b75fe922c7852dca17425c84ef8f9c14b4d49ace577b82c427cdab28591931", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "HackTool:Win32/Elsashes.A", "description": "SHA256 of 268988aa1df82ab073f527b5b6c8bff7", "expiration": null, "is_active": 1 }, { "id": 431134143, "indicator": "58da2fe190b50f90484753f92fafe9f61a13c9217e593e55b6dafe32b12dc049", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Bitsto.A", "description": "SHA256 of 15901ddbccc5e9e0579fc5b42f754fe8", "expiration": null, "is_active": 1 }, { "id": 2589475477, "indicator": "5b2d2de9a95add2b71f3a9aa6c02fa56555b7d58270fd073384187f52b76a603", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 39e28f48c138dc156d1436fd02222e45", "expiration": null, "is_active": 1 }, { "id": 2589483720, "indicator": "62082c6af516080115a3a2a255c89775529e63c57bc2441c89272de438427bd2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Armadillov1xxv2xx", "description": "SHA256 of 37cf3f25895c27ca5e647bbfdc1d5b2d", "expiration": null, "is_active": 1 }, { "id": 431161016, "indicator": "7fb1a6f23d30495ad7367d38aa763f36701cbc476c868fc9d37a946e9bc26d53", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA256 of 51326bf40da5a5357a143dd9a6e6a11c", "expiration": null, "is_active": 1 }, { "id": 2589612809, "indicator": "801a2d3687e64f6d0f70fefe1ac09686716e7317b88f3b24e54e76957601346f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 2b659d71ae168e774faaf38db30f4a84", "expiration": null, "is_active": 1 }, { "id": 2589639634, "indicator": "83b69c237fecbb8d382add7f3fc9026838cea8228c610cdbe1bbc11be6f84de9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30603", "description": "SHA256 of 1ca3ca9ec20474d07fc798f2b41e2625", "expiration": null, "is_active": 1 }, { "id": 427873774, "indicator": "85bca7ec25d2b226be5e8e20d51fc7718366f70291a398b6aa617d734a3e7ba1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 1e5ec6c06e4f6bb958dcbb9fc636009d", "expiration": null, "is_active": 1 }, { "id": 107417578, "indicator": "89e0016fc5bd3cd4e25f88c70f9f8f13f81a45e3c6dc8ac2a4be44b5c5274957", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.A", "description": "SHA256 of 1ce4605e771a04e375e0d1083f183e8e", "expiration": null, "is_active": 1 }, { "id": 427873770, "indicator": "8cde65e4091da0b5e51df00ac2fd604c89e3256f372a8757c94910228f90ce6c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 4cabfaef26fd8e5aec01d0c4b90a32f3", "expiration": null, "is_active": 1 }, { "id": 2589674025, "indicator": "8e3976565c3792df7dba6e27501fcd24cd6ba329cc7d0293b4b3f1edde589aab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA256 of 1328eaceb140a3863951d18661b097af", "expiration": null, "is_active": 1 }, { "id": 2564714298, "indicator": "8edfaade7dff71f46a20709abf21f543371de0ee61be7b6cec7817d8a170886a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4a54d7878d4170c3d4e3c3606365c42c", "expiration": null, "is_active": 1 }, { "id": 431139264, "indicator": "90072aabe5a0438f0e58bce82b4cc294655887465573d934f7c03b5851c0676e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of 30e78d186b27d2023a2a7319bb679c3f", "expiration": null, "is_active": 1 }, { "id": 431141126, "indicator": "911ca97af69b531fa2c7cf56546fdc02b3daa1fde71e23d65c1f8f18355e3e1c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA256 of 0c28ad34f90950bc784339ec9f50d288", "expiration": null, "is_active": 1 }, { "id": 431137351, "indicator": "91645ee88782a4d51ba2b6ee0c52e089facdfe8fea8f8c21fe35457f90a1437c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Goolelo.A", "description": "SHA256 of 575836ebb1b8849f04e994e9160370e4", "expiration": null, "is_active": 1 }, { "id": 431161018, "indicator": "98fe63c98c8865781a7ef52b8b105dd3eeb444dfe3242468af0211eadd4076a5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA256 of 44066f29aab6a9379f8dd30f6bec257d", "expiration": null, "is_active": 1 }, { "id": 431135837, "indicator": "9ec9221f685b446874bb6dfc5509b4304f8d8b78b10fa3b8ba06cf4f505c0f84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA256 of 3107de21e480ab1f2d67725f419b28d0", "expiration": null, "is_active": 1 }, { "id": 430172567, "indicator": "a0a422d24a3d60e47916d6bc6618924cbd69d815b4cb79cd3d120e2d2ccc90c4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.A", "description": "SHA256 of 1c16bd1488163c03cd506c2f71486a0f", "expiration": null, "is_active": 1 }, { "id": 430160013, "indicator": "a3f009c02100036191b2211784c843da2ea9f3622ed45cb7e6a57ca835f9a933", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Ruce.gen!A", "description": "SHA256 of 3b1b190407b868406c5c155a79f3d146", "expiration": null, "is_active": 1 }, { "id": 427873768, "indicator": "a834ac7940783110c1fffef4963e88fea547b5d56a57927cf754b50f5f001d79", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 47e7f92419eb4b98ff4124c3ca11b738", "expiration": null, "is_active": 1 }, { "id": 431163809, "indicator": "aa94057d957736005bd6c70dba96b39b60121e0a4b35db03d5b9dfdbf5e58537", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Tooki.A", "description": "SHA256 of 173cd315008897e56fa812f2b2843f83", "expiration": null, "is_active": 1 }, { "id": 431141325, "indicator": "ab3ee0f2914deb0098a2cbf756cf0fa06db71427a8c9b18a72942ef41014543e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tosct.A", "description": "SHA256 of 438983192903f3fecf77500a39459ee6", "expiration": null, "is_active": 1 }, { "id": 2589801577, "indicator": "ad58ace8fa83d04af57aad608b2aa1b629ce7bcd373934ab84fe608397061ddc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30564", "description": "SHA256 of 31e5e58dbdfad05175613e795298ebb5", "expiration": null, "is_active": 1 }, { "id": 2589801586, "indicator": "ad5ce793bea64ed9a416236d1e4b99b021a771e5d57a46b97cf1e288e5617132", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ripinip.M", "description": "SHA256 of 3d0c1dc5ac55f6d0e6b7fabfeb5158f5", "expiration": null, "is_active": 1 }, { "id": 430172568, "indicator": "b6bc96ffcbdbf22f908a02b8fe2a392c8e5b8420a120935c2834f0dd5934832e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA256 of 001dd76872d80801692ff942308c64e6", "expiration": null, "is_active": 1 }, { "id": 431142119, "indicator": "b96d6e1cad06cab3424679278f862cecb6fce0e9f9e1453fbbb750688a3af0a6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Xifos.A", "description": "SHA256 of 523f56515221161579ee6090c962e5b1", "expiration": null, "is_active": 1 }, { "id": 2592838761, "indicator": "bd9146a2dfb87cbb8b301917a21dbaa8a7de344f7dffd3899b74fe86eaf43350", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 3de60420845a582b0e44081b1138a7e4", "expiration": null, "is_active": 1 }, { "id": 2592838981, "indicator": "bdc8f78ad67cdec5cb5faddf2a1e79947ea83f0b69f767e4a72174f400e9e1c9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-515998", "description": "SHA256 of 3120fc8630c5252002f26f6e11b09eca", "expiration": null, "is_active": 1 }, { "id": 431140696, "indicator": "bead710db3df029cb39f9ad8a42620d05c44ee45a6fc80bdc9f75684954cd55f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Sharat.gen!A", "description": "SHA256 of 37eee514b04167f8e17e2caa3bfd3049", "expiration": null, "is_active": 1 }, { "id": 2592841373, "indicator": "bfbc50ce93a2610ec5be137d07ee1b47b2511d3802771541c8842e2f3a908c23", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-138969", "description": "SHA256 of 522d32a505f78f09303e689999a3e461", "expiration": null, "is_active": 1 }, { "id": 431139256, "indicator": "c23039cf2f859e659e59ec362277321fbcdac680e6d9bc93fc03c8971333c25e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of 57e79f7df13c0cb01910d0c688fcd296", "expiration": null, "is_active": 1 }, { "id": 2592867166, "indicator": "c466345ca697cdf2ad5fee438bbb842cd7f2a154f4b963be02dd03199dfd839d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 225e33508861984dd2a774760bfdfc52", "expiration": null, "is_active": 1 }, { "id": 1567313308, "indicator": "c62de4a72361cf1db38ba8c4f59d386f0e1c02f190cf6c8698ae3a14295bcb04", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195587", "description": "SHA256 of 065e63afdfa539727f63af7530b22d2f", "expiration": null, "is_active": 1 }, { "id": 431141123, "indicator": "ca87326771eff77b636bcd3855822332c319a656f06e996940947a307262db4f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA256 of 11504971bb85cdacb8ef7d45e6e2aeb7", "expiration": null, "is_active": 1 }, { "id": 2592900491, "indicator": "cca3eee2650d20cf1bf50b76e7f97a3b0e26caff3af8546462c92f2e73d730f9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 37ddd3d72ead03c7518f5d47650c8572", "expiration": null, "is_active": 1 }, { "id": 427873776, "indicator": "ce82f2b530f028644c8c7238c065eb88e4af153598447179aa784482efba454e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 120c2e085992ff59a21ba401ec29fec9", "expiration": null, "is_active": 1 }, { "id": 2592903081, "indicator": "cebb47280cd00814e1c085c5bc3fbac0e9f91168999091f199a1b1d209edd814", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MANITSME_APT1", "description": "SHA256 of 0285bd1fbdd70fd5165260a490564ac8", "expiration": null, "is_active": 1 }, { "id": 431161019, "indicator": "d344b132097288f944aa9bb57835f135f60615438bc94e2a232dee308a21805a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA256 of 3c1b2fabb7d74bc5be0820eae4107f8a", "expiration": null, "is_active": 1 }, { "id": 2592938515, "indicator": "d66262b736bbe3b10b433b804af8f20532855394f12400b17c4b80299b455c9f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 165ef79e7caa806f13f82cc2bbf3dedd", "expiration": null, "is_active": 1 }, { "id": 431141834, "indicator": "dbbd5d7944b1791027762a40a70b3c74772a9d31b5c67b6519394a1705edabcc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "SHA256 of 0496e3b17cf40c45f495188a368c203a", "expiration": null, "is_active": 1 }, { "id": 431141153, "indicator": "dbeb6f7ea2bcd7dc2d20006b9c5338b6f2e258129b439b406cdf7c239383babe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Tartober.A", "description": "SHA256 of 0cf9e999c574ec89595263446978dc9f", "expiration": null, "is_active": 1 }, { "id": 427873773, "indicator": "dcbc9d204549f768a24ec821f2b709c86caf0f5821514d9004b62443ec3e6933", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 13f0b56c28995e4efc8da784ad862853", "expiration": null, "is_active": 1 }, { "id": 427873769, "indicator": "dd52dd9975e9416fd24d4230c84fa82e1edbdfee75670486d5a38ef9cc042960", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 41a5d40ecc735172b18b61e01a30a178", "expiration": null, "is_active": 1 }, { "id": 2592968548, "indicator": "de84c76339acba549fd4c05be0dafd875660a37254bfb8d6b64812b2a03c3ac7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-27353", "description": "SHA256 of 4192479b055b2b21cb7e6c803b765d34", "expiration": null, "is_active": 1 }, { "id": 431141125, "indicator": "df649cef1505653a2fc4361f1e2e34f7148b60c00e1cf663943d6e65b43ec421", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Stradatu", "description": "SHA256 of 00dbb9e1c09dbdafb360f3163ba5a3de", "expiration": null, "is_active": 1 }, { "id": 431162052, "indicator": "e0d38aa12eb358af304eba93ad8c0a6ade33aae74480368943657729fc6c1213", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Pingbed.A", "description": "SHA256 of 54d5d171a482278cc8eacf08d9175fd7", "expiration": null, "is_active": 1 }, { "id": 431139995, "indicator": "e420b42c5a34bc32a43ff9264dc2a110cb6efcd430df1208cc5837e0c5df81e1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA256 of 0d0240672a314a7547d328f824642da8", "expiration": null, "is_active": 1 }, { "id": 431141327, "indicator": "e458031e9cee02dc4b7a9404d6dd3fcce5169ab13ca3e915357d45816af4e9f2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA256 of 4c6bddcca2695d6202df38708e14fc7e", "expiration": null, "is_active": 1 }, { "id": 427873778, "indicator": "e655fc36b76c1df15c237abf1e70da875a6680a4a2fcd5616f373b14757f2270", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 09531f851ef74a7238685fd287a395bd", "expiration": null, "is_active": 1 }, { "id": 431042023, "indicator": "e6a2b6355fd513a8ce24deef488ee3cc39f5d736915965875c54f81c19e52971", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dielel.A", "description": "SHA256 of 09d372e4259980ac95fdadf1846578d9", "expiration": null, "is_active": 1 }, { "id": 2592999871, "indicator": "e7ac03729bc141cfac40bd7dadba7abd3c714fb1715034b44e28cd5561336a3a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 13835f0d5aafbeda50560afc92c8b7b7", "expiration": null, "is_active": 1 }, { "id": 2593000060, "indicator": "e7cfe7169b058b460fd172b59e809779a98ca0f17e4202fd1f0df6795626fac4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-528266", "description": "SHA256 of 1e314c972075b8058099fd8759c11ce8", "expiration": null, "is_active": 1 }, { "id": 431138678, "indicator": "ec3a37a635c8ccd6c80c725f3808e21352872184fe4e9b1b96b4b6ed379fc85d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Jepesroot.A", "description": "SHA256 of 02c65973b6018f5d473d701b3e7508b2", "expiration": null, "is_active": 1 }, { "id": 2593005657, "indicator": "ec7091913a753578f7485f6c22b73457c47862443fd4fe62709471aea1c8614b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 4c9c9dbf388a8d81d8cfb4d3fc05f8e4", "expiration": null, "is_active": 1 }, { "id": 430172569, "indicator": "eec094bd3604a2fd84333113fbc0aee4fe394c5b74c7cc28216aa53d714d1bf3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA256 of 052ec04866e4a67f31845d656531830d", "expiration": null, "is_active": 1 }, { "id": 431161648, "indicator": "ef3b6b3060ef897724cea9ac2080b1201d08c9e6a0dad0ecf492c08441a4f604", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Namsoth.B", "description": "SHA256 of 17f5a2e0997b59449ca2120b20b5b7ce", "expiration": null, "is_active": 1 }, { "id": 427873772, "indicator": "f0f7a1997a1ad57ce62bd32ace27304a6b925af8b63513c8007181e8bb5da919", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 2479a9a50308cb72fcd5e4e18ef06468", "expiration": null, "is_active": 1 }, { "id": 431041912, "indicator": "f1a8310f1caecc51dae572e37747c06c1ad08fb221a768157963422643893c34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Dalbot.A", "description": "SHA256 of 1ea61a0945bde3c6f41e12bc01928d37", "expiration": null, "is_active": 1 }, { "id": 431139993, "indicator": "f27593fd1d391f9925230a1abc12b8f3791fc43ea980ecefa281147c1070b00d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Pingbed.A", "description": "SHA256 of 1a0c7e61bcc50d57b7bcf9d9af691de5", "expiration": null, "is_active": 1 }, { "id": 431141832, "indicator": "f3b82f2c80c2ea5496407200bab1cc04f3679b80c74608aa03bfae37e62f992e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Warood.B", "description": "SHA256 of 4c858a80df0d6de5d69824c9502b65cf", "expiration": null, "is_active": 1 }, { "id": 2593037906, "indicator": "f40ca2de6f1010a3cde815635cf5e1898095d97d27ca7b03abc9a76ab8a678ec", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Merong", "description": "SHA256 of 36d5c8fc4b14559f73b6136d85b94198", "expiration": null, "is_active": 1 }, { "id": 2593038137, "indicator": "f44e46804f9b34cc573b53cc3c2df1d741e160b4f0a54ac962eec92ac4a36010", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195570", "description": "SHA256 of 2bd02b41817d227058522cca40acd390", "expiration": null, "is_active": 1 }, { "id": 431135839, "indicator": "f682bdbd612c0215192be6c52f08f10c01e7af9a3136c2f67ec3e7ba563f565d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Ecltys.A", "description": "SHA256 of 0b506c6dde8d07f9eeb82fd01a6f97d4", "expiration": null, "is_active": 1 }, { "id": 431161600, "indicator": "f690b329b0c17e8f9f832dee6d57b644fb2c476877337661010461b0f2b1a6ea", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Muntsib.A", "description": "SHA256 of 097b5abb53a3d84fa9eabda02fef9e91", "expiration": null, "is_active": 1 }, { "id": 427873775, "indicator": "f6b5d52f3680c53839a1078e9a33ff6fa439af6cb9002cbbb227f3a3b831ed30", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of 15244d2321faa3a271ff0b1e5a23148f", "expiration": null, "is_active": 1 }, { "id": 431139263, "indicator": "f76dd93b10fc173eaf901ff1fb00ff8a9e1f31e3bd86e00ff773b244b54292c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of 3e69945e5865ccc861f69b24bc1166b6", "expiration": null, "is_active": 1 }, { "id": 431148060, "indicator": "f77e7138ed19455151ae35ebac34643b70694edbf4baeaa69ba4d901c51d08e1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Neporoot.A", "description": "SHA256 of 1f2eb7b090018d975e6d9b40868c94ca", "expiration": null, "is_active": 1 }, { "id": 2593062856, "indicator": "f79e4adc2cd11f9e44023cbdb827777a0c44af44bb19b494bef2d2d8e6e3be02", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-195573", "description": "SHA256 of 1415eb8519d13328091cc5c76a624e3d", "expiration": null, "is_active": 1 }, { "id": 2593063250, "indicator": "f7f97a9c180534e8184c006a0ef24a5609e84fcd33047151d987138bbbe96ddc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-30709", "description": "SHA256 of 12f25ce81596aeb19e75cc7ef08f3a38", "expiration": null, "is_active": 1 }, { "id": 431161017, "indicator": "f94eb96f380a47bac95cb453e690ca78ae9ae1d078fbe2a433635a63bb73785b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Govdi.A", "description": "SHA256 of 57f98d16ac439a11012860f88db21831", "expiration": null, "is_active": 1 }, { "id": 430172566, "indicator": "fc99a95e7c6a2417e4101e51e25fabb333928cf542517e6da4f761b352f7389e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Sluegot.D", "description": "SHA256 of 2f930d92dc5ebc9d53ad2a2b451ebf65", "expiration": null, "is_active": 1 }, { "id": 2593092952, "indicator": "ffaf09da6b9f31e8da677c351f73a0f53e326ba2ff2e59ff47d9814931463cb8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Downloader.133181-1", "description": "SHA256 of 4e551abcd14506092a0f8d54a45f3569", "expiration": null, "is_active": 1 }, { "id": 414656006, "indicator": "http://blog.gentilkiwi.com/mimikatz", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566931, "indicator": "26acec6e683b8df578ed02a41e0d030f50590491", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-57-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"001dd76872d80801692ff942308c64e6\" \n \t\t hash2= \"002325a0a67fded0381b5648d7fe9b8e\" \n \t\t hash3= \"00dbb9e1c09dbdafb360f3163ba5a3de\" \n \t\t hash4= \"0149b7bd7218aab4e257d28469fddb0d\" \n \t\t hash5= \"01e0dc079d4e33d8edd050c4900818da\" \n \t\t hash6= \"0285bd1fbdd70fd5165260a490564ac8\" \n \t\t hash7= \"02c65973b6018f5d473d701b3e7508b2\" \n \t\t hash8= \"034374db2d35cf9da6558f54cec8a455\" \n \t\t hash9= \"0496e3b17cf40c45f495188a368c203a\" \n \t\t hash10= \"052ec04866e4a67f31845d656531830d\" \n \t\t hash11= \"065e63afdfa539727f63af7530b22d2f\" \n \t\t hash12= \"079028d315d039da0ffec2728b2c9ef6\" \n \t\t hash13= \"0908d8b3e459551039bade50930e4c1b\" \n \t\t hash14= \"09531f851ef74a7238685fd287a395bd\" \n \t\t hash15= \"097b5abb53a3d84fa9eabda02fef9e91\" \n \t\t hash16= \"09d372e4259980ac95fdadf1846578d9\" \n \t\t hash17= \"0b506c6dde8d07f9eeb82fd01a6f97d4\" \n \t\t hash18= \"0b680e7bd5c0501d5dd73164122a7faf\" \n \t\t hash19= \"0c28ad34f90950bc784339ec9f50d288\" \n \t\t hash20= \"0c5e9f564115bfcbee66377a829de55f\" \n \t\t hash21= \"0ca6e2ad69826c8e3287fc8576112814\" \n \t\t hash22= \"0cad42671e5771574df44a23b3634f32\" \n \t\t hash23= \"0cf9e999c574ec89595263446978dc9f\" \n \t\t hash24= \"0d0240672a314a7547d328f824642da8\" \n \t\t hash25= \"0dd3677594632ce270bcf8af94819caf\" \n \t\t hash26= \"0f23d5b93c30681655d8a4258b8de129\" \n \t\t hash27= \"0ff20d023d6b54661d66fb3ce09afe3c\" \n \t\t hash28= \"106338ad223b84fbc2528a55e3e22302\" \n \t\t hash29= \"11504971bb85cdacb8ef7d45e6e2aeb7\" \n \t\t hash30= \"120c2e085992ff59a21ba401ec29fec9\" \n \t\t hash31= \"123505024f9e5ff74cb6aa67d7fcc392\" \n \t\t hash32= \"12f25ce81596aeb19e75cc7ef08f3a38\" \n \t\t hash33= \"1328eaceb140a3863951d18661b097af\" \n \t\t hash34= \"13835f0d5aafbeda50560afc92c8b7b7\" \n \t\t hash35= \"13f0b56c28995e4efc8da784ad862853\" \n \t\t hash36= \"1415eb8519d13328091cc5c76a624e3d\" \n \t\t hash37= \"150c4c1f589c4baa794160276a3d4aba\" \n \t\t hash38= \"15244d2321faa3a271ff0b1e5a23148f\" \n \t\t hash39= \"15901ddbccc5e9e0579fc5b42f754fe8\" \n \t\t hash40= \"165ef79e7caa806f13f82cc2bbf3dedd\" \n \t\t hash41= \"17199ddac616938f383a0339f416c890\" \n \t\t hash42= \"173cd315008897e56fa812f2b2843f83\" \n \t\t hash43= \"17f5a2e0997b59449ca2120b20b5b7ce\" \n \t\t hash44= \"1a0c7e61bcc50d57b7bcf9d9af691de5\" \n \t\t hash45= \"1c16bd1488163c03cd506c2f71486a0f\" \n \t\t hash46= \"1ca3ca9ec20474d07fc798f2b41e2625\" \n \t\t hash47= \"1ce4605e771a04e375e0d1083f183e8e\" \n \t\t hash48= \"1e314c972075b8058099fd8759c11ce8\" \n \t\t hash49= \"1e5ec6c06e4f6bb958dcbb9fc636009d\" \n \t\t hash50= \"1ea61a0945bde3c6f41e12bc01928d37\" \n \t\t hash51= \"1ede2c69d50e0efbe23f758d902216e0\" \n \t\t hash52= \"1f2eb7b090018d975e6d9b40868c94ca\" \n \t\t hash53= \"1f92ff8711716ca795fbd81c477e45f5\" \n \t\t hash54= \"1f9b32bac55ba4c015181ebf55767752\" \n \t\t hash55= \"1fb4ce2e56ced51ddf1edff8ed15c21b\" \n \t\t hash56= \"225e33508861984dd2a774760bfdfc52\" \n \t\t hash57= \"23059de2797774bbdd9b21f979aaec51\" \n \t\t hash58= \"24259ae8b0018b0ce9992fb1d9b69e2a\" \n \t\t hash59= \"2479a9a50308cb72fcd5e4e18ef06468\" \n \t\t hash60= \"255cd53f9bdb6f3755e621885cb34382\" \n \t\t hash61= \"268988aa1df82ab073f527b5b6c8bff7\" \n \t\t hash62= \"268eef019bf65b2987e945afaf29643f\" \n \t\t hash63= \"270d42f292105951ee81e4085ea45054\" \n \t\t hash64= \"277964807a66aeeb6bd81dbfcaa3e4e6\" \n \t\t hash65= \"28dbd86bd86eb9153ecb20d883c41ae0\" \n \t\t hash66= \"29c691978af80dc23c4df96b5f6076bb\" \n \t\t hash67= \"2b659d71ae168e774faaf38db30f4a84\" \n \t\t hash68= \"2ba0d0083976a5c1e3315413cdcffcd2\" \n \t\t hash69= \"2bd02b41817d227058522cca40acd390\" \n \t\t hash70= \"2bdc196cdac4478ae325c94bab433732\" \n \t\t hash71= \"2c49f47c98203b110799ab622265f4ef\" \n \t\t hash72= \"2daa4a4574ba06aa3203ae0e0b45b3b8\" \n \t\t hash73= \"2dd892986b2249b5214639ecc8ac0223\" \n \t\t hash74= \"2f930d92dc5ebc9d53ad2a2b451ebf65\" \n \t\t hash75= \"2fccaa39533de02490b1c6395878dd79\" \n \t\t hash76= \"30a7aa13b1f8d272cb36576952e8b6c0\" \n \t\t hash77= \"30e78d186b27d2023a2a7319bb679c3f\" \n \t\t hash78= \"3107de21e480ab1f2d67725f419b28d0\" \n \t\t hash79= \"3120fc8630c5252002f26f6e11b09eca\" \n \t\t hash80= \"31e5e58dbdfad05175613e795298ebb5\" \n \t\t hash81= \"321d75c9990408db812e5a248a74f8c8\" \n \t\t hash82= \"3364813bcbd111fc5ec1e4265c533506\" \n \t\t hash83= \"338782d2df367156a2c7e12e9526c600\" \n \t\t hash84= \"33de5067a433a6ec5c328067dc18ec37\" \n \t\t hash85= \"341f5e7215826d07ada1ed2b96264c0d\" \n \t\t hash86= \"36c0d3f109aede4d76b05431f8a64f9e\" \n \t\t hash87= \"36cd49ad631e99125a3bb2786e405cea\" \n \t\t hash88= \"36d5c8fc4b14559f73b6136d85b94198\" \n \t\t hash89= \"37cf3f25895c27ca5e647bbfdc1d5b2d\" \n \t\t hash90= \"37ddd3d72ead03c7518f5d47650c8572\" \n \t\t hash91= \"37eee514b04167f8e17e2caa3bfd3049\" \n \t\t hash92= \"390d1f2a620912104f53c034c8aef14b\" \n \t\t hash93= \"39e28f48c138dc156d1436fd02222e45\" \n \t\t hash94= \"3a45d4bfd1f919f167ce4a5e5ba00e15\" \n \t\t hash95= \"3b1b190407b868406c5c155a79f3d146\" \n \t\t hash96= \"3c1b2fabb7d74bc5be0820eae4107f8a\" \n \t\t hash97= \"3c4066b252722c873348d43b4c3ec0e5\" \n \t\t hash98= \"3d0c1dc5ac55f6d0e6b7fabfeb5158f5\" \n \t\t hash99= \"3de1bd0f2107198931177b2b23877df4\" \n \t\t hash100= \"3de60420845a582b0e44081b1138a7e4\" \n \t\t hash101= \"3e69945e5865ccc861f69b24bc1166b6\" \n \t\t hash102= \"3e6ed3ee47bce9946e2541332cb34c69\" \n \t\t hash103= \"3e87051b1dc3463f378c7e1fe398dc7d\" \n \t\t hash104= \"3f243b304358041fb163007e0c066d4a\" \n \t\t hash105= \"3f8682ab074a097ebbaadbf26dfff560\" \n \t\t hash106= \"3fb8f4cdcb4d1d48be2e473fd8727239\" \n \t\t hash107= \"3fc26910f9c31bd9ba3ccb09132d9ca3\" \n \t\t hash108= \"4192479b055b2b21cb7e6c803b765d34\" \n \t\t hash109= \"41a5d40ecc735172b18b61e01a30a178\" \n \t\t hash110= \"41bb847963a8fce70ad21e70dd786107\" \n \t\t hash111= \"435991e0c67f0c0b4504355b6d4493f0\" \n \t\t hash112= \"438983192903f3fecf77500a39459ee6\" \n \t\t hash113= \"43b844c35e1a933e9214588be81ce772\" \n \t\t hash114= \"44066f29aab6a9379f8dd30f6bec257d\" \n \t\t hash115= \"468ff2c12cffc7e5b2fe0ee6bb3b239e\" \n \t\t hash116= \"46c36c11238100e155f6d418332869ea\" \n \t\t hash117= \"471005f73280264c48f769e1c21fbcc1\" \n \t\t hash118= \"476fea8761a03bef16e322996c2f6666\" \n \t\t hash119= \"47e7f92419eb4b98ff4124c3ca11b738\" \n \t\t hash120= \"4a54d7878d4170c3d4e3c3606365c42c\" \n \t\t hash121= \"4b19a2a6d40a5825e868c6ef25ae445e\" \n \t\t hash122= \"4c6bddcca2695d6202df38708e14fc7e\" \n \t\t hash123= \"4c858a80df0d6de5d69824c9502b65cf\" \n \t\t hash124= \"4c9c9dbf388a8d81d8cfb4d3fc05f8e4\" \n \t\t hash125= \"4cabfaef26fd8e5aec01d0c4b90a32f3\" \n \t\t hash126= \"4e551abcd14506092a0f8d54a45f3569\" \n \t\t hash127= \"4f763b07a7b8a80f1f9408e590f79532\" \n \t\t hash128= \"50f35b7c86aede891a72fcb85f06b0b7\" \n \t\t hash129= \"5100f0a34695c4c9dc7e915177041cad\" \n \t\t hash130= \"51326bf40da5a5357a143dd9a6e6a11c\" \n \t\t hash131= \"51ce169debea41314f591290839fd55f\" \n \t\t hash132= \"522d32a505f78f09303e689999a3e461\" \n \t\t hash133= \"523cf1c9741f5f9d11388a58de6a83a4\" \n \t\t hash134= \"523f56515221161579ee6090c962e5b1\" \n \t\t hash135= \"53b263dd41838aa178a5ced338a207f3\" \n \t\t hash136= \"543c283d691939d99667e22bcb7be610\" \n \t\t hash137= \"543e03cc5872e9ed870b2d64363f518b\" \n \t\t hash138= \"54d5d171a482278cc8eacf08d9175fd7\" \n \t\t hash139= \"55886d571c2a57984ea9659b57e1c63a\" \n \t\t hash140= \"55fb1409170c91740359d1d96364f17b\" \n \t\t hash141= \"56de2854ef64d869b5df7af5e4effe3e\" \n \t\t hash142= \"57326cd78a56d26e349bbd4bcc5b9fa2\" \n \t\t hash143= \"575836ebb1b8849f04e994e9160370e4\" \n \t\t hash144= \"57e79f7df13c0cb01910d0c688fcd296\" \n \t\t hash145= \"57f98d16ac439a11012860f88db21831\" \n \t\t hash146= \"580a4c05982accc678a72c366b45815d\" \n \t\t hash147= \"585691777080b419b523938edd3ba2d6\" \n \t\t hash148= \"58b020fd3bc0d34e8c4eaf0a3f3135af\" \n \t\t hash149= \"5a728cb9ce56763dccb32b5298d0f050\" \n \t\t hash150= \"5aeaa53340a281074fcb539967438e3f\" \n \t\t hash151= \"5bcaa2f4bc7567f6ffd5507a161e221a\" \n \t\t hash152= \"5bd5a22d42c04db7ac1343a2a9f471fe\" \n \t\t hash153= \"5c4806b5859b35a3df03763e9c7ecbf6\" \n \t\t hash154= \"5c6f30cc369cd164d44941d381e282cc\" \n \t\t hash155= \"5cd578614afb50b925008b68b3accdb9\" \n \t\t hash156= \"5cf0959687427850a92d7f69edd41b86\" \n \t\t hash157= \"5d8129be965fab8115eca34fc84bd7f0\" \n \t\t hash158= \"5e42780f52763c77d592044e535e4b01\" \n \t\t hash159= \"5e686bd284022e35559a9c6118df8f1e\" \n \t\t hash160= \"5f837bbfd3b458321070e2aebca4ec46\" \n \t\t hash161= \"5ff3269faca4a67d1a4c537154aaad4b\" \n \t\t hash162= \"605c1dc91a5c85024160ce78dfac842d\" \n \t\t hash163= \"611c8f862864af818202865b78ad7ca8\" \n \t\t hash164= \"620c6a6cff832e35090487680123f52b\" \n \t\t hash165= \"62a35021454e17f4a913e577d7ecd22f\" \n \t\t hash166= \"6377ec0c87f4ec1e7897751dd85d73d4\" \n \t\t hash167= \"6461ea41f179e660c40ed65aee1a4a2d\" \n \t\t hash168= \"649d54bc9eef5a60a4b9d8b889fee139\" \n \t\t hash169= \"65018cd542145a3792ba09985734c12a\" \n \t\t hash170= \"650a6fca433ee243391e4b4c11f09438\" \n \t\t hash171= \"6510cee34da30c7ef5e5e39980402257\" \n \t\t hash172= \"6570163cd34454b3d1476c134d44b9d9\" \n \t\t hash173= \"6576c196385407b0f7f4b1b537d88983\" \n \t\t hash174= \"66c287675cd4c7172590f71181e723a8\" \n \t\t hash175= \"67504a0c2c2bf47efccdab5ca981ad7d\" \n \t\t hash176= \"6808ec6dbb23f0fa7637c108f44c5c80\" \n \t\t hash177= \"689dcd40d5eae8c0d315265f3d90ffae\" \n \t\t hash178= \"68c67a6e26855ebc2569d67689c69a6e\" \n \t\t hash179= \"69dc1e1ee273e531e91c60eb86396cc8\" \n \t\t hash180= \"6a4fbcfb44717eae2145c761c1c99b6a\" \n \t\t hash181= \"6b3d19cc86d82b06f5db3ae9d5ba8a5f\" \n \t\t hash182= \"6bf8f1f99ac5bba0db1b66518df378a4\" \n \t\t hash183= \"6c5c5e4049265fffc87973f3e4978b26\" \n \t\t hash184= \"6c65c697bcff935484a5cd2e7dd2e7d2\" \n \t\t hash185= \"6d2320af561b2315c1241e3efd86067f\" \n \t\t hash186= \"6deae79fc82df523ba99852266a33f9e\" \n \t\t hash187= \"6e44", "title": "", "description": "APTMalware_APT_1 Group", "expiration": null, "is_active": 1 }, { "id": 122076148, "indicator": "blog.gentilkiwi.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183439, "indicator": "2ac8f77548e87b401767c7076adfa00d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183472, "indicator": "677f7c42f79a0a58760056529739fdd6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183413, "indicator": "81d92e20f3078bd8e43b226308393e43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183420, "indicator": "852f562812305ad099372109f8e8b189", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183394, "indicator": "89bfd463ca76b62c61a548778316567d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566932, "indicator": "9d22897b05261ad66645887b094a43c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183455, "indicator": "b990752f8266d7648070bea7e24d326f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183463, "indicator": "d218706eb07f2722ae4e0106cce27d52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183373, "indicator": "d687cfde1c4ea77de1b92ea2f9e90ad5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183403, "indicator": "d80c29813bfbc3cbcbd469249d49ebf3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183400, "indicator": "e5b1ffd2ecd7e610d07d093d65639da9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183452, "indicator": "eb5761c410b5139f23235e9b67964495", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 183415, "indicator": "f3c5c20f5c45fc401484caf72753d778", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360566933, "indicator": "0ed01c2424e6fbfa6650d1c4ffd22b68bb19f9a5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of e5b1ffd2ecd7e610d07d093d65639da9\nSHA1 of e5b1ffd2ecd7e610d07d093d65639da9", "expiration": null, "is_active": 1 }, { "id": 3360566934, "indicator": "1a45623722aa731c2e3628e17af0bd682ac8c318", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 2ac8f77548e87b401767c7076adfa00d", "expiration": null, "is_active": 1 }, { "id": 3360566935, "indicator": "5573481f54a2d7b9d31bae949e3226a20e925cf2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of d687cfde1c4ea77de1b92ea2f9e90ad5", "expiration": null, "is_active": 1 }, { "id": 3360566936, "indicator": "5ba8d0e1c1018b6d423607f66f6356d5c4f22a9c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 81d92e20f3078bd8e43b226308393e43", "expiration": null, "is_active": 1 }, { "id": 3360566937, "indicator": "b435b52022792fc9ce23f71024edf05a8357476f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of d218706eb07f2722ae4e0106cce27d52", "expiration": null, "is_active": 1 }, { "id": 1530794239, "indicator": "b714a2ce92e01f9e63825ba1562988b0eb8b3a90", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of d80c29813bfbc3cbcbd469249d49ebf3", "expiration": null, "is_active": 1 }, { "id": 3360566938, "indicator": "c05b90eb5caf8c2dca610b6f7253fe58b5c4a6a3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 677f7c42f79a0a58760056529739fdd6", "expiration": null, "is_active": 1 }, { "id": 3360566939, "indicator": "c177b6298e37b6f541d748b7e988de5d2b2c95e1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 89bfd463ca76b62c61a548778316567d", "expiration": null, "is_active": 1 }, { "id": 3360566940, "indicator": "cc221465dac981f4934fef39d41ddb2e1d26299f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of b990752f8266d7648070bea7e24d326f", "expiration": null, "is_active": 1 }, { "id": 3360566941, "indicator": "dc63b4b9ee2f8486b96ce62be4a31e041d422ef7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 9d22897b05261ad66645887b094a43c7", "expiration": null, "is_active": 1 }, { "id": 2879524658, "indicator": "e4a4beef0763e2da20ac40b639a3cd1c9ae60309", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of f3c5c20f5c45fc401484caf72753d778", "expiration": null, "is_active": 1 }, { "id": 3360566942, "indicator": "f067c64bfcfc1c7883497618521e53206cfaa6e0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of 852f562812305ad099372109f8e8b189", "expiration": null, "is_active": 1 }, { "id": 3360567049, "indicator": "f3a4965c170f2724b3686fbdc37aff27d24927f0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA1 of eb5761c410b5139f23235e9b67964495", "expiration": null, "is_active": 1 }, { "id": 3360567050, "indicator": "066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of e5b1ffd2ecd7e610d07d093d65639da9\nSHA256 of e5b1ffd2ecd7e610d07d093d65639da9", "expiration": null, "is_active": 1 }, { "id": 3360567051, "indicator": "07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 677f7c42f79a0a58760056529739fdd6", "expiration": null, "is_active": 1 }, { "id": 3360567052, "indicator": "10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of d687cfde1c4ea77de1b92ea2f9e90ad5", "expiration": null, "is_active": 1 }, { "id": 2879524655, "indicator": "2cb5ac355310c95b3792acd173bcaa0081219646d2951cc0a3e056d5152e4a5d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of f3c5c20f5c45fc401484caf72753d778", "expiration": null, "is_active": 1 }, { "id": 3360567053, "indicator": "5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of b990752f8266d7648070bea7e24d326f", "expiration": null, "is_active": 1 }, { "id": 1530795239, "indicator": "89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of d80c29813bfbc3cbcbd469249d49ebf3", "expiration": null, "is_active": 1 }, { "id": 3360567054, "indicator": "c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 89bfd463ca76b62c61a548778316567d", "expiration": null, "is_active": 1 }, { "id": 431163030, "indicator": "c4054c514f0c58bcff456114768723b257013c49eba9ca61e395484e81e01d19", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 2ac8f77548e87b401767c7076adfa00d", "expiration": null, "is_active": 1 }, { "id": 3360567055, "indicator": "d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of eb5761c410b5139f23235e9b67964495", "expiration": null, "is_active": 1 }, { "id": 3360567056, "indicator": "e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 81d92e20f3078bd8e43b226308393e43", "expiration": null, "is_active": 1 }, { "id": 2892579338, "indicator": "e547e8a8bc27d65dca92bc861be82e1c94b9c9aca8a2b75381e9b16e4ad89600", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 9d22897b05261ad66645887b094a43c7", "expiration": null, "is_active": 1 }, { "id": 3360567057, "indicator": "ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of 852f562812305ad099372109f8e8b189", "expiration": null, "is_active": 1 }, { "id": 2788227009, "indicator": "feca8db35c0c0a901556eff447c38614d14a7140496963df2e613b206527b338", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Travnet", "description": "SHA256 of d218706eb07f2722ae4e0106cce27d52", "expiration": null, "is_active": 1 }, { "id": 183389, "indicator": "01d06f85fce63444c3563fe3bd20c004", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635272, "indicator": "024baaaa8247f1d06a6f803a2226efc4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183429, "indicator": "03e8d330abc77a6a9d635d2e7c0e213a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183423, "indicator": "059a7482efee3b2abf67c12d210cb2f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "", "expiration": null, "is_active": 1 }, { "id": 183427, "indicator": "08e5352a2416bd32a1c07f2d6c2f11fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "", "expiration": null, "is_active": 1 }, { "id": 183457, "indicator": "0e2b10015fe52b7ea77a213f0c330557", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:ShellCode\\ [Expl]", "description": "", "expiration": null, "is_active": 1 }, { "id": 183421, "indicator": "13b3cb819b460591c27e133e93fb8661", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2580383404, "indicator": "15e8a1c4d5021e76f933cb1bc895b9c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183426, "indicator": "19a0693480c82f2b7fc8659d8f91717a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "", "expiration": null, "is_active": 1 }, { "id": 183417, "indicator": "1a70e1e36e6afa454f6457140ac3d2ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635276, "indicator": "1b3cafb71e8e1ccd13bcbe79e3d5c05c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183409, "indicator": "1dcad7c8f56207b2c423353f0c328755", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183446, "indicator": "1f26e5f9b44c28b37b6cd13283838366", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183382, "indicator": "22be9cca6e4ec3af327595b890a92fec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183401, "indicator": "28e9faec9de3bbdeb65435bfc377d1f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183447, "indicator": "294da087e6329ae78c1a5fb42b999500", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 183410, "indicator": "29a394a4ec8a30b5f36c7b874fc9fe10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183473, "indicator": "29a420e52b56bfadf9f0701318524bef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "", "expiration": null, "is_active": 1 }, { "id": 183398, "indicator": "2a43c23a17cd2bc9074a486c47444e7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "", "expiration": null, "is_active": 1 }, { "id": 183470, "indicator": "2d0e4748d857c12184ed2c94c13ec1ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183451, "indicator": "2dc139d82a2a5bf027bcb6a40f75b3f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635266, "indicator": "31413f6a097a9e07722d122ecdb62f79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183449, "indicator": "33334d8dc36c4ee7739fe2f8b448da72", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183422, "indicator": "36ed86602661bb3a7a55e69fde90ee73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "", "expiration": null, "is_active": 1 }, { "id": 149966, "indicator": "382c1d692dd3cec9b046e5c0eeaf92e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183399, "indicator": "39c2b2ee24373bf1ef20faff958718bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183396, "indicator": "3b4cf5f1ff8c4187e41c6ab80f000491", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183441, "indicator": "3cb96fe79aa01c82ac68c54e88918e57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635264, "indicator": "45782441c73fa949495ffafdb8f9bb62", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183377, "indicator": "4968882f189236952fd38a11586b395a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183433, "indicator": "4c8950da250ea135ee77a2644af414ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183454, "indicator": "524aed944b7f307eea5677eda7e2079a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183442, "indicator": "57f2374d9f2a787339b0c6a5b1008a72", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "", "expiration": null, "is_active": 1 }, { "id": 183418, "indicator": "5e35b31472a2e603a995198d8e8411ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "", "expiration": null, "is_active": 1 }, { "id": 183375, "indicator": "5e7c5e8d9f5864488ddf04b662d1ad8e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "", "expiration": null, "is_active": 1 }, { "id": 183459, "indicator": "63494c74db9bfc2bba3983698c952de9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183466, "indicator": "63f0f91e3ccf5dd00a455d3038a299f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183432, "indicator": "66684b8b82fb5318a41ab7e6abb8dd42", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183411, "indicator": "6afeec03c8f4bc78fa2b3ad27392b0e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183437, "indicator": "6d00e4f95fba02126b32bb74dc4fec55", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183405, "indicator": "6d49cdbade7541d46be3fb47a0f563bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183386, "indicator": "6de813a22b2b73e330085ec7c85e041b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183393, "indicator": "6eb5932b0ed20f11f1a887bcfbdde10f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-BB\\ [Expl]", "description": "", "expiration": null, "is_active": 1 }, { "id": 183444, "indicator": "71f311a648348e7598eb55ab7618842c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183461, "indicator": "723129912a2d0fb4aede7100071787ef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Travnet-B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183436, "indicator": "778c1764dd5c36c1eb96c49a8f8441e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183469, "indicator": "7b92e9d21bc4db838bc102b289f4fd5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183392, "indicator": "81591ae1c975b8a0b5ad5546a103992c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1316973", "description": "", "expiration": null, "is_active": 1 }, { "id": 183471, "indicator": "83429db9cc63196bf42c691cc09b7b84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183372, "indicator": "85865e048183849b255c92e609a5fa25", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183388, "indicator": "8d3036a65ac2404d4562cdb927fd3d2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183467, "indicator": "8d78a9e3df1e19f9520f2bbb5f04cb54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183378, "indicator": "8dc61b737990385473dca9bfc826727b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183440, "indicator": "95113e04af14c23df607964fa9d83476", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183419, "indicator": "9b198f1e260700bdcb4740266cd35b3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183402, "indicator": "9c1c2825532b25e266d62db50952ab44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183385, "indicator": "9c544da8c23826379d60581cce17a483", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183412, "indicator": "a0e350787e4134ea91ccb26d17cdf167", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183406, "indicator": "a1169fb2eb93616ced7536a53fb05648", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635268, "indicator": "a4571b830569d85c0f7d07297219bde9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635278, "indicator": "a6777d7632039897a4a7abebb887cba0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183435, "indicator": "a6d89df2a80675980fb3e4a9bcc162e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183443, "indicator": "a77456a160890a26a8f7c019c2e77021", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635274, "indicator": "a93c47161adc1645e2018e5d03cbd104", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635262, "indicator": "aa5a1cd27c964bc229156a521fbd6a4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183424, "indicator": "aa6f8eff83aea3ff7b8f016e67f74dac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183450, "indicator": "af6649323daf6dbd3aef1b950588487c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635270, "indicator": "af8a9d91f30566b2ed77617a045761ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183391, "indicator": "b3840ec1299517dacd6c18c71ff5bafc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183462, "indicator": "b600089a93275fa93558695b707b87ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183448, "indicator": "b8c99bc028a0a32288d858df7bf6bec1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183438, "indicator": "ba026e6190aee2c64ef62a4e79419bcf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183474, "indicator": "c87e8a3ceefd93c7e431b753801c6bb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183390, "indicator": "cb9cc50b18a7c91cf4a34c624b90db5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183431, "indicator": "cebaaad59f1616698dec4f14d76b4c9a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183445, "indicator": "d04a7f30c83290b86cac8d762dcc2df5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183414, "indicator": "d286c4cdf40e2dae5362eff562bccd3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 183404, "indicator": "d354b71116961cad955ed11cb938ca32", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183381, "indicator": "d9cf41b5d11e42dabf9470964d09c000", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "", "expiration": null, "is_active": 1 }, { "id": 183430, "indicator": "db6e36f962fdb58c8e9f8f9a781fda66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183395, "indicator": "dc01df3c40cb4fb0bef448693475ea1b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183379, "indicator": "def612ad0554006378f185d3b56efb57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183468, "indicator": "e51a4cc0272a98e9eddfec16667603f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 183380, "indicator": "e5954b8204eb321d20bed4a86b3cef34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "cf_rtf_actor_cve_2012_0158_tnauthor_john_doe", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593635260, "indicator": "e7f1589362f77d770063922b068e47aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183408, "indicator": "eefc66a1e978dc9d825f28702106d4d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183384, "indicator": "efa23860086c5d12d3e6b918073c717f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150589, "indicator": "f4f14d4a1e34f62eeb9a90b5c8b2cfc1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-CB\\ [Expl]", "description": "", "expiration": null, "is_active": 1 }, { "id": 183434, "indicator": "fad8f37c9bd5420f49cfd5960a60fa24", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183374, "indicator": "fb3495715764cdaa547f2b040c0a9b1f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183387, "indicator": "fc3853c2383e2fbb2af381fd1277504d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183465, "indicator": "fe16c30782e2b16b07d5a3a1cf9dfb8f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 183407, "indicator": "ff04126a5d61a10c81bfd0a6d0a643d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 2821637348, "indicator": "029d9f3419edcc3b0722842e36e73a8d7095f3ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "SHA1 of e51a4cc0272a98e9eddfec16667603f4", "expiration": null, "is_active": 1 }, { "id": 3360567131, "indicator": "02a0b7d46783bc22e280674bac34c379c5521f54", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:ShellCode\\ [Expl]", "description": "SHA1 of 0e2b10015fe52b7ea77a213f0c330557", "expiration": null, "is_active": 1 }, { "id": 3360567132, "indicator": "0a9e8ca0be532856ed81078d729bbbcf049abcf6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 83429db9cc63196bf42c691cc09b7b84", "expiration": null, "is_active": 1 }, { "id": 3360567133, "indicator": "0aa3a3e0c80029a80227b86258f3ddde92c93b35", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 39c2b2ee24373bf1ef20faff958718bc", "expiration": null, "is_active": 1 }, { "id": 3360567134, "indicator": "0d5b1d697a2e84b8b60575f63ed62bc0388f6de0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of 33334d8dc36c4ee7739fe2f8b448da72", "expiration": null, "is_active": 1 }, { "id": 2489999570, "indicator": "13285aa6bc212fbac25ccad83902966027b2931c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 29a394a4ec8a30b5f36c7b874fc9fe10", "expiration": null, "is_active": 1 }, { "id": 1593635267, "indicator": "135e0e646a8ca2aa08283f85690d0fae654c085f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a4571b830569d85c0f7d07297219bde9\nSHA1 of a4571b830569d85c0f7d07297219bde9", "expiration": null, "is_active": 1 }, { "id": 1593635277, "indicator": "13df492660de3497d11808e1160463437c20c7c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a6777d7632039897a4a7abebb887cba0", "expiration": null, "is_active": 1 }, { "id": 2929630000, "indicator": "19b5b5accfd5e7485d2949ced1846ca581dad022", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 28e9faec9de3bbdeb65435bfc377d1f8", "expiration": null, "is_active": 1 }, { "id": 1593596432, "indicator": "19b9133e860fcebb612c45c1d16c5aaa37a6c8a1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 3cb96fe79aa01c82ac68c54e88918e57", "expiration": null, "is_active": 1 }, { "id": 3360567135, "indicator": "1e9838e98b25619d9680854a6bd2418e044e52e5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 4968882f189236952fd38a11586b395a", "expiration": null, "is_active": 1 }, { "id": 1593635273, "indicator": "24cd712a744b4b290341417fe2fcde0bdbacd18a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a93c47161adc1645e2018e5d03cbd104", "expiration": null, "is_active": 1 }, { "id": 3016872, "indicator": "25ac3098261df8aa09449a9a4c445c91321352af", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of d286c4cdf40e2dae5362eff562bccd3a", "expiration": null, "is_active": 1 }, { "id": 3360567136, "indicator": "272b94c4d1d30dc9478675dd3df4a38029c1113e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "SHA1 of 1f26e5f9b44c28b37b6cd13283838366", "expiration": null, "is_active": 1 }, { "id": 3360567137, "indicator": "33157a630a00078ac106f05ebd90feb1e61fb46d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 13b3cb819b460591c27e133e93fb8661\nSHA1 of 13b3cb819b460591c27e133e93fb8661", "expiration": null, "is_active": 1 }, { "id": 3360567138, "indicator": "469c3600fa75684f6367b13ebcd54f0c4a0db5ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "SHA1 of 5e35b31472a2e603a995198d8e8411ed\nSHA1 of 5e35b31472a2e603a995198d8e8411ed", "expiration": null, "is_active": 1 }, { "id": 3360567139, "indicator": "53549df8a3a3115e316c5c34a79ceb8ca1b61b5b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 2dc139d82a2a5bf027bcb6a40f75b3f4", "expiration": null, "is_active": 1 }, { "id": 3360567140, "indicator": "547b526aecaabbe75f510cfa20a538f60c32a2e2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA1 of 059a7482efee3b2abf67c12d210cb2f7\nSHA1 of 059a7482efee3b2abf67c12d210cb2f7", "expiration": null, "is_active": 1 }, { "id": 1593635275, "indicator": "5cb432180a440b67f0493654514e8378014baad9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1b3cafb71e8e1ccd13bcbe79e3d5c05c", "expiration": null, "is_active": 1 }, { "id": 2490022079, "indicator": "64eb5997e77b20c1dc99ada42d0fd80db37e64ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 2d0e4748d857c12184ed2c94c13ec1ae", "expiration": null, "is_active": 1 }, { "id": 1593635261, "indicator": "65335358fab48ab899c29dc488a47aeb97ce607c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of aa5a1cd27c964bc229156a521fbd6a4b\nSHA1 of aa5a1cd27c964bc229156a521fbd6a4b", "expiration": null, "is_active": 1 }, { "id": 1593635265, "indicator": "68507a30c659d2b3f165b9450b6776c58c8f3a23", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 31413f6a097a9e07722d122ecdb62f79\nSHA1 of 31413f6a097a9e07722d122ecdb62f79", "expiration": null, "is_active": 1 }, { "id": 3360567141, "indicator": "69181a699e7994a4a09a2f9603be9d158c9de163", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA1 of 29a420e52b56bfadf9f0701318524bef", "expiration": null, "is_active": 1 }, { "id": 1593635271, "indicator": "6a5082d6b5eb17b832be4a71284a4e1efc7054e1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 024baaaa8247f1d06a6f803a2226efc4", "expiration": null, "is_active": 1 }, { "id": 3360567142, "indicator": "75a8054ee4939564fb90ccc654f0cfa9afe062c7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA1 of 08e5352a2416bd32a1c07f2d6c2f11fa", "expiration": null, "is_active": 1 }, { "id": 3360567143, "indicator": "84068ec5e2f11f8fe80ac91f04fed2493c97243d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of 5e7c5e8d9f5864488ddf04b662d1ad8e\nSHA1 of 5e7c5e8d9f5864488ddf04b662d1ad8e", "expiration": null, "is_active": 1 }, { "id": 3360567144, "indicator": "84c03fc6ee4f758fa6ffeed8ae564e83280ad5c9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of d04a7f30c83290b86cac8d762dcc2df5", "expiration": null, "is_active": 1 }, { "id": 3360567145, "indicator": "853c94da9a70900281a4345dab7c43812a467609", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of 1a70e1e36e6afa454f6457140ac3d2ec\nSHA1 of 1a70e1e36e6afa454f6457140ac3d2ec", "expiration": null, "is_active": 1 }, { "id": 3360567146, "indicator": "9056e27da701674bf112704308dd7b6815117d68", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 382c1d692dd3cec9b046e5c0eeaf92e6\nSHA1 of 382c1d692dd3cec9b046e5c0eeaf92e6", "expiration": null, "is_active": 1 }, { "id": 3360567147, "indicator": "9ec5a495a7951c53b35b4e8dc732df87067802db", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 22be9cca6e4ec3af327595b890a92fec\nSHA1 of 22be9cca6e4ec3af327595b890a92fec", "expiration": null, "is_active": 1 }, { "id": 1593635269, "indicator": "a047912dfb7c811d9f0c72d662eb081206fad322", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of af8a9d91f30566b2ed77617a045761ba", "expiration": null, "is_active": 1 }, { "id": 3360567148, "indicator": "a0767a4ecdd41ea1ed5724b262cce46e182f202b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA1 of 36ed86602661bb3a7a55e69fde90ee73", "expiration": null, "is_active": 1 }, { "id": 3360567149, "indicator": "a250219f92f939690ba97c63069348a5473db0f4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of 3b4cf5f1ff8c4187e41c6ab80f000491", "expiration": null, "is_active": 1 }, { "id": 2929630007, "indicator": "a261f0d651a05fdcf97c0e35326c0d7bace137ef", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 4c8950da250ea135ee77a2644af414ba", "expiration": null, "is_active": 1 }, { "id": 1593635263, "indicator": "a617e7da200fff238fcb0e61409ef18e6888f189", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 45782441c73fa949495ffafdb8f9bb62", "expiration": null, "is_active": 1 }, { "id": 2879932591, "indicator": "a81ba37cce6201f5ad4d256c1eac55976cbdb5ac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of dc01df3c40cb4fb0bef448693475ea1b\nSHA1 of dc01df3c40cb4fb0bef448693475ea1b", "expiration": null, "is_active": 1 }, { "id": 3360567150, "indicator": "aa373ddb5ab2bcd488fc19b4c28b2e837ce95751", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA1 of 2a43c23a17cd2bc9074a486c47444e7c", "expiration": null, "is_active": 1 }, { "id": 3360567151, "indicator": "b0de13cd8410a1478115df1a1f5b855671f374ea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "SHA1 of 19a0693480c82f2b7fc8659d8f91717a", "expiration": null, "is_active": 1 }, { "id": 3360567152, "indicator": "c4192f0994d5b9a5efd18e9a697dcf78cc092c0d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of 01d06f85fce63444c3563fe3bd20c004", "expiration": null, "is_active": 1 }, { "id": 1593635259, "indicator": "c64ac1fed412c4abaf7b65342441db01a53d497e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of e7f1589362f77d770063922b068e47aa", "expiration": null, "is_active": 1 }, { "id": 3360567153, "indicator": "c71d462b778f6dd518a1b0d822f3b8e05232db58", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Travnet-B", "description": "SHA1 of 723129912a2d0fb4aede7100071787ef", "expiration": null, "is_active": 1 }, { "id": 2879524645, "indicator": "cbc3565283cb2c23518ec756fa9314bec22af5a4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of 6d00e4f95fba02126b32bb74dc4fec55", "expiration": null, "is_active": 1 }, { "id": 3360567154, "indicator": "d34418fb66e48bd3b563c0f6c81e7f1c17d7f5d3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA1 of 57f2374d9f2a787339b0c6a5b1008a72", "expiration": null, "is_active": 1 }, { "id": 3360567155, "indicator": "d7e3924ca83e1a2355f3f1e2816dfd417892afc2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA1 of 1dcad7c8f56207b2c423353f0c328755\nSHA1 of 1dcad7c8f56207b2c423353f0c328755", "expiration": null, "is_active": 1 }, { "id": 1593604593, "indicator": "dd81648c296423439916d5842695723d0bac8a49", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "cf_rtf_actor_cve_2012_0158_tnauthor_john_doe", "description": "SHA1 of e5954b8204eb321d20bed4a86b3cef34", "expiration": null, "is_active": 1 }, { "id": 3360567156, "indicator": "dffb87ad0aee9dd0fb53903ede164761c0a09b97", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-CB\\ [Expl]", "description": "SHA1 of f4f14d4a1e34f62eeb9a90b5c8b2cfc1", "expiration": null, "is_active": 1 }, { "id": 3360567157, "indicator": "ed1078869941db13e29791132f4350d7bdfa2209", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA1 of 524aed944b7f307eea5677eda7e2079a", "expiration": null, "is_active": 1 }, { "id": 3360567158, "indicator": "f4215465ea2368922d8f47357ced112e10b2c6d9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA1 of 03e8d330abc77a6a9d635d2e7c0e213a", "expiration": null, "is_active": 1 }, { "id": 3360567159, "indicator": "f5e50515b397106da59363ea8298ea781027b5b6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1316973", "description": "SHA1 of 81591ae1c975b8a0b5ad5546a103992c", "expiration": null, "is_active": 1 }, { "id": 3360567160, "indicator": "fc9798b1712d72151482a3b8d93eac7fc32ce283", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of d9cf41b5d11e42dabf9470964d09c000", "expiration": null, "is_active": 1 }, { "id": 3360567161, "indicator": "fcb55e9c061213d759ce6abdcc56e96f6911ac41", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-BB\\ [Expl]", "description": "SHA1 of 6eb5932b0ed20f11f1a887bcfbdde10f", "expiration": null, "is_active": 1 }, { "id": 3360567162, "indicator": "fd8814b5889cce9376118d9628cb642542c950c0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA1 of 294da087e6329ae78c1a5fb42b999500", "expiration": null, "is_active": 1 }, { "id": 3360567163, "indicator": "ffab0d227b67c60de19af0f3b3b05c7e6fa7eedc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA1 of ff04126a5d61a10c81bfd0a6d0a643d0\nSHA1 of ff04126a5d61a10c81bfd0a6d0a643d0", "expiration": null, "is_active": 1 }, { "id": 431163822, "indicator": "04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 22be9cca6e4ec3af327595b890a92fec\nSHA256 of 22be9cca6e4ec3af327595b890a92fec", "expiration": null, "is_active": 1 }, { "id": 431176186, "indicator": "1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "SHA256 of 1f26e5f9b44c28b37b6cd13283838366", "expiration": null, "is_active": 1 }, { "id": 601731, "indicator": "1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of af8a9d91f30566b2ed77617a045761ba", "expiration": null, "is_active": 1 }, { "id": 3360567164, "indicator": "213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-1316973", "description": "SHA256 of 81591ae1c975b8a0b5ad5546a103992c", "expiration": null, "is_active": 1 }, { "id": 3360567165, "indicator": "238a9d0abc415debaf88fd30df6e92db4f82495eb27736bf0b3a008cbe71a166", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 83429db9cc63196bf42c691cc09b7b84", "expiration": null, "is_active": 1 }, { "id": 431143485, "indicator": "29b606a091059947f4ca9916a7a50b56491c18b864cbbf6dcfe854dce720df05", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA256 of 36ed86602661bb3a7a55e69fde90ee73", "expiration": null, "is_active": 1 }, { "id": 601728, "indicator": "3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 31413f6a097a9e07722d122ecdb62f79\nSHA256 of 31413f6a097a9e07722d122ecdb62f79", "expiration": null, "is_active": 1 }, { "id": 601736, "indicator": "409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a4571b830569d85c0f7d07297219bde9\nSHA256 of a4571b830569d85c0f7d07297219bde9", "expiration": null, "is_active": 1 }, { "id": 431163815, "indicator": "416b97dedceabfd94cfb32315f1997611d6530a1bec939959a1b0c504a63b224", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 382c1d692dd3cec9b046e5c0eeaf92e6\nSHA256 of 382c1d692dd3cec9b046e5c0eeaf92e6", "expiration": null, "is_active": 1 }, { "id": 3360567166, "indicator": "41d1b14437a0a85d04f5e36a95cd99ae54968af94730a31bac1eb3ba15294b8e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-BB\\ [Expl]", "description": "SHA256 of 6eb5932b0ed20f11f1a887bcfbdde10f", "expiration": null, "is_active": 1 }, { "id": 2879932596, "indicator": "422ba6dae6752430a2e52e1efb327f277e912ce551f9f1408ee6ab13ebf3717a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of dc01df3c40cb4fb0bef448693475ea1b\nSHA256 of dc01df3c40cb4fb0bef448693475ea1b", "expiration": null, "is_active": 1 }, { "id": 431176185, "indicator": "4d3a0ba910024c6ca1ca9e915eb43fff7f9610406105750383f716069e7dfb91", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of 1a70e1e36e6afa454f6457140ac3d2ec\nSHA256 of 1a70e1e36e6afa454f6457140ac3d2ec", "expiration": null, "is_active": 1 }, { "id": 3360567167, "indicator": "4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA256 of 1dcad7c8f56207b2c423353f0c328755\nSHA256 of 1dcad7c8f56207b2c423353f0c328755", "expiration": null, "is_active": 1 }, { "id": 3360567168, "indicator": "4f55446d65578f9c0ac2694ab2f07af60694a8d96e0acb484aac192d58e819b6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of 5e7c5e8d9f5864488ddf04b662d1ad8e\nSHA256 of 5e7c5e8d9f5864488ddf04b662d1ad8e", "expiration": null, "is_active": 1 }, { "id": 3360567169, "indicator": "567a50a08529d19f146c1c3eef09d22679a358d15fdf6f508897b35b95e75e6c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of d9cf41b5d11e42dabf9470964d09c000", "expiration": null, "is_active": 1 }, { "id": 431143505, "indicator": "57ea0710204049b0e64ad6e013920911b230c034ab255c78326aaf2a00183418", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA256 of 059a7482efee3b2abf67c12d210cb2f7\nSHA256 of 059a7482efee3b2abf67c12d210cb2f7", "expiration": null, "is_active": 1 }, { "id": 3360567170, "indicator": "5a9d84792a06b3d2037f567e0f57781722a950d485854cf5e4042cbdd51d82af", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of ff04126a5d61a10c81bfd0a6d0a643d0\nSHA256 of ff04126a5d61a10c81bfd0a6d0a643d0", "expiration": null, "is_active": 1 }, { "id": 431176181, "indicator": "5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "SHA256 of 5e35b31472a2e603a995198d8e8411ed\nSHA256 of 5e35b31472a2e603a995198d8e8411ed", "expiration": null, "is_active": 1 }, { "id": 586392, "indicator": "60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of aa5a1cd27c964bc229156a521fbd6a4b\nSHA256 of aa5a1cd27c964bc229156a521fbd6a4b", "expiration": null, "is_active": 1 }, { "id": 431163823, "indicator": "618a75808b11fba4d1501587f2df23c6bf4094a474497a1f15fb85bbdc6cd593", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 13b3cb819b460591c27e133e93fb8661\nSHA256 of 13b3cb819b460591c27e133e93fb8661", "expiration": null, "is_active": 1 }, { "id": 326985, "indicator": "673e6ec23741e68b7454d21992aa593294be657c6b938bd368fb81761a5200dd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "cf_rtf_actor_cve_2012_0158_tnauthor_john_doe", "description": "SHA256 of e5954b8204eb321d20bed4a86b3cef34", "expiration": null, "is_active": 1 }, { "id": 601730, "indicator": "67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a6777d7632039897a4a7abebb887cba0", "expiration": null, "is_active": 1 }, { "id": 2879524648, "indicator": "68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of 6d00e4f95fba02126b32bb74dc4fec55", "expiration": null, "is_active": 1 }, { "id": 601733, "indicator": "69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a93c47161adc1645e2018e5d03cbd104", "expiration": null, "is_active": 1 }, { "id": 3360567171, "indicator": "6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA256 of 03e8d330abc77a6a9d635d2e7c0e213a", "expiration": null, "is_active": 1 }, { "id": 431163813, "indicator": "70480daaf97bfcb10fd793ffea9e90e1fcb84861415d14a3766a238a29cf30f7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 4c8950da250ea135ee77a2644af414ba", "expiration": null, "is_active": 1 }, { "id": 431163820, "indicator": "7bc1ca150bd934d6a8dde2f8fe6c88eed6b6d56cf0c2b941aafc40735f0a0eb6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 29a394a4ec8a30b5f36c7b874fc9fe10", "expiration": null, "is_active": 1 }, { "id": 586418, "indicator": "80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 45782441c73fa949495ffafdb8f9bb62", "expiration": null, "is_active": 1 }, { "id": 431176184, "indicator": "84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of 33334d8dc36c4ee7739fe2f8b448da72", "expiration": null, "is_active": 1 }, { "id": 3360567172, "indicator": "8a41179a750b11d09c4e4c251eb8f3927d2bef4d40e7e15594dc359783bdf04a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Travnet-B", "description": "SHA256 of 723129912a2d0fb4aede7100071787ef", "expiration": null, "is_active": 1 }, { "id": 601734, "indicator": "8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 024baaaa8247f1d06a6f803a2226efc4", "expiration": null, "is_active": 1 }, { "id": 431176183, "indicator": "95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of 3b4cf5f1ff8c4187e41c6ab80f000491", "expiration": null, "is_active": 1 }, { "id": 3360567173, "indicator": "9637b2dcd5f9d5fdc0f1c1104f73f3dbdcfd803cac47196cc94c768c21fa2ae4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA256 of 57f2374d9f2a787339b0c6a5b1008a72", "expiration": null, "is_active": 1 }, { "id": 431176187, "indicator": "969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.C", "description": "SHA256 of 19a0693480c82f2b7fc8659d8f91717a", "expiration": null, "is_active": 1 }, { "id": 431163818, "indicator": "98263df30ea803b15a3b4b3ecdb2761c8d6148c833209513148912b974e0fd5a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 2d0e4748d857c12184ed2c94c13ec1ae", "expiration": null, "is_active": 1 }, { "id": 431163817, "indicator": "9a0bab44fd1d1364621c4fa76a43cdc4f7d3ca5a1961dc202e5abe2147785f98", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 39c2b2ee24373bf1ef20faff958718bc", "expiration": null, "is_active": 1 }, { "id": 2780733488, "indicator": "9f012d7e3ae8f62370278e372691eb73b878fe2280b6083e1be637b278021855", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA256 of 2a43c23a17cd2bc9074a486c47444e7c", "expiration": null, "is_active": 1 }, { "id": 246184998, "indicator": "a75fdd9e52643dc7a1790c79cbfffe9348f80a9b0984eafd90723bf7ca68f4ce", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of d286c4cdf40e2dae5362eff562bccd3a", "expiration": null, "is_active": 1 }, { "id": 2821637352, "indicator": "a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.B", "description": "SHA256 of e51a4cc0272a98e9eddfec16667603f4", "expiration": null, "is_active": 1 }, { "id": 3360567174, "indicator": "aceca16c33ae8a73b1fd7699a8317d70d164df9744cb7e494834b9c1e457a768", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Zegost", "description": "SHA256 of 08e5352a2416bd32a1c07f2d6c2f11fa", "expiration": null, "is_active": 1 }, { "id": 601735, "indicator": "b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of e7f1589362f77d770063922b068e47aa", "expiration": null, "is_active": 1 }, { "id": 3360567175, "indicator": "b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Tool.Win7Elevate-1", "description": "SHA256 of 294da087e6329ae78c1a5fb42b999500", "expiration": null, "is_active": 1 }, { "id": 3360567176, "indicator": "bc2472f4aa06ddd5ebc75100453b4d226b59276d770a9eae6a2e62d7aa5026e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "RTF:CVE-2010-3333-CB\\ [Expl]", "description": "SHA256 of f4f14d4a1e34f62eeb9a90b5c8b2cfc1", "expiration": null, "is_active": 1 }, { "id": 431163824, "indicator": "bd11592557d2dba4e2cc5cdfdbc61cba64735ae01050db58557e2281389512a0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 01d06f85fce63444c3563fe3bd20c004", "expiration": null, "is_active": 1 }, { "id": 2764957654, "indicator": "c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:ShellCode\\ [Expl]", "description": "SHA256 of 0e2b10015fe52b7ea77a213f0c330557", "expiration": null, "is_active": 1 }, { "id": 431163816, "indicator": "d3931ee10daf52359a7591418690f97d4dd2c053624b231358e433f9e58769ca", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 3cb96fe79aa01c82ac68c54e88918e57", "expiration": null, "is_active": 1 }, { "id": 431176182, "indicator": "e50407b62502bfc2fe94c97e0d1af3871269596b8de3384df4dbb92f90de17c6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of 524aed944b7f307eea5677eda7e2079a", "expiration": null, "is_active": 1 }, { "id": 431163821, "indicator": "e575c39549529d79d3346a5bb09cf7b484083a83c56db65c5db686a41da9a2bc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 28e9faec9de3bbdeb65435bfc377d1f8", "expiration": null, "is_active": 1 }, { "id": 431163814, "indicator": "e917d277ce6d27e9740fede690f7bd810e99c0757ae4226cb30f8227c6b30b43", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 4968882f189236952fd38a11586b395a", "expiration": null, "is_active": 1 }, { "id": 431163819, "indicator": "eff3444317ceca3b4642ee4ad3ed947f7bb17e35976465fad686ddd52cfe8cc5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:Win32/Travnet.B", "description": "SHA256 of 2dc139d82a2a5bf027bcb6a40f75b3f4", "expiration": null, "is_active": 1 }, { "id": 601732, "indicator": "f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1b3cafb71e8e1ccd13bcbe79e3d5c05c", "expiration": null, "is_active": 1 }, { "id": 2871066961, "indicator": "f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Travnet.A", "description": "SHA256 of d04a7f30c83290b86cac8d762dcc2df5", "expiration": null, "is_active": 1 }, { "id": 431143493, "indicator": "fa7cbe1bae47909c4e4796652be7e3d353e19be408684665d0ac298609f8b918", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2010-3333", "description": "SHA256 of 29a420e52b56bfadf9f0701318524bef", "expiration": null, "is_active": 1 }, { "id": 3360567177, "indicator": "61e20981323c1e4a9551f9cdf722f6e501145692", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_21 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-58-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"01d06f85fce63444c3563fe3bd20c004\" \n \t\t hash2= \"024baaaa8247f1d06a6f803a2226efc4\" \n \t\t hash3= \"03e8d330abc77a6a9d635d2e7c0e213a\" \n \t\t hash4= \"059a7482efee3b2abf67c12d210cb2f7\" \n \t\t hash5= \"08e5352a2416bd32a1c07f2d6c2f11fa\" \n \t\t hash6= \"0e2b10015fe52b7ea77a213f0c330557\" \n \t\t hash7= \"13b3cb819b460591c27e133e93fb8661\" \n \t\t hash8= \"15e8a1c4d5021e76f933cb1bc895b9c2\" \n \t\t hash9= \"19a0693480c82f2b7fc8659d8f91717a\" \n \t\t hash10= \"1a70e1e36e6afa454f6457140ac3d2ec\" \n \t\t hash11= \"1b3cafb71e8e1ccd13bcbe79e3d5c05c\" \n \t\t hash12= \"1dcad7c8f56207b2c423353f0c328755\" \n \t\t hash13= \"1f26e5f9b44c28b37b6cd13283838366\" \n \t\t hash14= \"22be9cca6e4ec3af327595b890a92fec\" \n \t\t hash15= \"28e9faec9de3bbdeb65435bfc377d1f8\" \n \t\t hash16= \"294da087e6329ae78c1a5fb42b999500\" \n \t\t hash17= \"29a394a4ec8a30b5f36c7b874fc9fe10\" \n \t\t hash18= \"29a420e52b56bfadf9f0701318524bef\" \n \t\t hash19= \"2a43c23a17cd2bc9074a486c47444e7c\" \n \t\t hash20= \"2ac8f77548e87b401767c7076adfa00d\" \n \t\t hash21= \"2d0e4748d857c12184ed2c94c13ec1ae\" \n \t\t hash22= \"2dc139d82a2a5bf027bcb6a40f75b3f4\" \n \t\t hash23= \"31413f6a097a9e07722d122ecdb62f79\" \n \t\t hash24= \"33334d8dc36c4ee7739fe2f8b448da72\" \n \t\t hash25= \"36ed86602661bb3a7a55e69fde90ee73\" \n \t\t hash26= \"382c1d692dd3cec9b046e5c0eeaf92e6\" \n \t\t hash27= \"39c2b2ee24373bf1ef20faff958718bc\" \n \t\t hash28= \"3b4cf5f1ff8c4187e41c6ab80f000491\" \n \t\t hash29= \"3cb96fe79aa01c82ac68c54e88918e57\" \n \t\t hash30= \"45782441c73fa949495ffafdb8f9bb62\" \n \t\t hash31= \"4968882f189236952fd38a11586b395a\" \n \t\t hash32= \"4c8950da250ea135ee77a2644af414ba\" \n \t\t hash33= \"524aed944b7f307eea5677eda7e2079a\" \n \t\t hash34= \"57f2374d9f2a787339b0c6a5b1008a72\" \n \t\t hash35= \"5e35b31472a2e603a995198d8e8411ed\" \n \t\t hash36= \"5e7c5e8d9f5864488ddf04b662d1ad8e\" \n \t\t hash37= \"63494c74db9bfc2bba3983698c952de9\" \n \t\t hash38= \"63f0f91e3ccf5dd00a455d3038a299f4\" \n \t\t hash39= \"66684b8b82fb5318a41ab7e6abb8dd42\" \n \t\t hash40= \"677f7c42f79a0a58760056529739fdd6\" \n \t\t hash41= \"6afeec03c8f4bc78fa2b3ad27392b0e7\" \n \t\t hash42= \"6d00e4f95fba02126b32bb74dc4fec55\" \n \t\t hash43= \"6d49cdbade7541d46be3fb47a0f563bb\" \n \t\t hash44= \"6de813a22b2b73e330085ec7c85e041b\" \n \t\t hash45= \"6eb5932b0ed20f11f1a887bcfbdde10f\" \n \t\t hash46= \"71f311a648348e7598eb55ab7618842c\" \n \t\t hash47= \"723129912a2d0fb4aede7100071787ef\" \n \t\t hash48= \"778c1764dd5c36c1eb96c49a8f8441e6\" \n \t\t hash49= \"7b92e9d21bc4db838bc102b289f4fd5f\" \n \t\t hash50= \"81591ae1c975b8a0b5ad5546a103992c\" \n \t\t hash51= \"81d92e20f3078bd8e43b226308393e43\" \n \t\t hash52= \"83429db9cc63196bf42c691cc09b7b84\" \n \t\t hash53= \"852f562812305ad099372109f8e8b189\" \n \t\t hash54= \"85865e048183849b255c92e609a5fa25\" \n \t\t hash55= \"89bfd463ca76b62c61a548778316567d\" \n \t\t hash56= \"8d3036a65ac2404d4562cdb927fd3d2c\" \n \t\t hash57= \"8d78a9e3df1e19f9520f2bbb5f04cb54\" \n \t\t hash58= \"8dc61b737990385473dca9bfc826727b\" \n \t\t hash59= \"95113e04af14c23df607964fa9d83476\" \n \t\t hash60= \"9b198f1e260700bdcb4740266cd35b3f\" \n \t\t hash61= \"9c1c2825532b25e266d62db50952ab44\" \n \t\t hash62= \"9c544da8c23826379d60581cce17a483\" \n \t\t hash63= \"9d22897b05261ad66645887b094a43c7\" \n \t\t hash64= \"a0e350787e4134ea91ccb26d17cdf167\" \n \t\t hash65= \"a1169fb2eb93616ced7536a53fb05648\" \n \t\t hash66= \"a4571b830569d85c0f7d07297219bde9\" \n \t\t hash67= \"a6777d7632039897a4a7abebb887cba0\" \n \t\t hash68= \"a6d89df2a80675980fb3e4a9bcc162e2\" \n \t\t hash69= \"a77456a160890a26a8f7c019c2e77021\" \n \t\t hash70= \"a93c47161adc1645e2018e5d03cbd104\" \n \t\t hash71= \"aa5a1cd27c964bc229156a521fbd6a4b\" \n \t\t hash72= \"aa6f8eff83aea3ff7b8f016e67f74dac\" \n \t\t hash73= \"af6649323daf6dbd3aef1b950588487c\" \n \t\t hash74= \"af8a9d91f30566b2ed77617a045761ba\" \n \t\t hash75= \"b3840ec1299517dacd6c18c71ff5bafc\" \n \t\t hash76= \"b600089a93275fa93558695b707b87ad\" \n \t\t hash77= \"b8c99bc028a0a32288d858df7bf6bec1\" \n \t\t hash78= \"b990752f8266d7648070bea7e24d326f\" \n \t\t hash79= \"ba026e6190aee2c64ef62a4e79419bcf\" \n \t\t hash80= \"c87e8a3ceefd93c7e431b753801c6bb6\" \n \t\t hash81= \"cb9cc50b18a7c91cf4a34c624b90db5d\" \n \t\t hash82= \"cebaaad59f1616698dec4f14d76b4c9a\" \n \t\t hash83= \"d04a7f30c83290b86cac8d762dcc2df5\" \n \t\t hash84= \"d218706eb07f2722ae4e0106cce27d52\" \n \t\t hash85= \"d286c4cdf40e2dae5362eff562bccd3a\" \n \t\t hash86= \"d354b71116961cad955ed11cb938ca32\" \n \t\t hash87= \"d687cfde1c4ea77de1b92ea2f9e90ad5\" \n \t\t hash88= \"d80c29813bfbc3cbcbd469249d49ebf3\" \n \t\t hash89= \"d9cf41b5d11e42dabf9470964d09c000\" \n \t\t hash90= \"db6e36f962fdb58c8e9f8f9a781fda66\" \n \t\t hash91= \"dc01df3c40cb4fb0bef448693475ea1b\" \n \t\t hash92= \"def612ad0554006378f185d3b56efb57\" \n \t\t hash93= \"e51a4cc0272a98e9eddfec16667603f4\" \n \t\t hash94= \"e5954b8204eb321d20bed4a86b3cef34\" \n \t\t hash95= \"e5b1ffd2ecd7e610d07d093d65639da9\" \n \t\t hash96= \"e7f1589362f77d770063922b068e47aa\" \n \t\t hash97= \"eb5761c410b5139f23235e9b67964495\" \n \t\t hash98= \"eefc66a1e978dc9d825f28702106d4d5\" \n \t\t hash99= \"efa23860086c5d12d3e6b918073c717f\" \n \t\t hash100= \"f3c5c20f5c45fc401484caf72753d778\" \n \t\t hash101= \"f4f14d4a1e34f62eeb9a90b5c8b2cfc1\" \n \t\t hash102= \"fad8f37c9bd5420f49cfd5960a60fa24\" \n \t\t hash103= \"fb3495715764cdaa547f2b040c0a9b1f\" \n \t\t hash104= \"fc3853c2383e2fbb2af381fd1277504d\" \n \t\t hash105= \"fe16c30782e2b16b07d5a3a1cf9dfb8f\" \n \t\t hash106= \"ff04126a5d61a10c81bfd0a6d0a643d0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $s2= \"DocumentSummaryInformation\" fullword wide \n \t\t $s3= \"*G{000204EF-0_VBA_PROJECT\" fullword wide \n \t\t $s4= \"mailto:gh.kurban@googlemail.com\" fullword wide \n \t\t $s5= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s6= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s7= \"WW-Absatz-Standardschriftart\" fullword wide \n \t\t $s8= \"WW-Absatz-Standardschriftart1\" fullword wide \n \t\t $s9= \"WW-Absatz-Standardschriftart11\" fullword wide \n \t\t $s10= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s11= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"1.;84+748 30?&/-#;+)90'%5=#!0:\" fullword ascii \n \t\t $a2= \";:3876%432Z0/.\" fullword ascii \n \t\t $a3= \";:9876543210/.-,+*)\" fullword ascii \n \t\t $a4= \";:9876543210/.-,+*)(\" fullword ascii \n \t\t $a5= \";:9876543210/.-,+*)('&%$\" fullword ascii \n \t\t $a6= \"AINFBF@GNBCLMNOPQRQ UZZZ^YT^U_`aba9ekjhcmdcba`xyrstuvu%ywv|~yp\" fullword ascii \n \t\t $a7= \"aP222?66>3:::7>>GKBBCOFFOCJJKGNMXZRRYVVPUZYTP^]iobanjfecxji`\" fullword ascii \n \t\t $a8= \">B@@BFDDFJHHJNLLNRPPRVTTVZXXZ^\\\\^b``bfddfxizk|m~oPqRsTuVwXyZ{}^\" fullword ascii \n \t\t $a9= \"Content-Location: file:///C:/23456789/Doc1.files/filelist.xml\" fullword ascii \n \t\t $a10= \"Content-Location: file:///C:/23456789/Doc1.files/ocxstg001.mso\" fullword ascii \n \t\t $a11= \"DEKMCUGCL@DLTU^NTU[]SEWSPTDEN^dekmcugcl`dltu~ntu{}sews|pt|den~\" fullword ascii \n \t\t $a12= \"~e|{zaxwvmtsriponulkjqhgf}dcby`_^E[ZAXWVMTSRIPONULKJIHGF]DCB\" fullword ascii \n \t\t $a13= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \t\t $a14= \"l}v{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA\" fullword ascii \n \t\t $a15= \"lXxsaVtwjTpkwKlnpAhc}Ldf~J`ZBv]DtXQIzTVraPIo|LMhzHAeqDEfw@9\" fullword ascii \n \t\t $a16= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a17= \"utsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA0?.5t;:9\" fullword ascii \n \t\t $a18= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \t\t $a19= \"~zyuu}a`gwqpz|v`njieemqpwga`jlfp^ZYUU]A@GWQPZV@NJIEEMQPWGA@JLFP\" fullword ascii \n \t\t $a20= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA\" fullword ascii \n \t\t $a21= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \t\t $a22= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBAH\" fullword ascii \n \n \t\t $hex1= {246131303d2022436f} \n \t\t $hex2= {246131313d20224445} \n \t\t $hex3= {246131323d20227e65} \n \t\t $hex4= {246131333d20226a6d} \n \t\t $hex5= {246131343d20226c7d} \n \t\t $hex6= {246131353d20226c58} \n \t\t $hex7= {246131363d2022536f} \n \t\t $hex8= {246131373d20227574} \n \t\t $hex9= {246131383d20225769} \n \t\t $hex10= {246131393d20227e7a} \n \t\t $hex11= {2461313d2022312e3b} \n \t\t $hex12= {246132303d20227e7d} \n \t\t $hex13= {246132313d20227e7d} \n \t\t $hex14= {246132323d20227e7d} \n \t\t $hex15= {2461323d20223b3a33} \n \t\t $hex16= {2461333d20223b3a39} \n \t\t $hex17= {2461343d20223b3a39} \n \t\t $hex18= {2461353d20223b3a39} \n \t\t $hex19= {2461363d202241494e} \n \t\t $hex20= {2461373d2022615032} \n \t\t $hex21= {2461383d20223e4240} \n \t\t $hex22= {2461393d2022436f6e} \n \t\t $hex23= {247331303d20227968} \n \t\t $hex24= {247331313d20222f5a} \n \t\t $hex25= {2473313d2022433a4d} \n \t\t $hex26= {2473323d2022446f63} \n \t\t $hex27= {2473333d20222a477b} \n \t\t $hex28= {2473343d20226d6169} \n \t\t $hex29= {2473353d20227c6d78} \n \t\t $hex30= {2473363d202257696e} \n \t\t $hex31= {2473373d202257572d} \n \t\t $hex32= {2473383d202257572d} \n \t\t $hex33= {2473393d202257572d} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_21 Group", "expiration": null, "is_active": 1 }, { "id": 407419, "indicator": "pomf.cat", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567178, "indicator": "09a31892d9e6bbab75d2872dafe87842", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "", "expiration": null, "is_active": 1 }, { "id": 2840531874, "indicator": "0bc12877b5995878663154e504158b3c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Remcos", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261251686, "indicator": "2e3037f15c76457e5390a7c5b540153f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567179, "indicator": "3c7e5080c12f4e9a63d5a770fa57051c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "NjRat", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261252686, "indicator": "0c4cc2dff8d70af9280b3f8c79e693313e5f6d81", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "SHA1 of 2e3037f15c76457e5390a7c5b540153f", "expiration": null, "is_active": 1 }, { "id": 3360567180, "indicator": "3d098a0606d70094a7be2a05f0c40d169f0497c2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "NjRat", "description": "SHA1 of 3c7e5080c12f4e9a63d5a770fa57051c", "expiration": null, "is_active": 1 }, { "id": 3360567181, "indicator": "73e703eaf21da47e7b82966cf4c9d2c8a00a1a8e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "SHA1 of 09a31892d9e6bbab75d2872dafe87842", "expiration": null, "is_active": 1 }, { "id": 2840531872, "indicator": "a6cd28d372cf69875e69edd15d1c30c4f826071b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Remcos", "description": "SHA1 of 0bc12877b5995878663154e504158b3c", "expiration": null, "is_active": 1 }, { "id": 1386572279, "indicator": "496416a57a82d62211df726f36aa1b95a58e1f4feb5cc17081da50347bd0e676", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "SHA256 of 09a31892d9e6bbab75d2872dafe87842", "expiration": null, "is_active": 1 }, { "id": 1386572528, "indicator": "832aaae676d235bb0dfb27d880637d67d80cf94674d90dcddfd0216dc8425175", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "NjRat", "description": "SHA256 of 3c7e5080c12f4e9a63d5a770fa57051c", "expiration": null, "is_active": 1 }, { "id": 1261253686, "indicator": "e214f08d95ac7a1ef1b9b99283723d17deb663eaf5f5fe5625bb81e88cff37d6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Revenge RAT", "description": "SHA256 of 2e3037f15c76457e5390a7c5b540153f", "expiration": null, "is_active": 1 }, { "id": 1386573067, "indicator": "ff94bcc46773d29a8d3e2fd8d9d38ae23301bb652f6c4931914c075200b75baa", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Remcos", "description": "SHA256 of 0bc12877b5995878663154e504158b3c", "expiration": null, "is_active": 1 }, { "id": 3360567182, "indicator": "06854e61899fff2b198c91a5a25cff6d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567183, "indicator": "082173d1c8a4d7766ea7956f54dc6ba6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567184, "indicator": "1bd07c7bcd0c92abe2ee1c5cb13969fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567185, "indicator": "1cee8a379dda252217d3ebbeff0b668a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567186, "indicator": "1d5046627880b198111d7a52c2fb1bb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567187, "indicator": "21f7c85b255dfb717cbc235d616f6e33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567188, "indicator": "486e3c8a5c0b25f9c363a06df704b5b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567189, "indicator": "4de491570e303c5cd99147240f85e5a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567190, "indicator": "0557cb0cf51bfad1d7e55786e394756a2883f4b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 21f7c85b255dfb717cbc235d616f6e33", "expiration": null, "is_active": 1 }, { "id": 3360567191, "indicator": "3eefef3860ca476a7686a8c45df30f8851e0b167", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 486e3c8a5c0b25f9c363a06df704b5b8", "expiration": null, "is_active": 1 }, { "id": 3360567192, "indicator": "420bf10c4d834f3f78b24762bc50cc7325fd7972", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 1bd07c7bcd0c92abe2ee1c5cb13969fe", "expiration": null, "is_active": 1 }, { "id": 3360567193, "indicator": "6b74e8be276b9f16b4732a3e4a2bd69a39e9bf9b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "SHA1 of 06854e61899fff2b198c91a5a25cff6d", "expiration": null, "is_active": 1 }, { "id": 3360567194, "indicator": "6c260eaeadbaf0bf066be8925653f23f82f02883", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 4de491570e303c5cd99147240f85e5a3", "expiration": null, "is_active": 1 }, { "id": 3360567195, "indicator": "82d0dd42067b18c0c00fa51fc4beddee09558bd8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "SHA1 of 1cee8a379dda252217d3ebbeff0b668a", "expiration": null, "is_active": 1 }, { "id": 3360567196, "indicator": "bd48bd4e1eaa3eb050b026b48efcfba92f604055", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 082173d1c8a4d7766ea7956f54dc6ba6", "expiration": null, "is_active": 1 }, { "id": 3360567197, "indicator": "c99fe31cbd0419e4051d14ad214932f4152693a3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA1 of 1d5046627880b198111d7a52c2fb1bb6", "expiration": null, "is_active": 1 }, { "id": 1386572028, "indicator": "0b0b5601ee848652ba7825defac7e787b181043303441fdde2e41faa97a84066", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 1d5046627880b198111d7a52c2fb1bb6", "expiration": null, "is_active": 1 }, { "id": 210235858, "indicator": "888f9c76d26cdfa7340779a015d95785253cf14a1a850fe79ec64a6a24b1deac", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 21f7c85b255dfb717cbc235d616f6e33", "expiration": null, "is_active": 1 }, { "id": 1386572608, "indicator": "9409444590a377e136092aa9d9fa7d2391fa5ea82735e6f6098acbb723c0baa0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 4de491570e303c5cd99147240f85e5a3", "expiration": null, "is_active": 1 }, { "id": 1386572738, "indicator": "ba045eb905307daf7dca193d99fdf2ec624bb56131235c7d3c45ebd774c5b7ac", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "SHA256 of 1cee8a379dda252217d3ebbeff0b668a", "expiration": null, "is_active": 1 }, { "id": 1386572753, "indicator": "beade1adfd33b691e53777248f0419ad63f827a662b099b5c60c3b5acd0cf71d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 1bd07c7bcd0c92abe2ee1c5cb13969fe", "expiration": null, "is_active": 1 }, { "id": 1386572756, "indicator": "bf8e1bac13c2015c89e7590908b4f818a3297d6f2acda7c4c989395688154576", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 082173d1c8a4d7766ea7956f54dc6ba6", "expiration": null, "is_active": 1 }, { "id": 1386572868, "indicator": "d4171f8996da4395863933f794586c5b2819d4c77bff267e297ddb3d5c706def", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Nemucod", "description": "SHA256 of 486e3c8a5c0b25f9c363a06df704b5b8", "expiration": null, "is_active": 1 }, { "id": 1386572926, "indicator": "e21a9d3df315dd8e55f1178611a622bb43c5be81eafed44c7c7ce1035f0f4691", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "LokiBot", "description": "SHA256 of 06854e61899fff2b198c91a5a25cff6d", "expiration": null, "is_active": 1 }, { "id": 3360567198, "indicator": "00cbfd366e54e906c97400b76ab2a5f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567199, "indicator": "0190c72ee120bfcb49e7b73c39b85eed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567200, "indicator": "01acef7885819f372377801f7095ec66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567201, "indicator": "02640462c27a1578060b59bd9b410512", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283507, "indicator": "027b465ca40a52bb96c9f53e831be0bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567202, "indicator": "028e51a9a5dfeba3011d7234d3eacc87", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576613705, "indicator": "039275d58d501cf0fdea202b395c466e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567203, "indicator": "03c044683241d11926d077f5c6bde05a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567204, "indicator": "03dd7830dcc08b47f525be34d6a9ecda", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567205, "indicator": "03ecf49dca7c86114ea60926528d678b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567206, "indicator": "042b3e3ceb206d9fe9d323fa05ba3756", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567207, "indicator": "04850eb15c734d5060ba36b6dd6b40ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567208, "indicator": "04a6fe62f4c70d97e99717fecc56f7ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567209, "indicator": "04c60405aa78d77c3d2e8917ed80e473", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567210, "indicator": "04d38647d9744274a6d764c5f135e68c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567211, "indicator": "04d8a53865eab1aa5ca5c28f3d801d06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567212, "indicator": "04e3d309e2a400b3f582d264968d6c9f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567213, "indicator": "056beab7b7437f81055108e5147bde92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080225, "indicator": "0585253320d06abc4e9f805d185925bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567214, "indicator": "058bf1e8af9fc7cd82505d497fe65ebd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567215, "indicator": "059682692cbd61194e609f8edb82ded2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 2929300040, "indicator": "05a3e39e7d534b43f90b5737c800b8d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2017-8759.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567216, "indicator": "05c679c2a42c18d736140d95532ae027", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567217, "indicator": "05d4715fac45ef68975353a9a95a85c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080230, "indicator": "06badb0f8a6ef9872f911f2fb2a9f2a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 577249257, "indicator": "070583cfed5f33b995a07d2b975795d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567218, "indicator": "0773929cc7c87c2ca9cb5656e58393c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567219, "indicator": "078024bf070634295c4e9d43ebc68d63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567220, "indicator": "078d16e03fcbdc31c499feff72381dbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576614357, "indicator": "07ac88411153e25ba72f86c909f99bef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567221, "indicator": "07b62e8a8224f52d62ca6ad41926fbd4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567331, "indicator": "07f6233dfc22cd74724f5ab3fed265f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696521, "indicator": "0854f0f744d3797e38cc07304db68764", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080201, "indicator": "086eb0a99de97fa52601f06bfab5c01c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567332, "indicator": "0873d67cd970b92fa0ca78bf26f21f5a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-6633079-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567333, "indicator": "08de5338e34666910fde893148176e7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080398, "indicator": "093fd7bfe7c1d3af0ea7eface7775ea6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567334, "indicator": "09560e01b9376cc74c455a0fe4a4b41c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567335, "indicator": "0a804441e896e1f93721df9346c271b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567336, "indicator": "0ae994af3dcece45343836e94f8e7ecb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567337, "indicator": "0b348fdbb2d9b514e6fd8f2c7e27b6aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567338, "indicator": "0b421158b4446e71a29bb984e676203b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567339, "indicator": "0b6daa26b4f679b5611d319dd553fbbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567340, "indicator": "0bb81b7e93c1e7799affbacf3fb487d3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567341, "indicator": "0bc543753aa5665f5306ad3f46d30776", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567342, "indicator": "0c2cf7c9004c37f354d2606c6b0f3171", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567343, "indicator": "0c836cda6823cc0b4b77008312e9720c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567344, "indicator": "0cfb3ab1f43215008d3dcf7d187e6af1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 624676176, "indicator": "0d19949b7c2180ce15f6c9490d3571f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567345, "indicator": "0d63350bd3ce6881618dd44b776b29f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567346, "indicator": "0da5c7a1740cdd66e88a17b629e656b5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612701, "indicator": "0db78a53fa0f421e1342a21f77963025", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567347, "indicator": "0e0ea9d429fa54e7ca87d9b2ced3bb8c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243233, "indicator": "0e495b1e38ce80e0ba31c73a5203d09b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567348, "indicator": "0ed55f706017ceea880de981c5169d22", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567349, "indicator": "1002586d9f9f01802fa97cbff8cd7d04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567350, "indicator": "1025000169c8a8af780be4c204cd9b87", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567351, "indicator": "10280bab51f69d78610b7cd524afaa6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567352, "indicator": "103f64a9237db2c939c35c93e13aed04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567353, "indicator": "1057d2649cbbc403c6794159624d8fa6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567354, "indicator": "106ba49c3d94149c9c1bc4c6a7d2549f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567355, "indicator": "10776f56388345cdc3847a2d1687893c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567356, "indicator": "10f6bf1292118e02826d6711c997fa6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567357, "indicator": "10facfa21af7a974322a2be7c1d77fb7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567358, "indicator": "1107826f106c323744d7122630dbbab7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567359, "indicator": "115e42b9f0329ccbc4c9149d6d3a6277", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Dropper.Zusy-6563162-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567360, "indicator": "11b8ac9a0ca8f098a720ade719796a91", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567361, "indicator": "1202225ac61e8528a5b06e7bfab04f5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567362, "indicator": "120c119b315d99a59d999cfaa078870a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567363, "indicator": "120fc8902ed442b13c04be98bc53ad34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567364, "indicator": "12204884a2f0aee9ef4b48b64717f023", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567365, "indicator": "1384da5bbe82c161f776b9bbb8cfdf77", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567366, "indicator": "13b40a0ab93b784ef29a01f3edb3dd6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567367, "indicator": "13bce871a7a076d15b477892ddcdb741", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567368, "indicator": "14036332da6d16efbd3ae1713ded7e31", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567369, "indicator": "147d68f27c2a0f9babd0b425dabc8a18", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567370, "indicator": "148065fdd2220e7091b43e531fd49fb3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243232, "indicator": "14a69824518d96a2a364f7a6d7e0da7a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567371, "indicator": "14d021f7a8206f3ead5bd58c2ed33991", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567372, "indicator": "152934da09055470e558e8919833659e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567373, "indicator": "156e55fa92300c5412289fcc85190288", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567374, "indicator": "15fbf5c441a3a705ec430d6a1519cf8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567375, "indicator": "1601fd5152f9fa9551c0c61fb208ebb7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567376, "indicator": "1650ee790908345b9b50d2b185ef3318", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567377, "indicator": "16a10fd99d0fcd39b66e4ae04aed69f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567378, "indicator": "170068ff957644747f3ba1bda893a306", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567379, "indicator": "1765e632d2a7df885ee14367f5000d93", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "PWSWin32Vorbeld", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567380, "indicator": "181fe5e18d3774433da98d46d80e8a65", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567381, "indicator": "1852f73f39ab8c254e5a32b6dc87a4c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 678650622, "indicator": "187b2e2de9224d18233e053b63d6d0d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567382, "indicator": "18a2a7d4821ec00143ffde8d0c9d24e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567383, "indicator": "1989772517a7ab404bc0cb1e0443b746", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloaderMSILBalamid", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567384, "indicator": "19d2918e48cfab1275f18d9b42307eb2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567385, "indicator": "1a77516842d1d471021aacce298d39e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567386, "indicator": "1ab0e5e724ed825791af685cef1bba4a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Fareit, Pony", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567387, "indicator": "1af35709cf686cf0f427ba80ced2d426", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_rtfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567388, "indicator": "1b12b63a25d1dcd44ec78b5ab4b563ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567389, "indicator": "1b2a3a848f87cbbcc42537e99251f3bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567390, "indicator": "1b3c5144369e21c102063fc18adae793", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Jeefo.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567391, "indicator": "1b70f6f7582bb019f7df40221ac8aad1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567392, "indicator": "1bae39ebb8a076c67bfcf25a81e14c7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567393, "indicator": "1bc20f9efee8e0c8bbe31b2e4d00a94d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567394, "indicator": "1c138de648fb5b72b245a34c935230ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 678650623, "indicator": "1c3ad524bde03cdc560c98da724b2f97", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567395, "indicator": "1cdf1b4fea93464b1c29040ff7390cbf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567396, "indicator": "1d710dcce0ceee7916eee856096b3439", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567397, "indicator": "1d7c5aa42089f1fe2915d69d8b5116dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567398, "indicator": "1e68b95d8432bf405e293b430a3fd84f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567399, "indicator": "1e727208babb46498fbfb78de5c9bd4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696096, "indicator": "1ea1355cd1016c9d0f9f8b3dd5ff7ad7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567400, "indicator": "1ea38182e9db77e718df8a55f29fa650", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567401, "indicator": "1ed381e278bd1f74fe6124353907ce96", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.MsilInjector-6429493-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567402, "indicator": "1f9a7d25be7e4a8902b7a13f121099f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567403, "indicator": "2074b0a024bd3ac6f1b4d89dbabab077", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567404, "indicator": "20817d195ee96791101a3dcc435d4d88", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 981986270, "indicator": "215003bf1f71e0c76a95229ba06c37d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567405, "indicator": "2196ff244731dd77435a76b110ca1901", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567406, "indicator": "21c0027924a5a4a70cd1e61220716224", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567407, "indicator": "224415658b7fe419d28d7b15923f758f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567408, "indicator": "22848fe2de4424fba05954bd93f39aee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567409, "indicator": "22a83ea7860d797c5b488f7d4fd13dfc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567410, "indicator": "22b94247c622416e1b6fa185e768a999", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567411, "indicator": "22ec108402312a17f50e7661aaa19653", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612640, "indicator": "2310ec047ec1ea275e208abb75cf012d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567412, "indicator": "233f9fd4175c6f3428956ba2599075e7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567413, "indicator": "235aee2f7652fd5eb853846963058256", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567414, "indicator": "2370ff86c88a8695999e657961306f04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567415, "indicator": "23ab444e2dfd407fb24eb2e806b5064f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567416, "indicator": "2415cfdae18af743a384d4d71a12e8bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567417, "indicator": "2438d921d8a75f5bda9c5629746b84c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567418, "indicator": "24823a0b6d9e48e4234efd027161c0dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567419, "indicator": "248bbade477d88d0725d7d4ec48a5587", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567420, "indicator": "24a17b7ea137a2d807b91470bfa9cd66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567421, "indicator": "25ad24e3002a8f7fa2b2f5cdf3c1d7ef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567422, "indicator": "25f8420059da7e09adaf3f0ef34bb9e1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567423, "indicator": "260950489644e6a7e1db48d1145b42c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567424, "indicator": "260b768a03390af34cf4d91ced33fb0e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567425, "indicator": "26f89718dd0ac7af779ccf423aeee5a2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Dynamer!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567426, "indicator": "271bb70f638c6da5b53c3f18c2d350c0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567427, "indicator": "2750fa2f08deec072b71a4444bd5c02d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567428, "indicator": "277ada55027e622cb40e0073f3bf1455", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567429, "indicator": "27a9e1376137d9e24b82c01f6d12c802", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567430, "indicator": "27ee5787561b5efd058b43b75f9462c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243230, "indicator": "27fcc8580e2d2062130be62fe5923c19", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1012192642, "indicator": "28121046884d8bcd92ec89e9dd56d823", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080219, "indicator": "284acfeb8f427c3777a09478c7903c0d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567431, "indicator": "2858aec697d4d7b976e3214a17fce1e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567432, "indicator": "28bab50ad786b41a3cab0272bef109af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567433, "indicator": "292be3082c620ed488793547ccee40ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567434, "indicator": "29f4c6cf1897ed6c158f6335e0998a38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567435, "indicator": "2a02f52b64bb0b2ffce4fb81b4517c7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/Injector", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567436, "indicator": "2a12dc90e0cfa42cce055cf6956358bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567437, "indicator": "2a525937ddae91c3a89a53ee362fb258", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283672, "indicator": "2b0b05c660c33bb267f01b63443323bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567438, "indicator": "2bc802e5d658f573e40f008bf05dc9a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567439, "indicator": "2c5569857887adb88e21b6a563c296c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567440, "indicator": "2c8fd210eeeaead56efc60bd552f425e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696088, "indicator": "2c91f12293d5c3a57e610a6dca521e4a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567441, "indicator": "2cb6a808ead069a00eb7105d83b5d43d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567442, "indicator": "2cc7fc98e38f1e1b968a6c28fd445c38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567443, "indicator": "2d78dfca079d1ebe5885bc0bcbe2a217", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243244, "indicator": "2f1e681d4b9e7646ca512ee4d54917a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567444, "indicator": "2f2479075d2e0f79abbea95ceac8280b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567445, "indicator": "2f3039d152bc7b16e38936baf1f305ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567446, "indicator": "306bed698ed9a2b33c376c4668dcb774", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567447, "indicator": "306c1c1d8e3956165dcfe51cccac8d4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567448, "indicator": "3073fdd8a27bbbb93e7437b16eee74f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567449, "indicator": "308654d11ce75caad256847f366b3860", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567450, "indicator": "30ac7066c073e160a45b1199245776f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567451, "indicator": "30d9e0505a7aec02d4458788d418bd27", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251687794, "indicator": "30e4eeb4ef1bdf280ab0b6ae70090df6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567452, "indicator": "30fd06fb1cd1c0471294a9666ed401a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567453, "indicator": "31bcf3be8ba1aa74ca80ba4141e304dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567454, "indicator": "32077cd5c7fc1ca6a5133ed4d58f29ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567455, "indicator": "32831655372c8e6a3392a2cc8ab2da52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567456, "indicator": "32b4b36057dbfe68c7a40f29258b3974", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567457, "indicator": "3316d124b26e337d968f1a224b9dbec5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567458, "indicator": "33892009d04a01bad5a71e37ddeaca52", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567459, "indicator": "33a652fb271437ab9cef8c3be6e93dac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567460, "indicator": "33daa34937b0d3e0b6879f66ef4ef4db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:Win32/CeeInject", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567461, "indicator": "342eac015ea7361729f6fb1506ac4ef1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 456889446, "indicator": "3468e9349c0de79b3e5f926b8bb4974b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567462, "indicator": "3469490f6cb1c47fd1ff46c46224edb4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567463, "indicator": "34e123f1d645eb22eabf9a0468f331dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567464, "indicator": "3548d4c1812e0427c0366354ea0a976d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283678, "indicator": "3550099425b5c16cc1e500d133e4695d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567465, "indicator": "35668d4e0b695960ea55263ed4e62533", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080208, "indicator": "357c9ec9b89e3392235499295a191785", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080218, "indicator": "359bcb291f5b3091d9ddcedad3968d13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567466, "indicator": "35c539c31f3941cf932a36b4f0cb103c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567467, "indicator": "35ce38592a24b5bce4d0f55fd5d97688", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567468, "indicator": "35d8069116cb99907edea204f2b3b25f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567469, "indicator": "3617423f6a89b3ad0877d460c7b20cee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567470, "indicator": "368de64cf5f02da40177692f8338632e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567471, "indicator": "36d7acb7eb7269372bf497cf938a3cbb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567472, "indicator": "3744ffc1f6219702ac75d05265b4c092", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251687797, "indicator": "38316406bccfdd6adcf10f26755cecb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567473, "indicator": "384209ca082bb1491ca8dbf6b7fbe42a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567474, "indicator": "38922c07375c89b273826f06ae07eacf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567475, "indicator": "38c1d0f4a0cf2f1018a1cd5f2b7efe86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 577363259, "indicator": "392d7d7f1914dd823d01554471881c42", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567476, "indicator": "3964cf3ab76eff59b01d56834853f32e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 753098579, "indicator": "399a7a0415b1576a0c96a31ffad473a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6531761-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567477, "indicator": "3a4ebd985931ae9a06bac0ce3089464b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567478, "indicator": "3aaf92f643da3bf4d2f6629fb37716e4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612683, "indicator": "3ab130e6071654a94220d865320dd2cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 981991757, "indicator": "3abe771de758841de8b767a6b0c3092b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567479, "indicator": "3ac8081868d76f90aec771ed31cd1df0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 889045466, "indicator": "3b2e584d484105e47701a19c339bbb5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6541421-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 2628604099, "indicator": "3c5a11e90d54aa5bc872c806ff955897", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Swotter.A!bit", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567480, "indicator": "3cae946269d800794c61852fb9326ba4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567481, "indicator": "3cafd575aa5bdb97dcf50fde2b0d3945", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567482, "indicator": "3d35bceafb5cab4a90a4ba4eafefd56f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567483, "indicator": "3d5775e17dcd2be5f54fc3d62a47cc2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567484, "indicator": "3e0792a9ce5c78a1af3caf20fd0b73c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243242, "indicator": "3e71b6ee8bcb3e414351f6efd62ee26e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567485, "indicator": "3ea71c153fbbc886f198c222209205d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 700485737, "indicator": "3f2edec5a187022818f166403d7e6ab4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_ConfuserEx", "description": "", "expiration": null, "is_active": 1 }, { "id": 820174333, "indicator": "3f607dd499ee05f38c0966ec0d070f9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 2889835840, "indicator": "3fdde32236c52d21458ce2ae4c9b48d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567486, "indicator": "4020403d9c172c650173c4a982172dea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Fareit-6626679-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567487, "indicator": "4037f4b612bee8377a8b6c5d854fd9d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567488, "indicator": "40987d067a2c1a61fa383fa236282825", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567489, "indicator": "411af5291b33f3178fed1268c70e6a8a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Fareit", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653588, "indicator": "411e91cab228c3ae34df4aafe8632b6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567490, "indicator": "4147b9d3f947f2b4a26b44cbadc4a317", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653602, "indicator": "415b292dc523219af9ecd87021d7bc4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567491, "indicator": "42135acea2aab33cd0c753da9ee96915", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567492, "indicator": "425b5ac006d355a3e73e374be54d4a10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "autoit", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567493, "indicator": "42a5847e78333208bdda7656606eda33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567494, "indicator": "42cf82b912f67bb7de92080e88c51796", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567531, "indicator": "42cff29ce07f9ff3db0eea051e80aad1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283506, "indicator": "4311cd01ecc9c82910189123e6ced48e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567532, "indicator": "43dc4222222d8f158cbb688a77f9bb84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080214, "indicator": "442cb3d02405a68557c7fe286c8c5b8c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567533, "indicator": "4437a17a74dcd59a2596402839638080", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 1012172512, "indicator": "4471b941c72f3ea1188e814bc569b66d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567534, "indicator": "44927b2d92257542991b43867a002493", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567535, "indicator": "449986069fa050dc1580db6f5ba1dfca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567536, "indicator": "44f15583eb6340c6547d45b0efe9da5c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanWin32Comisproc", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567537, "indicator": "4530f628939583dba37a6b16208913a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567538, "indicator": "453fed613f8bd49395a7ad5b74072dd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567539, "indicator": "45871ed002cf2573df1905dba2b276fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Pynamer.A!ac", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567540, "indicator": "459af512b18a6b60156d45bad87e6c9b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567541, "indicator": "45a33ccbd58c5e6033e758409c7d8d2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567542, "indicator": "45db18b51d1fc5bfe18d6edcbfe6b8ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567543, "indicator": "45ee638b365d975b9e624158e5485377", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 753098564, "indicator": "45ffbc2246370114800afa15ba43b3db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920551025, "indicator": "462b767e71149ee7d99e089a3666134f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612939, "indicator": "466e7bf9aa3b30b78d01d51494d481d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567544, "indicator": "468e125242b464af3a64841bbd0a3ae0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080212, "indicator": "46a1e489cc41b2a97aa9d2e9d91eb300", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567545, "indicator": "46a770c1a77bdc368278bb48ff1a1efd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 995514981, "indicator": "46b255cb008d99da1d0fe1eb51006a6a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653597, "indicator": "46ea537c4ab0355221833a62c8ea09be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243229, "indicator": "47453de7bce1a7771933374ece533246", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567546, "indicator": "47a1c122bbb08ba3f2e441b380221f3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567547, "indicator": "47f0e070b3a2695bf74a32d60e0835ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567548, "indicator": "4813f9463dca4ef614038d2c0ca6ceb5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567549, "indicator": "48159a39e517694cd35dec553de4ee04", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2564718413, "indicator": "48d658d7227ac6b9d4223d37750a8136", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567550, "indicator": "492cdcbaabfdbcab9496a10bf2ca3850", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567551, "indicator": "4937fbd5ddf5ed1b06d659ae8c1fc687", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567552, "indicator": "4944ddec80a65079967f1f5ea8d64717", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567553, "indicator": "4958f718d47061f2e9e2064f8ac94e06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567554, "indicator": "49880bf08ccc31c645d6b1f2148688bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567555, "indicator": "4a61996356d0065a9180e4924dd77aad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567556, "indicator": "4ab0efbe6b707653d5dce072efd71420", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567557, "indicator": "4ae40ebfad9b8b2a3036f6897ee58be6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567558, "indicator": "4afa81c82a411ac7a7c27e8b3502f695", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567559, "indicator": "4b45374065a61d4a5335e780742b9125", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 1352327131, "indicator": "4bf241b7497f8c7df0850ffb21b5c2ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567560, "indicator": "4c12396f42047da0079742f059a17c54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920550991, "indicator": "4c153c44de8ed3cac3954f7e997ea8f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567561, "indicator": "4c6c732207f5c124e4a89497a51b3f50", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 889446838, "indicator": "4c9ba0d0866c696877c12a24b7efaa7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567562, "indicator": "4d0934790692cf1276830393ae1840a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567563, "indicator": "4d279cb73cf811df4779dcd1044f45ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567564, "indicator": "4d42c5bf1c860566f12b531c13e57b6c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567565, "indicator": "4d796bc9fd0e0e8f44ab5154dfeb0777", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567566, "indicator": "4d8258ff2177e7a3ab13a10cda092ffd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567567, "indicator": "4d973baf5dee3ae1c65fb0c48dabd3c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567568, "indicator": "4dce5b84c18684f38cd13a52d675b1f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567569, "indicator": "4df3af143890091cd2114a9da7bf661c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 981992133, "indicator": "4e6bafcec589088de1311aab0d183732", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567570, "indicator": "4e754c7d8e666947ac3004f970fb7551", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567571, "indicator": "4ecf3af3b291a66ae34c4f9bd31e5314", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567572, "indicator": "4ed742093b5db4f53df9fd6563bec268", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567573, "indicator": "4ed9191a29755525b1a0193454d1aaae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567574, "indicator": "4edc03c964a81fd053d4cc1314b9c4c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2113746585, "indicator": "501efb407eb752a533e52557091bdc06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567575, "indicator": "50564f7bfdbe6f4c7801b67c3a31cfde", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567576, "indicator": "5093a3c12de9ebef95ab728caee3f0dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 858122936, "indicator": "50989eaf5f6b438b1fca90fd2f96d7d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567577, "indicator": "50e392c1c2ea4a3ff5eeac4bfaf24249", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567578, "indicator": "512301b4f2efd32eaf60a8cdf52b809e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567579, "indicator": "5188c68111b11e6e59cadec32e3054d6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567580, "indicator": "520303fbe4b35814e8aa3ae6b1a5b10a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567581, "indicator": "5255391606f317a42c4f967bd7b29f13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567582, "indicator": "527b56c74b5106ee36e6e4ec098ffa53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567583, "indicator": "52de0906f129b1eb5ab6d79239db6e7d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243246, "indicator": "530de6679b4252ee610f981f5733df2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "", "expiration": null, "is_active": 1 }, { "id": 626157313, "indicator": "5362d9be25e90cd06ba2b5be83b952f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567584, "indicator": "53c25074a983e0c15f27a7c7fdd1fce2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567585, "indicator": "53ce86cf81a90b586e47a623ae7918e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567586, "indicator": "53e592d0ed2274c7062aa5cf31ba1ca6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576538773, "indicator": "53eaf462feca7cec01fe54a6217f2c58", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567587, "indicator": "53eb377aa14c4aa13420779024ebac1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567588, "indicator": "541e971bd55a3659da4da1728d6b646b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567589, "indicator": "5428c14b29d42c09074ebd4bdbc7bb39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567590, "indicator": "543839a6a0f6addfc168ea99b60d9c2e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251668627, "indicator": "544176a3ef0df4bd9f01335065494d78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080190, "indicator": "545c705ec16ae70355113d0ee3aea3c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567591, "indicator": "545fd616580823509365983a20c60695", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567592, "indicator": "54621e21b7ca8355b44f742ab6842e31", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567593, "indicator": "54bd85a70e8e3a29c093c26090336cac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567594, "indicator": "54e26710be2c36c495584e29a527fd60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567595, "indicator": "54f4a94233384e1711921e74e5d2fe4b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567596, "indicator": "55321159394c47eee896ba0668abd1c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567597, "indicator": "556dc82d39f06a7e80dbd8565f533f4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567598, "indicator": "55888d7c8305ccc5d2547f02ea5efe1b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567599, "indicator": "5647270ac9078fa9ab9136485c9afe9c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243228, "indicator": "5663f496c57b04d44848c99484ea0749", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567600, "indicator": "567ed0ebe516fda3aa569c7ba063bb29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567601, "indicator": "568a2138f5eb1984d11275cfbecc7f2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567602, "indicator": "568c0520c2e1faff71e70372c52857f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567603, "indicator": "5698549ab5177a527ad69eb235f445df", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567604, "indicator": "56a78d11c54d841e4996a483da485241", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243227, "indicator": "56c76c8c355fcd589ffd4c107ee176dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567605, "indicator": "56e2de37fb25409b9ddfe26064e1499f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567606, "indicator": "5734675e8cfa102223cf43c348eac1ca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567607, "indicator": "57fd539c596afff2a97e2a0789d27ea2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567608, "indicator": "583025443acb06353c916d9b35264c6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567609, "indicator": "58574b6dc105478f0807ea148349c59f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567610, "indicator": "586b4ae29cd383773d854e2a6cbea88b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261261152, "indicator": "5887b91d18c1f4c655c2ff0b1beb224e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567611, "indicator": "58d96829e9231f5dca93a81b9a6c99b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080395, "indicator": "595647a0c62c25da84594411de42bbac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567612, "indicator": "59b5865ebfc97a5f60613ec1215a0cac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261941286, "indicator": "59cbe5e53a646b5b348fd642c3e892da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567613, "indicator": "5ad186d503a5ce6db2c8ef5e13723154", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653601, "indicator": "5b2e84e924cfaf0da3776f40bfffcd39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567614, "indicator": "5b873c473f9b1065f24e93ecb555b816", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567615, "indicator": "5c31e3517a0608099b2eea89aa495a2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567616, "indicator": "5c61b3f928b96ad5f1ca0ce115074454", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567617, "indicator": "5cc5228afd9932563845bf788e4e073e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567618, "indicator": "5cf7e71afb03fd9d94f1f1ec5dc6b5e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567619, "indicator": "5d89a28d952611f9789b69061b53a297", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1241140454, "indicator": "5e0d6f47f34443ee4a08f0458dbb58dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567620, "indicator": "5e1e0f573490a4d5e3daed2b4ef597cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567621, "indicator": "5e40ff4f7d71c5d7f15f3658f7f0f3e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567622, "indicator": "5e5cb33acff6aa9dd06e76c73c0fe6fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567623, "indicator": "5e917607f099f1f87c54e33c18a3d814", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576613993, "indicator": "5ef4676583d059a9f96d68a8e60a43f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567624, "indicator": "5f1971854a41c86d3361f8c036333534", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567625, "indicator": "5fac5a5d1efa44bb670df46fcbf7ddf3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567626, "indicator": "5fdc9394bbbecb8b59b938877a6f067c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567627, "indicator": "5fdd42eb4999b5be57f7494bedcab7d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567628, "indicator": "60717f962cf566db2b953eb48bb8986e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567629, "indicator": "6097232bc136d0af5321b7be782ade5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567630, "indicator": "60ab3fcbff5ea61c6f41b411420ae42f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243247, "indicator": "6101070473d96f772928247a823dd17c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567631, "indicator": "61541588ad05a591a0c1654f503b9cd5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 858051553, "indicator": "615564426edb3eb524eb2d8c617ed750", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567632, "indicator": "61777401f2e7f5899fdd194190798850", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567633, "indicator": "61e6f38067875e1f33a0de5d254fe760", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567634, "indicator": "621ca530b31267e2283a49784e554568", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577362882, "indicator": "628054cd91b51ef2ca44b03e3c631522", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567635, "indicator": "62a0764a834cb504ca6c6f5db402a986", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567636, "indicator": "62ad12f27b6b39476b97477b09eb6289", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2564715503, "indicator": "633c197f7a59d065523d49e819051ef0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653596, "indicator": "6346ba76e06d08c78a987e1f85d02d6e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567637, "indicator": "63aa62ffd0b9aaaaa543fed0de19943d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567638, "indicator": "63b8cccfebccb79a7bdb7e873e73e136", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567639, "indicator": "63d4d8a277f530503a77b59d9e6066f6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567640, "indicator": "64ba11b6f3e178384c0b1ad9bd523d05", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567641, "indicator": "64c6d554b652daf67ebbf48a7e48a322", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567642, "indicator": "65498e48e2128fa3363dc953e40ca73f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567643, "indicator": "655f0fcbde681fd06068492e0f83d1d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567644, "indicator": "658fd93fd4e8aaf0510bee2c1af6c777", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567645, "indicator": "6615e0316f0f587a4df66d0fc7c21203", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567646, "indicator": "661f58038889bdc2ed8eb8d8dcbcb449", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567647, "indicator": "6633c99b2c5bebfc2b32aa2c3d8667aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567648, "indicator": "664e48fcd0df81f9971482d05d0d5da6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567649, "indicator": "6653234c3abaf0ac582d7078afd20b2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1264445721, "indicator": "6675f4f4e11a193eb3898a156355b675", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567650, "indicator": "66cad424c693841c258a8db0f7469016", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567651, "indicator": "66cc8bc5815451e17df0e366b4c0acff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 625208380, "indicator": "6758cf895e98d725c78d821f1ab0af6f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 884806056, "indicator": "68355b1dbb91180c59ca755e0834b46f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567652, "indicator": "687ddd53b6c273583e08db1698bfeabc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567653, "indicator": "68af5204d88863e0de71483e4ba1d0b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567654, "indicator": "68b7e1b88443f19d5f4c81c3a046f364", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567655, "indicator": "68f82a9f4d90cb41bb11a0767df6b8ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 626042442, "indicator": "691ea1f99ccaffa5925d8a49a99a4aea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567656, "indicator": "69323a5d105ac45e693296ef861edf57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567657, "indicator": "693d23d7689ccda89f6a17685f47509f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567658, "indicator": "69b3e139bd4ec98d75d238581f3bd8ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567659, "indicator": "6a1bcae3c0a5a24c5097df4bff9f4e54", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567660, "indicator": "6a7c5469279ec6c2a60aadbbfaa22a3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567661, "indicator": "6aba46deb6446424f483f5a76cb16968", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576613323, "indicator": "6b07cb2baa92d8627abc33b31fc110e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567662, "indicator": "6b58c510dbaa9b96f489d8049eed07b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567663, "indicator": "6b8cd9d27cbaad504767745319947d67", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567664, "indicator": "6bad9b4bc18bce120411c2f7b45086d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567665, "indicator": "6c33ee9c5d694b6c110d60b22b9df31e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283677, "indicator": "6c3ba4407cdd924a0d74367bfe9cde8d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567666, "indicator": "6cb5088c2fc1a67d009bb2c1b8f4f1a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567667, "indicator": "6d08ad768e2d4316efdd1f97350efc78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567668, "indicator": "6da8891fb800ab69248ab7fb447e8636", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567669, "indicator": "6da913bb8b1530aa3787811dcc41974f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567670, "indicator": "6da9195325ebd47ae55e98e97eb9505b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567671, "indicator": "6df5122075ef74ff4668e4905f874078", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567672, "indicator": "6e412aee9808db9067fa7d933bb0df2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567673, "indicator": "6f46fcd8d0508a5b87d3cea98b8ec1fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567674, "indicator": "6fb9822d9d6bbc93c0c24750baeee3b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567675, "indicator": "6fc10fd570bd65f39c8b92151805e6f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567676, "indicator": "7055ae046be54494475198feeaf56488", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567677, "indicator": "70b918906228dd75fd1838724a8a75be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567678, "indicator": "713e8df6bd82d3260543d0d969905d5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 884806071, "indicator": "714d79cdc9f3c5f8315205651cb9a2a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567679, "indicator": "71825921694c9cca26254822eb1517cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567680, "indicator": "71a2b70ce1566a8af13eac2fb9d8a2f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567681, "indicator": "71b4a5db5ed0cc39a56159aa82ebfce0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567682, "indicator": "72a63f3686097bc752a144e46f421791", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567683, "indicator": "72a984d7783da1ff59f49b004ca6830c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576614037, "indicator": "730731a92eeaaa8509874e6babec86e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567684, "indicator": "736ab640582e358c4e60e9c96913ae70", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567685, "indicator": "73ff87baa7a80c97896c79c73ccc0041", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567686, "indicator": "741e507930cfd9a81c9d50ac9f3ad4d7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567687, "indicator": "74387af971f88c9a3c9cfc8ac23e15b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567731, "indicator": "746b288b2ab3a549259f4e8203a311bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567732, "indicator": "7479e969cfaf71d925c88f73389d3e98", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567733, "indicator": "74dcb7ba2cd0d1265bcd0c2853b23af9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567734, "indicator": "74fe89f1d03c1a17dae825ceebb6e427", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567735, "indicator": "75183c351679255fd2a0f1239b6f4a1e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567736, "indicator": "7571d9ebe44a17948813969147243a5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567737, "indicator": "7588b8a11c340707f3389eeedea22af7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567738, "indicator": "75e2f4a84c094c637fdea7916c320a99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567739, "indicator": "760a083997acff0ca21a778db3596bf9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567740, "indicator": "768539bbe2c156d231a0d285c859c706", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567741, "indicator": "76ccd4a2423848647fbae03092b8ffae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567742, "indicator": "77124ac535d7fad90fbf6a064f1275ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567743, "indicator": "77354af20e83223c472406a7dca65e0b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653592, "indicator": "7740cde53f28464f220fc6d7baebdf26", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243225, "indicator": "77a3cf2c922c0def35fca4d4ace786fe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567744, "indicator": "77aaaa90e3c069711a9ccf48bd2eddc3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567745, "indicator": "77d4e4100e6d3479b6aa1cf1f4b69f1f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 858125753, "indicator": "77f2c6013c2125f24104ef277185ce76", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567746, "indicator": "7845c0747d5d7b542ae63a2f7cde17da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567747, "indicator": "786d1ffda4e9adf5898d5f385a2db40e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567748, "indicator": "7883835d2113076d06ee9ed31c8fbe36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567749, "indicator": "795383cccb9630301f4332085b6880c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567750, "indicator": "79aa2b8dacf7b786c5d1c84ad5bd7b83", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567751, "indicator": "7a796024d70f36e7ecfc08f3bd075ad0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567752, "indicator": "7ab234a1e2a51709c9e3bc8a01d05c1f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567753, "indicator": "7b2abb58c2a6b2407934996fde05d8ee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567754, "indicator": "7b40296f3d68f9dc4f580cfd3a803eef", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567755, "indicator": "7bd4aa2c112ccffee7efbaa419fa5cc2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567756, "indicator": "7bd633409485790cd9bc06b13b13926d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567757, "indicator": "7c1ff03d7f14a5eabd43873bb4971b5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567758, "indicator": "7c731a343fbaa0e0a35bf84a420d02e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567759, "indicator": "7cf3aecad9d39a53f50786d6a8027029", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251687796, "indicator": "7d0a91ea4f3970d57e1a84f3b0f99b5c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567760, "indicator": "7d32f9fd66cf9e55b7def63f9bd006bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567761, "indicator": "7d4f563107c00f2dad4ec11ea9054259", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567762, "indicator": "7d652bafc89acd693f0a6d940cbc57e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567763, "indicator": "7d9b4b04febe9b5e68112e167698025f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567764, "indicator": "7dae51e77f5af7382cf9225c82ecfb60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567765, "indicator": "7dc7dacb6f25d53aa2decaffea34756d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567766, "indicator": "7e0adc3bf2a44d793a6f5d7ab55be54c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567767, "indicator": "7e30b1f6350256a7cbc819965546268e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567768, "indicator": "7e5061c76648f3e418125a918e21bf38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1082917550, "indicator": "7e9b2280de5e47e291c5f993614add13", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567769, "indicator": "7eae20fe70d7cd05aabb65daa1bc3b36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567770, "indicator": "7eb835c54555e15b81e6d40c773ed29e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567771, "indicator": "7eff518141e7a2389e35a84f0150d385", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567772, "indicator": "7f51124e0d15008cacd0a407d2ca9bf8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567773, "indicator": "7fa30ac1337bbff5ff89c2ee3da686b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567774, "indicator": "806819b169dfcaa962d7f5c32c03a0b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567775, "indicator": "807cb9c66244a22b84ce6d89ba58c0eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567776, "indicator": "808b2b001b985185164080592d5cd070", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243245, "indicator": "80ab14c48dab10326e4a2248dd6a44cd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567777, "indicator": "80bc03207de8de3451ba66571e2740f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567778, "indicator": "80e4e06cb7ca424b0915ca7c3c0c839e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567779, "indicator": "810dc22659b6d0451d9e630c79ec27a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567780, "indicator": "8181a196f61993494d896d9d3b5de72c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567781, "indicator": "827137fe4802dcd945b5dcef27918761", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567782, "indicator": "828e0fbb16f93615b6469946e7f7c3ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567783, "indicator": "8337d48e68802bf418a2e00283ab1914", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567784, "indicator": "83401e92df749f28fc1ba09297c42a0d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567785, "indicator": "835b6d5d8e3195308479a927dea3e1bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567786, "indicator": "836f6f97aaab695e9991143e88e06fca", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567787, "indicator": "83dec16330830441399a328cae751d5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567788, "indicator": "8403d825737cf0952867d3c0dbed604c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2224618754, "indicator": "84a44f6cd793ac944eb64dfa2beef098", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 617027859, "indicator": "84cd4f189d1ed2dec65eeb3f4f0cf643", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567789, "indicator": "84f1afaa8b37ccc9123c9f95e6cec951", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567790, "indicator": "84f1f621d49f3492bb3fa019f3191435", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567791, "indicator": "84fd2dc16eb03a0ea2a09db618c1f914", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567792, "indicator": "86210e53ed1942ad6dac5bb9c0844290", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567793, "indicator": "862a4f0a49f5694ab1faf8c1de3a9fa6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567794, "indicator": "87118026a18dc2cce820ed92cc57171c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567795, "indicator": "8725169225ddbdd7f2066726531ea327", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696318, "indicator": "8769c8e156b689fb0750a9747df11f4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567796, "indicator": "87add50729fefa406ce8045d94350ced", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567797, "indicator": "88571c5e4967fe456f6b740e02382aec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567798, "indicator": "88a209f2517dabe3856ae013a2055590", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567799, "indicator": "88ee8b6517a6e096bed5a288caa75739", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567800, "indicator": "88f9d730d9b87e57542f5a30a75166ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080408, "indicator": "8a6f4b37ed36ae1d6035868ddaf6d2b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567801, "indicator": "8a872228dfcc8b3060c3d694d36e4976", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567802, "indicator": "8a926a88996a9f0b864fc57e87bdbbb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 819647023, "indicator": "8acb1a113d20530f501fc371622ff0db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567803, "indicator": "8aecc8eb275e4fe3055858f5865429f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567804, "indicator": "8aedd1fe9b90c26d82bedb47241fbfb9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653591, "indicator": "8b2a645f67f155822963e3456fc4f157", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567805, "indicator": "8b54211cf8a4cd5621bef3464a4f74c3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576613765, "indicator": "8b9eaf7a43033ddcada3788878d60665", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577406202, "indicator": "8ba0e481d0d2a76c5969c100eecaa176", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567806, "indicator": "8c44875c81f28ac9c2a485a8c77618fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 981967708, "indicator": "8c7c8cec90f4e9afdec9358c5d5d7881", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567807, "indicator": "8cf1c74955a561ce883a703b1faff789", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653594, "indicator": "8cf518e7e34e5f6754f5bb603ed1951b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567808, "indicator": "8d6e6213d80c43cfdf42b1ee27037634", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080206, "indicator": "8dcd15544e5a9a2ca1ea6cc99ddd3d1b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567809, "indicator": "8de596c34035b3f6200220df539239da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567810, "indicator": "8e0c537b0535a4205c514f0496a71162", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 785954036, "indicator": "8e69ea463e1a3f4d6db4172b62be0e2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567811, "indicator": "8f370b92b41b9ab648cb9b21cefbe82c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243235, "indicator": "8f7a2c370e6a766a3db75f41ac32ad19", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567812, "indicator": "904453e88a179fcab967e54eefbf4c85", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567813, "indicator": "9077b8e82ec01047b2a7e4c6cffea50f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567814, "indicator": "907f7790256f4b5dc9f798b5c32aae14", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567815, "indicator": "90ae451b03968953d50df68285784cf8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1242422205, "indicator": "90ba18271015f9f54c4151351cdf859f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251656446, "indicator": "90c03126881ad731686a06029ac8c439", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 637281833, "indicator": "90e4ca1462772c64f4b40bd6d436bf92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567816, "indicator": "918324d01bfb4f434b54467f649f2b43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567817, "indicator": "91898b62840b11845adf7020934da1ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567818, "indicator": "91c996f1866cb646d34e4ca052f42ad7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567819, "indicator": "91cbc286ead69dea4234212379a51fd1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567820, "indicator": "91d3b798f050eed56b42bc64b3157860", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567821, "indicator": "91f469fc89ea81cb59d930501d693c3c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567822, "indicator": "920c55a53d060cefe1bed02a6e154171", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 307525407, "indicator": "928053a1c0d3a9b9f9b8012d5266f424", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567823, "indicator": "92e0f4b0b4cb094bda52966982f552a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567824, "indicator": "9378d6cb44dccfe754b15a6b2a1923dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567825, "indicator": "943dfdf0cb1cd51076480b836bd70601", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567826, "indicator": "9444d9e865343c180079792832c1b155", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653587, "indicator": "94eb32ba0d7b02c1d680bb967259ecd4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567827, "indicator": "9555d8d43446954253e08d0aecd286f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567828, "indicator": "95f99d56a855cc512949de89564ab528", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567829, "indicator": "960573a2212d5c786998791e68679f6d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567830, "indicator": "96828ba6c1491266e5329a2b4ce64b06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567831, "indicator": "96bd4b8114e4705fe3c92c77dd9f37c9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567832, "indicator": "970bc40c111a1628c95c85b9c81c5ee0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567833, "indicator": "970d82ab514f4f79e826a5c8c91abd7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567834, "indicator": "971c5a07a3bfcd5b9f991e05afd39163", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567835, "indicator": "97968e77034cad84169fcbe2e9bd1d43", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567836, "indicator": "97a4a5fa687287e4f0bd3c7e6dc504b7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567837, "indicator": "98137e4099fedc556be4e087a6d77b1f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 617339425, "indicator": "98215e47c2907bbc2eae27a5169eaa5f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567838, "indicator": "98a449fa45c53e795f60ee36ae6a822c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567839, "indicator": "997992a02e9fc6978d1c36ebb49b76e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567840, "indicator": "99afda6820e000917b438a94d86a2300", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567841, "indicator": "9a5fa7aa46489573736c3951e0845b10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567842, "indicator": "9a9f367c9a3982dbce97a5ec6b6aaf36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567843, "indicator": "9af78b2d17b36e565a8fe7574e8d3f5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567844, "indicator": "9bab69e22d2373372eca347c383ebf63", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567845, "indicator": "9c1b6430a208c9307c6c3c9cb5045e2e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567846, "indicator": "9c49380fac112ec75278b2f2897c9559", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567847, "indicator": "9c91ee3d929fdb1217b57056e90a9c7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983701469, "indicator": "9cc28c693974f62421618f315fa972a2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577541223, "indicator": "9cee1922a9357f597a47c56067826b9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567848, "indicator": "9d9e9303d3afaa8af33a331e61557288", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567849, "indicator": "9e33b39b9989fa71a3c423441ffeb1c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567850, "indicator": "9eb737c73a17f6987314249497d9c909", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567851, "indicator": "9ee8f249c8013264550fbc16fba90408", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1512243732, "indicator": "9ef44fa33b568e23ae326b9e692ddfcc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567852, "indicator": "9f1f5053ad9de9410688ca6363391d59", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567853, "indicator": "9f300dd0703e833095e454cafeaa29e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567854, "indicator": "9f74302910106a5ed67ea6b0ba56381e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567855, "indicator": "a0026b7e0006aa54d87d561304c83ede", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567856, "indicator": "a053f5057893c5a7fef3e28ac64532f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567857, "indicator": "a07d5ac32e1950e6033ec13a7e1c3af7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1115447665, "indicator": "a0fe205ff227bc0d131e60d2ba936d41", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567858, "indicator": "a17e6b97df04c053bc3221f0ad830d9b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567859, "indicator": "a1bf81348819dd7904fea2029150e0fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567860, "indicator": "a223f2e033e1a4d280764fdccae15fcb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567861, "indicator": "a2f3940682dc120a0fb1119c1ed52767", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567862, "indicator": "a2f4d5558e1daffdbc93720f5537299d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567863, "indicator": "a331cdf805316d6206d8f86a4e72797c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567864, "indicator": "a36089092d4acb9f848160327dc906fb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567865, "indicator": "a395ddb85a1b3519fe4d5e00ab61d527", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567866, "indicator": "a3ecf903e0ee1f392efbd7af61062032", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243238, "indicator": "a4096b88393dd71893804ef3d8d738c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2671627894, "indicator": "a4380ad25ad1372541c7e246eefcba35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 889389679, "indicator": "a497aa958cc456a6dbf599ea76f897c1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567867, "indicator": "a4b96441ba6f4ade3d54a70430db662b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567868, "indicator": "a4cb5d3cd92c3650d9115e0919fb63ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567869, "indicator": "a50b1ee0d2ed63b34e87e4fa828f5797", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243223, "indicator": "a50d13a0b873ad81b58af0b003a1888e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567870, "indicator": "a5161cd7a30aff3cea81a1e5fab6b8d4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567871, "indicator": "a532a048246d7117c52d4e279b1ae399", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 623151899, "indicator": "a5cf7e50b10f9854a39fbb58e35b4ba8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567872, "indicator": "a5f1619cff2ca27936cb98d7316b268b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567873, "indicator": "a6c0359828fab988d8be4e2d9d677dcc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567874, "indicator": "a70b547506888862bc2ab8dc84b73e15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567875, "indicator": "a79dde41084394fcb5935eadfe88335d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2224618555, "indicator": "a7cc783c2599b761c3be6d6f619a3f33", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567876, "indicator": "a7fbbe56762a9e3e805e827832db86b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567877, "indicator": "a81113c068032881f33c719e44df20bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567878, "indicator": "a8823e0d9b245ddc78fcf4782efb3194", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567879, "indicator": "a9298d47c5621b9be12878e2a22f7622", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567880, "indicator": "a9e0fb46e77c8e35173a2a3d8abbf637", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567881, "indicator": "aa0b07cffe3099ab761892eeb8e24b5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567882, "indicator": "aad64bc2eb079529941148bba51f423d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567883, "indicator": "ab32d287c7a7c9333dba8672ac290c38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567884, "indicator": "ab5719fa3e6aa3b913b51721cc4a120a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1263382691, "indicator": "ab7f08bde7911df1fb76d0427250f460", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 820100347, "indicator": "abbed9168370a7cb8eb8746adc0c43a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567885, "indicator": "abcc6422c4742479a56d8643d3377765", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567886, "indicator": "abecb7c4285366bffd50dea265f20127", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567887, "indicator": "ac479dd0133ad1669bfe9d8485b51d5c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567888, "indicator": "ac5f7b8dc197a4fa14e20790993fa496", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567889, "indicator": "ac79b42f0394f4f1627338ccd448bdfe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567890, "indicator": "aca385ebb6000b89152701f6870c1696", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567891, "indicator": "aca40e1f4def53eaeddf002b18364201", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567892, "indicator": "addf2659e114f5fadb30bbac19ac2c49", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567893, "indicator": "af2debbbd35a475c7ab8677869318514", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567931, "indicator": "afabb9546fadb433bbb72f2f1575c7fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567932, "indicator": "afddb94f9c8a0c06025234c89a927b27", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612494, "indicator": "aff848155fb6090388d6147ff867474b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567933, "indicator": "b05626498155a014709aecfbf6f867fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567934, "indicator": "b0a92e5989057a0254ec7d9ee00b25b6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567935, "indicator": "b0bcb2521a705fbccb49c41d9b0fae39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567936, "indicator": "b0c5208b2fdb695721c1921a69a3bc58", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567937, "indicator": "b1100c5ee26caf05fd746a9d63dc7627", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567938, "indicator": "b203040e92636d66bd5a5e5588b4a2d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567939, "indicator": "b2ae8dc45a5c035add11227093476c9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567940, "indicator": "b2bbb66f5ebccac3b3ccef14587de959", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 858039178, "indicator": "b2c6201fbf33abdaacb838ad410ecab8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567941, "indicator": "b2d43baf85a05fe54458ec6121e4c6da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567942, "indicator": "b31159db905d87586db00863bd20382f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567943, "indicator": "b32f301aecab33ee1c8e36e06937c986", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080403, "indicator": "b34f6511925adef2e813dcc4e78affcc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567944, "indicator": "b468e2b27ee52dfee73082ef4c25850d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567945, "indicator": "b50c0c22797745b3efefca6fb2dde963", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567946, "indicator": "b5218953e6cedf0a0cb03368f2889321", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567947, "indicator": "b5647b0866672d2cc1a8abfb03d86a4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567948, "indicator": "b5e03502543249d92a19120b7ac6df3d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567949, "indicator": "b65b13d75e1da305a3a7da1afa56ae48", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283511, "indicator": "b666d1252686bd4660dd27ca1ed0cd84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1843773550, "indicator": "b6c12d88eeb910784d75a5e4df954001", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567950, "indicator": "b6cb34db116c3847e79f5f3a8e0f3223", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567951, "indicator": "b6df17830a724184ed9d3b2bac44adcb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567952, "indicator": "b724154e473059c87c778e8bc7fb5555", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567953, "indicator": "b735a40d68fc70e665c3acf4875c1612", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567954, "indicator": "b772360c894f6f9a74e2f608d6b1e1a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567955, "indicator": "b78cf1a172ab553e54a45a3446f909c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567956, "indicator": "b8a777f62dadfdd09b17016e270ec2b2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567957, "indicator": "b8ab2e02a89509757b0eca8dae5be419", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567958, "indicator": "b8f3bd05ba309b145a93bf03c3f97106", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 266038098, "indicator": "b90355c0dd12bd74dab2ec2b6ad374a7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567959, "indicator": "b969e3d84699403c9dd470578ffedef6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243222, "indicator": "b96fb2b6ece415e48d50d09347b079d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567960, "indicator": "b9c8e7bd8c50dd78643d85a4808559b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567961, "indicator": "b9ed9b344f44baded2ffcf4ff2f59b3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1596534564, "indicator": "ba33139c639ed299f5b12ea5f23575e2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567962, "indicator": "ba5727f5f0f0b22f10d4ab68f5ad0d10", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567963, "indicator": "ba57e45de75a1c80a708a5e89dc58f29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567964, "indicator": "ba5e6b7d04f44139f864584c2b29af83", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567965, "indicator": "ba8f44ffa6de2593f108ddff21c7e863", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567966, "indicator": "baa74a1697dd9bbae2e46d8af67ad208", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567967, "indicator": "baaa04773033aba9caa67b90f42199ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567968, "indicator": "baf863123c47a8e786b7f25b2924b3d0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567969, "indicator": "bb1d741b3cd16e1e95e46a9896bafee3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2929300044, "indicator": "bb38a5783fce031e7902544b3a0ea4b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243221, "indicator": "bb5eb0318e3c64454305db40d90e1452", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567970, "indicator": "bb9c2ce7b30abe7c268bb3f285aa3a7f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696496, "indicator": "bbf0c048330e3d157f6dc738c8bace80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567971, "indicator": "bc0d9c5250c435e2b08aad396db5fbea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567972, "indicator": "bc34ea53bdab52335cc4fd52de36413d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567973, "indicator": "bc3891b9029229e2af500c6600cad6a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983701449, "indicator": "bc5867cfb12dae792a1352c9196ebb31", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567974, "indicator": "bc7b77e4a6946b1b95c1d49f6631a126", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567975, "indicator": "bcb96f399b59435c1dea11775fddd57b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567976, "indicator": "bcd9620d53dc0bf31bc0fce2b418ab8b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567977, "indicator": "bcddcf125ebc1dd97a393b1b02f43938", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567978, "indicator": "bd448ed9c8b1e367ea4f846bfc13c17e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567979, "indicator": "bd65430d5eebaf8c3b138c3eb687eaac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567980, "indicator": "bd816e3d3f328b6d534d012927d513af", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567981, "indicator": "bd860e28d4a5f24bf6a7304cdb75062c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567982, "indicator": "bd94ea0fed2bed9b84907e50ce578d1a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 626157343, "indicator": "bdac00dce7585f971f13f8d96b5e921b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567983, "indicator": "bdb0bcaf1a93bcf3e2fec3334800df0e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567984, "indicator": "be5c9f8e4e4e9dbaf848715da45cc4f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261925737, "indicator": "be811bf48e65cb47d62c92c42077a0bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567985, "indicator": "bea9156e0adabfa9d5e52d60542d9622", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567986, "indicator": "beb3ac9d7ab382c17db324f67d1fb1dc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251687793, "indicator": "beea1215d722347d85a69a56c7185b96", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567987, "indicator": "bf38346431c758df4bd99e3d4b5fcab1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567988, "indicator": "bfa36d239ed5e0bf919b3c074288465f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567989, "indicator": "bfb19fdbff00ccb4a01e6d1d6cff9bb9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567990, "indicator": "bfecf13fd24cabc666ddf599421c043f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567991, "indicator": "c015420bd6af5ec4ceb841217af682fb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567992, "indicator": "c02de7d699bf1402f66ab86d58dc9df2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567993, "indicator": "c03d1a32826e492be949149e8a410d61", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283679, "indicator": "c0528af613e3d8c08324a796b3b10ee7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567994, "indicator": "c06d57a86784c71e96de14ca72184c85", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567995, "indicator": "c0c962b338b1ee30a1bca6d37bdaa68c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1068286477, "indicator": "c1b0182d5bd23ad53c683d45ca42c1d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567996, "indicator": "c1e69901f7a492a85d2716a986f740c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 456889449, "indicator": "c26fa78766da89c0c66a59a4be1308ed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567997, "indicator": "c2ad1abe377511fa9dec2f1e396ca128", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567998, "indicator": "c302e31bf2c8bc0e2a6c455ae48f76b0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360567999, "indicator": "c310ab60a44da573b1e78ed58ad82017", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568000, "indicator": "c383e595d2b8467a98b829cd42d0212f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568001, "indicator": "c387633072d76393d722258ae2194862", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568002, "indicator": "c39d3d9490064547d93131f11eceb8ec", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568003, "indicator": "c439258fc6352b5a6d1853ea356bcfd0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568004, "indicator": "c4c63ee24c626c03d3ebbce9b996ad1d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568005, "indicator": "c4c9a248d294c5d98a5d6cf28ab57641", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568006, "indicator": "c4cd26618cd65160ba9724814e56613a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568007, "indicator": "c51f026c9d7e33819a7316931486f61f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080204, "indicator": "c52b1e7abac487cb3d7c32abafc0e2a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568008, "indicator": "c604f27c785ffbab49202bd4815a5856", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 678650624, "indicator": "c6516cfc541d1ca2aaeb3bb9354be19e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568009, "indicator": "c6b03dc7e5e4910302718964f67794d8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568010, "indicator": "c759f6951e76d2b27acc59ce64d0167d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568011, "indicator": "c78672db6f715b3d8d3a3b29c3bd690b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568012, "indicator": "c78b87c0725679bbc3558d7ea0401012", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568013, "indicator": "c7bd815bcb0ccdecc81a5fb9020bfdc3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568014, "indicator": "c7be25d5f74eec1e6a9cf25f4ca9b782", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568015, "indicator": "c7d298385b37d41d4f7f7c17d91d2362", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568016, "indicator": "c81e28ee2a38a65f0817abe5ce4296f1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568017, "indicator": "c84e38763fd674df76b34eca0aa6f00f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568018, "indicator": "c8886486af3ce71d6e0ad2345ccec101", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568019, "indicator": "c8b0cd8ea14e32b828b0a6064d008c53", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568020, "indicator": "c907e2351ddd1ff0a8f64f0155c2cd66", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 448543258, "indicator": "c91250a6ba94f93137c5a2fe926bc8d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568021, "indicator": "c916834bb560a7794e10669b6e621125", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568022, "indicator": "c926ecfd76d3bdf54dd3335d3548dd14", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568023, "indicator": "c953f9038fc6b56189c0b9cb7349c580", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568024, "indicator": "c9a696ae8418ba58359d61b61d3adf3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576612743, "indicator": "ca042a1bafd307db87cd634161dc8fcd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568025, "indicator": "cabc221f468f3b3c74e4cae610dce54d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568026, "indicator": "cadf03649a459b5f8fef51ab05ed43f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568027, "indicator": "caeda54dea86f70c09da69c5ae6460a9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568028, "indicator": "cb09f04e898843a9fbc5cd7e87c0fe45", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 576613221, "indicator": "cbe16afd8271b7b33b372eff5129c71b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568029, "indicator": "cc736a33b3a487acf2103e42fed233f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568030, "indicator": "cd038ece4bb0054293f83fe14cd9dc36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568031, "indicator": "cd1b516ebb186e7cc7b646ef3f10ccc9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568032, "indicator": "cd93d5cefe3d4d2ba9e0583c30a04852", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568033, "indicator": "cdb0fb687c9b75340d6d4e93f4cb7680", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568034, "indicator": "cdfb02757c7d2777da528310df0535e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568035, "indicator": "ce24b0789f783da6022543cde02ef6d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568036, "indicator": "ce363da67cf8ba0118efb19dfaf8d77a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568037, "indicator": "ce3d92a63f8d343b5812b7995aeb9370", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 980080396, "indicator": "cee988885eca7b564b5c99d793a3aa73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568038, "indicator": "cef2989436eabfd1d7fd91dfc984c8d1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568039, "indicator": "cf123d2f8c6cf7a88472483607163eb5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568040, "indicator": "cf87b1430d92631a9a926f02abf99ce0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568041, "indicator": "cf90d9961b012e81dba645a7d9f0d074", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568042, "indicator": "cfa76c4452423b8bebcf10b9692fab18", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568043, "indicator": "d037b436932f955f6cf55e8d79f7ffb9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568044, "indicator": "d11dc53768bb6809fb285db177c28191", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568045, "indicator": "d145bcced127ff2cdd65ec1784607bab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568046, "indicator": "d1546942574cbe9eb7509067de97236a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568047, "indicator": "d1921b6931285dd7094218625c9fe2e5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568048, "indicator": "d1f3a24d52a807c6f804687e19586af4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568049, "indicator": "d218b738ea6c7b0a3dc3059af5415342", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568050, "indicator": "d21e7cbd75310105e76fcdc0bbd0bdab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568051, "indicator": "d2690aa924d764cd7500da31b078c70a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568052, "indicator": "d2e63ab9a732be463c208e00523018f8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568053, "indicator": "d30f69a93e05ddb942c54cb8c98375f3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568054, "indicator": "d32a536db15f0b711422c643c83b1d2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568055, "indicator": "d3d2ae27c9649a16f377dbfa77267799", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568056, "indicator": "d3fc9753f78981e1e559d2e5eb9f72ab", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568057, "indicator": "d41280a6e0d472497a8786e84ca35eb4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568058, "indicator": "d47310ccad818c4acbe2f42b8cfe1651", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568059, "indicator": "d48454d88daa6028876f6505edaee2b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568060, "indicator": "d4920e174046ad9c740a07501c009acc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568061, "indicator": "d4addc71771aab03588807824cfff681", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568062, "indicator": "d4d3ecbc804b011f776beb5d3a348c97", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568063, "indicator": "d52f70e76afe8cae8b8d8b83a2f36415", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568064, "indicator": "d5b551f2fd484a7e753b9e5a1be50f98", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568065, "indicator": "d63879f56510e852a58710c22ac8033d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 889045468, "indicator": "d64d194bac88abed87520bdff09ceacc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568066, "indicator": "d699e0316ff32d7b7d551ad6abface4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568067, "indicator": "d6a3432a687c93bf1164da4ad9163d27", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577357459, "indicator": "d6c838a6046f171f3c6a795deabb61cb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568068, "indicator": "d6cabf8ccf6234a76fef52b30f60e798", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568069, "indicator": "d6dcd551253dd95dc6d8ef93ee52aea3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568070, "indicator": "d6e4029179449307f83ebf2f51822d73", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568071, "indicator": "d7d2f2ecdb1920f275aef8d228bdff57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1012193554, "indicator": "d7e9116970af7b3df8b0b24fe7d76f07", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568072, "indicator": "d7fedad434c8b6a9d112896006a072a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568073, "indicator": "d80284424e9d03c554ed3dcd8b0275d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568074, "indicator": "d815780e215877b04f76e83131354cd0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568075, "indicator": "d82931bf6f364a41d115aa08e96898a0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568076, "indicator": "d87dfbc745d3d9104eaf720fe2d67ed3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568077, "indicator": "d8813196d432b277dacfa59766938016", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568078, "indicator": "d8a713e9aed88093668ec0f19d54e513", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568079, "indicator": "d93918fcd8e0fe46b49f5f6cbbcab397", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568080, "indicator": "d9bf34c016bc0193bd18176e818ca386", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1261245384, "indicator": "d9f0fabb132ace5a7cc56349afa98ccf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568081, "indicator": "da169ac734e74db63e543b69e8c772b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568082, "indicator": "da26631dd7033e893de18c8d38ecf40e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568083, "indicator": "da2bccb8c3bab13bb93a150849843b25", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568084, "indicator": "da2d36a64dce4e0681f041570c2df87a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568085, "indicator": "da5a008f0940e51e6639bba673eed518", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653599, "indicator": "dae65f49724ca93d6e296f0ed2648ecc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568086, "indicator": "db0448999ab65eb6b3603c1689ba1609", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568087, "indicator": "db4d30f4161223a2724bc36af1178057", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568088, "indicator": "dbd658ba1934633233925dbf8d2c1e60", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 921472703, "indicator": "dc0e9d999a069b736be23872cce791c6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568089, "indicator": "dc12fe6a416a2369c63571425706b1e6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568090, "indicator": "dc2b5ca7d1d551330b2ae4986f368689", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568091, "indicator": "dc63107d0a4e023eb77312e4f20f18c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568092, "indicator": "dc6bd26069ba9f6e4cb8ec5d4e858706", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1220914867, "indicator": "dc6c3ba6de46fb9f83ddec935a606ba6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568093, "indicator": "dc98eee82ba1c73184127acdcbf6a911", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1440106899, "indicator": "dd284c82ebadd92320128776617642de", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568094, "indicator": "dd7cdadeae9b4ffc62ac460aeb0213b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568095, "indicator": "ddc9a7f2ef4771fc511db2012fefdecc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568096, "indicator": "dde5cae0320557dbc0d325f8c7e36db5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568097, "indicator": "de7ad1ecb5cd5dda3a04a8001f86bc36", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568098, "indicator": "deaee62e0564e697cad05f85b1d672cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568131, "indicator": "dec678490679bc8cf0884ac2b99da070", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568132, "indicator": "deee619a418c023514ef8b7718d90765", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568133, "indicator": "df6b2588e96bee741759572ccfb61bde", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568134, "indicator": "df6df7beb5ddd69abf0f037c56147303", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568135, "indicator": "df980f4b2ab2917282d3e6f9ff9a96a1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 626157340, "indicator": "e032007d5e7f0a3336d1741cdb90b4cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568136, "indicator": "e0b8e188f45f7ac473511679ea8896aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568137, "indicator": "e104ac164c5561f28d92770c6a4dc5d9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568138, "indicator": "e13db4cd16b03f1d2f67e18a4e3482ea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568139, "indicator": "e173ea72d01c0c2c4bdc23e9204734a8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568140, "indicator": "e1add0c2917aaf34236db315da09d8f2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696519, "indicator": "e1d3f6d3d6e3e0d4fbb240afdfab0c2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 627918770, "indicator": "e210bea37c15098364148cd0971bc7c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568141, "indicator": "e2621c1ea7681107d012382690efa527", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568142, "indicator": "e2661327475800ec74823601cb2ee6d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568143, "indicator": "e30d130d3c6d7f9e2f84320032565130", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 858038711, "indicator": "e3666ecb82584556a39520ea0e788ccc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568144, "indicator": "e3757132632f234b63f16afd6a741704", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1115661830, "indicator": "e390ca2c63fec92c43101e7b0fce2099", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2889835839, "indicator": "e39b293fc4758095f361034152d3b11d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568145, "indicator": "e4369b531af6476019fc31f1a6a1fa2c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568146, "indicator": "e43e5e35e29ccfcca6ae139e35704552", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568147, "indicator": "e44854540fed182dcb6bfb2374cf6e7b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568148, "indicator": "e47938995903c2792020e366716b4c38", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568149, "indicator": "e5c722769ce140f106cf53c9f1ef5934", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568150, "indicator": "e64ae7b975b197f4808d5e6176d3ec8e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 619577679, "indicator": "e6588bcc3c5cb2283ecd7a699f973b15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568151, "indicator": "e6ceb0a5b6b12db38cf3cc2de57f26f9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568152, "indicator": "e6ceb5134b56fa6a7edf3de2a6048a48", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568153, "indicator": "e70ba7bd4b4da8ab5044edd698e43c68", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568154, "indicator": "e7cc07a1704145c6843330345fd1ce0b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568155, "indicator": "e7d6855edda3e02e32076ebdca2608b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568156, "indicator": "e8535e4a24fd8cad68e2c1c455fdb461", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568157, "indicator": "e897aa6ad42487c3613536aa6afbdee1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568158, "indicator": "e98214b65d55987e5b20664225eb6d6c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568159, "indicator": "e9bc9efb22953351108dacddacad668a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696491, "indicator": "e9c2afd655068ffd23f7f046e3b90081", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568160, "indicator": "ea1d2342f73d62e6b454b6bc3645f7cd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1241140527, "indicator": "ea60262c0e1534f3e65873fc9afa17be", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568161, "indicator": "ea6c7814306af3cf8ac02b1f0e29141b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568162, "indicator": "ea776af4ded7a6c84aa5a97ed69e9dbe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568163, "indicator": "eb13ee3c92abd65856184112dc99d065", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568164, "indicator": "eb237a834a32fc3e0a88dded7e94f838", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1404909776, "indicator": "eb51a71c3dec3e0842bea82171b5f422", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568165, "indicator": "ebc77cfd3ff875ace467ef83133b83bd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568166, "indicator": "ebd2b797b574b772c80e4acf12d51016", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568167, "indicator": "ebe81e12df326722780e8359dcda8374", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696494, "indicator": "ec098b7fc3f25a4b58b09dc3ed64bfee", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 920653586, "indicator": "ec24eeddebd13cd2911068dfa65a9e29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568168, "indicator": "ec8cf21ffe220c705aea7aa3e4ba01ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568169, "indicator": "ec9cbda30e21f9eff5ccd70d9b299017", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568170, "indicator": "eeabc43299a4f24bb12652ec46912bcd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568171, "indicator": "eeb4f2ec9ba838cf0229f43e19c70dc1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568172, "indicator": "eedc2afd6e99aa74cb24b9afe046dc68", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568173, "indicator": "ef4bbd12166104fa5a30159df8212a99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568174, "indicator": "ef51e56da31ba444702ae26eba135536", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568175, "indicator": "ef6ccd7f68a1db97e7e02e3393158c5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568176, "indicator": "ef9d35e496dacb96de1eb8a8a7765d2d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568177, "indicator": "f0153996f8566457edcdd269320db3c4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 600383900, "indicator": "f0401805d8fc94f236f66d2fe7544441", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568178, "indicator": "f0661d4c7f46b2e90493cfc2688a6e25", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568179, "indicator": "f073ab8f24ecc2fba499491062eff3b4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568180, "indicator": "f0a6ab4839f4dd44ffd75dbe9293424f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568181, "indicator": "f0e3397681817cd915d6aa70e2749011", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568182, "indicator": "f0e61e7eb867a809dd5bbff3354bb27f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568183, "indicator": "f13d436f3f2d35fd4db0f75cd76bf34a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568184, "indicator": "f1b0f7e203409af349f964d7f5b005ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568185, "indicator": "f213519d0f9a09db9719ab2827c5d639", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568186, "indicator": "f297c5f4299eb2de76dfd943aa47cc51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568187, "indicator": "f29bee9afc79e4120b57cf4e7743f253", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568188, "indicator": "f2fc83356c26829326dd3fdc5aaf074c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696512, "indicator": "f379111ed445ade7157ade15976e76b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 577362875, "indicator": "f40572efb5ed5aa1c9dbfbace698bccf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 619068997, "indicator": "f4b6d7705dfbd2dfacf60c0cee4b7f99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568189, "indicator": "f4bccd97c705c47a6da06b6d516dddd0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568190, "indicator": "f5553782807b0c213c6ca374c98eb98c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568191, "indicator": "f61802c90e0410e2bfd18be03718c1e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 983696319, "indicator": "f618fb1e1731adbd0b66fefae05c9f0f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568192, "indicator": "f656361d5488d2ad2c67f6df59860f18", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568193, "indicator": "f68be0955eb44dcea02b7bcf36db9acd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568194, "indicator": "f71f980350ce98ebbe251625177a9e75", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568195, "indicator": "f77f53d2470466328f095100f2825a15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568196, "indicator": "f7c22515dcb535d77b9fc59261510a9d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1263239267, "indicator": "f7eb4a54858a7e1f55023745b235ba21", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568197, "indicator": "f824c884f09b95a641fe4e4e204aa635", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568198, "indicator": "f96daa1b221c5c2a598e3f46bfd518dd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568199, "indicator": "f9cd8b7a912cb8aa28b6bbfd168d554d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568200, "indicator": "fa1208b45a7c8fac37370998395c94e3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568201, "indicator": "fa23b6f216a428e5bd0df3447f26abc5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568202, "indicator": "fa39635454b8ab4a1b73ccec0317025b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568203, "indicator": "fa6653132191f4f11b7f7d0facd79c5b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568204, "indicator": "fa7851d1a8118405276d16b2d6b00eea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568205, "indicator": "fb36d6140fb192ca27df75b26e05a4a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1529283646, "indicator": "fbb3fc47485df08ffbce8ee5cd9642ce", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568206, "indicator": "fbcc5c125e18019a5e6e536a47d5a1a8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568207, "indicator": "fbdc72ca751338bc40a3c048d03da197", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1563243219, "indicator": "fbfb649149b1555143a5763bb3f3824d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568208, "indicator": "fc0879a2676746c69bbbeea19e53bb2b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568209, "indicator": "fc0dcb8f0f0c1adf494aa53ca98f2ece", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568210, "indicator": "fc18bb82e42b03dad9e5a7ee55601182", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568211, "indicator": "fc54c5b93f07ca792c6d49febad96208", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568212, "indicator": "fc59aaa5e4f2b64fa0050c8d56777193", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568213, "indicator": "fcae302b97d4fef942af47ef3925e80f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568214, "indicator": "fcb10363739516602ffdb6416d8370fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568215, "indicator": "fcd9fdfbe292fa101654468ef5410ec7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568216, "indicator": "fdaedff7b4724d71d758d085257b5c9b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568217, "indicator": "fdf28592e605631c9ddb543858ccddaf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568218, "indicator": "fe207a3ae08d68bef973c5fdb173611f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2251687795, "indicator": "fe211cdbef08afc113c6347e8421a94a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568219, "indicator": "fe5e6312d0d002d8d9c65f59b9a890fc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568220, "indicator": "fe6ecbbb14ebd6368aaa5b4fde592dae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568221, "indicator": "fe8af729af3d5428d6268a0628cd251f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568222, "indicator": "fecfb6499dba777fe6aa5f4b16645a80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 456889453, "indicator": "fef2e48585db70ca52197375a23cce57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568223, "indicator": "ff076abd75d936a00afc5e95fde19e51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568224, "indicator": "ff80998c0664453acefdb76ffa80e4aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568225, "indicator": "ffaa4da3d45f920d4229b554aac5b791", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568226, "indicator": "fffa725af439f5daa85f590341394cf5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568227, "indicator": "036d47be3f681d0b5b54b86e5f960feabdeb51fc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 4d42c5bf1c860566f12b531c13e57b6c", "expiration": null, "is_active": 1 }, { "id": 576612680, "indicator": "05f59fbe61a0c728633df356c82a230ae4f2a177", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3ab130e6071654a94220d865320dd2cc", "expiration": null, "is_active": 1 }, { "id": 3360568228, "indicator": "0851fb2ab68d67e51bfe660f808ab58c35ff613c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "SHA1 of 2438d921d8a75f5bda9c5629746b84c6", "expiration": null, "is_active": 1 }, { "id": 3360568229, "indicator": "09a840465c51dfe8f768999e2779a34c71aabae0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 120fc8902ed442b13c04be98bc53ad34", "expiration": null, "is_active": 1 }, { "id": 3360568230, "indicator": "0ac39fb18f79be244c290878ea7667fa0d259bd8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "SHA1 of 0773929cc7c87c2ca9cb5656e58393c9", "expiration": null, "is_active": 1 }, { "id": 753098577, "indicator": "0c551b6a3b4c884818f63ca654c84038f7b5ad6f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6531761-0", "description": "SHA1 of 399a7a0415b1576a0c96a31ffad473a7", "expiration": null, "is_active": 1 }, { "id": 3360568231, "indicator": "1390f21e61d7c52d967f5895ebf6e67ef4dbcff9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Jeefo.A", "description": "SHA1 of 1b3c5144369e21c102063fc18adae793", "expiration": null, "is_active": 1 }, { "id": 3360568232, "indicator": "1432a0b22b8bbea66015a07a967949b4f13895b8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 32077cd5c7fc1ca6a5133ed4d58f29ad", "expiration": null, "is_active": 1 }, { "id": 3360568233, "indicator": "14714fd1940a3eb7ae143a8d0c626421c7549826", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!rfn", "description": "SHA1 of 3abe771de758841de8b767a6b0c3092b", "expiration": null, "is_active": 1 }, { "id": 3360568234, "indicator": "15db04881c54c9b3cac3902e182d7116ad31d91c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 22b94247c622416e1b6fa185e768a999", "expiration": null, "is_active": 1 }, { "id": 3360568235, "indicator": "163a1ca9573321f1b31c1e0ee64c1822d26e822f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 30ac7066c073e160a45b1199245776f8", "expiration": null, "is_active": 1 }, { "id": 3360568236, "indicator": "19022cee29e978d9e56af5931421c115c522ee31", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 260b768a03390af34cf4d91ced33fb0e", "expiration": null, "is_active": 1 }, { "id": 3360568237, "indicator": "1a41e09fc3b45b7e0a7f5ffa0bc8f635f077e6f7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 4ab0efbe6b707653d5dce072efd71420", "expiration": null, "is_active": 1 }, { "id": 3360568238, "indicator": "1b044ee8bf10ff4efd58533937702c70568ce57f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 04c60405aa78d77c3d2e8917ed80e473", "expiration": null, "is_active": 1 }, { "id": 980081225, "indicator": "1b4f6a338a2b0a262a32c53140fc7e482cf9b859", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0585253320d06abc4e9f805d185925bf", "expiration": null, "is_active": 1 }, { "id": 3360568239, "indicator": "1babff0c3c7288f916585822543bd29702fd8552", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 05d4715fac45ef68975353a9a95a85c9", "expiration": null, "is_active": 1 }, { "id": 3360568240, "indicator": "1cc1407361248cef25731b83c32831ffbe203576", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 04d8a53865eab1aa5ca5c28f3d801d06", "expiration": null, "is_active": 1 }, { "id": 3360568241, "indicator": "1da49fd4b91248650a00dd6213de0841e028aa8b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 32831655372c8e6a3392a2cc8ab2da52", "expiration": null, "is_active": 1 }, { "id": 1563243646, "indicator": "1e3969c8eb5e32ae2bc705793892775693033278", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 530de6679b4252ee610f981f5733df2d", "expiration": null, "is_active": 1 }, { "id": 3360568242, "indicator": "1f1cf5a9a3e5329c0272579d98cd72ed3a9c120e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3073fdd8a27bbbb93e7437b16eee74f0", "expiration": null, "is_active": 1 }, { "id": 3360568243, "indicator": "20214ee1caa011eb07a07af195385adddcd36028", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 07f6233dfc22cd74724f5ab3fed265f1", "expiration": null, "is_active": 1 }, { "id": 3360568244, "indicator": "20dfd58b4f45efc773422a5d03dfd2be02fc5f16", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 35668d4e0b695960ea55263ed4e62533", "expiration": null, "is_active": 1 }, { "id": 3360568245, "indicator": "21294f812e870a1ae97598c66889d7e68adcea10", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 248bbade477d88d0725d7d4ec48a5587", "expiration": null, "is_active": 1 }, { "id": 3360568246, "indicator": "218f8f8420fa7cd7ee384dbae6e9089c6abfc191", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 4437a17a74dcd59a2596402839638080", "expiration": null, "is_active": 1 }, { "id": 576613700, "indicator": "307ddc9c8f13ad46e76943180f5254254d99d8fb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 039275d58d501cf0fdea202b395c466e", "expiration": null, "is_active": 1 }, { "id": 700486737, "indicator": "34ddfcafdadc99a5b114e06213a80c0316778c25", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA1 of 3f2edec5a187022818f166403d7e6ab4", "expiration": null, "is_active": 1 }, { "id": 920653998, "indicator": "36206af8a5e73ea2bad53971479484d5ec31f52f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 415b292dc523219af9ecd87021d7bc4c", "expiration": null, "is_active": 1 }, { "id": 576612637, "indicator": "39a575401709be3724a060a1f0f67e561d473889", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 2310ec047ec1ea275e208abb75cf012d", "expiration": null, "is_active": 1 }, { "id": 3360568247, "indicator": "39ec6e6178cb8f08e491d50db005bdf0fade152b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3617423f6a89b3ad0877d460c7b20cee", "expiration": null, "is_active": 1 }, { "id": 1563243633, "indicator": "3a433e05a4e19799da80815050717be54d8f596b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0e495b1e38ce80e0ba31c73a5203d09b", "expiration": null, "is_active": 1 }, { "id": 3360568248, "indicator": "3ba469ddeeff3bd6e974ce406d172e16e302ae9a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 215003bf1f71e0c76a95229ba06c37d6", "expiration": null, "is_active": 1 }, { "id": 3360568249, "indicator": "3ede99a0f90bf379f3f9cd4a54ab466d7cd1b52f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 106ba49c3d94149c9c1bc4c6a7d2549f", "expiration": null, "is_active": 1 }, { "id": 3360568250, "indicator": "412d4057feefecbd21db5b42dd631dcfa7425121", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "SHA1 of 10facfa21af7a974322a2be7c1d77fb7", "expiration": null, "is_active": 1 }, { "id": 3360568251, "indicator": "41ac6c6fc1b0d01d53718c080a8349ac99b11c7e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 18a2a7d4821ec00143ffde8d0c9d24e8", "expiration": null, "is_active": 1 }, { "id": 3360568252, "indicator": "41dc2c60219c07fbea67517997231f85e5f1225e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0cfb3ab1f43215008d3dcf7d187e6af1", "expiration": null, "is_active": 1 }, { "id": 576612697, "indicator": "41eda88a78f834eb2c2c8c9b1fba095b92bd6384", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0db78a53fa0f421e1342a21f77963025", "expiration": null, "is_active": 1 }, { "id": 3360568253, "indicator": "432555ea8e4ec36885803e04c552d631476792c3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 38316406bccfdd6adcf10f26755cecb6", "expiration": null, "is_active": 1 }, { "id": 3360568254, "indicator": "43651659e1a0c0fc7f0338fd5eb603eaa18b26b6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 42cff29ce07f9ff3db0eea051e80aad1", "expiration": null, "is_active": 1 }, { "id": 3360568255, "indicator": "44756e08841eb0afffd2afb8e3681359c060574c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 078024bf070634295c4e9d43ebc68d63", "expiration": null, "is_active": 1 }, { "id": 3360568256, "indicator": "459f3b92320a7a3e0e297d551ea4ddbbe52d6c01", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 25f8420059da7e09adaf3f0ef34bb9e1", "expiration": null, "is_active": 1 }, { "id": 3360568257, "indicator": "45a0441ab37485b37a3395fcf26926d37c87c096", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0ed55f706017ceea880de981c5169d22", "expiration": null, "is_active": 1 }, { "id": 3360568258, "indicator": "46cb115442e37677aebb6022ed2f9d2bc6c44ab1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 35d8069116cb99907edea204f2b3b25f", "expiration": null, "is_active": 1 }, { "id": 3360568259, "indicator": "479fa9ce5745526f3553603f825fcece63a861c9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 08de5338e34666910fde893148176e7e", "expiration": null, "is_active": 1 }, { "id": 3360568260, "indicator": "47bce87c94232103f329bf202fc66cc622384658", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 45ee638b365d975b9e624158e5485377", "expiration": null, "is_active": 1 }, { "id": 3360568261, "indicator": "48547022269695693fa8784f4da2f89a922892f1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "SHA1 of 47a1c122bbb08ba3f2e441b380221f3f", "expiration": null, "is_active": 1 }, { "id": 3360568262, "indicator": "4af90a7cac0a842e1d962c592c100f372d45e8a3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 449986069fa050dc1580db6f5ba1dfca", "expiration": null, "is_active": 1 }, { "id": 3360568263, "indicator": "4cd800a2083a25bd7e46e4b953a1e83a828bd0c5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 38c1d0f4a0cf2f1018a1cd5f2b7efe86", "expiration": null, "is_active": 1 }, { "id": 3360568264, "indicator": "4de72eff9b20a96be1efe26d57f9baeb4e899a58", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Fareit-6626679-0", "description": "SHA1 of 4020403d9c172c650173c4a982172dea", "expiration": null, "is_active": 1 }, { "id": 3360568265, "indicator": "4f643398776a0966f71f5a373340d841388ec97c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "autoit", "description": "SHA1 of 425b5ac006d355a3e73e374be54d4a10", "expiration": null, "is_active": 1 }, { "id": 3360568266, "indicator": "50c1ffb935f94bddf5c19e698cd7ae74624613e0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4d796bc9fd0e0e8f44ab5154dfeb0777", "expiration": null, "is_active": 1 }, { "id": 3360568267, "indicator": "518389bea829fdf60389736903b3730f9c85a020", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of 2750fa2f08deec072b71a4444bd5c02d", "expiration": null, "is_active": 1 }, { "id": 3360568268, "indicator": "5228fa72ef8714e924c6eb9154ae209005f0f833", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA1 of 0d63350bd3ce6881618dd44b776b29f0", "expiration": null, "is_active": 1 }, { "id": 980081230, "indicator": "5265e5876714cdba17b3404bffcc7f624f1b5430", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 06badb0f8a6ef9872f911f2fb2a9f2a9", "expiration": null, "is_active": 1 }, { "id": 3360568269, "indicator": "54c5a1973b28a00b812ef09c18abef8aa63ccf59", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 2cb6a808ead069a00eb7105d83b5d43d", "expiration": null, "is_active": 1 }, { "id": 3360568270, "indicator": "5546ef57a890ca54ee59f52a39d86ea3f24ffe0e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 21c0027924a5a4a70cd1e61220716224", "expiration": null, "is_active": 1 }, { "id": 3360568271, "indicator": "55c811e5481c2bea1cd4ba79024457bedad079fd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Fareit", "description": "SHA1 of 411af5291b33f3178fed1268c70e6a8a", "expiration": null, "is_active": 1 }, { "id": 3360568272, "indicator": "58036ff1f50b1a9bc6d4508fd8d83b8a3ae797cc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 1002586d9f9f01802fa97cbff8cd7d04", "expiration": null, "is_active": 1 }, { "id": 576612931, "indicator": "5947f3f8f066524d525fa88219b44c30952537ed", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 466e7bf9aa3b30b78d01d51494d481d9", "expiration": null, "is_active": 1 }, { "id": 3360568273, "indicator": "5d14e8a1233a056b3b7b3e75245d00ba1af111eb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 16a10fd99d0fcd39b66e4ae04aed69f2", "expiration": null, "is_active": 1 }, { "id": 1563243632, "indicator": "5d3d64833b92df4e57c3d8b6c476a3cc146ecc7a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 14a69824518d96a2a364f7a6d7e0da7a", "expiration": null, "is_active": 1 }, { "id": 980081214, "indicator": "5d54afe1b5f1da8b9d5bd336025056ad47c5c5b3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 442cb3d02405a68557c7fe286c8c5b8c", "expiration": null, "is_active": 1 }, { "id": 3360568274, "indicator": "5dfb07e823d4a8dc624f4ee12108378229a5a7e9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1202225ac61e8528a5b06e7bfab04f5b", "expiration": null, "is_active": 1 }, { "id": 3360568275, "indicator": "62fbc225d532ab819372924bef50fbecb35e3f09", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA1 of 368de64cf5f02da40177692f8338632e", "expiration": null, "is_active": 1 }, { "id": 3360568276, "indicator": "634634d75af161df775445afcd893a2655cbe85e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 22a83ea7860d797c5b488f7d4fd13dfc", "expiration": null, "is_active": 1 }, { "id": 3360568277, "indicator": "67837cbabcfe5c0402a0266f7cce3e62019fb058", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1c138de648fb5b72b245a34c935230ba", "expiration": null, "is_active": 1 }, { "id": 3360568278, "indicator": "67ff1383de65d4956bc3b9156f83b815f910fee8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3ea71c153fbbc886f198c222209205d4", "expiration": null, "is_active": 1 }, { "id": 3360568279, "indicator": "6872a98371a6bd978ddfc7217ac0bb2a0e5df6d3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 4530f628939583dba37a6b16208913a4", "expiration": null, "is_active": 1 }, { "id": 3360568280, "indicator": "6afe2ecf96f343a309ae3862666a348008f64767", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "SHA1 of 277ada55027e622cb40e0073f3bf1455", "expiration": null, "is_active": 1 }, { "id": 889046466, "indicator": "6bb771fe570ad81e3022b4c90a04db1a837b5fe8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6541421-0", "description": "SHA1 of 3b2e584d484105e47701a19c339bbb5b", "expiration": null, "is_active": 1 }, { "id": 3360568281, "indicator": "6c636e5d996c34020bf69bf0247c65fc5a156870", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Fareit, Pony", "description": "SHA1 of 1ab0e5e724ed825791af685cef1bba4a", "expiration": null, "is_active": 1 }, { "id": 3360568282, "indicator": "6cfe72c4f0be8dc143994f0950473b03af33c5f3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloaderMSILBalamid", "description": "SHA1 of 1989772517a7ab404bc0cb1e0443b746", "expiration": null, "is_active": 1 }, { "id": 1529284239, "indicator": "6e0978d1d4fd223f9d551abef809270fb08c360a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3550099425b5c16cc1e500d133e4695d", "expiration": null, "is_active": 1 }, { "id": 3360568283, "indicator": "6e24eb2ad12990b617b2287aedd57ba5686a85f6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA1 of 1e68b95d8432bf405e293b430a3fd84f", "expiration": null, "is_active": 1 }, { "id": 3360568284, "indicator": "7037e3bb54f7dd196c580aec0c73de92f1580fe8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 042b3e3ceb206d9fe9d323fa05ba3756", "expiration": null, "is_active": 1 }, { "id": 3360568285, "indicator": "70971c22441d41794c1808c1f693234182ca7e1b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 03ecf49dca7c86114ea60926528d678b", "expiration": null, "is_active": 1 }, { "id": 983697525, "indicator": "748bf3a7bb840b1f6a3b26ad7de6b46cb8413016", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0854f0f744d3797e38cc07304db68764", "expiration": null, "is_active": 1 }, { "id": 3360568286, "indicator": "754e53e33f2745bc86b98a27bdb837d083356780", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 306bed698ed9a2b33c376c4668dcb774", "expiration": null, "is_active": 1 }, { "id": 920653984, "indicator": "7583142406a9416ff28fcef74e61e80941327a28", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 411e91cab228c3ae34df4aafe8632b6a", "expiration": null, "is_active": 1 }, { "id": 3360568287, "indicator": "76825200ebfb70573b1642addc34e84e1e8e56d2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0ae994af3dcece45343836e94f8e7ecb", "expiration": null, "is_active": 1 }, { "id": 3360568288, "indicator": "7aa237162fbffbfdb0b3a525e65c3a3e2554fe61", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 15fbf5c441a3a705ec430d6a1519cf8b", "expiration": null, "is_active": 1 }, { "id": 3360568289, "indicator": "7ec7826ead86b5a9f7ca2775f9414dec9db97767", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1025000169c8a8af780be4c204cd9b87", "expiration": null, "is_active": 1 }, { "id": 3360568290, "indicator": "7ee09983b86b9fc19d05d24d986f2b8963b5ebf8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 10280bab51f69d78610b7cd524afaa6e", "expiration": null, "is_active": 1 }, { "id": 3360568331, "indicator": "82b605c53ac59257d02cf35ae526619bd9494365", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 03dd7830dcc08b47f525be34d6a9ecda", "expiration": null, "is_active": 1 }, { "id": 980081219, "indicator": "8406e8848273c83c3355187dd413410591916c21", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 284acfeb8f427c3777a09478c7903c0d", "expiration": null, "is_active": 1 }, { "id": 3360568332, "indicator": "8433a5d5330d0f83a9350ccae7d54e76e5af5e37", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2a525937ddae91c3a89a53ee362fb258", "expiration": null, "is_active": 1 }, { "id": 3360568333, "indicator": "84d771253af1f74be1295b631245959cbc1ff243", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 19d2918e48cfab1275f18d9b42307eb2", "expiration": null, "is_active": 1 }, { "id": 3360568334, "indicator": "85b7b5d5b2dab229c60fce613f75e144bdc12037", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 46a770c1a77bdc368278bb48ff1a1efd", "expiration": null, "is_active": 1 }, { "id": 3360568335, "indicator": "85ed3ce00ae8451187af4cbdacd5d4cd8058ea53", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0b421158b4446e71a29bb984e676203b", "expiration": null, "is_active": 1 }, { "id": 995515981, "indicator": "8666526d8da3752eb41853a8ab2e039b6b40f2f9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "SHA1 of 46b255cb008d99da1d0fe1eb51006a6a", "expiration": null, "is_active": 1 }, { "id": 3360568336, "indicator": "86f2cd8e3db60ce3e29b89501d2d79f802b1e35a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1852f73f39ab8c254e5a32b6dc87a4c1", "expiration": null, "is_active": 1 }, { "id": 3360568337, "indicator": "88682ef6b95d49351b58472008b43557308a2642", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 453fed613f8bd49395a7ad5b74072dd5", "expiration": null, "is_active": 1 }, { "id": 3360568338, "indicator": "8ccbffa1f3a7f7b55a43d63295373b9dafdc7924", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0b348fdbb2d9b514e6fd8f2c7e27b6aa", "expiration": null, "is_active": 1 }, { "id": 3360568339, "indicator": "8d982cf1f90be89b64efa8be288bf20c313cbc50", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3cae946269d800794c61852fb9326ba4", "expiration": null, "is_active": 1 }, { "id": 3360568340, "indicator": "8f199d386533adb0662fb27cffb18a97deea5bdb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "SHA1 of 29f4c6cf1897ed6c158f6335e0998a38", "expiration": null, "is_active": 1 }, { "id": 3360568341, "indicator": "92daf7e6a70111c714dedc4189598bd122ad41a0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 078d16e03fcbdc31c499feff72381dbb", "expiration": null, "is_active": 1 }, { "id": 3360568342, "indicator": "950d31a45bf098e04ddd0946abc5c74fe9d0602d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 4147b9d3f947f2b4a26b44cbadc4a317", "expiration": null, "is_active": 1 }, { "id": 3360568343, "indicator": "951a626874dc8fd7eb28b05fced3681e81bc88b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 24823a0b6d9e48e4234efd027161c0dd", "expiration": null, "is_active": 1 }, { "id": 3360568344, "indicator": "982d09772cc3e376dc4207a247357bc5617049af", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1107826f106c323744d7122630dbbab7", "expiration": null, "is_active": 1 }, { "id": 3360568345, "indicator": "98f0e21df059931e3fd50b06a494d19ebced3963", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 147d68f27c2a0f9babd0b425dabc8a18", "expiration": null, "is_active": 1 }, { "id": 980081218, "indicator": "997718b5b73cb49a06219ebfc09c331ccc3cd38b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 359bcb291f5b3091d9ddcedad3968d13", "expiration": null, "is_active": 1 }, { "id": 3360568346, "indicator": "9a54c439c281e82e0e78d2d123780aa0d5a8915c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.MsilInjector-6429493-1", "description": "SHA1 of 1ed381e278bd1f74fe6124353907ce96", "expiration": null, "is_active": 1 }, { "id": 3360568347, "indicator": "9d654bde7b9d89e3ac4115820420fcf062867714", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 07b62e8a8224f52d62ca6ad41926fbd4", "expiration": null, "is_active": 1 }, { "id": 3360568348, "indicator": "9ebc5e31b2014579ba1a191fbcc167689487c4f2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 1f9a7d25be7e4a8902b7a13f121099f5", "expiration": null, "is_active": 1 }, { "id": 3360568349, "indicator": "a10795ac5aaf928a92fad4453dc1c060b99817ab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanWin32Comisproc", "description": "SHA1 of 44f15583eb6340c6547d45b0efe9da5c", "expiration": null, "is_active": 1 }, { "id": 3360568350, "indicator": "a10deef4a599fb9d9ed5b80ba780d9919a9da731", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_rtfn", "description": "SHA1 of 1af35709cf686cf0f427ba80ced2d426", "expiration": null, "is_active": 1 }, { "id": 980081212, "indicator": "a205f88bba95399953f35836892c5ca12fddc370", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 46a1e489cc41b2a97aa9d2e9d91eb300", "expiration": null, "is_active": 1 }, { "id": 3360568351, "indicator": "a21dd91d4d58d98833cf6c2f1566107b0b6acea6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 459af512b18a6b60156d45bad87e6c9b", "expiration": null, "is_active": 1 }, { "id": 3360568352, "indicator": "a40e21952897813d7a1305e570d5af168c976a49", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 1cdf1b4fea93464b1c29040ff7390cbf", "expiration": null, "is_active": 1 }, { "id": 3360568353, "indicator": "a51b2493be6781ee684b976dbe245be4fc234938", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1b70f6f7582bb019f7df40221ac8aad1", "expiration": null, "is_active": 1 }, { "id": 3360568354, "indicator": "a5db229ffd11d7e0202b95ddb21cb5788e7df5cc", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 33892009d04a01bad5a71e37ddeaca52", "expiration": null, "is_active": 1 }, { "id": 3360568355, "indicator": "a608a970a5b3ef9ffb9b0e25e6778d12456aa8d9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3744ffc1f6219702ac75d05265b4c092", "expiration": null, "is_active": 1 }, { "id": 3360568356, "indicator": "a69cb0c73b9ffc63d23a813190ae415e0b168ccb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 2c5569857887adb88e21b6a563c296c3", "expiration": null, "is_active": 1 }, { "id": 3360568357, "indicator": "a7521ee29aaba47de690e3cfc9f7e3dcc737c882", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 271bb70f638c6da5b53c3f18c2d350c0", "expiration": null, "is_active": 1 }, { "id": 3360568358, "indicator": "a7e7252926459273526216a15ed55791e9ae0c3a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3cafd575aa5bdb97dcf50fde2b0d3945", "expiration": null, "is_active": 1 }, { "id": 3360568359, "indicator": "abf147b97eed49247a211fe22da36865f6fd8657", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Pynamer.A!ac", "description": "SHA1 of 45871ed002cf2573df1905dba2b276fe", "expiration": null, "is_active": 1 }, { "id": 3360568360, "indicator": "abfbc362bc3b8e01f3241b700ea4b4866c2636ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0bc543753aa5665f5306ad3f46d30776", "expiration": null, "is_active": 1 }, { "id": 3360568361, "indicator": "ad83b4e0ab304e9b9b103a696c0239d1c575de4c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 4958f718d47061f2e9e2064f8ac94e06", "expiration": null, "is_active": 1 }, { "id": 3360568362, "indicator": "adcaa907f5a123a3bd09c3bcd29c17a605a36672", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 2c8fd210eeeaead56efc60bd552f425e", "expiration": null, "is_active": 1 }, { "id": 3360568363, "indicator": "afa19beb1236094d2f00e243d7bad3422969b8b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 468e125242b464af3a64841bbd0a3ae0", "expiration": null, "is_active": 1 }, { "id": 576614353, "indicator": "b2231c09950b624653daf3630ec1e16106f07a2d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 07ac88411153e25ba72f86c909f99bef", "expiration": null, "is_active": 1 }, { "id": 1563243630, "indicator": "b2f307f782eaa2834b93b945300dcd0759445868", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 27fcc8580e2d2062130be62fe5923c19", "expiration": null, "is_active": 1 }, { "id": 3360568364, "indicator": "b30b480a4fb895628f2d1a98c3ed8a3730e76ec6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 23ab444e2dfd407fb24eb2e806b5064f", "expiration": null, "is_active": 1 }, { "id": 3360568365, "indicator": "b3a46bb392a8b40c12ac046dfdc3572132155aab", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA1 of 2a02f52b64bb0b2ffce4fb81b4517c7c", "expiration": null, "is_active": 1 }, { "id": 2929300048, "indicator": "b4caf64b954ef0162a658109e01d5a13c2c2540c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2017-8759.A", "description": "SHA1 of 05a3e39e7d534b43f90b5737c800b8d2", "expiration": null, "is_active": 1 }, { "id": 3360568366, "indicator": "b6e19a9e0fb88e8644a019655ff756a50bd0fc33", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3e0792a9ce5c78a1af3caf20fd0b73c5", "expiration": null, "is_active": 1 }, { "id": 3360568367, "indicator": "b73e6a118a9b0c4453202eff50ec801a7430141f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 3469490f6cb1c47fd1ff46c46224edb4", "expiration": null, "is_active": 1 }, { "id": 3360568368, "indicator": "b8963a1dbdc1fab8f9e5f8e54ff3594d887aaf2e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 49880bf08ccc31c645d6b1f2148688bc", "expiration": null, "is_active": 1 }, { "id": 624676174, "indicator": "b8fb157a3bb45b29a209a152be4d5bf5002b6957", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 0d19949b7c2180ce15f6c9490d3571f4", "expiration": null, "is_active": 1 }, { "id": 3360568369, "indicator": "ba86d4073895a07dd648e9c2292da90473ca3473", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 260950489644e6a7e1db48d1145b42c1", "expiration": null, "is_active": 1 }, { "id": 3360568370, "indicator": "bb3b8669e9dce26e970bff6aebf475cab91fb106", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 50564f7bfdbe6f4c7801b67c3a31cfde", "expiration": null, "is_active": 1 }, { "id": 3360568371, "indicator": "bfbfc092d7536c2e41f4845238d7ba054d6377b8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 148065fdd2220e7091b43e531fd49fb3", "expiration": null, "is_active": 1 }, { "id": 3360568372, "indicator": "c16068de4690304437da7b436f6b2601fc2f07fa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 5255391606f317a42c4f967bd7b29f13", "expiration": null, "is_active": 1 }, { "id": 3360568373, "indicator": "c28cc5109d94307c149501dd805cd95c4afb7d69", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 2074b0a024bd3ac6f1b4d89dbabab077", "expiration": null, "is_active": 1 }, { "id": 3360568374, "indicator": "c2b37eba99fe9488f23501dbecc3b1db44ea2734", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 34e123f1d645eb22eabf9a0468f331dc", "expiration": null, "is_active": 1 }, { "id": 3360568375, "indicator": "c2ee282a3e1205cf19ff28a9e811e5dcd565558a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3316d124b26e337d968f1a224b9dbec5", "expiration": null, "is_active": 1 }, { "id": 3360568376, "indicator": "c38aa30577e123e296ca34dafc3bc2abd2b1103a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "PWSWin32Vorbeld", "description": "SHA1 of 1765e632d2a7df885ee14367f5000d93", "expiration": null, "is_active": 1 }, { "id": 3360568377, "indicator": "c6fd2387b927854fc5096e9df6790e83d8d02524", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 43dc4222222d8f158cbb688a77f9bb84", "expiration": null, "is_active": 1 }, { "id": 3360568378, "indicator": "c8dae001f0e0ba2a9ec5c2e39115a264954add7d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Dropper.Zusy-6563162-0", "description": "SHA1 of 115e42b9f0329ccbc4c9149d6d3a6277", "expiration": null, "is_active": 1 }, { "id": 3360568379, "indicator": "c912d226842d016a1e92b1aa6ee56c2fec155452", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 224415658b7fe419d28d7b15923f758f", "expiration": null, "is_active": 1 }, { "id": 980081398, "indicator": "cbcd5a7e3c8dc8b28cb019ce682e32b31e025e69", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 093fd7bfe7c1d3af0ea7eface7775ea6", "expiration": null, "is_active": 1 }, { "id": 3360568380, "indicator": "cca0f066989f5c990a40772221156abec9f6858c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0c836cda6823cc0b4b77008312e9720c", "expiration": null, "is_active": 1 }, { "id": 3360568381, "indicator": "cd9f95c4e9d60e552954aa5adf9669f4ab85e011", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-6633079-0", "description": "SHA1 of 0873d67cd970b92fa0ca78bf26f21f5a", "expiration": null, "is_active": 1 }, { "id": 3360568382, "indicator": "cf6f71e42c74a669fb4d4951dbae6dba56573089", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1d7c5aa42089f1fe2915d69d8b5116dd", "expiration": null, "is_active": 1 }, { "id": 3360568383, "indicator": "d08d52926ab17eb4d17edacdaeb2ef43b3bc5af2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4dce5b84c18684f38cd13a52d675b1f6", "expiration": null, "is_active": 1 }, { "id": 3360568384, "indicator": "d0e6782f45abc0489946ae5e9b744156b1f0257f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 27a9e1376137d9e24b82c01f6d12c802", "expiration": null, "is_active": 1 }, { "id": 3360568385, "indicator": "d4038e8a92c571fc80fd5503f7b3b6fb8b611202", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 2858aec697d4d7b976e3214a17fce1e9", "expiration": null, "is_active": 1 }, { "id": 3360568386, "indicator": "d55dcdc3dbd3c68a3dc9afd12df0a57785bf2927", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 14036332da6d16efbd3ae1713ded7e31", "expiration": null, "is_active": 1 }, { "id": 3360568387, "indicator": "d5c9139e946b5b3613cf5ed14c646e82ed41ce7c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 181fe5e18d3774433da98d46d80e8a65", "expiration": null, "is_active": 1 }, { "id": 3360568388, "indicator": "d6fdec4ba9255cedbac57c80d208577ea4b39f4c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 152934da09055470e558e8919833659e", "expiration": null, "is_active": 1 }, { "id": 3360568389, "indicator": "d7157f87ae8f8b635cb6ae333b63b6d16f8d1cea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 4b45374065a61d4a5335e780742b9125", "expiration": null, "is_active": 1 }, { "id": 3360568390, "indicator": "d783920f5bcdb9b87cb56719d24ee3f4a2655f4b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 306c1c1d8e3956165dcfe51cccac8d4e", "expiration": null, "is_active": 1 }, { "id": 3360568391, "indicator": "d7c9eb196723112aaa2b16b6115f24bb8c6bf7a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 30fd06fb1cd1c0471294a9666ed401a1", "expiration": null, "is_active": 1 }, { "id": 3360568392, "indicator": "da89bb67040cf2eff00e6f97890854e3a5f5a60a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Dynamer!rfn", "description": "SHA1 of 26f89718dd0ac7af779ccf423aeee5a2", "expiration": null, "is_active": 1 }, { "id": 3360568393, "indicator": "daad1c312b0fc835a9942ad00a98fa104ea7ec3b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 13b40a0ab93b784ef29a01f3edb3dd6a", "expiration": null, "is_active": 1 }, { "id": 3360568394, "indicator": "db6971f501db31a17e43de67069910979c62faf9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 156e55fa92300c5412289fcc85190288", "expiration": null, "is_active": 1 }, { "id": 3360568395, "indicator": "debffb9e25f5ba5ef4e4758e14c3f4aabed6ab98", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 103f64a9237db2c939c35c93e13aed04", "expiration": null, "is_active": 1 }, { "id": 3360568396, "indicator": "e0bb2b4cfa1bf09f6f464c2c5854628d53bc97d5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 24a17b7ea137a2d807b91470bfa9cd66", "expiration": null, "is_active": 1 }, { "id": 3360568397, "indicator": "e1391e19b7a828a871c89cf9f0758b5ee82fc5ac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 48159a39e517694cd35dec553de4ee04", "expiration": null, "is_active": 1 }, { "id": 3360568398, "indicator": "e1f6eb21e78577ef505dcfda36db77a4f6443bf0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA1 of 33daa34937b0d3e0b6879f66ef4ef4db", "expiration": null, "is_active": 1 }, { "id": 820174728, "indicator": "e25b72bf9278cd0d4ca6b1aec72109d3a7cf3e22", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 3f607dd499ee05f38c0966ec0d070f9c", "expiration": null, "is_active": 1 }, { "id": 3360568399, "indicator": "e2986e6376a9d806b305967fce5047b38dee7b12", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 4037f4b612bee8377a8b6c5d854fd9d1", "expiration": null, "is_active": 1 }, { "id": 3360568400, "indicator": "e46dd99f1e3dd352abd161f1e8d61aebc062d6a6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 342eac015ea7361729f6fb1506ac4ef1", "expiration": null, "is_active": 1 }, { "id": 3360568401, "indicator": "e7547ccaa50722f9b1d1a328f7535196c4ca5c6b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 22848fe2de4424fba05954bd93f39aee", "expiration": null, "is_active": 1 }, { "id": 3360568402, "indicator": "e8e1fdfab8f98de50fc33242f668f3e03044f855", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "SHA1 of 1bc20f9efee8e0c8bbe31b2e4d00a94d", "expiration": null, "is_active": 1 }, { "id": 983697097, "indicator": "e9cd6d62ded16d9b048b992e06203cd267d1acd1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1ea1355cd1016c9d0f9f8b3dd5ff7ad7", "expiration": null, "is_active": 1 }, { "id": 3360568403, "indicator": "ebd70ac401ce36cc2fe74482c2ca456f5c40bbce", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of 47f0e070b3a2695bf74a32d60e0835ce", "expiration": null, "is_active": 1 }, { "id": 3360568404, "indicator": "ed71676c5f7263c184279c72d0cb39ae5d3bcd21", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 33a652fb271437ab9cef8c3be6e93dac", "expiration": null, "is_active": 1 }, { "id": 3360568405, "indicator": "ee88c3edaa0f7a1372033c4a9a4f4ccc69c7ae29", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 10776f56388345cdc3847a2d1687893c", "expiration": null, "is_active": 1 }, { "id": 3360568406, "indicator": "eee4ca755e810b0533877e6773ea205abdd7651f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 14d021f7a8206f3ead5bd58c2ed33991", "expiration": null, "is_active": 1 }, { "id": 3360568407, "indicator": "efd21347e94638eb41554827123b61a537042569", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 05c679c2a42c18d736140d95532ae027", "expiration": null, "is_active": 1 }, { "id": 3360568408, "indicator": "f02d813bec757536bf035bd548ca5fcc86c4d4f3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 04d38647d9744274a6d764c5f135e68c", "expiration": null, "is_active": 1 }, { "id": 3360568409, "indicator": "f13a1d9c7014c3dbe6c78f1e17208e9bbc6609ff", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 1d710dcce0ceee7916eee856096b3439", "expiration": null, "is_active": 1 }, { "id": 3360568410, "indicator": "f1e61f1ee3a7b9185fed62be18f4828a1b10862b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 03c044683241d11926d077f5c6bde05a", "expiration": null, "is_active": 1 }, { "id": 3360568411, "indicator": "f2f6bb2ee51d664941e67cad0d352305eeb4a64f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 059682692cbd61194e609f8edb82ded2", "expiration": null, "is_active": 1 }, { "id": 1529284233, "indicator": "f497929f6add290a85929876843930f9b9721962", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 2b0b05c660c33bb267f01b63443323bd", "expiration": null, "is_active": 1 }, { "id": 577364259, "indicator": "f511f5cce1caeee2cb6bf46ccbb639c98b60d4f2", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of 392d7d7f1914dd823d01554471881c42", "expiration": null, "is_active": 1 }, { "id": 3360568412, "indicator": "f5a9762f0dc1707ce1365f87a10d96d9c917335a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 27ee5787561b5efd058b43b75f9462c9", "expiration": null, "is_active": 1 }, { "id": 2628603700, "indicator": "f681151228688cbee0fc771242cd15a48fb74f10", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Swotter.A!bit", "description": "SHA1 of 3c5a11e90d54aa5bc872c806ff955897", "expiration": null, "is_active": 1 }, { "id": 3360568413, "indicator": "f7c8c4fb562e55085a4fabc09d622dc2894560f7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA1 of 02640462c27a1578060b59bd9b410512", "expiration": null, "is_active": 1 }, { "id": 3360568414, "indicator": "f83f304db14fad734dc71cb85e35cfe128bb67f8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 233f9fd4175c6f3428956ba2599075e7", "expiration": null, "is_active": 1 }, { "id": 3360568415, "indicator": "f95eeedd0631a1875fcb4ff6b6b89cd4012e7515", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA1 of 42a5847e78333208bdda7656606eda33", "expiration": null, "is_active": 1 }, { "id": 3360568416, "indicator": "f98b450a07e1fe1c4f0f72b788f0327be730d447", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 42135acea2aab33cd0c753da9ee96915", "expiration": null, "is_active": 1 }, { "id": 3360568417, "indicator": "fa9a0ecb04292148c6949f186168b4debcfab24d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 25ad24e3002a8f7fa2b2f5cdf3c1d7ef", "expiration": null, "is_active": 1 }, { "id": 3360568418, "indicator": "fc08001723136a177a8827ff8f4471bf20df2925", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1b2a3a848f87cbbcc42537e99251f3bb", "expiration": null, "is_active": 1 }, { "id": 3360568419, "indicator": "fdaa85457a027e53661c5b57f47d9dd2b0a3292b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 3a4ebd985931ae9a06bac0ce3089464b", "expiration": null, "is_active": 1 }, { "id": 1012173512, "indicator": "fdc55f1f51b1724cc3d5885abebcb42751965671", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA1 of 4471b941c72f3ea1188e814bc569b66d", "expiration": null, "is_active": 1 }, { "id": 3360568420, "indicator": "fe58b2a6caaa9f515b7cb7872646486a21b684f6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 0da5c7a1740cdd66e88a17b629e656b5", "expiration": null, "is_active": 1 }, { "id": 3360568421, "indicator": "ff9a3397ce9d5892764259555c4c58ebbdcc47aa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1601fd5152f9fa9551c0c61fb208ebb7", "expiration": null, "is_active": 1 }, { "id": 1386572007, "indicator": "03b96ab568d5a4a8d53ee14b6a571bf0fd5de50b6db02555420de7cf3d9737e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 342eac015ea7361729f6fb1506ac4ef1", "expiration": null, "is_active": 1 }, { "id": 1386572010, "indicator": "040490f83e089553bf8c1e9cce5dce2e546c3200a2b0f2ce8c35d15648c80922", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 46a770c1a77bdc368278bb48ff1a1efd", "expiration": null, "is_active": 1 }, { "id": 1386572014, "indicator": "05a7f8a22c6e0f43a2964459f3315ba43c5f0e1f7c5a287f5e3a5c7d231db4b4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 148065fdd2220e7091b43e531fd49fb3", "expiration": null, "is_active": 1 }, { "id": 1386572015, "indicator": "06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Pynamer.A!ac", "description": "SHA256 of 45871ed002cf2573df1905dba2b276fe", "expiration": null, "is_active": 1 }, { "id": 1386572020, "indicator": "09253109b7b16bf5019ce9fe7dc4dd0b0fdac6c51be499f719df56644412af5f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1d710dcce0ceee7916eee856096b3439", "expiration": null, "is_active": 1 }, { "id": 576612639, "indicator": "0977c716562852b4688b9ff9a488e98e53501ad017f9e035b85b617e5f114e15", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 2310ec047ec1ea275e208abb75cf012d", "expiration": null, "is_active": 1 }, { "id": 1386572022, "indicator": "0a15805f80a997d79804c22d4fc975f4cdbb270a8285535d83dcf60d99528c47", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 22a83ea7860d797c5b488f7d4fd13dfc", "expiration": null, "is_active": 1 }, { "id": 820175119, "indicator": "0a875b984e6f2878f201c5955f5f36a4e412489d03071864b0dc615e5cf55276", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3f607dd499ee05f38c0966ec0d070f9c", "expiration": null, "is_active": 1 }, { "id": 1386572226, "indicator": "3a4faf34bece4475eabd0742389b29e561bbdc1785da69bbf44c012556043ac5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 10776f56388345cdc3847a2d1687893c", "expiration": null, "is_active": 1 }, { "id": 576614355, "indicator": "3af406016138e32bb26c3d48c4ce93f36cab3de3b4bc0d53d5896bdb83477b58", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 07ac88411153e25ba72f86c909f99bef", "expiration": null, "is_active": 1 }, { "id": 1386572230, "indicator": "3b43dfc57c364598010495fc19f00572d0c4069274a091fee5ba35d3fa2b5e4f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Agent-6633079-0", "description": "SHA256 of 0873d67cd970b92fa0ca78bf26f21f5a", "expiration": null, "is_active": 1 }, { "id": 1386572232, "indicator": "3c4b18a3fb9bf2bce07c53f53dcb31ab49c23a5f48c24d978c27d8bb32bd1b25", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 2b0b05c660c33bb267f01b63443323bd", "expiration": null, "is_active": 1 }, { "id": 1386572234, "indicator": "3cb31e678f510daf7bb47b4d8b13cfafbc3fba68b5c09b8ce9f42853e8fd19f5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 059682692cbd61194e609f8edb82ded2", "expiration": null, "is_active": 1 }, { "id": 1386572237, "indicator": "3d3e504e77918ba95a585c9d6e7baea3461109cda37c2545b2f9e5d619a1bbbe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 42135acea2aab33cd0c753da9ee96915", "expiration": null, "is_active": 1 }, { "id": 624676175, "indicator": "3e6b5fac401462de8e6b43060ffde1aa7117b083e3d2f8d795530b72f422650c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0d19949b7c2180ce15f6c9490d3571f4", "expiration": null, "is_active": 1 }, { "id": 1386572240, "indicator": "3e866d1c73e4c9403ab35f0946ab271199d89b7f1788ab61bd31fe70a9def25a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 10280bab51f69d78610b7cd524afaa6e", "expiration": null, "is_active": 1 }, { "id": 1386572242, "indicator": "3f65d6b98a39d20f5a224b58247f6511805c6059a7cd2f96d38ce025a191b9d3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 4b45374065a61d4a5335e780742b9125", "expiration": null, "is_active": 1 }, { "id": 980082230, "indicator": "3fe71eb8072ebba10d24eb2fbdc374bea5d3ae2a7baa7e4d6eae7372d154cdc9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 06badb0f8a6ef9872f911f2fb2a9f2a9", "expiration": null, "is_active": 1 }, { "id": 1386572256, "indicator": "41e8cd9e0f2aede1ea6908896ac74b2893166a69a791c6b8ca9de0803bcd9dec", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 233f9fd4175c6f3428956ba2599075e7", "expiration": null, "is_active": 1 }, { "id": 1386572258, "indicator": "429941583d47fd8e3c8c6c2b6ae662fd45868fcefbb3d1846a85596f665a297d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "autoit", "description": "SHA256 of 425b5ac006d355a3e73e374be54d4a10", "expiration": null, "is_active": 1 }, { "id": 1386399284, "indicator": "446e1c80102c8b9662d66d44525cb9f519369061b02446e0d4cd30cd26d79a25", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1b70f6f7582bb019f7df40221ac8aad1", "expiration": null, "is_active": 1 }, { "id": 1386572264, "indicator": "459a2bab1099fa9424a9d15521cb0793d7a2b324c549a292c46bd23b5c97aeb6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA256 of 33daa34937b0d3e0b6879f66ef4ef4db", "expiration": null, "is_active": 1 }, { "id": 1386572270, "indicator": "4772fcad2f095a49e1fb5288d6bdc634f689ac36ec6ec4643e4492fcce387d0a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2a525937ddae91c3a89a53ee362fb258", "expiration": null, "is_active": 1 }, { "id": 1386572273, "indicator": "47c2d38e081abc652067262d0dec41cdf29b880d425fb6affd06c2a3ec5ed2fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.MsilInjector-6429493-1", "description": "SHA256 of 1ed381e278bd1f74fe6124353907ce96", "expiration": null, "is_active": 1 }, { "id": 1386572277, "indicator": "48b5891b05052332210200faae5fbc72cd4e9b38ba30d71136868b1016a792a2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 453fed613f8bd49395a7ad5b74072dd5", "expiration": null, "is_active": 1 }, { "id": 1386572281, "indicator": "49ee7bdf97d611eaa03174d1ab304a8db27fa3fe188fc864d20459c92c9a7e93", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 2c5569857887adb88e21b6a563c296c3", "expiration": null, "is_active": 1 }, { "id": 1386572286, "indicator": "4b05c18243e17e91584d538cb144dbac085dee43153ac5c66ff681dd7b0fbda8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 30fd06fb1cd1c0471294a9666ed401a1", "expiration": null, "is_active": 1 }, { "id": 1386572287, "indicator": "4c2441889ecb592b4437b93b3e203fd40a68cf0b7cae8cb9eb2c88f6b045fffb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 106ba49c3d94149c9c1bc4c6a7d2549f", "expiration": null, "is_active": 1 }, { "id": 1386572288, "indicator": "4c411718c6083506d89747cb2aa0eed045911730d1fc9f128be9e2c058eeb4ed", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0ed55f706017ceea880de981c5169d22", "expiration": null, "is_active": 1 }, { "id": 1386572290, "indicator": "4cad3c7d34072bc52206fd5d6177f62de3432d10b908110de6534fa07010afa3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 215003bf1f71e0c76a95229ba06c37d6", "expiration": null, "is_active": 1 }, { "id": 980082225, "indicator": "4d0346037dc2d7ea8bc814dcd78718a5b22d3fa33b275bb3dbd7c7285bb54152", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0585253320d06abc4e9f805d185925bf", "expiration": null, "is_active": 1 }, { "id": 1386572295, "indicator": "4d40cb3a68a2f17e8e22918afd27df925513429a592cae3e72df0d9c261f5001", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 14036332da6d16efbd3ae1713ded7e31", "expiration": null, "is_active": 1 }, { "id": 1386572297, "indicator": "4e04e20a5ef41c39daddeb225f119251e42815de7afc3a5b5bd851a3e73217fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 22848fe2de4424fba05954bd93f39aee", "expiration": null, "is_active": 1 }, { "id": 1386572298, "indicator": "4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of 47f0e070b3a2695bf74a32d60e0835ce", "expiration": null, "is_active": 1 }, { "id": 1386572299, "indicator": "4e6f29e5be01e0739cc9067dfb053e4539fd6027dff0ae6cb1f26b944d863eda", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 03ecf49dca7c86114ea60926528d678b", "expiration": null, "is_active": 1 }, { "id": 1386572308, "indicator": "4fcfef0b1ccb37eaac977c1430467dc0321919e2f0637082bd3e4df261d76346", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0bc543753aa5665f5306ad3f46d30776", "expiration": null, "is_active": 1 }, { "id": 1386572311, "indicator": "50a6a2af404f6036777c1cab0ce6425371cbed1f0190d4e17cb5a6c7174321b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 16a10fd99d0fcd39b66e4ae04aed69f2", "expiration": null, "is_active": 1 }, { "id": 753098578, "indicator": "53f4c14a564fc9865fba0d21ca99d1ddb550f90d61a5c44c172e19584f68ba7f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6531761-0", "description": "SHA256 of 399a7a0415b1576a0c96a31ffad473a7", "expiration": null, "is_active": 1 }, { "id": 1386572322, "indicator": "54364c5a2c8d64f1dbf9c52b73d233942dcc6157e7d23e4e3ff39986f0de2f34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 49880bf08ccc31c645d6b1f2148688bc", "expiration": null, "is_active": 1 }, { "id": 1386572326, "indicator": "556652db00857b5af07d1af870cc9040deba73b3839e9a3bef08ce58fcdf5a97", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Exploit:Win32/CVE-2017-8759.A", "description": "SHA256 of 05a3e39e7d534b43f90b5737c800b8d2", "expiration": null, "is_active": 1 }, { "id": 980082398, "indicator": "56fe4911b023e34915ee06701dbfd145d342921a244f6bcd964128623aa41c34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 093fd7bfe7c1d3af0ea7eface7775ea6", "expiration": null, "is_active": 1 }, { "id": 1386572339, "indicator": "5863913433ca1a0aff0ceb63ab3ba5ca4982659bca1b0b8af45a1f5be088d121", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 15fbf5c441a3a705ec430d6a1519cf8b", "expiration": null, "is_active": 1 }, { "id": 1386572347, "indicator": "59e99a443adbbec76e5f51f3599a9df4c6e2e3950e00b6f6da725c18160458df", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Dropper.Zusy-6563162-0", "description": "SHA256 of 115e42b9f0329ccbc4c9149d6d3a6277", "expiration": null, "is_active": 1 }, { "id": 1386572350, "indicator": "5a4f3eb0010b6100af0c53debc7a91c1429e75265c801359ad7591a4f0b5cf9b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 1f9a7d25be7e4a8902b7a13f121099f5", "expiration": null, "is_active": 1 }, { "id": 1241763898, "indicator": "5ad6cf87dd42622115f33b53523d0a659308abbbe3b48c7400cc51fd081bf4dd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 45ee638b365d975b9e624158e5485377", "expiration": null, "is_active": 1 }, { "id": 1386572352, "indicator": "5b2b78d61f6460bb5b5b3b21ae238327786192a2339015db4f3f7b0afcb5e36b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 147d68f27c2a0f9babd0b425dabc8a18", "expiration": null, "is_active": 1 }, { "id": 1386572354, "indicator": "5b99a3115252b6248ca19fafc44d2007b89fb08e6af10e7912bca1c4ad84c650", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 3a4ebd985931ae9a06bac0ce3089464b", "expiration": null, "is_active": 1 }, { "id": 1386572360, "indicator": "5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 48159a39e517694cd35dec553de4ee04", "expiration": null, "is_active": 1 }, { "id": 1386572361, "indicator": "5ce17a2507528630348f999bd97c37f25c110e148689bd92dc58b8f6790b2c78", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Fareit, Pony", "description": "SHA256 of 1ab0e5e724ed825791af685cef1bba4a", "expiration": null, "is_active": 1 }, { "id": 1386572362, "indicator": "5ec78fc9faba272cf0a19c205231ce0a4ed9e5b225e24841e0afcbd6d764f050", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 2858aec697d4d7b976e3214a17fce1e9", "expiration": null, "is_active": 1 }, { "id": 1386572363, "indicator": "5f6811148946aa6c9ed7e97818c56305ace453fc39547e7987e6eb3ec1ebb153", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 23ab444e2dfd407fb24eb2e806b5064f", "expiration": null, "is_active": 1 }, { "id": 1386572365, "indicator": "5fb19d0683c765edd3e4b0cbb2d304635492d15c9c290575509265a1b44d7656", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3617423f6a89b3ad0877d460c7b20cee", "expiration": null, "is_active": 1 }, { "id": 920654397, "indicator": "5fdd029c1c733a084e5e1f2dda54bb4a9d01c878215ffa894ac36cc33cccd75b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 415b292dc523219af9ecd87021d7bc4c", "expiration": null, "is_active": 1 }, { "id": 1386572399, "indicator": "60bdecb996414b57c9b5b059e1078a734bd56a6962c5c6b4d99edbe7740583af", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 14d021f7a8206f3ead5bd58c2ed33991", "expiration": null, "is_active": 1 }, { "id": 577365259, "indicator": "60da9a353c2ca13cdbcba17dfd53ccaa42d12614aba9d3f03ad66e11895a1813", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of 392d7d7f1914dd823d01554471881c42", "expiration": null, "is_active": 1 }, { "id": 1386572400, "indicator": "611178330a4f68ed488aeb54b73d152ee871f134a4c15ce24df45b0cf582b401", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 2c8fd210eeeaead56efc60bd552f425e", "expiration": null, "is_active": 1 }, { "id": 1386572404, "indicator": "62999f3d9e15581981b30a719fb485c31161b2758b5fe1135d07d8891fc22703", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Fareit", "description": "SHA256 of 411af5291b33f3178fed1268c70e6a8a", "expiration": null, "is_active": 1 }, { "id": 1012174512, "indicator": "80179dc6e9a771e62fe957fc1a7e918a7673601fb8ef8040bd55125df03c0f51", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA256 of 4471b941c72f3ea1188e814bc569b66d", "expiration": null, "is_active": 1 }, { "id": 1386572523, "indicator": "81b9f8fa95f22536fa856a224834a4b8043874793b0cd7f32670f6b9901242e0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Dynamer!rfn", "description": "SHA256 of 26f89718dd0ac7af779ccf423aeee5a2", "expiration": null, "is_active": 1 }, { "id": 1386572524, "indicator": "81d2e8c99049659319dd864eb55b8b90087e2a357191ee028aabb5b63c566629", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 07b62e8a8224f52d62ca6ad41926fbd4", "expiration": null, "is_active": 1 }, { "id": 1386572530, "indicator": "845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA256 of 0d63350bd3ce6881618dd44b776b29f0", "expiration": null, "is_active": 1 }, { "id": 1386572532, "indicator": "852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 2074b0a024bd3ac6f1b4d89dbabab077", "expiration": null, "is_active": 1 }, { "id": 1386572542, "indicator": "883dda658e9bc0db921ac80eac849851b39c2c93ced75fa4f393e38b101c0ac6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 05c679c2a42c18d736140d95532ae027", "expiration": null, "is_active": 1 }, { "id": 1386572554, "indicator": "8b94f1182b23edb382f87de92eb1d2ffa503986fe0b02cb18ab85870f03a576f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 459af512b18a6b60156d45bad87e6c9b", "expiration": null, "is_active": 1 }, { "id": 1386572560, "indicator": "8c6939d7aa933d0ae1022c2919941222a6f866dd54db817b2fccf89732d8eeab", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 2cb6a808ead069a00eb7105d83b5d43d", "expiration": null, "is_active": 1 }, { "id": 1386572567, "indicator": "8f2b95a308ad613623901652610ae7a6202bc36a98f0a72d4f68635ca77a8dfc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 4d42c5bf1c860566f12b531c13e57b6c", "expiration": null, "is_active": 1 }, { "id": 1386572568, "indicator": "8f65eca7eb3f2dc78ed9a91fcef20d6d593000eccd175d6634d79284432d1e9f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of 2750fa2f08deec072b71a4444bd5c02d", "expiration": null, "is_active": 1 }, { "id": 1386572571, "indicator": "907d3ce8d28a602ce9cdfbb5d1ffb73ed4addbfffb6c8ad66881ee96b8627888", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 260950489644e6a7e1db48d1145b42c1", "expiration": null, "is_active": 1 }, { "id": 1386572572, "indicator": "912900348a2609b2d086dc0116b7059d08dbef74e40756f5a79122beb1ce236d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 181fe5e18d3774433da98d46d80e8a65", "expiration": null, "is_active": 1 }, { "id": 1386572600, "indicator": "91ae955e507bbbade66ee45ed9cf21680dd7e086f1b20b592bb4923883dc15b8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 24a17b7ea137a2d807b91470bfa9cd66", "expiration": null, "is_active": 1 }, { "id": 1386572602, "indicator": "91c226192dccaae16d9b6d875e0c053780f8510aaa4b69d51dcd21c8cb221bcf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 22b94247c622416e1b6fa185e768a999", "expiration": null, "is_active": 1 }, { "id": 1386572604, "indicator": "91e10685b26e7eaec9a474a47ef67c35a25ee6c5a9eadd7f4924d0cf1286f9f3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 32077cd5c7fc1ca6a5133ed4d58f29ad", "expiration": null, "is_active": 1 }, { "id": 1386572605, "indicator": "9302ab89cd016c01f9f9ad8cd30cf648f88995378c581fe21bd953a33b38ff27", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloaderMSILBalamid", "description": "SHA256 of 1989772517a7ab404bc0cb1e0443b746", "expiration": null, "is_active": 1 }, { "id": 983698097, "indicator": "933216c3a117832caf6a114fa82b09326fb640b0756d48596670f5eb0527cde9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1ea1355cd1016c9d0f9f8b3dd5ff7ad7", "expiration": null, "is_active": 1 }, { "id": 1386572606, "indicator": "933ba2fdab94bb8a78bd20cef5671dcdfcb941636ffe5332c93df2958689fd7c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "PWSWin32Vorbeld", "description": "SHA256 of 1765e632d2a7df885ee14367f5000d93", "expiration": null, "is_active": 1 }, { "id": 1386572607, "indicator": "93bbebd09acfed439cda0c5c375abb5e82af69f3387599982c43390114ad8130", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 27fcc8580e2d2062130be62fe5923c19", "expiration": null, "is_active": 1 }, { "id": 1386572609, "indicator": "9452b7d77d2b30b13ecaf65b2c23a1eda31487d02a59499824c5b0df0c2bdc10", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 5255391606f317a42c4f967bd7b29f13", "expiration": null, "is_active": 1 }, { "id": 1386572612, "indicator": "94d2ac11b2438eeefabe999a80686225700644f3187b4b931b4bf90a1f92142b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 14a69824518d96a2a364f7a6d7e0da7a", "expiration": null, "is_active": 1 }, { "id": 1386572619, "indicator": "968141b98675db6b40fc6a40a7aefd0daec4214d0454bfd2d98cf93adc5626d4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 4530f628939583dba37a6b16208913a4", "expiration": null, "is_active": 1 }, { "id": 1386572622, "indicator": "97a76a13de51f96806356aee6c9de30d5b8e34f915bee44f18833115007a91af", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1107826f106c323744d7122630dbbab7", "expiration": null, "is_active": 1 }, { "id": 576612935, "indicator": "98399d9fb20a469a6e2ec9afe1fade5d6989ae7851e30d8f5b6451b343c5b4ef", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 466e7bf9aa3b30b78d01d51494d481d9", "expiration": null, "is_active": 1 }, { "id": 1386572630, "indicator": "9a44a94f9a2186c3b5b4d182c96506641a78b0f64057887aa42404c807857589", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "SHA256 of 10facfa21af7a974322a2be7c1d77fb7", "expiration": null, "is_active": 1 }, { "id": 1386572636, "indicator": "9be657f5f29a400791b13c537d0785e7b96b1c4e9cc818c8b21cd98cb63a7376", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 042b3e3ceb206d9fe9d323fa05ba3756", "expiration": null, "is_active": 1 }, { "id": 1386572637, "indicator": "9c36c9bd2b580c8eba332def5ca10a65109b06366137aef11f0a539248cde02d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 42a5847e78333208bdda7656606eda33", "expiration": null, "is_active": 1 }, { "id": 1386572638, "indicator": "9d04b7a4cd3fcb3b9e6d22eda7689ed742137c5655987f9234f5ece019648c80", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1202225ac61e8528a5b06e7bfab04f5b", "expiration": null, "is_active": 1 }, { "id": 1386572639, "indicator": "9d490424a488cdf23a07c35682ea6f853b3f648015389bbbb76dba87a722a4c6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 08de5338e34666910fde893148176e7e", "expiration": null, "is_active": 1 }, { "id": 1386572649, "indicator": "a06897ba292b93123a89f4c53068c5afe14106e156207377736563fb7f40b001", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 43dc4222222d8f158cbb688a77f9bb84", "expiration": null, "is_active": 1 }, { "id": 1386572651, "indicator": "a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4dce5b84c18684f38cd13a52d675b1f6", "expiration": null, "is_active": 1 }, { "id": 1386572654, "indicator": "a287ab3d409a698dfc87c10348461ee356443e42e50d87a5cad7ffc7cbc7dab7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 05d4715fac45ef68975353a9a95a85c9", "expiration": null, "is_active": 1 }, { "id": 1386572665, "indicator": "a6430cde0cbc4bdd92e64a3eecb6d623d51276319894d7169c578e53f1bfceb6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 306c1c1d8e3956165dcfe51cccac8d4e", "expiration": null, "is_active": 1 }, { "id": 1386572667, "indicator": "a6dd6a364768150f8a6fc22be55711f661d8f07037ed1171751f85c69c550402", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 18a2a7d4821ec00143ffde8d0c9d24e8", "expiration": null, "is_active": 1 }, { "id": 1386572673, "indicator": "a8b4d718f1f3b01341977eb985a5c40638d33e050e3cb3c523baa5162576842e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3cafd575aa5bdb97dcf50fde2b0d3945", "expiration": null, "is_active": 1 }, { "id": 1386572674, "indicator": "a900098e0c30b0e1400472c0fd70fdc68875aa84d3c364736e22300354f23435", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 4437a17a74dcd59a2596402839638080", "expiration": null, "is_active": 1 }, { "id": 1386572686, "indicator": "ad04a7cd56de2b3b5134b528767313e42aed792df5491c0e3fe934f0f6d6df06", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 42cff29ce07f9ff3db0eea051e80aad1", "expiration": null, "is_active": 1 }, { "id": 1386572688, "indicator": "ad7da56574a33730a2af4ceced912cd982602fc5150b2a1a90e06dcd5311fe0a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0b348fdbb2d9b514e6fd8f2c7e27b6aa", "expiration": null, "is_active": 1 }, { "id": 1386572694, "indicator": "af20f3799d73fb3d7476bc04890a98c4322b70a902c55c8d4d80696114ef9ada", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 4147b9d3f947f2b4a26b44cbadc4a317", "expiration": null, "is_active": 1 }, { "id": 1386572697, "indicator": "af6cbc79ff21a3afc5baa03b474b67e364b919c24059b8844391fb392a030914", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0cfb3ab1f43215008d3dcf7d187e6af1", "expiration": null, "is_active": 1 }, { "id": 1386572698, "indicator": "af99fbb60ba6c39c3960dd6e6e4957d16e81453310aae80f9640e16bec33a25f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Fareit-6626679-0", "description": "SHA256 of 4020403d9c172c650173c4a982172dea", "expiration": null, "is_active": 1 }, { "id": 1386572700, "indicator": "b0adb7c3e887e6bcbe21abcf54851718f7eceeef31f570a76fb648ecb204cc89", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1852f73f39ab8c254e5a32b6dc87a4c1", "expiration": null, "is_active": 1 }, { "id": 1386572702, "indicator": "b0d204f6642332c31f731f071edc3ddf02267eed1a77d56e24d544155211742c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 25f8420059da7e09adaf3f0ef34bb9e1", "expiration": null, "is_active": 1 }, { "id": 1386572703, "indicator": "b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Virus:Win32/Jeefo.A", "description": "SHA256 of 1b3c5144369e21c102063fc18adae793", "expiration": null, "is_active": 1 }, { "id": 1386572705, "indicator": "b14a4bb2df42abc029178437192b00cfaf3ef74652276920f7911e9acf7aa321", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 03dd7830dcc08b47f525be34d6a9ecda", "expiration": null, "is_active": 1 }, { "id": 1386572712, "indicator": "b273e75a781a35d418614c296b3c25de01fd48e8ba3043af67a8529e59458fc4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 1cdf1b4fea93464b1c29040ff7390cbf", "expiration": null, "is_active": 1 }, { "id": 1386572715, "indicator": "b3baf7355af1cb7bc178165842b8ce618e7bc82fe41eb6c9f2605a463e2f5bd3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3e0792a9ce5c78a1af3caf20fd0b73c5", "expiration": null, "is_active": 1 }, { "id": 1386572729, "indicator": "b8548a2a9270b78ace6511b425b62dc1315ca82412622b6f244017651e196955", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 449986069fa050dc1580db6f5ba1dfca", "expiration": null, "is_active": 1 }, { "id": 1386572733, "indicator": "b8eea4ef015e3db1bf59adad73df81e936d40d242af7d86a99a3cca48ceac1ba", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Swotter.A!bit", "description": "SHA256 of 3c5a11e90d54aa5bc872c806ff955897", "expiration": null, "is_active": 1 }, { "id": 1386572740, "indicator": "ba52899995d407132c3f99745fd13825398c7397e3dd9b5f95888129642b8441", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 152934da09055470e558e8919833659e", "expiration": null, "is_active": 1 }, { "id": 1386572745, "indicator": "bb3354f130a2ced2219851aaa08578ff9c716bbc9d586cf7c488cbf2ae4c9bee", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 078d16e03fcbdc31c499feff72381dbb", "expiration": null, "is_active": 1 }, { "id": 1386572747, "indicator": "bb77f91396c89cd4f88c11aff2c8f5f7546a3a4f22bb97ab0064b30ca51d0b06", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3073fdd8a27bbbb93e7437b16eee74f0", "expiration": null, "is_active": 1 }, { "id": 980082219, "indicator": "bcf86a0d4685aaaa6a1266426081b047694ccff9cdb1684e3272dedd469ed70c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 284acfeb8f427c3777a09478c7903c0d", "expiration": null, "is_active": 1 }, { "id": 1386572754, "indicator": "bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "SHA256 of 0773929cc7c87c2ca9cb5656e58393c9", "expiration": null, "is_active": 1 }, { "id": 1386572760, "indicator": "c1b9d7ff0d5af8952f07de2cf76b2c617429ad8448bbc73d9e6d17e0cc2cb921", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 03c044683241d11926d077f5c6bde05a", "expiration": null, "is_active": 1 }, { "id": 1386572762, "indicator": "c249a36eba7584fbd6a62ef43509dd474393c4f76d47ba6fd0064f8675fd21a5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 271bb70f638c6da5b53c3f18c2d350c0", "expiration": null, "is_active": 1 }, { "id": 1386572766, "indicator": "c359fd0f9dac8f4af2962f21260dd4661fc27a7d787e1e6c7a71dc056b95071e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1601fd5152f9fa9551c0c61fb208ebb7", "expiration": null, "is_active": 1 }, { "id": 1386572767, "indicator": "c38246534c7e9b6b710fe0105bd934fb587e1087957c38e6a5b4826b50ba462e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3ea71c153fbbc886f198c222209205d4", "expiration": null, "is_active": 1 }, { "id": 1386572768, "indicator": "c38e252bf82b1d155df0c354432c04db13130b9d7f33829833657b5371f48c82", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 224415658b7fe419d28d7b15923f758f", "expiration": null, "is_active": 1 }, { "id": 980082212, "indicator": "c3aa42098908d9e51e3c824ce50bf4b9c9a80e1df2f8d4dca19c5e40b63a85b5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 46a1e489cc41b2a97aa9d2e9d91eb300", "expiration": null, "is_active": 1 }, { "id": 1386572797, "indicator": "c4808b315066f0a46f73c9e6a5261c70a6965da5cccb4f98a06f42431a704f44", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 3469490f6cb1c47fd1ff46c46224edb4", "expiration": null, "is_active": 1 }, { "id": 889047466, "indicator": "c51e54fd72c61d06b6952990db2025e8221fc4b0d26a3800b4101c7936803b3d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Doc.Dropper.Agent-6541421-0", "description": "SHA256 of 3b2e584d484105e47701a19c339bbb5b", "expiration": null, "is_active": 1 }, { "id": 1386572801, "indicator": "c5b7e21f19493fed30675f86df39c69fbc3a8a4617d1d85ac3dda90d97d14d6c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA256 of 2a02f52b64bb0b2ffce4fb81b4517c7c", "expiration": null, "is_active": 1 }, { "id": 1386572802, "indicator": "c6892fbba2a4db782d50e4814bafa327266bb3024af01726ab11ed3964ea29b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 34e123f1d645eb22eabf9a0468f331dc", "expiration": null, "is_active": 1 }, { "id": 1386572805, "indicator": "c74b0ad5ad835e596b2798a8d627698bd1063ac7592a4d29aa938977a3e3c2b2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 38c1d0f4a0cf2f1018a1cd5f2b7efe86", "expiration": null, "is_active": 1 }, { "id": 1386572809, "indicator": "c89292f548b0382fcd396211c605bb30a1ed0d1f10aa9c78241cc6243e22ac76", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 27ee5787561b5efd058b43b75f9462c9", "expiration": null, "is_active": 1 }, { "id": 1386572811, "indicator": "c8d0136ae3d464d6584ccfd92956d7106f746273d3b054fdf46bcdf9841bfbf1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 1002586d9f9f01802fa97cbff8cd7d04", "expiration": null, "is_active": 1 }, { "id": 1386572817, "indicator": "c9cc1dc0f49c114799297137501ce9f5320eaecc6b0ba9afebfdcb9ac8b75ea3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 07f6233dfc22cd74724f5ab3fed265f1", "expiration": null, "is_active": 1 }, { "id": 700487737, "indicator": "c9e25ce021a4f5543716f7ac29b3eadbcecd8a919aac0226eab7ed92757e6c95", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA256 of 3f2edec5a187022818f166403d7e6ab4", "expiration": null, "is_active": 1 }, { "id": 1386572819, "indicator": "cadf2258eea6660cb234b885df194018c793f274264e40ef95b233eb0933600e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MSIL:GenMalicious-BJT", "description": "SHA256 of 277ada55027e622cb40e0073f3bf1455", "expiration": null, "is_active": 1 }, { "id": 1386572826, "indicator": "cc08c6c000650dacf80deb89af139bc0cfdfef52abe8e67aba288ab2fa428f34", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0b421158b4446e71a29bb984e676203b", "expiration": null, "is_active": 1 }, { "id": 1386572827, "indicator": "cc6e2af726af692a9364185c0854b2560e899d8d9fd4b54d514d2df7d2676cd4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 078024bf070634295c4e9d43ebc68d63", "expiration": null, "is_active": 1 }, { "id": 1386572829, "indicator": "ccf11edb3c7aa64ebf7eaff916b0894fbe1e500a61cf3dec3d6673dba3cf69f7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 248bbade477d88d0725d7d4ec48a5587", "expiration": null, "is_active": 1 }, { "id": 1386572832, "indicator": "cd3059d040675714fd5f016009af62049c188f0e40c9e0cec33857142866e0b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1c138de648fb5b72b245a34c935230ba", "expiration": null, "is_active": 1 }, { "id": 1386572834, "indicator": "cd309ad77ef0180c2c59bab487e90dc967fd0781ec10a4f5196a0fda75cac36d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 21c0027924a5a4a70cd1e61220716224", "expiration": null, "is_active": 1 }, { "id": 983698523, "indicator": "cf0107e13ae5dad6475a7fb9e93dbce830fa2ded1a402db4df6fd6aba8a45a28", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0854f0f744d3797e38cc07304db68764", "expiration": null, "is_active": 1 }, { "id": 1386572841, "indicator": "cf5616b01f1a003565623100c253c673d87cff7139f52a57f7edeb95287969e6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 33a652fb271437ab9cef8c3be6e93dac", "expiration": null, "is_active": 1 }, { "id": 1386572844, "indicator": "cf888702009455058cd026f964eab4a879ddecba2ad3c9fd88bb80aa4ac448dc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 156e55fa92300c5412289fcc85190288", "expiration": null, "is_active": 1 }, { "id": 1386572845, "indicator": "cf926406c9ad1c114a905e0e3c5e104c782b5ec47d48e6c6346ad208fa87a677", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 19d2918e48cfab1275f18d9b42307eb2", "expiration": null, "is_active": 1 }, { "id": 576612699, "indicator": "d142c8f903913beeec5e3c4c2edf491f05db57e12ad6630d820522ee8a4aa6cf", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0db78a53fa0f421e1342a21f77963025", "expiration": null, "is_active": 1 }, { "id": 1386572855, "indicator": "d212a6d9aad594f502753d1db441ddd5d1610f903a82f94107030853a2101622", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 468e125242b464af3a64841bbd0a3ae0", "expiration": null, "is_active": 1 }, { "id": 1386572858, "indicator": "d2a85dd92404f17d5d2d6f1ae175dd9dadde770db28619c31feb66a9170dc4da", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 0da5c7a1740cdd66e88a17b629e656b5", "expiration": null, "is_active": 1 }, { "id": 1386572867, "indicator": "d4103e933d33c9257967b632f9c4cedc5f57e15abd2c0357ce7e9966881cc97d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 260b768a03390af34cf4d91ced33fb0e", "expiration": null, "is_active": 1 }, { "id": 1386572877, "indicator": "d7b1c8c8aaae4870c3f1c79d7d044d5c670c2530c1c5ea31f50c30a1dac38863", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 25ad24e3002a8f7fa2b2f5cdf3c1d7ef", "expiration": null, "is_active": 1 }, { "id": 1386572891, "indicator": "da053d4806250b111e262dc859549d3f455b202e4a12d29354fe8a0d4994fb22", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 32831655372c8e6a3392a2cc8ab2da52", "expiration": null, "is_active": 1 }, { "id": 576613702, "indicator": "da99eb849f259e110969bfab761213029c94c97509e73df781f77b78563f7064", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 039275d58d501cf0fdea202b395c466e", "expiration": null, "is_active": 1 }, { "id": 1386572893, "indicator": "daa68b22e69d67c9f0066b5172aa0a56db69e1dce48a9f916cc84be66e0792f9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3316d124b26e337d968f1a224b9dbec5", "expiration": null, "is_active": 1 }, { "id": 1386572896, "indicator": "db1483528df7803a766f5a536c2680ac9ca0f6c8566753adecb8fd0612682d98", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "SHA256 of 47a1c122bbb08ba3f2e441b380221f3f", "expiration": null, "is_active": 1 }, { "id": 1386572898, "indicator": "db7526451fe7bc4c4b1ec81a05c74485066a3900d93fcdc847f83ce28300e6b8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 33892009d04a01bad5a71e37ddeaca52", "expiration": null, "is_active": 1 }, { "id": 980082218, "indicator": "db83aef9c16d50f19261974e121f090195b33e4f40e110043c70540be98d1cbb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 359bcb291f5b3091d9ddcedad3968d13", "expiration": null, "is_active": 1 }, { "id": 1386572901, "indicator": "dbe870a5a393176c10fd5132580610ca22a2d7f17b5ba28fda7d76a517fa1ed3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 27a9e1376137d9e24b82c01f6d12c802", "expiration": null, "is_active": 1 }, { "id": 1386572911, "indicator": "de5f80fc7d0de3f52b71593811152d0d9a2b666b0335f7034afca15e5203b5a6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_rtfn", "description": "SHA256 of 1af35709cf686cf0f427ba80ced2d426", "expiration": null, "is_active": 1 }, { "id": 1386572913, "indicator": "deebe21fd39ec206f1d3507370cee1c52fb60f98dc0557af839bf835e3ad2104", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3744ffc1f6219702ac75d05265b4c092", "expiration": null, "is_active": 1 }, { "id": 1386572917, "indicator": "dfc3e27a9bebbfd134d83132e1682b133b9d50708e450cf48cba26aad23a9346", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 30ac7066c073e160a45b1199245776f8", "expiration": null, "is_active": 1 }, { "id": 1386572920, "indicator": "e06424ab3e62b69f6f6e351787d97b7dec56facc3adbaab03c694a0dc5d977b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 103f64a9237db2c939c35c93e13aed04", "expiration": null, "is_active": 1 }, { "id": 1386572922, "indicator": "e10d9f1c620d2ff017ebc0edd1102b51c7da7ebd595dfafeff6ce5a55f2f3bd8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 120fc8902ed442b13c04be98bc53ad34", "expiration": null, "is_active": 1 }, { "id": 1386572925, "indicator": "e214833e7bd22dda2a8c8ee0e0633e7956b4b4577a06717e05e9f9e7b31880f0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1b2a3a848f87cbbcc42537e99251f3bb", "expiration": null, "is_active": 1 }, { "id": 1386572927, "indicator": "e25e3333db573b70ca342d5d040800d030c3e8348983a2592de415297b0b5b3b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 4958f718d47061f2e9e2064f8ac94e06", "expiration": null, "is_active": 1 }, { "id": 1386572931, "indicator": "e38372681d9fd42504d33a7956865bdc6e0fac15dacefb857c3bc279f7d6ad1f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0ae994af3dcece45343836e94f8e7ecb", "expiration": null, "is_active": 1 }, { "id": 980082214, "indicator": "e3bfef9f0d8d9a87838812941980aaf05f06c166d54fd77ed97c68cb4bcb1bf5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 442cb3d02405a68557c7fe286c8c5b8c", "expiration": null, "is_active": 1 }, { "id": 1386572935, "indicator": "e40862463a73dfb6537f6231828314fcc6a6959b6049b1c4ea55ba175afa8df3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1d7c5aa42089f1fe2915d69d8b5116dd", "expiration": null, "is_active": 1 }, { "id": 1386572938, "indicator": "e48e453c0ee566aebfc5491602d69a28d9f2c0ea1947dd664484a8fcd1249d9e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 24823a0b6d9e48e4234efd027161c0dd", "expiration": null, "is_active": 1 }, { "id": 1386572939, "indicator": "e49a3e956dc1299041ed6f3c8a80a444f1e7f82a09bdb5044306a5e924818f43", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0c836cda6823cc0b4b77008312e9720c", "expiration": null, "is_active": 1 }, { "id": 576612682, "indicator": "e7c58509840796d50ccc4bad4e20ff2da5e05c6051b41fd480a216613a83bc4b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3ab130e6071654a94220d865320dd2cc", "expiration": null, "is_active": 1 }, { "id": 1386572949, "indicator": "e897604328cfbdbe8d1a9eedd2fbd637c7654af97fbe90d8a64873d2f4fca53d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4d796bc9fd0e0e8f44ab5154dfeb0777", "expiration": null, "is_active": 1 }, { "id": 1386572951, "indicator": "e9c895b7bda8d7378c8ac46965fe8038541d02f285a8d0b47fd3cb94f6ed4e84", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 50564f7bfdbe6f4c7801b67c3a31cfde", "expiration": null, "is_active": 1 }, { "id": 1386572957, "indicator": "eb9553ddb141d5281b49dac4b50a6f626902c4e14dc3532fafb737f85e667915", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 1e68b95d8432bf405e293b430a3fd84f", "expiration": null, "is_active": 1 }, { "id": 1386572960, "indicator": "ec76289ea388347501f2e95c2caaa0cbaea0c670eea9449dc42f6ceeaf462468", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 13b40a0ab93b784ef29a01f3edb3dd6a", "expiration": null, "is_active": 1 }, { "id": 1386572961, "indicator": "ecec33db510a88eb2a9af3b1c6e0d702ef86d12acb54ada57ab2eb113afcda12", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!rfn", "description": "SHA256 of 3abe771de758841de8b767a6b0c3092b", "expiration": null, "is_active": 1 }, { "id": 1386572962, "indicator": "ed82cdb2ec4c7bb3e5b107d3b3f431af2d2970dd46d1d1dc9bf47412d6edabc9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 530de6679b4252ee610f981f5733df2d", "expiration": null, "is_active": 1 }, { "id": 1386572998, "indicator": "edc06476c3e8a14bb37b750382295f40791fa66dba982613856016cf79006edd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 04d8a53865eab1aa5ca5c28f3d801d06", "expiration": null, "is_active": 1 }, { "id": 1386573007, "indicator": "eed09fa713e5417090636b85fb30954b82ad2afc39d69c64db4bd68a9a8fe713", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 0e495b1e38ce80e0ba31c73a5203d09b", "expiration": null, "is_active": 1 }, { "id": 1386573008, "indicator": "ef1d7c57018c18ca2c8548260b7960e2bc9b50ea586d04db1a9c896e317d4b2f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "SHA256 of 2438d921d8a75f5bda9c5629746b84c6", "expiration": null, "is_active": 1 }, { "id": 1386573012, "indicator": "f10e3c8ae94b4ee00f6a09e72a9051d682366dae58f3bb7a7aab9c9b99b7714c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_unicode", "description": "SHA256 of 1bc20f9efee8e0c8bbe31b2e4d00a94d", "expiration": null, "is_active": 1 }, { "id": 1386573018, "indicator": "f3635b86c8395d383ffbeae5f75b23191c526433e91fd0a839f0a3e9a41f68db", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3cae946269d800794c61852fb9326ba4", "expiration": null, "is_active": 1 }, { "id": 1386573021, "indicator": "f4a092fb455c70d6c3bb259da079742aa44935d77c4a63a9f150f9e8bb5fa42c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanSpy:Win32/Loyeetro.B!bit", "description": "SHA256 of 29f4c6cf1897ed6c158f6335e0998a38", "expiration": null, "is_active": 1 }, { "id": 1386573025, "indicator": "f52df20398321ca0d9e224b159b2cf59b073818a164364cbaa766fac531e387e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 38316406bccfdd6adcf10f26755cecb6", "expiration": null, "is_active": 1 }, { "id": 1386573026, "indicator": "f5de6178188a3889288844a75b1989789503fe73f8cf8f406d164c4ee0aeb338", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 35d8069116cb99907edea204f2b3b25f", "expiration": null, "is_active": 1 }, { "id": 1386573031, "indicator": "f746861fad3548dc37583a1134ecaf9ed6476e0175f0e51c8e78b3e671c27bbb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanWin32Comisproc", "description": "SHA256 of 44f15583eb6340c6547d45b0efe9da5c", "expiration": null, "is_active": 1 }, { "id": 1386573033, "indicator": "f7908c6cc11ee31d3a491a5700c8b3bbc4f40e7579fe7615f9f273feea879574", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 4ab0efbe6b707653d5dce072efd71420", "expiration": null, "is_active": 1 }, { "id": 1386573034, "indicator": "f7fd959aba06811db16e1f2846f844af05bedd51d9e35848e4097b6692a3a57a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 4037f4b612bee8377a8b6c5d854fd9d1", "expiration": null, "is_active": 1 }, { "id": 1386573036, "indicator": "f9034c82874af5efb6f323128b712736c0745c8e30de168db688d0d5c748be8b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 3550099425b5c16cc1e500d133e4695d", "expiration": null, "is_active": 1 }, { "id": 1386573040, "indicator": "fa5ce880e56b4fe51a8305319dddf16d21de8b2154a4eac0b318b42c781e46dc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 35668d4e0b695960ea55263ed4e62533", "expiration": null, "is_active": 1 }, { "id": 1386573045, "indicator": "fb56801c4ffad456ceb4ba806eb53ca47231f36d62abded6eb841e805c8885cd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA256 of 368de64cf5f02da40177692f8338632e", "expiration": null, "is_active": 1 }, { "id": 1386573051, "indicator": "fc61d8560de8bea8b131776193503274dbfbaa12a8b81df1fe1863278dd4a40d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 04d38647d9744274a6d764c5f135e68c", "expiration": null, "is_active": 1 }, { "id": 1386573052, "indicator": "fcdc0c35be08f5033a7414be8cd10ce23488156636934ee7cf1a4b261fc7f9cd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "nUFS_html", "description": "SHA256 of 1025000169c8a8af780be4c204cd9b87", "expiration": null, "is_active": 1 }, { "id": 1386573055, "indicator": "fdd95d571b70dfc19e9988c7525c95e496ce79d1aef4262a913cde2f2f2935a2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 02640462c27a1578060b59bd9b410512", "expiration": null, "is_active": 1 }, { "id": 920654383, "indicator": "fde827e292ea3613e8122083ec7590762f5c2aa5e6ba574d067c6a8305a57ae4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 411e91cab228c3ae34df4aafe8632b6a", "expiration": null, "is_active": 1 }, { "id": 1386573058, "indicator": "fe2eb895f13534b1380c37f467e31b4f5ee42d092442924b5baac6b03325549e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Casdet!rfn", "description": "SHA256 of 306bed698ed9a2b33c376c4668dcb774", "expiration": null, "is_active": 1 }, { "id": 995516981, "indicator": "fe62016faf3115405dd81353fd9077d183c2c38553a6aa8fe0261da4cf45ff0e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "VirTool:MSIL/NetInject.A", "description": "SHA256 of 46b255cb008d99da1d0fe1eb51006a6a", "expiration": null, "is_active": 1 }, { "id": 1386573062, "indicator": "fece00a6d254392ae9040ba1a3cd254c6666190c582409dc938d2b1127f223e4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "UPX", "description": "SHA256 of 04c60405aa78d77c3d2e8917ed80e473", "expiration": null, "is_active": 1 }, { "id": 1607620127, "indicator": "http://myfiles123.su/1//v/hkW5GDQ", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568531, "indicator": "http://natviigator.com/nice/manufacture.exe", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 889465918, "indicator": "http://pomf.cat/upload.php", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568532, "indicator": "http://www.MP4ToMP3Converter.net", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3359706584, "indicator": "http://www.smartassembly.com/webservices/Reporting/E", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3359702587, "indicator": "http://www.smartassembly.com/webservices/Reporting/L", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "HTML document, ASCII text, with CRLF line terminators", "description": "dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f", "expiration": null, "is_active": 1 }, { "id": 2449528998, "indicator": "myfiles123.su", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 886646840, "indicator": "natviigator.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2787941092, "indicator": "fbi.no-ip.net", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568533, "indicator": "fbi962.ddns.net", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3355033919, "indicator": "project.thisdocument.auto", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568534, "indicator": "project.thisdocument.sd", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568535, "indicator": "www.mp4tomp3converter.net", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3359701246, "indicator": "www.smartassembly.com", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5297, "indicator": "3b0ecd011500f61237c205834db0e13a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "", "expiration": null, "is_active": 1 }, { "id": 5303, "indicator": "8b92fe86c5b7a9e34f433a6fbac8bc3a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "", "expiration": null, "is_active": 1 }, { "id": 1593573342, "indicator": "682e49efa6d2549147a21993d64291bfa40d815a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "SHA1 of 3b0ecd011500f61237c205834db0e13a", "expiration": null, "is_active": 1 }, { "id": 1593573341, "indicator": "85522190958c82589fa290c0835805f3d9a2f8d6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "SHA1 of 8b92fe86c5b7a9e34f433a6fbac8bc3a", "expiration": null, "is_active": 1 }, { "id": 2326529, "indicator": "03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "SHA256 of 8b92fe86c5b7a9e34f433a6fbac8bc3a", "expiration": null, "is_active": 1 }, { "id": 2326541, "indicator": "7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Sednit, W32/Sofacy, Sofacy", "description": "SHA256 of 3b0ecd011500f61237c205834db0e13a", "expiration": null, "is_active": 1 }, { "id": 605754, "indicator": "004b55a66b3a86a1ce0a0b9b69b95976", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661765, "indicator": "006b418307c534754f055436a91848aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661753, "indicator": "02522ce47a8db9544f8877dace7e0833", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596773, "indicator": "02b79c468c38c4312429a499fa4f6c81", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "", "expiration": null, "is_active": 1 }, { "id": 159092, "indicator": "0369620eb139c3875a62e36bb7abdae8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2312372, "indicator": "072c692783c67ea56da9de0a53a60d11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 212197, "indicator": "075b6695ab63f36af65f7ffd45cccd39", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661791, "indicator": "078755389b98d17788eb5148e23109a6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661680, "indicator": "07c8a0a792a5447daf08ac32d1e283e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596774, "indicator": "0b32e65caf653d77cab2a866ee2d9dbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1891213", "description": "", "expiration": null, "is_active": 1 }, { "id": 2312369, "indicator": "0c334645a4c12513020aaabc3b78ef9f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661776, "indicator": "0ebfac6dba63ff8b35cbd374ef33323a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661773, "indicator": "0eefeaf2fb78ebc49e7beba505da273d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661673, "indicator": "113cc4a88fd28ea4398e312093a6a4d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955413, "indicator": "116d2fc1665ce7524826a624be0ded1c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955451, "indicator": "1219318522fa28252368f58f36820ac2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5305, "indicator": "1259c4fe5efd9bf07fc4c78466f2dd09", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661822, "indicator": "12a9fff59de1663dec1b45ea2ede22f5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 41803916, "indicator": "1421419d1be31f1f9ea60e8ed87277db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180070, "indicator": "16a6c56ba458ec718b4e9bc8f9f10785", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661802, "indicator": "18efc091b431c39d3e59be445429a7bc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661811, "indicator": "19172b9210295518ca52e93a29cfe8f4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661823, "indicator": "1a5d89f6fd3f1ed5f4e76084b0fa7806", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661770, "indicator": "1ac15db72e6d4440f0b4f710a516b165", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 138810976, "indicator": "1c6f8eba504f2f429abf362626545c79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Seduploader-6352548-0", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661789, "indicator": "1d1287d4a3ba5d02cca91f51863db738", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661782, "indicator": "1e217668d89b480ad42e230e8c2c4d97", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1931741, "indicator": "20ff290b8393f006eaf4358f09f13e99", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955441, "indicator": "211b7100fd799e9eaabeb13cfa446231", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 200431407, "indicator": "2163a33330ae5786d3e984db09b2d9d2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955463, "indicator": "21d63e99ed7dcd8baec74e6ce65c9ef3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661801, "indicator": "23ae20329174d44ebc8dbfa9891c6260", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955398, "indicator": "26ac59dab32f6246e1ce3da7506d48fa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Coresh-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 5306, "indicator": "272f0fde35dbdfccbca1e33373b3570d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_sofacy_general", "description": "", "expiration": null, "is_active": 1 }, { "id": 1931746, "indicator": "27faa10d1bec1a25f66e88645c695016", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661769, "indicator": "291af793767f5c5f2dc9c6d44f1bfb59", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2262782, "indicator": "296c956fe429cedd1b64b78e66797122", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955470, "indicator": "2d4eaa0331abbc6d867f5f979b2c890d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 12923, "indicator": "2dfc90375a09459033d430d046216d22", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1915963, "indicator": "2f04b8eb993ca4a3d98607824a10acfb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326604, "indicator": "30cda69cf82637dfa2ffdc803bf2aead", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661762, "indicator": "3430bf72d2694e428a73c84d5ac4a4b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661778, "indicator": "34651f2df01b956f1989da4b3ea40338", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 138810977, "indicator": "34dc9a69f33ba93e631cd5048d9f2624", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 118791, "indicator": "35283c2e60a3cba6734f4f98c443d11f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "MacOS:Ldipadoor-A", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661817, "indicator": "356d03f6975f443d6db6c5069d778af9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955412, "indicator": "35717cd78ce713067a5037286cf91c3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 212195, "indicator": "364ff454dcf00420cff13a57bcb78467", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661814, "indicator": "388594cd1bef96121be291880b22041a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661750, "indicator": "404eb3f7554392e85e56aed414db8455", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661760, "indicator": "409848dabfd110f4d373dd0a97ff708e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661794, "indicator": "41e14894f4ad9494e0359ee5bb3d9745", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661759, "indicator": "4265f6e8cc545b925912867ec8af2f11", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955436, "indicator": "42bc93c0caddf07fce919d126a6e378f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Metlar.A", "description": "", "expiration": null, "is_active": 1 }, { "id": 5301, "indicator": "48656a93f9ba39410763a2196aabc67f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661779, "indicator": "4ac8d16ff796e825625ad1861546e2e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 20039139, "indicator": "4b02dfdfd44df3c88b0ca8c2327843a4", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661751, "indicator": "4fe4b9560e99e33dabca553e2eeee510", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1928138, "indicator": "504182aaa5575bb38bf584839beb6d51", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326605, "indicator": "5363e5cc28687b7dd71f1e257eab2d5d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661796, "indicator": "540e4a7a28ca1514e53c2564993d8d87", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 19662, "indicator": "557f8d4c6f8b386c32001def807dc715", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661761, "indicator": "56e011137b9678f1fcc54f9372198bae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2312370, "indicator": "57cc08213ab8b6d4a538e4568d00a123", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2262784, "indicator": "5882a8dd4446abd137c05d2451b85fea", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5299, "indicator": "5882fda97fdf78b47081cc4105d44f7c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661828, "indicator": "58ca9243d35e529499dd17d27642b419", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12113, "indicator": "5e70a5c47c6b59dae7faf0f2d62b28b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 442814, "indicator": "5e93cf87040cf225ab5b5b9f9f0a0d03", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661774, "indicator": "607a7401962eaf78b93676c9f5ca6a26", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661758, "indicator": "6159c094a663a171efd531b23a46716d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1388640", "description": "", "expiration": null, "is_active": 1 }, { "id": 2324209, "indicator": "62deab0e5d61d6bf9e0ba83d9e1d7e2b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1931740, "indicator": "647edddf61954822ddb7ab3341f9a6c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1823681", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596782, "indicator": "66b4fb539806ce27be184b6735584339", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180046, "indicator": "66f368cab3d5e64475a91f636c87af15", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661809, "indicator": "672b8d14d1d3e97c24baf69d50937afc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326595, "indicator": "6a24be8f61bcd789622dc55ebb7db90b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661808, "indicator": "6ca857721be6fff26b10867c99bd8c80", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Swf.Exploit.CVE_2015_7645", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661681, "indicator": "6cd2c953102792b738664d69ce41e080", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661775, "indicator": "7276d1dab1125f59604252159e0c529c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661783, "indicator": "732fbf0a4ceb10e9a2254af59ae4f880", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661677, "indicator": "75f71713a429589e87cf2656107d2bfc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180079, "indicator": "76d3eb8c2bed4f2588e22b8d0984af86", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661795, "indicator": "77089c094c0f2c15898ff0f021945148", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661826, "indicator": "7764499bb1c4720d0f1d302f15be792c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661829, "indicator": "77aa465744061b4b725f73848aebdff6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12112, "indicator": "77e7fb6b56c3ece4ef4e93b6dc608be0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1025176, "indicator": "78450806e56b1f224d00455efcd04ce3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5298, "indicator": "791428601ad12b9230b9ace4f2138713", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661790, "indicator": "7a055cbe6672f77b2271c1cb8e2670b8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326558, "indicator": "7b1bfd7c1866040e8f618fe67b93bea5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955399, "indicator": "7c2b1de614a9664103b6ff7f3d73f83d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661682, "indicator": "7fcf20302404f644fb07fe9d4fe9ac84", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 118792, "indicator": "800af1c9d341b846a856a1e686be6a3e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661788, "indicator": "81d9649612b05829476854bde71b8c3f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1911287, "indicator": "82f06d7157dd28a75f1fbb47728aea25", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955447, "indicator": "83cf67a5d2e68f9c00fbbe6d7d9203bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955438, "indicator": "85c80d01661f88ec556579e772a5a3db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596786, "indicator": "88009adca35560810ec220544e4fb6aa", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.CVE_2017_0263-6308663-1", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661675, "indicator": "8b031fce1d0c38d6b4c68d52b2764c7e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159087, "indicator": "8b238931a7f64fddcad3057a96855f6c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661764, "indicator": "8b6d824619e993f74973eedfaf18be78", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2262783, "indicator": "8c3f5f1fff999bc783062dd50357be79", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159084, "indicator": "8c4d896957c36ec4abeb07b2802268b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5296, "indicator": "8c4fa713c5e2b009114adda758adc445", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159089, "indicator": "8cb08140ddb00ac373d29d37657a03cc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955469, "indicator": "91381cd82cdd5f52bbc7b30d34cb8d83", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661766, "indicator": "9227678b90869c5a67a05defcaf21dfb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661785, "indicator": "93c589e9eaf3272bc0349d605b85c566", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326598, "indicator": "9422ca55f7fca4449259d8878ede5e47", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2635728, "indicator": "94ebc9ef5565f98b1aa1e97c6d35c2e0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596788, "indicator": "953c7321c4959655fdd53302550ce02d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "RC6_Constants", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326591, "indicator": "9617f3948b1886ebc95689c02d2cf264", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2312376, "indicator": "96ed0a7976e57ae0bb79dcbd67e39743", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Agent-AUHQ", "description": "", "expiration": null, "is_active": 1 }, { "id": 19681, "indicator": "973e0c922eb07aad530d8a1de19c7755", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661781, "indicator": "9863f1efc5274b3d449b5b7467819d28", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661824, "indicator": "991ffdbf860756a4589164de26dd7ccf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661818, "indicator": "99b93cfcff258eb49e7af603d779a146", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661672, "indicator": "9a66142acfc7739f78c23ab1252db45b", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661812, "indicator": "9a6b771c934415f74a203e0dfab9edbe", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 41803917, "indicator": "9b10685b774a783eabfecdb6119a8aa3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661815, "indicator": "9ca6ead1384953d787487d399c23cb41", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661757, "indicator": "9d1a09bb98bf1ee31f390b60b0cf724d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661816, "indicator": "9df2ddb2631ff5439c34f80ace40cd29", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955455, "indicator": "9e4817f7bf36a61b363e0911cc0f08b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 487642, "indicator": "9e7053a4b6c9081220a694ec93211b4e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "", "expiration": null, "is_active": 1 }, { "id": 5302, "indicator": "9eebfebe3987fec3c395594dc57a0c4c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "SOFACY__Loader", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326602, "indicator": "9f82abbaebc1093a187f1887df2cf926", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1915964, "indicator": "9fe3a0fb3304d749aeed2c3e2e5787eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661772, "indicator": "a0f212fd0f103ca8beaf8362f74903a2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 149961, "indicator": "a24552843b9fedd7d0084e1eb1dd6e35", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.B!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661807, "indicator": "a24d2f5258f8a0c3bddd1b5636b0ec57", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661786, "indicator": "a3c757af9e7a9a60e235d08d54740fbc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661810, "indicator": "a579d53a1d29684de6d2c0cbabd525c5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661821, "indicator": "a7b4e01335aac544a12c6f88aab80cd9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159083, "indicator": "a96f4b8ac7aa9dbf4624424b7602d4f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596791, "indicator": "aa34fb2e5849bff4144a1c98a8158970", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180025, "indicator": "aa3e6af90c144112a1ad0c19bdf873ff", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661832, "indicator": "ac3e087e43be67bdc674747c665b46c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955475, "indicator": "ac75fd7d79e64384b9c4053b37e5623f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596792, "indicator": "aced5525ba0d4f44ffd01c4db2730a34", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661777, "indicator": "acf8cda38b0d1b6a0d3664a0e33deb96", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661678, "indicator": "ad44a7c5e18e9958dda66ccfc406cd44", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661676, "indicator": "ae4ded48da0766d237ce2262202c3c96", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Lisuife-3", "description": "", "expiration": null, "is_active": 1 }, { "id": 147482, "indicator": "aeebfc9eb9031e423797a5af1985242d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955415, "indicator": "afe09fb5a2b97f9e119f70292092604e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 11667955, "indicator": "b137c809e3bf11f2f5d867a6f4215f95", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661799, "indicator": "b1b88f78c2f4393d437da4ce743ac5e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596793, "indicator": "b1d1a2c64474d2f6e7a5db71ccbafa31", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661674, "indicator": "b2dc7c29cbf8d71d1dd57b474f1e04b9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596795, "indicator": "b88633376fbb144971dcb503f72fd192", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596796, "indicator": "b924ff83d9120d934bb49a7a2e3c4292", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661793, "indicator": "bae0221feefb37e6b81f5ca893864743", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661755, "indicator": "bebb3675cfa4adaba7822cc8c39f55bf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1916108, "indicator": "bed5bc0a8aae2662ea5d2484f80c1760", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661831, "indicator": "c0d1762561f8c2f812d868a3939d23f0", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661819, "indicator": "c16b07f7590a8620a8f0f687b0bd8bd8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955407, "indicator": "c2988e3e4f70d5901b234ff1c1363dcc", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2617698, "indicator": "c2a0344a2bbb29d9b56d378386afcbed", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159088, "indicator": "c3ae4a37094ecfe95c2badecf40bf5bb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661784, "indicator": "c3c278991ad051fbace1e2f3a4c20998", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661787, "indicator": "c43edb579e43aaeb6f0c0703f84e43f7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661806, "indicator": "c4ffab85d84b494e1c450819a0e9c7db", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661792, "indicator": "c6a80316ea97218df11e11125337233a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1931742, "indicator": "c789ec7537e300411d523aef74407a5e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661813, "indicator": "cc9e6578a47182a941a478b276320e06", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661803, "indicator": "cd1c521b6ae08fc97e3d69f242f00f9e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lisuife-2", "description": "", "expiration": null, "is_active": 1 }, { "id": 11667957, "indicator": "cdb58c2999eeda58a9d0c70f910d1195", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159085, "indicator": "ce151285e8f0e7b2b90162ba171a4b90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 605839, "indicator": "ce227ae503e166b77bf46b6c8f5ee4da", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661797, "indicator": "ce254486b02be740488c0ab3278956fd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159090, "indicator": "ce8b99df8642c065b6af43fde1f786a3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326594, "indicator": "cf30b7550f04a9372c3257c9b5cff3e9", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661800, "indicator": "d3de5b8500453107d6d152b3c8506935", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596797, "indicator": "d4a5d44184333442f5015699c2b8af28", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180059, "indicator": "d4e99548832b6999f00e8d223c6fabbd", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661771, "indicator": "d535c3fc5f0f98e021bea0d6277d2559", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596798, "indicator": "d6f2bf2066e053e58fe8bcd39cb2e9ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2636948, "indicator": "d70f4e9d55698f69c5f63b1a2e1507eb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2262781, "indicator": "d79a21970cad03e22440ea66bd85931f", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955390, "indicator": "d7a625779df56d874871bb632f3e3106", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661805, "indicator": "d7c471729bc124babf32945eb5706eb6", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661767, "indicator": "d994b9780b69f611284e22033e435edb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5300, "indicator": "da2a657dc69d7320f2ffc87013f257ad", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661679, "indicator": "db9edafbadd71c7a3a0f0aec1b216a92", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 176311, "indicator": "dcf6906a9a0c970bcd93f451b9b7932a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661768, "indicator": "dd5e31f9d323e6c3e09e367e6bd0e7b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661820, "indicator": "dfc836e035cb6c43ce26ed870f61d7e8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12922, "indicator": "dffb22a1a6a757443ab403d61e760f0c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 212196, "indicator": "e107c5c84ded6cd9391aede7f04d64c8", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 150199, "indicator": "e1554b931affb3cd2edc90bc58028078", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 12226375, "indicator": "e228cd74103dc069663bb87d4f22d7d5", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661798, "indicator": "e49bce75070a7a3c63a7cebb699342b3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661752, "indicator": "e766e048bd222cfd2b9cc1bf24125dac", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661827, "indicator": "ea726d3e8f6516807366584f3c5b5e2a", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 5304, "indicator": "ead4ec18ebce6890d20757bb9f5285b1", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661754, "indicator": "ed601bbd4dd0e267afb0be840cb27c90", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661756, "indicator": "ed7f6260dec470e81dafb0e63bafb5ae", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661825, "indicator": "eda061c497ba73441994a30e36f55b1d", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596800, "indicator": "ede5d82bb6775a9b1659dccb699fadcb", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 955392, "indicator": "ee64d3273f9b4d80020c24edcbbf961e", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2312374, "indicator": "effd7b2411975447fd36603445b380c7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2180054, "indicator": "f1704aaf08cd66a2ac6cf8810c9e07c2", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661763, "indicator": "f1d3447a2bff56646478b0adb7d0451c", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1928128, "indicator": "f62182cf0ab94b3c97b0261547dfc6cf", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2326576, "indicator": "f686304cff9b35ea0d7647820ab525ba", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 398596801, "indicator": "f6b2ef4daf1b78802548d3e6d4de7ba7", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 159091, "indicator": "f6f88caf49a3e32174387cacfa144a89", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661830, "indicator": "f7ee38ca49cd4ae35824ce5738b6e587", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661780, "indicator": "f8c8f6456c5a52ef24aa426e6b121685", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 11667961, "indicator": "f8e92d8b5488ea76c40601c8f1a08790", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 2661671, "indicator": "fd8d1b48f91864dc5acb429a49932ca3", "type": "FileHash-MD5", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1277074, "indicator": "0450aaf8ed309ca6baf303837701b5b23aac6f05", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 800af1c9d341b846a856a1e686be6a3e", "expiration": null, "is_active": 1 }, { "id": 1277097, "indicator": "072933fa35b585511003f36e3885563e1b55d55a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 99b93cfcff258eb49e7af603d779a146", "expiration": null, "is_active": 1 }, { "id": 1277071, "indicator": "082141f1c24fb49981cc70a9ed50cda582ee04dd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7a055cbe6672f77b2271c1cb8e2670b8", "expiration": null, "is_active": 1 }, { "id": 1277085, "indicator": "08c4d755f14fd6df76ec86da6eab1b5574dfbafd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Coresh-1", "description": "SHA1 of 26ac59dab32f6246e1ce3da7506d48fa", "expiration": null, "is_active": 1 }, { "id": 2661950, "indicator": "0b3852ae641df8ada629e245747062f889b26659", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of cc9e6578a47182a941a478b276320e06", "expiration": null, "is_active": 1 }, { "id": 1277084, "indicator": "0f04dad5194f97bb4f1808df19196b04b4aee1b8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8b6d824619e993f74973eedfaf18be78", "expiration": null, "is_active": 1 }, { "id": 1025283, "indicator": "0f7893e2647a7204dbf4b72e50678545573c3a10", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "MacOS:Ldipadoor-A", "description": "SHA1 of 35283c2e60a3cba6734f4f98c443d11f", "expiration": null, "is_active": 1 }, { "id": 1277082, "indicator": "11af174294ee970ac7fd177746d23cdc8ffb92d7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9422ca55f7fca4449259d8878ede5e47", "expiration": null, "is_active": 1 }, { "id": 12910, "indicator": "21835aafe6d46840bb697e8b0d4aac06dec44f5b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 211b7100fd799e9eaabeb13cfa446231", "expiration": null, "is_active": 1 }, { "id": 91595, "indicator": "2df498f32d8bad89d0d6d30275c19127763d5568", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Swf.Exploit.CVE_2015_7645", "description": "SHA1 of 6ca857721be6fff26b10867c99bd8c80", "expiration": null, "is_active": 1 }, { "id": 1277091, "indicator": "3403519fa3ede4d07fb4c05d422a9f8c026cedbf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 113cc4a88fd28ea4398e312093a6a4d5", "expiration": null, "is_active": 1 }, { "id": 1025268, "indicator": "351c3762be9948d01034c69aced97628099a90b0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 83cf67a5d2e68f9c00fbbe6d7d9203bf", "expiration": null, "is_active": 1 }, { "id": 2024071, "indicator": "3814eec8c45fc4313a9c7f65ce882a7899cf0405", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.B!dha", "description": "SHA1 of a24552843b9fedd7d0084e1eb1dd6e35", "expiration": null, "is_active": 1 }, { "id": 1277087, "indicator": "42dee38929a93dfd45c39045708c57da15d7586c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Lisuife-3", "description": "SHA1 of ae4ded48da0766d237ce2262202c3c96", "expiration": null, "is_active": 1 }, { "id": 1072756, "indicator": "49acba812894444c634b034962d46f986e0257cf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 23ae20329174d44ebc8dbfa9891c6260", "expiration": null, "is_active": 1 }, { "id": 1025281, "indicator": "4d5e923351f52a9d5c94ee90e6a00e6fced733ef", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1388640", "description": "SHA1 of 6159c094a663a171efd531b23a46716d", "expiration": null, "is_active": 1 }, { "id": 1277080, "indicator": "4f895db287062a4ee1a2c5415900b56e2cf15842", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 5363e5cc28687b7dd71f1e257eab2d5d", "expiration": null, "is_active": 1 }, { "id": 42649, "indicator": "4fae67d3988da117608a7548d9029caddbfb3ebf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c6a80316ea97218df11e11125337233a", "expiration": null, "is_active": 1 }, { "id": 2262788, "indicator": "512bdfe937314ac3f195c462c395feeb36932971", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 5882a8dd4446abd137c05d2451b85fea", "expiration": null, "is_active": 1 }, { "id": 1072763, "indicator": "516ec3584073a1c05c0d909b8b6c15ecb10933f1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 607a7401962eaf78b93676c9f5ca6a26", "expiration": null, "is_active": 1 }, { "id": 238780873, "indicator": "57d7f3d31c491f8aef4665ca4dd905c3c8a98795", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "SHA1 of 02b79c468c38c4312429a499fa4f6c81", "expiration": null, "is_active": 1 }, { "id": 2262790, "indicator": "58e30c466d46706d32e0c8cc543a8abfa47af490", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8c3f5f1fff999bc783062dd50357be79", "expiration": null, "is_active": 1 }, { "id": 1072759, "indicator": "593d0eb95227e41d299659842395e76b55aa048d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6cd2c953102792b738664d69ce41e080", "expiration": null, "is_active": 1 }, { "id": 2024073, "indicator": "5a452e7248a8d3745ef53cf2b1f3d7d8479546b9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "SHA1 of aa3e6af90c144112a1ad0c19bdf873ff", "expiration": null, "is_active": 1 }, { "id": 1072758, "indicator": "5c132ae63e3b41f7b2385740b9109b473856a6a5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA1 of 94ebc9ef5565f98b1aa1e97c6d35c2e0", "expiration": null, "is_active": 1 }, { "id": 42648, "indicator": "5c3e709517f41febf03109fa9d597f2ccc495956", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ac75fd7d79e64384b9c4053b37e5623f", "expiration": null, "is_active": 1 }, { "id": 1277072, "indicator": "5f05a8cb6fef24a91b3bd6c137b23ab3166f39ae", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA1 of 9ca6ead1384953d787487d399c23cb41", "expiration": null, "is_active": 1 }, { "id": 42657, "indicator": "63d1d33e7418daf200dc4660fc9a59492ddd50d9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1", "description": "SHA1 of 2d4eaa0331abbc6d867f5f979b2c890d", "expiration": null, "is_active": 1 }, { "id": 1072753, "indicator": "669a02e330f5afc55a3775c4c6959b3f9e9965cf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a0f212fd0f103ca8beaf8362f74903a2", "expiration": null, "is_active": 1 }, { "id": 955484, "indicator": "68064fc152e23d56e541714af52651cb4ba81aaf", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 116d2fc1665ce7524826a624be0ded1c", "expiration": null, "is_active": 1 }, { "id": 2024068, "indicator": "6b875661a74c4673ae6ee89acc5cb6927ca5fd0d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Metlar.A", "description": "SHA1 of 42bc93c0caddf07fce919d126a6e378f", "expiration": null, "is_active": 1 }, { "id": 1072761, "indicator": "6caa48cd9532da4cabd6994f62b8211ab9672d9e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9df2ddb2631ff5439c34f80ace40cd29", "expiration": null, "is_active": 1 }, { "id": 3360568731, "indicator": "6f1dfb7fc2367f5787b076deb44f37704a682caa", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "SHA1 of c3c278991ad051fbace1e2f3a4c20998", "expiration": null, "is_active": 1 }, { "id": 1277077, "indicator": "71636e025fa308fc5b8065136f3dd692870cb8a4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Agent-AUHQ", "description": "SHA1 of 96ed0a7976e57ae0bb79dcbd67e39743", "expiration": null, "is_active": 1 }, { "id": 42651, "indicator": "7319a2751bd13b2364031f1e69035acfc4fd4d18", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c0d1762561f8c2f812d868a3939d23f0", "expiration": null, "is_active": 1 }, { "id": 2661953, "indicator": "74c190cd0c42304720c686d50f8184ac3faddbe9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA1 of 19172b9210295518ca52e93a29cfe8f4", "expiration": null, "is_active": 1 }, { "id": 3360568732, "indicator": "78bb54f4e5308d18e178c64a6f3a54710fdb2ee3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "SHA1 of 1a5d89f6fd3f1ed5f4e76084b0fa7806", "expiration": null, "is_active": 1 }, { "id": 1593573331, "indicator": "7fbb5a2e46facd3ee0c945f324414210c2199ffb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c16b07f7590a8620a8f0f687b0bd8bd8", "expiration": null, "is_active": 1 }, { "id": 1025269, "indicator": "80dca565807fa69a75a7dd278cef1daaee34236e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9863f1efc5274b3d449b5b7467819d28", "expiration": null, "is_active": 1 }, { "id": 3254634392, "indicator": "831e04c7a8a3af3daa08018026677580d20771ff", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1891213", "description": "SHA1 of 0b32e65caf653d77cab2a866ee2d9dbc", "expiration": null, "is_active": 1 }, { "id": 1025279, "indicator": "842b0759b5796979877a2bac82a33500163ded67", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 291af793767f5c5f2dc9c6d44f1bfb59", "expiration": null, "is_active": 1 }, { "id": 1593573345, "indicator": "8def0a554f19134a5db3d2ae949f9500ce3dd2ce", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "SHA1 of 16a6c56ba458ec718b4e9bc8f9f10785", "expiration": null, "is_active": 1 }, { "id": 2233966160, "indicator": "9001f4cfe62367a282efc08b072a13a5e2e403db", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9fe3a0fb3304d749aeed2c3e2e5787eb", "expiration": null, "is_active": 1 }, { "id": 955499, "indicator": "90c3b756b1bb849cba80994d445e96a9872d0cf5", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 21d63e99ed7dcd8baec74e6ce65c9ef3", "expiration": null, "is_active": 1 }, { "id": 2248522494, "indicator": "91d8e6f993e8b294924811df052e96cbec0545ad", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of b1d1a2c64474d2f6e7a5db71ccbafa31", "expiration": null, "is_active": 1 }, { "id": 247066, "indicator": "9444d2b29c6401bc7c2d14f071b11ec9014ae040", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 364ff454dcf00420cff13a57bcb78467", "expiration": null, "is_active": 1 }, { "id": 1277095, "indicator": "99b454262dc26b081600e844371982a49d334e5e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ac3e087e43be67bdc674747c665b46c2", "expiration": null, "is_active": 1 }, { "id": 1025275, "indicator": "99f927f97838eb47c1d59500ee9155adb55b806a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 07c8a0a792a5447daf08ac32d1e283e8", "expiration": null, "is_active": 1 }, { "id": 1072757, "indicator": "9f3ab8779f2b81cae83f62245afb124266765939", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 3430bf72d2694e428a73c84d5ac4a4b9", "expiration": null, "is_active": 1 }, { "id": 42658, "indicator": "9fc43e32c887b7697bf6d6933e9859d29581ead0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a3c757af9e7a9a60e235d08d54740fbc", "expiration": null, "is_active": 1 }, { "id": 955490, "indicator": "a43ef43f3c3db76a4a9ca8f40f7b2c89888f0399", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7c2b1de614a9664103b6ff7f3d73f83d", "expiration": null, "is_active": 1 }, { "id": 2024067, "indicator": "a8551397e1f1a2c0148e6eadcb56fa35ee6009ca", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 48656a93f9ba39410763a2196aabc67f", "expiration": null, "is_active": 1 }, { "id": 1025272, "indicator": "a857bccf4cc5c15b60667ecd865112999e1e56ba", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0c334645a4c12513020aaabc3b78ef9f", "expiration": null, "is_active": 1 }, { "id": 138810982, "indicator": "ab354807e687993fbeb1b325eb6e4ab38d428a1e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Seduploader-6352548-0", "description": "SHA1 of 1c6f8eba504f2f429abf362626545c79", "expiration": null, "is_active": 1 }, { "id": 1593573722, "indicator": "b3f201ce874c5b599b52cf41634e5094b07bc2a8", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 356d03f6975f443d6db6c5069d778af9", "expiration": null, "is_active": 1 }, { "id": 12908, "indicator": "b4a515ef9de037f18d96b9b0e48271180f5725b7", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of afe09fb5a2b97f9e119f70292092604e", "expiration": null, "is_active": 1 }, { "id": 1277062, "indicator": "baa4c177a53cfa5cc103296b07b62565e1c7799f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9d1a09bb98bf1ee31f390b60b0cf724d", "expiration": null, "is_active": 1 }, { "id": 1277060, "indicator": "c18edcba2c31533b7cdb6649a970dce397f4b13c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 4265f6e8cc545b925912867ec8af2f11", "expiration": null, "is_active": 1 }, { "id": 1025282, "indicator": "c1eae93785c9cb917cfb260d3abf6432c6fdaf4d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 732fbf0a4ceb10e9a2254af59ae4f880", "expiration": null, "is_active": 1 }, { "id": 1025270, "indicator": "c2e8c584d5401952af4f1db08cf4b6016874ddac", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 078755389b98d17788eb5148e23109a6", "expiration": null, "is_active": 1 }, { "id": 955505, "indicator": "c345a85c01360f2833752a253a5094ff421fc839", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1219318522fa28252368f58f36820ac2", "expiration": null, "is_active": 1 }, { "id": 2600195, "indicator": "cb796f2986700df9ce7d8f8d7a3f47f2eb4df682", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 78450806e56b1f224d00455efcd04ce3", "expiration": null, "is_active": 1 }, { "id": 1459233862, "indicator": "ccb907f3ce245b3ca49e922d97fb7e9ed98ae1bb", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "RC6_Constants", "description": "SHA1 of 953c7321c4959655fdd53302550ce02d", "expiration": null, "is_active": 1 }, { "id": 42654, "indicator": "d3aa282b390a5cb29d15a97e0a046305038dbefe", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 18efc091b431c39d3e59be445429a7bc", "expiration": null, "is_active": 1 }, { "id": 12705, "indicator": "d43fd6579ab8b9c40524cc8e4b7bd05be6674f6c", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 557f8d4c6f8b386c32001def807dc715", "expiration": null, "is_active": 1 }, { "id": 42656, "indicator": "d85e44d386315b0258847495be1711450ac02d9f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of c4ffab85d84b494e1c450819a0e9c7db", "expiration": null, "is_active": 1 }, { "id": 1573798788, "indicator": "d87b310aa81ae6254fff27b7d57f76035f544073", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_sofacy_general", "description": "SHA1 of 272f0fde35dbdfccbca1e33373b3570d", "expiration": null, "is_active": 1 }, { "id": 1025285, "indicator": "d9989a46d590ebc792f14aa6fec30560dfe931b1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8b031fce1d0c38d6b4c68d52b2764c7e", "expiration": null, "is_active": 1 }, { "id": 1277069, "indicator": "db731119fca496064f8045061033a5976301770d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 34651f2df01b956f1989da4b3ea40338", "expiration": null, "is_active": 1 }, { "id": 2651350019, "indicator": "df47aa35c8e2cea651fd30b2cee5fbabbaf85500", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1823681", "description": "SHA1 of 647edddf61954822ddb7ab3341f9a6c5", "expiration": null, "is_active": 1 }, { "id": 1277076, "indicator": "e034e0d9ad069bab5a6e68c1517c15665abe67c9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 6a24be8f61bcd789622dc55ebb7db90b", "expiration": null, "is_active": 1 }, { "id": 3254624165, "indicator": "e173c2acab38fd7d50aa65e49e36f21629cc25f9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 62deab0e5d61d6bf9e0ba83d9e1d7e2b", "expiration": null, "is_active": 1 }, { "id": 238780882, "indicator": "e19f753e514f6adec8f81bcdefb9117979e69627", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA1 of b88633376fbb144971dcb503f72fd192", "expiration": null, "is_active": 1 }, { "id": 1593573353, "indicator": "e2101519714f8a4056a9de18443bc6e8a1f1b977", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of ad44a7c5e18e9958dda66ccfc406cd44", "expiration": null, "is_active": 1 }, { "id": 1593573338, "indicator": "e2450dffa675c61aa43077b25b12851a910eeeb6", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "SOFACY__Loader", "description": "SHA1 of 9eebfebe3987fec3c395594dc57a0c4c", "expiration": null, "is_active": 1 }, { "id": 2582714632, "indicator": "e251b3eb1449f7016df78d113571bea57f92fc36", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8b238931a7f64fddcad3057a96855f6c", "expiration": null, "is_active": 1 }, { "id": 12034559, "indicator": "e338d49c270baf64363879e5eecb8fa6bdde8ad9", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 2163a33330ae5786d3e984db09b2d9d2", "expiration": null, "is_active": 1 }, { "id": 955515, "indicator": "e3b7704d4c887b40a9802e0695bae379358f3ba0", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of a96f4b8ac7aa9dbf4624424b7602d4f7", "expiration": null, "is_active": 1 }, { "id": 1025276, "indicator": "e5fb715a1c70402774ee2c518fb0e4e9cd3fdcff", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 072c692783c67ea56da9de0a53a60d11", "expiration": null, "is_active": 1 }, { "id": 1277086, "indicator": "e816ec78462b5925a1f3ef3cdb3cac6267222e72", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 404eb3f7554392e85e56aed414db8455", "expiration": null, "is_active": 1 }, { "id": 3254628350, "indicator": "e8370b8f4d54bf7af1c24121c26c519853af52af", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.CVE_2017_0263-6308663-1", "description": "SHA1 of 88009adca35560810ec220544e4fb6aa", "expiration": null, "is_active": 1 }, { "id": 1072752, "indicator": "e8aca4b0cfe509783a34ff908287f98cab968d9e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 991ffdbf860756a4589164de26dd7ccf", "expiration": null, "is_active": 1 }, { "id": 1277093, "indicator": "e945de27ebfd1baf8e8d2a81f4fb0d4523d85d6a", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lisuife-2", "description": "SHA1 of cd1c521b6ae08fc97e3d69f242f00f9e", "expiration": null, "is_active": 1 }, { "id": 1072762, "indicator": "ee788901cd804965f1cd00a0afc713c8623430c4", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 93c589e9eaf3272bc0349d605b85c566", "expiration": null, "is_active": 1 }, { "id": 1025280, "indicator": "f024dbab65198467c2b832de9724cb70e24af0dd", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 7b1bfd7c1866040e8f618fe67b93bea5", "expiration": null, "is_active": 1 }, { "id": 247065, "indicator": "f080e509c988a9578862665b4fcf1e4bf8d77c3e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 075b6695ab63f36af65f7ffd45cccd39", "expiration": null, "is_active": 1 }, { "id": 652686592, "indicator": "f09780ba9eb7f7426f93126bc198292f5106424b", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 9e7053a4b6c9081220a694ec93211b4e", "expiration": null, "is_active": 1 }, { "id": 1277075, "indicator": "f1ee563d44e2b1020b7a556e080159f64f3fd699", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 58ca9243d35e529499dd17d27642b419", "expiration": null, "is_active": 1 }, { "id": 76988843, "indicator": "f293a2bfb728060c54efeeb03c5323893b5c80df", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 9b10685b774a783eabfecdb6119a8aa3", "expiration": null, "is_active": 1 }, { "id": 1593573321, "indicator": "f325970fd24bb088f1befdae5788152329e26bf3", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 0369620eb139c3875a62e36bb7abdae8", "expiration": null, "is_active": 1 }, { "id": 2262786, "indicator": "f3805382ae2e23ff1147301d131a06e00e4ff75f", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 504182aaa5575bb38bf584839beb6d51", "expiration": null, "is_active": 1 }, { "id": 42652, "indicator": "f3d50c1f7d5f322c1a1f9a72ff122cac990881ee", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 77089c094c0f2c15898ff0f021945148", "expiration": null, "is_active": 1 }, { "id": 1593573322, "indicator": "f46f84e53263a33e266aae520cb2c1bd0a73354e", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 77e7fb6b56c3ece4ef4e93b6dc608be0", "expiration": null, "is_active": 1 }, { "id": 1593573336, "indicator": "f5b3e98c6b5d65807da66d50bd5730d35692174d", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 8c4fa713c5e2b009114adda758adc445", "expiration": null, "is_active": 1 }, { "id": 42659, "indicator": "f7608ef62a45822e9300d390064e667028b75dea", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 75f71713a429589e87cf2656107d2bfc", "expiration": null, "is_active": 1 }, { "id": 76988844, "indicator": "f9fd3f1d8da4ffd6a494228b934549d09e3c59d1", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 1421419d1be31f1f9ea60e8ed87277db", "expiration": null, "is_active": 1 }, { "id": 2584660414, "indicator": "faef1d1dc5ec2b059782d3cef7f250a386411038", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "SHA1 of aa34fb2e5849bff4144a1c98a8158970", "expiration": null, "is_active": 1 }, { "id": 2262791, "indicator": "ff1ecd429853ee0e33f7cdfa9624a2015a40e715", "type": "FileHash-SHA1", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA1 of 296c956fe429cedd1b64b78e66797122", "expiration": null, "is_active": 1 }, { "id": 212203, "indicator": "02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 075b6695ab63f36af65f7ffd45cccd39", "expiration": null, "is_active": 1 }, { "id": 2661662, "indicator": "07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA256 of 9ca6ead1384953d787487d399c23cb41", "expiration": null, "is_active": 1 }, { "id": 2661628, "indicator": "0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9863f1efc5274b3d449b5b7467819d28", "expiration": null, "is_active": 1 }, { "id": 955147, "indicator": "0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ac75fd7d79e64384b9c4053b37e5623f", "expiration": null, "is_active": 1 }, { "id": 142778158, "indicator": "3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Seduploader-6352548-0", "description": "SHA256 of 1c6f8eba504f2f429abf362626545c79", "expiration": null, "is_active": 1 }, { "id": 955143, "indicator": "3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 211b7100fd799e9eaabeb13cfa446231", "expiration": null, "is_active": 1 }, { "id": 2661667, "indicator": "3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 23ae20329174d44ebc8dbfa9891c6260", "expiration": null, "is_active": 1 }, { "id": 2661669, "indicator": "3f14fc9c29763da76dcbc8a2aaa61658781d1b215ee322a0ebfa554d8658d22b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 356d03f6975f443d6db6c5069d778af9", "expiration": null, "is_active": 1 }, { "id": 413814, "indicator": "40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA256 of 19172b9210295518ca52e93a29cfe8f4", "expiration": null, "is_active": 1 }, { "id": 2661601, "indicator": "423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "apt_win_sofacy_general", "description": "SHA256 of 272f0fde35dbdfccbca1e33373b3570d", "expiration": null, "is_active": 1 }, { "id": 2661554, "indicator": "44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 991ffdbf860756a4589164de26dd7ccf", "expiration": null, "is_active": 1 }, { "id": 2661644, "indicator": "4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "SHA256 of aa3e6af90c144112a1ad0c19bdf873ff", "expiration": null, "is_active": 1 }, { "id": 413813, "indicator": "4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 9e7053a4b6c9081220a694ec93211b4e", "expiration": null, "is_active": 1 }, { "id": 2661659, "indicator": "4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8b031fce1d0c38d6b4c68d52b2764c7e", "expiration": null, "is_active": 1 }, { "id": 2661621, "indicator": "500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c4ffab85d84b494e1c450819a0e9c7db", "expiration": null, "is_active": 1 }, { "id": 12110, "indicator": "5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 77e7fb6b56c3ece4ef4e93b6dc608be0", "expiration": null, "is_active": 1 }, { "id": 2661616, "indicator": "54c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 078755389b98d17788eb5148e23109a6", "expiration": null, "is_active": 1 }, { "id": 12111, "indicator": "566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 800af1c9d341b846a856a1e686be6a3e", "expiration": null, "is_active": 1 }, { "id": 2262777, "indicator": "5809076ea5d97facb9cffabd2b44ea4f8de1af8a0c2c2df3807cb3a82ef99508", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 296c956fe429cedd1b64b78e66797122", "expiration": null, "is_active": 1 }, { "id": 3254628351, "indicator": "588428bc9e00c26057af8ed6894255ca4b59a8a9b7ebb3d09c9406ff736c9454", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.CVE_2017_0263-6308663-1", "description": "SHA256 of 88009adca35560810ec220544e4fb6aa", "expiration": null, "is_active": 1 }, { "id": 27312182, "indicator": "58b223f74992f371cab8f1df7c03b9b66f2ea9e3c9e22122898a9be62a05c0b4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of b1d1a2c64474d2f6e7a5db71ccbafa31", "expiration": null, "is_active": 1 }, { "id": 30563763, "indicator": "5ca7f15275bf8a8109cd61d90f91bfef776b760d5b3292afd23900b9256145e5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "SHA256 of aa34fb2e5849bff4144a1c98a8158970", "expiration": null, "is_active": 1 }, { "id": 363301, "indicator": "5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Coresh-1", "description": "SHA256 of 26ac59dab32f6246e1ce3da7506d48fa", "expiration": null, "is_active": 1 }, { "id": 2661591, "indicator": "60ee6fdca66444bdc2e4b00dc67a1b0fdee5a3cd9979815e0aab9ce6435262c6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 34651f2df01b956f1989da4b3ea40338", "expiration": null, "is_active": 1 }, { "id": 2661608, "indicator": "6236a1bdd76ed90659a36f58b3e073623c34c6436d26413c8eca95f3266cc6fc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 732fbf0a4ceb10e9a2254af59ae4f880", "expiration": null, "is_active": 1 }, { "id": 2651350020, "indicator": "8075a549c01eabe9240379ba8b02603c56a4073417d98a6d35d50e065115e216", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1823681", "description": "SHA256 of 647edddf61954822ddb7ab3341f9a6c5", "expiration": null, "is_active": 1 }, { "id": 2661567, "indicator": "8325cd6e26fb39cf7a08787e771a6cf708e0b45350d1ea239982af06db90804f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c0d1762561f8c2f812d868a3939d23f0", "expiration": null, "is_active": 1 }, { "id": 2661632, "indicator": "84ad945d1ab58591efb21b863320f533c53b2398a1bc690d221e1c1c77fa27ff", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 557f8d4c6f8b386c32001def807dc715", "expiration": null, "is_active": 1 }, { "id": 2326521, "indicator": "853dbbba09e2463c45c0ad913d15d67d15792d888f81b4908b2216859342aa04", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 83cf67a5d2e68f9c00fbbe6d7d9203bf", "expiration": null, "is_active": 1 }, { "id": 2589642670, "indicator": "8646a5330f516adce0c05ad019cf041cf79c1ca069048c3f8db94dcbdb00c408", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "APT28", "description": "SHA256 of 02b79c468c38c4312429a499fa4f6c81", "expiration": null, "is_active": 1 }, { "id": 3254634393, "indicator": "885c697b7b1cf2c8c5e0b1a6303d544e220472844af3f944e98b224106d3f6a9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Rtf.Dropper.Agent-1891213", "description": "SHA256 of 0b32e65caf653d77cab2a866ee2d9dbc", "expiration": null, "is_active": 1 }, { "id": 212202, "indicator": "8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 364ff454dcf00420cff13a57bcb78467", "expiration": null, "is_active": 1 }, { "id": 27312183, "indicator": "8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1421419d1be31f1f9ea60e8ed87277db", "expiration": null, "is_active": 1 }, { "id": 2661581, "indicator": "8f0674cb85f28b2619a6e0ddc74ce71e92ce4c3162056ef65ff2777104d20109", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 07c8a0a792a5447daf08ac32d1e283e8", "expiration": null, "is_active": 1 }, { "id": 2661657, "indicator": "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8b238931a7f64fddcad3057a96855f6c", "expiration": null, "is_active": 1 }, { "id": 2661630, "indicator": "9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Backdoor:Win32/Metlar.A", "description": "SHA256 of 42bc93c0caddf07fce919d126a6e378f", "expiration": null, "is_active": 1 }, { "id": 2661646, "indicator": "94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 404eb3f7554392e85e56aed414db8455", "expiration": null, "is_active": 1 }, { "id": 2661634, "indicator": "966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.B!dha", "description": "SHA256 of a24552843b9fedd7d0084e1eb1dd6e35", "expiration": null, "is_active": 1 }, { "id": 2661559, "indicator": "972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8b6d824619e993f74973eedfaf18be78", "expiration": null, "is_active": 1 }, { "id": 2661568, "indicator": "99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7a055cbe6672f77b2271c1cb8e2670b8", "expiration": null, "is_active": 1 }, { "id": 2661597, "indicator": "a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6cd2c953102792b738664d69ce41e080", "expiration": null, "is_active": 1 }, { "id": 2661569, "indicator": "a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Malware.Lisuife-3", "description": "SHA256 of ae4ded48da0766d237ce2262202c3c96", "expiration": null, "is_active": 1 }, { "id": 27312184, "indicator": "a4a455db9f297e2b9fe99d63c9d31e827efb2cda65be445625fa64f4fce7f797", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9b10685b774a783eabfecdb6119a8aa3", "expiration": null, "is_active": 1 }, { "id": 2661593, "indicator": "a50cb9ce1f01ea335c95870484903734ba9cd732e7b3db16cd962878bac3a767", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a0f212fd0f103ca8beaf8362f74903a2", "expiration": null, "is_active": 1 }, { "id": 2661609, "indicator": "a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "SHA256 of 1a5d89f6fd3f1ed5f4e76084b0fa7806", "expiration": null, "is_active": 1 }, { "id": 2661578, "indicator": "a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ac3e087e43be67bdc674747c665b46c2", "expiration": null, "is_active": 1 }, { "id": 955128, "indicator": "a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a96f4b8ac7aa9dbf4624424b7602d4f7", "expiration": null, "is_active": 1 }, { "id": 2661551, "indicator": "b0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c6a80316ea97218df11e11125337233a", "expiration": null, "is_active": 1 }, { "id": 2661658, "indicator": "b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 3430bf72d2694e428a73c84d5ac4a4b9", "expiration": null, "is_active": 1 }, { "id": 2661624, "indicator": "b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0369620eb139c3875a62e36bb7abdae8", "expiration": null, "is_active": 1 }, { "id": 2600194, "indicator": "b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 78450806e56b1f224d00455efcd04ce3", "expiration": null, "is_active": 1 }, { "id": 2262778, "indicator": "b3d6d931a4d27904abdfa81300724ae83069495cf49d1992507522a5aa0bafba", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8c3f5f1fff999bc783062dd50357be79", "expiration": null, "is_active": 1 }, { "id": 2661637, "indicator": "b4064721d911e9606edf366173325945f9e940e489101e7d0747103c0e905126", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Swf.Exploit.CVE_2015_7645", "description": "SHA256 of 6ca857721be6fff26b10867c99bd8c80", "expiration": null, "is_active": 1 }, { "id": 955146, "indicator": "b4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1", "description": "SHA256 of 2d4eaa0331abbc6d867f5f979b2c890d", "expiration": null, "is_active": 1 }, { "id": 2661582, "indicator": "b6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 75f71713a429589e87cf2656107d2bfc", "expiration": null, "is_active": 1 }, { "id": 487641, "indicator": "b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of ad44a7c5e18e9958dda66ccfc406cd44", "expiration": null, "is_active": 1 }, { "id": 2326489, "indicator": "ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9422ca55f7fca4449259d8878ede5e47", "expiration": null, "is_active": 1 }, { "id": 2661606, "indicator": "bebe0be0cf8349706b2feb789572e035955209d5bf5d5fea0e5d29a7fbfdc7c4", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 58ca9243d35e529499dd17d27642b419", "expiration": null, "is_active": 1 }, { "id": 2661640, "indicator": "bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of a3c757af9e7a9a60e235d08d54740fbc", "expiration": null, "is_active": 1 }, { "id": 2661643, "indicator": "c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 99b93cfcff258eb49e7af603d779a146", "expiration": null, "is_active": 1 }, { "id": 413686, "indicator": "c2551c4e6521ac72982cb952503a2e6f016356e02ee31dea36c713141d4f3785", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7c2b1de614a9664103b6ff7f3d73f83d", "expiration": null, "is_active": 1 }, { "id": 200431408, "indicator": "c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 2163a33330ae5786d3e984db09b2d9d2", "expiration": null, "is_active": 1 }, { "id": 2661561, "indicator": "c431ae04c79ade56e1902094acf51e5bf6b54d65363dfa239d59f31c27989fde", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 072c692783c67ea56da9de0a53a60d11", "expiration": null, "is_active": 1 }, { "id": 399544822, "indicator": "c7661b27a06a3a8c471fbb060ab8cab25fa9546e0a4c5c1101fe8098b2ad11e9", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win64:Malware-gen", "description": "SHA256 of b88633376fbb144971dcb503f72fd192", "expiration": null, "is_active": 1 }, { "id": 2326515, "indicator": "c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 48656a93f9ba39410763a2196aabc67f", "expiration": null, "is_active": 1 }, { "id": 2661652, "indicator": "cb630234494f2424d8e158c6471f0b6d0643abbdf2f3e378bc2f68c9e7bca9eb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of c16b07f7590a8620a8f0f687b0bd8bd8", "expiration": null, "is_active": 1 }, { "id": 54213, "indicator": "cc68ed96ef3a67b156565acbea2db8ed911b2b31132032f3ef37413f8e2772c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 504182aaa5575bb38bf584839beb6d51", "expiration": null, "is_active": 1 }, { "id": 2661572, "indicator": "ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Trojan:Win32/Foosace.E!dha", "description": "SHA256 of 16a6c56ba458ec718b4e9bc8f9f10785", "expiration": null, "is_active": 1 }, { "id": 2661647, "indicator": "cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Delphi", "description": "SHA256 of 94ebc9ef5565f98b1aa1e97c6d35c2e0", "expiration": null, "is_active": 1 }, { "id": 2661576, "indicator": "d2e947a39714478983764b270985d2529ff682ffec9ebac792158353caf90ed3", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Trojan.Lisuife-2", "description": "SHA256 of cd1c521b6ae08fc97e3d69f242f00f9e", "expiration": null, "is_active": 1 }, { "id": 2326496, "indicator": "d403ded7c4acfffe8dc2a3ad8fb848f08388b4c3452104f6970835913d92166c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 5363e5cc28687b7dd71f1e257eab2d5d", "expiration": null, "is_active": 1 }, { "id": 2326509, "indicator": "d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 8c4fa713c5e2b009114adda758adc445", "expiration": null, "is_active": 1 }, { "id": 955148, "indicator": "d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of afe09fb5a2b97f9e119f70292092604e", "expiration": null, "is_active": 1 }, { "id": 123175, "indicator": "da43d39c749c121e99bba00ce809ca63794df3f704e7ad4077094abde4cf2a73", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "MacOS:Ldipadoor-A", "description": "SHA256 of 35283c2e60a3cba6734f4f98c443d11f", "expiration": null, "is_active": 1 }, { "id": 54215, "indicator": "dc2c3314ef4e6186b519af29a246679caa522acd0c44766ecb9df4d2d5f3995b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 116d2fc1665ce7524826a624be0ded1c", "expiration": null, "is_active": 1 }, { "id": 2661590, "indicator": "ddab96e4a8e909065e05c4b6a73ba351ea45ad4806258f41ac3cecbcae8671a6", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 113cc4a88fd28ea4398e312093a6a4d5", "expiration": null, "is_active": 1 }, { "id": 2661566, "indicator": "dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9d1a09bb98bf1ee31f390b60b0cf724d", "expiration": null, "is_active": 1 }, { "id": 2326499, "indicator": "df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 7b1bfd7c1866040e8f618fe67b93bea5", "expiration": null, "is_active": 1 }, { "id": 413679, "indicator": "dfa8a85e26c07a348a854130c652dcc6d29b203ee230ce0603c83d9f11bbcacc", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 21d63e99ed7dcd8baec74e6ce65c9ef3", "expiration": null, "is_active": 1 }, { "id": 2661651, "indicator": "e00eaf295a28f5497dbb5cb8f647537b6e55dd66613505389c24e658d150972c", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win.Exploit.Agent-1388640", "description": "SHA256 of 6159c094a663a171efd531b23a46716d", "expiration": null, "is_active": 1 }, { "id": 2661653, "indicator": "e1b1143c0003c6905227df37d40aacbaecc2be8b9d86547650fe11bd47ca6989", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 0c334645a4c12513020aaabc3b78ef9f", "expiration": null, "is_active": 1 }, { "id": 3254624166, "indicator": "e447237ad90a895e09d9b27080033f0fdf9619b5846cb96e8950196586f9362b", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 62deab0e5d61d6bf9e0ba83d9e1d7e2b", "expiration": null, "is_active": 1 }, { "id": 1563325892, "indicator": "e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "RC6_Constants", "description": "SHA256 of 953c7321c4959655fdd53302550ce02d", "expiration": null, "is_active": 1 }, { "id": 2326494, "indicator": "e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "SOFACY__Loader", "description": "SHA256 of 9eebfebe3987fec3c395594dc57a0c4c", "expiration": null, "is_active": 1 }, { "id": 2440792, "indicator": "ea957d663dbc0b28844f6aa7dfdc5ac0110a4004ac46c87d0f1aa943ef253cfe", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "Win32:Agent-AUHQ", "description": "SHA256 of 96ed0a7976e57ae0bb79dcbd67e39743", "expiration": null, "is_active": 1 }, { "id": 2661600, "indicator": "eae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 18efc091b431c39d3e59be445429a7bc", "expiration": null, "is_active": 1 }, { "id": 2661648, "indicator": "eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 77089c094c0f2c15898ff0f021945148", "expiration": null, "is_active": 1 }, { "id": 2440815, "indicator": "ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 607a7401962eaf78b93676c9f5ca6a26", "expiration": null, "is_active": 1 }, { "id": 2661565, "indicator": "f18fe2853ef0d4898085cc5581ae35b83fc6d1c46563dbc8da1b79ef9ef678eb", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9df2ddb2631ff5439c34f80ace40cd29", "expiration": null, "is_active": 1 }, { "id": 2661585, "indicator": "f50791f9909c542e4abb5e3f760c896995758a832b0699c23ca54b579a9f2108", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 291af793767f5c5f2dc9c6d44f1bfb59", "expiration": null, "is_active": 1 }, { "id": 2262780, "indicator": "f6ad201d65b349b022f2ce4e4d436828b72eaa8c299e9924e51ee72f7c3257c0", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 5882a8dd4446abd137c05d2451b85fea", "expiration": null, "is_active": 1 }, { "id": 2661603, "indicator": "f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 93c589e9eaf3272bc0349d605b85c566", "expiration": null, "is_active": 1 }, { "id": 2661580, "indicator": "f9ed13d5aa43c74287a936bf52772080fc26b5c62a805e19abceb20ef08ea5ff", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "multiple_versions", "description": "SHA256 of c3c278991ad051fbace1e2f3a4c20998", "expiration": null, "is_active": 1 }, { "id": 2326484, "indicator": "fb3a3339e2ba82cb3dcdc43d0e49e7b8a26ced3a587f5ee15a256aee062e6e05", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 6a24be8f61bcd789622dc55ebb7db90b", "expiration": null, "is_active": 1 }, { "id": 413687, "indicator": "fbd5c2cf1c1f17402cc313fe3266b097a46e08f48b971570ef4667fbfd6b7301", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 1219318522fa28252368f58f36820ac2", "expiration": null, "is_active": 1 }, { "id": 2661571, "indicator": "fc2dbfda41860b2385314c87e81f1ebb4f9ae1106b697e019841d8c3bf402570", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 4265f6e8cc545b925912867ec8af2f11", "expiration": null, "is_active": 1 }, { "id": 413815, "indicator": "fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of cc9e6578a47182a941a478b276320e06", "expiration": null, "is_active": 1 }, { "id": 2321156, "indicator": "ffd5bd7548ab35c97841c31cf83ad2ea5ec02c741560317fc9602a49ce36a763", "type": "FileHash-SHA256", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "SHA256 of 9fe3a0fb3304d749aeed2c3e2e5787eb", "expiration": null, "is_active": 1 }, { "id": 3360568931, "indicator": "http://aunion.info/en/contacts-0", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360568932, "indicator": "http://intelmeserver.com/", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 600985, "indicator": "https://www.greyhathacker.net/?p=796", "type": "URL", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360569056, "indicator": "63620ca02869d4367f185c2ee1b685c04d17e143", "type": "YARA", "created": "2022-01-22T07:47:27", "content": "rule resteex_APTMalware_APT_28 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-21_23-59-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"004b55a66b3a86a1ce0a0b9b69b95976\" \n \t\t hash2= \"006b418307c534754f055436a91848aa\" \n \t\t hash3= \"02522ce47a8db9544f8877dace7e0833\" \n \t\t hash4= \"02b79c468c38c4312429a499fa4f6c81\" \n \t\t hash5= \"0369620eb139c3875a62e36bb7abdae8\" \n \t\t hash6= \"072c692783c67ea56da9de0a53a60d11\" \n \t\t hash7= \"075b6695ab63f36af65f7ffd45cccd39\" \n \t\t hash8= \"078755389b98d17788eb5148e23109a6\" \n \t\t hash9= \"07c8a0a792a5447daf08ac32d1e283e8\" \n \t\t hash10= \"0b32e65caf653d77cab2a866ee2d9dbc\" \n \t\t hash11= \"0c334645a4c12513020aaabc3b78ef9f\" \n \t\t hash12= \"0ebfac6dba63ff8b35cbd374ef33323a\" \n \t\t hash13= \"0eefeaf2fb78ebc49e7beba505da273d\" \n \t\t hash14= \"113cc4a88fd28ea4398e312093a6a4d5\" \n \t\t hash15= \"116d2fc1665ce7524826a624be0ded1c\" \n \t\t hash16= \"1219318522fa28252368f58f36820ac2\" \n \t\t hash17= \"1259c4fe5efd9bf07fc4c78466f2dd09\" \n \t\t hash18= \"12a9fff59de1663dec1b45ea2ede22f5\" \n \t\t hash19= \"1421419d1be31f1f9ea60e8ed87277db\" \n \t\t hash20= \"16a6c56ba458ec718b4e9bc8f9f10785\" \n \t\t hash21= \"18efc091b431c39d3e59be445429a7bc\" \n \t\t hash22= \"19172b9210295518ca52e93a29cfe8f4\" \n \t\t hash23= \"1a5d89f6fd3f1ed5f4e76084b0fa7806\" \n \t\t hash24= \"1ac15db72e6d4440f0b4f710a516b165\" \n \t\t hash25= \"1c6f8eba504f2f429abf362626545c79\" \n \t\t hash26= \"1d1287d4a3ba5d02cca91f51863db738\" \n \t\t hash27= \"1e217668d89b480ad42e230e8c2c4d97\" \n \t\t hash28= \"20ff290b8393f006eaf4358f09f13e99\" \n \t\t hash29= \"211b7100fd799e9eaabeb13cfa446231\" \n \t\t hash30= \"2163a33330ae5786d3e984db09b2d9d2\" \n \t\t hash31= \"21d63e99ed7dcd8baec74e6ce65c9ef3\" \n \t\t hash32= \"23ae20329174d44ebc8dbfa9891c6260\" \n \t\t hash33= \"26ac59dab32f6246e1ce3da7506d48fa\" \n \t\t hash34= \"272f0fde35dbdfccbca1e33373b3570d\" \n \t\t hash35= \"27faa10d1bec1a25f66e88645c695016\" \n \t\t hash36= \"291af793767f5c5f2dc9c6d44f1bfb59\" \n \t\t hash37= \"296c956fe429cedd1b64b78e66797122\" \n \t\t hash38= \"2d4eaa0331abbc6d867f5f979b2c890d\" \n \t\t hash39= \"2dfc90375a09459033d430d046216d22\" \n \t\t hash40= \"2f04b8eb993ca4a3d98607824a10acfb\" \n \t\t hash41= \"30cda69cf82637dfa2ffdc803bf2aead\" \n \t\t hash42= \"3430bf72d2694e428a73c84d5ac4a4b9\" \n \t\t hash43= \"34651f2df01b956f1989da4b3ea40338\" \n \t\t hash44= \"34dc9a69f33ba93e631cd5048d9f2624\" \n \t\t hash45= \"35283c2e60a3cba6734f4f98c443d11f\" \n \t\t hash46= \"356d03f6975f443d6db6c5069d778af9\" \n \t\t hash47= \"35717cd78ce713067a5037286cf91c3e\" \n \t\t hash48= \"364ff454dcf00420cff13a57bcb78467\" \n \t\t hash49= \"388594cd1bef96121be291880b22041a\" \n \t\t hash50= \"3b0ecd011500f61237c205834db0e13a\" \n \t\t hash51= \"404eb3f7554392e85e56aed414db8455\" \n \t\t hash52= \"409848dabfd110f4d373dd0a97ff708e\" \n \t\t hash53= \"41e14894f4ad9494e0359ee5bb3d9745\" \n \t\t hash54= \"4265f6e8cc545b925912867ec8af2f11\" \n \t\t hash55= \"42bc93c0caddf07fce919d126a6e378f\" \n \t\t hash56= \"48656a93f9ba39410763a2196aabc67f\" \n \t\t hash57= \"4ac8d16ff796e825625ad1861546e2e8\" \n \t\t hash58= \"4b02dfdfd44df3c88b0ca8c2327843a4\" \n \t\t hash59= \"4fe4b9560e99e33dabca553e2eeee510\" \n \t\t hash60= \"504182aaa5575bb38bf584839beb6d51\" \n \t\t hash61= \"5363e5cc28687b7dd71f1e257eab2d5d\" \n \t\t hash62= \"540e4a7a28ca1514e53c2564993d8d87\" \n \t\t hash63= \"557f8d4c6f8b386c32001def807dc715\" \n \t\t hash64= \"56e011137b9678f1fcc54f9372198bae\" \n \t\t hash65= \"57cc08213ab8b6d4a538e4568d00a123\" \n \t\t hash66= \"5882a8dd4446abd137c05d2451b85fea\" \n \t\t hash67= \"5882fda97fdf78b47081cc4105d44f7c\" \n \t\t hash68= \"58ca9243d35e529499dd17d27642b419\" \n \t\t hash69= \"5e70a5c47c6b59dae7faf0f2d62b28b3\" \n \t\t hash70= \"5e93cf87040cf225ab5b5b9f9f0a0d03\" \n \t\t hash71= \"607a7401962eaf78b93676c9f5ca6a26\" \n \t\t hash72= \"6159c094a663a171efd531b23a46716d\" \n \t\t hash73= \"62deab0e5d61d6bf9e0ba83d9e1d7e2b\" \n \t\t hash74= \"647edddf61954822ddb7ab3341f9a6c5\" \n \t\t hash75= \"66b4fb539806ce27be184b6735584339\" \n \t\t hash76= \"66f368cab3d5e64475a91f636c87af15\" \n \t\t hash77= \"672b8d14d1d3e97c24baf69d50937afc\" \n \t\t hash78= \"6a24be8f61bcd789622dc55ebb7db90b\" \n \t\t hash79= \"6ca857721be6fff26b10867c99bd8c80\" \n \t\t hash80= \"6cd2c953102792b738664d69ce41e080\" \n \t\t hash81= \"7276d1dab1125f59604252159e0c529c\" \n \t\t hash82= \"732fbf0a4ceb10e9a2254af59ae4f880\" \n \t\t hash83= \"75f71713a429589e87cf2656107d2bfc\" \n \t\t hash84= \"76d3eb8c2bed4f2588e22b8d0984af86\" \n \t\t hash85= \"77089c094c0f2c15898ff0f021945148\" \n \t\t hash86= \"7764499bb1c4720d0f1d302f15be792c\" \n \t\t hash87= \"77aa465744061b4b725f73848aebdff6\" \n \t\t hash88= \"77e7fb6b56c3ece4ef4e93b6dc608be0\" \n \t\t hash89= \"78450806e56b1f224d00455efcd04ce3\" \n \t\t hash90= \"791428601ad12b9230b9ace4f2138713\" \n \t\t hash91= \"7a055cbe6672f77b2271c1cb8e2670b8\" \n \t\t hash92= \"7b1bfd7c1866040e8f618fe67b93bea5\" \n \t\t hash93= \"7c2b1de614a9664103b6ff7f3d73f83d\" \n \t\t hash94= \"7fcf20302404f644fb07fe9d4fe9ac84\" \n \t\t hash95= \"800af1c9d341b846a856a1e686be6a3e\" \n \t\t hash96= \"81d9649612b05829476854bde71b8c3f\" \n \t\t hash97= \"82f06d7157dd28a75f1fbb47728aea25\" \n \t\t hash98= \"83cf67a5d2e68f9c00fbbe6d7d9203bf\" \n \t\t hash99= \"85c80d01661f88ec556579e772a5a3db\" \n \t\t hash100= \"88009adca35560810ec220544e4fb6aa\" \n \t\t hash101= \"8b031fce1d0c38d6b4c68d52b2764c7e\" \n \t\t hash102= \"8b238931a7f64fddcad3057a96855f6c\" \n \t\t hash103= \"8b6d824619e993f74973eedfaf18be78\" \n \t\t hash104= \"8b92fe86c5b7a9e34f433a6fbac8bc3a\" \n \t\t hash105= \"8c3f5f1fff999bc783062dd50357be79\" \n \t\t hash106= \"8c4d896957c36ec4abeb07b2802268b9\" \n \t\t hash107= \"8c4fa713c5e2b009114adda758adc445\" \n \t\t hash108= \"8cb08140ddb00ac373d29d37657a03cc\" \n \t\t hash109= \"91381cd82cdd5f52bbc7b30d34cb8d83\" \n \t\t hash110= \"9227678b90869c5a67a05defcaf21dfb\" \n \t\t hash111= \"93c589e9eaf3272bc0349d605b85c566\" \n \t\t hash112= \"9422ca55f7fca4449259d8878ede5e47\" \n \t\t hash113= \"94ebc9ef5565f98b1aa1e97c6d35c2e0\" \n \t\t hash114= \"953c7321c4959655fdd53302550ce02d\" \n \t\t hash115= \"9617f3948b1886ebc95689c02d2cf264\" \n \t\t hash116= \"96ed0a7976e57ae0bb79dcbd67e39743\" \n \t\t hash117= \"973e0c922eb07aad530d8a1de19c7755\" \n \t\t hash118= \"9863f1efc5274b3d449b5b7467819d28\" \n \t\t hash119= \"991ffdbf860756a4589164de26dd7ccf\" \n \t\t hash120= \"99b93cfcff258eb49e7af603d779a146\" \n \t\t hash121= \"9a66142acfc7739f78c23ab1252db45b\" \n \t\t hash122= \"9a6b771c934415f74a203e0dfab9edbe\" \n \t\t hash123= \"9b10685b774a783eabfecdb6119a8aa3\" \n \t\t hash124= \"9ca6ead1384953d787487d399c23cb41\" \n \t\t hash125= \"9d1a09bb98bf1ee31f390b60b0cf724d\" \n \t\t hash126= \"9df2ddb2631ff5439c34f80ace40cd29\" \n \t\t hash127= \"9e4817f7bf36a61b363e0911cc0f08b9\" \n \t\t hash128= \"9e7053a4b6c9081220a694ec93211b4e\" \n \t\t hash129= \"9eebfebe3987fec3c395594dc57a0c4c\" \n \t\t hash130= \"9f82abbaebc1093a187f1887df2cf926\" \n \t\t hash131= \"9fe3a0fb3304d749aeed2c3e2e5787eb\" \n \t\t hash132= \"a0f212fd0f103ca8beaf8362f74903a2\" \n \t\t hash133= \"a24552843b9fedd7d0084e1eb1dd6e35\" \n \t\t hash134= \"a24d2f5258f8a0c3bddd1b5636b0ec57\" \n \t\t hash135= \"a3c757af9e7a9a60e235d08d54740fbc\" \n \t\t hash136= \"a579d53a1d29684de6d2c0cbabd525c5\" \n \t\t hash137= \"a7b4e01335aac544a12c6f88aab80cd9\" \n \t\t hash138= \"a96f4b8ac7aa9dbf4624424b7602d4f7\" \n \t\t hash139= \"aa34fb2e5849bff4144a1c98a8158970\" \n \t\t hash140= \"aa3e6af90c144112a1ad0c19bdf873ff\" \n \t\t hash141= \"ac3e087e43be67bdc674747c665b46c2\" \n \t\t hash142= \"ac75fd7d79e64384b9c4053b37e5623f\" \n \t\t hash143= \"aced5525ba0d4f44ffd01c4db2730a34\" \n \t\t hash144= \"acf8cda38b0d1b6a0d3664a0e33deb96\" \n \t\t hash145= \"ad44a7c5e18e9958dda66ccfc406cd44\" \n \t\t hash146= \"ae4ded48da0766d237ce2262202c3c96\" \n \t\t hash147= \"aeebfc9eb9031e423797a5af1985242d\" \n \t\t hash148= \"afe09fb5a2b97f9e119f70292092604e\" \n \t\t hash149= \"b137c809e3bf11f2f5d867a6f4215f95\" \n \t\t hash150= \"b1b88f78c2f4393d437da4ce743ac5e8\" \n \t\t hash151= \"b1d1a2c64474d2f6e7a5db71ccbafa31\" \n \t\t hash152= \"b2dc7c29cbf8d71d1dd57b474f1e04b9\" \n \t\t hash153= \"b88633376fbb144971dcb503f72fd192\" \n \t\t hash154= \"b924ff83d9120d934bb49a7a2e3c4292\" \n \t\t hash155= \"bae0221feefb37e6b81f5ca893864743\" \n \t\t hash156= \"bebb3675cfa4adaba7822cc8c39f55bf\" \n \t\t hash157= \"bed5bc0a8aae2662ea5d2484f80c1760\" \n \t\t hash158= \"c0d1762561f8c2f812d868a3939d23f0\" \n \t\t hash159= \"c16b07f7590a8620a8f0f687b0bd8bd8\" \n \t\t hash160= \"c2988e3e4f70d5901b234ff1c1363dcc\" \n \t\t hash161= \"c2a0344a2bbb29d9b56d378386afcbed\" \n \t\t hash162= \"c3ae4a37094ecfe95c2badecf40bf5bb\" \n \t\t hash163= \"c3c278991ad051fbace1e2f3a4c20998\" \n \t\t hash164= \"c43edb579e43aaeb6f0c0703f84e43f7\" \n \t\t hash165= \"c4ffab85d84b494e1c450819a0e9c7db\" \n \t\t hash166= \"c6a80316ea97218df11e11125337233a\" \n \t\t hash167= \"c789ec7537e300411d523aef74407a5e\" \n \t\t hash168= \"cc9e6578a47182a941a478b276320e06\" \n \t\t hash169= \"cd1c521b6ae08fc97e3d69f242f00f9e\" \n \t\t hash170= \"cdb58c2999eeda58a9d0c70f910d1195\" \n \t\t hash171= \"ce151285e8f0e7b2b90162ba171a4b90\" \n \t\t hash172= \"ce227ae503e166b77bf46b6c8f5ee4da\" \n \t\t hash173= \"ce254486b02be740488c0ab3278956fd\" \n \t\t hash174= \"ce8b99df8642c065b6af43fde1f786a3\" \n \t\t hash175= \"cf30b7550f04a9372c3257c9b5cff3e9\" \n \t\t hash176= \"d3de5b8500453107d6d152b3c8506935\" \n \t\t hash177= \"d4a5d44184333442f5015699c2b8af28\" \n \t\t hash178= \"d4e99548832b6999f00e8d223c6fabbd\" \n \t\t hash179= \"d535c3fc5f0f98e021bea0d6277d2559\" \n \t\t hash180= \"d6f2bf2066e053e58fe8bcd39cb2e9ad\" \n \t\t hash181= \"d70f4e9d55698f69c5f63b1a2e1507eb\" \n \t\t hash182= \"d79a21970cad03e22440ea66bd85931f\" \n \t\t hash183= \"d7a625779df56d874871bb632f3e3106\" \n \t\t hash184= \"d7c471729bc124babf32945eb5706eb6\" \n \t\t hash185= \"d994b9780b69f611284e22033e435edb\" \n \t\t hash186= \"da2a657dc69d7320f2ffc87013f257ad\" \n \t\t hash187= \"db", "title": "", "description": "APTMalware_APT_28 Group", "expiration": null, "is_active": 1 }, { "id": 2698749287, "indicator": "aunion.info", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 1072751, "indicator": "intelmeserver.com", "type": "domain", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360569057, "indicator": "20160815085327.c3847590023e@mail.mxfeed.org", "type": "email", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360569058, "indicator": "danil.sytnikov@uarpa.com", "type": "email", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3360569059, "indicator": "176591.81814.bm", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 600998, "indicator": "www.greyhathacker.net", "type": "hostname", "created": "2022-01-22T07:47:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 44842, "indicator": "4aaac99607013b21863728b9453e4ffee67b902e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA1 of d22c02dafb1ee0ef8d4ea90ac48a6988", "expiration": null, "is_active": 1 }, { "id": 1404541257, "indicator": "f61cdc7f68f47d23c4571b517ab4cdcfd984cf3f6f8f91dec99dfd7dc5a2dcff", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.CosmicDuke", "description": "SHA256 of d22c02dafb1ee0ef8d4ea90ac48a6988", "expiration": null, "is_active": 1 }, { "id": 5128, "indicator": "482d1624f9450ca1c99926ceec2606260e7ce544", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of fd8e27f820bdbdf6cb80a46c67fd978a", "expiration": null, "is_active": 1 }, { "id": 1404541013, "indicator": "f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of fd8e27f820bdbdf6cb80a46c67fd978a", "expiration": null, "is_active": 1 }, { "id": 3360593308, "indicator": "ecb8bce3648b848e7a1705f68c75aba39e30eda8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_29_f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_05-13-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fd8e27f820bdbdf6cb80a46c67fd978a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CryptProtectMemory failed\" fullword wide \n \t\t $s2= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s3= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersion\" fullword wide \n \t\t $s5= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \n \t\t $hex1= {2473313d2022437279} \n \t\t $hex2= {2473323d2022437279} \n \t\t $hex3= {2473333d2022536543} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d20225f5f74} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_29_f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039 Group", "expiration": null, "is_active": 1 }, { "id": 3360593309, "indicator": "84b06538284e1bda021ab18e09347c360035f006", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_29_e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_05-13-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7040ee4cd4be4b84f8510c04663a2500\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s2= \"EXTRACTOPT FILESIZES FINISHMSG\" fullword wide \n \n \t\t $hex1= {2473313d2022362e30} \n \t\t $hex2= {2473323d2022455854} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_29_e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85 Group", "expiration": null, "is_active": 1 }, { "id": 3360593310, "indicator": "c8581956267cc9b67455c5a98881a494b92f2aa8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_29_c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_05-11-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3adea70969f52d365c119b3d25619de9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Global48C56927-A0DB-4e31-8C32-FE15FBA45043\" fullword wide \n \t\t $s2= \"SoftwareAdobeCommonFiles\" fullword wide \n \n \t\t $hex1= {2473313d2022476c6f} \n \t\t $hex2= {2473323d2022536f66} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_29_c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665 Group", "expiration": null, "is_active": 1 }, { "id": 3360593311, "indicator": "7342557189fa9b3edd0e67f252741c1fc940bd22", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_29_bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_05-11-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"345adb4594e3a2b02041c7e2b5fde46b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Global717E014D-1DFF-414e-AA8B-79C09CCFC442\" fullword wide \n \t\t $s2= \"SoftwareAdobeCommonFiles\" fullword wide \n \n \t\t $hex1= {2473313d2022476c6f} \n \t\t $hex2= {2473323d2022536f66} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_29_bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab Group", "expiration": null, "is_active": 1 }, { "id": 3360593312, "indicator": "8d11b82e4ab480e9230e7a3922776d8ab71cbd8f", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of c32c1cc761f92e60dd3d92f895ecd4db", "expiration": null, "is_active": 1 }, { "id": 3360593313, "indicator": "a1b80abf76fe66c4a98d8f5e091ef5cab00ebbddf2aac9e1351d1c040568a0e7", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of c32c1cc761f92e60dd3d92f895ecd4db", "expiration": null, "is_active": 1 }, { "id": 3360593314, "indicator": "e7bc686d48b46f6c93bf5ddf73a03fa87d44e3c0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_a1b80abf76fe66c4a98d8f5e091ef5cab00ebbddf2aac9e1351d1c040568a0e7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a1b80abf76fe66c4a98d8f5e091ef5cab00ebbddf2aac9e1351d1c040568a0e7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c32c1cc761f92e60dd3d92f895ecd4db\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode\" fullword ascii \n \t\t $a2= \"StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet\" fullword ascii \n \n \t\t $hex1= {2461313d2022537461} \n \t\t $hex2= {2461323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_a1b80abf76fe66c4a98d8f5e091ef5cab00ebbddf2aac9e1351d1c040568a0e7 Group", "expiration": null, "is_active": 1 }, { "id": 2824126596, "indicator": "5786e1564391e00fbe4efd1d1ff69245fb384bdb", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of b34402586a077b7ed11b44d042c7aabf", "expiration": null, "is_active": 1 }, { "id": 1598883456, "indicator": "c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of b34402586a077b7ed11b44d042c7aabf", "expiration": null, "is_active": 1 }, { "id": 3360593315, "indicator": "3e695e0eb8153bcdec0a2569fac623a787392c7d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b34402586a077b7ed11b44d042c7aabf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"StatePatternGame.Document\" fullword wide \n \n \t\t $hex1= {2473313d2022264162} \n \t\t $hex2= {2473323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd Group", "expiration": null, "is_active": 1 }, { "id": 12129078, "indicator": "16d0795e4864f67acbb1ae2ce76eb16445dae4b5", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 07abd6583295061eac2435ae470eff78", "expiration": null, "is_active": 1 }, { "id": 2150316, "indicator": "efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 07abd6583295061eac2435ae470eff78", "expiration": null, "is_active": 1 }, { "id": 3360593316, "indicator": "04b3b685d6f1988e49afccab36e26ea173240b48", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"07abd6583295061eac2435ae470eff78\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 Group", "expiration": null, "is_active": 1 }, { "id": 1570395273, "indicator": "3c3d3ff763f04d26996186d8a83face7f880e43c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of de32915056d480b8b722e0a93164dbfe", "expiration": null, "is_active": 1 }, { "id": 1570394989, "indicator": "f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of de32915056d480b8b722e0a93164dbfe", "expiration": null, "is_active": 1 }, { "id": 3360593317, "indicator": "8bfc014a4c2c4ba74fdd5ab78581a6b3b4c2f673", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"de32915056d480b8b722e0a93164dbfe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 Group", "expiration": null, "is_active": 1 }, { "id": 3360593318, "indicator": "04c1322769c1d648c83b308617d54a0c7f4cfa9d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"684888079aaf7ed25e725b55a3695062\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 Group", "expiration": null, "is_active": 1 }, { "id": 3360593319, "indicator": "0ecd629290a5b8bd51f5e5d55289e46952f77be6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d1bab4a30f2889ad392d17573302f097\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022406170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 Group", "expiration": null, "is_active": 1 }, { "id": 3190220656, "indicator": "1de83fed1de2170b89ad745f01e83d3c192483ae", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/ChChes.A!dha", "description": "SHA1 of 4e6bf299554a356e91e9d230014075fc", "expiration": null, "is_active": 1 }, { "id": 427872202, "indicator": "c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/ChChes.A!dha", "description": "SHA256 of 4e6bf299554a356e91e9d230014075fc", "expiration": null, "is_active": 1 }, { "id": 3360593320, "indicator": "09e557222e0a1e800e2e3424c6c5ea671d28d5f2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4e6bf299554a356e91e9d230014075fc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba Group", "expiration": null, "is_active": 1 }, { "id": 3360593321, "indicator": "4966cc316c4e1f85d5e92ccc91bbda121b93de40", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0ad3ed5588eec7ba4988c8892a5c2946\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Eapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"spanish-dominican republic\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20224561} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d20227370} \n \t\t $hex10= {2473313d2022617069} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de Group", "expiration": null, "is_active": 1 }, { "id": 10993770, "indicator": "56d6c3ffa4f3d5ae742f937fae85f0995814cf90", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "ChChes, PlugX", "description": "SHA1 of 8a93859e5f7079d6746832a3a22ff65c", "expiration": null, "is_active": 1 }, { "id": 2150301, "indicator": "ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "ChChes, PlugX", "description": "SHA256 of 8a93859e5f7079d6746832a3a22ff65c", "expiration": null, "is_active": 1 }, { "id": 3360593322, "indicator": "addeea3f52b00628d58bc19d248cb8242d17fd01", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a93859e5f7079d6746832a3a22ff65c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 Group", "expiration": null, "is_active": 1 }, { "id": 2582715990, "indicator": "e8d4567f955e9bdeb13034560458b3b184efba03", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of e8f3790cfac1b104965dead841dc20b2", "expiration": null, "is_active": 1 }, { "id": 1294676754, "indicator": "b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of e8f3790cfac1b104965dead841dc20b2", "expiration": null, "is_active": 1 }, { "id": 3360593323, "indicator": "146e2badc5f52a4975a351d4c70713bba69bf51a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8f3790cfac1b104965dead841dc20b2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022617069} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e Group", "expiration": null, "is_active": 1 }, { "id": 10993776, "indicator": "7cace2e51e8ecc5ddb9720a8dc9e1f3596fe343b", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 23d03ee4bf57de7087055b230dae7c5b", "expiration": null, "is_active": 1 }, { "id": 2150310, "indicator": "e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 23d03ee4bf57de7087055b230dae7c5b", "expiration": null, "is_active": 1 }, { "id": 3360593324, "indicator": "1e34787bc7146fac949d78d40b7ac4da80dcc673", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"23d03ee4bf57de7087055b230dae7c5b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593325, "indicator": "e782633ba56c18d95eac014cefa29a17afd256f0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"75500bb4143a052795ec7d2e61ac3261\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b Group", "expiration": null, "is_active": 1 }, { "id": 10993941, "indicator": "95ab56ab1f0d4f010569ead7915fbc833a36cd73", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 1b891bc2e5038615efafabe48920f200", "expiration": null, "is_active": 1 }, { "id": 2150311, "indicator": "9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 1b891bc2e5038615efafabe48920f200", "expiration": null, "is_active": 1 }, { "id": 3360593326, "indicator": "91752058613f7bc40d87a8190e3d8ec390a57505", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1b891bc2e5038615efafabe48920f200\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c Group", "expiration": null, "is_active": 1 }, { "id": 3360593327, "indicator": "845fb83f0909202040b9d53f076efb7a86a631a3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"076ec3aa6b0cb93e7d4cd607f3ced946\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"0612Russo-JapaneseInvestment\" fullword wide \n \t\t $s2= \"0612Russo-JapaneseInvestment.exe\" fullword wide \n \n \t\t $hex1= {2473313d2022303631} \n \t\t $hex2= {2473323d2022303631} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 Group", "expiration": null, "is_active": 1 }, { "id": 2688538980, "indicator": "638a178409cb9cca912c61c87f55721143acedf3", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Agent-683519", "description": "SHA1 of 102494d665b137bf91e902076f339185", "expiration": null, "is_active": 1 }, { "id": 132379643, "indicator": "c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Agent-683519", "description": "SHA256 of 102494d665b137bf91e902076f339185", "expiration": null, "is_active": 1 }, { "id": 3360593328, "indicator": "743fe643db1f677be9682ac51d49ba3ec1745db2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"102494d665b137bf91e902076f339185\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Applicationsiexplore.exeshellopencommand\" fullword wide \n \t\t $s2= \"HARDWAREDESCRIPTIONSystemCentralProcessor0\" fullword wide \n \t\t $s3= \"NSOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s4= \"SOFTWAREMicrosoftWindows NTCurrentVersion\" fullword wide \n \t\t $s5= \"SOFTWAREMicrosoftWindows NTCurrentVersionSvchost\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetServices%s\" fullword wide \n \n \t\t $hex1= {2473313d2022417070} \n \t\t $hex2= {2473323d2022484152} \n \t\t $hex3= {2473333d20224e534f} \n \t\t $hex4= {2473343d2022534f46} \n \t\t $hex5= {2473353d2022534f46} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 Group", "expiration": null, "is_active": 1 }, { "id": 3360593329, "indicator": "b149188a56ed94a7ae049b73a17fc4bfeabadca3", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of e0593f81fdf39eefd17427adac3825e2", "expiration": null, "is_active": 1 }, { "id": 3360593330, "indicator": "bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of e0593f81fdf39eefd17427adac3825e2", "expiration": null, "is_active": 1 }, { "id": 3360593331, "indicator": "ba2e15ab778ed0aaea8bb7fadd3fce73c10cf77c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e0593f81fdf39eefd17427adac3825e2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WindowsMicrosoft.NETFramework64v4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NETFrameworkv4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s3= \"=^@ZTSFY|KyjAo=+7/lJ$x s#\" fullword wide \n \n \t\t $hex1= {2473313d2022433a57} \n \t\t $hex2= {2473323d2022433a57} \n \t\t $hex3= {2473333d20223d5e40} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a Group", "expiration": null, "is_active": 1 }, { "id": 3360593332, "indicator": "47ac1fc6e0a29a595012d6eda7f79de889843904", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3dca6cbf1981ab987987966228d95e55\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 Group", "expiration": null, "is_active": 1 }, { "id": 3360593333, "indicator": "ecf97b9a04d38509ef604252439bad8b61699297", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"429f5048462fd037e3ad7f8a211004c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593334, "indicator": "ac89132fcf5b906612cf8587a3f2c5f1586b0d15", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/WNetRAT!dha", "description": "SHA1 of 8af979b96c28131f394e267c6210ba91", "expiration": null, "is_active": 1 }, { "id": 431037380, "indicator": "d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/WNetRAT!dha", "description": "SHA256 of 8af979b96c28131f394e267c6210ba91", "expiration": null, "is_active": 1 }, { "id": 3360593335, "indicator": "3a9783370761bef52f1437eea383451866e83e0e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8af979b96c28131f394e267c6210ba91\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WindowsMicrosoft.NETFramework64v4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NETFrameworkv4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s3= \"vXvpH3FWWcBD!&ocp0 0Joe-!\" fullword wide \n \n \t\t $hex1= {2473313d2022433a57} \n \t\t $hex2= {2473323d2022433a57} \n \t\t $hex3= {2473333d2022765876} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de Group", "expiration": null, "is_active": 1 }, { "id": 3360593336, "indicator": "c55a9e40428f5a4f864db298f412271e2b0c74e5", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of f41023d4b0fe091eaeb778c621ac38d7", "expiration": null, "is_active": 1 }, { "id": 1636611230, "indicator": "a4ddd6bf7d4095d5f3f8053db5dcdf7637badc02ae55688a29f541154b6d6ee6", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of f41023d4b0fe091eaeb778c621ac38d7", "expiration": null, "is_active": 1 }, { "id": 3360593337, "indicator": "0f7e6e9b06cbd3c8b6d4b978cff0e1c2fd4915fc", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_a4ddd6bf7d4095d5f3f8053db5dcdf7637badc02ae55688a29f541154b6d6ee6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a4ddd6bf7d4095d5f3f8053db5dcdf7637badc02ae55688a29f541154b6d6ee6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f41023d4b0fe091eaeb778c621ac38d7\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode\" fullword ascii \n \t\t $a2= \"StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet\" fullword ascii \n \n \t\t $hex1= {2461313d2022537461} \n \t\t $hex2= {2461323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_a4ddd6bf7d4095d5f3f8053db5dcdf7637badc02ae55688a29f541154b6d6ee6 Group", "expiration": null, "is_active": 1 }, { "id": 3190220658, "indicator": "2255ef39e26cda379e840c587e86a7de0bc3b4ee", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 1bc481cb01b205095c86174a171676d8", "expiration": null, "is_active": 1 }, { "id": 1598883437, "indicator": "aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 1bc481cb01b205095c86174a171676d8", "expiration": null, "is_active": 1 }, { "id": 3360593338, "indicator": "2624807e78f35960886cedff34663d2aaa5d2c05", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1bc481cb01b205095c86174a171676d8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022617069} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 Group", "expiration": null, "is_active": 1 }, { "id": 3353763744, "indicator": "56f8d850e055454a9e9007fca9c71773fbf38af8", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of d108706282a7ec7a9a9452e6e88e33ea", "expiration": null, "is_active": 1 }, { "id": 3353763771, "indicator": "f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of d108706282a7ec7a9a9452e6e88e33ea", "expiration": null, "is_active": 1 }, { "id": 3360593339, "indicator": "64cac58b40e35c62ac614f2e87daa9bc9818b1a7", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d108706282a7ec7a9a9452e6e88e33ea\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.2.3790.0 (srv03_rtm.030324-2048)\" fullword wide \n \t\t $s2= \"Credentials Establishment\" fullword wide \n \t\t $s3= \"UNPRINTABLE BINARY(%1!d!)%0\" fullword wide \n \n \t\t $hex1= {2473313d2022352e32} \n \t\t $hex2= {2473323d2022437265} \n \t\t $hex3= {2473333d2022554e50} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 Group", "expiration": null, "is_active": 1 }, { "id": 3190220703, "indicator": "f56e650a4d646db2a70625c4e88154316c099a1b", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 42c6e38375e46075eb1abd7a41ae15c5", "expiration": null, "is_active": 1 }, { "id": 2708547, "indicator": "99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 42c6e38375e46075eb1abd7a41ae15c5", "expiration": null, "is_active": 1 }, { "id": 3360593340, "indicator": "9cba25a8e4fe5e852964b52d08b53225c04b0496", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"42c6e38375e46075eb1abd7a41ae15c5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s4= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin1.inl\" fullword wide \n \t\t $s5= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin2.inl\" fullword wide \n \t\t $s6= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcauxdata.cpp\" fullword wide \n \n \t\t $hex1= {2473313d2022253270} \n \t\t $hex2= {2473323d2022253270} \n \t\t $hex3= {2473333d2022434c53} \n \t\t $hex4= {2473343d2022663a64} \n \t\t $hex5= {2473353d2022663a64} \n \t\t $hex6= {2473363d2022663a64} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 Group", "expiration": null, "is_active": 1 }, { "id": 10993953, "indicator": "b966657d35bba9416775d320bb87086001995bbe", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "ChChes, PlugX", "description": "SHA1 of f586edd88023f49bc4f9d84f9fb6bd7d", "expiration": null, "is_active": 1 }, { "id": 2663226, "indicator": "c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "ChChes, PlugX", "description": "SHA256 of f586edd88023f49bc4f9d84f9fb6bd7d", "expiration": null, "is_active": 1 }, { "id": 3360593341, "indicator": "017b8ad7d816a0f2110e39133cd918b1407154e9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f586edd88023f49bc4f9d84f9fb6bd7d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d Group", "expiration": null, "is_active": 1 }, { "id": 10993769, "indicator": "56126b1c19c1121c0f5065204ef5cc4633079b98", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:Win32/Injector", "description": "SHA1 of b0649c1f7fb15796805ca983fd8f95a3", "expiration": null, "is_active": 1 }, { "id": 2663235, "indicator": "fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:Win32/Injector", "description": "SHA256 of b0649c1f7fb15796805ca983fd8f95a3", "expiration": null, "is_active": 1 }, { "id": 3360593426, "indicator": "c13a838bbbc550b0e01e8ee71abcdd6f89200712", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b0649c1f7fb15796805ca983fd8f95a3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b Group", "expiration": null, "is_active": 1 }, { "id": 3360593427, "indicator": "0c5247eb5e819c36c758b35e8b0249179350b283", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"72f50a28656fa65b6d770af89ed82d69\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"StatePatternGame.Document\" fullword wide \n \n \t\t $hex1= {2473313d2022264162} \n \t\t $hex2= {2473323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 Group", "expiration": null, "is_active": 1 }, { "id": 3360593428, "indicator": "825337487c1fc516edda4c2b87c07d9e41da881b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9fb73e749107447fccd5bb48627fd6a9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}\" fullword wide \n \t\t $s2= \"{AF70B960-1ED3-46a6-BB9A-6C6A202D3823}\" fullword wide \n \t\t $s3= \"{AF70B960-1ED3-46a6-BB9A-6C6A202D3824}\" fullword wide \n \t\t $s4= \"{AF70B960-1ED3-46a6-BB9A-6C6A202D3825}\" fullword wide \n \t\t $s5= \"^[a-fA-F0-9]{32,32}_(d+)_.+$\" fullword wide \n \t\t $s6= \"BaiduAntivirusinst.dat\" fullword wide \n \t\t $s7= \"BaiduAntivirusuurm.dat\" fullword wide \n \t\t $s8= \"BaiduBaidu AntivirusUpload\" fullword wide \n \t\t $s9= \"Baidu SecurityBavDump\" fullword wide \n \t\t $s10= \"BAIDUUSER_FEEDBACK_WINDOW_MEM\" fullword wide \n \t\t $s11= \"bdMiniDownloaderNoUI.exe \" fullword wide \n \t\t $s12= \"bussiness_platform_popup.exe\" fullword wide \n \t\t $s13= \"/cgi-bin-py/dump_controler.cgi\" fullword wide \n \t\t $s14= \"Common ClientccGenericLogLogs\" fullword wide \n \t\t $s15= \"CommonClientccGLogLogsExternal\" fullword wide \n \t\t $s16= \"CommonClientccGLogLogsInternal\" fullword wide \n \t\t $s17= \"Common ClientccVerifyTrust\" fullword wide \n \t\t $s18= \"DisconnectionEmergency.exe\" fullword wide \n \t\t $s19= \"DNSDomainSuffixSearchOrder\" fullword wide \n \t\t $s20= \"[Feedback]:CopyFile(%s) Error=%d\" fullword wide \n \t\t $s21= \"[Feedback]:CreateDirectory(%s) Error=%d\" fullword wide \n \t\t $s22= \"[Feedback]:CreateFile(%s) Error=%d\" fullword wide \n \t\t $s23= \"feedback_Customer_Service\" fullword wide \n \t\t $s24= \"feedback_file_item_1_logo\" fullword wide \n \t\t $s25= \"feedback_file_item_1_text\" fullword wide \n \t\t $s26= \"feedback_file_item_2_logo\" fullword wide \n \t\t $s27= \"feedback_file_item_2_text\" fullword wide \n \t\t $s28= \"feedback_file_item_3_logo\" fullword wide \n \t\t $s29= \"feedback_file_item_3_text\" fullword wide \n \t\t $s30= \"feedback.forum.tips.after\" fullword wide \n \t\t $s31= \"feedback.forum.tips.front\" fullword wide \n \t\t $s32= \"[Feedback]:malloc() Error=%d\" fullword wide \n \t\t $s33= \"[Feedback]:ReadFile(%s) Error=%d\" fullword wide \n \t\t $s34= \"[Feedback]:StoreXmlFile(%s) Error=%d\" fullword wide \n \t\t $s35= \"[Feedback]:_wfsopen(%s) Error=%d\" fullword wide \n \t\t $s36= \"http://forum.antivirus.baidu.com\" fullword wide \n \t\t $s37= \"https://sync.bav.baidu.com\" fullword wide \n \t\t $s38= \"http://sync.bav.baidu.com\" fullword wide \n \t\t $s39= \"MicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\" fullword wide \n \t\t $s40= \"NumberOfLogicalProcessors\" fullword wide \n \t\t $s41= \"/p>\" fullword wide \n \t\t $s42= \"PluginsIPlug_HipsIPlug_Hips.dll\" fullword wide \n \t\t $s43= \"PluginsIPlug_ScanIPlug_Scan.dll\" fullword wide \n \t\t $s44= \"product=%s;guid=%s;type=%d;\" fullword wide \n \t\t $s45= \"Right-ClickMenuManager.exe\" fullword wide \n \t\t $s46= \"%sBaiduBaidu Antivirus*.*\" fullword wide \n \t\t $s47= \"%s/cgi-bin/adware_hit.cgi?g=%s&v=%s\" fullword wide \n \t\t $s48= \"%s/cgi-bin-py/diagnose.cgi?guid=%s&csize=%d\" fullword wide \n \t\t $s49= \"%s/cgi-bin-py/get_bav_statistic_info.cgi\" fullword wide \n \t\t $s50= \"%s/cgi-bin-py/statistic_msg.cgi?type=%s&guid=%s&ver=%s\" fullword wide \n \t\t $s51= \"%s/cgi-bin/report_uu_msg_bavv2.cgi\" fullword wide \n \t\t $s52= \"%s/cgi-bin/statistic_cloud_hits.cgi?guid=%s&type=%s&ver=%s\" fullword wide \n \t\t $s53= \"softwareBaiduApplication Bug\" fullword wide \n \t\t $s54= \"softwarebaidu securityantivirus\" fullword wide \n \t\t $s55= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s56= \"SOFTWAREMicrosoftWindowsCurrentVersionUninstall\" fullword wide \n \t\t $s57= \"SoftwareMicrosoftWindowsCurrentVersionUninstall\" fullword wide \n \t\t $s58= \"SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify\" fullword wide \n \t\t $s59= \"SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell\" fullword wide \n \t\t $s60= \"SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit\" fullword wide \n \t\t $s61= \"SoftwareSymantecIsolation\" fullword wide \n \t\t $s62= \"..SourceCatalogContext.cpp\" fullword wide \n \t\t $s63= \"..SourceCatalogFileHash.cpp\" fullword wide \n \t\t $s64= \"..SourceCatalogIterator.cpp\" fullword wide \n \t\t $s65= \"..SourceccVerifyTrustImpl.cpp\" fullword wide \n \t\t $s66= \"..SourceccVerifyTrustPolicy.cpp\" fullword wide \n \t\t $s67= \"..SourceccVerifyTrustStatic.cpp\" fullword wide \n \t\t $s68= \"..SourceLogEntryGroup.cpp\" fullword wide \n \t\t $s69= \"..SourceLogEntryGroupSchema.cpp\" fullword wide \n \t\t $s70= \"..SourceLogEntryQueryLoaderSink.cpp\" fullword wide \n \t\t $s71= \"..SourceLogEntrySchema.cpp\" fullword wide \n \t\t $s72= \"..SourceLogEntrySelectorIndex.cpp\" fullword wide \n \t\t $s73= \"..SourceLogEntrySelectorManager.cpp\" fullword wide \n \t\t $s74= \"..SourceLogManagerLog.cpp\" fullword wide \n \t\t $s75= \"..SourceLogManagerManager.cpp\" fullword wide \n \t\t $s76= \"..SourceLogManagerServer.cpp\" fullword wide \n \t\t $s77= \"..SourceLogManagerSettingsManager.cpp\" fullword wide \n \t\t $s78= \"..SourceServicePlugin.cpp\" fullword wide \n \t\t $s79= \"..SourceUtilityInstanceFactoryRegistrar.cpp\" fullword wide \n \t\t $s80= \"..SourceUtilityIPCCommandValuePacker.cpp\" fullword wide \n \t\t $s81= \"..SourceUtilityRegistryHelper.cpp\" fullword wide \n \t\t $s82= \"..SourceUtilitySettingsHelper.cpp\" fullword wide \n \t\t $s83= \"StringFileInfo%04x%04x%s\" fullword wide \n \t\t $s84= \"SYSTEMCurrentControlSetControlWmiGlobalLogger\" fullword wide \n \t\t $s85= \"SYSTEMCurrentControlSetservicesBAVSvc\" fullword wide \n \t\t $s86= \"SYSTEMCurrentControlSetServicesiSafeKrnl\" fullword wide \n \t\t $s87= \"SYSTEMCurrentControlSetServicesiSafeNetFilter\" fullword wide \n \t\t $s88= \"SYSTEMCurrentControlSetServicesiSafeService\" fullword wide \n \t\t $s89= \"SYSTEMCurrentControlSetservicesPCFasterSvc_{PCFaster_\" fullword wide \n \t\t $s90= \"SYSTEMCurrentControlSetServicesPSafeSVC\" fullword wide \n \t\t $s91= \"SYSTEMCurrentControlSetServicesPSafe WEB\" fullword wide \n \t\t $s92= \"SYSTEMCurrentControlSetServicesPSProtegeSVC\" fullword wide \n \t\t $s93= \"SYSTEMCurrentControlSetServicesPsSuiteSVC\" fullword wide \n \t\t $s94= \"/td>\" fullword wide \n \t\t $s95= \"/tr>\" fullword wide \n \t\t $s96= \"WINTRUST_ACTION_GENERIC_VERIFY_V2\" fullword wide \n \t\t $a1= \"xpk`fb[a^Y_Y][X[XZW[YW[YWZWZW][X]X_X`Xa^Xd`Zfb[jf]pkawqf\" fullword ascii \n \n \t\t $hex1= {2461313d202278706b} \n \t\t $hex2= {247331303d20224241} \n \t\t $hex3= {247331313d20226264} \n \t\t $hex4= {247331323d20226275} \n \t\t $hex5= {247331333d20222f63} \n \t\t $hex6= {247331343d2022436f} \n \t\t $hex7= {247331353d2022436f} \n \t\t $hex8= {247331363d2022436f} \n \t\t $hex9= {247331373d2022436f} \n \t\t $hex10= {247331383d20224469} \n \t\t $hex11= {247331393d2022444e} \n \t\t $hex12= {2473313d20227b2530} \n \t\t $hex13= {247332303d20225b46} \n \t\t $hex14= {247332313d20225b46} \n \t\t $hex15= {247332323d20225b46} \n \t\t $hex16= {247332333d20226665} \n \t\t $hex17= {247332343d20226665} \n \t\t $hex18= {247332353d20226665} \n \t\t $hex19= {247332363d20226665} \n \t\t $hex20= {247332373d20226665} \n \t\t $hex21= {247332383d20226665} \n \t\t $hex22= {247332393d20226665} \n \t\t $hex23= {2473323d20227b4146} \n \t\t $hex24= {247333303d20226665} \n \t\t $hex25= {247333313d20226665} \n \t\t $hex26= {247333323d20225b46} \n \t\t $hex27= {247333333d20225b46} \n \t\t $hex28= {247333343d20225b46} \n \t\t $hex29= {247333353d20225b46} \n \t\t $hex30= {247333363d20226874} \n \t\t $hex31= {247333373d20226874} \n \t\t $hex32= {247333383d20226874} \n \t\t $hex33= {247333393d20224d69} \n \t\t $hex34= {2473333d20227b4146} \n \t\t $hex35= {247334303d20224e75} \n \t\t $hex36= {247334313d20222f70} \n \t\t $hex37= {247334323d2022506c} \n \t\t $hex38= {247334333d2022506c} \n \t\t $hex39= {247334343d20227072} \n \t\t $hex40= {247334353d20225269} \n \t\t $hex41= {247334363d20222573} \n \t\t $hex42= {247334373d20222573} \n \t\t $hex43= {247334383d20222573} \n \t\t $hex44= {247334393d20222573} \n \t\t $hex45= {2473343d20227b4146} \n \t\t $hex46= {247335303d20222573} \n \t\t $hex47= {247335313d20222573} \n \t\t $hex48= {247335323d20222573} \n \t\t $hex49= {247335333d2022736f} \n \t\t $hex50= {247335343d2022736f} \n \t\t $hex51= {247335353d2022534f} \n \t\t $hex52= {247335363d2022534f} \n \t\t $hex53= {247335373d2022536f} \n \t\t $hex54= {247335383d2022534f} \n \t\t $hex55= {247335393d2022534f} \n \t\t $hex56= {2473353d20225e5b61} \n \t\t $hex57= {247336303d2022534f} \n \t\t $hex58= {247336313d2022536f} \n \t\t $hex59= {247336323d20222e2e} \n \t\t $hex60= {247336333d20222e2e} \n \t\t $hex61= {247336343d20222e2e} \n \t\t $hex62= {247336353d20222e2e} \n \t\t $hex63= {247336363d20222e2e} \n \t\t $hex64= {247336373d20222e2e} \n \t\t $hex65= {247336383d20222e2e} \n \t\t $hex66= {247336393d20222e2e} \n \t\t $hex67= {2473363d2022426169} \n \t\t $hex68= {247337303d20222e2e} \n \t\t $hex69= {247337313d20222e2e} \n \t\t $hex70= {247337323d20222e2e} \n \t\t $hex71= {247337333d20222e2e} \n \t\t $hex72= {247337343d20222e2e} \n \t\t $hex73= {247337353d20222e2e} \n \t\t $hex74= {247337363d20222e2e} \n \t\t $hex75= {247337373d20222e2e} \n \t\t $hex76= {247337383d20222e2e} \n \t\t $hex77= {247337393d20222e2e} \n \t\t $hex78= {2473373d2022426169} \n \t\t $hex79= {247338303d20222e2e} \n \t\t $hex80= {247338313d20222e2e} \n \t\t $hex81= {247338323d20222e2e} \n \t\t $hex82= {247338333d20225374} \n \t\t $hex83= {247338343d20225359} \n \t\t $hex84= {247338353d20225359} \n \t\t $hex85= {247338363d20225359} \n \t\t $hex86= {247338373d20225359} \n \t\t $hex87= ", "title": "", "description": "APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 Group", "expiration": null, "is_active": 1 }, { "id": 2233965399, "indicator": "83c9f863b287086585790cb9d5e8590ae6ec5905", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 9da42d0bce9f5dbf22d33df77c561bda", "expiration": null, "is_active": 1 }, { "id": 1636611445, "indicator": "f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 9da42d0bce9f5dbf22d33df77c561bda", "expiration": null, "is_active": 1 }, { "id": 3360593429, "indicator": "20d5aed59c39ddeef8a414317b7daf4cf7b1daaf", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9da42d0bce9f5dbf22d33df77c561bda\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Capi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"HARDWAREDESCRIPTIONSystemCentralProcessor0\" fullword wide \n \t\t $s19= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s20= \"spanish-dominican republic\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20224361} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d20224841} \n \t\t $hex10= {247331393d2022534f} \n \t\t $hex11= {2473313d2022617069} \n \t\t $hex12= {247332303d20227370} \n \t\t $hex13= {2473323d2022617069} \n \t\t $hex14= {2473333d2022617069} \n \t\t $hex15= {2473343d2022617069} \n \t\t $hex16= {2473353d2022617069} \n \t\t $hex17= {2473363d2022617069} \n \t\t $hex18= {2473373d2022617069} \n \t\t $hex19= {2473383d2022617069} \n \t\t $hex20= {2473393d2022617069} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a Group", "expiration": null, "is_active": 1 }, { "id": 3360593430, "indicator": "aeca23f69b766cf1a86cbf81164f6d0a1d77abe3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3afa9243b3aeb534e02426569d85e517\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 Group", "expiration": null, "is_active": 1 }, { "id": 3360593431, "indicator": "b563226eeaefc5b695fc0b8a01ee396c8de9ddae", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19610f0d343657f6842d2045e8818f09\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 Group", "expiration": null, "is_active": 1 }, { "id": 2688538986, "indicator": "0b47d7b47bc798c2c5b1b42ab71f8bca89bae277", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of d69598758998cf5f677be9312b807938\nSHA1 of d69598758998cf5f677be9312b807938", "expiration": null, "is_active": 1 }, { "id": 2708536, "indicator": "5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of d69598758998cf5f677be9312b807938\nSHA256 of d69598758998cf5f677be9312b807938", "expiration": null, "is_active": 1 }, { "id": 3360593432, "indicator": "ced44b1ee1cf6ecdf4a06e6bcd53e685d1ab027e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d69598758998cf5f677be9312b807938\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 Group", "expiration": null, "is_active": 1 }, { "id": 10993936, "indicator": "7fe6c8191749767254513b03da03cfbf6dd6c139", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of db212129be94fe77362751c557d0e893", "expiration": null, "is_active": 1 }, { "id": 2663221, "indicator": "fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of db212129be94fe77362751c557d0e893", "expiration": null, "is_active": 1 }, { "id": 3360593433, "indicator": "e23c24792e608f62d1337bbf34f38d672c37f429", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"db212129be94fe77362751c557d0e893\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $a1= \"D:ProjectsByPassAVWin32Project2ReleaseWin32Project2.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022443a50} \n \t\t $hex2= {247331303d20226170} \n \t\t $hex3= {247331313d20226170} \n \t\t $hex4= {247331323d20226170} \n \t\t $hex5= {247331333d20226170} \n \t\t $hex6= {247331343d20226170} \n \t\t $hex7= {247331353d20226578} \n \t\t $hex8= {247331363d20226578} \n \t\t $hex9= {247331373d20226578} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593434, "indicator": "267f78b93f731ad02335df1ce269d13c113a1c22", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"686bb59ea637fb3af214c8c21761cda8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 Group", "expiration": null, "is_active": 1 }, { "id": 3360593435, "indicator": "fe67d8868073bcc3b9f659ada96b612c676b56d6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_44a700a18b4cf050bfde1f9218b822bb37c770d16431052bf827f2544cd51ec0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_44a700a18b4cf050bfde1f9218b822bb37c770d16431052bf827f2544cd51ec0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"433f5dc5546d98cc9e4597b342df31cf\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode\" fullword ascii \n \t\t $a2= \"StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet\" fullword ascii \n \n \t\t $hex1= {2461313d2022537461} \n \t\t $hex2= {2461323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_44a700a18b4cf050bfde1f9218b822bb37c770d16431052bf827f2544cd51ec0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593436, "indicator": "0c30cf3602e9e1f991ecc644f7bc6f86ea0f3062", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-51-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c1cb28327d3364768d1c1e4ce0d9bc07\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $a1= \"D:ProjectsByPassAVWin32Project2ReleaseWin32Project2.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022443a50} \n \t\t $hex2= {247331303d20226170} \n \t\t $hex3= {247331313d20226170} \n \t\t $hex4= {247331323d20226170} \n \t\t $hex5= {247331333d20226170} \n \t\t $hex6= {247331343d20226170} \n \t\t $hex7= {247331353d20226578} \n \t\t $hex8= {247331363d20226578} \n \t\t $hex9= {247331373d20226578} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 Group", "expiration": null, "is_active": 1 }, { "id": 3360593437, "indicator": "35c3a240f4d68b55e6035eb7b425fef4d41397bb", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0c0a39e1cab4fc9896bdf5ef3c96a716\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d Group", "expiration": null, "is_active": 1 }, { "id": 3360593438, "indicator": "47818a569a1e929c38b9bfa0179597e96ba492bd", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"16ab92cc9a5d40cf0e3fa01fed0dd80f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022617069} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 Group", "expiration": null, "is_active": 1 }, { "id": 10993759, "indicator": "01edb82de7b9666eaa5d2791a14092f2e73d2795", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Inject-15717", "description": "SHA1 of f03f70d331c6564aec8931f481949188\nSHA1 of f03f70d331c6564aec8931f481949188", "expiration": null, "is_active": 1 }, { "id": 2150306, "indicator": "45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Inject-15717", "description": "SHA256 of f03f70d331c6564aec8931f481949188\nSHA256 of f03f70d331c6564aec8931f481949188", "expiration": null, "is_active": 1 }, { "id": 3360593439, "indicator": "302b0e826c8cd9e99f565bc42f188fe7405dcb36", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f03f70d331c6564aec8931f481949188\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CryptProtectMemory failed\" fullword wide \n \t\t $s2= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s3= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersion\" fullword wide \n \t\t $s5= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \n \t\t $hex1= {2473313d2022437279} \n \t\t $hex2= {2473323d2022437279} \n \t\t $hex3= {2473333d2022536543} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d20225f5f74} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 Group", "expiration": null, "is_active": 1 }, { "id": 3190220672, "indicator": "645875d45e1b0fe6e80f2dae54fda27080a88d30", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 69f8ac18b047aa0c70eaf982fa1e483c", "expiration": null, "is_active": 1 }, { "id": 1636611314, "indicator": "e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 69f8ac18b047aa0c70eaf982fa1e483c", "expiration": null, "is_active": 1 }, { "id": 3360593440, "indicator": "d637ee5f7f00052165d1b6e51c99c2cf4b538a9c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"69f8ac18b047aa0c70eaf982fa1e483c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022406170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 Group", "expiration": null, "is_active": 1 }, { "id": 3360593441, "indicator": "ab42e226f5161e61f4eaf903cc8cd7c170cba3df", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"62898b77bd9e8e286d6bc760f3e28981\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 Group", "expiration": null, "is_active": 1 }, { "id": 12129077, "indicator": "16a046d2557cc6377d713e21f14f1ebea7128419", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 37c89f291dbe880b1f3ac036e6b9c558", "expiration": null, "is_active": 1 }, { "id": 2150321, "indicator": "e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 37c89f291dbe880b1f3ac036e6b9c558", "expiration": null, "is_active": 1 }, { "id": 3360593442, "indicator": "680b104c61c6703a253ec6b5a6f26a4b55d5ddd7", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37c89f291dbe880b1f3ac036e6b9c558\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b Group", "expiration": null, "is_active": 1 }, { "id": 2114947613, "indicator": "965013bf24513f9c312db9483f87d3c87e1b77ba", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA1 of f310584eb1538cb78ca8c225038b2e54", "expiration": null, "is_active": 1 }, { "id": 2582626748, "indicator": "ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA256 of f310584eb1538cb78ca8c225038b2e54", "expiration": null, "is_active": 1 }, { "id": 3360593443, "indicator": "088c9c0f604d33bee5d2cc3a5367f390019608df", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f310584eb1538cb78ca8c225038b2e54\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"basic_string::append(const basic_string&,size_type,size_type)\" fullword ascii \n \t\t $a2= \"basic_string::insert(size_t,const basic_string&,size_t,size_t)\" fullword ascii \n \t\t $a3= \"basic_string::replace(size_t,size_t,char*,size_t,size_t,size_t)\" fullword ascii \n \n \t\t $hex1= {2461313d2022626173} \n \t\t $hex2= {2461323d2022626173} \n \t\t $hex3= {2461333d2022626173} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_10_ddeeedc8ab9ab3b90c2e36340d4674fda3b458c0afd7514735b2857f26b14c6d Group", "expiration": null, "is_active": 1 }, { "id": 3360593444, "indicator": "49d4f7a43ebe65c53e6831bc10b736f3a17e6e02", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac0ff4bad83350b7dde27af8728a469f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Capi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"HARDWAREDESCRIPTIONSystemCentralProcessor0\" fullword wide \n \t\t $s19= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s20= \"spanish-dominican republic\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20224361} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d20224841} \n \t\t $hex10= {247331393d2022534f} \n \t\t $hex11= {2473313d2022617069} \n \t\t $hex12= {247332303d20227370} \n \t\t $hex13= {2473323d2022617069} \n \t\t $hex14= {2473333d2022617069} \n \t\t $hex15= {2473343d2022617069} \n \t\t $hex16= {2473353d2022617069} \n \t\t $hex17= {2473363d2022617069} \n \t\t $hex18= {2473373d2022617069} \n \t\t $hex19= {2473383d2022617069} \n \t\t $hex20= {2473393d2022617069} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca Group", "expiration": null, "is_active": 1 }, { "id": 3360593445, "indicator": "6ad07aa5db4f6b5ca0451c3c29d7d0afd378927a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2bd698ae474b18cf4748edd99bd6c9e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Eapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"spanish-dominican republic\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20224561} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d20227370} \n \t\t $hex10= {2473313d2022617069} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d Group", "expiration": null, "is_active": 1 }, { "id": 3360593446, "indicator": "480e3fe49e3acb71e1a466e8ba2d02997eaf278e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of e696b38ac71b23f50ee68da06a004af3", "expiration": null, "is_active": 1 }, { "id": 2708531, "indicator": "da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of e696b38ac71b23f50ee68da06a004af3", "expiration": null, "is_active": 1 }, { "id": 3360593447, "indicator": "98b77683f925505ddf2fb6d32fde5377efb02b7a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-50-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e696b38ac71b23f50ee68da06a004af3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CryptProtectMemory failed\" fullword wide \n \t\t $s2= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s3= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersion\" fullword wide \n \t\t $s5= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \n \t\t $hex1= {2473313d2022437279} \n \t\t $hex2= {2473323d2022437279} \n \t\t $hex3= {2473333d2022536543} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d20225f5f74} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e Group", "expiration": null, "is_active": 1 }, { "id": 3190220686, "indicator": "be20358792f69fd73ea45a0d234ce07ecc927d9e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Exploit.Agent-1388627", "description": "SHA1 of 1ecbff1a46a8ec9a0c3ee45a390950a0", "expiration": null, "is_active": 1 }, { "id": 1598883459, "indicator": "cc08a9f69fc3bdca898160196b90fec633e79e0286fd12b5f64dee58812133cc", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Exploit.Agent-1388627", "description": "SHA256 of 1ecbff1a46a8ec9a0c3ee45a390950a0", "expiration": null, "is_active": 1 }, { "id": 3360593508, "indicator": "a052f1ef4ab3d10c4ee552adcdac375133acbf1a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_cc08a9f69fc3bdca898160196b90fec633e79e0286fd12b5f64dee58812133cc { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_cc08a9f69fc3bdca898160196b90fec633e79e0286fd12b5f64dee58812133cc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1ecbff1a46a8ec9a0c3ee45a390950a0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $a1= \"DHLD]VFLMCEK]OKTXTLMFV]SU[M_[dhld|}vflmcek}oktx|tlmfv|}su{m\" fullword ascii \n \n \t\t $hex1= {2461313d202244484c} \n \t\t $hex2= {2473313d2022446f63} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_cc08a9f69fc3bdca898160196b90fec633e79e0286fd12b5f64dee58812133cc Group", "expiration": null, "is_active": 1 }, { "id": 12129083, "indicator": "69620adf44795ee5293ce301cd3d70045e332bbf", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 1d0105cf8e076b33ed499f1dfef9a46b", "expiration": null, "is_active": 1 }, { "id": 2150315, "indicator": "d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 1d0105cf8e076b33ed499f1dfef9a46b", "expiration": null, "is_active": 1 }, { "id": 3360593509, "indicator": "45391728c576bfe13606de2dcb0bd0796afef08d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1d0105cf8e076b33ed499f1dfef9a46b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed Group", "expiration": null, "is_active": 1 }, { "id": 3360593510, "indicator": "ed5a7393d4de8f8491b6d31981d67f063024d7a7", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c0c8dcc9dad39da8278bf8956e30a3fc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e Group", "expiration": null, "is_active": 1 }, { "id": 3360593511, "indicator": "d89c5f708b1098a116607a594715862bffd1d789", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"583ab1678588b754899b9d2c58f20aa2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 Group", "expiration": null, "is_active": 1 }, { "id": 10993761, "indicator": "1df29c63c917b089fe0fc099e2783c0c679892e5", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of dbb867c2250b5be4e67d1977fcf721fb", "expiration": null, "is_active": 1 }, { "id": 2150319, "indicator": "cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of dbb867c2250b5be4e67d1977fcf721fb", "expiration": null, "is_active": 1 }, { "id": 3360593512, "indicator": "a06c8c8daac86eb4f4d4676722d50111cbca6b91", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dbb867c2250b5be4e67d1977fcf721fb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 Group", "expiration": null, "is_active": 1 }, { "id": 3360593513, "indicator": "6053c6fad74f8b47494609af439244e69d262b16", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "NETDLLMicrosoft", "description": "SHA1 of da5ee020bef41dc95c3532cbaa1ea8f4", "expiration": null, "is_active": 1 }, { "id": 3360593514, "indicator": "2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "NETDLLMicrosoft", "description": "SHA256 of da5ee020bef41dc95c3532cbaa1ea8f4", "expiration": null, "is_active": 1 }, { "id": 3360593515, "indicator": "1ec9969429ff91e6d8f933dabde30e00eb15b769", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"da5ee020bef41dc95c3532cbaa1ea8f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreationOriginatorIdColumn\" fullword wide \n \t\t $s2= \"DeletionOriginatorIdColumn\" fullword wide \n \t\t $s3= \"http://www.microsoft.com/sql/\" fullword wide \n \t\t $s4= \"Microsoft.Synchronization.Data.Server\" fullword wide \n \t\t $s5= \"Microsoft.Synchronization.Data.Server.dll\" fullword wide \n \t\t $s6= \"OverloadNotSupportedWithSCT\" fullword wide \n \t\t $s7= \"SelectConflictDeletedRowsCommand\" fullword wide \n \t\t $s8= \"SelectConflictUpdatedRowsCommand\" fullword wide \n \t\t $s9= \"SqlChangeTrackingCheckMessage\" fullword wide \n \t\t $s10= \":sync_last_received_anchor\" fullword wide \n \t\t $s11= \"@sync_last_received_anchor\" fullword wide \n \t\t $s12= \"sync_last_received_anchor\" fullword wide \n \t\t $s13= \":sync_max_received_anchor\" fullword wide \n \t\t $s14= \"@sync_max_received_anchor\" fullword wide \n \t\t $s15= \":sync_new_received_anchor\" fullword wide \n \t\t $s16= \"@sync_new_received_anchor\" fullword wide \n \t\t $s17= \"SYS_CHANGE_CREATION_VERSION \" fullword wide \n \t\t $s18= \"TombstoneFilterParameters\" fullword wide \n \t\t $s19= \"TombstoneProjectionColumns\" fullword wide \n \n \t\t $hex1= {247331303d20223a73} \n \t\t $hex2= {247331313d20224073} \n \t\t $hex3= {247331323d20227379} \n \t\t $hex4= {247331333d20223a73} \n \t\t $hex5= {247331343d20224073} \n \t\t $hex6= {247331353d20223a73} \n \t\t $hex7= {247331363d20224073} \n \t\t $hex8= {247331373d20225359} \n \t\t $hex9= {247331383d2022546f} \n \t\t $hex10= {247331393d2022546f} \n \t\t $hex11= {2473313d2022437265} \n \t\t $hex12= {2473323d202244656c} \n \t\t $hex13= {2473333d2022687474} \n \t\t $hex14= {2473343d20224d6963} \n \t\t $hex15= {2473353d20224d6963} \n \t\t $hex16= {2473363d20224f7665} \n \t\t $hex17= {2473373d202253656c} \n \t\t $hex18= {2473383d202253656c} \n \t\t $hex19= {2473393d202253716c} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 Group", "expiration": null, "is_active": 1 }, { "id": 3360593516, "indicator": "328013498d545fd5dfadf41d13a6325fa84aada2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"13cdd0d9f222a47589c5c71fa3ac2cbe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Eapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"spanish-dominican republic\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20224561} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d20227370} \n \t\t $hex10= {2473313d2022617069} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e Group", "expiration": null, "is_active": 1 }, { "id": 10993764, "indicator": "2c1b42e8c8acea5082275b6ea5f5c64ebaf4fa30", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 472b1710794d5c420b9d921c484ca9e8", "expiration": null, "is_active": 1 }, { "id": 2150303, "indicator": "e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 472b1710794d5c420b9d921c484ca9e8", "expiration": null, "is_active": 1 }, { "id": 3360593517, "indicator": "83339efd386a1e42165d05cbd406164cc3f74182", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"472b1710794d5c420b9d921c484ca9e8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e Group", "expiration": null, "is_active": 1 }, { "id": 10993935, "indicator": "7cb04a4b86d998604341bc2b610a0a556830993d", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 7891f00dcab0e4a2f928422062e94213", "expiration": null, "is_active": 1 }, { "id": 2663220, "indicator": "b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 7891f00dcab0e4a2f928422062e94213", "expiration": null, "is_active": 1 }, { "id": 3360593518, "indicator": "f38617393f9eceafd655242b8e403eab8b51e7fa", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7891f00dcab0e4a2f928422062e94213\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df Group", "expiration": null, "is_active": 1 }, { "id": 10993946, "indicator": "a91669bb4dcb713e997ddf98417730de78cb990a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of ca9644ef0f7ed355a842f6e2d4511546", "expiration": null, "is_active": 1 }, { "id": 2150322, "indicator": "bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of ca9644ef0f7ed355a842f6e2d4511546", "expiration": null, "is_active": 1 }, { "id": 3360593519, "indicator": "e4db05a5d9f22b283ba68233a88bb6f484a73358", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ca9644ef0f7ed355a842f6e2d4511546\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022416170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 Group", "expiration": null, "is_active": 1 }, { "id": 3360593520, "indicator": "49edf48beace30af77b1a9d6ea8429c98ae8e40b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_6235eb409e3f1e47191e46005f8c49ff0ca8c6fb0a94c96829f38ace16090527 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6235eb409e3f1e47191e46005f8c49ff0ca8c6fb0a94c96829f38ace16090527 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e8d1e8518d10893eab0b1b1ebb6c97d\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"CFLocaleCreateCanonicalLocaleIdentifierFromScriptManagerCodes\" fullword ascii \n \t\t $a2= \"OBJC_METACLASS_$_CFXPreferencesPropertyListSourceSynchronizer\" fullword ascii \n \n \t\t $hex1= {2461313d202243464c} \n \t\t $hex2= {2461323d20224f424a} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_6235eb409e3f1e47191e46005f8c49ff0ca8c6fb0a94c96829f38ace16090527 Group", "expiration": null, "is_active": 1 }, { "id": 3360593521, "indicator": "afdb846441f80925eb9758fe25489fe23ca305e5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7af04a468de09c519681dcb0bd77030b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 Group", "expiration": null, "is_active": 1 }, { "id": 10993947, "indicator": "a954a3f20ef8065d98d9e3a3c5ae254e27c63bf6", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "apt_OpCloudHopper_Malware_3", "description": "SHA1 of f5744d72c6919f994ff452b0e758ffee", "expiration": null, "is_active": 1 }, { "id": 2663212, "indicator": "f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "apt_OpCloudHopper_Malware_3", "description": "SHA256 of f5744d72c6919f994ff452b0e758ffee", "expiration": null, "is_active": 1 }, { "id": 3360593522, "indicator": "7120d59e2d7d15b67f8ee6160b61bee78476c294", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f5744d72c6919f994ff452b0e758ffee\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 Group", "expiration": null, "is_active": 1 }, { "id": 3360593523, "indicator": "2d13c928d3eafd7b05fa83a6528c5c9d09febc69", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"007f5599898ab9013672226b4c5f57e1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"StatePatternGame.Document\" fullword wide \n \n \t\t $hex1= {2473313d2022264162} \n \t\t $hex2= {2473323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da Group", "expiration": null, "is_active": 1 }, { "id": 3190220684, "indicator": "a4172475037f7b0031a14a869d43cc4bde2a0f16", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 257b3ed1145c25e3e67f83f61a637034", "expiration": null, "is_active": 1 }, { "id": 2708538, "indicator": "eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 257b3ed1145c25e3e67f83f61a637034", "expiration": null, "is_active": 1 }, { "id": 3360593524, "indicator": "1772a47989f7a7586e9f7f99c55b04cfce60c259", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"257b3ed1145c25e3e67f83f61a637034\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A8Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022413842} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b Group", "expiration": null, "is_active": 1 }, { "id": 3360593525, "indicator": "b8da6683847ebc3f87279d910ba05ea7403183be", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"83448fc10f297a6968aeda7c02b09051\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s4= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin1.inl\" fullword wide \n \t\t $s5= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin2.inl\" fullword wide \n \t\t $s6= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcauxdata.cpp\" fullword wide \n \n \t\t $hex1= {2473313d2022253270} \n \t\t $hex2= {2473323d2022253270} \n \t\t $hex3= {2473333d2022434c53} \n \t\t $hex4= {2473343d2022663a64} \n \t\t $hex5= {2473353d2022663a64} \n \t\t $hex6= {2473363d2022663a64} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 Group", "expiration": null, "is_active": 1 }, { "id": 3360593526, "indicator": "efbc4785a018e5fc5eecaa0d38463660e33af8e5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b3139b26a2dabb9b6e728884d8fa8b33\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"3Qvlkbvjcq%Lhdblkdqljk%Lkcjwhdqljk%Q`fmkjijb|%Fj+)%Iqa+4:58\" fullword ascii \n \t\t $a2= \"7/$*7/$$6.' 7/$\" fullword ascii \n \t\t $a3= \";@;D;H;L;P;T;X;;`;d;h;l;p;t;x;|;\" fullword ascii \n \t\t $a4= \"J{=T~3J|6Js5Hv+Nt)Ok/Mi-Ba\" fullword ascii \n \t\t $a5= \"StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode\" fullword ascii \n \t\t $a6= \"StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet\" fullword ascii \n \t\t $a7= \"Yniu~iizyy~iD~oOizxpRu}tivzortu!;3}ti;OIZXPDUNVY^IDRUMRHRYW^2\" fullword ascii \n \n \t\t $hex1= {2461313d2022335176} \n \t\t $hex2= {2461323d2022372f24} \n \t\t $hex3= {2461333d20223b403b} \n \t\t $hex4= {2461343d20224a7b3d} \n \t\t $hex5= {2461353d2022537461} \n \t\t $hex6= {2461363d2022537461} \n \t\t $hex7= {2461373d2022596e69} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 Group", "expiration": null, "is_active": 1 }, { "id": 3360593527, "indicator": "bdfe41590c2eb16049c38508cd9795d723eb13b3", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of e1fbf8d74b622fde3cf765a3a51ca39f", "expiration": null, "is_active": 1 }, { "id": 1294676657, "indicator": "6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of e1fbf8d74b622fde3cf765a3a51ca39f", "expiration": null, "is_active": 1 }, { "id": 3360593528, "indicator": "0c3840c020887e78d2b1ca26bcc7323710edad5c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e1fbf8d74b622fde3cf765a3a51ca39f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff Group", "expiration": null, "is_active": 1 }, { "id": 3360593529, "indicator": "e72a72f1b44a565ec949c310bd367514772c61ff", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b18a316b2ce6e099fe7fbf69283cbc5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%04u%02u%02u%02u%02u%02u%03u\" fullword wide \n \t\t $s2= \"%04u-%02u-%02u %02u:%02u:%02u.%03u\" fullword wide \n \t\t $s3= \"{246F6A8E-F679-4E06-98EE-6F6984DC4727}\" fullword wide \n \t\t $s4= \"{246F6A8E-F679-4E06-98EE-6F6984DC4727}:BASS:%d\" fullword wide \n \t\t $s5= \"%.2X-%.2X-%.2X-%.2X-%.2X-%.2X\" fullword wide \n \t\t $s6= \"http://www.ip138.com/ip2city.asp\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet Explorer\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts\" fullword wide \n \t\t $s9= \"SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem\" fullword wide \n \t\t $s10= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s11= \"ThreadSafeCmdHandleWndClass\" fullword wide \n \n \t\t $hex1= {247331303d2022534f} \n \t\t $hex2= {247331313d20225468} \n \t\t $hex3= {2473313d2022253034} \n \t\t $hex4= {2473323d2022253034} \n \t\t $hex5= {2473333d20227b3234} \n \t\t $hex6= {2473343d20227b3234} \n \t\t $hex7= {2473353d2022252e32} \n \t\t $hex8= {2473363d2022687474} \n \t\t $hex9= {2473373d2022536f66} \n \t\t $hex10= {2473383d2022536f66} \n \t\t $hex11= {2473393d2022534f46} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf Group", "expiration": null, "is_active": 1 }, { "id": 3360593530, "indicator": "2ffa108ea48cfa30dcc5517cec489cef061ad309", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_12dc5c7b9c08f0654f31c274ba84c39af5ab8514b762a07b7b48439323f85bcd { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_12dc5c7b9c08f0654f31c274ba84c39af5ab8514b762a07b7b48439323f85bcd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d1adc4f3a766b1bc55e3508c380c6d3d\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode\" fullword ascii \n \t\t $a2= \"StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet\" fullword ascii \n \n \t\t $hex1= {2461313d2022537461} \n \t\t $hex2= {2461323d2022537461} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_10_12dc5c7b9c08f0654f31c274ba84c39af5ab8514b762a07b7b48439323f85bcd Group", "expiration": null, "is_active": 1 }, { "id": 3360593531, "indicator": "5fa2eee9b270fefba43efed5e0f654a50eda357a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"93a4328e1e347447044146b53972cd37\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"?AfxDynamicDownCast@@YAPAVCObject@@PAUCRuntimeClass@@PAV1@@Z\" fullword ascii \n \t\t $a2= \"?Begin@CDrawDib@@QAEHPAUHDC__@@HHPAUtagBITMAPINFOHEADER@@HHI@Z\" fullword ascii \n \t\t $a3= \"??_C@_0BN@KDJK@unsigned?5char?5shellcode?$FL?$FN?5?$DN?$HL?$AA@\" fullword ascii \n \t\t $a4= \"??_C@_0CB@LBOB@R6018?$AN?6?9?5unexpected?5heap?5error?$AN?6@\" fullword ascii \n \t\t $a5= \"?classCArchiveException@CArchiveException@@2UCRuntimeClass@@B\" fullword ascii \n \t\t $a6= \"?classCResourceException@CResourceException@@2UCRuntimeClass@@B\" fullword ascii \n \t\t $a7= \"?_connectionEntries@CCmdTarget@@0QBUAFX_CONNECTIONMAP_ENTRY@@B\" fullword ascii \n \t\t $a8= \"?CreateInstance@AFX_COM@@QAEJABU_GUID@@PAUIUnknown@@0PAPAX@Z\" fullword ascii \n \t\t $a9= \"?DrawDragRect@CDC@@QAEXPBUtagRECT@@UtagSIZE@@01PAVCBrush@@2@Z\" fullword ascii \n \t\t $a10= \"?_eventsinkEntries@CCmdTarget@@0QBUAFX_EVENTSINKMAP_ENTRY@@B\" fullword ascii \n \t\t $a11= \"?GetData@CProcessLocalObject@@QAEPAVCNoTrackObject@@P6GPAV2@XZ@Z\" fullword ascii \n \t\t $a12= \"?GetData@CThreadLocalObject@@QAEPAVCNoTrackObject@@P6GPAV2@XZ@Z\" fullword ascii \n \t\t $a13= \"?GetFont@CDialogTemplate@@SAHPBUDLGTEMPLATE@@AAVCString@@AAG@Z\" fullword ascii \n \t\t $a14= \"?GetImage@CBomber@@UAE?AU_ImageIdentifierType@CImageManager@@XZ\" fullword ascii \n \t\t $a15= \"?GetImage@CBonus@@UAE?AU_ImageIdentifierType@CImageManager@@XZ\" fullword ascii \n \t\t $a16= \"?GetImage@CBullet@@UAE?AU_ImageIdentifierType@CImageManager@@XZ\" fullword ascii \n \t\t $a17= \"?GetImage@CTankObj@@UAE?AU_ImageIdentifierType@CImageManager@@XZ\" fullword ascii \n \t\t $a18= \"?GetRuntimeClass@CNotSupportedException@@UBEPAUCRuntimeClass@@XZ\" fullword ascii \n \t\t $a19= \"?GetRuntimeClass@CResourceException@@UBEPAUCRuntimeClass@@XZ\" fullword ascii \n \t\t $a20= \"?GrayCtlColor@CWnd@@SGHPAUHDC__@@PAUHWND__@@IPAUHBRUSH__@@K@Z\" fullword ascii \n \t\t $a21= \"?InitModalIndirect@CDialog@@QAEHPBUDLGTEMPLATE@@PAVCWnd@@PAX@Z\" fullword ascii \n \t\t $a22= \"?_interfaceEntries@CCmdTarget@@0QBUAFX_INTERFACEMAP_ENTRY@@B\" fullword ascii \n \t\t $a23= \"?UpdateImage@CImageManager@@QAEXAAU_ImageIdentifierType@1@AAH@Z\" fullword ascii \n \n \t\t $hex1= {246131303d20223f5f} \n \t\t $hex2= {246131313d20223f47} \n \t\t $hex3= {246131323d20223f47} \n \t\t $hex4= {246131333d20223f47} \n \t\t $hex5= {246131343d20223f47} \n \t\t $hex6= {246131353d20223f47} \n \t\t $hex7= {246131363d20223f47} \n \t\t $hex8= {246131373d20223f47} \n \t\t $hex9= {246131383d20223f47} \n \t\t $hex10= {246131393d20223f47} \n \t\t $hex11= {2461313d20223f4166} \n \t\t $hex12= {246132303d20223f47} \n \t\t $hex13= {246132313d20223f49} \n \t\t $hex14= {246132323d20223f5f} \n \t\t $hex15= {246132333d20223f55} \n \t\t $hex16= {2461323d20223f4265} \n \t\t $hex17= {2461333d20223f3f5f} \n \t\t $hex18= {2461343d20223f3f5f} \n \t\t $hex19= {2461353d20223f636c} \n \t\t $hex20= {2461363d20223f636c} \n \t\t $hex21= {2461373d20223f5f63} \n \t\t $hex22= {2461383d20223f4372} \n \t\t $hex23= {2461393d20223f4472} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef Group", "expiration": null, "is_active": 1 }, { "id": 3360593532, "indicator": "84098de6ba3f3082643a825d756bcac163073874", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3cbb5664d70bbe62f19ee28f26f21d7e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s18= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {247331383d2022534f} \n \t\t $hex10= {2473313d2022406170} \n \t\t $hex11= {2473323d2022617069} \n \t\t $hex12= {2473333d2022617069} \n \t\t $hex13= {2473343d2022617069} \n \t\t $hex14= {2473353d2022617069} \n \t\t $hex15= {2473363d2022617069} \n \t\t $hex16= {2473373d2022617069} \n \t\t $hex17= {2473383d2022617069} \n \t\t $hex18= {2473393d2022617069} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 Group", "expiration": null, "is_active": 1 }, { "id": 3360593533, "indicator": "2db100683e00714dbaa5cc65ee6b83f1b80022be", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac725400d9a5fe832dd40a1afb2951f8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 Group", "expiration": null, "is_active": 1 }, { "id": 3190220678, "indicator": "8403190b6a2f6445f77022cb5eaffdd858a5784a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 84e767032054e0c2fef5764fb60679f4", "expiration": null, "is_active": 1 }, { "id": 1564141967, "indicator": "f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 84e767032054e0c2fef5764fb60679f4", "expiration": null, "is_active": 1 }, { "id": 3360593534, "indicator": "4188f5706f6cb763b64c2f98fc3c8297870b9c31", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"84e767032054e0c2fef5764fb60679f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WindowsMicrosoft.NETFramework64v4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NETFrameworkv4.0.30319InstallUtil.exe\" fullword wide \n \t\t $s3= \"=^@ZTSFY|KyjAo=+7/lJ$x s#\" fullword wide \n \n \t\t $hex1= {2473313d2022433a57} \n \t\t $hex2= {2473323d2022433a57} \n \t\t $hex3= {2473333d20223d5e40} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 Group", "expiration": null, "is_active": 1 }, { "id": 2233965400, "indicator": "84bfc398487494552a2876e32dc8fb4f6f377a08", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of c2a07ca21ecad714821df647ada8ecaa", "expiration": null, "is_active": 1 }, { "id": 1294676765, "indicator": "c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of c2a07ca21ecad714821df647ada8ecaa", "expiration": null, "is_active": 1 }, { "id": 3360593535, "indicator": "97ea5692cea36e4090e2c0543fce8a9e3604e527", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-49-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c2a07ca21ecad714821df647ada8ecaa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s16= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s17= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \n \t\t $hex1= {247331303d20226170} \n \t\t $hex2= {247331313d20226170} \n \t\t $hex3= {247331323d20226170} \n \t\t $hex4= {247331333d20226170} \n \t\t $hex5= {247331343d20226170} \n \t\t $hex6= {247331353d20226578} \n \t\t $hex7= {247331363d20226578} \n \t\t $hex8= {247331373d20226578} \n \t\t $hex9= {2473313d2022416170} \n \t\t $hex10= {2473323d2022617069} \n \t\t $hex11= {2473333d2022617069} \n \t\t $hex12= {2473343d2022617069} \n \t\t $hex13= {2473353d2022617069} \n \t\t $hex14= {2473363d2022617069} \n \t\t $hex15= {2473373d2022617069} \n \t\t $hex16= {2473383d2022617069} \n \t\t $hex17= {2473393d2022617069} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593607, "indicator": "db251f391d8d8225f1f49becc1fcd3a3403fd3c1", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA1 of 88a209f2517dabe3856ae013a2055590", "expiration": null, "is_active": 1 }, { "id": 1386572457, "indicator": "7039c3170591fc23820df089aec3c7003262840ec62c6bef2ef87cfe152ef449", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA256 of 88a209f2517dabe3856ae013a2055590", "expiration": null, "is_active": 1 }, { "id": 3360593608, "indicator": "e373550703f85af53a53fc201785a231a72757e1", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_7039c3170591fc23820df089aec3c7003262840ec62c6bef2ef87cfe152ef449 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7039c3170591fc23820df089aec3c7003262840ec62c6bef2ef87cfe152ef449 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-46-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"88a209f2517dabe3856ae013a2055590\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s2= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s4= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022475549} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022536541} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7039c3170591fc23820df089aec3c7003262840ec62c6bef2ef87cfe152ef449 Group", "expiration": null, "is_active": 1 }, { "id": 3360593609, "indicator": "7b37132ec8aeb90755293028c1732fcb9b59bb9c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA1 of 4ed742093b5db4f53df9fd6563bec268", "expiration": null, "is_active": 1 }, { "id": 1386572603, "indicator": "91dada758659b410889a8a31c2fa04bed18e0eb6ed20c253b436b39f2bef0dc8", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA256 of 4ed742093b5db4f53df9fd6563bec268", "expiration": null, "is_active": 1 }, { "id": 3360593610, "indicator": "77333100882e3a41c7fd734787990598cbe55ecd", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_91dada758659b410889a8a31c2fa04bed18e0eb6ed20c253b436b39f2bef0dc8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_91dada758659b410889a8a31c2fa04bed18e0eb6ed20c253b436b39f2bef0dc8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-46-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4ed742093b5db4f53df9fd6563bec268\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_91dada758659b410889a8a31c2fa04bed18e0eb6ed20c253b436b39f2bef0dc8 Group", "expiration": null, "is_active": 1 }, { "id": 3360593611, "indicator": "1c1d6c3293c139437f88b5c24b4599c1538354df", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of b05626498155a014709aecfbf6f867fc", "expiration": null, "is_active": 1 }, { "id": 1386572900, "indicator": "dbdab24e6f7d76df39ab99e0b40f722a78e5525a6b7edfbb8ebc553230920a54", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of b05626498155a014709aecfbf6f867fc", "expiration": null, "is_active": 1 }, { "id": 3360593612, "indicator": "13cc701049227fd3a071f38594a088bd3166e5a8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_dbdab24e6f7d76df39ab99e0b40f722a78e5525a6b7edfbb8ebc553230920a54 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_dbdab24e6f7d76df39ab99e0b40f722a78e5525a6b7edfbb8ebc553230920a54 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-46-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b05626498155a014709aecfbf6f867fc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6fd2cc92-98bd-450c-a333-59d12c71a64c\" fullword wide \n \t\t $s2= \"febcoupon.Properties.Resource\" fullword wide \n \n \t\t $hex1= {2473313d2022366664} \n \t\t $hex2= {2473323d2022666562} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_dbdab24e6f7d76df39ab99e0b40f722a78e5525a6b7edfbb8ebc553230920a54 Group", "expiration": null, "is_active": 1 }, { "id": 3360593613, "indicator": "1cb70e1c9b355182d137f4c888e1b2e63ddb334a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_fe62016faf3115405dd81353fd9077d183c2c38553a6aa8fe0261da4cf45ff0e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_fe62016faf3115405dd81353fd9077d183c2c38553a6aa8fe0261da4cf45ff0e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-45-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"46b255cb008d99da1d0fe1eb51006a6a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AllesAnhaltenToolStripMenuItem\" fullword wide \n \t\t $s2= \".Configurations datei.ini\" fullword wide \n \t\t $s3= \"ProgrammAufrufenToolStripMenuItem\" fullword wide \n \t\t $s4= \"WindowsApplication1.Resources\" fullword wide \n \t\t $s5= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s6= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022416c6c} \n \t\t $hex2= {2473323d20222e436f} \n \t\t $hex3= {2473333d202250726f} \n \t\t $hex4= {2473343d202257696e} \n \t\t $hex5= {2473353d202257696e} \n \t\t $hex6= {2473363d202257696e} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_fe62016faf3115405dd81353fd9077d183c2c38553a6aa8fe0261da4cf45ff0e Group", "expiration": null, "is_active": 1 }, { "id": 3360593614, "indicator": "23e491521f93d675d15bd17e4acb7f844502b2bc", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of cc736a33b3a487acf2103e42fed233f2", "expiration": null, "is_active": 1 }, { "id": 1386572878, "indicator": "d7dc425c79aaf63ad582786162609edd02ace53588133b7e41f0d4a79193f2cb", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of cc736a33b3a487acf2103e42fed233f2", "expiration": null, "is_active": 1 }, { "id": 3360593615, "indicator": "4bb5c795f83ca86a3c947275410160a41f9eb499", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d7dc425c79aaf63ad582786162609edd02ace53588133b7e41f0d4a79193f2cb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d7dc425c79aaf63ad582786162609edd02ace53588133b7e41f0d4a79193f2cb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-45-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cc736a33b3a487acf2103e42fed233f2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d7dc425c79aaf63ad582786162609edd02ace53588133b7e41f0d4a79193f2cb Group", "expiration": null, "is_active": 1 }, { "id": 3360593616, "indicator": "2b878ce3663406263f2f1b21b0bcf59b7b78af65", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA1 of 52de0906f129b1eb5ab6d79239db6e7d", "expiration": null, "is_active": 1 }, { "id": 1386572431, "indicator": "69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_unicode", "description": "SHA256 of 52de0906f129b1eb5ab6d79239db6e7d", "expiration": null, "is_active": 1 }, { "id": 3360593617, "indicator": "746e4f3008ec34092cd26b73238b0e8ee6306bd0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-45-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"52de0906f129b1eb5ab6d79239db6e7d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 Group", "expiration": null, "is_active": 1 }, { "id": 3360593618, "indicator": "3f9547bc95da7d80698548b57d640826f7fbb34c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_459a2bab1099fa9424a9d15521cb0793d7a2b324c549a292c46bd23b5c97aeb6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_459a2bab1099fa9424a9d15521cb0793d7a2b324c549a292c46bd23b5c97aeb6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-45-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"33daa34937b0d3e0b6879f66ef4ef4db\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About LayeredBitmapCtrlDemo...\" fullword wide \n \t\t $s2= \"About LayeredBitmapCtrlDemo\" fullword wide \n \n \t\t $hex1= {2473313d2022264162} \n \t\t $hex2= {2473323d202241626f} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_459a2bab1099fa9424a9d15521cb0793d7a2b324c549a292c46bd23b5c97aeb6 Group", "expiration": null, "is_active": 1 }, { "id": 3360593619, "indicator": "9c3286d9cdb1553fced732b6b7a99b7f4199141f", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of ac79b42f0394f4f1627338ccd448bdfe", "expiration": null, "is_active": 1 }, { "id": 1386572645, "indicator": "9ea0a986c1bf49837b2413735860e66a79419f12711780b35e0b182ca3a1c79c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of ac79b42f0394f4f1627338ccd448bdfe", "expiration": null, "is_active": 1 }, { "id": 3360593620, "indicator": "0a09d4e606568b8286dda8d7da8e26498ebf7005", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_9ea0a986c1bf49837b2413735860e66a79419f12711780b35e0b182ca3a1c79c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9ea0a986c1bf49837b2413735860e66a79419f12711780b35e0b182ca3a1c79c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac79b42f0394f4f1627338ccd448bdfe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9ea0a986c1bf49837b2413735860e66a79419f12711780b35e0b182ca3a1c79c Group", "expiration": null, "is_active": 1 }, { "id": 2889835832, "indicator": "2e06fd6ae36c5622934047f842c000466020147c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Bulta!rfn", "description": "SHA1 of 3fdde32236c52d21458ce2ae4c9b48d8", "expiration": null, "is_active": 1 }, { "id": 1386572125, "indicator": "24859c67a6689622fdaaec20f6b8a800eec45e74e08916a4fad6bf7b6f17c110", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Bulta!rfn", "description": "SHA256 of 3fdde32236c52d21458ce2ae4c9b48d8", "expiration": null, "is_active": 1 }, { "id": 3360593621, "indicator": "1d255d7982fdde8014e09621194f9c9803561ae2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_24859c67a6689622fdaaec20f6b8a800eec45e74e08916a4fad6bf7b6f17c110 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_24859c67a6689622fdaaec20f6b8a800eec45e74e08916a4fad6bf7b6f17c110 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3fdde32236c52d21458ce2ae4c9b48d8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2http://www.facebook.com/\" fullword wide \n \t\t $s2= \"abe2869f-9b47-4cd9-a358-c22904dba7f7\" fullword wide \n \t\t $a1= \"SOFTWAREClassesTypeLib{9EA55529-E122-4757-BC79-E4825F80732C}\" fullword ascii \n \t\t $a2= \"SOFTWAREClassesTypeLib{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}\" fullword ascii \n \t\t $a3= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \n \t\t $hex1= {2461313d2022534f46} \n \t\t $hex2= {2461323d2022534f46} \n \t\t $hex3= {2461333d2022536f66} \n \t\t $hex4= {2473313d2022326874} \n \t\t $hex5= {2473323d2022616265} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_24859c67a6689622fdaaec20f6b8a800eec45e74e08916a4fad6bf7b6f17c110 Group", "expiration": null, "is_active": 1 }, { "id": 3360593622, "indicator": "5539137ed8b427ab173f474d86ec2099729a8777", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of 583025443acb06353c916d9b35264c6e", "expiration": null, "is_active": 1 }, { "id": 1386572732, "indicator": "b8c4976c8edca381f729f50a33b33d75930e5f8fb790d70f11853adb91448176", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of 583025443acb06353c916d9b35264c6e", "expiration": null, "is_active": 1 }, { "id": 3360593623, "indicator": "6abe45e0a519ab963b58c602c27581542515b88e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_b8c4976c8edca381f729f50a33b33d75930e5f8fb790d70f11853adb91448176 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b8c4976c8edca381f729f50a33b33d75930e5f8fb790d70f11853adb91448176 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"583025443acb06353c916d9b35264c6e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b8c4976c8edca381f729f50a33b33d75930e5f8fb790d70f11853adb91448176 Group", "expiration": null, "is_active": 1 }, { "id": 3360593624, "indicator": "dd6f713197b601e72d9a7ca10b4ef1d9fc55fa0d", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 907f7790256f4b5dc9f798b5c32aae14", "expiration": null, "is_active": 1 }, { "id": 1386572201, "indicator": "3135b4246f0697f93d35ce2d251c5924edef493d77184f7e5f9e7edc1ab54a26", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 907f7790256f4b5dc9f798b5c32aae14", "expiration": null, "is_active": 1 }, { "id": 3360593625, "indicator": "9c8cc4378fc59aaeef60337d235439a0825b7905", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_3135b4246f0697f93d35ce2d251c5924edef493d77184f7e5f9e7edc1ab54a26 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_3135b4246f0697f93d35ce2d251c5924edef493d77184f7e5f9e7edc1ab54a26 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"907f7790256f4b5dc9f798b5c32aae14\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu5E21BC1/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_3135b4246f0697f93d35ce2d251c5924edef493d77184f7e5f9e7edc1ab54a26 Group", "expiration": null, "is_active": 1 }, { "id": 3360593626, "indicator": "b5ef761c4c2d78851f07310bba01fe9da70f179d", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 6653234c3abaf0ac582d7078afd20b2c", "expiration": null, "is_active": 1 }, { "id": 1386572034, "indicator": "0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 6653234c3abaf0ac582d7078afd20b2c", "expiration": null, "is_active": 1 }, { "id": 3360593627, "indicator": "8f292467f64a0d6b08099c27d60aa53f78f37c33", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6653234c3abaf0ac582d7078afd20b2c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba Group", "expiration": null, "is_active": 1 }, { "id": 3360593628, "indicator": "f1881311153f8fff428ff18bb1ca7bed6d6a4454", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of bd94ea0fed2bed9b84907e50ce578d1a", "expiration": null, "is_active": 1 }, { "id": 1386572675, "indicator": "a9439b7ebf047e907b4ea042b06af9ccc256465a4f38f5b3e9c137d3b8dd9cb3", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of bd94ea0fed2bed9b84907e50ce578d1a", "expiration": null, "is_active": 1 }, { "id": 3360593629, "indicator": "1efb9ea14108994d6331d9b8ab49d7af85722fd8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_a9439b7ebf047e907b4ea042b06af9ccc256465a4f38f5b3e9c137d3b8dd9cb3 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a9439b7ebf047e907b4ea042b06af9ccc256465a4f38f5b3e9c137d3b8dd9cb3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bd94ea0fed2bed9b84907e50ce578d1a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7b2c192d-cdbd-480a-af9e-7f1df832d85a\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022376232} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a9439b7ebf047e907b4ea042b06af9ccc256465a4f38f5b3e9c137d3b8dd9cb3 Group", "expiration": null, "is_active": 1 }, { "id": 3360593630, "indicator": "a3c7d3144f89595380d755ef4d806737028458a6", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA1 of 55888d7c8305ccc5d2547f02ea5efe1b\nSHA1 of 55888d7c8305ccc5d2547f02ea5efe1b", "expiration": null, "is_active": 1 }, { "id": 1386572335, "indicator": "572e22283bac84f3439061bf4a127fc5fc3be6c9bb61d0b28190b231098ca9ee", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA256 of 55888d7c8305ccc5d2547f02ea5efe1b\nSHA256 of 55888d7c8305ccc5d2547f02ea5efe1b", "expiration": null, "is_active": 1 }, { "id": 3360593631, "indicator": "dd342206d59f495249e56e62fa739c31173045a0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_572e22283bac84f3439061bf4a127fc5fc3be6c9bb61d0b28190b231098ca9ee { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_572e22283bac84f3439061bf4a127fc5fc3be6c9bb61d0b28190b231098ca9ee Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"55888d7c8305ccc5d2547f02ea5efe1b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"fWtmoXTCKLfmipwZNxiOsECGdIays\" fullword wide \n \t\t $s2= \"HfZSOhWjjYCSkkcntKyjJqgOSqAw\" fullword wide \n \t\t $s3= \"hQWcXsVxtecfhJgFOKfHxKPSS\" fullword wide \n \t\t $s4= \"hXeqtwilVDzIbeGpgdiPxIyEhEH\" fullword wide \n \t\t $s5= \"iDlmAlFsclXuFFSjGBFOEVTQhShR\" fullword wide \n \t\t $s6= \"JftVyTbDFnSyxmtkXKoqEKRPxSG\" fullword wide \n \t\t $s7= \"jHFLFsWugWAwqPZhskfGKzhaYxy\" fullword wide \n \t\t $s8= \"kdQElzjmlqdZePwVpJgutyAonpRAk\" fullword wide \n \t\t $s9= \"ySIiODIbuPfNonSaMdYSLXVTfcdbW\" fullword wide \n \n \t\t $hex1= {2473313d2022665774} \n \t\t $hex2= {2473323d202248665a} \n \t\t $hex3= {2473333d2022685157} \n \t\t $hex4= {2473343d2022685865} \n \t\t $hex5= {2473353d202269446c} \n \t\t $hex6= {2473363d20224a6674} \n \t\t $hex7= {2473373d20226a4846} \n \t\t $hex8= {2473383d20226b6451} \n \t\t $hex9= {2473393d2022795349} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_572e22283bac84f3439061bf4a127fc5fc3be6c9bb61d0b28190b231098ca9ee Group", "expiration": null, "is_active": 1 }, { "id": 3360593632, "indicator": "d660834a3678ee6bc8ab527ce26f5ab63d572268", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_ef1d7c57018c18ca2c8548260b7960e2bc9b50ea586d04db1a9c896e317d4b2f { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ef1d7c57018c18ca2c8548260b7960e2bc9b50ea586d04db1a9c896e317d4b2f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2438d921d8a75f5bda9c5629746b84c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ColumnHeader1.DefaultModifiers\" fullword wide \n \t\t $s2= \"ColumnHeader2.DefaultModifiers\" fullword wide \n \t\t $s3= \"ColumnHeader3.DefaultModifiers\" fullword wide \n \t\t $s4= \"ColumnHeader4.DefaultModifiers\" fullword wide \n \t\t $s5= \"ColumnHeader5.DefaultModifiers\" fullword wide \n \t\t $s6= \"ComboBox1.DefaultModifiers\" fullword wide \n \t\t $s7= \"ComboBox2.DefaultModifiers\" fullword wide \n \t\t $s8= \"CrystalReportDesignerStream\" fullword wide \n \t\t $s9= \"CrystalReportViewer1.DefaultModifiers\" fullword wide \n \t\t $s10= \"CrystalReportViewer1.Locked\" fullword wide \n \t\t $s11= \"CrystalReportViewer1.Modifiers\" fullword wide \n \t\t $s12= \"DataGrid1.DefaultModifiers\" fullword wide \n \t\t $s13= \"DateTimePicker1.DefaultModifiers\" fullword wide \n \t\t $s14= \"DateTimePicker1.Modifiers\" fullword wide \n \t\t $s15= \"GroupBox1.DefaultModifiers\" fullword wide \n \t\t $s16= \"ImageList1.DefaultModifiers\" fullword wide \n \t\t $s17= \"ListView1.DefaultModifiers\" fullword wide \n \t\t $s18= \"MainMenu1.DefaultModifiers\" fullword wide \n \t\t $s19= \"MenuItem10.DefaultModifiers\" fullword wide \n \t\t $s20= \"MenuItem11.DefaultModifiers\" fullword wide \n \t\t $s21= \"MenuItem12.DefaultModifiers\" fullword wide \n \t\t $s22= \"MenuItem13.DefaultModifiers\" fullword wide \n \t\t $s23= \"MenuItem14.DefaultModifiers\" fullword wide \n \t\t $s24= \"MenuItem15.DefaultModifiers\" fullword wide \n \t\t $s25= \"MenuItem16.DefaultModifiers\" fullword wide \n \t\t $s26= \"MenuItem17.DefaultModifiers\" fullword wide \n \t\t $s27= \"MenuItem18.DefaultModifiers\" fullword wide \n \t\t $s28= \"MenuItem19.DefaultModifiers\" fullword wide \n \t\t $s29= \"MenuItem1.DefaultModifiers\" fullword wide \n \t\t $s30= \"MenuItem20.DefaultModifiers\" fullword wide \n \t\t $s31= \"MenuItem21.DefaultModifiers\" fullword wide \n \t\t $s32= \"MenuItem22.DefaultModifiers\" fullword wide \n \t\t $s33= \"MenuItem23.DefaultModifiers\" fullword wide \n \t\t $s34= \"MenuItem24.DefaultModifiers\" fullword wide \n \t\t $s35= \"MenuItem25.DefaultModifiers\" fullword wide \n \t\t $s36= \"MenuItem26.DefaultModifiers\" fullword wide \n \t\t $s37= \"MenuItem27.DefaultModifiers\" fullword wide \n \t\t $s38= \"MenuItem28.DefaultModifiers\" fullword wide \n \t\t $s39= \"MenuItem29.DefaultModifiers\" fullword wide \n \t\t $s40= \"MenuItem2.DefaultModifiers\" fullword wide \n \t\t $s41= \"MenuItem30.DefaultModifiers\" fullword wide \n \t\t $s42= \"MenuItem31.DefaultModifiers\" fullword wide \n \t\t $s43= \"MenuItem32.DefaultModifiers\" fullword wide \n \t\t $s44= \"MenuItem33.DefaultModifiers\" fullword wide \n \t\t $s45= \"MenuItem34.DefaultModifiers\" fullword wide \n \t\t $s46= \"MenuItem3.DefaultModifiers\" fullword wide \n \t\t $s47= \"MenuItem4.DefaultModifiers\" fullword wide \n \t\t $s48= \"MenuItem5.DefaultModifiers\" fullword wide \n \t\t $s49= \"MenuItem6.DefaultModifiers\" fullword wide \n \t\t $s50= \"MenuItem7.DefaultModifiers\" fullword wide \n \t\t $s51= \"MenuItem8.DefaultModifiers\" fullword wide \n \t\t $s52= \"MenuItem9.DefaultModifiers\" fullword wide \n \t\t $s53= \"MonthCalendar1.DefaultModifiers\" fullword wide \n \t\t $s54= \"NextLine.DefaultModifiers\" fullword wide \n \t\t $s55= \"NumericUpDown1.DefaultModifiers\" fullword wide \n \t\t $s56= \"ProgressBar1.DefaultModifiers\" fullword wide \n \t\t $s57= \"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\" fullword wide \n \t\t $s58= \"report_Transaction1.DefaultModifiers\" fullword wide \n \t\t $s59= \"report_Transaction1.Location\" fullword wide \n \t\t $s60= \"report_Transaction1.Modifiers\" fullword wide \n \t\t $s61= \"Splash_timer.DefaultModifiers\" fullword wide \n \t\t $s62= \"StatusBar1.DefaultModifiers\" fullword wide \n \t\t $s63= \"StatusBarPanel1.DefaultModifiers\" fullword wide \n \t\t $s64= \"StatusBarPanel1.Modifiers\" fullword wide \n \t\t $s65= \"StatusBarPanel2.DefaultModifiers\" fullword wide \n \t\t $s66= \"StatusBarPanel2.Modifiers\" fullword wide \n \t\t $s67= \"StatusBarPanel3.DefaultModifiers\" fullword wide \n \t\t $s68= \"StatusBarPanel3.Modifiers\" fullword wide \n \t\t $s69= \"TextBox1.DefaultModifiers\" fullword wide \n \t\t $s70= \"TextBox2.DefaultModifiers\" fullword wide \n \t\t $s71= \"TextBox3.DefaultModifiers\" fullword wide \n \t\t $s72= \"TextBox4.DefaultModifiers\" fullword wide \n \t\t $s73= \"TextBox5.DefaultModifiers\" fullword wide \n \t\t $s74= \"ToolBar1.DefaultModifiers\" fullword wide \n \t\t $s75= \"ToolBarButton10.DefaultModifiers\" fullword wide \n \t\t $s76= \"ToolBarButton10.Modifiers\" fullword wide \n \t\t $s77= \"ToolBarButton11.DefaultModifiers\" fullword wide \n \t\t $s78= \"ToolBarButton11.Modifiers\" fullword wide \n \t\t $s79= \"ToolBarButton12.DefaultModifiers\" fullword wide \n \t\t $s80= \"ToolBarButton12.Modifiers\" fullword wide \n \t\t $s81= \"ToolBarButton13.DefaultModifiers\" fullword wide \n \t\t $s82= \"ToolBarButton13.Modifiers\" fullword wide \n \t\t $s83= \"ToolBarButton14.DefaultModifiers\" fullword wide \n \t\t $s84= \"ToolBarButton14.Modifiers\" fullword wide \n \t\t $s85= \"ToolBarButton15.DefaultModifiers\" fullword wide \n \t\t $s86= \"ToolBarButton15.Modifiers\" fullword wide \n \t\t $s87= \"ToolBarButton1.DefaultModifiers\" fullword wide \n \t\t $s88= \"ToolBarButton2.DefaultModifiers\" fullword wide \n \t\t $s89= \"ToolBarButton3.DefaultModifiers\" fullword wide \n \t\t $s90= \"ToolBarButton4.DefaultModifiers\" fullword wide \n \t\t $s91= \"ToolBarButton5.DefaultModifiers\" fullword wide \n \t\t $s92= \"ToolBarButton6.DefaultModifiers\" fullword wide \n \t\t $s93= \"ToolBarButton7.DefaultModifiers\" fullword wide \n \t\t $s94= \"ToolBarButton8.DefaultModifiers\" fullword wide \n \t\t $s95= \"ToolBarButton9.DefaultModifiers\" fullword wide \n \t\t $s96= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s97= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224372} \n \t\t $hex2= {247331313d20224372} \n \t\t $hex3= {247331323d20224461} \n \t\t $hex4= {247331333d20224461} \n \t\t $hex5= {247331343d20224461} \n \t\t $hex6= {247331353d20224772} \n \t\t $hex7= {247331363d2022496d} \n \t\t $hex8= {247331373d20224c69} \n \t\t $hex9= {247331383d20224d61} \n \t\t $hex10= {247331393d20224d65} \n \t\t $hex11= {2473313d2022436f6c} \n \t\t $hex12= {247332303d20224d65} \n \t\t $hex13= {247332313d20224d65} \n \t\t $hex14= {247332323d20224d65} \n \t\t $hex15= {247332333d20224d65} \n \t\t $hex16= {247332343d20224d65} \n \t\t $hex17= {247332353d20224d65} \n \t\t $hex18= {247332363d20224d65} \n \t\t $hex19= {247332373d20224d65} \n \t\t $hex20= {247332383d20224d65} \n \t\t $hex21= {247332393d20224d65} \n \t\t $hex22= {2473323d2022436f6c} \n \t\t $hex23= {247333303d20224d65} \n \t\t $hex24= {247333313d20224d65} \n \t\t $hex25= {247333323d20224d65} \n \t\t $hex26= {247333333d20224d65} \n \t\t $hex27= {247333343d20224d65} \n \t\t $hex28= {247333353d20224d65} \n \t\t $hex29= {247333363d20224d65} \n \t\t $hex30= {247333373d20224d65} \n \t\t $hex31= {247333383d20224d65} \n \t\t $hex32= {247333393d20224d65} \n \t\t $hex33= {2473333d2022436f6c} \n \t\t $hex34= {247334303d20224d65} \n \t\t $hex35= {247334313d20224d65} \n \t\t $hex36= {247334323d20224d65} \n \t\t $hex37= {247334333d20224d65} \n \t\t $hex38= {247334343d20224d65} \n \t\t $hex39= {247334353d20224d65} \n \t\t $hex40= {247334363d20224d65} \n \t\t $hex41= {247334373d20224d65} \n \t\t $hex42= {247334383d20224d65} \n \t\t $hex43= {247334393d20224d65} \n \t\t $hex44= {2473343d2022436f6c} \n \t\t $hex45= {247335303d20224d65} \n \t\t $hex46= {247335313d20224d65} \n \t\t $hex47= {247335323d20224d65} \n \t\t $hex48= {247335333d20224d6f} \n \t\t $hex49= {247335343d20224e65} \n \t\t $hex50= {247335353d20224e75} \n \t\t $hex51= {247335363d20225072} \n \t\t $hex52= {247335373d20225072} \n \t\t $hex53= {247335383d20227265} \n \t\t $hex54= {247335393d20227265} \n \t\t $hex55= {2473353d2022436f6c} \n \t\t $hex56= {247336303d20227265} \n \t\t $hex57= {247336313d20225370} \n \t\t $hex58= {247336323d20225374} \n \t\t $hex59= {247336333d20225374} \n \t\t $hex60= {247336343d20225374} \n \t\t $hex61= {247336353d20225374} \n \t\t $hex62= {247336363d20225374} \n \t\t $hex63= {247336373d20225374} \n \t\t $hex64= {247336383d20225374} \n \t\t $hex65= {247336393d20225465} \n \t\t $hex66= {2473363d2022436f6d} \n \t\t $hex67= {247337303d20225465} \n \t\t $hex68= {247337313d20225465} \n \t\t $hex69= {247337323d20225465} \n \t\t $hex70= {247337333d20225465} \n \t\t $hex71= {247337343d2022546f} \n \t\t $hex72= {247337353d2022546f} \n \t\t $hex73= {247337363d2022546f} \n \t\t $hex74= {247337373d2022546f} \n \t\t $hex75= {247337383d2022546f} \n \t\t $hex76= {247337393d2022546f} \n \t\t $hex77= {2473373d2022436f6d} \n \t\t $hex78= {247338303d2022546f} \n \t\t $hex79= {247338313d2022546f} \n \t\t $hex80= {247338323d2022546f} \n \t\t $hex81= {247338333d2022546f} \n \t\t $hex82= {247338343d2022546f} \n \t\t $hex83= {247338353d2022546f} \n \t\t $hex84= {247338363d2022546f} \n \t\t $hex85= {247338373d2022546f} \n \t\t $hex86= {247338383d2022546f} \n \t\t $hex87= {247338393d2022546f} \n \t\t $hex88= {2473383d2022437279} \n \t\t $hex89= {247339303d2022546f} \n \t\t $hex90= {247339313d2022546f} \n \t\t $hex91= {247339323d2022546f} \n \t\t $hex92= {247339333d2022546f} \n \t\t $hex93= {247339343d2022546f} \n \t\t $hex94= {247339353d2022546f} \n \t\t $hex95= {247339363d20225769} \n \t\t $hex96= {247339373d20225769} \n \t\t $hex97= {2473393d2022437279} \n \n \tcondition: \n \t\t6", "title": "", "description": "APTMalware_Gorgon_Group_ef1d7c57018c18ca2c8548260b7960e2bc9b50ea586d04db1a9c896e317d4b2f Group", "expiration": null, "is_active": 1 }, { "id": 3360593633, "indicator": "f89eccb7967190cf2f570a3be3cbec5929c80a2e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_c9e25ce021a4f5543716f7ac29b3eadbcecd8a919aac0226eab7ed92757e6c95 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c9e25ce021a4f5543716f7ac29b3eadbcecd8a919aac0226eab7ed92757e6c95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3f2edec5a187022818f166403d7e6ab4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AccountReceivablesToolStripMenuItem\" fullword wide \n \t\t $s2= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s3= \"BindingNavigatorAddNewItem\" fullword wide \n \t\t $s4= \"BindingNavigatorAddNewItem.Image\" fullword wide \n \t\t $s5= \"BindingNavigatorCountItem\" fullword wide \n \t\t $s6= \"BindingNavigatorDeleteItem\" fullword wide \n \t\t $s7= \"BindingNavigatorDeleteItem.Image\" fullword wide \n \t\t $s8= \"BindingNavigatorMoveFirstItem\" fullword wide \n \t\t $s9= \"BindingNavigatorMoveFirstItem.Image\" fullword wide \n \t\t $s10= \"BindingNavigatorMoveLastItem\" fullword wide \n \t\t $s11= \"BindingNavigatorMoveLastItem.Image\" fullword wide \n \t\t $s12= \"BindingNavigatorMoveNextItem\" fullword wide \n \t\t $s13= \"BindingNavigatorMoveNextItem.Image\" fullword wide \n \t\t $s14= \"BindingNavigatorMovePreviousItem\" fullword wide \n \t\t $s15= \"BindingNavigatorMovePreviousItem.Image\" fullword wide \n \t\t $s16= \"BindingNavigatorPositionItem\" fullword wide \n \t\t $s17= \"BindingNavigatorSeparator\" fullword wide \n \t\t $s18= \"BindingNavigatorSeparator1\" fullword wide \n \t\t $s19= \"BindingNavigatorSeparator2\" fullword wide \n \t\t $s20= \"Business_SourceBindingNavigator\" fullword wide \n \t\t $s21= \"Business_SourceBindingNavigatorSaveItem\" fullword wide \n \t\t $s22= \"Business_SourceBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s23= \"Business_SourceDataGridView\" fullword wide \n \t\t $s24= \"Charge_TypeBindingNavigator\" fullword wide \n \t\t $s25= \"Charge_TypeBindingNavigatorSaveItem\" fullword wide \n \t\t $s26= \"Charge_TypeBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s27= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s28= \"CompanyBindingNavigatorSaveItem\" fullword wide \n \t\t $s29= \"CompanyBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s30= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s31= \"CountriesBindingNavigator\" fullword wide \n \t\t $s32= \"CountriesBindingNavigatorSaveItem\" fullword wide \n \t\t $s33= \"CountriesBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s34= \"CustomersBindingNavigator\" fullword wide \n \t\t $s35= \"CustomersBindingNavigatorSaveItem\" fullword wide \n \t\t $s36= \"CustomersBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s37= \"DataGridViewTextBoxColumn1\" fullword wide \n \t\t $s38= \"DataGridViewTextBoxColumn10\" fullword wide \n \t\t $s39= \"DataGridViewTextBoxColumn11\" fullword wide \n \t\t $s40= \"DataGridViewTextBoxColumn12\" fullword wide \n \t\t $s41= \"DataGridViewTextBoxColumn13\" fullword wide \n \t\t $s42= \"DataGridViewTextBoxColumn2\" fullword wide \n \t\t $s43= \"DataGridViewTextBoxColumn3\" fullword wide \n \t\t $s44= \"DataGridViewTextBoxColumn4\" fullword wide \n \t\t $s45= \"DataGridViewTextBoxColumn5\" fullword wide \n \t\t $s46= \"DataGridViewTextBoxColumn6\" fullword wide \n \t\t $s47= \"DataGridViewTextBoxColumn7\" fullword wide \n \t\t $s48= \"DataGridViewTextBoxColumn8\" fullword wide \n \t\t $s49= \"DataGridViewTextBoxColumn9\" fullword wide \n \t\t $s50= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s51= \"Hotel_Management_System.Resources\" fullword wide \n \t\t $s52= \"Identification Information\" fullword wide \n \t\t $s53= \"ID_TypeBindingNavigatorSaveItem\" fullword wide \n \t\t $s54= \"ID_TypeBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s55= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s56= \"NewWindowToolStripMenuItem\" fullword wide \n \t\t $s57= \"OpenToolStripButton.Image\" fullword wide \n \t\t $s58= \"Other_ChargesDataGridView\" fullword wide \n \t\t $s59= \"Payment_TypeBindingNavigatorSaveItem\" fullword wide \n \t\t $s60= \"Payment_TypeBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s61= \"PrintPreviewToolStripButton\" fullword wide \n \t\t $s62= \"PrintPreviewToolStripButton.Image\" fullword wide \n \t\t $s63= \"PrintToolStripButton.Image\" fullword wide \n \t\t $s64= \"Rate_Per_PeriodBindingNavigator\" fullword wide \n \t\t $s65= \"Rate_Per_PeriodBindingNavigatorSaveItem\" fullword wide \n \t\t $s66= \"Rate_Per_PeriodBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s67= \"Rate_Per_PeriodDataGridView\" fullword wide \n \t\t $s68= \"Room_StatusBindingNavigator\" fullword wide \n \t\t $s69= \"Room_StatusBindingNavigatorSaveItem\" fullword wide \n \t\t $s70= \"Room_StatusBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s71= \"Room_TypeBindingNavigator\" fullword wide \n \t\t $s72= \"Room_TypeBindingNavigatorSaveItem\" fullword wide \n \t\t $s73= \"Room_TypeBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s74= \"SaveToolStripButton.Image\" fullword wide \n \t\t $s75= \"SearchToolStripMenuItem.Image\" fullword wide \n \t\t $s76= \"TileHorizontalToolStripMenuItem\" fullword wide \n \t\t $s77= \"TileVerticalToolStripMenuItem\" fullword wide \n \t\t $s78= \"VehiclesBindingNavigatorSaveItem\" fullword wide \n \t\t $s79= \"VehiclesBindingNavigatorSaveItem.Image\" fullword wide \n \t\t $s80= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s81= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224269} \n \t\t $hex2= {247331313d20224269} \n \t\t $hex3= {247331323d20224269} \n \t\t $hex4= {247331333d20224269} \n \t\t $hex5= {247331343d20224269} \n \t\t $hex6= {247331353d20224269} \n \t\t $hex7= {247331363d20224269} \n \t\t $hex8= {247331373d20224269} \n \t\t $hex9= {247331383d20224269} \n \t\t $hex10= {247331393d20224269} \n \t\t $hex11= {2473313d2022416363} \n \t\t $hex12= {247332303d20224275} \n \t\t $hex13= {247332313d20224275} \n \t\t $hex14= {247332323d20224275} \n \t\t $hex15= {247332333d20224275} \n \t\t $hex16= {247332343d20224368} \n \t\t $hex17= {247332353d20224368} \n \t\t $hex18= {247332363d20224368} \n \t\t $hex19= {247332373d2022436c} \n \t\t $hex20= {247332383d2022436f} \n \t\t $hex21= {247332393d2022436f} \n \t\t $hex22= {2473323d2022417272} \n \t\t $hex23= {247333303d2022436f} \n \t\t $hex24= {247333313d2022436f} \n \t\t $hex25= {247333323d2022436f} \n \t\t $hex26= {247333333d2022436f} \n \t\t $hex27= {247333343d20224375} \n \t\t $hex28= {247333353d20224375} \n \t\t $hex29= {247333363d20224375} \n \t\t $hex30= {247333373d20224461} \n \t\t $hex31= {247333383d20224461} \n \t\t $hex32= {247333393d20224461} \n \t\t $hex33= {2473333d202242696e} \n \t\t $hex34= {247334303d20224461} \n \t\t $hex35= {247334313d20224461} \n \t\t $hex36= {247334323d20224461} \n \t\t $hex37= {247334333d20224461} \n \t\t $hex38= {247334343d20224461} \n \t\t $hex39= {247334353d20224461} \n \t\t $hex40= {247334363d20224461} \n \t\t $hex41= {247334373d20224461} \n \t\t $hex42= {247334383d20224461} \n \t\t $hex43= {247334393d20224461} \n \t\t $hex44= {2473343d202242696e} \n \t\t $hex45= {247335303d20224865} \n \t\t $hex46= {247335313d2022486f} \n \t\t $hex47= {247335323d20224964} \n \t\t $hex48= {247335333d20224944} \n \t\t $hex49= {247335343d20224944} \n \t\t $hex50= {247335353d2022496e} \n \t\t $hex51= {247335363d20224e65} \n \t\t $hex52= {247335373d20224f70} \n \t\t $hex53= {247335383d20224f74} \n \t\t $hex54= {247335393d20225061} \n \t\t $hex55= {2473353d202242696e} \n \t\t $hex56= {247336303d20225061} \n \t\t $hex57= {247336313d20225072} \n \t\t $hex58= {247336323d20225072} \n \t\t $hex59= {247336333d20225072} \n \t\t $hex60= {247336343d20225261} \n \t\t $hex61= {247336353d20225261} \n \t\t $hex62= {247336363d20225261} \n \t\t $hex63= {247336373d20225261} \n \t\t $hex64= {247336383d2022526f} \n \t\t $hex65= {247336393d2022526f} \n \t\t $hex66= {2473363d202242696e} \n \t\t $hex67= {247337303d2022526f} \n \t\t $hex68= {247337313d2022526f} \n \t\t $hex69= {247337323d2022526f} \n \t\t $hex70= {247337333d2022526f} \n \t\t $hex71= {247337343d20225361} \n \t\t $hex72= {247337353d20225365} \n \t\t $hex73= {247337363d20225469} \n \t\t $hex74= {247337373d20225469} \n \t\t $hex75= {247337383d20225665} \n \t\t $hex76= {247337393d20225665} \n \t\t $hex77= {2473373d202242696e} \n \t\t $hex78= {247338303d20225769} \n \t\t $hex79= {247338313d20225769} \n \t\t $hex80= {2473383d202242696e} \n \t\t $hex81= {2473393d202242696e} \n \n \tcondition: \n \t\t54 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c9e25ce021a4f5543716f7ac29b3eadbcecd8a919aac0226eab7ed92757e6c95 Group", "expiration": null, "is_active": 1 }, { "id": 3360593634, "indicator": "dec2b2e4af8ec88d5d1e395036e5d9a67583afbe", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Agent-6582967-0", "description": "SHA1 of c604f27c785ffbab49202bd4815a5856", "expiration": null, "is_active": 1 }, { "id": 1386572847, "indicator": "d039a75f8d067e30b128cf730e2917422e4aa3dc016a872e12f74b922485c658", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Agent-6582967-0", "description": "SHA256 of c604f27c785ffbab49202bd4815a5856", "expiration": null, "is_active": 1 }, { "id": 3360593635, "indicator": "4ea663bb4b5867db9e454077d624e7b74928a6f8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d039a75f8d067e30b128cf730e2917422e4aa3dc016a872e12f74b922485c658 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d039a75f8d067e30b128cf730e2917422e4aa3dc016a872e12f74b922485c658 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-44-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c604f27c785ffbab49202bd4815a5856\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6IJFatGuUDIWct19Zx.buyRmVFCHadquxHdRn\" fullword wide \n \t\t $s2= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s3= \"GpWkMMAvTZJkaR8WyA.Je23unVChveK8mKH4Z\" fullword wide \n \t\t $s4= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s5= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \t\t $s6= \")X71XDAXWQXWYXWaXWiXWqXWyXW\" fullword wide \n \t\t $s7= \"YmH70vjVqqGWNbWZ35.9A7WxXrCGykhVxAwYj\" fullword wide \n \n \t\t $hex1= {2473313d202236494a} \n \t\t $hex2= {2473323d2022476574} \n \t\t $hex3= {2473333d2022477057} \n \t\t $hex4= {2473343d2022537973} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022295837} \n \t\t $hex7= {2473373d2022596d48} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d039a75f8d067e30b128cf730e2917422e4aa3dc016a872e12f74b922485c658 Group", "expiration": null, "is_active": 1 }, { "id": 577358460, "indicator": "45d841b2de4294c26b41f96bc553d9df4aa4202c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of d6c838a6046f171f3c6a795deabb61cb", "expiration": null, "is_active": 1 }, { "id": 577359460, "indicator": "1d389849db67d50f48d30670e1e8437a97a33fdba75a31e75c06176b1cfb4a21", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of d6c838a6046f171f3c6a795deabb61cb", "expiration": null, "is_active": 1 }, { "id": 3360593636, "indicator": "06f3841f8f10773d07151ec94919b157b337f5c4", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_1d389849db67d50f48d30670e1e8437a97a33fdba75a31e75c06176b1cfb4a21 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1d389849db67d50f48d30670e1e8437a97a33fdba75a31e75c06176b1cfb4a21 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d6c838a6046f171f3c6a795deabb61cb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022476574} \n \t\t $hex2= {2473323d2022537973} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1d389849db67d50f48d30670e1e8437a97a33fdba75a31e75c06176b1cfb4a21 Group", "expiration": null, "is_active": 1 }, { "id": 3360593637, "indicator": "bf12cf6b3b1f7cb51ed9b5f6132df45e6d6a775e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "NjRat", "description": "SHA1 of c4cd26618cd65160ba9724814e56613a", "expiration": null, "is_active": 1 }, { "id": 1386571999, "indicator": "0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "NjRat", "description": "SHA256 of c4cd26618cd65160ba9724814e56613a", "expiration": null, "is_active": 1 }, { "id": 3360593638, "indicator": "373683b11fcfab974a36f71fd17fe60f4d88067e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c4cd26618cd65160ba9724814e56613a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsSystem\" fullword wide \n \t\t $s2= \"https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerMain\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022484b45} \n \t\t $hex2= {2473323d2022687474} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef Group", "expiration": null, "is_active": 1 }, { "id": 3360593639, "indicator": "87146d237a0c62c6bfe1de6c27f70cde92b427c7", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_ecec33db510a88eb2a9af3b1c6e0d702ef86d12acb54ada57ab2eb113afcda12 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ecec33db510a88eb2a9af3b1c6e0d702ef86d12acb54ada57ab2eb113afcda12 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3abe771de758841de8b767a6b0c3092b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"57c30946-e284-4e9e-b94f-938c9dc8745d\" fullword wide \n \t\t $s2= \"DllSystem32Updates.Resources\" fullword wide \n \t\t $s3= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s4= \"WinForms_SeeInnerException\" fullword wide \n \t\t $a1= \"C:UsersUserDesktopMetodoobjDebugDllSystem32Updates.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022433a55} \n \t\t $hex2= {2473313d2022353763} \n \t\t $hex3= {2473323d2022446c6c} \n \t\t $hex4= {2473333d202257696e} \n \t\t $hex5= {2473343d202257696e} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ecec33db510a88eb2a9af3b1c6e0d702ef86d12acb54ada57ab2eb113afcda12 Group", "expiration": null, "is_active": 1 }, { "id": 3360593640, "indicator": "2a1178abd17a95ffc58b3d9c3b0b241652cbdf6d", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of dd7cdadeae9b4ffc62ac460aeb0213b9", "expiration": null, "is_active": 1 }, { "id": 1386572148, "indicator": "2a2b92f73d6ec8c567a20cc8433b76a11f2b38a9abe98e568d974857dd06c2e1", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of dd7cdadeae9b4ffc62ac460aeb0213b9", "expiration": null, "is_active": 1 }, { "id": 3360593641, "indicator": "7a1bceac299997f9c0f01326a142b414cf8b43a4", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_2a2b92f73d6ec8c567a20cc8433b76a11f2b38a9abe98e568d974857dd06c2e1 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_2a2b92f73d6ec8c567a20cc8433b76a11f2b38a9abe98e568d974857dd06c2e1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dd7cdadeae9b4ffc62ac460aeb0213b9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s2= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s3= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s4= \"CopyToolStripMenuItem.Image\" fullword wide \n \t\t $s5= \"CutToolStripMenuItem.Image\" fullword wide \n \t\t $s6= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s7= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s8= \"NewToolStripMenuItem.Image\" fullword wide \n \t\t $s9= \"NewWindowToolStripMenuItem\" fullword wide \n \t\t $s10= \"oagsjgpjdfigfsjghfghfg.Resources\" fullword wide \n \t\t $s11= \"OpenToolStripButton.Image\" fullword wide \n \t\t $s12= \"OpenToolStripMenuItem.Image\" fullword wide \n \t\t $s13= \"PasteToolStripMenuItem.Image\" fullword wide \n \t\t $s14= \"PrintPreviewToolStripButton\" fullword wide \n \t\t $s15= \"PrintPreviewToolStripButton.Image\" fullword wide \n \t\t $s16= \"PrintPreviewToolStripMenuItem\" fullword wide \n \t\t $s17= \"PrintPreviewToolStripMenuItem.Image\" fullword wide \n \t\t $s18= \"PrintSetupToolStripMenuItem\" fullword wide \n \t\t $s19= \"PrintToolStripButton.Image\" fullword wide \n \t\t $s20= \"PrintToolStripMenuItem.Image\" fullword wide \n \t\t $s21= \"RedoToolStripMenuItem.Image\" fullword wide \n \t\t $s22= \"SaveToolStripButton.Image\" fullword wide \n \t\t $s23= \"SaveToolStripMenuItem.Image\" fullword wide \n \t\t $s24= \"SearchToolStripMenuItem.Image\" fullword wide \n \t\t $s25= \"SelectAllToolStripMenuItem\" fullword wide \n \t\t $s26= \"StatusBarToolStripMenuItem\" fullword wide \n \t\t $s27= \"TileHorizontalToolStripMenuItem\" fullword wide \n \t\t $s28= \"TileVerticalToolStripMenuItem\" fullword wide \n \t\t $s29= \"UndoToolStripMenuItem.Image\" fullword wide \n \t\t $s30= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s31= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20226f61} \n \t\t $hex2= {247331313d20224f70} \n \t\t $hex3= {247331323d20224f70} \n \t\t $hex4= {247331333d20225061} \n \t\t $hex5= {247331343d20225072} \n \t\t $hex6= {247331353d20225072} \n \t\t $hex7= {247331363d20225072} \n \t\t $hex8= {247331373d20225072} \n \t\t $hex9= {247331383d20225072} \n \t\t $hex10= {247331393d20225072} \n \t\t $hex11= {2473313d2022417272} \n \t\t $hex12= {247332303d20225072} \n \t\t $hex13= {247332313d20225265} \n \t\t $hex14= {247332323d20225361} \n \t\t $hex15= {247332333d20225361} \n \t\t $hex16= {247332343d20225365} \n \t\t $hex17= {247332353d20225365} \n \t\t $hex18= {247332363d20225374} \n \t\t $hex19= {247332373d20225469} \n \t\t $hex20= {247332383d20225469} \n \t\t $hex21= {247332393d2022556e} \n \t\t $hex22= {2473323d2022436c6f} \n \t\t $hex23= {247333303d20225769} \n \t\t $hex24= {247333313d20225769} \n \t\t $hex25= {2473333d2022436f6e} \n \t\t $hex26= {2473343d2022436f70} \n \t\t $hex27= {2473353d2022437574} \n \t\t $hex28= {2473363d202248656c} \n \t\t $hex29= {2473373d2022496e64} \n \t\t $hex30= {2473383d20224e6577} \n \t\t $hex31= {2473393d20224e6577} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_2a2b92f73d6ec8c567a20cc8433b76a11f2b38a9abe98e568d974857dd06c2e1 Group", "expiration": null, "is_active": 1 }, { "id": 3360593642, "indicator": "db6206e2a5219b104ffa2f567b181cf2f65df2d5", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA1 of fe6ecbbb14ebd6368aaa5b4fde592dae\nSHA1 of fe6ecbbb14ebd6368aaa5b4fde592dae", "expiration": null, "is_active": 1 }, { "id": 1386572334, "indicator": "57277137c73211817b908b7c81280a94eb381e65bdd147c78ec1a8daf9dfe143", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA256 of fe6ecbbb14ebd6368aaa5b4fde592dae\nSHA256 of fe6ecbbb14ebd6368aaa5b4fde592dae", "expiration": null, "is_active": 1 }, { "id": 3360593643, "indicator": "f255bb1987065ca117a9a626e3f8076c44aec43e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_57277137c73211817b908b7c81280a94eb381e65bdd147c78ec1a8daf9dfe143 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_57277137c73211817b908b7c81280a94eb381e65bdd147c78ec1a8daf9dfe143 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fe6ecbbb14ebd6368aaa5b4fde592dae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AxWindowsMediaPlayer1.OcxState\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022417857} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_57277137c73211817b908b7c81280a94eb381e65bdd147c78ec1a8daf9dfe143 Group", "expiration": null, "is_active": 1 }, { "id": 3360593644, "indicator": "488b6b7d975d2cdb24845f863dd0918d7ea4745e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA1 of bc34ea53bdab52335cc4fd52de36413d", "expiration": null, "is_active": 1 }, { "id": 1386573042, "indicator": "fa8372f930424ca0c0c0070ea2bf2c80920890f11280c00058a3c19bfb2f8736", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA256 of bc34ea53bdab52335cc4fd52de36413d", "expiration": null, "is_active": 1 }, { "id": 3360593645, "indicator": "bc3be0f90c8575924216c88a634c7125c8119d7f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_fa8372f930424ca0c0c0070ea2bf2c80920890f11280c00058a3c19bfb2f8736 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_fa8372f930424ca0c0c0070ea2bf2c80920890f11280c00058a3c19bfb2f8736 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bc34ea53bdab52335cc4fd52de36413d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \n \t\t $hex1= {2473313d2022434c5f} \n \t\t $hex2= {2473323d2022434c5f} \n \t\t $hex3= {2473333d202244495f} \n \t\t $hex4= {2473343d202244495f} \n \t\t $hex5= {2473353d2022454e5f} \n \t\t $hex6= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_fa8372f930424ca0c0c0070ea2bf2c80920890f11280c00058a3c19bfb2f8736 Group", "expiration": null, "is_active": 1 }, { "id": 3360593646, "indicator": "132eacad4beacf273225020f41fa58136bd45804", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Neshta.A", "description": "SHA1 of bd65430d5eebaf8c3b138c3eb687eaac", "expiration": null, "is_active": 1 }, { "id": 1386572077, "indicator": "16701b1d928303cc2650f744a92e36476caa7f30e438e4bde838afd79c5f1f8d", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Neshta.A", "description": "SHA256 of bd65430d5eebaf8c3b138c3eb687eaac", "expiration": null, "is_active": 1 }, { "id": 3360593647, "indicator": "cc50632308ea37054cfa3aa247997c25d042ff2c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_16701b1d928303cc2650f744a92e36476caa7f30e438e4bde838afd79c5f1f8d { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_16701b1d928303cc2650f744a92e36476caa7f30e438e4bde838afd79c5f1f8d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bd65430d5eebaf8c3b138c3eb687eaac\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s8= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s11= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s14= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s15= \"__crt_strtox::floating_point_value::as_double\" fullword wide \n \t\t $s16= \"__crt_strtox::floating_point_value::as_float\" fullword wide \n \t\t $s17= \",ec->publicKey.curve->name\" fullword wide \n \t\t $s18= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s19= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s21= \"minkernelcrtsucrtinccorecrt_internal_strtox.h\" fullword wide \n \t\t $a1= \"ssh.auth.gssapi.delegation:config-ssh-auth-gssapi-delegation\" fullword ascii \n \t\t $a2= \"ssh.tunnels.portfwd.ipversion:config-ssh-portfwd-address-family\" fullword ascii \n \n \t\t $hex1= {2461313d2022737368} \n \t\t $hex2= {2461323d2022737368} \n \t\t $hex3= {247331303d20226170} \n \t\t $hex4= {247331313d20226170} \n \t\t $hex5= {247331323d20226170} \n \t\t $hex6= {247331333d20226170} \n \t\t $hex7= {247331343d20226170} \n \t\t $hex8= {247331353d20225f5f} \n \t\t $hex9= {247331363d20225f5f} \n \t\t $hex10= {247331373d20222c65} \n \t\t $hex11= {247331383d20226578} \n \t\t $hex12= {247331393d20226578} \n \t\t $hex13= {2473313d2022617069} \n \t\t $hex14= {247332303d20226578} \n \t\t $hex15= {247332313d20226d69} \n \t\t $hex16= {2473323d2022617069} \n \t\t $hex17= {2473333d2022617069} \n \t\t $hex18= {2473343d2022617069} \n \t\t $hex19= {2473353d2022617069} \n \t\t $hex20= {2473363d2022617069} \n \t\t $hex21= {2473373d2022617069} \n \t\t $hex22= {2473383d2022617069} \n \t\t $hex23= {2473393d2022617069} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_16701b1d928303cc2650f744a92e36476caa7f30e438e4bde838afd79c5f1f8d Group", "expiration": null, "is_active": 1 }, { "id": 3360593648, "indicator": "9610dd9e2a7de6998d0054324e179e5a79cb6978", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_754cc60eceb9c4ce078bb71e88d02df23c006518db284df49ca998bfb598b324 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_754cc60eceb9c4ce078bb71e88d02df23c006518db284df49ca998bfb598b324 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2f2479075d2e0f79abbea95ceac8280b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_754cc60eceb9c4ce078bb71e88d02df23c006518db284df49ca998bfb598b324 Group", "expiration": null, "is_active": 1 }, { "id": 3360593649, "indicator": "70586926c3663d6ca1419c8de3943b20dc964292", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of f77f53d2470466328f095100f2825a15", "expiration": null, "is_active": 1 }, { "id": 1386572954, "indicator": "eab34ac788bdb79377219faecd80f27d45981bc6ab203b868303aea1d278548c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of f77f53d2470466328f095100f2825a15", "expiration": null, "is_active": 1 }, { "id": 3360593708, "indicator": "8106cf196b6a4ae8b3304700ddfe5de10d6c6f46", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_eab34ac788bdb79377219faecd80f27d45981bc6ab203b868303aea1d278548c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_eab34ac788bdb79377219faecd80f27d45981bc6ab203b868303aea1d278548c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-43-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f77f53d2470466328f095100f2825a15\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu8C16BF1/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \t\t $a1= \"*GWVXQNQGSLTVWSFTJBYTEYUBGXXRKXJPWNVPREXWTDBMXKNLQSZKLQUSHOXIM,\" fullword ascii \n \n \t\t $hex1= {2461313d20222a4757} \n \t\t $hex2= {2473313d2022446f63} \n \t\t $hex3= {2473323d2022697575} \n \t\t $hex4= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_eab34ac788bdb79377219faecd80f27d45981bc6ab203b868303aea1d278548c Group", "expiration": null, "is_active": 1 }, { "id": 3360593709, "indicator": "9d99ee1d6c4713a0d88607f9e2d94afd6aa763a9", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of b5e03502543249d92a19120b7ac6df3d", "expiration": null, "is_active": 1 }, { "id": 1386572750, "indicator": "bdc25df389e251cd709f401555095ad41055f39789cf01ae66f0f6a7c5f16d7b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of b5e03502543249d92a19120b7ac6df3d", "expiration": null, "is_active": 1 }, { "id": 3360593710, "indicator": "95cc980158ff88bef59d33e71b6812fe86d28c97", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_bdc25df389e251cd709f401555095ad41055f39789cf01ae66f0f6a7c5f16d7b { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_bdc25df389e251cd709f401555095ad41055f39789cf01ae66f0f6a7c5f16d7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b5e03502543249d92a19120b7ac6df3d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_bdc25df389e251cd709f401555095ad41055f39789cf01ae66f0f6a7c5f16d7b Group", "expiration": null, "is_active": 1 }, { "id": 3360593711, "indicator": "91801bf9c5de870347a8bbc8841808b9d1c8d441", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of fb36d6140fb192ca27df75b26e05a4a6", "expiration": null, "is_active": 1 }, { "id": 1386572447, "indicator": "6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of fb36d6140fb192ca27df75b26e05a4a6", "expiration": null, "is_active": 1 }, { "id": 3360593712, "indicator": "d7a782b809eb5672945b2d5585575389e33900a3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fb36d6140fb192ca27df75b26e05a4a6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s2= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s3= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s4= \"CopyToolStripMenuItem.Image\" fullword wide \n \t\t $s5= \"CutToolStripMenuItem.Image\" fullword wide \n \t\t $s6= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s7= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s8= \"NewToolStripMenuItem.Image\" fullword wide \n \t\t $s9= \"NewWindowToolStripMenuItem\" fullword wide \n \t\t $s10= \"OpenToolStripButton.Image\" fullword wide \n \t\t $s11= \"OpenToolStripMenuItem.Image\" fullword wide \n \t\t $s12= \"PasteToolStripMenuItem.Image\" fullword wide \n \t\t $s13= \"PrintPreviewToolStripButton\" fullword wide \n \t\t $s14= \"PrintPreviewToolStripButton.Image\" fullword wide \n \t\t $s15= \"PrintPreviewToolStripMenuItem\" fullword wide \n \t\t $s16= \"PrintPreviewToolStripMenuItem.Image\" fullword wide \n \t\t $s17= \"PrintSetupToolStripMenuItem\" fullword wide \n \t\t $s18= \"PrintToolStripButton.Image\" fullword wide \n \t\t $s19= \"PrintToolStripMenuItem.Image\" fullword wide \n \t\t $s20= \"RedoToolStripMenuItem.Image\" fullword wide \n \t\t $s21= \"SaveToolStripButton.Image\" fullword wide \n \t\t $s22= \"SaveToolStripMenuItem.Image\" fullword wide \n \t\t $s23= \"SearchToolStripMenuItem.Image\" fullword wide \n \t\t $s24= \"SelectAllToolStripMenuItem\" fullword wide \n \t\t $s25= \"StatusBarToolStripMenuItem\" fullword wide \n \t\t $s26= \"TileHorizontalToolStripMenuItem\" fullword wide \n \t\t $s27= \"TileVerticalToolStripMenuItem\" fullword wide \n \t\t $s28= \"UndoToolStripMenuItem.Image\" fullword wide \n \t\t $s29= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s30= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224f70} \n \t\t $hex2= {247331313d20224f70} \n \t\t $hex3= {247331323d20225061} \n \t\t $hex4= {247331333d20225072} \n \t\t $hex5= {247331343d20225072} \n \t\t $hex6= {247331353d20225072} \n \t\t $hex7= {247331363d20225072} \n \t\t $hex8= {247331373d20225072} \n \t\t $hex9= {247331383d20225072} \n \t\t $hex10= {247331393d20225072} \n \t\t $hex11= {2473313d2022417272} \n \t\t $hex12= {247332303d20225265} \n \t\t $hex13= {247332313d20225361} \n \t\t $hex14= {247332323d20225361} \n \t\t $hex15= {247332333d20225365} \n \t\t $hex16= {247332343d20225365} \n \t\t $hex17= {247332353d20225374} \n \t\t $hex18= {247332363d20225469} \n \t\t $hex19= {247332373d20225469} \n \t\t $hex20= {247332383d2022556e} \n \t\t $hex21= {247332393d20225769} \n \t\t $hex22= {2473323d2022436c6f} \n \t\t $hex23= {247333303d20225769} \n \t\t $hex24= {2473333d2022436f6e} \n \t\t $hex25= {2473343d2022436f70} \n \t\t $hex26= {2473353d2022437574} \n \t\t $hex27= {2473363d202248656c} \n \t\t $hex28= {2473373d2022496e64} \n \t\t $hex29= {2473383d20224e6577} \n \t\t $hex30= {2473393d20224e6577} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc Group", "expiration": null, "is_active": 1 }, { "id": 3360593713, "indicator": "e4572f0b8878c07a319895e3f4e0639d1f10ff05", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of cf90d9961b012e81dba645a7d9f0d074", "expiration": null, "is_active": 1 }, { "id": 1386572429, "indicator": "67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of cf90d9961b012e81dba645a7d9f0d074", "expiration": null, "is_active": 1 }, { "id": 3360593714, "indicator": "35c6bbaf0e6842bb0bbd6cc870e791cf3a1b86b1", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cf90d9961b012e81dba645a7d9f0d074\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \t\t $a1= \"N=R=V=Z=^=b=f=j=n=r=v=z=~=\" fullword ascii \n \n \t\t $hex1= {2461313d20224e3d52} \n \t\t $hex2= {2473313d2022434c5f} \n \t\t $hex3= {2473323d2022434c5f} \n \t\t $hex4= {2473333d202244495f} \n \t\t $hex5= {2473343d202244495f} \n \t\t $hex6= {2473353d2022454e5f} \n \t\t $hex7= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593715, "indicator": "ae4f3d9ae9b1d94ce56c704aba2e47051ca64c02", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of fa39635454b8ab4a1b73ccec0317025b", "expiration": null, "is_active": 1 }, { "id": 1386572726, "indicator": "b719da8fb6f8911f02c1ebc83e3f2bf9da425fd634505918f0fe93d8013d1817", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of fa39635454b8ab4a1b73ccec0317025b", "expiration": null, "is_active": 1 }, { "id": 3360593716, "indicator": "b3c5f5b977abe9a3cb8b3c380c326529d524f61d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_b719da8fb6f8911f02c1ebc83e3f2bf9da425fd634505918f0fe93d8013d1817 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b719da8fb6f8911f02c1ebc83e3f2bf9da425fd634505918f0fe93d8013d1817 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fa39635454b8ab4a1b73ccec0317025b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b719da8fb6f8911f02c1ebc83e3f2bf9da425fd634505918f0fe93d8013d1817 Group", "expiration": null, "is_active": 1 }, { "id": 3360593717, "indicator": "85cfe78fe9a2a1ae72126f84f7a1348bc57ab776", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of addf2659e114f5fadb30bbac19ac2c49\nSHA1 of addf2659e114f5fadb30bbac19ac2c49", "expiration": null, "is_active": 1 }, { "id": 1386572263, "indicator": "458dec6e45274c66f9e6170398a25db9d4d8f138b05c5c1ddf65c158e8e48e57", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of addf2659e114f5fadb30bbac19ac2c49\nSHA256 of addf2659e114f5fadb30bbac19ac2c49", "expiration": null, "is_active": 1 }, { "id": 3360593718, "indicator": "f793f9a8d0a611a2d4254d09e434f3cba92faaec", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_458dec6e45274c66f9e6170398a25db9d4d8f138b05c5c1ddf65c158e8e48e57 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_458dec6e45274c66f9e6170398a25db9d4d8f138b05c5c1ddf65c158e8e48e57 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"addf2659e114f5fadb30bbac19ac2c49\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_458dec6e45274c66f9e6170398a25db9d4d8f138b05c5c1ddf65c158e8e48e57 Group", "expiration": null, "is_active": 1 }, { "id": 3360593719, "indicator": "190ccda7b95e59428f00278fc5d18fac671dfdaf", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of abcc6422c4742479a56d8643d3377765", "expiration": null, "is_active": 1 }, { "id": 1386572106, "indicator": "20dafb37ef55c2e8ae7f08eb2ca8349b915383e357b8f82a94a696b13fb2bbef", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of abcc6422c4742479a56d8643d3377765", "expiration": null, "is_active": 1 }, { "id": 3360593720, "indicator": "0f22d8c3b5e700415f0d7ccde823dee7daea2405", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_20dafb37ef55c2e8ae7f08eb2ca8349b915383e357b8f82a94a696b13fb2bbef { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_20dafb37ef55c2e8ae7f08eb2ca8349b915383e357b8f82a94a696b13fb2bbef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"abcc6422c4742479a56d8643d3377765\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")[71[DA[WQ[WY[Wa[Wi[Wq[Wy[W\" fullword wide \n \t\t $s2= \"eChkPjTP3RWMIcqj4l.Qt1WBugkPstC7rJKoZ\" fullword wide \n \t\t $s3= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s4= \"IIOUHUIGGHJGGHHH.Properties.Resources\" fullword wide \n \t\t $s5= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s6= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022295b37} \n \t\t $hex2= {2473323d2022654368} \n \t\t $hex3= {2473333d2022476574} \n \t\t $hex4= {2473343d202249494f} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022537973} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_20dafb37ef55c2e8ae7f08eb2ca8349b915383e357b8f82a94a696b13fb2bbef Group", "expiration": null, "is_active": 1 }, { "id": 3360593721, "indicator": "09fedf724dc7b57b931779617820ba3157d02099", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_496416a57a82d62211df726f36aa1b95a58e1f4feb5cc17081da50347bd0e676 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_496416a57a82d62211df726f36aa1b95a58e1f4feb5cc17081da50347bd0e676 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"09a31892d9e6bbab75d2872dafe87842\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ffuiffoifofiofjfoljflkflkflfklfklf\" fullword wide \n \t\t $s2= \"rgeyfgughvfjkhfkgskjgjkjreiujtoiktogjrkjkfj\" fullword wide \n \n \t\t $hex1= {2473313d2022666675} \n \t\t $hex2= {2473323d2022726765} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_496416a57a82d62211df726f36aa1b95a58e1f4feb5cc17081da50347bd0e676 Group", "expiration": null, "is_active": 1 }, { "id": 3360593722, "indicator": "799da6187cfbb895b77bf1c01b3f75bd051119af", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_f10e3c8ae94b4ee00f6a09e72a9051d682366dae58f3bb7a7aab9c9b99b7714c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_f10e3c8ae94b4ee00f6a09e72a9051d682366dae58f3bb7a7aab9c9b99b7714c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1bc20f9efee8e0c8bbe31b2e4d00a94d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_f10e3c8ae94b4ee00f6a09e72a9051d682366dae58f3bb7a7aab9c9b99b7714c Group", "expiration": null, "is_active": 1 }, { "id": 3360593723, "indicator": "5d8fff9c8f107d8154f4bad895c9909431e6d768", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_daa68b22e69d67c9f0066b5172aa0a56db69e1dce48a9f916cc84be66e0792f9 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_daa68b22e69d67c9f0066b5172aa0a56db69e1dce48a9f916cc84be66e0792f9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3316d124b26e337d968f1a224b9dbec5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \t\t $s3= \"wqrtqwrwqrtvgsadfa.Resources\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d2022777172} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_daa68b22e69d67c9f0066b5172aa0a56db69e1dce48a9f916cc84be66e0792f9 Group", "expiration": null, "is_active": 1 }, { "id": 3360593724, "indicator": "28c06084d241b3780a0f0d669f07c72c6d4e9958", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 5698549ab5177a527ad69eb235f445df\nSHA1 of 5698549ab5177a527ad69eb235f445df", "expiration": null, "is_active": 1 }, { "id": 1386572024, "indicator": "0a58f3a7f988d57407537f77c5858afab5f042a78baae2b6d0268536e62bcc54", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 5698549ab5177a527ad69eb235f445df\nSHA256 of 5698549ab5177a527ad69eb235f445df", "expiration": null, "is_active": 1 }, { "id": 3360593725, "indicator": "8545852aedc4af45fdb85bf11b7146f1e2e5fef9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_0a58f3a7f988d57407537f77c5858afab5f042a78baae2b6d0268536e62bcc54 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_0a58f3a7f988d57407537f77c5858afab5f042a78baae2b6d0268536e62bcc54 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5698549ab5177a527ad69eb235f445df\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_0a58f3a7f988d57407537f77c5858afab5f042a78baae2b6d0268536e62bcc54 Group", "expiration": null, "is_active": 1 }, { "id": 3360593726, "indicator": "e1a7a4cf53b303751b46a8597c52074cc6ddc5dc", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of d93918fcd8e0fe46b49f5f6cbbcab397\nSHA1 of d93918fcd8e0fe46b49f5f6cbbcab397", "expiration": null, "is_active": 1 }, { "id": 1386572291, "indicator": "4cde6b94614132421cca99852bfd2e78966718cddd4b18d1ffd59dee81bf18bc", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of d93918fcd8e0fe46b49f5f6cbbcab397\nSHA256 of d93918fcd8e0fe46b49f5f6cbbcab397", "expiration": null, "is_active": 1 }, { "id": 3360593727, "indicator": "9b2b917f05ae15562515c0bdd8467c70f011850a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4cde6b94614132421cca99852bfd2e78966718cddd4b18d1ffd59dee81bf18bc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4cde6b94614132421cca99852bfd2e78966718cddd4b18d1ffd59dee81bf18bc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-42-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d93918fcd8e0fe46b49f5f6cbbcab397\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FSoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d202246536f} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536541} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4cde6b94614132421cca99852bfd2e78966718cddd4b18d1ffd59dee81bf18bc Group", "expiration": null, "is_active": 1 }, { "id": 3360593728, "indicator": "03e240119191812164df36db41548174ab71287c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of e3757132632f234b63f16afd6a741704", "expiration": null, "is_active": 1 }, { "id": 1386572410, "indicator": "63264aefdfabc86ae1a9a6e4cea8359ca01b8bf9be07a167b55af57cac69cba5", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of e3757132632f234b63f16afd6a741704", "expiration": null, "is_active": 1 }, { "id": 3360593729, "indicator": "1aa8e528f758469848532f2f5dd6c964c9588ef8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_63264aefdfabc86ae1a9a6e4cea8359ca01b8bf9be07a167b55af57cac69cba5 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_63264aefdfabc86ae1a9a6e4cea8359ca01b8bf9be07a167b55af57cac69cba5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-41-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e3757132632f234b63f16afd6a741704\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu5EG99B1/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_63264aefdfabc86ae1a9a6e4cea8359ca01b8bf9be07a167b55af57cac69cba5 Group", "expiration": null, "is_active": 1 }, { "id": 3360593730, "indicator": "ca2b6c237c0c222303598e55343a703f6e077ab6", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 7bd4aa2c112ccffee7efbaa419fa5cc2", "expiration": null, "is_active": 1 }, { "id": 1386572610, "indicator": "94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 7bd4aa2c112ccffee7efbaa419fa5cc2", "expiration": null, "is_active": 1 }, { "id": 3360593731, "indicator": "072f686d00b2a2138dc75e0385bc6c2bd4dee748", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-41-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7bd4aa2c112ccffee7efbaa419fa5cc2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_94848d51c7af3005826cc841f475691be91e267981258000bdbd6274ba83c3eb Group", "expiration": null, "is_active": 1 }, { "id": 3360593732, "indicator": "bfa7cae725213c8adfa566eeedec5d8377c4be64", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of caeda54dea86f70c09da69c5ae6460a9", "expiration": null, "is_active": 1 }, { "id": 1386399292, "indicator": "84ed59953f57f5927b9843f35ca3c325155d5210824d3b79b060755827b51f72", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of caeda54dea86f70c09da69c5ae6460a9", "expiration": null, "is_active": 1 }, { "id": 3360593733, "indicator": "9ec4c6d112b42d460181e9c206ebf45c984428d1", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_84ed59953f57f5927b9843f35ca3c325155d5210824d3b79b060755827b51f72 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_84ed59953f57f5927b9843f35ca3c325155d5210824d3b79b060755827b51f72 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-41-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"caeda54dea86f70c09da69c5ae6460a9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ColumnHeader1.DefaultModifiers\" fullword wide \n \t\t $s2= \"ColumnHeader2.DefaultModifiers\" fullword wide \n \t\t $s3= \"ColumnHeader3.DefaultModifiers\" fullword wide \n \t\t $s4= \"ColumnHeader4.DefaultModifiers\" fullword wide \n \t\t $s5= \"ColumnHeader5.DefaultModifiers\" fullword wide \n \t\t $s6= \"ComboBox1.DefaultModifiers\" fullword wide \n \t\t $s7= \"ComboBox2.DefaultModifiers\" fullword wide \n \t\t $s8= \"CrystalReportDesignerStream\" fullword wide \n \t\t $s9= \"CrystalReportViewer1.DefaultModifiers\" fullword wide \n \t\t $s10= \"CrystalReportViewer1.Locked\" fullword wide \n \t\t $s11= \"CrystalReportViewer1.Modifiers\" fullword wide \n \t\t $s12= \"DataGrid1.DefaultModifiers\" fullword wide \n \t\t $s13= \"DateTimePicker1.DefaultModifiers\" fullword wide \n \t\t $s14= \"DateTimePicker1.Modifiers\" fullword wide \n \t\t $s15= \"GroupBox1.DefaultModifiers\" fullword wide \n \t\t $s16= \"ImageList1.DefaultModifiers\" fullword wide \n \t\t $s17= \"ListView1.DefaultModifiers\" fullword wide \n \t\t $s18= \"MainMenu1.DefaultModifiers\" fullword wide \n \t\t $s19= \"MenuItem10.DefaultModifiers\" fullword wide \n \t\t $s20= \"MenuItem11.DefaultModifiers\" fullword wide \n \t\t $s21= \"MenuItem12.DefaultModifiers\" fullword wide \n \t\t $s22= \"MenuItem13.DefaultModifiers\" fullword wide \n \t\t $s23= \"MenuItem14.DefaultModifiers\" fullword wide \n \t\t $s24= \"MenuItem15.DefaultModifiers\" fullword wide \n \t\t $s25= \"MenuItem16.DefaultModifiers\" fullword wide \n \t\t $s26= \"MenuItem17.DefaultModifiers\" fullword wide \n \t\t $s27= \"MenuItem18.DefaultModifiers\" fullword wide \n \t\t $s28= \"MenuItem19.DefaultModifiers\" fullword wide \n \t\t $s29= \"MenuItem1.DefaultModifiers\" fullword wide \n \t\t $s30= \"MenuItem20.DefaultModifiers\" fullword wide \n \t\t $s31= \"MenuItem21.DefaultModifiers\" fullword wide \n \t\t $s32= \"MenuItem22.DefaultModifiers\" fullword wide \n \t\t $s33= \"MenuItem23.DefaultModifiers\" fullword wide \n \t\t $s34= \"MenuItem24.DefaultModifiers\" fullword wide \n \t\t $s35= \"MenuItem25.DefaultModifiers\" fullword wide \n \t\t $s36= \"MenuItem26.DefaultModifiers\" fullword wide \n \t\t $s37= \"MenuItem27.DefaultModifiers\" fullword wide \n \t\t $s38= \"MenuItem28.DefaultModifiers\" fullword wide \n \t\t $s39= \"MenuItem29.DefaultModifiers\" fullword wide \n \t\t $s40= \"MenuItem2.DefaultModifiers\" fullword wide \n \t\t $s41= \"MenuItem30.DefaultModifiers\" fullword wide \n \t\t $s42= \"MenuItem31.DefaultModifiers\" fullword wide \n \t\t $s43= \"MenuItem32.DefaultModifiers\" fullword wide \n \t\t $s44= \"MenuItem33.DefaultModifiers\" fullword wide \n \t\t $s45= \"MenuItem34.DefaultModifiers\" fullword wide \n \t\t $s46= \"MenuItem3.DefaultModifiers\" fullword wide \n \t\t $s47= \"MenuItem4.DefaultModifiers\" fullword wide \n \t\t $s48= \"MenuItem5.DefaultModifiers\" fullword wide \n \t\t $s49= \"MenuItem6.DefaultModifiers\" fullword wide \n \t\t $s50= \"MenuItem7.DefaultModifiers\" fullword wide \n \t\t $s51= \"MenuItem8.DefaultModifiers\" fullword wide \n \t\t $s52= \"MenuItem9.DefaultModifiers\" fullword wide \n \t\t $s53= \"MonthCalendar1.DefaultModifiers\" fullword wide \n \t\t $s54= \"NextLine.DefaultModifiers\" fullword wide \n \t\t $s55= \"NumericUpDown1.DefaultModifiers\" fullword wide \n \t\t $s56= \"ProgressBar1.DefaultModifiers\" fullword wide \n \t\t $s57= \"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\" fullword wide \n \t\t $s58= \"report_Transaction1.DefaultModifiers\" fullword wide \n \t\t $s59= \"report_Transaction1.Location\" fullword wide \n \t\t $s60= \"report_Transaction1.Modifiers\" fullword wide \n \t\t $s61= \"Splash_timer.DefaultModifiers\" fullword wide \n \t\t $s62= \"StatusBar1.DefaultModifiers\" fullword wide \n \t\t $s63= \"StatusBarPanel1.DefaultModifiers\" fullword wide \n \t\t $s64= \"StatusBarPanel1.Modifiers\" fullword wide \n \t\t $s65= \"StatusBarPanel2.DefaultModifiers\" fullword wide \n \t\t $s66= \"StatusBarPanel2.Modifiers\" fullword wide \n \t\t $s67= \"StatusBarPanel3.DefaultModifiers\" fullword wide \n \t\t $s68= \"StatusBarPanel3.Modifiers\" fullword wide \n \t\t $s69= \"TextBox1.DefaultModifiers\" fullword wide \n \t\t $s70= \"TextBox2.DefaultModifiers\" fullword wide \n \t\t $s71= \"TextBox3.DefaultModifiers\" fullword wide \n \t\t $s72= \"TextBox4.DefaultModifiers\" fullword wide \n \t\t $s73= \"TextBox5.DefaultModifiers\" fullword wide \n \t\t $s74= \"ToolBar1.DefaultModifiers\" fullword wide \n \t\t $s75= \"ToolBarButton10.DefaultModifiers\" fullword wide \n \t\t $s76= \"ToolBarButton10.Modifiers\" fullword wide \n \t\t $s77= \"ToolBarButton11.DefaultModifiers\" fullword wide \n \t\t $s78= \"ToolBarButton11.Modifiers\" fullword wide \n \t\t $s79= \"ToolBarButton12.DefaultModifiers\" fullword wide \n \t\t $s80= \"ToolBarButton12.Modifiers\" fullword wide \n \t\t $s81= \"ToolBarButton13.DefaultModifiers\" fullword wide \n \t\t $s82= \"ToolBarButton13.Modifiers\" fullword wide \n \t\t $s83= \"ToolBarButton14.DefaultModifiers\" fullword wide \n \t\t $s84= \"ToolBarButton14.Modifiers\" fullword wide \n \t\t $s85= \"ToolBarButton15.DefaultModifiers\" fullword wide \n \t\t $s86= \"ToolBarButton15.Modifiers\" fullword wide \n \t\t $s87= \"ToolBarButton1.DefaultModifiers\" fullword wide \n \t\t $s88= \"ToolBarButton2.DefaultModifiers\" fullword wide \n \t\t $s89= \"ToolBarButton3.DefaultModifiers\" fullword wide \n \t\t $s90= \"ToolBarButton4.DefaultModifiers\" fullword wide \n \t\t $s91= \"ToolBarButton5.DefaultModifiers\" fullword wide \n \t\t $s92= \"ToolBarButton6.DefaultModifiers\" fullword wide \n \t\t $s93= \"ToolBarButton7.DefaultModifiers\" fullword wide \n \t\t $s94= \"ToolBarButton8.DefaultModifiers\" fullword wide \n \t\t $s95= \"ToolBarButton9.DefaultModifiers\" fullword wide \n \t\t $s96= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s97= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224372} \n \t\t $hex2= {247331313d20224372} \n \t\t $hex3= {247331323d20224461} \n \t\t $hex4= {247331333d20224461} \n \t\t $hex5= {247331343d20224461} \n \t\t $hex6= {247331353d20224772} \n \t\t $hex7= {247331363d2022496d} \n \t\t $hex8= {247331373d20224c69} \n \t\t $hex9= {247331383d20224d61} \n \t\t $hex10= {247331393d20224d65} \n \t\t $hex11= {2473313d2022436f6c} \n \t\t $hex12= {247332303d20224d65} \n \t\t $hex13= {247332313d20224d65} \n \t\t $hex14= {247332323d20224d65} \n \t\t $hex15= {247332333d20224d65} \n \t\t $hex16= {247332343d20224d65} \n \t\t $hex17= {247332353d20224d65} \n \t\t $hex18= {247332363d20224d65} \n \t\t $hex19= {247332373d20224d65} \n \t\t $hex20= {247332383d20224d65} \n \t\t $hex21= {247332393d20224d65} \n \t\t $hex22= {2473323d2022436f6c} \n \t\t $hex23= {247333303d20224d65} \n \t\t $hex24= {247333313d20224d65} \n \t\t $hex25= {247333323d20224d65} \n \t\t $hex26= {247333333d20224d65} \n \t\t $hex27= {247333343d20224d65} \n \t\t $hex28= {247333353d20224d65} \n \t\t $hex29= {247333363d20224d65} \n \t\t $hex30= {247333373d20224d65} \n \t\t $hex31= {247333383d20224d65} \n \t\t $hex32= {247333393d20224d65} \n \t\t $hex33= {2473333d2022436f6c} \n \t\t $hex34= {247334303d20224d65} \n \t\t $hex35= {247334313d20224d65} \n \t\t $hex36= {247334323d20224d65} \n \t\t $hex37= {247334333d20224d65} \n \t\t $hex38= {247334343d20224d65} \n \t\t $hex39= {247334353d20224d65} \n \t\t $hex40= {247334363d20224d65} \n \t\t $hex41= {247334373d20224d65} \n \t\t $hex42= {247334383d20224d65} \n \t\t $hex43= {247334393d20224d65} \n \t\t $hex44= {2473343d2022436f6c} \n \t\t $hex45= {247335303d20224d65} \n \t\t $hex46= {247335313d20224d65} \n \t\t $hex47= {247335323d20224d65} \n \t\t $hex48= {247335333d20224d6f} \n \t\t $hex49= {247335343d20224e65} \n \t\t $hex50= {247335353d20224e75} \n \t\t $hex51= {247335363d20225072} \n \t\t $hex52= {247335373d20225072} \n \t\t $hex53= {247335383d20227265} \n \t\t $hex54= {247335393d20227265} \n \t\t $hex55= {2473353d2022436f6c} \n \t\t $hex56= {247336303d20227265} \n \t\t $hex57= {247336313d20225370} \n \t\t $hex58= {247336323d20225374} \n \t\t $hex59= {247336333d20225374} \n \t\t $hex60= {247336343d20225374} \n \t\t $hex61= {247336353d20225374} \n \t\t $hex62= {247336363d20225374} \n \t\t $hex63= {247336373d20225374} \n \t\t $hex64= {247336383d20225374} \n \t\t $hex65= {247336393d20225465} \n \t\t $hex66= {2473363d2022436f6d} \n \t\t $hex67= {247337303d20225465} \n \t\t $hex68= {247337313d20225465} \n \t\t $hex69= {247337323d20225465} \n \t\t $hex70= {247337333d20225465} \n \t\t $hex71= {247337343d2022546f} \n \t\t $hex72= {247337353d2022546f} \n \t\t $hex73= {247337363d2022546f} \n \t\t $hex74= {247337373d2022546f} \n \t\t $hex75= {247337383d2022546f} \n \t\t $hex76= {247337393d2022546f} \n \t\t $hex77= {2473373d2022436f6d} \n \t\t $hex78= {247338303d2022546f} \n \t\t $hex79= {247338313d2022546f} \n \t\t $hex80= {247338323d2022546f} \n \t\t $hex81= {247338333d2022546f} \n \t\t $hex82= {247338343d2022546f} \n \t\t $hex83= {247338353d2022546f} \n \t\t $hex84= {247338363d2022546f} \n \t\t $hex85= {247338373d2022546f} \n \t\t $hex86= {247338383d2022546f} \n \t\t $hex87= {247338393d2022546f} \n \t\t $hex88= {2473383d2022437279} \n \t\t $hex89= {247339303d2022546f} \n \t\t $hex90= {247339313d2022546f} \n \t\t $hex91= {247339323d2022546f} \n \t\t $hex92= {247339333d2022546f} \n \t\t $hex93= {247339343d2022546f} \n \t\t $hex94= {247339353d2022546f} \n \t\t $hex95= {247339363d20225769} \n \t\t $hex96= {247339373d20225769} \n \t\t $hex97= {2473393d2022437279} \n \n \tcondition: \n \t\t6", "title": "", "description": "APTMalware_Gorgon_Group_84ed59953f57f5927b9843f35ca3c325155d5210824d3b79b060755827b51f72 Group", "expiration": null, "is_active": 1 }, { "id": 3360593734, "indicator": "26e3555dd4aa1c27d7eb84da147613516e759629", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of c06d57a86784c71e96de14ca72184c85", "expiration": null, "is_active": 1 }, { "id": 1386573065, "indicator": "ff83d9796124bda7e50f9957858f3db688948127c2e1a7bcb6be79b25baec2ba", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of c06d57a86784c71e96de14ca72184c85", "expiration": null, "is_active": 1 }, { "id": 3360593735, "indicator": "afdcb44edb033e33cbc4b458c882169c74aaea4f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_ff83d9796124bda7e50f9957858f3db688948127c2e1a7bcb6be79b25baec2ba { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ff83d9796124bda7e50f9957858f3db688948127c2e1a7bcb6be79b25baec2ba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-41-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c06d57a86784c71e96de14ca72184c85\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ff83d9796124bda7e50f9957858f3db688948127c2e1a7bcb6be79b25baec2ba Group", "expiration": null, "is_active": 1 }, { "id": 2889835831, "indicator": "e281a9fde484b8b61407144b975b0e65647b1458", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Fareit-403", "description": "SHA1 of e39b293fc4758095f361034152d3b11d", "expiration": null, "is_active": 1 }, { "id": 1386572464, "indicator": "72652099483c1b928da5c45dd0e73bcbf938c17d212ed405a9540c9c552db912", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win.Trojan.Fareit-403", "description": "SHA256 of e39b293fc4758095f361034152d3b11d", "expiration": null, "is_active": 1 }, { "id": 3360593736, "indicator": "be9d109ec3748ce294f3ae741081ea262682f5d2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_72652099483c1b928da5c45dd0e73bcbf938c17d212ed405a9540c9c552db912 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_72652099483c1b928da5c45dd0e73bcbf938c17d212ed405a9540c9c552db912 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-41-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e39b293fc4758095f361034152d3b11d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2http://www.facebook.com/\" fullword wide \n \t\t $s2= \"abe2869f-9b47-4cd9-a358-c22904dba7f7\" fullword wide \n \t\t $a1= \"SOFTWAREClassesTypeLib{9EA55529-E122-4757-BC79-E4825F80732C}\" fullword ascii \n \t\t $a2= \"SOFTWAREClassesTypeLib{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}\" fullword ascii \n \t\t $a3= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \n \t\t $hex1= {2461313d2022534f46} \n \t\t $hex2= {2461323d2022534f46} \n \t\t $hex3= {2461333d2022536f66} \n \t\t $hex4= {2473313d2022326874} \n \t\t $hex5= {2473323d2022616265} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_72652099483c1b928da5c45dd0e73bcbf938c17d212ed405a9540c9c552db912 Group", "expiration": null, "is_active": 1 }, { "id": 3360593737, "indicator": "9e313c8a8bf42721f314a0d53e05cb66eebbd836", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d2a85dd92404f17d5d2d6f1ae175dd9dadde770db28619c31feb66a9170dc4da { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d2a85dd92404f17d5d2d6f1ae175dd9dadde770db28619c31feb66a9170dc4da Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-40-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0da5c7a1740cdd66e88a17b629e656b5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu7473571/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d2a85dd92404f17d5d2d6f1ae175dd9dadde770db28619c31feb66a9170dc4da Group", "expiration": null, "is_active": 1 }, { "id": 3360593738, "indicator": "833d1a837eac9320981a85f620dacca8cb8ff074", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_a287ab3d409a698dfc87c10348461ee356443e42e50d87a5cad7ffc7cbc7dab7 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a287ab3d409a698dfc87c10348461ee356443e42e50d87a5cad7ffc7cbc7dab7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-40-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"05d4715fac45ef68975353a9a95a85c9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a287ab3d409a698dfc87c10348461ee356443e42e50d87a5cad7ffc7cbc7dab7 Group", "expiration": null, "is_active": 1 }, { "id": 3360593739, "indicator": "860c0ce944a2d052469d1fa20f1875a0a35dff35", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of 53c25074a983e0c15f27a7c7fdd1fce2", "expiration": null, "is_active": 1 }, { "id": 1386572151, "indicator": "2b858e02724e24a06a105a4c1b25c5890be90fb81d37cce50dea7b075e167056", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of 53c25074a983e0c15f27a7c7fdd1fce2", "expiration": null, "is_active": 1 }, { "id": 3360593740, "indicator": "a037b0d6e23c5863d6931f11fcf1088f88b34362", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_2b858e02724e24a06a105a4c1b25c5890be90fb81d37cce50dea7b075e167056 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_2b858e02724e24a06a105a4c1b25c5890be90fb81d37cce50dea7b075e167056 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-40-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"53c25074a983e0c15f27a7c7fdd1fce2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")^71^DA^WQ^WY^Wa^Wi^Wq^Wy^W\" fullword wide \n \t\t $s2= \"AtREdu2qXbGU3yQpRA.HKY7mGH77vVmSwsuDO\" fullword wide \n \t\t $s3= \"cdXrQBmqZNmW159YKf.3qoadelVbuYkh2yoAf\" fullword wide \n \t\t $s4= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s5= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s6= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022295e37} \n \t\t $hex2= {2473323d2022417452} \n \t\t $hex3= {2473333d2022636458} \n \t\t $hex4= {2473343d2022476574} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022537973} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_2b858e02724e24a06a105a4c1b25c5890be90fb81d37cce50dea7b075e167056 Group", "expiration": null, "is_active": 1 }, { "id": 3360593741, "indicator": "7baaf4c8d9c5e5fe158af2276d9bd9f3176e3fc6", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Pynamer.A!ac", "description": "SHA1 of 83401e92df749f28fc1ba09297c42a0d\nSHA1 of 83401e92df749f28fc1ba09297c42a0d", "expiration": null, "is_active": 1 }, { "id": 1386572318, "indicator": "53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Pynamer.A!ac", "description": "SHA256 of 83401e92df749f28fc1ba09297c42a0d\nSHA256 of 83401e92df749f28fc1ba09297c42a0d", "expiration": null, "is_active": 1 }, { "id": 3360593742, "indicator": "14902df2bce9e5db3776ec4284621b4da8223309", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-40-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"83401e92df749f28fc1ba09297c42a0d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s2= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s4= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022475549} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022536541} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 Group", "expiration": null, "is_active": 1 }, { "id": 3360593743, "indicator": "f161a806da8827dad25bb5dc39fed50ec8213a08", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_db1483528df7803a766f5a536c2680ac9ca0f6c8566753adecb8fd0612682d98 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_db1483528df7803a766f5a536c2680ac9ca0f6c8566753adecb8fd0612682d98 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"47a1c122bbb08ba3f2e441b380221f3f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_db1483528df7803a766f5a536c2680ac9ca0f6c8566753adecb8fd0612682d98 Group", "expiration": null, "is_active": 1 }, { "id": 3360593744, "indicator": "a2d5d686b96f9422901511b7a492bc065097904a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "!PEExpkUnpackedFile", "description": "SHA1 of 2196ff244731dd77435a76b110ca1901", "expiration": null, "is_active": 1 }, { "id": 1386572052, "indicator": "116b6154d04260ca235db78f2abbc647cc80b92a9838360eaee4f3b8eb50d5c8", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "!PEExpkUnpackedFile", "description": "SHA256 of 2196ff244731dd77435a76b110ca1901", "expiration": null, "is_active": 1 }, { "id": 3360593745, "indicator": "759f085f4f3d92c77685aace6f17dc5c5da6ce12", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_116b6154d04260ca235db78f2abbc647cc80b92a9838360eaee4f3b8eb50d5c8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_116b6154d04260ca235db78f2abbc647cc80b92a9838360eaee4f3b8eb50d5c8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2196ff244731dd77435a76b110ca1901\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_116b6154d04260ca235db78f2abbc647cc80b92a9838360eaee4f3b8eb50d5c8 Group", "expiration": null, "is_active": 1 }, { "id": 3360593746, "indicator": "96127267a43394e7ef16a628a5262d89c4b45027", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of dc63107d0a4e023eb77312e4f20f18c7", "expiration": null, "is_active": 1 }, { "id": 1386572416, "indicator": "651f11181cd61ef64f96379a009345fc9bc6d44572d25bd2a2397b3beebe4824", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of dc63107d0a4e023eb77312e4f20f18c7", "expiration": null, "is_active": 1 }, { "id": 3360593747, "indicator": "b8f1c05c0ff25879e866e1c9addcb70ad2876c53", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_651f11181cd61ef64f96379a009345fc9bc6d44572d25bd2a2397b3beebe4824 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_651f11181cd61ef64f96379a009345fc9bc6d44572d25bd2a2397b3beebe4824 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dc63107d0a4e023eb77312e4f20f18c7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvuGCD81FG/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_651f11181cd61ef64f96379a009345fc9bc6d44572d25bd2a2397b3beebe4824 Group", "expiration": null, "is_active": 1 }, { "id": 3360593748, "indicator": "84e338e93a7e9d1e91d87dbfd785803dd162cc29", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"48159a39e517694cd35dec553de4ee04\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"D18BE48D-FB49-43F6-9E5B-7C57AA0F18AA\" fullword wide \n \t\t $s2= \"WdQhmLTWtHDbRcmpOkwpMhYoiOLZ\" fullword wide \n \t\t $s3= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s4= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022443138} \n \t\t $hex2= {2473323d2022576451} \n \t\t $hex3= {2473333d202257696e} \n \t\t $hex4= {2473343d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c Group", "expiration": null, "is_active": 1 }, { "id": 622437482, "indicator": "5ef9515e8fd92a254dd2dcdd9c4b50afa8007b8f", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of b6c12d88eeb910784d75a5e4df954001", "expiration": null, "is_active": 1 }, { "id": 3360593749, "indicator": "e2d5b51123606329eb356e0ba4892646bd28ccde", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_81de431987304676134138705fc1c21188ad7f27edf6b77a6551aa693194485e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_81de431987304676134138705fc1c21188ad7f27edf6b77a6551aa693194485e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b6c12d88eeb910784d75a5e4df954001\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-localization-obsolete-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-processthreads-l1-1-2\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"api-ms-win-rtcore-ntuser-window-l1-1-0\" fullword wide \n \t\t $s13= \"api-ms-win-security-systemfunctions-l1-1-0\" fullword wide \n \t\t $s14= \"Bapi-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s15= \"__crt_strtox::floating_point_value::as_double\" fullword wide \n \t\t $s16= \"__crt_strtox::floating_point_value::as_float\" fullword wide \n \t\t $s17= \",ec->publicKey.curve->name\" fullword wide \n \t\t $s18= \"ext-ms-win-kernel32-package-current-l1-1-0\" fullword wide \n \t\t $s19= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-windowstation-l1-1-0\" fullword wide \n \t\t $s21= \"minkernelcrtsucrtinccorecrt_internal_strtox.h\" fullword wide \n \t\t $a1= \"ssh.auth.gssapi.delegation:config-ssh-auth-gssapi-delegation\" fullword ascii \n \t\t $a2= \"ssh.tunnels.portfwd.ipversion:config-ssh-portfwd-address-family\" fullword ascii \n \n \t\t $hex1= {2461313d2022737368} \n \t\t $hex2= {2461323d2022737368} \n \t\t $hex3= {247331303d20226170} \n \t\t $hex4= {247331313d20226170} \n \t\t $hex5= {247331323d20226170} \n \t\t $hex6= {247331333d20226170} \n \t\t $hex7= {247331343d20224261} \n \t\t $hex8= {247331353d20225f5f} \n \t\t $hex9= {247331363d20225f5f} \n \t\t $hex10= {247331373d20222c65} \n \t\t $hex11= {247331383d20226578} \n \t\t $hex12= {247331393d20226578} \n \t\t $hex13= {2473313d2022617069} \n \t\t $hex14= {247332303d20226578} \n \t\t $hex15= {247332313d20226d69} \n \t\t $hex16= {2473323d2022617069} \n \t\t $hex17= {2473333d2022617069} \n \t\t $hex18= {2473343d2022617069} \n \t\t $hex19= {2473353d2022617069} \n \t\t $hex20= {2473363d2022617069} \n \t\t $hex21= {2473373d2022617069} \n \t\t $hex22= {2473383d2022617069} \n \t\t $hex23= {2473393d2022617069} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_81de431987304676134138705fc1c21188ad7f27edf6b77a6551aa693194485e Group", "expiration": null, "is_active": 1 }, { "id": 3360593750, "indicator": "02f853287ddc4c7a00f6e72c1e1214b1e63ae7f8", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Revcode RAT, RevCode RAT", "description": "SHA1 of ef6ccd7f68a1db97e7e02e3393158c5e", "expiration": null, "is_active": 1 }, { "id": 1386573048, "indicator": "fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Revcode RAT, RevCode RAT", "description": "SHA256 of ef6ccd7f68a1db97e7e02e3393158c5e", "expiration": null, "is_active": 1 }, { "id": 3360593751, "indicator": "e3b692d88a45d7563cadcb1168a0887c6846b4f8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ef6ccd7f68a1db97e7e02e3393158c5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CDDNBOVPPDXQRNELGIDGKAWLUQNKOJGUPKOPEMORV\" fullword wide \n \t\t $s2= \"FZPUORJCBANBSWKUCKDXZYIYVEETUEXTFXKXBAGZ\" fullword wide \n \t\t $s3= \"FZPUORJCBANBSWKUCKDXZYIYVEETUEXTFXKXBAGZ.exe\" fullword wide \n \t\t $s4= \"YKNIFBGCCRSIZPGQRZKNPIWDUWUMN\" fullword wide \n \n \t\t $hex1= {2473313d2022434444} \n \t\t $hex2= {2473323d2022465a50} \n \t\t $hex3= {2473333d2022465a50} \n \t\t $hex4= {2473343d2022594b4e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c Group", "expiration": null, "is_active": 1 }, { "id": 3360593752, "indicator": "3b00b9d1572ed7049a24a9f2ad0d85519a0a6680", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA1 of bc7b77e4a6946b1b95c1d49f6631a126", "expiration": null, "is_active": 1 }, { "id": 1386572813, "indicator": "c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA256 of bc7b77e4a6946b1b95c1d49f6631a126", "expiration": null, "is_active": 1 }, { "id": 3360593753, "indicator": "658e37e84f7f06a4dcd85980ea4f793dac81ddd6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bc7b77e4a6946b1b95c1d49f6631a126\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"COVOEMUEOXZONEZEVCCCEMOERRX\" fullword wide \n \t\t $s2= \"XVOOOIUVMREBUUIEBBUNOXXUUXOZEBUXBUOVMNZT\" fullword wide \n \t\t $a1= \"Bn@ygs1tP2vSeaogj5fAED~SiHT9dmKC|6ed3zsOY0hpwr43VIJX.HC@AkLMZW\" fullword ascii \n \n \t\t $hex1= {2461313d2022426e40} \n \t\t $hex2= {2473313d2022434f56} \n \t\t $hex3= {2473323d202258564f} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c Group", "expiration": null, "is_active": 1 }, { "id": 3360593754, "indicator": "d72aa9fa9003f5d74422814e75c91976e7dff515", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Noancooe.A", "description": "SHA1 of d8a713e9aed88093668ec0f19d54e513", "expiration": null, "is_active": 1 }, { "id": 1386399289, "indicator": "690fc694b0840dbabb462ae46eb836777420b3354e53a6944a2e169b965b0bec", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Noancooe.A", "description": "SHA256 of d8a713e9aed88093668ec0f19d54e513", "expiration": null, "is_active": 1 }, { "id": 3360593755, "indicator": "76c58f3db6a7dfd0b2c6454c161a4efa246f04a5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_690fc694b0840dbabb462ae46eb836777420b3354e53a6944a2e169b965b0bec { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_690fc694b0840dbabb462ae46eb836777420b3354e53a6944a2e169b965b0bec Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d8a713e9aed88093668ec0f19d54e513\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ClearAllToolStripMenuItem\" fullword wide \n \t\t $s2= \"DeveloperToolStripMenuItem\" fullword wide \n \t\t $s3= \"MainLayoutPanel.BackgroundImage\" fullword wide \n \t\t $s4= \"Saransh_Email_System.Resources\" fullword wide \n \t\t $s5= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s6= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022436c65} \n \t\t $hex2= {2473323d2022446576} \n \t\t $hex3= {2473333d20224d6169} \n \t\t $hex4= {2473343d2022536172} \n \t\t $hex5= {2473353d202257696e} \n \t\t $hex6= {2473363d202257696e} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_690fc694b0840dbabb462ae46eb836777420b3354e53a6944a2e169b965b0bec Group", "expiration": null, "is_active": 1 }, { "id": 3360593756, "indicator": "943170abbf8a69b27e4bc953060a75c8562f2ffe", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA1 of 58574b6dc105478f0807ea148349c59f", "expiration": null, "is_active": 1 }, { "id": 1386572647, "indicator": "9f2b1601335a082d22ed57dca92e2f7d8cbf983565dabdcd3af47eefe4bbbd3e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA256 of 58574b6dc105478f0807ea148349c59f", "expiration": null, "is_active": 1 }, { "id": 3360593824, "indicator": "a0f8af4715b64632283a0dc44b4e5a6b59e94a19", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_9f2b1601335a082d22ed57dca92e2f7d8cbf983565dabdcd3af47eefe4bbbd3e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9f2b1601335a082d22ed57dca92e2f7d8cbf983565dabdcd3af47eefe4bbbd3e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"58574b6dc105478f0807ea148349c59f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DesignerRectTracker10.TrackerRectangle\" fullword wide \n \t\t $s2= \"DesignerRectTracker11.TrackerRectangle\" fullword wide \n \t\t $s3= \"DesignerRectTracker12.TrackerRectangle\" fullword wide \n \t\t $s4= \"DesignerRectTracker13.TrackerRectangle\" fullword wide \n \t\t $s5= \"DesignerRectTracker14.TrackerRectangle\" fullword wide \n \t\t $s6= \"DesignerRectTracker15.TrackerRectangle\" fullword wide \n \t\t $s7= \"DesignerRectTracker16.TrackerRectangle\" fullword wide \n \t\t $s8= \"DesignerRectTracker17.TrackerRectangle\" fullword wide \n \t\t $s9= \"DesignerRectTracker18.TrackerRectangle\" fullword wide \n \t\t $s10= \"DesignerRectTracker19.TrackerRectangle\" fullword wide \n \t\t $s11= \"DesignerRectTracker1.TrackerRectangle\" fullword wide \n \t\t $s12= \"DesignerRectTracker20.TrackerRectangle\" fullword wide \n \t\t $s13= \"DesignerRectTracker21.TrackerRectangle\" fullword wide \n \t\t $s14= \"DesignerRectTracker22.TrackerRectangle\" fullword wide \n \t\t $s15= \"DesignerRectTracker23.TrackerRectangle\" fullword wide \n \t\t $s16= \"DesignerRectTracker24.TrackerRectangle\" fullword wide \n \t\t $s17= \"DesignerRectTracker25.TrackerRectangle\" fullword wide \n \t\t $s18= \"DesignerRectTracker26.TrackerRectangle\" fullword wide \n \t\t $s19= \"DesignerRectTracker27.TrackerRectangle\" fullword wide \n \t\t $s20= \"DesignerRectTracker28.TrackerRectangle\" fullword wide \n \t\t $s21= \"DesignerRectTracker29.TrackerRectangle\" fullword wide \n \t\t $s22= \"DesignerRectTracker2.TrackerRectangle\" fullword wide \n \t\t $s23= \"DesignerRectTracker30.TrackerRectangle\" fullword wide \n \t\t $s24= \"DesignerRectTracker31.TrackerRectangle\" fullword wide \n \t\t $s25= \"DesignerRectTracker32.TrackerRectangle\" fullword wide \n \t\t $s26= \"DesignerRectTracker33.TrackerRectangle\" fullword wide \n \t\t $s27= \"DesignerRectTracker34.TrackerRectangle\" fullword wide \n \t\t $s28= \"DesignerRectTracker35.TrackerRectangle\" fullword wide \n \t\t $s29= \"DesignerRectTracker36.TrackerRectangle\" fullword wide \n \t\t $s30= \"DesignerRectTracker37.TrackerRectangle\" fullword wide \n \t\t $s31= \"DesignerRectTracker38.TrackerRectangle\" fullword wide \n \t\t $s32= \"DesignerRectTracker39.TrackerRectangle\" fullword wide \n \t\t $s33= \"DesignerRectTracker3.TrackerRectangle\" fullword wide \n \t\t $s34= \"DesignerRectTracker40.TrackerRectangle\" fullword wide \n \t\t $s35= \"DesignerRectTracker41.TrackerRectangle\" fullword wide \n \t\t $s36= \"DesignerRectTracker42.TrackerRectangle\" fullword wide \n \t\t $s37= \"DesignerRectTracker43.TrackerRectangle\" fullword wide \n \t\t $s38= \"DesignerRectTracker44.TrackerRectangle\" fullword wide \n \t\t $s39= \"DesignerRectTracker45.TrackerRectangle\" fullword wide \n \t\t $s40= \"DesignerRectTracker46.TrackerRectangle\" fullword wide \n \t\t $s41= \"DesignerRectTracker47.TrackerRectangle\" fullword wide \n \t\t $s42= \"DesignerRectTracker48.TrackerRectangle\" fullword wide \n \t\t $s43= \"DesignerRectTracker49.TrackerRectangle\" fullword wide \n \t\t $s44= \"DesignerRectTracker4.TrackerRectangle\" fullword wide \n \t\t $s45= \"DesignerRectTracker50.TrackerRectangle\" fullword wide \n \t\t $s46= \"DesignerRectTracker51.TrackerRectangle\" fullword wide \n \t\t $s47= \"DesignerRectTracker52.TrackerRectangle\" fullword wide \n \t\t $s48= \"DesignerRectTracker53.TrackerRectangle\" fullword wide \n \t\t $s49= \"DesignerRectTracker54.TrackerRectangle\" fullword wide \n \t\t $s50= \"DesignerRectTracker55.TrackerRectangle\" fullword wide \n \t\t $s51= \"DesignerRectTracker56.TrackerRectangle\" fullword wide \n \t\t $s52= \"DesignerRectTracker5.TrackerRectangle\" fullword wide \n \t\t $s53= \"DesignerRectTracker6.TrackerRectangle\" fullword wide \n \t\t $s54= \"DesignerRectTracker7.TrackerRectangle\" fullword wide \n \t\t $s55= \"DesignerRectTracker8.TrackerRectangle\" fullword wide \n \t\t $s56= \"DesignerRectTracker9.TrackerRectangle\" fullword wide \n \t\t $s57= \"File created...(contacts.txt)\" fullword wide \n \t\t $s58= \"PersonalContacts.Resources\" fullword wide \n \t\t $s59= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s60= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224465} \n \t\t $hex2= {247331313d20224465} \n \t\t $hex3= {247331323d20224465} \n \t\t $hex4= {247331333d20224465} \n \t\t $hex5= {247331343d20224465} \n \t\t $hex6= {247331353d20224465} \n \t\t $hex7= {247331363d20224465} \n \t\t $hex8= {247331373d20224465} \n \t\t $hex9= {247331383d20224465} \n \t\t $hex10= {247331393d20224465} \n \t\t $hex11= {2473313d2022446573} \n \t\t $hex12= {247332303d20224465} \n \t\t $hex13= {247332313d20224465} \n \t\t $hex14= {247332323d20224465} \n \t\t $hex15= {247332333d20224465} \n \t\t $hex16= {247332343d20224465} \n \t\t $hex17= {247332353d20224465} \n \t\t $hex18= {247332363d20224465} \n \t\t $hex19= {247332373d20224465} \n \t\t $hex20= {247332383d20224465} \n \t\t $hex21= {247332393d20224465} \n \t\t $hex22= {2473323d2022446573} \n \t\t $hex23= {247333303d20224465} \n \t\t $hex24= {247333313d20224465} \n \t\t $hex25= {247333323d20224465} \n \t\t $hex26= {247333333d20224465} \n \t\t $hex27= {247333343d20224465} \n \t\t $hex28= {247333353d20224465} \n \t\t $hex29= {247333363d20224465} \n \t\t $hex30= {247333373d20224465} \n \t\t $hex31= {247333383d20224465} \n \t\t $hex32= {247333393d20224465} \n \t\t $hex33= {2473333d2022446573} \n \t\t $hex34= {247334303d20224465} \n \t\t $hex35= {247334313d20224465} \n \t\t $hex36= {247334323d20224465} \n \t\t $hex37= {247334333d20224465} \n \t\t $hex38= {247334343d20224465} \n \t\t $hex39= {247334353d20224465} \n \t\t $hex40= {247334363d20224465} \n \t\t $hex41= {247334373d20224465} \n \t\t $hex42= {247334383d20224465} \n \t\t $hex43= {247334393d20224465} \n \t\t $hex44= {2473343d2022446573} \n \t\t $hex45= {247335303d20224465} \n \t\t $hex46= {247335313d20224465} \n \t\t $hex47= {247335323d20224465} \n \t\t $hex48= {247335333d20224465} \n \t\t $hex49= {247335343d20224465} \n \t\t $hex50= {247335353d20224465} \n \t\t $hex51= {247335363d20224465} \n \t\t $hex52= {247335373d20224669} \n \t\t $hex53= {247335383d20225065} \n \t\t $hex54= {247335393d20225769} \n \t\t $hex55= {2473353d2022446573} \n \t\t $hex56= {247336303d20225769} \n \t\t $hex57= {2473363d2022446573} \n \t\t $hex58= {2473373d2022446573} \n \t\t $hex59= {2473383d2022446573} \n \t\t $hex60= {2473393d2022446573} \n \n \tcondition: \n \t\t40 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9f2b1601335a082d22ed57dca92e2f7d8cbf983565dabdcd3af47eefe4bbbd3e Group", "expiration": null, "is_active": 1 }, { "id": 3360593825, "indicator": "e2a54be9e6340765661bdcc1fe089e7512d4b3af", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 75e2f4a84c094c637fdea7916c320a99\nSHA1 of 75e2f4a84c094c637fdea7916c320a99", "expiration": null, "is_active": 1 }, { "id": 1386572307, "indicator": "4fa17dd3c1ea4872ad7a3ba99b45a2af6a1dca4cd61da49450983a0125cfc836", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 75e2f4a84c094c637fdea7916c320a99\nSHA256 of 75e2f4a84c094c637fdea7916c320a99", "expiration": null, "is_active": 1 }, { "id": 3360593826, "indicator": "95a3f137ed04c6b5100c4f4ddc915259c2297084", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4fa17dd3c1ea4872ad7a3ba99b45a2af6a1dca4cd61da49450983a0125cfc836 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4fa17dd3c1ea4872ad7a3ba99b45a2af6a1dca4cd61da49450983a0125cfc836 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"75e2f4a84c094c637fdea7916c320a99\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu5E21BC1/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4fa17dd3c1ea4872ad7a3ba99b45a2af6a1dca4cd61da49450983a0125cfc836 Group", "expiration": null, "is_active": 1 }, { "id": 3360593827, "indicator": "7db20214da377f5ba3cf8ad66af7116335ad3e6b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_fb56801c4ffad456ceb4ba806eb53ca47231f36d62abded6eb841e805c8885cd { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_fb56801c4ffad456ceb4ba806eb53ca47231f36d62abded6eb841e805c8885cd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"368de64cf5f02da40177692f8338632e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_fb56801c4ffad456ceb4ba806eb53ca47231f36d62abded6eb841e805c8885cd Group", "expiration": null, "is_active": 1 }, { "id": 3360593828, "indicator": "e5075b0bf2937b1f22102b4f46566f5fa10acb24", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Skeeyah.A!rfn", "description": "SHA1 of 84f1f621d49f3492bb3fa019f3191435", "expiration": null, "is_active": 1 }, { "id": 1386572122, "indicator": "244397d4ec28114ed99e163dd9236e5f75ffd84540e7d16212d93508a3e7889c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Skeeyah.A!rfn", "description": "SHA256 of 84f1f621d49f3492bb3fa019f3191435", "expiration": null, "is_active": 1 }, { "id": 3360593829, "indicator": "801ff8c90f4af20b1450481fe4732a6599621f25", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_244397d4ec28114ed99e163dd9236e5f75ffd84540e7d16212d93508a3e7889c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_244397d4ec28114ed99e163dd9236e5f75ffd84540e7d16212d93508a3e7889c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"84f1f621d49f3492bb3fa019f3191435\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"9Nhmn1eAphVm0WQK.crypted.exe\" fullword wide \n \t\t $s2= \"ijRWlMWYijRWlMWYijRWlMWYi\" fullword wide \n \t\t $s3= \"Rpl]W]iiRClNWXiaRVlLW]ikRGlLWUijSVlMQ\" fullword wide \n \t\t $s4= \"RSoHT^obT^jGQRofTZjCQVozTFj_QJoqHWl~\" fullword wide \n \t\t $s5= \"WmMWYijRFlIWYijRVqMW]ijRWlLqYi`RWlMWSDjRSlMWYik\" fullword wide \n \t\t $s6= \"WUijRWlMWYijRWlMWYijRWlMWYi\" fullword wide \n \n \t\t $hex1= {2473313d2022394e68} \n \t\t $hex2= {2473323d2022696a52} \n \t\t $hex3= {2473333d202252706c} \n \t\t $hex4= {2473343d202252536f} \n \t\t $hex5= {2473353d2022576d4d} \n \t\t $hex6= {2473363d2022575569} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_244397d4ec28114ed99e163dd9236e5f75ffd84540e7d16212d93508a3e7889c Group", "expiration": null, "is_active": 1 }, { "id": 3360593830, "indicator": "77b6ad9affbbc5f0b471a238b799f482e3896c3c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-39-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"45871ed002cf2573df1905dba2b276fe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"kWn5NRrfMhKWnakZXumoji3qM\" fullword wide \n \t\t $s2= \"kWn5NRrfMhKWnakZXumoji3qM3\" fullword wide \n \t\t $s3= \"kWn5NRrfMhKWnakZXumoji3qM3m\" fullword wide \n \t\t $s4= \"kWn5NRrfMhKWnakZXumoji3qM3mA\" fullword wide \n \t\t $s5= \"kWn5NRrfMhKWnakZXumoji3qM3mA5\" fullword wide \n \t\t $s6= \"kWn5NRrfMhKWnakZXumoji3qM3mA5b\" fullword wide \n \t\t $s7= \"kWn5NRrfMhKWnakZXumoji3qM3mA5bi\" fullword wide \n \t\t $s8= \"kWn5NRrfMhKWnakZXumoji3qM3mA5biV\" fullword wide \n \t\t $s9= \"kWn5NRrfMhKWnakZXumoji3qM3mA5biVP\" fullword wide \n \t\t $s10= \"kWn5NRrfMhKWnakZXumoji3qM3mA5biVPi\" fullword wide \n \t\t $s11= \"kWn5NRrfMhKWnakZXumoji3qM3mA5biVPip\" fullword wide \n \t\t $s12= \"kWn5NRrfMhKWnakZXumoji3qM3mA5biVPipC\" fullword wide \n \t\t $s13= \"LmSpSAFCHd3VjyMCAvCmb1ChOVEWYgBUNNhdimY\" fullword wide \n \t\t $s14= \"LmSpSAFCHd3VjyMCAvCmb1ChOVEWYgBUNNhdimYOQe6es8\" fullword wide \n \t\t $s15= \"LmSpSAFCHd3VjyMCAvCmb1ChOVEWYgBUNNhdimYOQe6es89Bf\" fullword wide \n \t\t $s16= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4\" fullword wide \n \t\t $s17= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4hSUSC\" fullword wide \n \t\t $s18= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4hSUSC5veh\" fullword wide \n \t\t $s19= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4hSUSC5vehCKk\" fullword wide \n \t\t $s20= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4hSUSC5vehCKkyBF\" fullword wide \n \t\t $s21= \"ojrlB9lFUhOIFHfNfHcIPiv2rZ4hSUSC5vehCKkyBFW\" fullword wide \n \t\t $a1= \"AWAUAYEK9yTRYWKinlbhFijxASGlFOCDl[^MA.HUEmzZSY7{VWKII[MIodl\" fullword ascii \n \n \t\t $hex1= {2461313d2022415741} \n \t\t $hex2= {247331303d20226b57} \n \t\t $hex3= {247331313d20226b57} \n \t\t $hex4= {247331323d20226b57} \n \t\t $hex5= {247331333d20224c6d} \n \t\t $hex6= {247331343d20224c6d} \n \t\t $hex7= {247331353d20224c6d} \n \t\t $hex8= {247331363d20226f6a} \n \t\t $hex9= {247331373d20226f6a} \n \t\t $hex10= {247331383d20226f6a} \n \t\t $hex11= {247331393d20226f6a} \n \t\t $hex12= {2473313d20226b576e} \n \t\t $hex13= {247332303d20226f6a} \n \t\t $hex14= {247332313d20226f6a} \n \t\t $hex15= {2473323d20226b576e} \n \t\t $hex16= {2473333d20226b576e} \n \t\t $hex17= {2473343d20226b576e} \n \t\t $hex18= {2473353d20226b576e} \n \t\t $hex19= {2473363d20226b576e} \n \t\t $hex20= {2473373d20226b576e} \n \t\t $hex21= {2473383d20226b576e} \n \t\t $hex22= {2473393d20226b576e} \n \n \tcondition: \n \t\t14 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f Group", "expiration": null, "is_active": 1 }, { "id": 858040178, "indicator": "beb9a1b44f7e687ecd1e6728519b315223e46d1c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of b2c6201fbf33abdaacb838ad410ecab8", "expiration": null, "is_active": 1 }, { "id": 858041178, "indicator": "de4fc71eb8cb4424ad3f30a9195ac19fbf9511dba89b29fd3f5d9c6e3b520b49", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of b2c6201fbf33abdaacb838ad410ecab8", "expiration": null, "is_active": 1 }, { "id": 3360593831, "indicator": "e2aabfbd5d68ce653a86b565f572932220e5ae80", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_de4fc71eb8cb4424ad3f30a9195ac19fbf9511dba89b29fd3f5d9c6e3b520b49 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_de4fc71eb8cb4424ad3f30a9195ac19fbf9511dba89b29fd3f5d9c6e3b520b49 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b2c6201fbf33abdaacb838ad410ecab8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"1bhAQJAivYTgeZgsgHNrxwhExcZ3gfb\" fullword wide \n \t\t $s2= \"1hoV9o7CCGHYc3dVdNFUGQfBKFThg\" fullword wide \n \t\t $s3= \"3kPiDuEwMhqGW71zE3SspCpxDF\" fullword wide \n \t\t $s4= \"5zwJkXxvr0DoQCaIN9ah69ESEN\" fullword wide \n \t\t $s5= \"96cp3afHwwDc9QdR01uzwsBnNwIHW\" fullword wide \n \t\t $s6= \"adiPtiYrHtewxp32uJ1CWDen7wcPe\" fullword wide \n \t\t $s7= \"Apll1ujKOLzCGPwHXuEUT6e0AI29\" fullword wide \n \t\t $s8= \"aYrosy0ORtmAI6xYYocfBXg5PRDY\" fullword wide \n \t\t $s9= \"cKveFV3AsvMjw0CRmF2mQtOQd\" fullword wide \n \t\t $s10= \"dOZdb6DQfESbesfz5YJGfTMLu\" fullword wide \n \t\t $s11= \"h6QnRPElbiEz3ctDMNKxP5Y2djP\" fullword wide \n \t\t $s12= \"HjP7HrTYLVeDzAqKMPzHeu8MHCcGG3f\" fullword wide \n \t\t $s13= \"icYlSQbDWTUZuNCIvW80FqePQ7AIsLXmYPo7SMT\" fullword wide \n \t\t $s14= \"iT2NWextcFLUXwdw2rTXYhiDfq\" fullword wide \n \t\t $s15= \"iuGAAr79uj1oHHDcDII1LijMoBjtaJ3pv\" fullword wide \n \t\t $s16= \"lkL4DrdT17I15tfbqVzARbsyjgB9Gc\" fullword wide \n \t\t $s17= \"mJnkZY6ro3hxgmAJV0RAKD363kJXT\" fullword wide \n \t\t $s18= \"MLPjSRb1RWZa4iwF1UMHkR0iESQZoOLJiLFv\" fullword wide \n \t\t $s19= \"pITscQxooLabkhP1t66qedsmwG5Hj3djE\" fullword wide \n \t\t $s20= \"Q6vyDBydIsdqW6HFZUiIuFKU6nLWTy\" fullword wide \n \t\t $s21= \"System.Reflection.Assembly\" fullword wide \n \t\t $s22= \"System.Resources.ResourceManager\" fullword wide \n \t\t $s23= \"System.Security.Cryptography.ICryptoTransform\" fullword wide \n \t\t $s24= \"Xl4L0zNOBCtzVzqUIb9wlRrNY\" fullword wide \n \t\t $s25= \"XQYkKTVTUhycozvJ7CmBwVMsu8YbC\" fullword wide \n \n \t\t $hex1= {247331303d2022644f} \n \t\t $hex2= {247331313d20226836} \n \t\t $hex3= {247331323d2022486a} \n \t\t $hex4= {247331333d20226963} \n \t\t $hex5= {247331343d20226954} \n \t\t $hex6= {247331353d20226975} \n \t\t $hex7= {247331363d20226c6b} \n \t\t $hex8= {247331373d20226d4a} \n \t\t $hex9= {247331383d20224d4c} \n \t\t $hex10= {247331393d20227049} \n \t\t $hex11= {2473313d2022316268} \n \t\t $hex12= {247332303d20225136} \n \t\t $hex13= {247332313d20225379} \n \t\t $hex14= {247332323d20225379} \n \t\t $hex15= {247332333d20225379} \n \t\t $hex16= {247332343d2022586c} \n \t\t $hex17= {247332353d20225851} \n \t\t $hex18= {2473323d202231686f} \n \t\t $hex19= {2473333d2022336b50} \n \t\t $hex20= {2473343d2022357a77} \n \t\t $hex21= {2473353d2022393663} \n \t\t $hex22= {2473363d2022616469} \n \t\t $hex23= {2473373d202241706c} \n \t\t $hex24= {2473383d2022615972} \n \t\t $hex25= {2473393d2022634b76} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_de4fc71eb8cb4424ad3f30a9195ac19fbf9511dba89b29fd3f5d9c6e3b520b49 Group", "expiration": null, "is_active": 1 }, { "id": 3360593832, "indicator": "358fac900834a7f590249fe62d1b5cb4923a70b0", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 84f1afaa8b37ccc9123c9f95e6cec951", "expiration": null, "is_active": 1 }, { "id": 1386572707, "indicator": "b1aef85f454e00f2c6b982bdd6ce81d23d28701bfad7767252f9c64c1bdd6051", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 84f1afaa8b37ccc9123c9f95e6cec951", "expiration": null, "is_active": 1 }, { "id": 3360593833, "indicator": "60ed3152ac0c6a96be226178e0303a2032fe9781", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_b1aef85f454e00f2c6b982bdd6ce81d23d28701bfad7767252f9c64c1bdd6051 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b1aef85f454e00f2c6b982bdd6ce81d23d28701bfad7767252f9c64c1bdd6051 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"84f1afaa8b37ccc9123c9f95e6cec951\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b1aef85f454e00f2c6b982bdd6ce81d23d28701bfad7767252f9c64c1bdd6051 Group", "expiration": null, "is_active": 1 }, { "id": 3360593834, "indicator": "f6ed5c89db4e4e3ffe19c720d49251b853bfa06e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of fa23b6f216a428e5bd0df3447f26abc5", "expiration": null, "is_active": 1 }, { "id": 1386572833, "indicator": "cd307e00293e860e8f79a261e1399d24747a4f353462e49071e5a3a198b7aee4", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of fa23b6f216a428e5bd0df3447f26abc5", "expiration": null, "is_active": 1 }, { "id": 3360593835, "indicator": "ab188aa222257f866a0d96ab6edae722f6dc84f3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_cd307e00293e860e8f79a261e1399d24747a4f353462e49071e5a3a198b7aee4 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_cd307e00293e860e8f79a261e1399d24747a4f353462e49071e5a3a198b7aee4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fa23b6f216a428e5bd0df3447f26abc5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_cd307e00293e860e8f79a261e1399d24747a4f353462e49071e5a3a198b7aee4 Group", "expiration": null, "is_active": 1 }, { "id": 3360593836, "indicator": "eb262dcff130cf0d339bb2a221082e292e161492", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA1 of d21e7cbd75310105e76fcdc0bbd0bdab\nSHA1 of d21e7cbd75310105e76fcdc0bbd0bdab", "expiration": null, "is_active": 1 }, { "id": 1386572275, "indicator": "4851ce4c43151f1938167861a06b73c5c2a24900cc64d30381f16b34beb02a36", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA256 of d21e7cbd75310105e76fcdc0bbd0bdab\nSHA256 of d21e7cbd75310105e76fcdc0bbd0bdab", "expiration": null, "is_active": 1 }, { "id": 3360593837, "indicator": "ee78866dc6ead1f6492f07901880c35f7d89928c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4851ce4c43151f1938167861a06b73c5c2a24900cc64d30381f16b34beb02a36 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4851ce4c43151f1938167861a06b73c5c2a24900cc64d30381f16b34beb02a36 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d21e7cbd75310105e76fcdc0bbd0bdab\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \n \t\t $hex1= {2473313d2022434c5f} \n \t\t $hex2= {2473323d2022434c5f} \n \t\t $hex3= {2473333d202244495f} \n \t\t $hex4= {2473343d202244495f} \n \t\t $hex5= {2473353d2022454e5f} \n \t\t $hex6= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4851ce4c43151f1938167861a06b73c5c2a24900cc64d30381f16b34beb02a36 Group", "expiration": null, "is_active": 1 }, { "id": 3360593838, "indicator": "a4faccf3b8ed4699d792d848d07e6f3b47e35421", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA1 of d30f69a93e05ddb942c54cb8c98375f3\nSHA1 of d30f69a93e05ddb942c54cb8c98375f3", "expiration": null, "is_active": 1 }, { "id": 1386572223, "indicator": "399e19d2dc5e96531666a8cc3071115cf9b19ba1d1676294ee77bd2c75d25add", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Win32:Evo-gen\\ [Susp]", "description": "SHA256 of d30f69a93e05ddb942c54cb8c98375f3\nSHA256 of d30f69a93e05ddb942c54cb8c98375f3", "expiration": null, "is_active": 1 }, { "id": 3360593839, "indicator": "d69e8188869869c658f97d232ca81225a1cceb76", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_399e19d2dc5e96531666a8cc3071115cf9b19ba1d1676294ee77bd2c75d25add { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_399e19d2dc5e96531666a8cc3071115cf9b19ba1d1676294ee77bd2c75d25add Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d30f69a93e05ddb942c54cb8c98375f3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_399e19d2dc5e96531666a8cc3071115cf9b19ba1d1676294ee77bd2c75d25add Group", "expiration": null, "is_active": 1 }, { "id": 3360593840, "indicator": "455a1c4d85081261e05639014bfabd940c7fb9d8", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of 4d973baf5dee3ae1c65fb0c48dabd3c4", "expiration": null, "is_active": 1 }, { "id": 1386572799, "indicator": "c52f34dd30dfd7c232aa835733ecaecf6905fa7f401f90372fdc4db4e02b6ed3", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of 4d973baf5dee3ae1c65fb0c48dabd3c4", "expiration": null, "is_active": 1 }, { "id": 3360593841, "indicator": "baa1107818e3eb311c97cb71960e306e4f4ac166", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_c52f34dd30dfd7c232aa835733ecaecf6905fa7f401f90372fdc4db4e02b6ed3 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c52f34dd30dfd7c232aa835733ecaecf6905fa7f401f90372fdc4db4e02b6ed3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4d973baf5dee3ae1c65fb0c48dabd3c4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c52f34dd30dfd7c232aa835733ecaecf6905fa7f401f90372fdc4db4e02b6ed3 Group", "expiration": null, "is_active": 1 }, { "id": 3360593842, "indicator": "ce4abebfc733308eaf92789b3ecba8727258afa5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_f7908c6cc11ee31d3a491a5700c8b3bbc4f40e7579fe7615f9f273feea879574 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_f7908c6cc11ee31d3a491a5700c8b3bbc4f40e7579fe7615f9f273feea879574 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4ab0efbe6b707653d5dce072efd71420\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvuDG4C5EG/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_f7908c6cc11ee31d3a491a5700c8b3bbc4f40e7579fe7615f9f273feea879574 Group", "expiration": null, "is_active": 1 }, { "id": 3360593843, "indicator": "4e31a85577912269a8c94f1d86a04961aaca0785", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 1e727208babb46498fbfb78de5c9bd4e", "expiration": null, "is_active": 1 }, { "id": 1386572477, "indicator": "756d29c6d075b93d00eccf8a6d92749d1271a435af40dab969ce57374382ccb0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 1e727208babb46498fbfb78de5c9bd4e", "expiration": null, "is_active": 1 }, { "id": 3360593844, "indicator": "e183e494001add291b35f7f810a9a8ef93fa9c97", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_756d29c6d075b93d00eccf8a6d92749d1271a435af40dab969ce57374382ccb0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_756d29c6d075b93d00eccf8a6d92749d1271a435af40dab969ce57374382ccb0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1e727208babb46498fbfb78de5c9bd4e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ffuiffoifofiofjfoljflkflkflfklfklf\" fullword wide \n \t\t $s2= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s3= \"wiuyieieuieeeoeipeie.Resources\" fullword wide \n \t\t $s4= \"YIUIOWOUIOWIPWOPOWPWIOUWIOWUWI\" fullword wide \n \n \t\t $hex1= {2473313d2022666675} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022776975} \n \t\t $hex4= {2473343d2022594955} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_756d29c6d075b93d00eccf8a6d92749d1271a435af40dab969ce57374382ccb0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593845, "indicator": "8261403cd4d08b6a22a17f15048a25465e596396", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4dce5b84c18684f38cd13a52d675b1f6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc Group", "expiration": null, "is_active": 1 }, { "id": 3360593846, "indicator": "8754d2c0fdc28553bdee6e77dfd37e74c9304e7a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of a2f3940682dc120a0fb1119c1ed52767", "expiration": null, "is_active": 1 }, { "id": 1386572085, "indicator": "19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of a2f3940682dc120a0fb1119c1ed52767", "expiration": null, "is_active": 1 }, { "id": 3360593847, "indicator": "60d23d5b31b15d8374b5a5928e07bdbf645c6705", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-38-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a2f3940682dc120a0fb1119c1ed52767\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_19a981c49024e4bc5ec2496e53ac074ed3baf7bb24dde5421859b375ac1b8e2c Group", "expiration": null, "is_active": 1 }, { "id": 3360593848, "indicator": "aca8440bef0d1b53d7b7396f7cb6b44891d4e9ef", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of 7c1ff03d7f14a5eabd43873bb4971b5f", "expiration": null, "is_active": 1 }, { "id": 1386572882, "indicator": "d84feff4c109ae89c3712afd4454ec8a2e9171930cee71d665fd7bbe705b095e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of 7c1ff03d7f14a5eabd43873bb4971b5f", "expiration": null, "is_active": 1 }, { "id": 3360593849, "indicator": "6627fa1ec5ebc0f2fe66745124ca6833804da4e9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d84feff4c109ae89c3712afd4454ec8a2e9171930cee71d665fd7bbe705b095e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d84feff4c109ae89c3712afd4454ec8a2e9171930cee71d665fd7bbe705b095e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7c1ff03d7f14a5eabd43873bb4971b5f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \"RISVkwnfF4ZHITrDaR.W7MRRP4RJtXlOJvFeA\" fullword wide \n \t\t $s3= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s4= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \t\t $s5= \"WdQhmLTWtHDbRcmpOkwpMhYoiOLZ\" fullword wide \n \n \t\t $hex1= {2473313d2022476574} \n \t\t $hex2= {2473323d2022524953} \n \t\t $hex3= {2473333d2022537973} \n \t\t $hex4= {2473343d2022537973} \n \t\t $hex5= {2473353d2022576451} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d84feff4c109ae89c3712afd4454ec8a2e9171930cee71d665fd7bbe705b095e Group", "expiration": null, "is_active": 1 }, { "id": 3360593850, "indicator": "a73f4e52ffeea5331afe05845a19957ee34c06b0", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 96bd4b8114e4705fe3c92c77dd9f37c9\nSHA1 of 96bd4b8114e4705fe3c92c77dd9f37c9", "expiration": null, "is_active": 1 }, { "id": 1386572305, "indicator": "4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 96bd4b8114e4705fe3c92c77dd9f37c9\nSHA256 of 96bd4b8114e4705fe3c92c77dd9f37c9", "expiration": null, "is_active": 1 }, { "id": 3360593851, "indicator": "8cc915d8f84ecba00e89c6e8d02810f8ef05ca1f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"96bd4b8114e4705fe3c92c77dd9f37c9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s2= \"WinForms_SeeInnerException\" fullword wide \n \t\t $s3= \"wqrtqwrwqrtvgsadfa.Resources\" fullword wide \n \n \t\t $hex1= {2473313d202257696e} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d2022777172} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4f32a6f4b20635fc3e1e4c751275f1d0053a60d960ae6c769c49c84cdc5de808 Group", "expiration": null, "is_active": 1 }, { "id": 3360593852, "indicator": "c17fd9d4c1ec7d12829c62adcbea628d2fec66fd", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of da169ac734e74db63e543b69e8c772b8", "expiration": null, "is_active": 1 }, { "id": 1386572551, "indicator": "8a5c431904b4f7fbb565c9d1ca0faf03e1c847f3cba43eab5f9da47d7a8c897a", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of da169ac734e74db63e543b69e8c772b8", "expiration": null, "is_active": 1 }, { "id": 3360593853, "indicator": "9633976dc75c3eb8b3e839723af21445ce5545c4", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_8a5c431904b4f7fbb565c9d1ca0faf03e1c847f3cba43eab5f9da47d7a8c897a { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_8a5c431904b4f7fbb565c9d1ca0faf03e1c847f3cba43eab5f9da47d7a8c897a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"da169ac734e74db63e543b69e8c772b8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_8a5c431904b4f7fbb565c9d1ca0faf03e1c847f3cba43eab5f9da47d7a8c897a Group", "expiration": null, "is_active": 1 }, { "id": 3360593854, "indicator": "50cd5c4a6efeeac868c03880b0d1d672d66676bf", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_c51e54fd72c61d06b6952990db2025e8221fc4b0d26a3800b4101c7936803b3d { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c51e54fd72c61d06b6952990db2025e8221fc4b0d26a3800b4101c7936803b3d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3b2e584d484105e47701a19c339bbb5b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c51e54fd72c61d06b6952990db2025e8221fc4b0d26a3800b4101c7936803b3d Group", "expiration": null, "is_active": 1 }, { "id": 3360593855, "indicator": "8c6514747a9797f5b0af5ffaf7ed34419cac41fa", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_cadf2258eea6660cb234b885df194018c793f274264e40ef95b233eb0933600e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_cadf2258eea6660cb234b885df194018c793f274264e40ef95b233eb0933600e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"277ada55027e622cb40e0073f3bf1455\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s2= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s3= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s4= \"CopyToolStripMenuItem.Image\" fullword wide \n \t\t $s5= \"CutToolStripMenuItem.Image\" fullword wide \n \t\t $s6= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s7= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s8= \"NewToolStripMenuItem.Image\" fullword wide \n \t\t $s9= \"NewWindowToolStripMenuItem\" fullword wide \n \t\t $s10= \"OpenToolStripButton.Image\" fullword wide \n \t\t $s11= \"OpenToolStripMenuItem.Image\" fullword wide \n \t\t $s12= \"PasteToolStripMenuItem.Image\" fullword wide \n \t\t $s13= \"PrintPreviewToolStripButton\" fullword wide \n \t\t $s14= \"PrintPreviewToolStripButton.Image\" fullword wide \n \t\t $s15= \"PrintPreviewToolStripMenuItem\" fullword wide \n \t\t $s16= \"PrintPreviewToolStripMenuItem.Image\" fullword wide \n \t\t $s17= \"PrintSetupToolStripMenuItem\" fullword wide \n \t\t $s18= \"PrintToolStripButton.Image\" fullword wide \n \t\t $s19= \"PrintToolStripMenuItem.Image\" fullword wide \n \t\t $s20= \"RedoToolStripMenuItem.Image\" fullword wide \n \t\t $s21= \"SaveToolStripButton.Image\" fullword wide \n \t\t $s22= \"SaveToolStripMenuItem.Image\" fullword wide \n \t\t $s23= \"SearchToolStripMenuItem.Image\" fullword wide \n \t\t $s24= \"SelectAllToolStripMenuItem\" fullword wide \n \t\t $s25= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s26= \"StatusBarToolStripMenuItem\" fullword wide \n \t\t $s27= \"TileHorizontalToolStripMenuItem\" fullword wide \n \t\t $s28= \"TileVerticalToolStripMenuItem\" fullword wide \n \t\t $s29= \"UndoToolStripMenuItem.Image\" fullword wide \n \t\t $s30= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s31= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224f70} \n \t\t $hex2= {247331313d20224f70} \n \t\t $hex3= {247331323d20225061} \n \t\t $hex4= {247331333d20225072} \n \t\t $hex5= {247331343d20225072} \n \t\t $hex6= {247331353d20225072} \n \t\t $hex7= {247331363d20225072} \n \t\t $hex8= {247331373d20225072} \n \t\t $hex9= {247331383d20225072} \n \t\t $hex10= {247331393d20225072} \n \t\t $hex11= {2473313d2022417272} \n \t\t $hex12= {247332303d20225265} \n \t\t $hex13= {247332313d20225361} \n \t\t $hex14= {247332323d20225361} \n \t\t $hex15= {247332333d20225365} \n \t\t $hex16= {247332343d20225365} \n \t\t $hex17= {247332353d2022536f} \n \t\t $hex18= {247332363d20225374} \n \t\t $hex19= {247332373d20225469} \n \t\t $hex20= {247332383d20225469} \n \t\t $hex21= {247332393d2022556e} \n \t\t $hex22= {2473323d2022436c6f} \n \t\t $hex23= {247333303d20225769} \n \t\t $hex24= {247333313d20225769} \n \t\t $hex25= {2473333d2022436f6e} \n \t\t $hex26= {2473343d2022436f70} \n \t\t $hex27= {2473353d2022437574} \n \t\t $hex28= {2473363d202248656c} \n \t\t $hex29= {2473373d2022496e64} \n \t\t $hex30= {2473383d20224e6577} \n \t\t $hex31= {2473393d20224e6577} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_cadf2258eea6660cb234b885df194018c793f274264e40ef95b233eb0933600e Group", "expiration": null, "is_active": 1 }, { "id": 3360593856, "indicator": "15dac682da542ed1a901d1889d68d1ec22189b45", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of fdaedff7b4724d71d758d085257b5c9b", "expiration": null, "is_active": 1 }, { "id": 1386572912, "indicator": "ded809e1a4ffc3b73db4892e6a4ba77bb8332ffc01433489b2df988dedfd3086", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of fdaedff7b4724d71d758d085257b5c9b", "expiration": null, "is_active": 1 }, { "id": 3360593857, "indicator": "f6a68a7411073f7fa87798ad70f4b2cd6de40ed0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_ded809e1a4ffc3b73db4892e6a4ba77bb8332ffc01433489b2df988dedfd3086 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ded809e1a4ffc3b73db4892e6a4ba77bb8332ffc01433489b2df988dedfd3086 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fdaedff7b4724d71d758d085257b5c9b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"*AC:UsersPOSITIVODesktop100%fudProject1.vbp\" fullword wide \n \t\t $s2= \"'and tblSection.SchoolYear='\" fullword wide \n \t\t $s3= \"egMSmukPKLJOzGNFEUKMEeGljR\" fullword wide \n \t\t $s4= \"KPdaIVvvQfsnSrIjITNgPmVhnjuLai\" fullword wide \n \t\t $s5= \"NbaquwoNdUFnJmrEBkxQQyHTv\" fullword wide \n \t\t $s6= \"SELECT tblSchoolYear.SchoolYear\" fullword wide \n \t\t $s7= \"uZQEtNEvICBppQZlNhkCOCAuMJ\" fullword wide \n \n \t\t $hex1= {2473313d20222a4143} \n \t\t $hex2= {2473323d202227616e} \n \t\t $hex3= {2473333d202265674d} \n \t\t $hex4= {2473343d20224b5064} \n \t\t $hex5= {2473353d20224e6261} \n \t\t $hex6= {2473363d202253454c} \n \t\t $hex7= {2473373d2022755a51} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ded809e1a4ffc3b73db4892e6a4ba77bb8332ffc01433489b2df988dedfd3086 Group", "expiration": null, "is_active": 1 }, { "id": 3360593908, "indicator": "de153fc780cc4fa286e1aa842a15e53644d8bd01", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_5ce17a2507528630348f999bd97c37f25c110e148689bd92dc58b8f6790b2c78 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_5ce17a2507528630348f999bd97c37f25c110e148689bd92dc58b8f6790b2c78 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1ab0e5e724ed825791af685cef1bba4a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"0QElQFoNxdQ6phoOqegTKDBfDY5XiS9Was\" fullword wide \n \t\t $s2= \"b1K83O3KWVJaDmaffyyi3hYcTLSVgHkqStbk\" fullword wide \n \t\t $s3= \"CE1CBrw4aTOhnbTBkiZFkk8YvQCGELk8l\" fullword wide \n \t\t $s4= \"EEfP7wfmrmfK7GiOMywStMEvVQw\" fullword wide \n \t\t $s5= \"EHNgOXAYtEvWKXuq9nQ2hYjGxB\" fullword wide \n \t\t $s6= \"fQbfGbdOq5CFPnlVY137qfPvtC\" fullword wide \n \t\t $s7= \"ibPzHQiZsyDTHmIts16jQaWK4mdVMIGloXi\" fullword wide \n \t\t $s8= \"jrxhfizbwZ291oexin9CtsF4TIug5hnTQCRSdS\" fullword wide \n \t\t $s9= \"K4sXy8GWlgDnCXXLr4qwfDgHJ\" fullword wide \n \t\t $s10= \"kwzr2EX3XI22MvaWQRx0eOYkGpon\" fullword wide \n \t\t $s11= \"mUiRh07QORKDNUZTPHTSPTayMJWrFXuM40D7A2\" fullword wide \n \t\t $s12= \"MW5JaGEQvZfGG3jDGlUllGxbd1qOLcU\" fullword wide \n \t\t $s13= \"OdAbbsrMUPpKuM1CDoaWt1RbFJHY63TWTFTiw6\" fullword wide \n \t\t $s14= \"pzX24NJFpm3rnaADh5s1vTTimvk\" fullword wide \n \t\t $s15= \"REWDJ3RD5yvBhF6rM4JnvnMMBZZTXLM\" fullword wide \n \t\t $s16= \"rlKQlVJfUlab5JDbBpD43nzol\" fullword wide \n \t\t $s17= \"Vc0cimHdPiavacgj0vv5VUkMpkGmZyjxmXz\" fullword wide \n \t\t $s18= \"wjrWlAISF0KMsBDQzxTUz6YPNN0vgLKjQdP1c\" fullword wide \n \t\t $s19= \"yvbHEaSvyzILjhilNU9otviOIxkwucVuyT\" fullword wide \n \t\t $s20= \"ztLjRrt4LftYXYdkZtVj7IXQgvLkNm\" fullword wide \n \n \t\t $hex1= {247331303d20226b77} \n \t\t $hex2= {247331313d20226d55} \n \t\t $hex3= {247331323d20224d57} \n \t\t $hex4= {247331333d20224f64} \n \t\t $hex5= {247331343d2022707a} \n \t\t $hex6= {247331353d20225245} \n \t\t $hex7= {247331363d2022726c} \n \t\t $hex8= {247331373d20225663} \n \t\t $hex9= {247331383d2022776a} \n \t\t $hex10= {247331393d20227976} \n \t\t $hex11= {2473313d2022305145} \n \t\t $hex12= {247332303d20227a74} \n \t\t $hex13= {2473323d202262314b} \n \t\t $hex14= {2473333d2022434531} \n \t\t $hex15= {2473343d2022454566} \n \t\t $hex16= {2473353d202245484e} \n \t\t $hex17= {2473363d2022665162} \n \t\t $hex18= {2473373d2022696250} \n \t\t $hex19= {2473383d20226a7278} \n \t\t $hex20= {2473393d20224b3473} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_5ce17a2507528630348f999bd97c37f25c110e148689bd92dc58b8f6790b2c78 Group", "expiration": null, "is_active": 1 }, { "id": 3360593909, "indicator": "757deb36d6277c1200ea89e38908dbdf8b6f6443", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"658fd93fd4e8aaf0510bee2c1af6c777\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 Group", "expiration": null, "is_active": 1 }, { "id": 3360593910, "indicator": "3c1ce6812eb7684de5da7a0841092418e1459ab2", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 7dc7dacb6f25d53aa2decaffea34756d\nSHA1 of 7dc7dacb6f25d53aa2decaffea34756d", "expiration": null, "is_active": 1 }, { "id": 1386399286, "indicator": "4e4967e3d39256049bc1054b966e5c609245fd3b2a934fda5cd1885526d8221e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 7dc7dacb6f25d53aa2decaffea34756d\nSHA256 of 7dc7dacb6f25d53aa2decaffea34756d", "expiration": null, "is_active": 1 }, { "id": 3360593911, "indicator": "a3e250403c609c995dea8733b366ab69f0f39a4f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4e4967e3d39256049bc1054b966e5c609245fd3b2a934fda5cd1885526d8221e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4e4967e3d39256049bc1054b966e5c609245fd3b2a934fda5cd1885526d8221e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7dc7dacb6f25d53aa2decaffea34756d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6I+goB2+eSpB5reQLT8LcKIPFTL7D6b/\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d202236492b} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4e4967e3d39256049bc1054b966e5c609245fd3b2a934fda5cd1885526d8221e Group", "expiration": null, "is_active": 1 }, { "id": 3360593912, "indicator": "30d6f4222b22aa193f37f893291d360a346debae", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_5863913433ca1a0aff0ceb63ab3ba5ca4982659bca1b0b8af45a1f5be088d121 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_5863913433ca1a0aff0ceb63ab3ba5ca4982659bca1b0b8af45a1f5be088d121 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-37-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"15fbf5c441a3a705ec430d6a1519cf8b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"1HEPY4Ar0CQVYfOPayHZPInC5vCd\" fullword wide \n \t\t $s2= \"99kaAcHo7zVANExppttLIwpAMNDreocV7d3\" fullword wide \n \t\t $s3= \"Ae7VitKNMOzoqb5Y3tCvsbfGESyKM\" fullword wide \n \t\t $s4= \"Cq2CPqZUVtcc6BQHXwJLSoSFr\" fullword wide \n \t\t $s5= \"DxQcHiBMxV7Qhk4htFwDNwoTiz\" fullword wide \n \t\t $s6= \"IjJh4ZXdeuico0T37824rv6wo\" fullword wide \n \t\t $s7= \"kKjnGCBK2NNvHQmQfNhlqHcDvz35bQBWM\" fullword wide \n \t\t $s8= \"mIpDoGCAS4yhv1VlrKQUhgNZVzgFmAA4atX\" fullword wide \n \t\t $s9= \"n5HQdeTXZz486QqM3dwdnsmt7Q\" fullword wide \n \t\t $s10= \"NEHDngLlRh0Ip0AXCyOm30gKsFCp\" fullword wide \n \t\t $s11= \"nZBch7GuT730ftPn2CJH7PJakfMyyU\" fullword wide \n \t\t $s12= \"qNXpFRDc4qzNhUYTpx0PiMZzyr\" fullword wide \n \t\t $s13= \"ssyGMAo9wRHQKEKnKs3AkfAQWlWZS\" fullword wide \n \t\t $s14= \"System.Reflection.MethodInfo\" fullword wide \n \t\t $s15= \"System.Reflection.PropertInfo\" fullword wide \n \t\t $s16= \"System.Text.StringBuilder\" fullword wide \n \t\t $s17= \"TjfzAO2g15xcPOFxgQmuFScFeP1\" fullword wide \n \t\t $s18= \"yWqbUk5pdifJmCNQlqUckrdbwYY34ArwKq5m4\" fullword wide \n \n \t\t $hex1= {247331303d20224e45} \n \t\t $hex2= {247331313d20226e5a} \n \t\t $hex3= {247331323d2022714e} \n \t\t $hex4= {247331333d20227373} \n \t\t $hex5= {247331343d20225379} \n \t\t $hex6= {247331353d20225379} \n \t\t $hex7= {247331363d20225379} \n \t\t $hex8= {247331373d2022546a} \n \t\t $hex9= {247331383d20227957} \n \t\t $hex10= {2473313d2022314845} \n \t\t $hex11= {2473323d202239396b} \n \t\t $hex12= {2473333d2022416537} \n \t\t $hex13= {2473343d2022437132} \n \t\t $hex14= {2473353d2022447851} \n \t\t $hex15= {2473363d2022496a4a} \n \t\t $hex16= {2473373d20226b4b6a} \n \t\t $hex17= {2473383d20226d4970} \n \t\t $hex18= {2473393d20226e3548} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_5863913433ca1a0aff0ceb63ab3ba5ca4982659bca1b0b8af45a1f5be088d121 Group", "expiration": null, "is_active": 1 }, { "id": 3360593913, "indicator": "42f0946a69a67632a84a1088b5e3bcfe8654b547", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_deebe21fd39ec206f1d3507370cee1c52fb60f98dc0557af839bf835e3ad2104 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_deebe21fd39ec206f1d3507370cee1c52fb60f98dc0557af839bf835e3ad2104 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3744ffc1f6219702ac75d05265b4c092\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AccountsToolStripMenuItem\" fullword wide \n \t\t $s2= \"'and type='Administrator'\" fullword wide \n \t\t $s3= \"CertificateToolStripMenuItem\" fullword wide \n \t\t $s4= \"CrimeRateToolStripMenuItem\" fullword wide \n \t\t $s5= \"DeveloperToolStripMenuItem\" fullword wide \n \t\t $s6= \"FertilityRateToolStripMenuItem\" fullword wide \n \t\t $s7= \"MortalityRateToolStripMenuItem\" fullword wide \n \t\t $s8= \"PopulationToolStripMenuItem\" fullword wide \n \t\t $s9= \"RegisterToolStripMenuItem\" fullword wide \n \t\t $s10= \"ResidentsToolStripMenuItem\" fullword wide \n \t\t $s11= \"SettingsToolStripMenuItem\" fullword wide \n \t\t $s12= \"StatisticsToolStripMenuItem\" fullword wide \n \t\t $s13= \"TransactionsToolStripMenuItem\" fullword wide \n \t\t $s14= \"TransactionToolStripMenuItem\" fullword wide \n \t\t $s15= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s16= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20225265} \n \t\t $hex2= {247331313d20225365} \n \t\t $hex3= {247331323d20225374} \n \t\t $hex4= {247331333d20225472} \n \t\t $hex5= {247331343d20225472} \n \t\t $hex6= {247331353d20225769} \n \t\t $hex7= {247331363d20225769} \n \t\t $hex8= {2473313d2022416363} \n \t\t $hex9= {2473323d202227616e} \n \t\t $hex10= {2473333d2022436572} \n \t\t $hex11= {2473343d2022437269} \n \t\t $hex12= {2473353d2022446576} \n \t\t $hex13= {2473363d2022466572} \n \t\t $hex14= {2473373d20224d6f72} \n \t\t $hex15= {2473383d2022506f70} \n \t\t $hex16= {2473393d2022526567} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_deebe21fd39ec206f1d3507370cee1c52fb60f98dc0557af839bf835e3ad2104 Group", "expiration": null, "is_active": 1 }, { "id": 1241141527, "indicator": "5c6e6bef79ae2190f40a7408ef5a29134da94934", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "PWS:Win32/Primarypass.A", "description": "SHA1 of ea60262c0e1534f3e65873fc9afa17be", "expiration": null, "is_active": 1 }, { "id": 1241142527, "indicator": "bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "PWS:Win32/Primarypass.A", "description": "SHA256 of ea60262c0e1534f3e65873fc9afa17be", "expiration": null, "is_active": 1 }, { "id": 3360593914, "indicator": "714f64c54a94a9722ce245cbdda4370e39633505", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ea60262c0e1534f3e65873fc9afa17be\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"VEZBUCNRNORIVZRVVBRZIUOBEBBTIZMMCIVUOXU\" fullword wide \n \t\t $s2= \"VNOIOUZMBNIBXCVEBUNBRICBXNNOUCIXIZBCC\" fullword wide \n \t\t $a1= \"WJ*rWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iXI,hVJ+SL3\" fullword ascii \n \t\t $a2= \"WK(RYJ-gWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWK,iWJ*rP0\" fullword ascii \n \n \t\t $hex1= {2461313d2022574a2a} \n \t\t $hex2= {2461323d2022574b28} \n \t\t $hex3= {2473313d202256455a} \n \t\t $hex4= {2473323d2022564e4f} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af Group", "expiration": null, "is_active": 1 }, { "id": 3360593915, "indicator": "f5ee8fe0a8d8b76a3b292b357dee72a5aa020512", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA1 of 4c6c732207f5c124e4a89497a51b3f50", "expiration": null, "is_active": 1 }, { "id": 1386572449, "indicator": "6d3c9ec1da606b3a6f67a4db37651643c5201f54a70d49c53f616b3ef1446384", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA256 of 4c6c732207f5c124e4a89497a51b3f50", "expiration": null, "is_active": 1 }, { "id": 3360593916, "indicator": "8c24792a7a957f1934ea7d3b3d0aa955de6064b3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_6d3c9ec1da606b3a6f67a4db37651643c5201f54a70d49c53f616b3ef1446384 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_6d3c9ec1da606b3a6f67a4db37651643c5201f54a70d49c53f616b3ef1446384 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4c6c732207f5c124e4a89497a51b3f50\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \n \t\t $hex1= {2473313d2022434c5f} \n \t\t $hex2= {2473323d2022434c5f} \n \t\t $hex3= {2473333d202244495f} \n \t\t $hex4= {2473343d202244495f} \n \t\t $hex5= {2473353d2022454e5f} \n \t\t $hex6= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_6d3c9ec1da606b3a6f67a4db37651643c5201f54a70d49c53f616b3ef1446384 Group", "expiration": null, "is_active": 1 }, { "id": 3360593917, "indicator": "5daf526c79495b10ccc641b6d3508906292f4721", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA1 of c2ad1abe377511fa9dec2f1e396ca128", "expiration": null, "is_active": 1 }, { "id": 1386572490, "indicator": "78f852dcf4fbad6fc5ff53c03b4de2964a6a7dea4e476ac6b1d1cfd31251a6d8", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA256 of c2ad1abe377511fa9dec2f1e396ca128", "expiration": null, "is_active": 1 }, { "id": 3360593918, "indicator": "8c72ff7db5847ef7733516cbdb50ad4af271f5ad", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_78f852dcf4fbad6fc5ff53c03b4de2964a6a7dea4e476ac6b1d1cfd31251a6d8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_78f852dcf4fbad6fc5ff53c03b4de2964a6a7dea4e476ac6b1d1cfd31251a6d8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c2ad1abe377511fa9dec2f1e396ca128\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AAPrgHYEMFdDCpWGUtIWsIHDl\" fullword wide \n \t\t $s2= \"aCIBLXsgNruzYrhncLHDMirIh\" fullword wide \n \t\t $s3= \"AEEBjVUOumfogzufDNtHqWtXc\" fullword wide \n \t\t $s4= \"AHVyMJXPsGGQrkWXhPtjxSLGagR\" fullword wide \n \t\t $s5= \"AieDnpYhzEzYLbQREgyprPwEU\" fullword wide \n \t\t $s6= \"aiHAeArIxAoKgxAgbPkWVNwnN\" fullword wide \n \t\t $s7= \"apOfydsMSEfxRKdxzHBXrJlPI\" fullword wide \n \t\t $s8= \"AqkGEAbRkxhVEFQXHoljLOrvCog\" fullword wide \n \t\t $s9= \"aSPOmdpQQNVzEiMubLYlYfOPZ\" fullword wide \n \t\t $s10= \"AsPxKeAFsyspIqVbQsnGxgSNzpgNisgON\" fullword wide \n \t\t $s11= \"axjSfDCzzVOkqnQRjvIQIKmFJFg\" fullword wide \n \t\t $s12= \"AZBwDuMqshvdsiiqyTIovVcbx\" fullword wide \n \t\t $s13= \"AzVIvmyLdVIfPzaJKpCizpfyn\" fullword wide \n \t\t $s14= \"bCgaFZttCtQRsYaOerczEosrM\" fullword wide \n \t\t $s15= \"BCHtonseMXLYZBBqPglpwWvUkZt\" fullword wide \n \t\t $s16= \"BCKyMpeXgsICKNBhDDEEmRXeHqm\" fullword wide \n \t\t $s17= \"BDHOYeMrgpJZNPanDlarKFcyn\" fullword wide \n \t\t $s18= \"BfLxCkZynHhfGfmyEwpEWqbcJ\" fullword wide \n \t\t $s19= \"bhrqImvGhLHxIQREIsRvTfsub\" fullword wide \n \t\t $s20= \"BhtNaWJvCnwsTzFgeDckyMZvL\" fullword wide \n \t\t $s21= \"bIIsHKxJzeQbGVuwLqKxlWvJo\" fullword wide \n \t\t $s22= \"bJcYOBGNemvnsgHIwoTJFpkFhcvYDfearK\" fullword wide \n \t\t $s23= \"BkOSrdtuCUkfjLNeCsNbPVHZd\" fullword wide \n \t\t $s24= \"bliHHkEBJpnpENCHplzScGDUE\" fullword wide \n \t\t $s25= \"BLkxhqnHosmgYFbzuZijhACmFSv\" fullword wide \n \t\t $s26= \"brvoHeohEXHRznsQTMtmsJsRJwO\" fullword wide \n \t\t $s27= \"BSemvngaiEsLQnAFGBTfybPwYsE\" fullword wide \n \t\t $s28= \"bsTRGHeXPyVTlCfQMAmrNwnwYUvKesqDl\" fullword wide \n \t\t $s29= \"bvmSlXKDrtSBNyQEyywmlGaMbxc\" fullword wide \n \t\t $s30= \"bWBEwJWekPncelgjhJbdUDFCY\" fullword wide \n \t\t $s31= \"CdgOrwAqAhkmLrmmnKVPQtLxp\" fullword wide \n \t\t $s32= \"CDJcylSBSeXZoaLQaFuEQYaVU\" fullword wide \n \t\t $s33= \"CfAhIShlhcQWYsGKUfSbIjIOyVl\" fullword wide \n \t\t $s34= \"cFnlGltNHvQLGZWoNELAneNOu\" fullword wide \n \t\t $s35= \"cigIRuQpryQEGObFEgXiXsuCK\" fullword wide \n \t\t $s36= \"CraQKqzaOEtEaREEzbPoszlbD\" fullword wide \n \t\t $s37= \"CrhNctSVWlcgTunLPAbXAjisjtk\" fullword wide \n \t\t $s38= \"CTPNLStRJOuIOvQCDEiLIZyWe\" fullword wide \n \t\t $s39= \"CuXxBhnCuDPkYdqhDTpFvSJDt\" fullword wide \n \t\t $s40= \"C:WindowsMicrosoft.NETFrameworkv2.0.50727\" fullword wide \n \t\t $s41= \"cWnWPgAEebhTradAfdwgaUiNk\" fullword wide \n \t\t $s42= \"CXWGZAMXSsirTpRlKTsNbqGJKjFNrLarud\" fullword wide \n \t\t $s43= \"CZTuCpAamDphtizPhDheBjhsVQl\" fullword wide \n \t\t $s44= \"DBNokxoueKONwyZslswpXxaJmIF\" fullword wide \n \t\t $s45= \"dDulVuebRiJgkdVitXOCGaJuYAa\" fullword wide \n \t\t $s46= \"dFnhbRqwThSayQlJtIJdqOYTWbO\" fullword wide \n \t\t $s47= \"DkTDBzBZicxNRBXJkexbNdMcPax\" fullword wide \n \t\t $s48= \"dmEOgOZqJXVlYQjtMoAMYebGY\" fullword wide \n \t\t $s49= \"DOUDQzFmVnfOHvUdSdMLrAfCC\" fullword wide \n \t\t $s50= \"DQoCXqUOVSpCxICIRxUGulZdEOG\" fullword wide \n \t\t $s51= \"duCYMzvwNghhsFcqIbogIawkcXD\" fullword wide \n \t\t $s52= \"dUnQZmPZwmYkociKBTVZoDvrmWI\" fullword wide \n \t\t $s53= \"DvkQeiQaRHWnwcWzXoxTPuIRGJd\" fullword wide \n \t\t $s54= \"dWVtsIETBkcTIQnziXKZrkmPQLPmDHaW\" fullword wide \n \t\t $s55= \"dWWPxszscYdcIWrlEQZjtiKqUIi\" fullword wide \n \t\t $s56= \"DXAdmLVhuIDWUEqzexPrFOpRG\" fullword wide \n \t\t $s57= \"DXgVSEJZyGqwRwaVABCbPYHNUdx\" fullword wide \n \t\t $s58= \"dZjAQfcEOPYKLcigZlHRMUXMcP\" fullword wide \n \t\t $s59= \"eEKheuCYEvKAnWOnQfxYflClw\" fullword wide \n \t\t $s60= \"EGryjVfYQOtwcKHWLzPliehfqzK\" fullword wide \n \t\t $s61= \"EhUFcddgugMCIqKdmhLOaBsjJMc\" fullword wide \n \t\t $s62= \"EIHiiBUHPHWCIfTQQKMEjucSQkf\" fullword wide \n \t\t $s63= \"EMOQpcVNYIyBgTqXgYyglEBDd\" fullword wide \n \t\t $s64= \"enKepKqeQyawnmbjcBGVYzhQESardiJz\" fullword wide \n \t\t $s65= \"eNpUnXLHhVvVOAqrfczzGdVigwi\" fullword wide \n \t\t $s66= \"EQWvegfFIFHvQpVJGSijzhumaJr\" fullword wide \n \t\t $s67= \"ESmNcELqOJeBcHKnpysWBaIbykR\" fullword wide \n \t\t $s68= \"euyuRXyFCxxvskmvzpvSOnTgV\" fullword wide \n \t\t $s69= \"evHIPumCVwSzLnNAYnGYXYtFc\" fullword wide \n \t\t $s70= \"eWiFilIfUoMdZOYovrpMmGDHNUZo\" fullword wide \n \t\t $s71= \"exVEXOhTvEvMgAIvNbdwCZbathM\" fullword wide \n \t\t $s72= \"fdltuUBBaXVICjGYSwhngeFXsmMTtX\" fullword wide \n \t\t $s73= \"FEhlOIrmcHGXePoiqvsVCGnwmpQ\" fullword wide \n \t\t $s74= \"feNYfaUnnhiEDJhHARngDtSVq\" fullword wide \n \t\t $s75= \"fguWqGoaipAmicqFEyOwKWIQpfY\" fullword wide \n \t\t $s76= \"fHvExoUXYINPwreVcbyKILtiiNN\" fullword wide \n \t\t $s77= \"fpQfUxPhbXMbgGcdrgzsHfSkPuYTbrO\" fullword wide \n \t\t $s78= \"ftWzwjgyPhHstItbAblZvvNqF\" fullword wide \n \t\t $s79= \"FuFSkoAUUtjqSqKNbuoVBwwjPjY\" fullword wide \n \t\t $s80= \"FUIipYaphInIQXwadaTMlRlhPUV\" fullword wide \n \t\t $s81= \"fxLtuBYqzTbpyhMLctLroxlBKVE\" fullword wide \n \t\t $s82= \"FYSWanPZITfIqqzijUZFnyylbfR\" fullword wide \n \t\t $s83= \"FyYBSyxYIXOzyTAmwJvaBtRDr\" fullword wide \n \t\t $s84= \"GaCwIpXvviuFGadiDnpWjIwBh\" fullword wide \n \t\t $s85= \"GEWTtEbdvVNMjFhooXCruOcKKiC\" fullword wide \n \t\t $s86= \"GJfazAiLDYwDMIBVowPnwEKec\" fullword wide \n \t\t $s87= \"GlVqpigHncnPAEotUsFgQzmiHV\" fullword wide \n \t\t $s88= \"GOlzbaVnVtenFWBiZtMpsGYmg\" fullword wide \n \t\t $s89= \"GpNfjzbvHKavQvieFHYaMOLIYtM\" fullword wide \n \t\t $s90= \"grBZQcOKINFKOlaLRrZZmyRaAVF\" fullword wide \n \t\t $s91= \"GrUbGPeFjnVDMfjJmeulpuBxG\" fullword wide \n \t\t $s92= \"gRuGMVpklURTLfAhxwONytEkcEv\" fullword wide \n \t\t $s93= \"GTyaRRagzXTtWscRtNlrDtvbu\" fullword wide \n \t\t $s94= \"GUghowSesqjotPujdjLHaZCeHoG\" fullword wide \n \t\t $s95= \"gVBTFRjkwmhZmePtBblwtWgLq\" fullword wide \n \t\t $s96= \"gVsTllOBPkElEojmusCLCvUHNlj\" fullword wide \n \t\t $s97= \"gwDHigrhjPJxBtLYwGERtvEMJnX\" fullword wide \n \t\t $s98= \"GwmbGsVFRIraZhWZtRuJuzROEQE\" fullword wide \n \t\t $s99= \"GxbdwVYlFHVUadHQBBBWIGQiHLb\" fullword wide \n \t\t $s100= \"gYjYuCtqMJoBLagIWueCNZuVLId\" fullword wide \n \t\t $s101= \"hCsoaQYmfNjWwGJlEeCTVCuGrUu\" fullword wide \n \t\t $s102= \"HgyQLMQZoksSIMiETMfRVPnkI\" fullword wide \n \t\t $s103= \"HlJLeYdLQIhugPKLcYgtaCkYWoH\" fullword wide \n \t\t $s104= \"HLVLOunPUVAZkucymsRZFhbuq\" fullword wide \n \t\t $s105= \"HmHqRQOWakZDVppCdYYeLtWrWAX\" fullword wide \n \t\t $s106= \"hpKmmUTxOnzksqFWIJpBhQvZvLV\" fullword wide \n \t\t $s107= \"HQdjkmLGSWLHmnkRrsSmFplkE\" fullword wide \n \t\t $s108= \"HqGxDDkWCVrSmRUShQuCPHmNTuR\" fullword wide \n \t\t $s109= \"HRraeHTcSLpmcfDSnPeSGPQMUil\" fullword wide \n \t\t $s110= \"HSdnMlacmlJJhvxwOJTBbMhKXJt\" fullword wide \n \t\t $s111= \"http://myfiles123.su/1//v/hkW5GDQ\" fullword wide \n \t\t $s112= \"hViMpZfAimCOCUZUiaYlzfWGj\" fullword wide \n \t\t $s113= \"HyLMLsnkbHaREYYxSWwTraChF\" fullword wide \n \t\t $s114= \"hymctjJygyEGzfdMNJymhYjBI\" fullword wide \n \t\t $s115= \"hYvcQEBspUNlXODXLSgkaCSvIOp\" fullword wide \n \t\t $s116= \"hZnwHDfodCKaBESnZIzRRVznH\" fullword wide \n \t\t $s117= \"iCXldpKGGxrAeBTfQILnyfpwOgV\" fullword wide \n \t\t $s118= \"IDtFxovtRWbjRlQffPwFLIpAQar\" fullword wide \n \t\t $s119= \"IDvvcWptmBOtNnCYYscaibfYRvA\" fullword wide \n \t\t $s120= \"IEKkPYncCmDabtjCLLfQGFzqQ\" fullword wide \n \t\t $s121= \"imAftvHPUAMgYLvWcJVDyTKbmtD\" fullword wide \n \t\t $s122= \"InKsiivVukYOngnzOmhPRoidR\" fullword wide \n \t\t $s123= \"INpJXlUTSdDAaGYMjBxgVhchEFV\" fullword wide \n \t\t $s124= \"IOBMXKrGSWUCmLjWPzMAAqqZSMgaDhOCji\" fullword wide \n \t\t $s125= \"iphhSSVZriWvmRnsUZgcyYhzs\" fullword wide \n \t\t $s126= \"IpIXwbbtakIyQkoatRDpIktKvcC\" fullword wide \n \t\t $s127= \"IqbcirEpQopXmDCNbXJpiJdvysKDoiOx\" fullword wide \n \t\t $s128= \"iqIgBqAxgggzqvvHJKHbdfJtf\" fullword wide \n \t\t $s129= \"iqlxApPHHHoESkQmARdxkjDRM\" fullword wide \n \t\t $s130= \"islSyEeWgHrARJHSmzcTsUBxTGyjFPjlkT\" fullword wide \n \t\t $s131= \"isnyIswFAsrVuBOngjqmEnIeQ\" fullword wide \n \t\t $s132= \"ItRzeMdhMMkOjNiypmohlFypRDF\" fullword wide \n \t\t $s133= \"IVcOmWgHlqJfOOWNlVvbxiYwybV\" fullword wide \n \t\t $s134= \"IvDhneZTMwIMtqBfcuwvVESrXec\" fullword wide \n \t\t $s135= \"iwaPsUCuHcbpdHyhsYULTkxND\" fullword wide \n \t\t $s136= \"iZsIKyPVsKLqmkfERTiWcTraPfE\" fullword wide \n \t\t $s137= \"jbjfmYUxrNmZGxOJwxKcjcmoL\" fullword wide \n \t\t $s138= \"jBytfRhHQpQsxBSDJFyFKFqpJJy\" fullword wide \n \t\t $s139= \"JcfbTtfAzUCndHhYzZtuzIoZiJO\" fullword wide \n \t\t $s140= \"JedUXlEoIDeTGSjdjnrMmPlbQ\" fullword wide \n \t\t $s141= \"JFVyKQuCrWaDnOSfrwmYBukYbtV\" fullword wide \n \t\t $s142= \"JgFOsFsVedWtRFVNXmmntjUrUiCv\" fullword wide \n \t\t $s143= \"jgNRKuDdPVDXrmVmLboYYnSRXDa\" fullword wide \n \t\t $s144= \"jJigZVrWoyJvtynfZGkFZhTph\" fullword wide \n \t\t $s145= \"JkhIBLqmoUrzamNQCSdtKovnVBK\" fullword wide \n \t\t $s146= \"jOkBMqcVuNwSfgItZtWHLzqHfXWtGkfOO\" fullword wide \n \t\t $s147= \"jPsMkWoYaIlqrdbAopZOeNHREJh\" fullword wide \n \t\t $s148= \"jqggVrapwmLFFXNshQqvJpQdDZK\" fullword wide \n \t\t $s149= \"jQvoRtUuwidZRzccFeAFjCdwfwkcpvksw\" fullword wide \n \t\t $s150= \"JRnQKrjLFDTiUAMoJdwSzzMCy\" fullword wide \n \t\t $s151= \"JSgFsCAzJGtVtNUjUDBozxkht\" fullword wide \n \t\t $s152= \"JtykYhcCsGaAmULmUchBsEcwR\" fullword wide \n \t\t $s153= \"JZnXSVvbrLHqSqSZnPGNQGjLD\" fullword wide \n \t\t $s154= \"kASQBwvidVVTUKCxJsBvtGIEvKg\" fullword wide \n \t\t $s155= \"kDsSSCSHZDCVflqWHNcVzygSh\" fullword wide \n \t\t $s156= \"KeJWNsaQEgyZNrljkSbGPDwNN\" fullword wide \n \t\t $s157= \"KErHYOWFHiuAQYcwPavfEABdQ\" fullword wide \n \t\t $s158= \"KGSgLnQRJlAnnGQivncGyDpJr\" fullword wide \n \t\t $s159= \"kGXrOtldjFnbqtwFCqWbJJASA\" fullword wide \n \t\t $s160= \"KIzDQnPPKXjAmaSNKPpQlAHgtFU\" fullword wide \n \t\t $s161= \"KmIMdZxVpUfmjEySUlRoylBXq\" fullword wide \n \t\t $s162= \"KnsXjTStEIHVPa", "title": "", "description": "APTMalware_Gorgon_Group_78f852dcf4fbad6fc5ff53c03b4de2964a6a7dea4e476ac6b1d1cfd31251a6d8 Group", "expiration": null, "is_active": 1 }, { "id": 2929300042, "indicator": "76a163714b380816a0ded2a3f7aded0fab1df880", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "AgentTesla", "description": "SHA1 of bb38a5783fce031e7902544b3a0ea4b3\nSHA1 of bb38a5783fce031e7902544b3a0ea4b3", "expiration": null, "is_active": 1 }, { "id": 1386572252, "indicator": "4132bc952ca85e685b01b42e0b3c78f6301fa0c6bf4f68e943faf61c914d0314", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "AgentTesla", "description": "SHA256 of bb38a5783fce031e7902544b3a0ea4b3\nSHA256 of bb38a5783fce031e7902544b3a0ea4b3", "expiration": null, "is_active": 1 }, { "id": 3360593940, "indicator": "0144f6515b2a5e1401dc28d4b934883afc0ef7ad", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4132bc952ca85e685b01b42e0b3c78f6301fa0c6bf4f68e943faf61c914d0314 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4132bc952ca85e685b01b42e0b3c78f6301fa0c6bf4f68e943faf61c914d0314 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bb38a5783fce031e7902544b3a0ea4b3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5pzZgrH355snScLnNsQFMhwxswIrafhQle4CKgBv7IU=\" fullword wide \n \t\t $s2= \"7WhqsxFkmNztJfjbfu1/b98cBjyPzObeNS9/cGt2nJPCf65W31ZXQRHAsrFRUKmR\" fullword wide \n \t\t $s3= \"7WhqsxFkmNztJfjbfu1/bwC0RhdeXnofyEUtLvOjOIytifM059GXAItq84keysP9\" fullword wide \n \t\t $s4= \"858ZJ8kYcMHANAFzPuFgcQXuQbAWK+sSctOPlwsK+jM=\" fullword wide \n \t\t $s5= \"8GmaAgylkPoVR8BAN/egjHjLr2Cr/0Lw1P1DexWpnVM=\" fullword wide \n \t\t $s6= \"bCYODUbmaK6pHNkzHVJVYkuPCbsbMNeZbQ+RMWL1lBpPhjBKR4pU+WQFxchEoIVN\" fullword wide \n \t\t $s7= \"B+N/RQFkGu2YO6MxH/dV7W3joeUpSuYzPENokMgVJhw=\" fullword wide \n \t\t $s8= \"br>IP Address  :\" fullword wide \n \t\t $s9= \"br>OS Full Name  : \" fullword wide \n \t\t $s10= \"br>OS Platform   : \" fullword wide \n \t\t $s11= \"br>OS Version    : \" fullword wide \n \t\t $s12= \"br>PC Name       : \" fullword wide \n \t\t $s13= \"br>UserName      : \" fullword wide \n \t\t $s14= \"br>VideocardMem  : \" fullword wide \n \t\t $s15= \"br>VideocardName : \" fullword wide \n \t\t $s16= \"C54jRUhshnHyI070IuTpM4W/hBgjatIquA71jHSTUh+jvv0WyzFXXfBcQ/pgSz+F\" fullword wide \n \t\t $s17= \"CGdc9wAphv+yegXM6dfD29Q9evE+UWL03OZstvZK0ps=\" fullword wide \n \t\t $s18= \"cLmwHAZ99zYjm+jEpFTUwD1dwUAvpED6Ul7PaSR04Xg=\" fullword wide \n \t\t $s19= \"cNIAlTQA01/KjOY13uy9W2/bTHRxuCIHObrYFvGN45w=\" fullword wide \n \t\t $s20= \"CWU1/X9QUt8ANcHmbViwWvbZX4+jO91nDZHrpMcbYVs=\" fullword wide \n \t\t $s21= \"Ddm6/1Q7wdvglNPXcQOURJAx1nBmhRlrH9lamYWitXY=\" fullword wide \n \t\t $s22= \"DM1NldWlV74zph/BcjN8bxwkTOD1BCm1QNV+eSVEv1Y=\" fullword wide \n \t\t $s23= \"dRxixE06aty6OyowekKwFROTegPJjqv4wLofU+KIx1Q=\" fullword wide \n \t\t $s24= \"DvM5onZXGFRCccdoZcx0qJHEexm++H7Zl95MpYi5T/o=\" fullword wide \n \t\t $s25= \"E06REt9VAPtCHVtjawWby8MrCIadDdikehAXKGkRAW4=\" fullword wide \n \t\t $s26= \"FxWsfrzNcDIT81Dyo3dhvYssCRQ2kmcNMwiZGY0wEE8=\" fullword wide \n \t\t $s27= \"Hms0sFlSgNOOUdQZtn3pXbkpMOzPPRSihDObeM3KPB4=\" fullword wide \n \t\t $s28= \"/ikyUZUxAvBns3XwMmet+6yOE//WPtjZdZMzm+ivrpU=\" fullword wide \n \t\t $s29= \"IM8Uo3VnEo8+NZZe2fa0dXus9/sV0JbokGsD4pmezO4=\" fullword wide \n \t\t $s30= \"I/tDnJPWEB6yySAivkY/576ixyY2gOP+bLVbbaRIV8A=\" fullword wide \n \t\t $s31= \"+KvItdCkbJYVhD5M+8OWWuNMaKVwLuIiBwNvfWU5drw=\" fullword wide \n \t\t $s32= \"kwTbWGPthx54z7ItP6ZZgGcKxLt+YRwXjnX+hSyarXkbouVlZ+qBccEqBCXtEC2M\" fullword wide \n \t\t $s33= \"L1588vhPHK6mbHFsgsOFsRVoTmhutkFpdi5q6LRnMu0=\" fullword wide \n \t\t $s34= \"ligGKnENDwQBwtGNHaYwFBAC06jzt1ZraamTIwJXP/s=\" fullword wide \n \t\t $s35= \"LvWpYUoNhLQcAEZrUU5vJXfm8AMpWkioRks6kR/avF7AxNEH3J8ItHmpZzPVbkQo\" fullword wide \n \t\t $s36= \"mQqftbRCZSvdu2yKy5WdmCQp9TnChZfFlB9thhYkzTw=\" fullword wide \n \t\t $s37= \"mRHmVzVbphgmY4lkYv3UdR3SQbnZtbGHhNxMPnTRl9s=\" fullword wide \n \t\t $s38= \"NHaMN9drOOEU9VGqF00KDXl23d/v6vf8y5rXugAfYT8=\" fullword wide \n \t\t $s39= \"oikfCuTLFenr3SHYSEZ4i4l/+ojgp7rxEaIDYGVnaoo=\" fullword wide \n \t\t $s40= \"p0PDzqn/xONUMUGbTdKlaBl8XgJAq1rWzoU4X7GuEl+sKjK9girJNQi+hVX/H+8Z\" fullword wide \n \t\t $s41= \"pLWka7Z/GC9u/NWAVkIGpulT/DTUmKZcE1wTpL5b+9w=\" fullword wide \n \t\t $s42= \"pweuSrfCbcBXQf025C8ebkFmZ/6ga8/URrV3n1FIEsU=\" fullword wide \n \t\t $s43= \"q3BuWKbz9UVM0vwJiV+jQRXejtQPS1CT8/kIbqn6QiOCVTv2hNAcIQMW+Eyii3zr\" fullword wide \n \t\t $s44= \"QLZGY78+zXUNT2jX7mlgXD+0Zy9QfeBN/YljDjfOrSU=\" fullword wide \n \t\t $s45= \"RPXruGRT9PgEwv3+vKGP71Ak/3sAUzkvjs4/NaeG7YajrG090hZHK92CNAYLaVlA\" fullword wide \n \t\t $s46= \"SoftwareMicrosoftInternet ExplorerIntelliFormsStorage2\" fullword wide \n \t\t $s47= \"SOFTWAREMicrosoftWindows NTCurrentVersion\" fullword wide \n \t\t $s48= \"swsssXJQPwpBZ7ZjcY9lTJYx6laKzsGV2anwwRZKyVo=\" fullword wide \n \t\t $s49= \"UppqDljkvOirn2L6QnyhyiwJLJSYnCsvA3lFnxPfrHA=\" fullword wide \n \t\t $s50= \"uS+VUL8+TSyneURyRykWQZOnYhn6NWqDhsMtEJ+Pk9o=\" fullword wide \n \t\t $s51= \"+UtVdHr7daksMHxeBY/JQc5A5ciOsmchTKYAMaDB7/CCsB0mI7nGqh/tSbdYNDqC\" fullword wide \n \t\t $s52= \"v1ESvyVh40NGQiXH0K76/LgZV/aJQOQyGa9DL+fSFJM=\" fullword wide \n \t\t $s53= \"xRm1fBracupUySoA9cylwh5CxTOJ/uZrxOW4zRw3APip9qVSQlGYWjKQVAR1tbMP\" fullword wide \n \t\t $s54= \"xRm1fBracupUySoA9cylwhHHE9gVBfX3+j2456j8GZzmuzwi7Edg8K/Xt3xEMKzM\" fullword wide \n \t\t $s55= \"xRm1fBracupUySoA9cylwj2p7W/wciyqog/QugF8dQM6Hb/8zr+D7YbHA4lQ2Zc3\" fullword wide \n \t\t $s56= \"xRm1fBracupUySoA9cylwkbC1/qFLC/SQzkf085ItY4wM9srWLpGtMavmXiyhqqE\" fullword wide \n \t\t $s57= \"xRm1fBracupUySoA9cylwkBYOZaEHSjY5HD/eXPjl7Y=\" fullword wide \n \t\t $s58= \"xRm1fBracupUySoA9cylwkYz4Tl4/qqswBmyY7Hrzkg=\" fullword wide \n \t\t $s59= \"xRm1fBracupUySoA9cylwlp6n8Xw+vBY/eBO1TJy2AU/4pY3k+lLXWHvniVVCAii\" fullword wide \n \t\t $s60= \"xRm1fBracupUySoA9cylwmIYGyp/9YDddxgRl6JMtWY=\" fullword wide \n \t\t $s61= \"xRm1fBracupUySoA9cylwmNTADUxFECvCdRfiT1fh7/Ya/noXlmKJjtUidIQalFk\" fullword wide \n \t\t $s62= \"xRm1fBracupUySoA9cylwn5D96LrPpgRHkiBVeRSKKw=\" fullword wide \n \t\t $s63= \"xRm1fBracupUySoA9cylwq+5/WPdNXJ2dIaVKINbFJzeDOxB3MK6/ioVB3LOSKDo\" fullword wide \n \t\t $s64= \"xRm1fBracupUySoA9cylwrQ8K+GusHxzzEqV0xLLJGmGJD4Ughm1YghiwCgK6fnu\" fullword wide \n \t\t $s65= \"xRm1fBracupUySoA9cylwsAdlmHk/XWi/iVKTUsAFq1NC0R6SpJCfXS9YjFgKnlI\" fullword wide \n \t\t $s66= \"xRm1fBracupUySoA9cylwsThygi+zr1GPj/5yzOQBftbwZ4/Q1weEYpYLntb9X/5\" fullword wide \n \t\t $s67= \"xRm1fBracupUySoA9cylwsZeOzxhjGK2aZFVI8Clcjo=\" fullword wide \n \t\t $s68= \"xRm1fBracupUySoA9cylwtYWfm8DaoM8Mk/AXVsiQPrHjN3cHo86oqfYnz7KlJJf\" fullword wide \n \t\t $s69= \"xRm1fBracupUySoA9cylwvlZZPIbFFw/EogqRqrtJWg=\" fullword wide \n \t\t $s70= \"xRm1fBracupUySoA9cylwvPXue4ZTJh+arXBPZ8LWF2N5kMlivViRAtgCVJswLsp\" fullword wide \n \t\t $s71= \"xRm1fBracupUySoA9cylwvQustDikfkUlYIpOGCcKBhmGKebSp5rcrr+rOgXkxt0\" fullword wide \n \t\t $s72= \"xVJXWZWqIh5mIrFdAKvC+bHR3aXZm/DLS+z8rpSodSs=\" fullword wide \n \t\t $s73= \"/ydWcFn/aGP7xvuifXSMkkyueVXcgJt0dgv6fS78qok=\" fullword wide \n \t\t $s74= \"YGib+OsbRvVmHiEVFVk4TwovECtpsmh0/f+qLQIGfng=\" fullword wide \n \t\t $s75= \"yJ2qMAJyXhZHlp50824HSdArxsDOcSTLLq14sG6CQgY=\" fullword wide \n \t\t $s76= \"ypfDayM/MDyPSlv5Kdo5azdZFpF/T0KYdq/9MnKxVZI=\" fullword wide \n \t\t $s77= \"YtutvWdsaYMXNIFKLCz0N0imxXilR8Keogf635BrGf4=\" fullword wide \n \t\t $s78= \"YXa3+zENlCDh0jOji/pX+Wjp//lgQNwFq3ddEneFAuE=\" fullword wide \n \n \t\t $hex1= {247331303d20226272} \n \t\t $hex2= {247331313d20226272} \n \t\t $hex3= {247331323d20226272} \n \t\t $hex4= {247331333d20226272} \n \t\t $hex5= {247331343d20226272} \n \t\t $hex6= {247331353d20226272} \n \t\t $hex7= {247331363d20224335} \n \t\t $hex8= {247331373d20224347} \n \t\t $hex9= {247331383d2022634c} \n \t\t $hex10= {247331393d2022634e} \n \t\t $hex11= {2473313d202235707a} \n \t\t $hex12= {247332303d20224357} \n \t\t $hex13= {247332313d20224464} \n \t\t $hex14= {247332323d2022444d} \n \t\t $hex15= {247332333d20226452} \n \t\t $hex16= {247332343d20224476} \n \t\t $hex17= {247332353d20224530} \n \t\t $hex18= {247332363d20224678} \n \t\t $hex19= {247332373d2022486d} \n \t\t $hex20= {247332383d20222f69} \n \t\t $hex21= {247332393d2022494d} \n \t\t $hex22= {2473323d2022375768} \n \t\t $hex23= {247333303d2022492f} \n \t\t $hex24= {247333313d20222b4b} \n \t\t $hex25= {247333323d20226b77} \n \t\t $hex26= {247333333d20224c31} \n \t\t $hex27= {247333343d20226c69} \n \t\t $hex28= {247333353d20224c76} \n \t\t $hex29= {247333363d20226d51} \n \t\t $hex30= {247333373d20226d52} \n \t\t $hex31= {247333383d20224e48} \n \t\t $hex32= {247333393d20226f69} \n \t\t $hex33= {2473333d2022375768} \n \t\t $hex34= {247334303d20227030} \n \t\t $hex35= {247334313d2022704c} \n \t\t $hex36= {247334323d20227077} \n \t\t $hex37= {247334333d20227133} \n \t\t $hex38= {247334343d2022514c} \n \t\t $hex39= {247334353d20225250} \n \t\t $hex40= {247334363d2022536f} \n \t\t $hex41= {247334373d2022534f} \n \t\t $hex42= {247334383d20227377} \n \t\t $hex43= {247334393d20225570} \n \t\t $hex44= {2473343d2022383538} \n \t\t $hex45= {247335303d20227553} \n \t\t $hex46= {247335313d20222b55} \n \t\t $hex47= {247335323d20227631} \n \t\t $hex48= {247335333d20227852} \n \t\t $hex49= {247335343d20227852} \n \t\t $hex50= {247335353d20227852} \n \t\t $hex51= {247335363d20227852} \n \t\t $hex52= {247335373d20227852} \n \t\t $hex53= {247335383d20227852} \n \t\t $hex54= {247335393d20227852} \n \t\t $hex55= {2473353d202238476d} \n \t\t $hex56= {247336303d20227852} \n \t\t $hex57= {247336313d20227852} \n \t\t $hex58= {247336323d20227852} \n \t\t $hex59= {247336333d20227852} \n \t\t $hex60= {247336343d20227852} \n \t\t $hex61= {247336353d20227852} \n \t\t $hex62= {247336363d20227852} \n \t\t $hex63= {247336373d20227852} \n \t\t $hex64= {247336383d20227852} \n \t\t $hex65= {247336393d20227852} \n \t\t $hex66= {2473363d2022624359} \n \t\t $hex67= {247337303d20227852} \n \t\t $hex68= {247337313d20227852} \n \t\t $hex69= {247337323d20227856} \n \t\t $hex70= {247337333d20222f79} \n \t\t $hex71= {247337343d20225947} \n \t\t $hex72= {247337353d2022794a} \n \t\t $hex73= {247337363d20227970} \n \t\t $hex74= {247337373d20225974} \n \t\t $hex75= {247337383d20225958} \n \t\t $hex76= {2473373d2022422b4e} \n \t\t $hex77= {2473383d202262723e} \n \t\t $hex78= {2473393d202262723e} \n \n \tcondition: \n \t\t52 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4132bc952ca85e685b01b42e0b3c78f6301fa0c6bf4f68e943faf61c914d0314 Group", "expiration": null, "is_active": 1 }, { "id": 3360593941, "indicator": "ee0d91f551a271fd60f80188893ef31420889a4b", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA1 of 6097232bc136d0af5321b7be782ade5d", "expiration": null, "is_active": 1 }, { "id": 1386572536, "indicator": "86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "LokiBot", "description": "SHA256 of 6097232bc136d0af5321b7be782ade5d", "expiration": null, "is_active": 1 }, { "id": 3360593942, "indicator": "363cb2dfa6a4f33b79da9d98c13090ce1e9c560b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-36-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6097232bc136d0af5321b7be782ade5d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"#document.favoriteManager*\" fullword wide \n \t\t $s2= \"Fenrir IncSleipnir5settingmodulesChromiumViewer\" fullword wide \n \t\t $s3= \"Fenrir IncSleipnirsettingmodulesChromiumViewer\" fullword wide \n \t\t $s4= \"%s8pecxstudiosCyberfoxprofiles.ini\" fullword wide \n \t\t $s5= \"%s8pecxstudiosCyberfoxProfiles%s\" fullword wide \n \t\t $s6= \"%sApple ComputerPreferenceskeychain.plist\" fullword wide \n \t\t $s7= \"%sComodoIceDragonprofiles.ini\" fullword wide \n \t\t $s8= \"%sComodoIceDragonProfiles%s\" fullword wide \n \t\t $s9= \"%s.configfullsyncprofiles.xml\" fullword wide \n \t\t $s10= \"%sDataAccCfgAccounts.tdat\" fullword wide \n \t\t $s11= \"%sEstsoftALFTPESTdb2.dat\" fullword wide \n \t\t $s12= \"%sFileZillaFilezilla.xml\" fullword wide \n \t\t $s13= \"%sFileZillarecentservers.xml\" fullword wide \n \t\t $s14= \"%sFileZillasitemanager.xml\" fullword wide \n \t\t $s15= \"%sFlockBrowserprofiles.ini\" fullword wide \n \t\t $s16= \"%sFlockBrowserProfiles%s\" fullword wide \n \t\t $s17= \"%sFossaMailprofiles.ini\" fullword wide \n \t\t $s18= \"%sFreshWebmasterFreshFTPFtpSites.SMF\" fullword wide \n \t\t $s19= \"%sFTPGetterProfileservers.xml\" fullword wide \n \t\t $s20= \"%sFTPInfoServerList.cfg\" fullword wide \n \t\t $s21= \"%sFTPInfoServerList.xml\" fullword wide \n \t\t $s22= \"%sFTP NavigatorFtplist.txt\" fullword wide \n \t\t $s23= \"%sGoFTPsettingsConnections.txt\" fullword wide \n \t\t $s24= \"%sINSoftwareNovaFTPNovaFTP.db\" fullword wide \n \t\t $s25= \"%sMozillaFirefoxprofiles.ini\" fullword wide \n \t\t $s26= \"%sMozillaFirefoxProfiles%s\" fullword wide \n \t\t $s27= \"%sMozillaSeaMonkeyprofiles.ini\" fullword wide \n \t\t $s28= \"%sMozillaSeaMonkeyProfiles%s\" fullword wide \n \t\t $s29= \"%sNETGATE TechnologiesBlackHawkprofiles.ini\" fullword wide \n \t\t $s30= \"%sNETGATE TechnologiesBlackHawkProfiles%s\" fullword wide \n \t\t $s31= \"%sNetSarangXftpSessions\" fullword wide \n \t\t $s32= \"%sNexusFileuserdataftpsite.ini\" fullword wide \n \t\t $s33= \"SOFTWARE8pecxstudiosCyberfox\" fullword wide \n \t\t $s34= \"SOFTWARE8pecxstudiosCyberfox86\" fullword wide \n \t\t $s35= \"Software9bis.comKiTTYSessions\" fullword wide \n \t\t $s36= \"SoftwareBitviseBvSshClient\" fullword wide \n \t\t $s37= \"SOFTWAREComodoGroupIceDragonSetup\" fullword wide \n \t\t $s38= \"SoftwareFar2PluginsFTPHosts\" fullword wide \n \t\t $s39= \"SoftwareFarPluginsFTPHosts\" fullword wide \n \t\t $s40= \"SoftwareFlashPeakBlazeFtpSettings\" fullword wide \n \t\t $s41= \"SoftwareGhislerTotal Commander\" fullword wide \n \t\t $s42= \"SoftwareIncrediMailIdentities\" fullword wide \n \t\t $s43= \"SoftwareLinasFTPSite Manager\" fullword wide \n \t\t $s44= \"SoftwareMicrosoftInternet ExplorerTypedURLs\" fullword wide \n \t\t $s45= \"SoftwareMicrosoftOffice15.0OutlookProfilesOutlook\" fullword wide \n \t\t $s46= \"SoftwareMicrosoftOffice16.0OutlookProfilesOutlook\" fullword wide \n \t\t $s47= \"SOFTWAREMozillaFossaMail\" fullword wide \n \t\t $s48= \"SOFTWAREMozillaMozilla Firefox\" fullword wide \n \t\t $s49= \"SOFTWAREMozillaMozilla Thunderbird\" fullword wide \n \t\t $s50= \"SOFTWAREmozilla.orgSeaMonkey\" fullword wide \n \t\t $s51= \"SOFTWAREMozillaPale Moon\" fullword wide \n \t\t $s52= \"SOFTWAREMozillaSeaMonkey\" fullword wide \n \t\t $s53= \"SOFTWAREMozillaWaterfox\" fullword wide \n \t\t $s54= \"SoftwareNCH SoftwareClassicFTPFTPAccounts\" fullword wide \n \t\t $s55= \"SoftwareNCH SoftwareFlingAccounts\" fullword wide \n \t\t $s56= \"SoftwareSimonTathamPuTTYSessions\" fullword wide \n \t\t $s57= \"SoftwareVanDykeSecureFX\" fullword wide \n \t\t $s58= \"%soZone3DMyFTPmyftp.ini\" fullword wide \n \t\t $s59= \"%sQupZillaprofilesdefaultbrowsedata.db\" fullword wide \n \t\t $s60= \"%s%s%idatasettingsftpProfiles-j.jsd\" fullword wide \n \t\t $s61= \"%s%s%idatasettingssshProfiles-j.jsd\" fullword wide \n \t\t $s62= \"%sThunderbirdprofiles.ini\" fullword wide \n \t\t $s63= \"%sThunderbirdProfiles%s\" fullword wide \n \t\t $s64= \"%sWinFtp ClientFavorites.dat\" fullword wide \n \t\t $s65= \"tSoftwareMicrosoftInternet ExplorerIntelliFormsStorage2\" fullword wide \n \n \t\t $hex1= {247331303d20222573} \n \t\t $hex2= {247331313d20222573} \n \t\t $hex3= {247331323d20222573} \n \t\t $hex4= {247331333d20222573} \n \t\t $hex5= {247331343d20222573} \n \t\t $hex6= {247331353d20222573} \n \t\t $hex7= {247331363d20222573} \n \t\t $hex8= {247331373d20222573} \n \t\t $hex9= {247331383d20222573} \n \t\t $hex10= {247331393d20222573} \n \t\t $hex11= {2473313d202223646f} \n \t\t $hex12= {247332303d20222573} \n \t\t $hex13= {247332313d20222573} \n \t\t $hex14= {247332323d20222573} \n \t\t $hex15= {247332333d20222573} \n \t\t $hex16= {247332343d20222573} \n \t\t $hex17= {247332353d20222573} \n \t\t $hex18= {247332363d20222573} \n \t\t $hex19= {247332373d20222573} \n \t\t $hex20= {247332383d20222573} \n \t\t $hex21= {247332393d20222573} \n \t\t $hex22= {2473323d202246656e} \n \t\t $hex23= {247333303d20222573} \n \t\t $hex24= {247333313d20222573} \n \t\t $hex25= {247333323d20222573} \n \t\t $hex26= {247333333d2022534f} \n \t\t $hex27= {247333343d2022534f} \n \t\t $hex28= {247333353d2022536f} \n \t\t $hex29= {247333363d2022536f} \n \t\t $hex30= {247333373d2022534f} \n \t\t $hex31= {247333383d2022536f} \n \t\t $hex32= {247333393d2022536f} \n \t\t $hex33= {2473333d202246656e} \n \t\t $hex34= {247334303d2022536f} \n \t\t $hex35= {247334313d2022536f} \n \t\t $hex36= {247334323d2022536f} \n \t\t $hex37= {247334333d2022536f} \n \t\t $hex38= {247334343d2022536f} \n \t\t $hex39= {247334353d2022536f} \n \t\t $hex40= {247334363d2022536f} \n \t\t $hex41= {247334373d2022534f} \n \t\t $hex42= {247334383d2022534f} \n \t\t $hex43= {247334393d2022534f} \n \t\t $hex44= {2473343d2022257338} \n \t\t $hex45= {247335303d2022534f} \n \t\t $hex46= {247335313d2022534f} \n \t\t $hex47= {247335323d2022534f} \n \t\t $hex48= {247335333d2022534f} \n \t\t $hex49= {247335343d2022536f} \n \t\t $hex50= {247335353d2022536f} \n \t\t $hex51= {247335363d2022536f} \n \t\t $hex52= {247335373d2022536f} \n \t\t $hex53= {247335383d20222573} \n \t\t $hex54= {247335393d20222573} \n \t\t $hex55= {2473353d2022257338} \n \t\t $hex56= {247336303d20222573} \n \t\t $hex57= {247336313d20222573} \n \t\t $hex58= {247336323d20222573} \n \t\t $hex59= {247336333d20222573} \n \t\t $hex60= {247336343d20222573} \n \t\t $hex61= {247336353d20227453} \n \t\t $hex62= {2473363d2022257341} \n \t\t $hex63= {2473373d2022257343} \n \t\t $hex64= {2473383d2022257343} \n \t\t $hex65= {2473393d202225732e} \n \n \tcondition: \n \t\t43 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 Group", "expiration": null, "is_active": 1 }, { "id": 3360593943, "indicator": "98f3bf4923ac20dd87ebcc9aabfaf5154d02c14a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of f2fc83356c26829326dd3fdc5aaf074c", "expiration": null, "is_active": 1 }, { "id": 1386572198, "indicator": "3086ef35d0e93ab12c607a36a83205ed3d00c47f4d95a5bf456e52804d70c9b5", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of f2fc83356c26829326dd3fdc5aaf074c", "expiration": null, "is_active": 1 }, { "id": 3360593944, "indicator": "65e02a5e63f4f4f1bafefa0bcc087a0ab5a5d11c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_3086ef35d0e93ab12c607a36a83205ed3d00c47f4d95a5bf456e52804d70c9b5 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_3086ef35d0e93ab12c607a36a83205ed3d00c47f4d95a5bf456e52804d70c9b5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f2fc83356c26829326dd3fdc5aaf074c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_3086ef35d0e93ab12c607a36a83205ed3d00c47f4d95a5bf456e52804d70c9b5 Group", "expiration": null, "is_active": 1 }, { "id": 3360593945, "indicator": "4f14e17caecbd518ce3d821cb065deda6b4d61cf", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_80179dc6e9a771e62fe957fc1a7e918a7673601fb8ef8040bd55125df03c0f51 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_80179dc6e9a771e62fe957fc1a7e918a7673601fb8ef8040bd55125df03c0f51 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4471b941c72f3ea1188e814bc569b66d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"clGradientInactiveCaption\" fullword wide \n \t\t $s2= \"clWebLightGoldenrodYellow\" fullword wide \n \t\t $s3= \"DrawThemeParentBackground\" fullword wide \n \t\t $s4= \"GetThemeBackgroundContentRect\" fullword wide \n \t\t $s5= \"GetThemeDocumentationProperty\" fullword wide \n \t\t $s6= \"InitializeConditionVariable\" fullword wide \n \t\t $s7= \"IsThemeBackgroundPartiallyTransparent\" fullword wide \n \t\t $s8= \"IsThemeDialogTextureEnabled\" fullword wide \n \t\t $s9= \"SetLayeredWindowAttributes\" fullword wide \n \t\t $s10= \"SoftwareBorlandDelphiLocales\" fullword wide \n \t\t $s11= \"SoftwareCodeGearLocales\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s13= \"SOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes\" fullword wide \n \t\t $s14= \"SYSTEMCurrentControlSetControlKeyboard Layouts\" fullword wide \n \t\t $s15= \"SystemCurrentControlSetControlKeyboard Layouts%.8x\" fullword wide \n \t\t $a1= \"ttbSplitButtonDropDownChecked ttbSplitButtonDropDownCheckedHot\" fullword ascii \n \t\t $a2= \"twFrameBottomSizingTemplate twSmallFrameBottomSizingTemplate\" fullword ascii \n \n \t\t $hex1= {2461313d2022747462} \n \t\t $hex2= {2461323d2022747746} \n \t\t $hex3= {247331303d2022536f} \n \t\t $hex4= {247331313d2022536f} \n \t\t $hex5= {247331323d2022534f} \n \t\t $hex6= {247331333d2022534f} \n \t\t $hex7= {247331343d20225359} \n \t\t $hex8= {247331353d20225379} \n \t\t $hex9= {2473313d2022636c47} \n \t\t $hex10= {2473323d2022636c57} \n \t\t $hex11= {2473333d2022447261} \n \t\t $hex12= {2473343d2022476574} \n \t\t $hex13= {2473353d2022476574} \n \t\t $hex14= {2473363d2022496e69} \n \t\t $hex15= {2473373d2022497354} \n \t\t $hex16= {2473383d2022497354} \n \t\t $hex17= {2473393d2022536574} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_80179dc6e9a771e62fe957fc1a7e918a7673601fb8ef8040bd55125df03c0f51 Group", "expiration": null, "is_active": 1 }, { "id": 577249255, "indicator": "da79088d7e0ad133ae6745cb64673322f745efa0", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6504448-0", "description": "SHA1 of 070583cfed5f33b995a07d2b975795d8", "expiration": null, "is_active": 1 }, { "id": 577249256, "indicator": "31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6504448-0", "description": "SHA256 of 070583cfed5f33b995a07d2b975795d8", "expiration": null, "is_active": 1 }, { "id": 3360593946, "indicator": "1ed13bc1b685c8985eaf5cdc6be93b51ee860a00", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"070583cfed5f33b995a07d2b975795d8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"Project.ThisDocument.Auto_Open\" fullword wide \n \t\t $s3= \"!Project.ThisDocument.JI_DRCSDNYKI\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d202250726f} \n \t\t $hex3= {2473333d2022215072} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde Group", "expiration": null, "is_active": 1 }, { "id": 3360593947, "indicator": "8aba1e1a3d66b31f6aa89e38a747ae5ac8a4d77a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6525907-0", "description": "SHA1 of f68be0955eb44dcea02b7bcf36db9acd", "expiration": null, "is_active": 1 }, { "id": 1386572117, "indicator": "23ab9ff9132043b888affadbdd5833f8b57ced4079d7a9a3e349bf75de4fc0fd", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6525907-0", "description": "SHA256 of f68be0955eb44dcea02b7bcf36db9acd", "expiration": null, "is_active": 1 }, { "id": 3360593948, "indicator": "18ac596e7b943a056fa8781a771290c56cf3d129", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_23ab9ff9132043b888affadbdd5833f8b57ced4079d7a9a3e349bf75de4fc0fd { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_23ab9ff9132043b888affadbdd5833f8b57ced4079d7a9a3e349bf75de4fc0fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f68be0955eb44dcea02b7bcf36db9acd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_23ab9ff9132043b888affadbdd5833f8b57ced4079d7a9a3e349bf75de4fc0fd Group", "expiration": null, "is_active": 1 }, { "id": 3360593949, "indicator": "3a078191759266e0e448e07973078639542107bd", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "UPX", "description": "SHA1 of fbdc72ca751338bc40a3c048d03da197", "expiration": null, "is_active": 1 }, { "id": 1386572642, "indicator": "9e245c1f5f6c9043b882136425c67a8dac3042ee8e45513a3252e9fb8ee8927e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "UPX", "description": "SHA256 of fbdc72ca751338bc40a3c048d03da197", "expiration": null, "is_active": 1 }, { "id": 3360593950, "indicator": "47e025e77d639483e8b24a5bee902e9a994f489b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_9e245c1f5f6c9043b882136425c67a8dac3042ee8e45513a3252e9fb8ee8927e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9e245c1f5f6c9043b882136425c67a8dac3042ee8e45513a3252e9fb8ee8927e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fbdc72ca751338bc40a3c048d03da197\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Blues|Classic Rock|Country|Dance|Disco|Funk|Grunge|\" fullword wide \n \t\t $s2= \"egMSmukPKLJOzGNFEUKMEeGljR\" fullword wide \n \t\t $s3= \"KPdaIVvvQfsnSrIjITNgPmVhnjuLai\" fullword wide \n \t\t $s4= \"MicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"NbaquwoNdUFnJmrEBkxQQyHTv\" fullword wide \n \t\t $s6= \"SELECT tblSchoolYear.SchoolYear\" fullword wide \n \t\t $s7= \"SOFTWAREMicrosoftSecurity Center\" fullword wide \n \t\t $s8= \"SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem\" fullword wide \n \t\t $s9= \"Start MenuProgramsStartup\" fullword wide \n \t\t $s10= \"uZQEtNEvICBppQZlNhkCOCAuMJ\" fullword wide \n \n \t\t $hex1= {247331303d2022755a} \n \t\t $hex2= {2473313d2022426c75} \n \t\t $hex3= {2473323d202265674d} \n \t\t $hex4= {2473333d20224b5064} \n \t\t $hex5= {2473343d20224d6963} \n \t\t $hex6= {2473353d20224e6261} \n \t\t $hex7= {2473363d202253454c} \n \t\t $hex8= {2473373d2022534f46} \n \t\t $hex9= {2473383d2022534f46} \n \t\t $hex10= {2473393d2022537461} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9e245c1f5f6c9043b882136425c67a8dac3042ee8e45513a3252e9fb8ee8927e Group", "expiration": null, "is_active": 1 }, { "id": 3360593951, "indicator": "ee922a7286c25d2115bd6089e3c4b05ddc154a0a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of f656361d5488d2ad2c67f6df59860f18", "expiration": null, "is_active": 1 }, { "id": 1386572652, "indicator": "a1a7b696b72553e058c064de136fb835f3353654c0214bf02c8e428d61001f45", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of f656361d5488d2ad2c67f6df59860f18", "expiration": null, "is_active": 1 }, { "id": 3360593952, "indicator": "66bbd52048d99752b5c9d6a9532e2905fa9bbcd3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_a1a7b696b72553e058c064de136fb835f3353654c0214bf02c8e428d61001f45 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a1a7b696b72553e058c064de136fb835f3353654c0214bf02c8e428d61001f45 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f656361d5488d2ad2c67f6df59860f18\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a1a7b696b72553e058c064de136fb835f3353654c0214bf02c8e428d61001f45 Group", "expiration": null, "is_active": 1 }, { "id": 3360593953, "indicator": "e6f3b1515358e0c11fa470b08f170ec7a1354cf4", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_360afa487a76edcf1aad4d6d7068740e3f8c6c1a8f04bf2cf5351db7de344570 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_360afa487a76edcf1aad4d6d7068740e3f8c6c1a8f04bf2cf5351db7de344570 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-35-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"120c119b315d99a59d999cfaa078870a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_360afa487a76edcf1aad4d6d7068740e3f8c6c1a8f04bf2cf5351db7de344570 Group", "expiration": null, "is_active": 1 }, { "id": 3360593954, "indicator": "9c4d6b00e69437edc20102f048def457058b2e71", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:Win32/AutInject.CN!bit", "description": "SHA1 of 9af78b2d17b36e565a8fe7574e8d3f5d", "expiration": null, "is_active": 1 }, { "id": 1386572418, "indicator": "65f81d3482a13d61f9284289361cff4a008c82a5c362e1cc394a6bd08844e0a5", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "VirTool:Win32/AutInject.CN!bit", "description": "SHA256 of 9af78b2d17b36e565a8fe7574e8d3f5d", "expiration": null, "is_active": 1 }, { "id": 3360593955, "indicator": "2570dd815339020016a5421fe3defca358108f89", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_65f81d3482a13d61f9284289361cff4a008c82a5c362e1cc394a6bd08844e0a5 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_65f81d3482a13d61f9284289361cff4a008c82a5c362e1cc394a6bd08844e0a5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9af78b2d17b36e565a8fe7574e8d3f5d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FSoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d202246536f} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536541} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_65f81d3482a13d61f9284289361cff4a008c82a5c362e1cc394a6bd08844e0a5 Group", "expiration": null, "is_active": 1 }, { "id": 3360593956, "indicator": "bf272e1e09269ea495a1cfe9dcf84092089fceb1", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Remcos", "description": "SHA1 of 918324d01bfb4f434b54467f649f2b43", "expiration": null, "is_active": 1 }, { "id": 1386572101, "indicator": "1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Remcos", "description": "SHA256 of 918324d01bfb4f434b54467f649f2b43", "expiration": null, "is_active": 1 }, { "id": 3360593957, "indicator": "a3466c5fcbd908a0ba226432b17795ddd464137f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"918324d01bfb4f434b54467f649f2b43\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WINDOWSsystem32userinit.exe, \" fullword wide \n \t\t $s2= \"fso.DeleteFile(Wscript.ScriptFullName)\" fullword wide \n \t\t $s3= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindows NTCurrentVersionWinlogon\" fullword wide \n \t\t $s6= \"time_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \t\t $s7= \"wnd_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \n \t\t $hex1= {2473313d2022433a57} \n \t\t $hex2= {2473323d202266736f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d202274696d} \n \t\t $hex7= {2473373d2022776e64} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc Group", "expiration": null, "is_active": 1 }, { "id": 3360593958, "indicator": "e5d3b3b519268c8fcf6ed0e5c9392e4899a4d1b7", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of c916834bb560a7794e10669b6e621125", "expiration": null, "is_active": 1 }, { "id": 1386572725, "indicator": "b6147def8dc8c4411a4b17663b14131fe421b9af2d8c1cf4161ccf80a4a59760", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of c916834bb560a7794e10669b6e621125", "expiration": null, "is_active": 1 }, { "id": 3360593959, "indicator": "b00dabd39a03514c2391a46cce315d4122beab47", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_b6147def8dc8c4411a4b17663b14131fe421b9af2d8c1cf4161ccf80a4a59760 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b6147def8dc8c4411a4b17663b14131fe421b9af2d8c1cf4161ccf80a4a59760 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c916834bb560a7794e10669b6e621125\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FSoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d202246536f} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536541} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b6147def8dc8c4411a4b17663b14131fe421b9af2d8c1cf4161ccf80a4a59760 Group", "expiration": null, "is_active": 1 }, { "id": 3360593960, "indicator": "e4ce78b3894c2563c8fa74b4a576723e4f9c4c7b", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6527579-0", "description": "SHA1 of 01acef7885819f372377801f7095ec66", "expiration": null, "is_active": 1 }, { "id": 1386572130, "indicator": "257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Doc.Dropper.Agent-6527579-0", "description": "SHA256 of 01acef7885819f372377801f7095ec66", "expiration": null, "is_active": 1 }, { "id": 3360593961, "indicator": "a8e08fefcbe2374d597904bf918e453b68e09059", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"01acef7885819f372377801f7095ec66\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c Group", "expiration": null, "is_active": 1 }, { "id": 3360593962, "indicator": "800ae9fd4de523ab82e7f1443117c5300f76954c", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of bfa36d239ed5e0bf919b3c074288465f", "expiration": null, "is_active": 1 }, { "id": 1386572501, "indicator": "7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of bfa36d239ed5e0bf919b3c074288465f", "expiration": null, "is_active": 1 }, { "id": 3360593963, "indicator": "e9a9d7d58fc910160d81f84e5aa0955f595b2c73", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bfa36d239ed5e0bf919b3c074288465f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s2= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s4= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022475549} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022536541} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 Group", "expiration": null, "is_active": 1 }, { "id": 3360593964, "indicator": "dc8cb48a99435db51cef6ac138562afd564f88b5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_e214f08d95ac7a1ef1b9b99283723d17deb663eaf5f5fe5625bb81e88cff37d6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e214f08d95ac7a1ef1b9b99283723d17deb663eaf5f5fe5625bb81e88cff37d6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2e3037f15c76457e5390a7c5b540153f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \")O71ODAOhQOhYOhaOhiOhqOhyOh\" fullword wide \n \t\t $s3= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022476574} \n \t\t $hex2= {2473323d2022294f37} \n \t\t $hex3= {2473333d2022537973} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e214f08d95ac7a1ef1b9b99283723d17deb663eaf5f5fe5625bb81e88cff37d6 Group", "expiration": null, "is_active": 1 }, { "id": 3360593965, "indicator": "b8b1d2a5cf5f78a0e58cd20885da1393bf4d7ac7", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Revetrat.A!bit", "description": "SHA1 of 10f6bf1292118e02826d6711c997fa6a", "expiration": null, "is_active": 1 }, { "id": 1386572057, "indicator": "12393bd27c682e6a736c901597f8afc107f910bcfc42bf914f30eaebd2115366", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Revetrat.A!bit", "description": "SHA256 of 10f6bf1292118e02826d6711c997fa6a", "expiration": null, "is_active": 1 }, { "id": 3360593966, "indicator": "7dde72e4764a9f0528669983900b9f03b8584459", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_12393bd27c682e6a736c901597f8afc107f910bcfc42bf914f30eaebd2115366 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_12393bd27c682e6a736c901597f8afc107f910bcfc42bf914f30eaebd2115366 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"10f6bf1292118e02826d6711c997fa6a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"fbi.no-ip.net,fbi962.ddns.net,\" fullword wide \n \t\t $s2= \"HKEY_CURRENT_USERSOFTWARE\" fullword wide \n \t\t $s3= \"HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022666269} \n \t\t $hex2= {2473323d2022484b45} \n \t\t $hex3= {2473333d2022484b45} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_12393bd27c682e6a736c901597f8afc107f910bcfc42bf914f30eaebd2115366 Group", "expiration": null, "is_active": 1 }, { "id": 3360593967, "indicator": "474e5233ca613df8b766927ed9164b55e894feb2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_e21a9d3df315dd8e55f1178611a622bb43c5be81eafed44c7c7ce1035f0f4691 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e21a9d3df315dd8e55f1178611a622bb43c5be81eafed44c7c7ce1035f0f4691 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"06854e61899fff2b198c91a5a25cff6d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"0r4Q+KffRShOMrJXQ5bIPBPfs2ueDUQLhElRpvSNOD8=\" fullword wide \n \t\t $s2= \"{9E394019-0597-4EF2-8537-6BF71347A4A4}\" fullword wide \n \t\t $s3= \"BALKMKNKOKPKQKRKSRTKUKVKXWYWZW[WW]Wdcecfchgigjg\" fullword wide \n \t\t $s4= \"d98c1dd4-008f-04b2-e980-0998ecf8427e\" fullword wide \n \t\t $s5= \"DoNotCaptureFieldsAttribute\" fullword wide \n \t\t $s6= \"Fk2eZIMApwcIWTEmb2cS+hpgxP8KTAVFVbM4GPTL2b4=\" fullword wide \n \t\t $s7= \"http://sawebservice.red-gate.com/\" fullword wide \n \t\t $s8= \"ijulUbn8DPPkee8Mdv0Pf3JPXTMNWvYRORO+JfoPSAU=\" fullword wide \n \t\t $s9= \"IZRPfMpaEgyR6ZDyXnOYiJx08Wzx4ZAZWC/PdMnfamo=\" fullword wide \n \t\t $s10= \"N2125ojyLfd5vRuYzSjpwfaddn/51zw4uGG7qR5+ExU=\" fullword wide \n \t\t $s11= \"RxKVVbtH14pgjdXaw2C1YbWUQxywTFbqf/pZBB51J5c=\" fullword wide \n \t\t $s12= \"sjim6s2cB20Yy0QybeUiJQ== \" fullword wide \n \t\t $s13= \"sjim6s2cB20Yy0QybeUiJQ==.bat\" fullword wide \n \t\t $s14= \"SmartAssembly.Attributes.PoweredByAttribute\" fullword wide \n \t\t $s15= \"SmartAssembly.SmartExceptionsCore\" fullword wide \n \t\t $s16= \"SmartAssembly.SmartExceptionsCore.Resources.\" fullword wide \n \t\t $s17= \"SOFTWARERedGateSmartAssembly\" fullword wide \n \t\t $s18= \"SoftwareWow6432NodeRed Gate\" fullword wide \n \t\t $s19= \"sscpRZTSpuugDgOvmaPPPu6b/X9gZRYeKcyavwZ3WPM=\" fullword wide \n \t\t $s20= \"System.Windows.Application\" fullword wide \n \t\t $s21= \"tooEKUPNPCsRNkaS3Hueqar3hTgD3+UMaiKlVz9fNin2nXZ/+dc8OLhhu6kefhMV\" fullword wide \n \t\t $s22= \"UnhandledException.ExceptionStackDepth\" fullword wide \n \t\t $s23= \"UnhandledException.ILOffset\" fullword wide \n \t\t $s24= \"UnhandledException.MethodID\" fullword wide \n \t\t $s25= \"UnhandledException.Objects[{0}]\" fullword wide \n \t\t $s26= \"UnhandledException.Objects.Length\" fullword wide \n \t\t $s27= \"WNauUailUhceWvNacXsoZYxTSn28xUnXdaZLyAiTtuU=\" fullword wide \n \t\t $a1= \"Namespace3http://www.smartassembly.com/webservices/Reporting/E\" fullword ascii \n \n \t\t $hex1= {2461313d20224e616d} \n \t\t $hex2= {247331303d20224e32} \n \t\t $hex3= {247331313d20225278} \n \t\t $hex4= {247331323d2022736a} \n \t\t $hex5= {247331333d2022736a} \n \t\t $hex6= {247331343d2022536d} \n \t\t $hex7= {247331353d2022536d} \n \t\t $hex8= {247331363d2022536d} \n \t\t $hex9= {247331373d2022534f} \n \t\t $hex10= {247331383d2022536f} \n \t\t $hex11= {247331393d20227373} \n \t\t $hex12= {2473313d2022307234} \n \t\t $hex13= {247332303d20225379} \n \t\t $hex14= {247332313d2022746f} \n \t\t $hex15= {247332323d2022556e} \n \t\t $hex16= {247332333d2022556e} \n \t\t $hex17= {247332343d2022556e} \n \t\t $hex18= {247332353d2022556e} \n \t\t $hex19= {247332363d2022556e} \n \t\t $hex20= {247332373d2022574e} \n \t\t $hex21= {2473323d20227b3945} \n \t\t $hex22= {2473333d202242414c} \n \t\t $hex23= {2473343d2022643938} \n \t\t $hex24= {2473353d2022446f4e} \n \t\t $hex25= {2473363d2022466b32} \n \t\t $hex26= {2473373d2022687474} \n \t\t $hex27= {2473383d2022696a75} \n \t\t $hex28= {2473393d2022495a52} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e21a9d3df315dd8e55f1178611a622bb43c5be81eafed44c7c7ce1035f0f4691 Group", "expiration": null, "is_active": 1 }, { "id": 3360593968, "indicator": "38f473ac03dd3c9c1ff2b2230bc0e191f4d53050", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "NETexecutableMicrosoft", "description": "SHA1 of 943dfdf0cb1cd51076480b836bd70601", "expiration": null, "is_active": 1 }, { "id": 1386572448, "indicator": "6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "NETexecutableMicrosoft", "description": "SHA256 of 943dfdf0cb1cd51076480b836bd70601", "expiration": null, "is_active": 1 }, { "id": 3360593969, "indicator": "ba4658feeb71bf445527fa3d5063f55ddc236987", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"943dfdf0cb1cd51076480b836bd70601\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_6d1db3cb8cbcc0467f8cc17a5ffb9381c759f3d9564f458a56e4215287b95ca9 Group", "expiration": null, "is_active": 1 }, { "id": 3360593970, "indicator": "814e09f3b15b678bdd0b800fb2d8bdced0f8adc3", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA1 of 5e5cb33acff6aa9dd06e76c73c0fe6fa", "expiration": null, "is_active": 1 }, { "id": 1386572872, "indicator": "d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "autoit", "description": "SHA256 of 5e5cb33acff6aa9dd06e76c73c0fe6fa", "expiration": null, "is_active": 1 }, { "id": 3360593971, "indicator": "affc5cef0631e368f70ccc33d979e48a2c93e28a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e5cb33acff6aa9dd06e76c73c0fe6fa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 Group", "expiration": null, "is_active": 1 }, { "id": 3360593972, "indicator": "b7244418dc72131540ad39a5a41a2e0722c53afa", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Revcode RAT, RevCode RAT", "description": "SHA1 of ab32d287c7a7c9333dba8672ac290c38\nSHA1 of ab32d287c7a7c9333dba8672ac290c38", "expiration": null, "is_active": 1 }, { "id": 1386572227, "indicator": "3acb3ab3ce9b1086a6233aa8a1d7089863e714e79b11345aeaf4e0090ed12f23", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Revcode RAT, RevCode RAT", "description": "SHA256 of ab32d287c7a7c9333dba8672ac290c38\nSHA256 of ab32d287c7a7c9333dba8672ac290c38", "expiration": null, "is_active": 1 }, { "id": 3360593973, "indicator": "319bfa57ec1371f7db5f909f6c683e23204bae56", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_3acb3ab3ce9b1086a6233aa8a1d7089863e714e79b11345aeaf4e0090ed12f23 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_3acb3ab3ce9b1086a6233aa8a1d7089863e714e79b11345aeaf4e0090ed12f23 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ab32d287c7a7c9333dba8672ac290c38\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"COOZUWCFSSZDZHOCIINCLAGMJARIKGWZHEDGRCDQXTVL\" fullword wide \n \t\t $s2= \"COOZUWCFSSZDZHOCIINCLAGMJARIKGWZHEDGRCDQXTVL.exe\" fullword wide \n \t\t $s3= \"EILFFWESEVKGJUXKXFSZYAZPNILDYKPCGWSDNDLJCOY\" fullword wide \n \t\t $s4= \"NSLOZSNFWGLFVNJZXFDLFGKOLRLUOUOEUXAXDWYUP\" fullword wide \n \t\t $s5= \"OGODYLOMYMIORQCACMOBHETWKO\" fullword wide \n \t\t $s6= \"RJLKWKOQGWWDIVSWLBTUGHZNCUWTTJWKCNYDXBGOVYWKAOUSKPY\" fullword wide \n \n \t\t $hex1= {2473313d2022434f4f} \n \t\t $hex2= {2473323d2022434f4f} \n \t\t $hex3= {2473333d202245494c} \n \t\t $hex4= {2473343d20224e534c} \n \t\t $hex5= {2473353d20224f474f} \n \t\t $hex6= {2473363d2022524a4c} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_3acb3ab3ce9b1086a6233aa8a1d7089863e714e79b11345aeaf4e0090ed12f23 Group", "expiration": null, "is_active": 1 }, { "id": 3360593974, "indicator": "f73cbc09b638dbb3933599db5b2fe7e259b18784", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of 6bad9b4bc18bce120411c2f7b45086d1", "expiration": null, "is_active": 1 }, { "id": 1386572830, "indicator": "cd0a8769256d3da37bb9027c44a7442d3937b7da71ce10659c0ad1e3092345d0", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of 6bad9b4bc18bce120411c2f7b45086d1", "expiration": null, "is_active": 1 }, { "id": 3360593975, "indicator": "4d4334163e3fa079c97c47fe282fd7ac27b41568", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_cd0a8769256d3da37bb9027c44a7442d3937b7da71ce10659c0ad1e3092345d0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_cd0a8769256d3da37bb9027c44a7442d3937b7da71ce10659c0ad1e3092345d0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6bad9b4bc18bce120411c2f7b45086d1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvuB85DEFG/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_cd0a8769256d3da37bb9027c44a7442d3937b7da71ce10659c0ad1e3092345d0 Group", "expiration": null, "is_active": 1 }, { "id": 3360593976, "indicator": "2e96a6f40465a5fc82f9b8548e0230d6b4c92d17", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_bb77f91396c89cd4f88c11aff2c8f5f7546a3a4f22bb97ab0064b30ca51d0b06 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_bb77f91396c89cd4f88c11aff2c8f5f7546a3a4f22bb97ab0064b30ca51d0b06 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3073fdd8a27bbbb93e7437b16eee74f0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"c07c17ce-4fd0-4bc1-aaa3-e9feda722fc0\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022633037} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_bb77f91396c89cd4f88c11aff2c8f5f7546a3a4f22bb97ab0064b30ca51d0b06 Group", "expiration": null, "is_active": 1 }, { "id": 3360593977, "indicator": "1553a1cc9dc9fb6e02a8bbdbb798a155771c9b0e", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 544176a3ef0df4bd9f01335065494d78\nSHA1 of 544176a3ef0df4bd9f01335065494d78", "expiration": null, "is_active": 1 }, { "id": 1386572342, "indicator": "58a929a52572d3981d1efc0640782d8839aff10922d4378f577efe5238e2f2d6", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 544176a3ef0df4bd9f01335065494d78\nSHA256 of 544176a3ef0df4bd9f01335065494d78", "expiration": null, "is_active": 1 }, { "id": 3360593978, "indicator": "da89e9810fbe7911959a2f57adcc2078f5885dc0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_58a929a52572d3981d1efc0640782d8839aff10922d4378f577efe5238e2f2d6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_58a929a52572d3981d1efc0640782d8839aff10922d4378f577efe5238e2f2d6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"544176a3ef0df4bd9f01335065494d78\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CUSTOMFILTER_EDITOR_IMAGES\" fullword wide \n \t\t $s2= \"CUSTOMFILTER_EDITOR_IMAGES_150\" fullword wide \n \t\t $s3= \"CUSTOMFILTER_EDITOR_IMAGES_200\" fullword wide \n \t\t $s4= \"DEFAULT-AEROPEEK-GLYPHS-100\" fullword wide \n \t\t $s5= \"DEFAULT-AEROPEEK-GLYPHS-125\" fullword wide \n \t\t $s6= \"DEFAULT-AEROPEEK-GLYPHS-150\" fullword wide \n \t\t $s7= \"DEFAULT-AEROPEEK-GLYPHS-175\" fullword wide \n \t\t $s8= \"DEFAULT-AEROPEEK-GLYPHS-200\" fullword wide \n \t\t $s9= \"TADLTABLEVIEW_FILTERBUTTON\" fullword wide \n \t\t $s10= \"TAIMPBOOKMARKSMANAGERFORM\" fullword wide \n \t\t $s11= \"TAIMPMLFILTEREDITORDIALOG$TAIMPMLGROUPDETAILSCUSTOMIZATIONFORM\" fullword wide \n \t\t $s12= \"TAIMPMLGROUPINGPRESETEDITDIALOG\" fullword wide \n \t\t $s13= \"TAIMPMLMONITORINGSETTINGSDIALOG\" fullword wide \n \t\t $s14= \"TAIMPOPTIONSFRAMEADDFILES\" fullword wide \n \t\t $s15= \"TAIMPOPTIONSFRAMEASSOCIATIONS\" fullword wide \n \t\t $s16= \"TAIMPOPTIONSFRAMEPLAYLISTVIEW\" fullword wide \n \t\t $s17= \"TAIMPOPTIONSFRAMERUNNINGLINE\" fullword wide \n \t\t $s18= \"TAIMPOPTIONSFRAMETRACKLIST\" fullword wide \n \t\t $s19= \"TAIMPPLAYLISTPREIMAGEDIALOG\" fullword wide \n \t\t $s20= \"TAIMPPLAYLISTSMANAGERDIALOG\" fullword wide \n \t\t $a1= \"OptionsBehavior.DropSource $OptionsBehavior.IncSearchColumnIndex\" fullword ascii \n \t\t $a2= \"OptionsBehavior.DropSource #OptionsCustomizing.ColumnVisibility \" fullword ascii \n \t\t $a3= \"OptionsBehavior.Groups $OptionsBehavior.IncSearchColumnIndex\" fullword ascii \n \n \t\t $hex1= {2461313d20224f7074} \n \t\t $hex2= {2461323d20224f7074} \n \t\t $hex3= {2461333d20224f7074} \n \t\t $hex4= {247331303d20225441} \n \t\t $hex5= {247331313d20225441} \n \t\t $hex6= {247331323d20225441} \n \t\t $hex7= {247331333d20225441} \n \t\t $hex8= {247331343d20225441} \n \t\t $hex9= {247331353d20225441} \n \t\t $hex10= {247331363d20225441} \n \t\t $hex11= {247331373d20225441} \n \t\t $hex12= {247331383d20225441} \n \t\t $hex13= {247331393d20225441} \n \t\t $hex14= {2473313d2022435553} \n \t\t $hex15= {247332303d20225441} \n \t\t $hex16= {2473323d2022435553} \n \t\t $hex17= {2473333d2022435553} \n \t\t $hex18= {2473343d2022444546} \n \t\t $hex19= {2473353d2022444546} \n \t\t $hex20= {2473363d2022444546} \n \t\t $hex21= {2473373d2022444546} \n \t\t $hex22= {2473383d2022444546} \n \t\t $hex23= {2473393d2022544144} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_58a929a52572d3981d1efc0640782d8839aff10922d4378f577efe5238e2f2d6 Group", "expiration": null, "is_active": 1 }, { "id": 920552025, "indicator": "a562e803e316f62dcb888fca2776ccaff856f087", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_SmartAssembly", "description": "SHA1 of 462b767e71149ee7d99e089a3666134f", "expiration": null, "is_active": 1 }, { "id": 920553025, "indicator": "798fef99b6daee1950dd12f5f42980e1c6ce8a9729619556238f14a20da274fc", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_SmartAssembly", "description": "SHA256 of 462b767e71149ee7d99e089a3666134f", "expiration": null, "is_active": 1 }, { "id": 3360593979, "indicator": "f747b9443024d56b1a39c6ff9bf966f26562ba4c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_798fef99b6daee1950dd12f5f42980e1c6ce8a9729619556238f14a20da274fc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_798fef99b6daee1950dd12f5f42980e1c6ce8a9729619556238f14a20da274fc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-34-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"462b767e71149ee7d99e089a3666134f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{e7b03a4f-bb29-4764-98ae-cabef27b08d4}\" fullword wide \n \t\t $s2= \":=:NMOMRQSQ\" fullword wide \n \t\t $a1= \"Namespace3http://www.smartassembly.com/webservices/Reporting/L\" fullword ascii \n \n \t\t $hex1= {2461313d20224e616d} \n \t\t $hex2= {2473313d20227b6537} \n \t\t $hex3= {2473323d20223a3d3a} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_798fef99b6daee1950dd12f5f42980e1c6ce8a9729619556238f14a20da274fc Group", "expiration": null, "is_active": 1 }, { "id": 1241141454, "indicator": "629bbddf6e6bf9b12b954b7dad0d1e0f129f7133", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "PWS:Win32/Primarypass.A", "description": "SHA1 of 5e0d6f47f34443ee4a08f0458dbb58dc", "expiration": null, "is_active": 1 }, { "id": 1241142454, "indicator": "275d1b1fc8c149d95ca45a5877b30e696b310936e0264e27adf50c00ed7169e2", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "PWS:Win32/Primarypass.A", "description": "SHA256 of 5e0d6f47f34443ee4a08f0458dbb58dc", "expiration": null, "is_active": 1 }, { "id": 3360593980, "indicator": "1b4aebeb10103f24c7d354e00cbab83d2af865d6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_275d1b1fc8c149d95ca45a5877b30e696b310936e0264e27adf50c00ed7169e2 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_275d1b1fc8c149d95ca45a5877b30e696b310936e0264e27adf50c00ed7169e2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-33-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e0d6f47f34443ee4a08f0458dbb58dc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FJUHUlWbETPuHqSqAjgVWVBkd\" fullword wide \n \t\t $s2= \"OJbNIBzBewHmAKpVwpgPxWlXBmL\" fullword wide \n \t\t $s3= \"tUwmekNAfSwLeieaMVouMxhkPTl\" fullword wide \n \n \t\t $hex1= {2473313d2022464a55} \n \t\t $hex2= {2473323d20224f4a62} \n \t\t $hex3= {2473333d2022745577} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_275d1b1fc8c149d95ca45a5877b30e696b310936e0264e27adf50c00ed7169e2 Group", "expiration": null, "is_active": 1 }, { "id": 3360593981, "indicator": "8f180562482b8491e27c0ef70156f0c73f269514", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of ff80998c0664453acefdb76ffa80e4aa", "expiration": null, "is_active": 1 }, { "id": 1386572835, "indicator": "cd4c504294725b66262756314f36f0b1dd5db0a7e018506ec2cf4b38d74e1448", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of ff80998c0664453acefdb76ffa80e4aa", "expiration": null, "is_active": 1 }, { "id": 3360593982, "indicator": "773a812c491b44a836c6508e90ea2dd3b63f4398", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_cd4c504294725b66262756314f36f0b1dd5db0a7e018506ec2cf4b38d74e1448 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_cd4c504294725b66262756314f36f0b1dd5db0a7e018506ec2cf4b38d74e1448 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ff80998c0664453acefdb76ffa80e4aa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_cd4c504294725b66262756314f36f0b1dd5db0a7e018506ec2cf4b38d74e1448 Group", "expiration": null, "is_active": 1 }, { "id": 1261942286, "indicator": "a025b99d7c6e0eafe29cd52d97927226f9f98f88", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 59cbe5e53a646b5b348fd642c3e892da", "expiration": null, "is_active": 1 }, { "id": 1261943286, "indicator": "137e72e83b4cd50bb880378eb1cd5bfd2e6a6b1c42da9dbb49595a23b5f7a56d", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 59cbe5e53a646b5b348fd642c3e892da", "expiration": null, "is_active": 1 }, { "id": 3360593983, "indicator": "522d15273cc13c281cc9f73b52f2cf8968fa3bc6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_137e72e83b4cd50bb880378eb1cd5bfd2e6a6b1c42da9dbb49595a23b5f7a56d { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_137e72e83b4cd50bb880378eb1cd5bfd2e6a6b1c42da9dbb49595a23b5f7a56d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"59cbe5e53a646b5b348fd642c3e892da\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"WdQhmLTWtHDbRcmpOkwpMhYoiOLZ\" fullword wide \n \t\t $s2= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s3= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {2473313d2022576451} \n \t\t $hex2= {2473323d202257696e} \n \t\t $hex3= {2473333d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_137e72e83b4cd50bb880378eb1cd5bfd2e6a6b1c42da9dbb49595a23b5f7a56d Group", "expiration": null, "is_active": 1 }, { "id": 3360594052, "indicator": "e1be0ea843d4adecbd3ab3246182b80b43a9c027", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_54364c5a2c8d64f1dbf9c52b73d233942dcc6157e7d23e4e3ff39986f0de2f34 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_54364c5a2c8d64f1dbf9c52b73d233942dcc6157e7d23e4e3ff39986f0de2f34 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"49880bf08ccc31c645d6b1f2148688bc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \n \t\t $hex1= {2473313d2022434c5f} \n \t\t $hex2= {2473323d2022434c5f} \n \t\t $hex3= {2473333d202244495f} \n \t\t $hex4= {2473343d202244495f} \n \t\t $hex5= {2473353d2022454e5f} \n \t\t $hex6= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_54364c5a2c8d64f1dbf9c52b73d233942dcc6157e7d23e4e3ff39986f0de2f34 Group", "expiration": null, "is_active": 1 }, { "id": 3360594053, "indicator": "19e3c033bba2837a9a96b310093b2af071b8b239", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of f0e3397681817cd915d6aa70e2749011", "expiration": null, "is_active": 1 }, { "id": 1386572123, "indicator": "245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of f0e3397681817cd915d6aa70e2749011", "expiration": null, "is_active": 1 }, { "id": 3360594054, "indicator": "f39725c0659683a2c19b74aaf521a47668d655e1", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0e3397681817cd915d6aa70e2749011\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")[71[DA[WQ[WY[Wa[Wi[Wq[Wy[W\" fullword wide \n \t\t $s2= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s3= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s4= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022295b37} \n \t\t $hex2= {2473323d2022476574} \n \t\t $hex3= {2473333d2022537973} \n \t\t $hex4= {2473343d2022537973} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 Group", "expiration": null, "is_active": 1 }, { "id": 448543256, "indicator": "43a563634a92ffd6bb6ae3ef5f47828efa666578", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Remcos", "description": "SHA1 of c91250a6ba94f93137c5a2fe926bc8d5", "expiration": null, "is_active": 1 }, { "id": 448543257, "indicator": "aec14c198f29b1d9422b88e013db8400204acb67842f59b36e25231b48c88c7b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Remcos", "description": "SHA256 of c91250a6ba94f93137c5a2fe926bc8d5", "expiration": null, "is_active": 1 }, { "id": 3360594055, "indicator": "99cdfa337955f726087409ffb7469a43a483ad53", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_aec14c198f29b1d9422b88e013db8400204acb67842f59b36e25231b48c88c7b { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_aec14c198f29b1d9422b88e013db8400204acb67842f59b36e25231b48c88c7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c91250a6ba94f93137c5a2fe926bc8d5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WINDOWSsystem32userinit.exe, \" fullword wide \n \t\t $s2= \"fso.DeleteFile(Wscript.ScriptFullName)\" fullword wide \n \t\t $s3= \"SoftwareClassesmscfileshellopencommand\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindows NTCurrentVersionWinlogon\" fullword wide \n \t\t $s6= \"time_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \t\t $s7= \"wnd_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \n \t\t $hex1= {2473313d2022433a57} \n \t\t $hex2= {2473323d202266736f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d202274696d} \n \t\t $hex7= {2473373d2022776e64} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_aec14c198f29b1d9422b88e013db8400204acb67842f59b36e25231b48c88c7b Group", "expiration": null, "is_active": 1 }, { "id": 3360594056, "indicator": "c546c2ebda2669f369685fa47198cd4760a3efb2", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Rebhip.AA!bit", "description": "SHA1 of f824c884f09b95a641fe4e4e204aa635", "expiration": null, "is_active": 1 }, { "id": 430159066, "indicator": "28ce6aa6b39743680b5fe34bcdb9822db3d30716cc3faf09bf37d0bc05a73d9e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Rebhip.AA!bit", "description": "SHA256 of f824c884f09b95a641fe4e4e204aa635", "expiration": null, "is_active": 1 }, { "id": 3360594057, "indicator": "61db6db708981ee4008de1474f8b042f05145e96", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_28ce6aa6b39743680b5fe34bcdb9822db3d30716cc3faf09bf37d0bc05a73d9e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_28ce6aa6b39743680b5fe34bcdb9822db3d30716cc3faf09bf37d0bc05a73d9e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f824c884f09b95a641fe4e4e204aa635\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DSeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s2= \"GUICTRLCREATELISTVIEWITEM\" fullword wide \n \t\t $s3= \"GUICTRLCREATETREEVIEWITEM\" fullword wide \n \t\t $s4= \"GUICTRLREGISTERLISTVIEWSORT\" fullword wide \n \t\t $s5= \"SoftwareAutoIt v3AutoIt\" fullword wide \n \t\t $s6= \"SYSTEMCurrentControlSetControlNlsLanguage\" fullword wide \n \n \t\t $hex1= {2473313d2022445365} \n \t\t $hex2= {2473323d2022475549} \n \t\t $hex3= {2473333d2022475549} \n \t\t $hex4= {2473343d2022475549} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022535953} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_28ce6aa6b39743680b5fe34bcdb9822db3d30716cc3faf09bf37d0bc05a73d9e Group", "expiration": null, "is_active": 1 }, { "id": 3360594058, "indicator": "5ccf698e92bf19ca0e8c872a9d7fd2fc2a8d555f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_9302ab89cd016c01f9f9ad8cd30cf648f88995378c581fe21bd953a33b38ff27 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9302ab89cd016c01f9f9ad8cd30cf648f88995378c581fe21bd953a33b38ff27 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1989772517a7ab404bc0cb1e0443b746\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s4= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin1.inl\" fullword wide \n \t\t $s5= \"f:ddvctoolsvc7libsshipatlmfcincludeafxwin2.inl\" fullword wide \n \t\t $s6= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcappcore.cpp\" fullword wide \n \t\t $s7= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcarray_s.cpp\" fullword wide \n \t\t $s8= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcauxdata.cpp\" fullword wide \n \t\t $s9= \"f:ddvctoolsvc7libsshipatlmfcsrcmfcfilecore.cpp\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesComdlg32\" fullword wide \n \t\t $s11= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer\" fullword wide \n \t\t $s12= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesNetwork\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {247331313d2022536f} \n \t\t $hex3= {247331323d2022536f} \n \t\t $hex4= {2473313d2022253270} \n \t\t $hex5= {2473323d2022253270} \n \t\t $hex6= {2473333d2022434c53} \n \t\t $hex7= {2473343d2022663a64} \n \t\t $hex8= {2473353d2022663a64} \n \t\t $hex9= {2473363d2022663a64} \n \t\t $hex10= {2473373d2022663a64} \n \t\t $hex11= {2473383d2022663a64} \n \t\t $hex12= {2473393d2022663a64} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9302ab89cd016c01f9f9ad8cd30cf648f88995378c581fe21bd953a33b38ff27 Group", "expiration": null, "is_active": 1 }, { "id": 3360594059, "indicator": "248dfb0ecd130f315b280bda96b157a5f781b0c8", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_html", "description": "SHA1 of d3d2ae27c9649a16f377dbfa77267799", "expiration": null, "is_active": 1 }, { "id": 1386572212, "indicator": "348e28e2018a9ac18b568770536f033564ed1ebc5c16c4444be83a1c6f68b5ce", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "nUFS_html", "description": "SHA256 of d3d2ae27c9649a16f377dbfa77267799", "expiration": null, "is_active": 1 }, { "id": 3360594060, "indicator": "e2a945f990ffb3baa2b36a8a495c7465c1509c24", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_348e28e2018a9ac18b568770536f033564ed1ebc5c16c4444be83a1c6f68b5ce { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_348e28e2018a9ac18b568770536f033564ed1ebc5c16c4444be83a1c6f68b5ce Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-32-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d3d2ae27c9649a16f377dbfa77267799\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"Content-Location: file:///C:/2687C9E1/lola_files/editdata.mso\" fullword ascii \n \t\t $a2= \"Content-Location: file:///C:/2687C9E1/lola_files/filelist.xml\" fullword ascii \n \t\t $a3= \"Content-Location: file:///C:/2687C9E1/lola_files/themedata.thmx\" fullword ascii \n \n \t\t $hex1= {2461313d2022436f6e} \n \t\t $hex2= {2461323d2022436f6e} \n \t\t $hex3= {2461333d2022436f6e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_348e28e2018a9ac18b568770536f033564ed1ebc5c16c4444be83a1c6f68b5ce Group", "expiration": null, "is_active": 1 }, { "id": 3360594061, "indicator": "657d0b1c47ef045e6f567be3188bc4e9bdac4cfd", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of 68f82a9f4d90cb41bb11a0767df6b8ae", "expiration": null, "is_active": 1 }, { "id": 1386572093, "indicator": "1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of 68f82a9f4d90cb41bb11a0767df6b8ae", "expiration": null, "is_active": 1 }, { "id": 3360594062, "indicator": "ef21ccd3f6e72014114fa24139cf8d83df734d16", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"68f82a9f4d90cb41bb11a0767df6b8ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"*AC:UsersPOSITIVODesktop100%fudProject1.vbp\" fullword wide \n \t\t $s2= \"'and tblSection.SchoolYear='\" fullword wide \n \t\t $s3= \"egMSmukPKLJOzGNFEUKMEeGljR\" fullword wide \n \t\t $s4= \"KPdaIVvvQfsnSrIjITNgPmVhnjuLai\" fullword wide \n \t\t $s5= \"NbaquwoNdUFnJmrEBkxQQyHTv\" fullword wide \n \t\t $s6= \"SELECT tblSchoolYear.SchoolYear\" fullword wide \n \t\t $s7= \"uZQEtNEvICBppQZlNhkCOCAuMJ\" fullword wide \n \n \t\t $hex1= {2473313d20222a4143} \n \t\t $hex2= {2473323d202227616e} \n \t\t $hex3= {2473333d202265674d} \n \t\t $hex4= {2473343d20224b5064} \n \t\t $hex5= {2473353d20224e6261} \n \t\t $hex6= {2473363d202253454c} \n \t\t $hex7= {2473373d2022755a51} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c Group", "expiration": null, "is_active": 1 }, { "id": 3360594063, "indicator": "17c3a336f8b697b24f94d04c393d5035bc094a69", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_60da9a353c2ca13cdbcba17dfd53ccaa42d12614aba9d3f03ad66e11895a1813 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_60da9a353c2ca13cdbcba17dfd53ccaa42d12614aba9d3f03ad66e11895a1813 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"392d7d7f1914dd823d01554471881c42\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022476574} \n \t\t $hex2= {2473323d2022537973} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_60da9a353c2ca13cdbcba17dfd53ccaa42d12614aba9d3f03ad66e11895a1813 Group", "expiration": null, "is_active": 1 }, { "id": 3360594064, "indicator": "0528ffa49c9b3105b28e5230c45bcc8c763d0c9c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"47f0e070b3a2695bf74a32d60e0835ce\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022476574} \n \t\t $hex2= {2473323d2022537973} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 Group", "expiration": null, "is_active": 1 }, { "id": 3360594065, "indicator": "328e582c18df55a6fdcbeb5e0147ad1b350403c4", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA1 of 13bce871a7a076d15b477892ddcdb741", "expiration": null, "is_active": 1 }, { "id": 1386572086, "indicator": "19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_Reactor", "description": "SHA256 of 13bce871a7a076d15b477892ddcdb741", "expiration": null, "is_active": 1 }, { "id": 3360594066, "indicator": "a2fb01f2e3da8050f1f2b8468f794502df1b1abc", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"13bce871a7a076d15b477892ddcdb741\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.1.7601.23834 (win7sp1_ldr.170601-2259)\" fullword wide \n \t\t $s2= \"System.Reflection.Assembly\" fullword wide \n \t\t $s3= \"System.Resources.ResourceManager\" fullword wide \n \t\t $s4= \"System.Security.Cryptography.ICryptoTransform\" fullword wide \n \t\t $s5= \"System.Security.Cryptography.RijndaelManaged\" fullword wide \n \t\t $s6= \"System.Security.Cryptography.SymmetricAlgorithm\" fullword wide \n \n \t\t $hex1= {2473313d2022362e31} \n \t\t $hex2= {2473323d2022537973} \n \t\t $hex3= {2473333d2022537973} \n \t\t $hex4= {2473343d2022537973} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022537973} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 Group", "expiration": null, "is_active": 1 }, { "id": 3360594067, "indicator": "8a32e0f330a208ffdaf756673047d08b8bf79de4", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_e10d9f1c620d2ff017ebc0edd1102b51c7da7ebd595dfafeff6ce5a55f2f3bd8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e10d9f1c620d2ff017ebc0edd1102b51c7da7ebd595dfafeff6ce5a55f2f3bd8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"120fc8902ed442b13c04be98bc53ad34\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022546162} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e10d9f1c620d2ff017ebc0edd1102b51c7da7ebd595dfafeff6ce5a55f2f3bd8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594068, "indicator": "0c3a7f0594f4b66d49a83eace69b383ae23e9077", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of bdb0bcaf1a93bcf3e2fec3334800df0e\nSHA1 of bdb0bcaf1a93bcf3e2fec3334800df0e", "expiration": null, "is_active": 1 }, { "id": 1386572294, "indicator": "4d3d99055422305e0a6859ec432fa76f6308baf27e2f641dcc6c67b67ba12e59", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of bdb0bcaf1a93bcf3e2fec3334800df0e\nSHA256 of bdb0bcaf1a93bcf3e2fec3334800df0e", "expiration": null, "is_active": 1 }, { "id": 3360594069, "indicator": "c50f6f3470c634d74d7becfe2c4b7ca1fa947ae6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4d3d99055422305e0a6859ec432fa76f6308baf27e2f641dcc6c67b67ba12e59 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4d3d99055422305e0a6859ec432fa76f6308baf27e2f641dcc6c67b67ba12e59 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bdb0bcaf1a93bcf3e2fec3334800df0e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")_71_DA_VQ_VY_Va_Vi_Vq_Vy_V\" fullword wide \n \t\t $s2= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s3= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s4= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \t\t $s5= \"TYUGJHJKJHGDDDSSQASC.Properties.Resources\" fullword wide \n \t\t $s6= \"wyKwrCDB9yYIwkpGIk.jsBNMt7gdeDnH6Ep6T\" fullword wide \n \n \t\t $hex1= {2473313d2022295f37} \n \t\t $hex2= {2473323d2022476574} \n \t\t $hex3= {2473333d2022537973} \n \t\t $hex4= {2473343d2022537973} \n \t\t $hex5= {2473353d2022545955} \n \t\t $hex6= {2473363d202277794b} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4d3d99055422305e0a6859ec432fa76f6308baf27e2f641dcc6c67b67ba12e59 Group", "expiration": null, "is_active": 1 }, { "id": 3360594070, "indicator": "4489f0f7f371ad55728ed1b76807e25e1288b98d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0773929cc7c87c2ca9cb5656e58393c9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s2= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s3= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s4= \"CopyToolStripMenuItem.Image\" fullword wide \n \t\t $s5= \"CutToolStripMenuItem.Image\" fullword wide \n \t\t $s6= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s7= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s8= \"NewToolStripMenuItem.Image\" fullword wide \n \t\t $s9= \"NewWindowToolStripMenuItem\" fullword wide \n \t\t $s10= \"OpenToolStripButton.Image\" fullword wide \n \t\t $s11= \"OpenToolStripMenuItem.Image\" fullword wide \n \t\t $s12= \"PasteToolStripMenuItem.Image\" fullword wide \n \t\t $s13= \"PrintPreviewToolStripButton\" fullword wide \n \t\t $s14= \"PrintPreviewToolStripButton.Image\" fullword wide \n \t\t $s15= \"PrintPreviewToolStripMenuItem\" fullword wide \n \t\t $s16= \"PrintPreviewToolStripMenuItem.Image\" fullword wide \n \t\t $s17= \"PrintSetupToolStripMenuItem\" fullword wide \n \t\t $s18= \"PrintToolStripButton.Image\" fullword wide \n \t\t $s19= \"PrintToolStripMenuItem.Image\" fullword wide \n \t\t $s20= \"RedoToolStripMenuItem.Image\" fullword wide \n \t\t $s21= \"SaveToolStripButton.Image\" fullword wide \n \t\t $s22= \"SaveToolStripMenuItem.Image\" fullword wide \n \t\t $s23= \"SearchToolStripMenuItem.Image\" fullword wide \n \t\t $s24= \"SelectAllToolStripMenuItem\" fullword wide \n \t\t $s25= \"StatusBarToolStripMenuItem\" fullword wide \n \t\t $s26= \"TileHorizontalToolStripMenuItem\" fullword wide \n \t\t $s27= \"TileVerticalToolStripMenuItem\" fullword wide \n \t\t $s28= \"UndoToolStripMenuItem.Image\" fullword wide \n \t\t $s29= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s30= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20224f70} \n \t\t $hex2= {247331313d20224f70} \n \t\t $hex3= {247331323d20225061} \n \t\t $hex4= {247331333d20225072} \n \t\t $hex5= {247331343d20225072} \n \t\t $hex6= {247331353d20225072} \n \t\t $hex7= {247331363d20225072} \n \t\t $hex8= {247331373d20225072} \n \t\t $hex9= {247331383d20225072} \n \t\t $hex10= {247331393d20225072} \n \t\t $hex11= {2473313d2022417272} \n \t\t $hex12= {247332303d20225265} \n \t\t $hex13= {247332313d20225361} \n \t\t $hex14= {247332323d20225361} \n \t\t $hex15= {247332333d20225365} \n \t\t $hex16= {247332343d20225365} \n \t\t $hex17= {247332353d20225374} \n \t\t $hex18= {247332363d20225469} \n \t\t $hex19= {247332373d20225469} \n \t\t $hex20= {247332383d2022556e} \n \t\t $hex21= {247332393d20225769} \n \t\t $hex22= {2473323d2022436c6f} \n \t\t $hex23= {247333303d20225769} \n \t\t $hex24= {2473333d2022436f6e} \n \t\t $hex25= {2473343d2022436f70} \n \t\t $hex26= {2473353d2022437574} \n \t\t $hex27= {2473363d202248656c} \n \t\t $hex28= {2473373d2022496e64} \n \t\t $hex29= {2473383d20224e6577} \n \t\t $hex30= {2473393d20224e6577} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_bece3488b3155a5548994721aa0f3002a494aca7dcc7b440380ece60769bf2de Group", "expiration": null, "is_active": 1 }, { "id": 3360594071, "indicator": "15dacf50044bd2262f8aeb49739583a05c7a9322", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1b3c5144369e21c102063fc18adae793\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s2= \"RISVkwnfF4ZHITrDaR.W7MRRP4RJtXlOJvFeA\" fullword wide \n \t\t $s3= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s4= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \t\t $s5= \"WdQhmLTWtHDbRcmpOkwpMhYoiOLZ\" fullword wide \n \t\t $a1= \"ii=>ik=CC>oAEDEuwKzGPMQKNMQOQQRSU{XZ(\" fullword ascii \n \t\t $a2= \"JJONMSO$!&&*'ZW.0,4/54b:75;hgl99A?Cs@CFIHGDzFLHzLQLMTSSSZV]X\" fullword ascii \n \t\t $a3= \"NNSRQWS(%**.+^[2`4`08398f>;9?lkp==ECGwDGJMLKH~JPL~PUPQXWWW^Za\" fullword ascii \n \t\t $a4= \"qABEEtJCuwG}OKJ|PVQUXZRUTXVXXYZ\" fullword ascii \n \t\t $a5= \"!&&'##(VV-WZ1.+3.214ce7=>kk?@km?EE@qCGFGwyM|IROSMPOSQSSTUW}__*\" fullword ascii \n \n \t\t $hex1= {2461313d202269693d} \n \t\t $hex2= {2461323d20224a4a4f} \n \t\t $hex3= {2461333d20224e4e53} \n \t\t $hex4= {2461343d2022714142} \n \t\t $hex5= {2461353d2022212626} \n \t\t $hex6= {2473313d2022476574} \n \t\t $hex7= {2473323d2022524953} \n \t\t $hex8= {2473333d2022537973} \n \t\t $hex9= {2473343d2022537973} \n \t\t $hex10= {2473353d2022576451} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 Group", "expiration": null, "is_active": 1 }, { "id": 3360594072, "indicator": "50594ce2c9eabd6c6a01c60073f761f7e2018a6b", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Xls.Malware.Valyria-6700358-0", "description": "SHA1 of c9a696ae8418ba58359d61b61d3adf3a", "expiration": null, "is_active": 1 }, { "id": 1386572511, "indicator": "7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Xls.Malware.Valyria-6700358-0", "description": "SHA256 of c9a696ae8418ba58359d61b61d3adf3a", "expiration": null, "is_active": 1 }, { "id": 3360594108, "indicator": "5ca384d64a0e87a813703ff34e1810b3d8c02370", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-31-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c9a696ae8418ba58359d61b61d3adf3a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{0F4130DD-19C7-7ab6-99A1-980F03B2EE4E}\" fullword wide \n \t\t $s2= \"DocumentSummaryInformation\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleLight16\" fullword wide \n \n \t\t $hex1= {2473313d20227b3046} \n \t\t $hex2= {2473323d2022446f63} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674 Group", "expiration": null, "is_active": 1 }, { "id": 858039711, "indicator": "5ef3da4d7acf44376974b903cc50b28763ab9cb7", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA1 of e3666ecb82584556a39520ea0e788ccc", "expiration": null, "is_active": 1 }, { "id": 858040711, "indicator": "ccce59e6335c8cc6adf973406af1edb7dea5d8ded4a956984dff4ae587bcf0a8", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "DotNET_ConfuserEx", "description": "SHA256 of e3666ecb82584556a39520ea0e788ccc", "expiration": null, "is_active": 1 }, { "id": 3360594109, "indicator": "8c4c94bb36565f23003c3203b25e565c9f9b54fd", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_ccce59e6335c8cc6adf973406af1edb7dea5d8ded4a956984dff4ae587bcf0a8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ccce59e6335c8cc6adf973406af1edb7dea5d8ded4a956984dff4ae587bcf0a8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e3666ecb82584556a39520ea0e788ccc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AxAgent1.DefaultModifiers\" fullword wide \n \t\t $s2= \"AxMSChart1.DefaultModifiers\" fullword wide \n \t\t $s3= \"PictureBox10.DefaultModifiers\" fullword wide \n \t\t $s4= \"PictureBox1.DefaultModifiers\" fullword wide \n \t\t $s5= \"PictureBox2.DefaultModifiers\" fullword wide \n \t\t $s6= \"PictureBox3.DefaultModifiers\" fullword wide \n \t\t $s7= \"PictureBox4.DefaultModifiers\" fullword wide \n \t\t $s8= \"PictureBox5.DefaultModifiers\" fullword wide \n \t\t $s9= \"PictureBox6.DefaultModifiers\" fullword wide \n \t\t $s10= \"PictureBox7.DefaultModifiers\" fullword wide \n \t\t $s11= \"PictureBox8.DefaultModifiers\" fullword wide \n \t\t $s12= \"PictureBox9.DefaultModifiers\" fullword wide \n \t\t $s13= \"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\" fullword wide \n \t\t $s14= \"TextBox1.DefaultModifiers\" fullword wide \n \t\t $s15= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s16= \"WinForms_SeeInnerException\" fullword wide \n \n \t\t $hex1= {247331303d20225069} \n \t\t $hex2= {247331313d20225069} \n \t\t $hex3= {247331323d20225069} \n \t\t $hex4= {247331333d20225072} \n \t\t $hex5= {247331343d20225465} \n \t\t $hex6= {247331353d20225769} \n \t\t $hex7= {247331363d20225769} \n \t\t $hex8= {2473313d2022417841} \n \t\t $hex9= {2473323d202241784d} \n \t\t $hex10= {2473333d2022506963} \n \t\t $hex11= {2473343d2022506963} \n \t\t $hex12= {2473353d2022506963} \n \t\t $hex13= {2473363d2022506963} \n \t\t $hex14= {2473373d2022506963} \n \t\t $hex15= {2473383d2022506963} \n \t\t $hex16= {2473393d2022506963} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ccce59e6335c8cc6adf973406af1edb7dea5d8ded4a956984dff4ae587bcf0a8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594110, "indicator": "4a69008fbd3eec72cc9564d1b78e6082eab49692", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_8f65eca7eb3f2dc78ed9a91fcef20d6d593000eccd175d6634d79284432d1e9f { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_8f65eca7eb3f2dc78ed9a91fcef20d6d593000eccd175d6634d79284432d1e9f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2750fa2f08deec072b71a4444bd5c02d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")^71^DA^WQ^WY^Wa^Wi^Wq^Wy^W\" fullword wide \n \t\t $s2= \"blak54P02RwwJZvFdx.sTYrFlsS6OGEmr1ruS\" fullword wide \n \t\t $s3= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s4= \"MFMiUKHjoEwp4Dy9PX.onCt5C2MrmYjmkkagJ\" fullword wide \n \t\t $s5= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s6= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022295e37} \n \t\t $hex2= {2473323d2022626c61} \n \t\t $hex3= {2473333d2022476574} \n \t\t $hex4= {2473343d20224d464d} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022537973} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_8f65eca7eb3f2dc78ed9a91fcef20d6d593000eccd175d6634d79284432d1e9f Group", "expiration": null, "is_active": 1 }, { "id": 3360594111, "indicator": "bf7c0633edf1ee6c58298a135e0ed328ef9107ab", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA1 of 5093a3c12de9ebef95ab728caee3f0dd", "expiration": null, "is_active": 1 }, { "id": 1386572646, "indicator": "9ed58f74a1b65f8897aef2ad118b68d35824024687ffc5e550951b4c347d0d44", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA256 of 5093a3c12de9ebef95ab728caee3f0dd", "expiration": null, "is_active": 1 }, { "id": 3360594112, "indicator": "2836c278227a2d5f9d90a3d5888abea7f51e7f22", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_9ed58f74a1b65f8897aef2ad118b68d35824024687ffc5e550951b4c347d0d44 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9ed58f74a1b65f8897aef2ad118b68d35824024687ffc5e550951b4c347d0d44 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5093a3c12de9ebef95ab728caee3f0dd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2d0bc906-3169-4257-af7b-bd6a6b337868\" fullword wide \n \t\t $s2= \"EcoRaliu.Properties.Resources\" fullword wide \n \n \t\t $hex1= {2473313d2022326430} \n \t\t $hex2= {2473323d202245636f} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9ed58f74a1b65f8897aef2ad118b68d35824024687ffc5e550951b4c347d0d44 Group", "expiration": null, "is_active": 1 }, { "id": 3360594113, "indicator": "c5ab65fc055ca54000264a66841bb82c6367d850", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA1 of f29bee9afc79e4120b57cf4e7743f253", "expiration": null, "is_active": 1 }, { "id": 1386572879, "indicator": "d7df9d77e4c606c413e24744a97a831729cddfa350dc29464e5117af318fc03a", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Delphi", "description": "SHA256 of f29bee9afc79e4120b57cf4e7743f253", "expiration": null, "is_active": 1 }, { "id": 3360594114, "indicator": "5ae9218505ec34ccbb68a737a89dac360fd5206c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_d7df9d77e4c606c413e24744a97a831729cddfa350dc29464e5117af318fc03a { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d7df9d77e4c606c413e24744a97a831729cddfa350dc29464e5117af318fc03a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f29bee9afc79e4120b57cf4e7743f253\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s2= \"CL_MPRECORD CL_MPSTEP CL_MPSTOP DI_MPBACK\" fullword wide \n \t\t $s3= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s4= \"DI_MPRECORD DI_MPSTEP DI_MPSTOP EN_MPBACK\" fullword wide \n \t\t $s5= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s6= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \n \t\t $hex1= {2473313d2022434c5f} \n \t\t $hex2= {2473323d2022434c5f} \n \t\t $hex3= {2473333d202244495f} \n \t\t $hex4= {2473343d202244495f} \n \t\t $hex5= {2473353d2022454e5f} \n \t\t $hex6= {2473363d2022454e5f} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d7df9d77e4c606c413e24744a97a831729cddfa350dc29464e5117af318fc03a Group", "expiration": null, "is_active": 1 }, { "id": 3360594115, "indicator": "a0e42c0886280a53bd7d34f525d8f2bc67f9e69a", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of b0c5208b2fdb695721c1921a69a3bc58", "expiration": null, "is_active": 1 }, { "id": 1386572469, "indicator": "7377dbeae24742a3d072f5534b14609c8efab8af7a60b8daf465fcabf9cbaf99", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of b0c5208b2fdb695721c1921a69a3bc58", "expiration": null, "is_active": 1 }, { "id": 3360594116, "indicator": "bb38622849784e750a7844823b6abfbb7e550241", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_7377dbeae24742a3d072f5534b14609c8efab8af7a60b8daf465fcabf9cbaf99 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7377dbeae24742a3d072f5534b14609c8efab8af7a60b8daf465fcabf9cbaf99 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b0c5208b2fdb695721c1921a69a3bc58\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvuDG4C5EG/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7377dbeae24742a3d072f5534b14609c8efab8af7a60b8daf465fcabf9cbaf99 Group", "expiration": null, "is_active": 1 }, { "id": 3360594117, "indicator": "bbe82e87213cf879f486b585dae6349abbd413e9", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Neshta.A", "description": "SHA1 of deee619a418c023514ef8b7718d90765\nSHA1 of deee619a418c023514ef8b7718d90765", "expiration": null, "is_active": 1 }, { "id": 1386572292, "indicator": "4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Neshta.A", "description": "SHA256 of deee619a418c023514ef8b7718d90765\nSHA256 of deee619a418c023514ef8b7718d90765", "expiration": null, "is_active": 1 }, { "id": 3360594118, "indicator": "bea989936d58ff4ed3b15b0276721bc0bd2e8800", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"deee619a418c023514ef8b7718d90765\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"clGradientInactiveCaption\" fullword wide \n \t\t $s2= \"clWebLightGoldenrodYellow\" fullword wide \n \t\t $s3= \"DrawThemeParentBackground\" fullword wide \n \t\t $s4= \"GetThemeBackgroundContentRect\" fullword wide \n \t\t $s5= \"GetThemeDocumentationProperty\" fullword wide \n \t\t $s6= \"InitializeConditionVariable\" fullword wide \n \t\t $s7= \"IsThemeBackgroundPartiallyTransparent\" fullword wide \n \t\t $s8= \"IsThemeDialogTextureEnabled\" fullword wide \n \t\t $s9= \"SetLayeredWindowAttributes\" fullword wide \n \t\t $s10= \"SoftwareBorlandDelphiLocales\" fullword wide \n \t\t $s11= \"SoftwareCodeGearLocales\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s13= \"SOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes\" fullword wide \n \t\t $s14= \"SYSTEMCurrentControlSetControlKeyboard Layouts\" fullword wide \n \t\t $s15= \"SystemCurrentControlSetControlKeyboard Layouts%.8x\" fullword wide \n \t\t $a1= \"ttbSplitButtonDropDownChecked ttbSplitButtonDropDownCheckedHot\" fullword ascii \n \t\t $a2= \"twFrameBottomSizingTemplate twSmallFrameBottomSizingTemplate\" fullword ascii \n \n \t\t $hex1= {2461313d2022747462} \n \t\t $hex2= {2461323d2022747746} \n \t\t $hex3= {247331303d2022536f} \n \t\t $hex4= {247331313d2022536f} \n \t\t $hex5= {247331323d2022534f} \n \t\t $hex6= {247331333d2022534f} \n \t\t $hex7= {247331343d20225359} \n \t\t $hex8= {247331353d20225379} \n \t\t $hex9= {2473313d2022636c47} \n \t\t $hex10= {2473323d2022636c57} \n \t\t $hex11= {2473333d2022447261} \n \t\t $hex12= {2473343d2022476574} \n \t\t $hex13= {2473353d2022476574} \n \t\t $hex14= {2473363d2022496e69} \n \t\t $hex15= {2473373d2022497354} \n \t\t $hex16= {2473383d2022497354} \n \t\t $hex17= {2473393d2022536574} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e Group", "expiration": null, "is_active": 1 }, { "id": 3360594119, "indicator": "dc0283bad8ea311041775a709f328099faa5ae91", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "MalDoc, USR-KL", "description": "SHA1 of 5e40ff4f7d71c5d7f15f3658f7f0f3e8", "expiration": null, "is_active": 1 }, { "id": 1386572821, "indicator": "caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "MalDoc, USR-KL", "description": "SHA256 of 5e40ff4f7d71c5d7f15f3658f7f0f3e8", "expiration": null, "is_active": 1 }, { "id": 3360594120, "indicator": "5e74837a883a7beb55a0a03d7eddf4e9d8257d8a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e40ff4f7d71c5d7f15f3658f7f0f3e8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"Project.ThisDocument.QC_Z\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d202250726f} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_caf470ee82450f8c4735002e31f671acf1b6ee335658ef96117f2970645e0f40 Group", "expiration": null, "is_active": 1 }, { "id": 3360594121, "indicator": "40a9cc1d1f5890bcc33ff4ab0159fd1bfa6a01e4", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of 7fa30ac1337bbff5ff89c2ee3da686b4\nSHA1 of 7fa30ac1337bbff5ff89c2ee3da686b4", "expiration": null, "is_active": 1 }, { "id": 1386572344, "indicator": "58f75e09ba364deeef67785ed7ecee43dd96eec54c17f576990b3291d71f7f44", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of 7fa30ac1337bbff5ff89c2ee3da686b4\nSHA256 of 7fa30ac1337bbff5ff89c2ee3da686b4", "expiration": null, "is_active": 1 }, { "id": 3360594122, "indicator": "5513848dd96514383bfddf4546702e1b248984ca", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_58f75e09ba364deeef67785ed7ecee43dd96eec54c17f576990b3291d71f7f44 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_58f75e09ba364deeef67785ed7ecee43dd96eec54c17f576990b3291d71f7f44 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7fa30ac1337bbff5ff89c2ee3da686b4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")[71[DA[WQ[WY[Wa[Wi[Wq[Wy[W\" fullword wide \n \t\t $s2= \"DtObUL1bhOiALwweNa.esrErlwuTbU9FNrv7W\" fullword wide \n \t\t $s3= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s4= \"mTBCx2ogJS6cNNLXST.nfRgpYOIeiIwvmp72B\" fullword wide \n \t\t $s5= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s6= \"System.Security.Cryptography.AesCryptoServiceProvider\" fullword wide \n \n \t\t $hex1= {2473313d2022295b37} \n \t\t $hex2= {2473323d202244744f} \n \t\t $hex3= {2473333d2022476574} \n \t\t $hex4= {2473343d20226d5442} \n \t\t $hex5= {2473353d2022537973} \n \t\t $hex6= {2473363d2022537973} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_58f75e09ba364deeef67785ed7ecee43dd96eec54c17f576990b3291d71f7f44 Group", "expiration": null, "is_active": 1 }, { "id": 3360594123, "indicator": "a7920e587eaf65ef616cc412720fc39b14022b09", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA1 of f4bccd97c705c47a6da06b6d516dddd0\nSHA1 of f4bccd97c705c47a6da06b6d516dddd0", "expiration": null, "is_active": 1 }, { "id": 1386572296, "indicator": "4db135ae885aafd399ef1f8981b57ef05d4b20e754455b1098144d7c05d9a5af", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "TrojanDownloader:O97M/Donoff", "description": "SHA256 of f4bccd97c705c47a6da06b6d516dddd0\nSHA256 of f4bccd97c705c47a6da06b6d516dddd0", "expiration": null, "is_active": 1 }, { "id": 3360594124, "indicator": "d30f7d3439e865dc3a0651447640301041582ec6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4db135ae885aafd399ef1f8981b57ef05d4b20e754455b1098144d7c05d9a5af { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4db135ae885aafd399ef1f8981b57ef05d4b20e754455b1098144d7c05d9a5af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f4bccd97c705c47a6da06b6d516dddd0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"iuuq;00pofesjwfofu/yz{0`pvuqvu674D541/fyf!\" fullword wide \n \t\t $s3= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d2022697575} \n \t\t $hex3= {2473333d2022546162} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4db135ae885aafd399ef1f8981b57ef05d4b20e754455b1098144d7c05d9a5af Group", "expiration": null, "is_active": 1 }, { "id": 889046468, "indicator": "f4934f1fc3cfade8c9d421ebe653ac1356934922", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "warning_vb_macro", "description": "SHA1 of d64d194bac88abed87520bdff09ceacc\nSHA1 of d64d194bac88abed87520bdff09ceacc", "expiration": null, "is_active": 1 }, { "id": 889047468, "indicator": "38bf13caca3efa84cf740cf9e9cd51933c7a285694f3f8ecc49df7e1768f2dbe", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "warning_vb_macro", "description": "SHA256 of d64d194bac88abed87520bdff09ceacc\nSHA256 of d64d194bac88abed87520bdff09ceacc", "expiration": null, "is_active": 1 }, { "id": 3360594125, "indicator": "d3e15b9ab9e05ed9220b3a9d574e8849baf6fa86", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_38bf13caca3efa84cf740cf9e9cd51933c7a285694f3f8ecc49df7e1768f2dbe { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_38bf13caca3efa84cf740cf9e9cd51933c7a285694f3f8ecc49df7e1768f2dbe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-30-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d64d194bac88abed87520bdff09ceacc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"Project.ThisDocument.Auto_Open\" fullword wide \n \t\t $s3= \"Project.ThisDocument.SD_KXK\" fullword wide \n \t\t $s4= \"Project.ThisDocument.XVLUCJ_RCPY\" fullword wide \n \n \t\t $hex1= {2473313d2022446f63} \n \t\t $hex2= {2473323d202250726f} \n \t\t $hex3= {2473333d202250726f} \n \t\t $hex4= {2473343d202250726f} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_38bf13caca3efa84cf740cf9e9cd51933c7a285694f3f8ecc49df7e1768f2dbe Group", "expiration": null, "is_active": 1 }, { "id": 3360594126, "indicator": "121ba73ece3d6f17a6985c32e3ee4fbdef79b3ed", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-29-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0d63350bd3ce6881618dd44b776b29f0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"clGradientInactiveCaption\" fullword wide \n \t\t $s2= \"clWebLightGoldenrodYellow\" fullword wide \n \t\t $s3= \"DrawThemeParentBackground\" fullword wide \n \t\t $s4= \"GetThemeBackgroundContentRect\" fullword wide \n \t\t $s5= \"GetThemeDocumentationProperty\" fullword wide \n \t\t $s6= \"InitializeConditionVariable\" fullword wide \n \t\t $s7= \"IsThemeBackgroundPartiallyTransparent\" fullword wide \n \t\t $s8= \"IsThemeDialogTextureEnabled\" fullword wide \n \t\t $s9= \"SetLayeredWindowAttributes\" fullword wide \n \t\t $s10= \"SoftwareBorlandDelphiLocales\" fullword wide \n \t\t $s11= \"SoftwareCodeGearLocales\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s13= \"SOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes\" fullword wide \n \t\t $s14= \"SYSTEMCurrentControlSetControlKeyboard Layouts\" fullword wide \n \t\t $s15= \"SystemCurrentControlSetControlKeyboard Layouts%.8x\" fullword wide \n \t\t $a1= \"ttbSplitButtonDropDownChecked ttbSplitButtonDropDownCheckedHot\" fullword ascii \n \t\t $a2= \"twFrameBottomSizingTemplate twSmallFrameBottomSizingTemplate\" fullword ascii \n \n \t\t $hex1= {2461313d2022747462} \n \t\t $hex2= {2461323d2022747746} \n \t\t $hex3= {247331303d2022536f} \n \t\t $hex4= {247331313d2022536f} \n \t\t $hex5= {247331323d2022534f} \n \t\t $hex6= {247331333d2022534f} \n \t\t $hex7= {247331343d20225359} \n \t\t $hex8= {247331353d20225379} \n \t\t $hex9= {2473313d2022636c47} \n \t\t $hex10= {2473323d2022636c57} \n \t\t $hex11= {2473333d2022447261} \n \t\t $hex12= {2473343d2022476574} \n \t\t $hex13= {2473353d2022476574} \n \t\t $hex14= {2473363d2022496e69} \n \t\t $hex15= {2473373d2022497354} \n \t\t $hex16= {2473383d2022497354} \n \t\t $hex17= {2473393d2022536574} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 Group", "expiration": null, "is_active": 1 }, { "id": 3360594127, "indicator": "a0e784ef05ee6e6641ce18cff7ad3e09e5d85774", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA1 of de7ad1ecb5cd5dda3a04a8001f86bc36", "expiration": null, "is_active": 1 }, { "id": 1386572672, "indicator": "a8415354e49af84bd4a014d04351e5c571ded1d0873ba5fa75e2ab14c36db28b", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Virus:Win32/Grenam.B", "description": "SHA256 of de7ad1ecb5cd5dda3a04a8001f86bc36", "expiration": null, "is_active": 1 }, { "id": 3360594128, "indicator": "cf449e5cae6ebdfd1dfe3d67f05cdd1869eef958", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_a8415354e49af84bd4a014d04351e5c571ded1d0873ba5fa75e2ab14c36db28b { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a8415354e49af84bd4a014d04351e5c571ded1d0873ba5fa75e2ab14c36db28b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-29-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"de7ad1ecb5cd5dda3a04a8001f86bc36\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"clGradientInactiveCaption\" fullword wide \n \t\t $s2= \"clWebLightGoldenrodYellow\" fullword wide \n \t\t $s3= \"DrawThemeParentBackground\" fullword wide \n \t\t $s4= \"GetThemeBackgroundContentRect\" fullword wide \n \t\t $s5= \"GetThemeDocumentationProperty\" fullword wide \n \t\t $s6= \"InitializeConditionVariable\" fullword wide \n \t\t $s7= \"IsThemeBackgroundPartiallyTransparent\" fullword wide \n \t\t $s8= \"IsThemeDialogTextureEnabled\" fullword wide \n \t\t $s9= \"SetLayeredWindowAttributes\" fullword wide \n \t\t $s10= \"SoftwareBorlandDelphiLocales\" fullword wide \n \t\t $s11= \"SoftwareCodeGearLocales\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s13= \"SOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes\" fullword wide \n \t\t $s14= \"SYSTEMCurrentControlSetControlKeyboard Layouts\" fullword wide \n \t\t $s15= \"SystemCurrentControlSetControlKeyboard Layouts%.8x\" fullword wide \n \t\t $a1= \"ttbSplitButtonDropDownChecked ttbSplitButtonDropDownCheckedHot\" fullword ascii \n \t\t $a2= \"twFrameBottomSizingTemplate twSmallFrameBottomSizingTemplate\" fullword ascii \n \n \t\t $hex1= {2461313d2022747462} \n \t\t $hex2= {2461323d2022747746} \n \t\t $hex3= {247331303d2022536f} \n \t\t $hex4= {247331313d2022536f} \n \t\t $hex5= {247331323d2022534f} \n \t\t $hex6= {247331333d2022534f} \n \t\t $hex7= {247331343d20225359} \n \t\t $hex8= {247331353d20225379} \n \t\t $hex9= {2473313d2022636c47} \n \t\t $hex10= {2473323d2022636c57} \n \t\t $hex11= {2473333d2022447261} \n \t\t $hex12= {2473343d2022476574} \n \t\t $hex13= {2473353d2022476574} \n \t\t $hex14= {2473363d2022496e69} \n \t\t $hex15= {2473373d2022497354} \n \t\t $hex16= {2473383d2022497354} \n \t\t $hex17= {2473393d2022536574} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a8415354e49af84bd4a014d04351e5c571ded1d0873ba5fa75e2ab14c36db28b Group", "expiration": null, "is_active": 1 }, { "id": 3360594129, "indicator": "6da282da7b2151eeb7da06b0ce8e1beb64e585a1", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA1 of e7cc07a1704145c6843330345fd1ce0b\nSHA1 of e7cc07a1704145c6843330345fd1ce0b", "expiration": null, "is_active": 1 }, { "id": 1386572284, "indicator": "4aa789cf7c10418cc7ae60d4f2f5e0879521d6fe6d00d381df103156b4d4c1d7", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "", "description": "SHA256 of e7cc07a1704145c6843330345fd1ce0b\nSHA256 of e7cc07a1704145c6843330345fd1ce0b", "expiration": null, "is_active": 1 }, { "id": 3360594130, "indicator": "b92f8c7519b56e2ee5e9b66e773b66a69edf233f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_4aa789cf7c10418cc7ae60d4f2f5e0879521d6fe6d00d381df103156b4d4c1d7 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4aa789cf7c10418cc7ae60d4f2f5e0879521d6fe6d00d381df103156b4d4c1d7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-29-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e7cc07a1704145c6843330345fd1ce0b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{20428740-1BA4-4839-B505-677CA7385D7A}\" fullword wide \n \t\t $a1= \"??4PtAttributeElement@IHyphenWord@devtech@@QAEAAU012@ABU012@@Z\" fullword ascii \n \t\t $a2= \"??CIterator@IThesaurusWord@devtech@@QAEPAULM_ThesaurusEntry@2@XZ\" fullword ascii \n \t\t $a3= \"??DIterator@IThesaurusWord@devtech@@QAEAAULM_ThesaurusEntry@2@XZ\" fullword ascii \n \t\t $a4= \"?SetFlagAXE8_ExpatInited@LinguisticManager@devtech@@QAEX_N@Z\" fullword ascii \n \n \t\t $hex1= {2461313d20223f3f34} \n \t\t $hex2= {2461323d20223f3f43} \n \t\t $hex3= {2461333d20223f3f44} \n \t\t $hex4= {2461343d20223f5365} \n \t\t $hex5= {2473313d20227b3230} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4aa789cf7c10418cc7ae60d4f2f5e0879521d6fe6d00d381df103156b4d4c1d7 Group", "expiration": null, "is_active": 1 }, { "id": 3360594131, "indicator": "96276c663e47772edce627e1d2d64709dd168506", "type": "FileHash-SHA1", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA1 of d7fedad434c8b6a9d112896006a072a0", "expiration": null, "is_active": 1 }, { "id": 1386572527, "indicator": "822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb", "type": "FileHash-SHA256", "created": "2022-01-22T10:33:46", "content": "", "title": "Backdoor:MSIL/Bladabindi", "description": "SHA256 of d7fedad434c8b6a9d112896006a072a0", "expiration": null, "is_active": 1 }, { "id": 3360594132, "indicator": "109ad2d19fd8505cd248cdbb94423bb3d97de4e8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-29-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d7fedad434c8b6a9d112896006a072a0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsSystem\" fullword wide \n \t\t $s2= \"https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerMain\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022484b45} \n \t\t $hex2= {2473323d2022687474} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb Group", "expiration": null, "is_active": 1 }, { "id": 3360594133, "indicator": "227b4e49d41bcc9ff097773fad550550e0d910e3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_013812e170d2ec2e02bbb6cd8c1b30ec4864e19c0b786f2e1390753e031c0501 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_013812e170d2ec2e02bbb6cd8c1b30ec4864e19c0b786f2e1390753e031c0501 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-12-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e6289e7f9f26be692cbe6f335a706014\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"SOFTWAREMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun\" fullword ascii \n \t\t $a3= \"SoftwareMicrosoftWindowsCurrentVersionPoliciesSystemShell\" fullword ascii \n \n \t\t $hex1= {2461313d2022534f46} \n \t\t $hex2= {2461323d2022536f66} \n \t\t $hex3= {2461333d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_30_013812e170d2ec2e02bbb6cd8c1b30ec4864e19c0b786f2e1390753e031c0501 Group", "expiration": null, "is_active": 1 }, { "id": 3360594134, "indicator": "c8f5d4f4a42e1d88684c9e5cc2762709210e5c90", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_cd2d206d320a343bcc26714130c6c1160102afc41edd256f9fc944b7a3de9c36 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_cd2d206d320a343bcc26714130c6c1160102afc41edd256f9fc944b7a3de9c36 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-12-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"002e27938c9390a942cf4b4c319f1768\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"h@AAD@EAH@IAL@MAP@QAT@UAX@YA@]A`@aAd@eAh@iAl@mAp@qAt@uAx@yA|@}A\" fullword ascii \n \n \t\t $hex1= {2461313d2022684041} \n \t\t $hex2= {2473313d2022362e30} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_30_cd2d206d320a343bcc26714130c6c1160102afc41edd256f9fc944b7a3de9c36 Group", "expiration": null, "is_active": 1 }, { "id": 3360594135, "indicator": "a38815c36d4085ef64758ae1223cadb8495abe96", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_9226407939dc4f0c4d4d2b6f9811a9e8ee8c2b073b9f95f11590dec440253f2a { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_9226407939dc4f0c4d4d2b6f9811a9e8ee8c2b073b9f95f11590dec440253f2a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-12-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"853a20f5fc6d16202828df132c41a061\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"Okbps]naXIe_nkokbpXSej`ksoX?qnnajpRanoekjXLkhe_eaoXAtlhknanXNqj\" fullword ascii \n \n \t\t $hex1= {2461313d20224f6b62} \n \t\t $hex2= {2473313d2022362e30} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_30_9226407939dc4f0c4d4d2b6f9811a9e8ee8c2b073b9f95f11590dec440253f2a Group", "expiration": null, "is_active": 1 }, { "id": 3360594136, "indicator": "b5c462371dd81b58f1660108070b212f42f901c3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_d2c5e3ce8fcdbf70e06b63437c24788e6fca61742c8cce76374f5bcda95a0585 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_d2c5e3ce8fcdbf70e06b63437c24788e6fca61742c8cce76374f5bcda95a0585 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-11-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b590c15499448639c2748ff9e0d214b2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"Okbps]naXIe_nkokbpXSej`ksoX?qnnajpRanoekjXLkhe_eaoXAtlhknanXNqj\" fullword ascii \n \n \t\t $hex1= {2461313d20224f6b62} \n \t\t $hex2= {2473313d2022362e30} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_30_d2c5e3ce8fcdbf70e06b63437c24788e6fca61742c8cce76374f5bcda95a0585 Group", "expiration": null, "is_active": 1 }, { "id": 3360594137, "indicator": "7482973910b1077048fb9478541cd26302ab4c9a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_b4e93bb2693f2ea647c42c7e4bd63ef0ab61d6c53affa6799a52b06d8c99f719 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_b4e93bb2693f2ea647c42c7e4bd63ef0ab61d6c53affa6799a52b06d8c99f719 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-11-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9c0cad1560cd0ffe2aa570621ef7d0a0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"Okbps]naXIe_nkokbpXSej`ksoX?qnnajpRanoekjXLkhe_eaoXAtlhknanXNqj\" fullword ascii \n \n \t\t $hex1= {2461313d20224f6b62} \n \t\t $hex2= {2473313d2022362e30} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_30_b4e93bb2693f2ea647c42c7e4bd63ef0ab61d6c53affa6799a52b06d8c99f719 Group", "expiration": null, "is_active": 1 }, { "id": 3360594138, "indicator": "f7168102230349f9e21b99b66d6a2871dd333fef", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_30_ba2e8bee0e14c1689cc2df494b92924c547fff8f95f0d36e8925db9c2c0db8e4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_30_ba2e8bee0e14c1689cc2df494b92924c547fff8f95f0d36e8925db9c2c0db8e4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-11-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d8e68db503f4155ed1aeba95d1f5e3e4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)\" fullword wide \n \t\t $a1= \"Plcqt^obYJf`olplcqYTfkaltpY@roobkqSbopflkYMlif`fbpYBumiloboYOrk\" fullword ascii \n \n \t\t $hex1= {2461313d2022506c63} \n \t\t $hex2= {2473313d2022362e30} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_30_ba2e8bee0e14c1689cc2df494b92924c547fff8f95f0d36e8925db9c2c0db8e4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594139, "indicator": "b7a73184ddaefdf1314e82c0e404f67ccabe152a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_57ea0710204049b0e64ad6e013920911b230c034ab255c78326aaf2a00183418 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_57ea0710204049b0e64ad6e013920911b230c034ab255c78326aaf2a00183418 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"059a7482efee3b2abf67c12d210cb2f7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \t\t $a2= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \n \t\t $hex1= {2461313d20226a6d6c} \n \t\t $hex2= {2461323d20227e7d7c} \n \t\t $hex3= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_57ea0710204049b0e64ad6e013920911b230c034ab255c78326aaf2a00183418 Group", "expiration": null, "is_active": 1 }, { "id": 3360594140, "indicator": "ad67b0406505e2600da6df853aa80b7c7738f9b1", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0e2b10015fe52b7ea77a213f0c330557\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"*G{000204EF-0_VBA_PROJECT\" fullword wide \n \t\t $a1= \"l}v{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA\" fullword ascii \n \t\t $a2= \"utsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA0?.5t;:9\" fullword ascii \n \t\t $a3= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA\" fullword ascii \n \t\t $a4= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBAH\" fullword ascii \n \n \t\t $hex1= {2461313d20226c7d76} \n \t\t $hex2= {2461323d2022757473} \n \t\t $hex3= {2461333d20227e7d7c} \n \t\t $hex4= {2461343d20227e7d7c} \n \t\t $hex5= {2473313d2022446f63} \n \t\t $hex6= {2473323d20222a477b} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 Group", "expiration": null, "is_active": 1 }, { "id": 3360594141, "indicator": "624fd778ed436981a55e6db168faf1e4e5591455", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1169fb2eb93616ced7536a53fb05648\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594142, "indicator": "08746db7bfe6825fe9dae0be03c0ee0fea6fb74a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1dcad7c8f56207b2c423353f0c328755\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 Group", "expiration": null, "is_active": 1 }, { "id": 3360594143, "indicator": "c54b6f32e7513dfa5662be163ae81691ff9455c0", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19a0693480c82f2b7fc8659d8f91717a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba Group", "expiration": null, "is_active": 1 }, { "id": 3360594144, "indicator": "fed9e4661044f8e658ebd021ab944f382dc9fa3f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_bc2472f4aa06ddd5ebc75100453b4d226b59276d770a9eae6a2e62d7aa5026e9 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_bc2472f4aa06ddd5ebc75100453b4d226b59276d770a9eae6a2e62d7aa5026e9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f4f14d4a1e34f62eeb9a90b5c8b2cfc1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \t\t $a2= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \n \t\t $hex1= {2461313d20226a6d6c} \n \t\t $hex2= {2461323d20227e7d7c} \n \t\t $hex3= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_bc2472f4aa06ddd5ebc75100453b4d226b59276d770a9eae6a2e62d7aa5026e9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594145, "indicator": "9bf06ac11c4ad5e93cf7b1ea4b8b8b8c98e146f9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_bb66a71fb354f0fcedebf9c3f1179604f038d44b54dcf5382a02cb7534366e2a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_bb66a71fb354f0fcedebf9c3f1179604f038d44b54dcf5382a02cb7534366e2a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b600089a93275fa93558695b707b87ad\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \";:9876543210/.-,+*)(\" fullword ascii \n \t\t $a2= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \n \t\t $hex1= {2461313d20223b3a39} \n \t\t $hex2= {2461323d20226a6d6c} \n \t\t $hex3= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_bb66a71fb354f0fcedebf9c3f1179604f038d44b54dcf5382a02cb7534366e2a Group", "expiration": null, "is_active": 1 }, { "id": 3360594146, "indicator": "86bafbdf523048295e96f945912d71be47db5ee6", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"22be9cca6e4ec3af327595b890a92fec\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"mailto:gh.kurban@googlemail.com\" fullword wide \n \t\t $s3= \"WW-Absatz-Standardschriftart\" fullword wide \n \t\t $s4= \"WW-Absatz-Standardschriftart1\" fullword wide \n \t\t $s5= \"WW-Absatz-Standardschriftart11\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2473313d2022446f63} \n \t\t $hex3= {2473323d20226d6169} \n \t\t $hex4= {2473333d202257572d} \n \t\t $hex5= {2473343d202257572d} \n \t\t $hex6= {2473353d202257572d} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594147, "indicator": "2f1cde31c35f1fba2258d46ee07d9e1b59ba4d2a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3b4cf5f1ff8c4187e41c6ab80f000491\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 Group", "expiration": null, "is_active": 1 }, { "id": 3360594148, "indicator": "c37ac7c12eb3999622a023076aad4ed893b8714f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6de813a22b2b73e330085ec7c85e041b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 Group", "expiration": null, "is_active": 1 }, { "id": 3360594149, "indicator": "42418cc7727d12a4a9e29cac363b66dca4468b41", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"15e8a1c4d5021e76f933cb1bc895b9c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d202257696e} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 Group", "expiration": null, "is_active": 1 }, { "id": 3360594150, "indicator": "92e2e0cb87420af25bd92e47ff8f379ae28403e9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"852f562812305ad099372109f8e8b189\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 Group", "expiration": null, "is_active": 1 }, { "id": 3360594151, "indicator": "e4d64d418dac38f25c7a656a1326124f542c6ce3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e51a4cc0272a98e9eddfec16667603f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 Group", "expiration": null, "is_active": 1 }, { "id": 3360594152, "indicator": "2d13b7aef23654c691d15d63a238d5e9451a6ede", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"66684b8b82fb5318a41ab7e6abb8dd42\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 Group", "expiration": null, "is_active": 1 }, { "id": 3360594153, "indicator": "b0fa07308573d0ef834c8ef857aae3c988c9d002", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e7f1589362f77d770063922b068e47aa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \">B@@BFDDFJHHJNLLNRPPRVTTVZXXZ^\\\\^b``bfddfxizk|m~oPqRsTuVwXyZ{}^\" fullword ascii \n \t\t $a2= \"Content-Location: file:///C:/23456789/Doc1.files/filelist.xml\" fullword ascii \n \t\t $a3= \"Content-Location: file:///C:/23456789/Doc1.files/ocxstg001.mso\" fullword ascii \n \n \t\t $hex1= {2461313d20223e4240} \n \t\t $hex2= {2461323d2022436f6e} \n \t\t $hex3= {2461333d2022436f6e} \n \t\t $hex4= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a Group", "expiration": null, "is_active": 1 }, { "id": 3360594154, "indicator": "50af7748b5bbf6b6abafa860de33fe1aed2fe254", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_673e6ec23741e68b7454d21992aa593294be657c6b938bd368fb81761a5200dd { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_673e6ec23741e68b7454d21992aa593294be657c6b938bd368fb81761a5200dd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e5954b8204eb321d20bed4a86b3cef34\" \n \n \tstrings: \n \n \t \n \t\t $a1= \"1.;84+748 30?&/-#;+)90'%5=#!0:\" fullword ascii \n \t\t $a2= \"DEKMCUGCL@DLTU^NTU[]SEWSPTDEN^dekmcugcl`dltu~ntu{}sews|pt|den~\" fullword ascii \n \t\t $a3= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \n \t\t $hex1= {2461313d2022312e3b} \n \t\t $hex2= {2461323d202244454b} \n \t\t $hex3= {2461333d20227e7d7c} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_673e6ec23741e68b7454d21992aa593294be657c6b938bd368fb81761a5200dd Group", "expiration": null, "is_active": 1 }, { "id": 3360594155, "indicator": "eae8ae4a84f61b98e30438172fbcd046cc851915", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9b198f1e260700bdcb4740266cd35b3f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b Group", "expiration": null, "is_active": 1 }, { "id": 3360594156, "indicator": "bf2202c4cc85886c8961d744de27d10267347eb2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8d3036a65ac2404d4562cdb927fd3d2c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594157, "indicator": "8015d9aa6cc3e398e58b387e81999d0fb647712a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_41d1b14437a0a85d04f5e36a95cd99ae54968af94730a31bac1eb3ba15294b8e { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_41d1b14437a0a85d04f5e36a95cd99ae54968af94730a31bac1eb3ba15294b8e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6eb5932b0ed20f11f1a887bcfbdde10f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \";:3876%432Z0/.\" fullword ascii \n \t\t $a2= \";:9876543210/.-,+*)\" fullword ascii \n \t\t $a3= \";:9876543210/.-,+*)(\" fullword ascii \n \t\t $a4= \";:9876543210/.-,+*)('&%$\" fullword ascii \n \t\t $a5= \"aP222?66>3:::7>>GKBBCOFFOCJJKGNMXZRRYVVPUZYTP^]iobanjfecxji`\" fullword ascii \n \t\t $a6= \"~e|{zaxwvmtsriponulkjqhgf}dcby`_^E[ZAXWVMTSRIPONULKJIHGF]DCB\" fullword ascii \n \t\t $a7= \"~zyuu}a`gwqpz|v`njieemqpwga`jlfp^ZYUU]A@GWQPZV@NJIEEMQPWGA@JLFP\" fullword ascii \n \n \t\t $hex1= {2461313d20223b3a33} \n \t\t $hex2= {2461323d20223b3a39} \n \t\t $hex3= {2461333d20223b3a39} \n \t\t $hex4= {2461343d20223b3a39} \n \t\t $hex5= {2461353d2022615032} \n \t\t $hex6= {2461363d20227e657c} \n \t\t $hex7= {2461373d20227e7a79} \n \t\t $hex8= {2473313d2022433a4d} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_21_41d1b14437a0a85d04f5e36a95cd99ae54968af94730a31bac1eb3ba15294b8e Group", "expiration": null, "is_active": 1 }, { "id": 3360594251, "indicator": "4309837ba4dfbd32626e3e722347fc10d1adb549", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-10-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a0e350787e4134ea91ccb26d17cdf167\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 Group", "expiration": null, "is_active": 1 }, { "id": 3360594252, "indicator": "b8033f5b47392a7a17ff9e095e9407101948e978", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"89bfd463ca76b62c61a548778316567d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf Group", "expiration": null, "is_active": 1 }, { "id": 3360594253, "indicator": "6050dba6b3efc67b72dbacff3074a40fa8e922f7", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d04a7f30c83290b86cac8d762dcc2df5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef Group", "expiration": null, "is_active": 1 }, { "id": 3360594254, "indicator": "4e979df4084e27f3c6224eec2f7a54ddb0512f55", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d687cfde1c4ea77de1b92ea2f9e90ad5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 Group", "expiration": null, "is_active": 1 }, { "id": 3360594255, "indicator": "9dbeffdae3b8ca3ad9d1f74e4dcaa9dec0afbd80", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"294da087e6329ae78c1a5fb42b999500\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba Group", "expiration": null, "is_active": 1 }, { "id": 3360594256, "indicator": "bb551a88f8eea287ac883b9b190d357a837635a9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_fa7cbe1bae47909c4e4796652be7e3d353e19be408684665d0ac298609f8b918 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_fa7cbe1bae47909c4e4796652be7e3d353e19be408684665d0ac298609f8b918 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"29a420e52b56bfadf9f0701318524bef\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \";:9876543210/.-,+*)(\" fullword ascii \n \t\t $a2= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \n \t\t $hex1= {2461313d20223b3a39} \n \t\t $hex2= {2461323d20226a6d6c} \n \t\t $hex3= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_fa7cbe1bae47909c4e4796652be7e3d353e19be408684665d0ac298609f8b918 Group", "expiration": null, "is_active": 1 }, { "id": 3360594257, "indicator": "90da9cbe562f920155acc86effe10e1edaab0468", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"81d92e20f3078bd8e43b226308393e43\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb Group", "expiration": null, "is_active": 1 }, { "id": 3360594258, "indicator": "2a4c3738d29890d644e0338aee131a18c1b1aacb", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"03e8d330abc77a6a9d635d2e7c0e213a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 Group", "expiration": null, "is_active": 1 }, { "id": 3360594259, "indicator": "4d99a6eb44e9129a3c19b2a7731a5843b22510d8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7b92e9d21bc4db838bc102b289f4fd5f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 Group", "expiration": null, "is_active": 1 }, { "id": 3360594260, "indicator": "52ba91c3b30a29427e27134869492b50d2b2885c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9c544da8c23826379d60581cce17a483\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f Group", "expiration": null, "is_active": 1 }, { "id": 3360594261, "indicator": "da6968c37d38d78c4059090be0fede2b692785a3", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e35b31472a2e603a995198d8e8411ed\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 Group", "expiration": null, "is_active": 1 }, { "id": 3360594262, "indicator": "a322205d00d693c56645d4ca1ba455098767bba8", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"aa5a1cd27c964bc229156a521fbd6a4b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:My Documentswinword8.doc\" fullword wide \n \t\t $a1= \">B@@BFDDFJHHJNLLNRPPRVTTVZXXZ^\\\\^b``bfddfxizk|m~oPqRsTuVwXyZ{}^\" fullword ascii \n \t\t $a2= \"Content-Location: file:///C:/23456789/Doc1.files/filelist.xml\" fullword ascii \n \t\t $a3= \"Content-Location: file:///C:/23456789/Doc1.files/ocxstg001.mso\" fullword ascii \n \n \t\t $hex1= {2461313d20223e4240} \n \t\t $hex2= {2461323d2022436f6e} \n \t\t $hex3= {2461333d2022436f6e} \n \t\t $hex4= {2473313d2022433a4d} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe Group", "expiration": null, "is_active": 1 }, { "id": 3360594263, "indicator": "c327d5fb28abfed67059aead92b82052bffffe65", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1f26e5f9b44c28b37b6cd13283838366\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f Group", "expiration": null, "is_active": 1 }, { "id": 3360594264, "indicator": "293ac75fd421103596fc7e3c4aba3575df78bcec", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_8086adf9963faf3b6142bfecbab01d12874cbfa12b0e7de00196e48d9220ebca { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_8086adf9963faf3b6142bfecbab01d12874cbfa12b0e7de00196e48d9220ebca Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"63494c74db9bfc2bba3983698c952de9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $a1= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \t\t $a2= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \n \t\t $hex1= {2461313d20226a6d6c} \n \t\t $hex2= {2461323d20227e7d7c} \n \t\t $hex3= {2473313d2022446f63} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_8086adf9963faf3b6142bfecbab01d12874cbfa12b0e7de00196e48d9220ebca Group", "expiration": null, "is_active": 1 }, { "id": 3360594265, "indicator": "0d2960591f51c63ac2aabad375d73382273d92d5", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e5b1ffd2ecd7e610d07d093d65639da9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af Group", "expiration": null, "is_active": 1 }, { "id": 3360594266, "indicator": "964a2ebb5f0e37b110306929f9526e45ab2638e2", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d80c29813bfbc3cbcbd469249d49ebf3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a Group", "expiration": null, "is_active": 1 }, { "id": 3360594308, "indicator": "bfcf436d018913ab1eb94a2cf1ab3582ae2fa79c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eb5761c410b5139f23235e9b67964495\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a Group", "expiration": null, "is_active": 1 }, { "id": 3360594309, "indicator": "0528af083da2267227bbd462b6da8c64dcc25a85", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"81591ae1c975b8a0b5ad5546a103992c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 Group", "expiration": null, "is_active": 1 }, { "id": 3360594310, "indicator": "e94bae098932746db13eccfc264d1a623484c257", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6d00e4f95fba02126b32bb74dc4fec55\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc Group", "expiration": null, "is_active": 1 }, { "id": 3360594311, "indicator": "19df9be37108485e8a6d53f63733643a85c84780", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b990752f8266d7648070bea7e24d326f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 Group", "expiration": null, "is_active": 1 }, { "id": 3360594312, "indicator": "c8f0313a9408976031651f16c33c214dfed3588f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"db6e36f962fdb58c8e9f8f9a781fda66\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s3= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2473313d20227c6d78} \n \t\t $hex2= {2473323d202279687d} \n \t\t $hex3= {2473333d20222f5a49} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594313, "indicator": "805f5e0c2d165d665279aa6588a31a43950043ea", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6afeec03c8f4bc78fa2b3ad27392b0e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 Group", "expiration": null, "is_active": 1 }, { "id": 3360594314, "indicator": "fa7c057cff3358799e492a60475d8c572014d0a9", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_29b606a091059947f4ca9916a7a50b56491c18b864cbbf6dcfe854dce720df05 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_29b606a091059947f4ca9916a7a50b56491c18b864cbbf6dcfe854dce720df05 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"36ed86602661bb3a7a55e69fde90ee73\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $a1= \"jml6698:>98>:EDBFA@FBMLJNIHNJUTRVQPVR]Z^YX^Zedbfa`fbmlj250n\" fullword ascii \n \t\t $a2= \"~}|{zyxwvutsrqponmlkjihgfedcba`_^][ZYXWVUTSRQPONMLKJIHGFEDCBA@\" fullword ascii \n \n \t\t $hex1= {2461313d20226a6d6c} \n \t\t $hex2= {2461323d20227e7d7c} \n \t\t $hex3= {2473313d2022446f63} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_29b606a091059947f4ca9916a7a50b56491c18b864cbbf6dcfe854dce720df05 Group", "expiration": null, "is_active": 1 }, { "id": 3360594315, "indicator": "f8828b951ceffed146e82d7f56afeb93712be886", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"778c1764dd5c36c1eb96c49a8f8441e6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 Group", "expiration": null, "is_active": 1 }, { "id": 3360594316, "indicator": "9d6b65cc7b00b39b28db435ad72833eae7a5b460", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"33334d8dc36c4ee7739fe2f8b448da72\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $a1= \"SoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders\" fullword ascii \n \t\t $a2= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d2022536f66} \n \t\t $hex2= {2461323d202257696e} \n \t\t $hex3= {2473313d202257696e} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd Group", "expiration": null, "is_active": 1 }, { "id": 3360594317, "indicator": "36ca57bad3e2f6c0172f6cada07e3d5e67926a9a", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"677f7c42f79a0a58760056529739fdd6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s2= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s3= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s4= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \t\t $a1= \"Win7UACWin7ElevateV2_SourceWin32ReleaseWin7ElevateDll32.pdb\" fullword ascii \n \n \t\t $hex1= {2461313d202257696e} \n \t\t $hex2= {2473313d20227c6d78} \n \t\t $hex3= {2473323d202257696e} \n \t\t $hex4= {2473333d202279687d} \n \t\t $hex5= {2473343d20222f5a49} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 Group", "expiration": null, "is_active": 1 }, { "id": 3360594318, "indicator": "f6ee650b5a356409d6966dc6c2c95e794d923491", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_APT_21_80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-09-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"45782441c73fa949495ffafdb8f9bb62\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $a1= \"AINFBF@GNBCLMNOPQRQ UZZZ^YT^U_`aba9ekjhcmdcba`xyrstuvu%ywv|~yp\" fullword ascii \n \t\t $a2= \"Content-Location: file:///C:/23456789/Doc1.files/filelist.xml\" fullword ascii \n \t\t $a3= \"Content-Location: file:///C:/23456789/Doc1.files/ocxstg001.mso\" fullword ascii \n \t\t $a4= \"lXxsaVtwjTpkwKlnpAhc}Ldf~J`ZBv]DtXQIzTVraPIo|LMhzHAeqDEfw@9\" fullword ascii \n \n \t\t $hex1= {2461313d202241494e} \n \t\t $hex2= {2461323d2022436f6e} \n \t\t $hex3= {2461333d2022436f6e} \n \t\t $hex4= {2461343d20226c5878} \n \t\t $hex5= {2473313d2022446f63} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_APT_21_80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692 Group", "expiration": null, "is_active": 1 }, { "id": 3360594319, "indicator": "7ac5e8cd72577d9cb9b7d8fca58390ec4554a99c", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Equation_Group_47a4adb9de90ca98cfa68784ba90121f72c3d207f34b4b7c8bea285e30f4b08f { \n \tmeta: \n \t\t description= \"APTMalware_Equation_Group_47a4adb9de90ca98cfa68784ba90121f72c3d207f34b4b7c8bea285e30f4b08f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-08-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ea943c7cc83d853de678c58b838fbd65\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aslam.Shreya Ghoshal).mp3\" fullword wide \n \t\t $s2= \"ira_featuring_freshlyground-waka_waka_(this_time_for_.mp3\" fullword wide \n \n \t\t $hex1= {2473313d202241736c} \n \t\t $hex2= {2473323d2022697261} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Equation_Group_47a4adb9de90ca98cfa68784ba90121f72c3d207f34b4b7c8bea285e30f4b08f Group", "expiration": null, "is_active": 1 }, { "id": 3360594320, "indicator": "9673548f4a95b8bd112b1014492fc24d11ee9975", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_358da2c5bb5fbd9c9cf791536054bbb387ce37253c31555f5afa544f38de2a3f { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_358da2c5bb5fbd9c9cf791536054bbb387ce37253c31555f5afa544f38de2a3f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9e5cf794fe50442c8b8fb6b132507d41\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_358da2c5bb5fbd9c9cf791536054bbb387ce37253c31555f5afa544f38de2a3f Group", "expiration": null, "is_active": 1 }, { "id": 3360594321, "indicator": "028bcb7aaf3052559b3b633f291ef69d1b21d4ec", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_6367cb0663c2898aff64440176b409c1389ca7834e752b350a87748bef3a878b { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6367cb0663c2898aff64440176b409c1389ca7834e752b350a87748bef3a878b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c6cd8ca870dc15999ee858981eb322ab\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5265882854508EFCF958F979E4\" fullword wide \n \t\t $s2= \"adultfriendfrance.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s3= \"adultfriendgermany.com/wp-includes/pomo/source.php\" fullword wide \n \t\t $s4= \"adultfrienditaly.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022353236} \n \t\t $hex2= {2473323d2022616475} \n \t\t $hex3= {2473333d2022616475} \n \t\t $hex4= {2473343d2022616475} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \t\t $hex8= {2473383d2022536f66} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6367cb0663c2898aff64440176b409c1389ca7834e752b350a87748bef3a878b Group", "expiration": null, "is_active": 1 }, { "id": 3360594322, "indicator": "efd2337542b40711b07bf8b2e0bf92bce68652fa", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_cb58396d40e69d5c831f46aed93231ed0b7d41fee95f8da7c594c9dbd06ee111 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_cb58396d40e69d5c831f46aed93231ed0b7d41fee95f8da7c594c9dbd06ee111 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"03637d861d1b58863a212d4993fe4d2f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5265882854508EFCF958F979E4\" fullword wide \n \t\t $s2= \"adultfriendfrance.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s3= \"adultfriendgermany.com/wp-includes/pomo/source.php\" fullword wide \n \t\t $s4= \"adultfrienditaly.com/wp-includes/pomo/src.php\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022353236} \n \t\t $hex2= {2473323d2022616475} \n \t\t $hex3= {2473333d2022616475} \n \t\t $hex4= {2473343d2022616475} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \t\t $hex8= {2473383d2022536f66} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_cb58396d40e69d5c831f46aed93231ed0b7d41fee95f8da7c594c9dbd06ee111 Group", "expiration": null, "is_active": 1 }, { "id": 3360594323, "indicator": "ce86da1c84b51e68efea740b192c7398edfb8a8f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b7a6f203da2a8fe289465c71351e029a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"blog.iclt.am/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s2= \"coma.nsourcer.com/modules/search/frontend/default/src.php?id=\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"www.rutravel.com/admin/include/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022626c6f} \n \t\t $hex3= {2473323d2022636f6d} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022436f6e} \n \t\t $hex6= {2473353d2022484152} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 Group", "expiration": null, "is_active": 1 }, { "id": 3360594324, "indicator": "52fb6ba17247ccc80c5592685229d90939899896", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2b846203387b5d3985d7cd7e5b08ada4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594325, "indicator": "87f3bd09f56ae473c935f1d9feceae99f67e0f9e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"56fc63042b5539d9f2ab2fcfd01cf998\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"blog.vraert.com/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"wildlifehc.org/nest/services/source.php?id=\" fullword wide \n \t\t $s10= \"www.suma-shop.ir/modules/sekeywords/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022626c6f} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d202277696c} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b Group", "expiration": null, "is_active": 1 }, { "id": 3360594326, "indicator": "53e505acc4584df58a3e77854f84d67c1c388c44", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_4c5c02fbd6f35cad2e0a6f15e769bc6d4413219ce059cc11be7589f5d54645ea { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_4c5c02fbd6f35cad2e0a6f15e769bc6d4413219ce059cc11be7589f5d54645ea Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-04-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"55bcc745895af1c6f459750b740cd628\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_4c5c02fbd6f35cad2e0a6f15e769bc6d4413219ce059cc11be7589f5d54645ea Group", "expiration": null, "is_active": 1 }, { "id": 3360594327, "indicator": "c27b5052d13024d955e3078b6265c379897b9277", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"be30d12507c220c2c0944ad0623a02e6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"cadlab.ru/components/com_search/com_search.php\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"entirenetwork.ru/components/com_search/search.src.php\" fullword wide \n \t\t $s5= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s6= \"radiolocator.ru/includes/domit/dom_xmlrpc_builder_src.php\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {2473313d2022636164} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022656e74} \n \t\t $hex6= {2473353d2022484152} \n \t\t $hex7= {2473363d2022726164} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594328, "indicator": "4f1a403d4cb0bbf671bebc588dc2b2c1bdd1a6de", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_f6aab09e1c52925fe599246dfdb4c1d06bea5c380c4c3e9c33661c869d41a23a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_f6aab09e1c52925fe599246dfdb4c1d06bea5c380c4c3e9c33661c869d41a23a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8b9d2e83ef757a6ad6fea28dfe8a0ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_f6aab09e1c52925fe599246dfdb4c1d06bea5c380c4c3e9c33661c869d41a23a Group", "expiration": null, "is_active": 1 }, { "id": 3360594329, "indicator": "067b9693529559dc77f4a58952703d5afcf68c2f", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_aafbf4bba99c47e7d05c951ad964ce09493db091ba5945e89df916c6fa95d101 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_aafbf4bba99c47e7d05c951ad964ce09493db091ba5945e89df916c6fa95d101 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a79ba17784e0183120cee6dfbf49e476\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"serviciosglobal.com/inc/search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"theluvsite.com/modules/search/src.php?id=\" fullword wide \n \t\t $s6= \"www.auslogics.com/includes/software/src.tpl?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022736572} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022746865} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_aafbf4bba99c47e7d05c951ad964ce09493db091ba5945e89df916c6fa95d101 Group", "expiration": null, "is_active": 1 }, { "id": 3360594330, "indicator": "0d6015f6fae4cbca146918f676755bb447a9e397", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_61969cd978cd2de3a13a10510d0dea5d0d3b212209804563ed3d42033a9d0f54 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_61969cd978cd2de3a13a10510d0dea5d0d3b212209804563ed3d42033a9d0f54 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f1641106efc438564dcb285d5ca8c336\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"dayniilecom.com/index_files/iibka300_files/source.php?id=\" fullword wide \n \t\t $s2= \"red-opus.com/_vti_bin/_vti_aut/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cetlot.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022646179} \n \t\t $hex2= {2473323d2022726564} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_61969cd978cd2de3a13a10510d0dea5d0d3b212209804563ed3d42033a9d0f54 Group", "expiration": null, "is_active": 1 }, { "id": 3360594331, "indicator": "beadc7e730182bb35f6218ffc99a9d81ea0b102e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3a922a167415d3e5abcaca21f6de0b3a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"anymax.ru/modules/mod_search/source.php\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"ogizni.ru/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"waytomiracle.com/physics/wp-includes/pomo/src.php\" fullword wide \n \n \t\t $hex1= {247331303d20227761} \n \t\t $hex2= {2473313d2022616e79} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226f6769} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 Group", "expiration": null, "is_active": 1 }, { "id": 3360594332, "indicator": "dcc35a6c664edc697cc6142bc889e2faa765ee7d", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_0c9b20f4cb0b3206f81c2afbb2ee4d995c28f74f38216f7d35454af624af8876 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0c9b20f4cb0b3206f81c2afbb2ee4d995c28f74f38216f7d35454af624af8876 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9878cf9e6b555470d3a2ae25cc2ec7f5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0c9b20f4cb0b3206f81c2afbb2ee4d995c28f74f38216f7d35454af624af8876 Group", "expiration": null, "is_active": 1 }, { "id": 3360594333, "indicator": "ccba368a91d61c3deb36a66f15c2d08f797c8765", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_ebb16c9536e6387e7f6988448a3142d17ab695b2894624f33bd591ceb3e46633 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_ebb16c9536e6387e7f6988448a3142d17ab695b2894624f33bd591ceb3e46633 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"979464521c927226ac683ec4c88c6218\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_ebb16c9536e6387e7f6988448a3142d17ab695b2894624f33bd591ceb3e46633 Group", "expiration": null, "is_active": 1 }, { "id": 3360594334, "indicator": "4b880ccf5f9499d48cc3bcfdc082aae26d76472e", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_ce99e5f64f2d1e58454f23b4c1de33d71ee0b9fcd52c9eb69569f1c420332235 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_ce99e5f64f2d1e58454f23b4c1de33d71ee0b9fcd52c9eb69569f1c420332235 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"68a5f818c807a73466041c6d2593d873\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"productosmiller.com/includes/modules/iddx.php?id=\" fullword wide \n \t\t $s2= \"sabioq.com/Connections/_notes/dxml.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"vamcart.com/modules/system/blocks/system.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d202270726f} \n \t\t $hex2= {2473323d2022736162} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d202276616d} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_ce99e5f64f2d1e58454f23b4c1de33d71ee0b9fcd52c9eb69569f1c420332235 Group", "expiration": null, "is_active": 1 }, { "id": 3360594335, "indicator": "c0b28c34e7bdacb0bb55dc1e07edf17da3aa7067", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bda42195bd9bb32b50a88b6a31f9a1e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"artem.sataev.com/blog/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"lkgames.com/fr/free-game-action-ball-2/source.php?id=\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"swissitaly.com/includes/phpmailer/class.pop3.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227377} \n \t\t $hex2= {2473313d2022617274} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226c6b67} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594336, "indicator": "a98f1a3548512c8c99f1907e0586c2d6e68af605", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cfceef37dd8338f11a022f9afce0c451\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: gzip,deflate,bzip2,sdch\" fullword wide \n \t\t $s2= \"Content-Type: application/x-www-form-urlencoded\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySPLN\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022436f6e} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac Group", "expiration": null, "is_active": 1 }, { "id": 3360594337, "indicator": "183ca5acd1bc77625d7431e920fb08bb4635c03b", "type": "YARA", "created": "2022-01-22T10:33:46", "content": "rule resteex_APTMalware_Energetic_Bear_87d1d820fd4faea5a48aa3a26d6b5d742b457bff6d291e03dce257d6861766f7 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_87d1d820fd4faea5a48aa3a26d6b5d742b457bff6d291e03dce257d6861766f7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6f26aa8f74da02c4b13af1560ad158fe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"geointeres.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"ojoobo.com/modules/forum/forum-source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.prosperis.com/cms/sections/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d202267656f} \n \t\t $hex2= {2473323d20226f6a6f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_87d1d820fd4faea5a48aa3a26d6b5d742b457bff6d291e03dce257d6861766f7 Group", "expiration": null, "is_active": 1 }, { "id": 3360594338, "indicator": "5596ddb9affc2fd075add967069423d8b9e94703", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_b8f2fdddf7a9d0b813931e0efe4e6473199688320d5e8289928fe87ce4b1d068 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_b8f2fdddf7a9d0b813931e0efe4e6473199688320d5e8289928fe87ce4b1d068 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9d897336c0ebee45d51dc2e8c8444c39\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"chimesy.com/kurdish/modules/Statistics/source.php?id=\" fullword wide \n \t\t $s2= \"newdawnkenya.com/modules/mod_search/src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cubasitours.com/htmlMimeMail5/ejemplo/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022636869} \n \t\t $hex2= {2473323d20226e6577} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_b8f2fdddf7a9d0b813931e0efe4e6473199688320d5e8289928fe87ce4b1d068 Group", "expiration": null, "is_active": 1 }, { "id": 3360594339, "indicator": "75b0b9f549a287f310462c5455f934e8b81e243d", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2c109406998723885cf04c3ced7af8010665236459d6fe610e678065994154d4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2c109406998723885cf04c3ced7af8010665236459d6fe610e678065994154d4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"188adb469567fcef3a6fae98d3877bd5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2c109406998723885cf04c3ced7af8010665236459d6fe610e678065994154d4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594482, "indicator": "ec3e2325cf0741b0bf88c5ea9ee45942613adcc9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_66ec58b4bdcb30d1889972c1ee30af7ff213deece335f798e57ff51fe28752e3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_66ec58b4bdcb30d1889972c1ee30af7ff213deece335f798e57ff51fe28752e3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"666a43f1b710a4e8b8d2a97118e7af06\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"abainternationaltoursandtravel.com/hiking_Safaris/source.php?id=\" fullword wide \n \t\t $s2= \"giant99.com/site-admin/pages/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.nahoonservices.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $a1= \"88+P}ta+VmglIa`meGkjpajp+Ewwapw$50$4$V+Gkjbmcqvepmkjw$_52$4$VY::\" fullword ascii \n \t\t $a2= \"8paithepa$|ihjw9&lppt>++sss*|be*kvc+wglaie+|be)paithepa+6*2+&:\" fullword ascii \n \n \t\t $hex1= {2461313d202238382b} \n \t\t $hex2= {2461323d2022387061} \n \t\t $hex3= {2473313d2022616261} \n \t\t $hex4= {2473323d2022676961} \n \t\t $hex5= {2473333d2022536f66} \n \t\t $hex6= {2473343d2022536f66} \n \t\t $hex7= {2473353d2022536f66} \n \t\t $hex8= {2473363d2022536f66} \n \t\t $hex9= {2473373d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_66ec58b4bdcb30d1889972c1ee30af7ff213deece335f798e57ff51fe28752e3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594483, "indicator": "cfc16783fdadc3479f4d6a5f39c183ecbe1152f4", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_aef82593822a934b77b81ebc461c496c4610474727539b0b6e1499ca836f0dee { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_aef82593822a934b77b81ebc461c496c4610474727539b0b6e1499ca836f0dee Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c88ad88125757a2e76a98f3137e4a048\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tallhoody.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $s6= \"www.prosperis.com/cms/email/mail.php?id=\" fullword wide \n \t\t $s7= \"ytu.am/modules/mod_search/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d202274616c} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022797475} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_aef82593822a934b77b81ebc461c496c4610474727539b0b6e1499ca836f0dee Group", "expiration": null, "is_active": 1 }, { "id": 3360594484, "indicator": "2260f04630ec3067fe25825a71366f935a152e9b", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_101e70a5455212b40406fe70361995a3a346264eabd4029200356565d2bacd6a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_101e70a5455212b40406fe70361995a3a346264eabd4029200356565d2bacd6a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b61d0080133fe0910048cf811ed7d049\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_101e70a5455212b40406fe70361995a3a346264eabd4029200356565d2bacd6a Group", "expiration": null, "is_active": 1 }, { "id": 3360594485, "indicator": "de9ea4de30be94aea9d6ac93d590250cdc513dc9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_c66525285707daff30fce5d79eb1bdf30519586dfec4edf73e4a0845fd3d0e1c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c66525285707daff30fce5d79eb1bdf30519586dfec4edf73e4a0845fd3d0e1c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3cc770e20f45626e7bd7d0645f1264f9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c66525285707daff30fce5d79eb1bdf30519586dfec4edf73e4a0845fd3d0e1c Group", "expiration": null, "is_active": 1 }, { "id": 3360594486, "indicator": "7502a52e59e1ac265566efd185342d6caff82a61", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_4f3ceab96fb55d0b05380a1d95bb494ca44d7a9d7f10ded02d5b6fc27c92cb05 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_4f3ceab96fb55d0b05380a1d95bb494ca44d7a9d7f10ded02d5b6fc27c92cb05 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ddbd1ecfd473ef77ef63b2e94b1c8e44\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"chimesy.com/kurdish/modules/Statistics/source.php?id=\" fullword wide \n \t\t $s2= \"newdawnkenya.com/modules/mod_search/src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cubasitours.com/htmlMimeMail5/ejemplo/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022636869} \n \t\t $hex2= {2473323d20226e6577} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_4f3ceab96fb55d0b05380a1d95bb494ca44d7a9d7f10ded02d5b6fc27c92cb05 Group", "expiration": null, "is_active": 1 }, { "id": 3360594487, "indicator": "25290bab6d9f7ae45081b851c7af59ddea051484", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_4b547b3992838cfb3b61cb25f059c0b56c2f7caaa3b894dbc20bf7b33dadc5a1 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_4b547b3992838cfb3b61cb25f059c0b56c2f7caaa3b894dbc20bf7b33dadc5a1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f9fd935b8e70dce6cfd72716050ad41e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_4b547b3992838cfb3b61cb25f059c0b56c2f7caaa3b894dbc20bf7b33dadc5a1 Group", "expiration": null, "is_active": 1 }, { "id": 3360594508, "indicator": "d0a10beb643e87ef2fa06f76ba050a0f033777c9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_6e92c2d298e25bcff17326f69882b636150d2a1af494ef8186565544f0d04d3d { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6e92c2d298e25bcff17326f69882b636150d2a1af494ef8186565544f0d04d3d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bc175f186cbfadffbaddff7adb2f1cac\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ispacs.com/cna/pages.cn/cna_source.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"strategyofroulette.com/app/usr/usr_src.php?id=\" fullword wide \n \t\t $s7= \"www.meortemple.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022697370} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022737472} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6e92c2d298e25bcff17326f69882b636150d2a1af494ef8186565544f0d04d3d Group", "expiration": null, "is_active": 1 }, { "id": 3360594509, "indicator": "a296934da6e7411fe3df53f7208fa22bd61d287c", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_abdb2da30435430f808b229f8b6856fafc154a386ef4f7c5e8de4a746e350e0c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_abdb2da30435430f808b229f8b6856fafc154a386ef4f7c5e8de4a746e350e0c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0f36f6c1f5d3ff37ac9ed9adf94cca2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"serviciosglobal.com/inc/search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"theluvsite.com/modules/search/src.php?id=\" fullword wide \n \t\t $s6= \"www.auslogics.com/includes/software/src.tpl?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022736572} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022746865} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_abdb2da30435430f808b229f8b6856fafc154a386ef4f7c5e8de4a746e350e0c Group", "expiration": null, "is_active": 1 }, { "id": 3360594510, "indicator": "68d9c0a469270eedce666273c0920c5d209941dc", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_1d768ebfbdf97ad5282e7f85da089e174b1db760f1cbdca1a815e8e6245f155a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_1d768ebfbdf97ad5282e7f85da089e174b1db760f1cbdca1a815e8e6245f155a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e1aab3f34dce501546a83d08cd956eaa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_1d768ebfbdf97ad5282e7f85da089e174b1db760f1cbdca1a815e8e6245f155a Group", "expiration": null, "is_active": 1 }, { "id": 3360594511, "indicator": "bf441fe7943457d45e978185c7a0b6b2d3c8cda7", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_1ef47da67f783f8cc8cda7481769647b754874c91e0c666f741611decd878c19 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_1ef47da67f783f8cc8cda7481769647b754874c91e0c666f741611decd878c19 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"81b0eb1c665ff0d57263040632764cad\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_1ef47da67f783f8cc8cda7481769647b754874c91e0c666f741611decd878c19 Group", "expiration": null, "is_active": 1 }, { "id": 3360594512, "indicator": "28f66d1bf75d6683376fa6e34447293c5b3f6625", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_8da93bc4d20e5f38d599ac89db26fc2f1eecbf36c14209302978d46fc4ce5412 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_8da93bc4d20e5f38d599ac89db26fc2f1eecbf36c14209302978d46fc4ce5412 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"db6adb2765915346799d9f21329eaf80\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tallhoody.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $s6= \"www.prosperis.com/cms/email/mail.php?id=\" fullword wide \n \t\t $s7= \"ytu.am/modules/mod_search/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d202274616c} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022797475} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_8da93bc4d20e5f38d599ac89db26fc2f1eecbf36c14209302978d46fc4ce5412 Group", "expiration": null, "is_active": 1 }, { "id": 3360594513, "indicator": "6ef05b6840f03c4fa444ef45860390806b6e3881", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_4ff5f102f0f1284a189485fc4c387c977dd92f0bc6a30c4d837e864aed257129 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_4ff5f102f0f1284a189485fc4c387c977dd92f0bc6a30c4d837e864aed257129 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d0b34a66a63a00425e9fa0adb02b2842\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_4ff5f102f0f1284a189485fc4c387c977dd92f0bc6a30c4d837e864aed257129 Group", "expiration": null, "is_active": 1 }, { "id": 3360594514, "indicator": "d763c9b99189f8760b1f64ffc81edd51dd13e70b", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_02e5191078497be1e6ea8bac93b6cfb9b3ee36a58e4f7dd343ac1762e7f9301e { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_02e5191078497be1e6ea8bac93b6cfb9b3ee36a58e4f7dd343ac1762e7f9301e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"038707ae48c5db96548aa8853bf8988a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7adharat.com/forum/includes/search/index_search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"wmr.ueuo.com/advertisers/TEMP/dbaza.php?id=\" fullword wide \n \t\t $s6= \"www.insigmaus.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s7= \"www.soluciones4web.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022376164} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022776d72} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_02e5191078497be1e6ea8bac93b6cfb9b3ee36a58e4f7dd343ac1762e7f9301e Group", "expiration": null, "is_active": 1 }, { "id": 3360594515, "indicator": "007b659d4f1514d83fb25c022ef11a4b862f23fd", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_ee53e509d0f2a3c888232f2232b603463b421b9c08fe7f44ed4eead0643135d3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_ee53e509d0f2a3c888232f2232b603463b421b9c08fe7f44ed4eead0643135d3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e932ec2d100968987c3d7520688a1408\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"nsourcer.com/modules/menu/menu.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tripstoasia.com/wp-content/plugins/idx.php?id=\" fullword wide \n \t\t $s6= \"www.onehellofaride.com/wp-includes/pomo/dsx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226e736f} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022747269} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_ee53e509d0f2a3c888232f2232b603463b421b9c08fe7f44ed4eead0643135d3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594516, "indicator": "b3f4e580f517df722559c9a4322bd8efafb53fd4", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_e38aa99eff1f9fedd99cf541c3255e99f3276839a883cadb6e916649522729e3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_e38aa99eff1f9fedd99cf541c3255e99f3276839a883cadb6e916649522729e3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"094e63b3e14ca69f261c3695130f7d4e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_e38aa99eff1f9fedd99cf541c3255e99f3276839a883cadb6e916649522729e3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594517, "indicator": "6147a0a5606edd19bb3ed1f55ae0e654d214bd44", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2221c2323fb6e30b9c10ee68d60b7d7be823911540bb115f75b2747d015e35f9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2221c2323fb6e30b9c10ee68d60b7d7be823911540bb115f75b2747d015e35f9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b2a88f7e5e2c45b9d624019e6b20be72\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2221c2323fb6e30b9c10ee68d60b7d7be823911540bb115f75b2747d015e35f9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594518, "indicator": "05b873e2d5a5629380d01a7b69b0592d0609f4df", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7b28d8a54fc15a96b8da49dd3fcc1dae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"crm.mayanks.com/vtigercrm/modules/Services/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"topco-co.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022436f6e} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d202263726d} \n \t\t $hex4= {2473343d2022484152} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \t\t $hex8= {2473383d2022536f66} \n \t\t $hex9= {2473393d2022746f70} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc Group", "expiration": null, "is_active": 1 }, { "id": 3360594519, "indicator": "a78edbbb70f90d4091084853c7946be778b03309", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_439e5617d57360f76f24daed3fe0b59f20fc9dade3008fd482260ba58b739a23 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_439e5617d57360f76f24daed3fe0b59f20fc9dade3008fd482260ba58b739a23 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b146d70132f44cc0229354a6c448dde9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_439e5617d57360f76f24daed3fe0b59f20fc9dade3008fd482260ba58b739a23 Group", "expiration": null, "is_active": 1 }, { "id": 3360594520, "indicator": "60a295e692cbd6df5a9ce2b333dc27be4387edd1", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_646c94a0194ca70fbe68c444a0c9b444e195280f9a0d19f12393421311653552 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_646c94a0194ca70fbe68c444a0c9b444e195280f9a0d19f12393421311653552 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"879f04b0cd5ea72fb34b8ca7d1a9d5dd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"nsourcer.com/modules/menu/menu.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tripstoasia.com/wp-content/plugins/idx.php?id=\" fullword wide \n \t\t $s6= \"www.onehellofaride.com/wp-includes/pomo/dsx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226e736f} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022747269} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_646c94a0194ca70fbe68c444a0c9b444e195280f9a0d19f12393421311653552 Group", "expiration": null, "is_active": 1 }, { "id": 3360594521, "indicator": "936d08eb945a6c24dc91f1b7107d2d8c1870d54c", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_e42badd8fb20f1bc72b1cec65c42a96ee60a4b52d19e8f5a7248afee03646ace { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_e42badd8fb20f1bc72b1cec65c42a96ee60a4b52d19e8f5a7248afee03646ace Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"05bcca25fe3e1a0e4356916cfe305802\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_e42badd8fb20f1bc72b1cec65c42a96ee60a4b52d19e8f5a7248afee03646ace Group", "expiration": null, "is_active": 1 }, { "id": 3360594522, "indicator": "9861de59fb6a139b5565475ff0e5f6402722481e", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_83e57d8f3810a72a772742d4b786204471a7607e02fa445c3cd083f164cc4af3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_83e57d8f3810a72a772742d4b786204471a7607e02fa445c3cd083f164cc4af3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8f6da02534186226e11749ca54450006\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"abainternationaltoursandtravel.com/hiking_Safaris/source.php?id=\" fullword wide \n \t\t $s2= \"giant99.com/site-admin/pages/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.nahoonservices.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $a1= \"88+P}ta+VmglIa`meGkjpajp+Ewwapw$50$4$V+Gkjbmcqvepmkjw$_52$4$VY::\" fullword ascii \n \t\t $a2= \"8paithepa$|ihjw9&lppt>++sss*|be*kvc+wglaie+|be)paithepa+6*2+&:\" fullword ascii \n \n \t\t $hex1= {2461313d202238382b} \n \t\t $hex2= {2461323d2022387061} \n \t\t $hex3= {2473313d2022616261} \n \t\t $hex4= {2473323d2022676961} \n \t\t $hex5= {2473333d2022536f66} \n \t\t $hex6= {2473343d2022536f66} \n \t\t $hex7= {2473353d2022536f66} \n \t\t $hex8= {2473363d2022536f66} \n \t\t $hex9= {2473373d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_83e57d8f3810a72a772742d4b786204471a7607e02fa445c3cd083f164cc4af3 Group", "expiration": null, "is_active": 1 }, { "id": 3360594523, "indicator": "5ba2f3b8dc5648a7ce36139a4ecc3b5982904182", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0c20ffcdf2492ccad2e53777a0885c579811f91c05d076ff160684082681fe68 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0c20ffcdf2492ccad2e53777a0885c579811f91c05d076ff160684082681fe68 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"34dfc78cb68213ff25d6fb426a3665ed\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0c20ffcdf2492ccad2e53777a0885c579811f91c05d076ff160684082681fe68 Group", "expiration": null, "is_active": 1 }, { "id": 3360594524, "indicator": "a8d7b600078f461320bdc22af1ef9b804c6238ec", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_bacac71fcc61db9b55234d1ccf45d5fffd9392c430cdd25ee7a5cea4b24c7128 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_bacac71fcc61db9b55234d1ccf45d5fffd9392c430cdd25ee7a5cea4b24c7128 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ec23ff3932191a8e091c5aec3652b610\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_bacac71fcc61db9b55234d1ccf45d5fffd9392c430cdd25ee7a5cea4b24c7128 Group", "expiration": null, "is_active": 1 }, { "id": 3360594525, "indicator": "338d38083d76fe33e64482fd0609411337f2a644", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0850c39a7fcaa7091aaea333d33c71902b263935df5321edcd5089d10e4bbebb { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0850c39a7fcaa7091aaea333d33c71902b263935df5321edcd5089d10e4bbebb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f27b0469a9f5d75437bdd2e782033d21\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"hq.mission1701.com/include/plugins/search.php?id=\" fullword wide \n \t\t $s2= \"iclt.am/style/default/search.php?id=\" fullword wide \n \t\t $s3= \"joomware.org/modules/mod_search/search.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d202268712e} \n \t\t $hex2= {2473323d202269636c} \n \t\t $hex3= {2473333d20226a6f6f} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0850c39a7fcaa7091aaea333d33c71902b263935df5321edcd5089d10e4bbebb Group", "expiration": null, "is_active": 1 }, { "id": 3360594526, "indicator": "c7490a05a2dad1039b36a903d53fa0bb7b7bbc27", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_65a4332dfe474a8bb9b5fa35495aade453da7a03eb0049211e57b5660d08d75c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_65a4332dfe474a8bb9b5fa35495aade453da7a03eb0049211e57b5660d08d75c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6b1b40b5b9eeb38eb548a50e59bfbb6b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7adharat.com/forum/includes/search/index_search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"wmr.ueuo.com/advertisers/TEMP/dbaza.php?id=\" fullword wide \n \t\t $s6= \"www.insigmaus.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s7= \"www.soluciones4web.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022376164} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022776d72} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_65a4332dfe474a8bb9b5fa35495aade453da7a03eb0049211e57b5660d08d75c Group", "expiration": null, "is_active": 1 }, { "id": 3360594527, "indicator": "4553b3fffbff1cd0a63c8fd301f469d99f9685c1", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_13da3fe28302a8543dd527d9e09723caeed98006c3064c5ed7b059d6d7f36554 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_13da3fe28302a8543dd527d9e09723caeed98006c3064c5ed7b059d6d7f36554 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"28b5dba21cb3ad1f1c659cfbcac8f5f5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_13da3fe28302a8543dd527d9e09723caeed98006c3064c5ed7b059d6d7f36554 Group", "expiration": null, "is_active": 1 }, { "id": 3360594528, "indicator": "0ea22b167088d031a8ca0f23257a1a6c3584bb05", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2ad96c6eced12e76c45ac0e81cb7a526\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594529, "indicator": "70ae4e3c520a88ceaa25ff46336018f2eff27a14", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2f24c7ccbd7a9e830ed3f9b3b7be7856e0cc8c1580082433cbe9bf33c86193c6 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2f24c7ccbd7a9e830ed3f9b3b7be7856e0cc8c1580082433cbe9bf33c86193c6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dae25368fc5742fe8e770658fb8c747f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"peterbogdanov.com/php/phpmailer/phpdoc/src.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"www.behrendt-pasewalk.de/blog/wp-content/plugins/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022706574} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2f24c7ccbd7a9e830ed3f9b3b7be7856e0cc8c1580082433cbe9bf33c86193c6 Group", "expiration": null, "is_active": 1 }, { "id": 3360594530, "indicator": "95373fd028c16de7a2787a395f7e302cde9f92f7", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"149d6631ad66a915ca64cb853487337e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"rcdm-global.de/plugins/search/content/source.php?id=\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.eriell.com/services/photo/source.php?id=\" fullword wide \n \t\t $s10= \"www.rscarcare.com/modules/Manufacturers/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022484152} \n \t\t $hex5= {2473343d2022726364} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 Group", "expiration": null, "is_active": 1 }, { "id": 3360594531, "indicator": "01a500ec657f9a3e412a25a81f4e294063eec5c3", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_6606dd9a5d5182280c12d009a03b8ed6179872fcb08be9aa16f098250cc5b7a7 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6606dd9a5d5182280c12d009a03b8ed6179872fcb08be9aa16f098250cc5b7a7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c209ba19628173c84d54316af28ac54d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6606dd9a5d5182280c12d009a03b8ed6179872fcb08be9aa16f098250cc5b7a7 Group", "expiration": null, "is_active": 1 }, { "id": 3360594532, "indicator": "6a965eb37af8c8c2d21f77560d9ff8bb2a9f9c05", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_7081455301e756d6459ea7f03cd55f7e490622d36a5a019861e6b17141f69bd0 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_7081455301e756d6459ea7f03cd55f7e490622d36a5a019861e6b17141f69bd0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eaa3391b1e8af72e0e9aff96ae12a758\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"chimesy.com/kurdish/modules/Statistics/source.php?id=\" fullword wide \n \t\t $s2= \"newdawnkenya.com/modules/mod_search/src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cubasitours.com/htmlMimeMail5/ejemplo/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022636869} \n \t\t $hex2= {2473323d20226e6577} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_7081455301e756d6459ea7f03cd55f7e490622d36a5a019861e6b17141f69bd0 Group", "expiration": null, "is_active": 1 }, { "id": 3360594533, "indicator": "dfe63b56743999544eb0f9846e03a00304ca86fb", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_487eaf5cc52528b5f3bb27ba53afffb6d534068b364a41fc887b8c1e1485795a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_487eaf5cc52528b5f3bb27ba53afffb6d534068b364a41fc887b8c1e1485795a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8e8fbb8de350882a77599bccc5c1ef6a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_487eaf5cc52528b5f3bb27ba53afffb6d534068b364a41fc887b8c1e1485795a Group", "expiration": null, "is_active": 1 }, { "id": 3360594534, "indicator": "53d252498274b67230915d210f09f54f1dead1d4", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_85d3f636b515f0729c47f66e3fc0c9a0aacf3ec09c4acf8bf20a1411edcdc40a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_85d3f636b515f0729c47f66e3fc0c9a0aacf3ec09c4acf8bf20a1411edcdc40a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3be007dd6616cd2147af73777edac417\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_85d3f636b515f0729c47f66e3fc0c9a0aacf3ec09c4acf8bf20a1411edcdc40a Group", "expiration": null, "is_active": 1 }, { "id": 3360594535, "indicator": "bb57d873d316d70f8650d8b82dde25033598d2d7", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2e39e7bd5d566893fe3df0c7e145d83a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"it-newest.ru/modules/mod_search/idx.php\" fullword wide \n \t\t $s5= \"photo-23.ru/modules/forum/functions/search.php\" fullword wide \n \t\t $s6= \"shizgara59.ru/wp-includes/pomo/pomo.php\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022484152} \n \t\t $hex5= {2473343d202269742d} \n \t\t $hex6= {2473353d202270686f} \n \t\t $hex7= {2473363d2022736869} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a Group", "expiration": null, "is_active": 1 }, { "id": 3360594536, "indicator": "f0832d4db3f14f9ff670e2fff13f6aef61ef6ff6", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_b3b01b36b6437c624da4b28c4c8f773ae8133fca9dd10dc17742e956117f5759 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_b3b01b36b6437c624da4b28c4c8f773ae8133fca9dd10dc17742e956117f5759 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1bf39cec32e5cd41170722ee0a2a4c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"al-mashkoor.com/php/mail/source.php?id=\" fullword wide \n \t\t $s2= \"arsch-anus.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022616c2d} \n \t\t $hex2= {2473323d2022617273} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_b3b01b36b6437c624da4b28c4c8f773ae8133fca9dd10dc17742e956117f5759 Group", "expiration": null, "is_active": 1 }, { "id": 3360594537, "indicator": "8b369cf56385375b5f7ccb808d8b4859e31c1bfa", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_b139829440aabe33071aa34604f739d70f9a0a3b06051f3190aabf839df2d408 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_b139829440aabe33071aa34604f739d70f9a0a3b06051f3190aabf839df2d408 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d985dec3ee9e99ad3a2c9c8237e74772\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_b139829440aabe33071aa34604f739d70f9a0a3b06051f3190aabf839df2d408 Group", "expiration": null, "is_active": 1 }, { "id": 3360594538, "indicator": "5cb32451638b0823939e13edaca56a641b2b6197", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_224e8349ba128f0ab57bdebef5287f4b84b9dccbc2d8503f53f6333efd5f9265 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_224e8349ba128f0ab57bdebef5287f4b84b9dccbc2d8503f53f6333efd5f9265 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"88a13d7d3398f5c388089a9b3e92eb65\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tallhoody.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $s6= \"www.prosperis.com/cms/email/mail.php?id=\" fullword wide \n \t\t $s7= \"ytu.am/modules/mod_search/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d202274616c} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022797475} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_224e8349ba128f0ab57bdebef5287f4b84b9dccbc2d8503f53f6333efd5f9265 Group", "expiration": null, "is_active": 1 }, { "id": 3360594539, "indicator": "e9240ce6f4674b507c312a3ff6d10644034ba3c6", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2c37e0504b98413e0308e44fd84f98e968f6f62399ea06bc38d3f314ee94b368 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2c37e0504b98413e0308e44fd84f98e968f6f62399ea06bc38d3f314ee94b368 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dd6cab90d45bad6378160dba9ea742e4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"pornoxxx1.com/engine/ajax/src.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"stalprof.com.ua/includes/domit/src.php?id=\" fullword wide \n \t\t $s7= \"www.cometothetruth.com/cms/tinymce/examples/src.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022706f72} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022737461} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2c37e0504b98413e0308e44fd84f98e968f6f62399ea06bc38d3f314ee94b368 Group", "expiration": null, "is_active": 1 }, { "id": 3360594654, "indicator": "fb8bf87a413b4eda4c19378959b3f5d426f727d2", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_7c1136d6f5b10c22698f7e049dbc493be6e0ce03316a86c422ca9b670cb133aa { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_7c1136d6f5b10c22698f7e049dbc493be6e0ce03316a86c422ca9b670cb133aa Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4b095643f65a1dd876c01dd6b841493b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_7c1136d6f5b10c22698f7e049dbc493be6e0ce03316a86c422ca9b670cb133aa Group", "expiration": null, "is_active": 1 }, { "id": 3360594655, "indicator": "717c20526d99ef23905204a2d4a589e7a45a1e9d", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_b647f883911ff20f776e0a42564b13ef961fa584ebd5cfce9dd2990bca5df24e { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_b647f883911ff20f776e0a42564b13ef961fa584ebd5cfce9dd2990bca5df24e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e85c8feed568eff781dfd185f3f6e4c9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_b647f883911ff20f776e0a42564b13ef961fa584ebd5cfce9dd2990bca5df24e Group", "expiration": null, "is_active": 1 }, { "id": 3360594656, "indicator": "b8838d41992ad310f0ce258328d0c08567e75b5c", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eb883545fb2757a875b192779d06b0c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d Group", "expiration": null, "is_active": 1 }, { "id": 3360594657, "indicator": "144c260032545ae4480f122f85cdcb9200218056", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"881af5234f3107e96ad1a9a60056d4a1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"pekanin.freevar.com/include/template/isx.php?id=\" fullword wide \n \t\t $s2= \"randallweil.com/cms/tinymce/examples/access.php?id=\" fullword wide \n \t\t $s3= \"shwandukani.ueuo.com/modules/mod_search/mod_research.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d202270656b} \n \t\t $hex2= {2473323d202272616e} \n \t\t $hex3= {2473333d2022736877} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_8d343be0ea83597f041f9cbc6ea5b63773affc267c6ad99d31badee16d2c86e5 Group", "expiration": null, "is_active": 1 }, { "id": 3360594658, "indicator": "c9783349ddacab00663d784755d71e85e8288c87", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_24be375f0e11d88210e53f15cc08d72ab6c6287676c3fe3c6f70b513e5f442ed { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_24be375f0e11d88210e53f15cc08d72ab6c6287676c3fe3c6f70b513e5f442ed Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"08bc1dfc6dfb8f50743814b8ec2d3000\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_24be375f0e11d88210e53f15cc08d72ab6c6287676c3fe3c6f70b513e5f442ed Group", "expiration": null, "is_active": 1 }, { "id": 3360594659, "indicator": "2c67c7a9b6ccc70de5c0918d0c05fc321bd3790a", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d755904743d48c31bdff791bfa440e79cfe1c3fc9458eb708cf8bb78f117dd07 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d755904743d48c31bdff791bfa440e79cfe1c3fc9458eb708cf8bb78f117dd07 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19de1f992adde4cb22c7ad7472866434\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7adharat.com/forum/includes/search/index_search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"wmr.ueuo.com/advertisers/TEMP/dbaza.php?id=\" fullword wide \n \t\t $s6= \"www.insigmaus.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s7= \"www.soluciones4web.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022376164} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022776d72} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d755904743d48c31bdff791bfa440e79cfe1c3fc9458eb708cf8bb78f117dd07 Group", "expiration": null, "is_active": 1 }, { "id": 3360594660, "indicator": "466311d571cda8551aa11e9a8ef384a65401c8e0", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_a05b53260c2855829226dffd814022b7ff4750d278d6c46f2e8e0dc58a36a1f9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a05b53260c2855829226dffd814022b7ff4750d278d6c46f2e8e0dc58a36a1f9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ab977ad5550ff745edc2aa70c4ba3b01\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"geointeres.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"ojoobo.com/modules/forum/forum-source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.prosperis.com/cms/sections/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d202267656f} \n \t\t $hex2= {2473323d20226f6a6f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a05b53260c2855829226dffd814022b7ff4750d278d6c46f2e8e0dc58a36a1f9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594661, "indicator": "eb458b06285f3e721c663b3178945ccd8f011a7a", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"71c097357affb0bcffcf6307a9f3d5b3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c Group", "expiration": null, "is_active": 1 }, { "id": 3360594662, "indicator": "980b195bb45cf0978adc1eca6adc6a527e0ed9c9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_837e68be35c2f0ab9e2b3137d6f9f7d16cc387f3062a21dd98f436a4bcceb327 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_837e68be35c2f0ab9e2b3137d6f9f7d16cc387f3062a21dd98f436a4bcceb327 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f549a310572a8ead930f8fb4008eb02f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"serviciosglobal.com/inc/search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"theluvsite.com/modules/search/src.php?id=\" fullword wide \n \t\t $s6= \"www.auslogics.com/includes/software/src.tpl?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022736572} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022746865} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_837e68be35c2f0ab9e2b3137d6f9f7d16cc387f3062a21dd98f436a4bcceb327 Group", "expiration": null, "is_active": 1 }, { "id": 3360594663, "indicator": "e60aecc22503f1d0dd1ce4fd0a10b8d4b724b006", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"418bfc05240ec86b91181f38bd751ccb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: gzip,deflate,bzip2,sdch\" fullword wide \n \t\t $s2= \"Content-Type: application/x-www-form-urlencoded\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySNLD\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022436f6e} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594664, "indicator": "b58627b7269b56f060b9695c2c8d0eb30391d77d", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_c4e2e341689799281eaef47de75f59edceaba281398b41fe7616436f247ab93d { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c4e2e341689799281eaef47de75f59edceaba281398b41fe7616436f247ab93d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b42296359ebcd003e3064fe33ba4eec7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c4e2e341689799281eaef47de75f59edceaba281398b41fe7616436f247ab93d Group", "expiration": null, "is_active": 1 }, { "id": 3360594665, "indicator": "d6628835f3a1ae62f64a851c2070279c1a622f11", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_ecb097f3367f0155887dde9f891ff823ff54ddfe5217cdbb391ea5b10c5a08dc { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_ecb097f3367f0155887dde9f891ff823ff54ddfe5217cdbb391ea5b10c5a08dc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"39a7da76126aa097efe80f83f469f2c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_ecb097f3367f0155887dde9f891ff823ff54ddfe5217cdbb391ea5b10c5a08dc Group", "expiration": null, "is_active": 1 }, { "id": 3360594666, "indicator": "4bfed2a0cb042b69d60d0f5ab48cc4ace15bd6b5", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"875b0702ef3cc2d909ecf720bb4079c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySNLD\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 Group", "expiration": null, "is_active": 1 }, { "id": 3360594667, "indicator": "1c0b3d1b233ed998370c82e8040a71575c093716", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_6122db2cdac0373cc8513c57786088a5548721d01e7674e78082774044e92980 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6122db2cdac0373cc8513c57786088a5548721d01e7674e78082774044e92980 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4200bcaaa71d7c6e3f00bae88d576f2a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"fasdalf.ru/modules/forum/forum-src.php\" fullword wide \n \t\t $s4= \"hram-gelendzhik.ru/modules/mod_search/source.php\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022436f6e} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022666173} \n \t\t $hex4= {2473343d2022687261} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \t\t $hex8= {2473383d2022536f66} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6122db2cdac0373cc8513c57786088a5548721d01e7674e78082774044e92980 Group", "expiration": null, "is_active": 1 }, { "id": 3360594668, "indicator": "370a64adf6d4123cef52b52182c2fd081c5deaac", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_59c4cba96dbab5d8aa7779eac18b67b2e6f8b03066eb092415d50dff55e43b72 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_59c4cba96dbab5d8aa7779eac18b67b2e6f8b03066eb092415d50dff55e43b72 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cac9802d99e36b04da32680cc4955c22\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_59c4cba96dbab5d8aa7779eac18b67b2e6f8b03066eb092415d50dff55e43b72 Group", "expiration": null, "is_active": 1 }, { "id": 3360594669, "indicator": "ff37b979a4de56ad942ccd66e435c03be0d2bbfb", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a35fea299b2ec9b16bce86f01a1ba38\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: gzip,deflate,bzip2,sdch\" fullword wide \n \t\t $s2= \"Content-Type: application/x-www-form-urlencoded\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySPLN\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022436f6e} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 Group", "expiration": null, "is_active": 1 }, { "id": 3360594708, "indicator": "af2771efb6434c4f1d33ff776d5e791013fa7d19", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0e34262813677090938983039ba9ff3ade0748a3aba25e28d19e2831c036b095 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0e34262813677090938983039ba9ff3ade0748a3aba25e28d19e2831c036b095 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"75a63d9b3378abe997b80a8effb9654d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0e34262813677090938983039ba9ff3ade0748a3aba25e28d19e2831c036b095 Group", "expiration": null, "is_active": 1 }, { "id": 3360594709, "indicator": "6b26d8ae469b2968e103de1e983abf7d2c154629", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_31db22caf480c471205a7608545370c1b3c0c9be5285a9ef2264e856052b66b4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_31db22caf480c471205a7608545370c1b3c0c9be5285a9ef2264e856052b66b4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"78c6551e85a8d4788ea7b2bf138e4fde\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_31db22caf480c471205a7608545370c1b3c0c9be5285a9ef2264e856052b66b4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594710, "indicator": "860c7bb5ae87c3948ee6f8252db850354e2df5c9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8bf9eef3ae42ad998e7948035117c37a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"fasdalf.ru/modules/forum/forum-src.php\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"hram-gelendzhik.ru/modules/mod_search/source.php\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022436f6e} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022666173} \n \t\t $hex4= {2473343d2022484152} \n \t\t $hex5= {2473353d2022687261} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \t\t $hex8= {2473383d2022536f66} \n \t\t $hex9= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 Group", "expiration": null, "is_active": 1 }, { "id": 3360594711, "indicator": "07a9b76c8da571c630efcf8ba9c813f47180270f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d588e789f0b5914bd6f127950c5daf6519c78b527b0ed7b323e42b0613f6566f { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d588e789f0b5914bd6f127950c5daf6519c78b527b0ed7b323e42b0613f6566f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0ce1af7315a59b162db2a3526ae13ff0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d588e789f0b5914bd6f127950c5daf6519c78b527b0ed7b323e42b0613f6566f Group", "expiration": null, "is_active": 1 }, { "id": 3360594712, "indicator": "1b8e6dd95b7bf58581f988cdbec02bf384d27191", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d89a80a3fbb0a4a40157c6752bd978bc113b0c413e3f73eb922d4e424edeb8a7 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d89a80a3fbb0a4a40157c6752bd978bc113b0c413e3f73eb922d4e424edeb8a7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0443582a0b7f27698eec0aaa85ccf4d3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d89a80a3fbb0a4a40157c6752bd978bc113b0c413e3f73eb922d4e424edeb8a7 Group", "expiration": null, "is_active": 1 }, { "id": 3360594713, "indicator": "dfa448214f71730d2fc9d88d623315468ae1b66f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0c3ae22a2b7c196cea3b0a46c720c79f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ask.az/chat/cgi-bin/source.php\" fullword wide \n \t\t $s2= \"baneh2net.com/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s6= \"popolnyalka.uz/math/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {2473313d202261736b} \n \t\t $hex3= {2473323d202262616e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022436f6e} \n \t\t $hex6= {2473353d2022484152} \n \t\t $hex7= {2473363d2022706f70} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 Group", "expiration": null, "is_active": 1 }, { "id": 3360594714, "indicator": "80434f07c6418413b9ba5f89e805836d3d7ecaf6", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0a0a5b68a8a7e4ed4b6d6881f57c6a9ac55b1a50097588e462fe8d3c486158bf { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0a0a5b68a8a7e4ed4b6d6881f57c6a9ac55b1a50097588e462fe8d3c486158bf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"44033c271dc323ffb6ac158e8220ff8a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"rchdmtnez.com/modules/mod_search/source.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"thecafe7.com/modules/mod_newsflash/mod_newsflash_idx.php?id=\" fullword wide \n \t\t $s7= \"thecafe7.com/modules/mod_whosonline/src.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022726368} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022746865} \n \t\t $hex7= {2473373d2022746865} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0a0a5b68a8a7e4ed4b6d6881f57c6a9ac55b1a50097588e462fe8d3c486158bf Group", "expiration": null, "is_active": 1 }, { "id": 3360594715, "indicator": "b7f2619595716306728b6d9943631679a04f586f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_593849098bd288b7bed9646e877fa0448dcb25ef5b4482291fdf7123de867911 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_593849098bd288b7bed9646e877fa0448dcb25ef5b4482291fdf7123de867911 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c83ed3fcf47b9fd327233efcf80f7810\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_593849098bd288b7bed9646e877fa0448dcb25ef5b4482291fdf7123de867911 Group", "expiration": null, "is_active": 1 }, { "id": 3360594716, "indicator": "9eb5b4eb279461a12bccf4d46cf74f8a94057290", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_170e5eb004357dfce6b41de8637e1dbeb87fa58e8b54a2031aac33afb930f3c8 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_170e5eb004357dfce6b41de8637e1dbeb87fa58e8b54a2031aac33afb930f3c8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5c37059ac24031745b99cd62b8cc200d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \n \tcondition: \n \t\t1 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_170e5eb004357dfce6b41de8637e1dbeb87fa58e8b54a2031aac33afb930f3c8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594717, "indicator": "331e3e29f6c68992c9df14e7fb4e3a8a8259a3ad", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_3a88ff66f4eb675f0c3e6c5f947c012945c4e15b77a2cd195de8a8aba23ccb29 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_3a88ff66f4eb675f0c3e6c5f947c012945c4e15b77a2cd195de8a8aba23ccb29 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b2fb91d0d5aa76630e6b1819021a0e60\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ispacs.com/cna/pages.cn/cna_source.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"strategyofroulette.com/app/usr/usr_src.php?id=\" fullword wide \n \t\t $s7= \"www.meortemple.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022697370} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022737472} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_3a88ff66f4eb675f0c3e6c5f947c012945c4e15b77a2cd195de8a8aba23ccb29 Group", "expiration": null, "is_active": 1 }, { "id": 3360594718, "indicator": "22794fc1404a83bba36e74d3944915232da5c3fe", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d532eb6835126e53e7ae491ae29fd8b3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"artsepid.com/plugin/contact-form/source.php?id=\" fullword wide \n \t\t $s2= \"bukzahid.org.ua/engine/modules/src.php?id=\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"www.sdfgdsdf2354235il.com/inc/eml_templates/source.php?id=\" fullword wide \n \t\t $s11= \"xezri.net/chat/etiraf/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {247331313d20227865} \n \t\t $hex3= {2473313d2022617274} \n \t\t $hex4= {2473323d202262756b} \n \t\t $hex5= {2473333d2022436f6e} \n \t\t $hex6= {2473343d2022436f6e} \n \t\t $hex7= {2473353d2022484152} \n \t\t $hex8= {2473363d2022536f66} \n \t\t $hex9= {2473373d2022536f66} \n \t\t $hex10= {2473383d2022536f66} \n \t\t $hex11= {2473393d2022536f66} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 Group", "expiration": null, "is_active": 1 }, { "id": 3360594719, "indicator": "b12cea3562eb91337af0991f04f9c0a1d7717c51", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"92f584ca90d0f242fecb14235c505119\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"artem.sataev.com/blog/wp-includes/pomo/src.php?id=\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"lkgames.com/fr/free-game-action-ball-2/source.php?id=\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"swissitaly.com/includes/phpmailer/class.pop3.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227377} \n \t\t $hex2= {2473313d2022617274} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226c6b67} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 Group", "expiration": null, "is_active": 1 }, { "id": 3360594720, "indicator": "911494356efbde41f094e130827318312d539bb2", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"635821f2e915c3534d1865725b45af9a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"forum.unmondeparfait.org/includes/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"motorjo.com/z/j/tiny_mce/plugins/media/source.php?id=\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"www.snow-lab.com/modules/mod_search/tmpl/search.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022666f72} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226d6f74} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 Group", "expiration": null, "is_active": 1 }, { "id": 3360594721, "indicator": "32f86fb16adc308acac386efac2d470c8a2fb02c", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"44652b7ac9cabecbe34364dea33d09e3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 Group", "expiration": null, "is_active": 1 }, { "id": 3360594722, "indicator": "78951d6aaab9cebddfeb6c2406e352df01f7f500", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_269ea4b883de65f235a04441144519cf6cac80ef666eccf073eedd5f9319be0f { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_269ea4b883de65f235a04441144519cf6cac80ef666eccf073eedd5f9319be0f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fd6edc9082dcb2bf1b324b3a0cba2062\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"alpikaclub.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"mohsenmeghdari.com/includes/exifer1_5/source.php?id=\" fullword wide \n \t\t $s6= \"naturexperts.com/themes/bluemarine/node.php?id=\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {2473313d2022616c70} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226d6f68} \n \t\t $hex7= {2473363d20226e6174} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_269ea4b883de65f235a04441144519cf6cac80ef666eccf073eedd5f9319be0f Group", "expiration": null, "is_active": 1 }, { "id": 3360594723, "indicator": "c4c07eefcfd6be616ec5103846d24b16c78410df", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_913c21141966750cfe80d1f64f7c819ae59e401b47f0b5031fd2486c10403c91 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_913c21141966750cfe80d1f64f7c819ae59e401b47f0b5031fd2486c10403c91 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"73dd306044e5c2dc2b713328f415096d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"artsepid.com/plugin/contact-form/source.php?id=\" fullword wide \n \t\t $s2= \"bukzahid.org.ua/engine/modules/src.php?id=\" fullword wide \n \t\t $s3= \"Control PanelInternational\" fullword wide \n \t\t $s4= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s5= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"xezri.net/chat/etiraf/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227865} \n \t\t $hex2= {2473313d2022617274} \n \t\t $hex3= {2473323d202262756b} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022436f6e} \n \t\t $hex6= {2473353d2022484152} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_913c21141966750cfe80d1f64f7c819ae59e401b47f0b5031fd2486c10403c91 Group", "expiration": null, "is_active": 1 }, { "id": 3360594724, "indicator": "69302583f5bcd1919e987f8009c3450c4b7bdd85", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d5687b5c5cec11c851e84a1d40af3ef52607575487a70224f63458c24481076c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d5687b5c5cec11c851e84a1d40af3ef52607575487a70224f63458c24481076c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"51502d7d6d188ad87213ca5942f232cf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d5687b5c5cec11c851e84a1d40af3ef52607575487a70224f63458c24481076c Group", "expiration": null, "is_active": 1 }, { "id": 3360594725, "indicator": "16e6d83ff8a8cc06850b327178d1dc99414610c5", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_170596e88b26f04d349f6014d17a88026ec55eab44888e2a9bb4dd90a79f6878 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_170596e88b26f04d349f6014d17a88026ec55eab44888e2a9bb4dd90a79f6878 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9cc5d4b3b9ae503fabb56cd114211ae1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"rchdmtnez.com/modules/mod_search/source.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"thecafe7.com/modules/mod_newsflash/mod_newsflash_idx.php?id=\" fullword wide \n \t\t $s7= \"thecafe7.com/modules/mod_whosonline/src.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022726368} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022746865} \n \t\t $hex7= {2473373d2022746865} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_170596e88b26f04d349f6014d17a88026ec55eab44888e2a9bb4dd90a79f6878 Group", "expiration": null, "is_active": 1 }, { "id": 3360594726, "indicator": "aaec4a5d49ba200504be4abf99a05092bc5c5720", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"36228593bb258ddd0a385dea5d770a8b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySNLD\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594727, "indicator": "85c50ce5a4cead97d8a1a328c545a24ab6e639d6", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d153b77e32901546849ec44a71227694\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php?id=\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s9= \"www.idweb.ru/assets/modules/docmanager/classes/dm_source.php?id=\" fullword wide \n \t\t $s10= \"www.kino24.kz/blog/engine/modules/plugin/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022536f66} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022777777} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad Group", "expiration": null, "is_active": 1 }, { "id": 3360594728, "indicator": "0780968d2844c02fb1aff371d1c564a018a999c9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_59af70f71cdf933f117ab97d6f1c1bab82fd15dbe654ba1b27212d7bc20cec8c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_59af70f71cdf933f117ab97d6f1c1bab82fd15dbe654ba1b27212d7bc20cec8c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f282255cff4eab6714bed3fb55577010\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_59af70f71cdf933f117ab97d6f1c1bab82fd15dbe654ba1b27212d7bc20cec8c Group", "expiration": null, "is_active": 1 }, { "id": 3360594729, "indicator": "570e1fc4b8d047191aea3a86ec34882b23810575", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_6296d95b49d795fa10ae6e9c4e4272ea4e1444105bddbf45b34ee067b2603b38 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6296d95b49d795fa10ae6e9c4e4272ea4e1444105bddbf45b34ee067b2603b38 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6807138f242b08e0310dca0d3004140e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"aptguide.3dtour.com/includes/cloudfusion/sc4.class.php?id=\" fullword wide \n \t\t $s2= \"dominioparayoani.com/wp-includes/pomo/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022617074} \n \t\t $hex2= {2473323d2022646f6d} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6296d95b49d795fa10ae6e9c4e4272ea4e1444105bddbf45b34ee067b2603b38 Group", "expiration": null, "is_active": 1 }, { "id": 3360594730, "indicator": "55e1efcd84cc5eecd10c474332e54dd24cf77e4d", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_698ec413986dc7fc761b1a17624ffffb1590902020b9d0cd5d9a6013c67d9100 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_698ec413986dc7fc761b1a17624ffffb1590902020b9d0cd5d9a6013c67d9100 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6d67262c09c19d676aa6f73be19d181b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"chimesy.com/kurdish/modules/Statistics/source.php?id=\" fullword wide \n \t\t $s2= \"newdawnkenya.com/modules/mod_search/src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cubasitours.com/htmlMimeMail5/ejemplo/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022636869} \n \t\t $hex2= {2473323d20226e6577} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_698ec413986dc7fc761b1a17624ffffb1590902020b9d0cd5d9a6013c67d9100 Group", "expiration": null, "is_active": 1 }, { "id": 3360594731, "indicator": "7bb019a86a2f4a62f574898123582e549b33a272", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_60f86898506f0fdf6d997f31deff5b6200a6969b457511cc00446bd22dd1f0a4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_60f86898506f0fdf6d997f31deff5b6200a6969b457511cc00446bd22dd1f0a4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b662660b6e6e3cc24ae7fefcb7edb4e8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7adharat.com/forum/includes/search/index_search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"wmr.ueuo.com/advertisers/TEMP/dbaza.php?id=\" fullword wide \n \t\t $s6= \"www.insigmaus.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s7= \"www.soluciones4web.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022376164} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022776d72} \n \t\t $hex6= {2473363d2022777777} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_60f86898506f0fdf6d997f31deff5b6200a6969b457511cc00446bd22dd1f0a4 Group", "expiration": null, "is_active": 1 }, { "id": 3360594732, "indicator": "e713dc06f972ea5fb401d89419bcd3c10cbbad94", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3f1fe2e5b3b8aac8f86d7363b92c71e0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySNLD\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df Group", "expiration": null, "is_active": 1 }, { "id": 3360594733, "indicator": "199b938e5559da70c92730abcea18aa671512d1f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_bb3529aa5312abbee0cfbd00f10c3f2786f452a2ca807f0acbd336602a13ac79 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_bb3529aa5312abbee0cfbd00f10c3f2786f452a2ca807f0acbd336602a13ac79 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3f67bad86fb911ca4ab29bda9be1f1e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"geointeres.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"ojoobo.com/modules/forum/forum-source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.prosperis.com/cms/sections/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d202267656f} \n \t\t $hex2= {2473323d20226f6a6f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_bb3529aa5312abbee0cfbd00f10c3f2786f452a2ca807f0acbd336602a13ac79 Group", "expiration": null, "is_active": 1 }, { "id": 3360594734, "indicator": "11c9fe590ea1cc37232c05340a243f353f60d6d3", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_72ff91b3f36ccf07e3daf6709db441d2328cecab366fd5ff81fc70dd9eb45db8 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_72ff91b3f36ccf07e3daf6709db441d2328cecab366fd5ff81fc70dd9eb45db8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d4ae9eb1a009aa60096d0c662db02d54\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_72ff91b3f36ccf07e3daf6709db441d2328cecab366fd5ff81fc70dd9eb45db8 Group", "expiration": null, "is_active": 1 }, { "id": 3360594735, "indicator": "701feee17ea3dc112eb5757e75a84bf8014af3f4", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_92c959c36617445a35e6f4f2ee2733861aa1b3baf8728d19a4fd5176f3c80401 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_92c959c36617445a35e6f4f2ee2733861aa1b3baf8728d19a4fd5176f3c80401 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8f8471acff7e18f61dc2def2bc353574\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_92c959c36617445a35e6f4f2ee2733861aa1b3baf8728d19a4fd5176f3c80401 Group", "expiration": null, "is_active": 1 }, { "id": 3360594736, "indicator": "b4842a1efe958a85d847fc63c9eddc355c3e816f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c839220da67b00963276d95cafe176c1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"alexvernigor.com/includes/phpmailer/source.php?id=\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"lafollettewines.com/includes/phpInputFilter/source.php?id=\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"www.recomiendalos.com/inc/eml_templates/source.php?id=\" fullword wide \n \n \t\t $hex1= {247331303d20227777} \n \t\t $hex2= {2473313d2022616c65} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022436f6e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d20226c6166} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a Group", "expiration": null, "is_active": 1 }, { "id": 3360594737, "indicator": "ea4d938b70c4ffc0084af150a7ffbbe2f30ace0d", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_94d4e4a8f2d53426154c41120b4f3cf8105328c0cc5d4bd9126a54c14b296093 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_94d4e4a8f2d53426154c41120b4f3cf8105328c0cc5d4bd9126a54c14b296093 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ba3272410c091320f145e1324b0f7ae0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"basecamp.turbomilk.com/turbomilk/contractors2/idx.php?id=\" fullword wide \n \t\t $s2= \"bbpdx.com/includes/xpath/xpath.src.php?id=\" fullword wide \n \t\t $s3= \"iqaws.com/catalog/install/source.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022626173} \n \t\t $hex2= {2473323d2022626270} \n \t\t $hex3= {2473333d2022697161} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_94d4e4a8f2d53426154c41120b4f3cf8105328c0cc5d4bd9126a54c14b296093 Group", "expiration": null, "is_active": 1 }, { "id": 3360594738, "indicator": "9caaa2c4c13b4b190ca49a94b2feba9bfeb809c9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_d71da8a59f3e474c3bcd3f2f00fae0b235c4e01cd9f465180dd0ab19d6af5526 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d71da8a59f3e474c3bcd3f2f00fae0b235c4e01cd9f465180dd0ab19d6af5526 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6a78052d3f9eb96acec8f1b647050525\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"dayniilecom.com/index_files/iibka300_files/source.php?id=\" fullword wide \n \t\t $s2= \"red-opus.com/_vti_bin/_vti_aut/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cetlot.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022646179} \n \t\t $hex2= {2473323d2022726564} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d71da8a59f3e474c3bcd3f2f00fae0b235c4e01cd9f465180dd0ab19d6af5526 Group", "expiration": null, "is_active": 1 }, { "id": 3360594739, "indicator": "a9a39aac06f28cb6aeb01cb350e2987b768804cb", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_e73f8b394e51348ef3b6cea7c5e5ecc2ee06bb395c5ac30f6babb091080c1e74 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_e73f8b394e51348ef3b6cea7c5e5ecc2ee06bb395c5ac30f6babb091080c1e74 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8e94430093fb159161b20485970dacb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ijbeta.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"insurancelower.com/tareas/include/_php.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"www.expathiring.com/generator/pages/page-index.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022696a62} \n \t\t $hex2= {2473323d2022696e73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_e73f8b394e51348ef3b6cea7c5e5ecc2ee06bb395c5ac30f6babb091080c1e74 Group", "expiration": null, "is_active": 1 }, { "id": 3360594845, "indicator": "60c8be5cbc38e17b00bd01bc78ac6b9e33f363e9", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7218f41670107e58971223c9880923ca\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"finadmition.ru/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"intimit.ru/includes/phpmailer/source.php\" fullword wide \n \t\t $s6= \"medpunkt.biz/includes/modules/FCKeditor/fcksource.php\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s10= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {247331303d2022536f} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d202266696e} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d2022696e74} \n \t\t $hex7= {2473363d20226d6564} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd Group", "expiration": null, "is_active": 1 }, { "id": 3360594846, "indicator": "c401c57866773a52f0f536856e0f41ef69b2cb9e", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_56a1513bcf959d5df3ff01476ddb4b158ce533658ab7d8dd439324b16f193ac2 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_56a1513bcf959d5df3ff01476ddb4b158ce533658ab7d8dd439324b16f193ac2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d844b2434aab1d73078d2f729393638f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"atampy.com/wordpress/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"www.activateav.com/wp-includes/pomo/dx.php?id=\" fullword wide \n \t\t $s6= \"www.intellbet.com/_lib/db_simple/Mysqli.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022617461} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022777777} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_56a1513bcf959d5df3ff01476ddb4b158ce533658ab7d8dd439324b16f193ac2 Group", "expiration": null, "is_active": 1 }, { "id": 3360594847, "indicator": "daf4e22720efa9269be05f427434042e8940dd69", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_e3a7fa8636d040c9c3a8c928137d24daa15fc6982c002c5dd8f1c552f11cbcad { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_e3a7fa8636d040c9c3a8c928137d24daa15fc6982c002c5dd8f1c552f11cbcad Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"294a393eb4bb474ee4089d4228dee0d9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_e3a7fa8636d040c9c3a8c928137d24daa15fc6982c002c5dd8f1c552f11cbcad Group", "expiration": null, "is_active": 1 }, { "id": 3360594848, "indicator": "d74ac0d287ee03623b8bb9571d1e3bf2a3fc4cdf", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_2efd5355651db8e07613e74b1bf85b50273c1f3bce5e4edbedea0ccdff023754 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2efd5355651db8e07613e74b1bf85b50273c1f3bce5e4edbedea0ccdff023754 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0a51c323960139f425ccd83188df96eb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"serviciosglobal.com/inc/search.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"theluvsite.com/modules/search/src.php?id=\" fullword wide \n \t\t $s6= \"www.auslogics.com/includes/software/src.tpl?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022736572} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022746865} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2efd5355651db8e07613e74b1bf85b50273c1f3bce5e4edbedea0ccdff023754 Group", "expiration": null, "is_active": 1 }, { "id": 3360594849, "indicator": "63411588e62749cb7c9b80509dc48458fcb7fff5", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_7e0dafedd01d09e66524f2345d652b29d3f634361c0a69e8d466dcbdfd0e3001 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_7e0dafedd01d09e66524f2345d652b29d3f634361c0a69e8d466dcbdfd0e3001 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a75d7a68da32fdd4954ea74e2e95352c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ispacs.com/cna/pages.cn/cna_source.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"strategyofroulette.com/app/usr/usr_src.php?id=\" fullword wide \n \t\t $s7= \"www.meortemple.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022697370} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022737472} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_7e0dafedd01d09e66524f2345d652b29d3f634361c0a69e8d466dcbdfd0e3001 Group", "expiration": null, "is_active": 1 }, { "id": 3360594850, "indicator": "6ebfc4cf1a15157b9fb963bd713b76707d64facd", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_a2fe7a346b39a062c60c50167be7dd4f6a8175df054faa67bff33ec42b1072d9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a2fe7a346b39a062c60c50167be7dd4f6a8175df054faa67bff33ec42b1072d9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5c0dd3c31b2ebd2ae4adfdabe247d1c5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"motahariblog.com/core/date/date.php?id=\" fullword wide \n \t\t $s2= \"roxsuite.com/modules/mod_search/mod_search.src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s6= \"www.rscarcare.com/modules/Manufacturers/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226d6f74} \n \t\t $hex2= {2473323d2022726f78} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a2fe7a346b39a062c60c50167be7dd4f6a8175df054faa67bff33ec42b1072d9 Group", "expiration": null, "is_active": 1 }, { "id": 3360594851, "indicator": "c656c8414e95546ce508fd75da63936d5f87eaf5", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0f4046be5de15727e8ac786e54ad7230807d26ef86c3e8c0e997ea76ab3de255 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0f4046be5de15727e8ac786e54ad7230807d26ef86c3e8c0e997ea76ab3de255 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d610b84def0f32e139cd4e852f34882f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"geointeres.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"ojoobo.com/modules/forum/forum-source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.prosperis.com/cms/sections/source.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d202267656f} \n \t\t $hex2= {2473323d20226f6a6f} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0f4046be5de15727e8ac786e54ad7230807d26ef86c3e8c0e997ea76ab3de255 Group", "expiration": null, "is_active": 1 }, { "id": 3360594852, "indicator": "ea204dc5ae93d51a6be068827ae4cc9b03f20b4a", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_0ea750a8545252b73f08fe87db08376f789fe7e58a69f5017afa2806046380a5 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0ea750a8545252b73f08fe87db08376f789fe7e58a69f5017afa2806046380a5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"176260be8d712d85435087899a941ee9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"dayniilecom.com/index_files/iibka300_files/source.php?id=\" fullword wide \n \t\t $s2= \"red-opus.com/_vti_bin/_vti_aut/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.cetlot.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d2022646179} \n \t\t $hex2= {2473323d2022726564} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0ea750a8545252b73f08fe87db08376f789fe7e58a69f5017afa2806046380a5 Group", "expiration": null, "is_active": 1 }, { "id": 3360594853, "indicator": "ec44c91bfbd2f3091381aa8c163c16c560251737", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"471896be829b9a48a1256d2e65b66282\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"grafics.kz/plugins/search/source.php\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"raznyi-content.ru/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s7= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s8= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s9= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s10= \"topstonet.ru/modules/mod_search/source.php\" fullword wide \n \n \t\t $hex1= {247331303d2022746f} \n \t\t $hex2= {2473313d2022436f6e} \n \t\t $hex3= {2473323d2022436f6e} \n \t\t $hex4= {2473333d2022677261} \n \t\t $hex5= {2473343d2022484152} \n \t\t $hex6= {2473353d202272617a} \n \t\t $hex7= {2473363d2022536f66} \n \t\t $hex8= {2473373d2022536f66} \n \t\t $hex9= {2473383d2022536f66} \n \t\t $hex10= {2473393d2022536f66} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f Group", "expiration": null, "is_active": 1 }, { "id": 3360594854, "indicator": "2991bf9013d0d7625edb66a695e41581a274ad97", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_e029db63346c513be42242e268559174f6b00d818e00d93c14bd443314f65fe5 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_e029db63346c513be42242e268559174f6b00d818e00d93c14bd443314f65fe5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d2b05031f9dfb300d88305376cefc2ab\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"nsourcer.com/modules/menu/menu.php?id=\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s5= \"tripstoasia.com/wp-content/plugins/idx.php?id=\" fullword wide \n \t\t $s6= \"www.onehellofaride.com/wp-includes/pomo/dsx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226e736f} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022747269} \n \t\t $hex6= {2473363d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_e029db63346c513be42242e268559174f6b00d818e00d93c14bd443314f65fe5 Group", "expiration": null, "is_active": 1 }, { "id": 3360594855, "indicator": "4fffac81a9f3274305213ee49564287d9bf90974", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"106d5c778fdb6cc9ae4c4e57c4adabc5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistrySNLD\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022416363} \n \t\t $hex2= {2473323d2022436f6e} \n \t\t $hex3= {2473333d2022436f6e} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \n \tcondition: \n \t\t3 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 Group", "expiration": null, "is_active": 1 }, { "id": 3360594856, "indicator": "67ac6f1748b2a5f3c85c26a14b931e989586267f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_49c1c5e8a71f488a7b560c6751752363389f6272d8c310fee78307dc9dcd3ee2 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_49c1c5e8a71f488a7b560c6751752363389f6272d8c310fee78307dc9dcd3ee2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"acd25fab4f920de8e6ab8a6e38a591cd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"familienieuwland.com/Schotland_files/_vti_cnf/index2.php?id=\" fullword wide \n \t\t $s2= \"serviciosglobal.com/TPV/src.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d202266616d} \n \t\t $hex2= {2473323d2022736572} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_49c1c5e8a71f488a7b560c6751752363389f6272d8c310fee78307dc9dcd3ee2 Group", "expiration": null, "is_active": 1 }, { "id": 3360594857, "indicator": "f8ce3a7aec924b7c54f6c840df492659ccdfa913", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_bcdcb4b5e9aaaee2c46d5b0ed16aca629de9faa5e787c672191e0bdf64619a95 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_bcdcb4b5e9aaaee2c46d5b0ed16aca629de9faa5e787c672191e0bdf64619a95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1740aa640d38783113498d8c3b53c20\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"hq.mission1701.com/include/plugins/search.php?id=\" fullword wide \n \t\t $s2= \"iclt.am/style/default/search.php?id=\" fullword wide \n \t\t $s3= \"joomware.org/modules/mod_search/search.php?id=\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d202268712e} \n \t\t $hex2= {2473323d202269636c} \n \t\t $hex3= {2473333d20226a6f6f} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_bcdcb4b5e9aaaee2c46d5b0ed16aca629de9faa5e787c672191e0bdf64619a95 Group", "expiration": null, "is_active": 1 }, { "id": 3360594858, "indicator": "ebacd297264f15e57b843e7aa8f54fba4c225741", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_5a13d0c954280b4c65af409376de86ac43eb966f25b85973a20d330a34cdd9a6 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_5a13d0c954280b4c65af409376de86ac43eb966f25b85973a20d330a34cdd9a6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d87b3a4dec9e059503193f9e4f54c57a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"aptguide.3dtour.com/includes/cloudfusion/sc4.class.php?id=\" fullword wide \n \t\t $s2= \"dominioparayoani.com/wp-includes/pomo/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022617074} \n \t\t $hex2= {2473323d2022646f6d} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_5a13d0c954280b4c65af409376de86ac43eb966f25b85973a20d330a34cdd9a6 Group", "expiration": null, "is_active": 1 }, { "id": 3360594859, "indicator": "8b37a2b124d9f6874aef2d1f9f099ced202841ce", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_4cf75059f2655ca95b4eba11f1ce952d8e08bb4dbcb12905f6f37cf8145a538d { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_4cf75059f2655ca95b4eba11f1ce952d8e08bb4dbcb12905f6f37cf8145a538d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9a2ae074419c019aac28d5fa02a95849\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"al-mashkoor.com/php/mail/source.php?id=\" fullword wide \n \t\t $s2= \"arsch-anus.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022616c2d} \n \t\t $hex2= {2473323d2022617273} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_4cf75059f2655ca95b4eba11f1ce952d8e08bb4dbcb12905f6f37cf8145a538d Group", "expiration": null, "is_active": 1 }, { "id": 3360594860, "indicator": "f7135e29502c3b937c52de2644b3cc9fe37a1c31", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_b0faba6156c7b0cd59b94eeded37d8c1041d4b8dfa6aacd6520a6d28c3f02a5e { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_b0faba6156c7b0cd59b94eeded37d8c1041d4b8dfa6aacd6520a6d28c3f02a5e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d2fd01e25fbfa28b6c61548b3d1e68fe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ktbits.com/engine/modules/source.php?id=\" fullword wide \n \t\t $s2= \"rosesci.com/mail/q.source.php?id=\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \t\t $s7= \"www.jterps.com/wp-includes/pomo/idx.php?id=\" fullword wide \n \n \t\t $hex1= {2473313d20226b7462} \n \t\t $hex2= {2473323d2022726f73} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \t\t $hex5= {2473353d2022536f66} \n \t\t $hex6= {2473363d2022536f66} \n \t\t $hex7= {2473373d2022777777} \n \n \tcondition: \n \t\t4 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_b0faba6156c7b0cd59b94eeded37d8c1041d4b8dfa6aacd6520a6d28c3f02a5e Group", "expiration": null, "is_active": 1 }, { "id": 3360594861, "indicator": "b7ee48b02c53756fc4b8ef7b9c38f9294646aa3f", "type": "YARA", "created": "2022-01-22T10:33:47", "content": "rule resteex_APTMalware_Energetic_Bear_69b555a37e919c3e6c24cfe183952cdb695255f9458b25d00d15e204d96c737b { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_69b555a37e919c3e6c24cfe183952cdb695255f9458b25d00d15e204d96c737b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-01-22_04-03-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4f7d8fb908c7ba76a2f6655cadb7ddc7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"SoftwareMicrosoftInternet ExplorerInternetRegistry\" fullword wide \n \t\t $s2= \"SoftwareMicrosoftInternet ExplorerInternetRegistryOptions\" fullword wide \n \t\t $s3= \"SoftwareMicrosoftWindowsCurrentVersionInternet Settings\" fullword wide \n \t\t $s4= \"SoftwareMicrosoftWindowsCurrentVersionRun\" fullword wide \n \n \t\t $hex1= {2473313d2022536f66} \n \t\t $hex2= {2473323d2022536f66} \n \t\t $hex3= {2473333d2022536f66} \n \t\t $hex4= {2473343d2022536f66} \n \n \tcondition: \n \t\t2 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_69b555a37e919c3e6c24cfe183952cdb695255f9458b25d00d15e204d96c737b Group", "expiration": null, "is_active": 1 }, { "id": 44913, "indicator": "03c5690728b7dffb2f4ab947fe390264751428aa", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-808733", "description": "SHA1 of 3a2ba475bf6a60dbe3ed59330c53c3f7", "expiration": null, "is_active": 1 }, { "id": 1404541349, "indicator": "246543cc4a538472bed0626c159715a963e39dfc69d79f60c3ab227c62277016", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-808733", "description": "SHA256 of 3a2ba475bf6a60dbe3ed59330c53c3f7", "expiration": null, "is_active": 1 }, { "id": 5118, "indicator": "c3d8a548fa0525e1e55aa592e14303fc6964d28d", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of f16dff8ec8702518471f637eb5313ab2", "expiration": null, "is_active": 1 }, { "id": 1404540990, "indicator": "2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of f16dff8ec8702518471f637eb5313ab2", "expiration": null, "is_active": 1 }, { "id": 3409659110, "indicator": "83ee068af6d818e5a93a0adcd03f145bc9b37e39", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_29_2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f16dff8ec8702518471f637eb5313ab2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreateThread failed\" fullword wide \n \t\t $s2= \"CryptProtectMemory failed\" fullword wide \n \t\t $s3= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s4= \"&Destination folder\" fullword wide \n \t\t $s5= \"Extraction progress\" fullword wide \n \t\t $s6= \"Installation progress\" fullword wide \n \t\t $s7= \"jmsctls_progress32\" fullword wide \n \t\t $s8= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s9= \"ProgramFilesDir\" fullword wide \n \t\t $s10= \"RarHtmlClassName\" fullword wide \n \t\t $s11= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s12= \"SeRestorePrivilege\" fullword wide \n \t\t $s13= \"SeSecurityPrivilege\" fullword wide \n \t\t $s14= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s15= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s16= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {43??72??65??61??74??65??54??68??72??65??61??64??20??66??61??69??6c??65??64??0a??} \n \t\t $hex3= {43??72??79??70??74??50??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {43??72??79??70??74??55??6e??70??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex5= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex6= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex7= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex8= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex9= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex10= {53??65??43??72??65??61??74??65??53??79??6d??62??6f??6c??69??63??4c??69??6e??6b??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex11= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex12= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex13= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex14= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex15= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex16= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_APT_29_2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541 Group", "expiration": null, "is_active": 1 }, { "id": 3409659111, "indicator": "a6b4634273031a9e081934d275f2fa8c7f2668ea", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_29_ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_29_ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37c394e3e15d211a050446bc90edac94\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"12.0.7601.18150\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s3= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s4= \"accDefaultAction\" fullword wide \n \t\t $s5= \"accDoDefaultAction\" fullword wide \n \t\t $s6= \"accKeyboardShortcut\" fullword wide \n \t\t $s7= \"AfxClosePending\" fullword wide \n \t\t $s8= \"AfxControlBar100su\" fullword wide \n \t\t $s9= \"AfxFrameOrView100su\" fullword wide \n \t\t $s10= \"AfxMDIFrame100su\" fullword wide \n \t\t $s11= \"AfxOldWndProc423\" fullword wide \n \t\t $s12= \"AfxOleControl100su\" fullword wide \n \t\t $s13= \"AFX_SUPERBAR_TAB\" fullword wide \n \t\t $s14= \"AFX_WM_CHANGE_CURRENT_FOLDER\" fullword wide \n \t\t $s15= \"AFX_WM_CHANGEVISUALMANAGER\" fullword wide \n \t\t $s16= \"AFX_WM_GETDRAGBOUNDS\" fullword wide \n \t\t $s17= \"AFX_WM_ON_CANCELTABMOVE\" fullword wide \n \t\t $s18= \"AFX_WM_ONCHANGE_ACTIVE_TAB\" fullword wide \n \t\t $s19= \"AFX_WM_ON_CHANGE_RIBBON_CATEGORY\" fullword wide \n \t\t $s20= \"AFX_WM_ON_CHANGING_ACTIVE_TAB\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {31??32??2e??30??2e??37??36??30??31??2e??31??38??31??35??30??0a??} \n \t\t $hex4= {41??46??58??5f??53??55??50??45??52??42??41??52??5f??54??41??42??0a??} \n \t\t $hex5= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??56??49??53??55??41??4c??4d??41??4e??41??47??45??52??0a??} \n \t\t $hex6= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??5f??43??55??52??52??45??4e??54??5f??46??4f??4c??44??45??52??0a??} \n \t\t $hex7= {41??46??58??5f??57??4d??5f??47??45??54??44??52??41??47??42??4f??55??4e??44??53??0a??} \n \t\t $hex8= {41??46??58??5f??57??4d??5f??4f??4e??43??48??41??4e??47??45??5f??41??43??54??49??56??45??5f??54??41??42??0a??} \n \t\t $hex9= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??41??4e??43??45??4c??54??41??42??4d??4f??56??45??0a??} \n \t\t $hex10= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??48??41??4e??47??45??5f??52??49??42??42??4f??4e??5f??43??41??54??45??47??4f??} \n \t\t $hex11= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??48??41??4e??47??49??4e??47??5f??41??43??54??49??56??45??5f??54??41??42??0a??} \n \t\t $hex12= {41??66??78??43??6c??6f??73??65??50??65??6e??64??69??6e??67??0a??} \n \t\t $hex13= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??31??30??30??73??75??0a??} \n \t\t $hex14= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??31??30??30??73??75??0a??} \n \t\t $hex15= {41??66??78??4d??44??49??46??72??61??6d??65??31??30??30??73??75??0a??} \n \t\t $hex16= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex17= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??31??30??30??73??75??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_29_ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659112, "indicator": "aa27714c8191159f41b3107a5ebe4759c63d6e2d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"db6e36f962fdb58c8e9f8f9a781fda66\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_239d71eadc647bad458c0115e55820b648e082db014937895f835601beb7e3b8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659113, "indicator": "35c749c8a55716c0b01318e4a266c8f9f8fe15a4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0e2b10015fe52b7ea77a213f0c330557\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Adobe Photoshop\" fullword wide \n \t\t $s2= \"DocumentSummaryInformation\" fullword wide \n \t\t $s3= \"*G{000204EF-0_VBA_PROJECT\" fullword wide \n \t\t $s4= \"SummaryInformation\" fullword wide \n \t\t $s5= \"_VBA_PROJECT_CUR\" fullword wide \n \n \t\t $hex1= {2a??47??7b??30??30??30??32??30??34??45??46??2d??30??5f??56??42??41??5f??50??52??4f??4a??45??43??54??0a??} \n \t\t $hex2= {41??64??6f??62??65??20??50??68??6f??74??6f??73??68??6f??70??0a??} \n \t\t $hex3= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex4= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex5= {5f??56??42??41??5f??50??52??4f??4a??45??43??54??5f??43??55??52??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_21_c9d63df38d0bcee81ecd45e68a294fb59ff52a884bccd1b47dc23d84b7412ff5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659114, "indicator": "59e5001e1d332dc3753366791d7605f6f7f1c590", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1f26e5f9b44c28b37b6cd13283838366\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f Group", "expiration": null, "is_active": 1 }, { "id": 3409659115, "indicator": "2bc242033ade6c95b9ac64c2304eab290e1d7e5d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19a0693480c82f2b7fc8659d8f91717a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_969d32b5d0f68883f758aaaec711dc89fbbaaa1e8744e6a6630586bd524b8bba Group", "expiration": null, "is_active": 1 }, { "id": 3409659116, "indicator": "79726f339dd878b92375d933f7e56ada29c7c59d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"03e8d330abc77a6a9d635d2e7c0e213a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 Group", "expiration": null, "is_active": 1 }, { "id": 3409659117, "indicator": "989b779e98b5e7ae7602826a1f881495ea4eb410", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8d3036a65ac2404d4562cdb927fd3d2c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_4b77375187d1ef7054f6a805cacd2704a59796571ac9e86675a99e10d18048e8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659118, "indicator": "230b49dbf4e0ee6563350a036aac60213e3fac06", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"677f7c42f79a0a58760056529739fdd6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_07c7d7e3f4da80983f09256241d8cc0b3f986f31ef65af2fa87b03c11cdebb65 Group", "expiration": null, "is_active": 1 }, { "id": 3409659119, "indicator": "2fb0ef920a00399653be2f35be384fc1259649dc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6afeec03c8f4bc78fa2b3ad27392b0e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_ed8c6d081a0e946cbfa842d0b749adb42d8fb49a954f2f39ce5c88a7e4a88c26 Group", "expiration": null, "is_active": 1 }, { "id": 3409659120, "indicator": "ec59b3a49dc102aaf873a85a736be352de2c03ef", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-29-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6d00e4f95fba02126b32bb74dc4fec55\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_68e3e9d53ed4f88461c0ee4ff3f04be9e4e03eebfdb77276ac5e6096e37b8cfc Group", "expiration": null, "is_active": 1 }, { "id": 3409659121, "indicator": "67ea02033003fcd899ada74ebfe521ab0f0e1a89", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a0e350787e4134ea91ccb26d17cdf167\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_23f765758b3071fd7f0a36b2040148cf637fd08e6a62fa7d9abf785480673bd0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659122, "indicator": "48a02052a876c25ecf8296b849d277d906c50194", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9c544da8c23826379d60581cce17a483\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_b94e9f69e5f953bab705ddfea8ddaa81906b0396e97e4320078f8b73c2cc8f5f Group", "expiration": null, "is_active": 1 }, { "id": 3409659123, "indicator": "39fd46bebec31db576b78e80e2f41281c6700793", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7b92e9d21bc4db838bc102b289f4fd5f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761 Group", "expiration": null, "is_active": 1 }, { "id": 3409659124, "indicator": "54b3069f48d29136efe08c5567a4474383c20efc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b990752f8266d7648070bea7e24d326f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_5b3e07ff6d930392b8749e68a54b1e04062794d1dafff226fb61ba4baf8bbfc6 Group", "expiration": null, "is_active": 1 }, { "id": 3409659125, "indicator": "350b1028474cd5740145aa96fe3c540dff4910f5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"89bfd463ca76b62c61a548778316567d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf Group", "expiration": null, "is_active": 1 }, { "id": 3409659126, "indicator": "fe39f6cbe0f72d9236f73ca345806c676a351319", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e35b31472a2e603a995198d8e8411ed\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_5faf76b8b06c727a08b34e456ddeb792797fab734cbd878136d85a1f767d8875 Group", "expiration": null, "is_active": 1 }, { "id": 3409659127, "indicator": "e226f94c0e00ab0c55e9ea7caa0f7d68ad729cd9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d04a7f30c83290b86cac8d762dcc2df5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s4= \"sysprepsysprep.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s7= \"Win7Elevate.exe\" fullword wide \n \t\t $s8= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex7= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_21_f4181bf1306d0124ac9c7e65dd2a56d7109676cf3a04d4d6c3e82f7d9648b7ef Group", "expiration": null, "is_active": 1 }, { "id": 3409659128, "indicator": "b006936332f8030c04ef30a79133738f5c0607f5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eb5761c410b5139f23235e9b67964495\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_d374bdb867f5d790d546549cf5ba557a5ed67a914284d1cb65235ade09fc6f2a Group", "expiration": null, "is_active": 1 }, { "id": 3409659129, "indicator": "2c820e11b7790b32e8d28b9a1bddd9b8d597ffc7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"81d92e20f3078bd8e43b226308393e43\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_e2ff053ae52d37c2334cb0c5b94ea7338a38c396590bfad5e443e7fbd8cd0ddb Group", "expiration": null, "is_active": 1 }, { "id": 3409659130, "indicator": "3abdd144ba1d56163ccc50fd3bcdb3f47341245b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"66684b8b82fb5318a41ab7e6abb8dd42\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_3ada04d4b321058fe9cdf4452b58b7157c8dd35229f32765f07508780424dbc1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659184, "indicator": "80f588138249b43a899ac265b57c2872aea7da7d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1169fb2eb93616ced7536a53fb05648\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_5e87701df694fb41aaaba820e581d2ddfd65d9d6ef28e972ecf18b92f40232e3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659185, "indicator": "0c915f64d13a2dd2cd950dd5ddd02565f8c62833", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9b198f1e260700bdcb4740266cd35b3f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_d3a89d42b64d75550a86dd4ae0a7b988e62160b0eff6b1e43038757d15fef40b Group", "expiration": null, "is_active": 1 }, { "id": 3409659186, "indicator": "60cb68f75bee3a981725e65465bb0b3751faf0c4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"22be9cca6e4ec3af327595b890a92fec\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"mailto:dolkun@gmail.com\" fullword wide \n \t\t $s3= \"mailto:gh.kurban@googlemail.com\" fullword wide \n \t\t $s4= \"SummaryInformation\" fullword wide \n \t\t $s5= \"Tabellen Inhalt\" fullword wide \n \t\t $s6= \"WW-Absatz-Standardschriftart\" fullword wide \n \t\t $s7= \"WW-Absatz-Standardschriftart1\" fullword wide \n \t\t $s8= \"WW-Absatz-Standardschriftart11\" fullword wide \n \t\t $s9= \"WW-HTML Schreibmaschine\" fullword wide \n \t\t $s10= \"WW-HTML Vorformatiert\" fullword wide \n \t\t $s11= \"WW-Kommentartext\" fullword wide \n \t\t $s12= \"WW-Kommentarzeichen\" fullword wide \n \n \t\t $hex1= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex2= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex3= {54??61??62??65??6c??6c??65??6e??20??49??6e??68??61??6c??74??0a??} \n \t\t $hex4= {57??57??2d??41??62??73??61??74??7a??2d??53??74??61??6e??64??61??72??64??73??63??68??72??69??66??74??61??72??74??0a??} \n \t\t $hex5= {57??57??2d??41??62??73??61??74??7a??2d??53??74??61??6e??64??61??72??64??73??63??68??72??69??66??74??61??72??74??31??0a??} \n \t\t $hex6= {57??57??2d??41??62??73??61??74??7a??2d??53??74??61??6e??64??61??72??64??73??63??68??72??69??66??74??61??72??74??31??31??} \n \t\t $hex7= {57??57??2d??48??54??4d??4c??20??53??63??68??72??65??69??62??6d??61??73??63??68??69??6e??65??0a??} \n \t\t $hex8= {57??57??2d??48??54??4d??4c??20??56??6f??72??66??6f??72??6d??61??74??69??65??72??74??0a??} \n \t\t $hex9= {57??57??2d??4b??6f??6d??6d??65??6e??74??61??72??74??65??78??74??0a??} \n \t\t $hex10= {57??57??2d??4b??6f??6d??6d??65??6e??74??61??72??7a??65??69??63??68??65??6e??0a??} \n \t\t $hex11= {6d??61??69??6c??74??6f??3a??64??6f??6c??6b??75??6e??40??67??6d??61??69??6c??2e??63??6f??6d??0a??} \n \t\t $hex12= {6d??61??69??6c??74??6f??3a??67??68??2e??6b??75??72??62??61??6e??40??67??6f??6f??67??6c??65??6d??61??69??6c??2e??63??6f??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_21_04c9240d425bec07742dd99d6f75e2205383ef804f2410c8274ff2e74be74ad4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659187, "indicator": "808ea2263a4eb81c611c6cd684312a4dde457852", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d687cfde1c4ea77de1b92ea2f9e90ad5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 Group", "expiration": null, "is_active": 1 }, { "id": 3409659188, "indicator": "e0694c1ef868aaedaa5554d43fd5dbe9a9e20963", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"33334d8dc36c4ee7739fe2f8b448da72\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_84bdce2a3f295407817b75d603e22d7dde66a05b8f944e92e7c61349efaa06fd Group", "expiration": null, "is_active": 1 }, { "id": 3409659189, "indicator": "1d2248e65bc36be6ce0d667d71c37a1cacee3b15", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3b4cf5f1ff8c4187e41c6ab80f000491\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_95900feea66e42a72080e1c4b6188820a30646e691443956ff4a656fa1b40f46 Group", "expiration": null, "is_active": 1 }, { "id": 3409659190, "indicator": "7c34a4876debf86f2abe77b1434cc7f8debc3244", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d80c29813bfbc3cbcbd469249d49ebf3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a Group", "expiration": null, "is_active": 1 }, { "id": 3409659191, "indicator": "496cfeed9e12a6fa6c79b31aef9ee130b155aa3e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e51a4cc0272a98e9eddfec16667603f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331 Group", "expiration": null, "is_active": 1 }, { "id": 3409659192, "indicator": "75d2299773910c53f441472ad4380975bbb45646", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"294da087e6329ae78c1a5fb42b999500\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_b8cd2c4dfc67321dadc514f6393aec1564fbacc4a49f57c888eea5d89a1b7bba Group", "expiration": null, "is_active": 1 }, { "id": 3409659193, "indicator": "e5b59d290b5e6ffd8e73c77f5ca807bd4761e557", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"15e8a1c4d5021e76f933cb1bc895b9c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_666de371c4fa9b36781cc0cfb0964e7fc8cf7a0223e08aa07ecf7e06befc7397 Group", "expiration": null, "is_active": 1 }, { "id": 3409659194, "indicator": "17680cad1acf7e0c83f906a84ebd78a318e88a07", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1dcad7c8f56207b2c423353f0c328755\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_4e6531aa7f8fdb4c21f0559b2b7951afbc2624e9a69a0588c1633508a173ab38 Group", "expiration": null, "is_active": 1 }, { "id": 3409659195, "indicator": "56f4e6ac965b1681b93788f23403636a08ac893b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"852f562812305ad099372109f8e8b189\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_ec119c3389f145f2167d10e5cba67042a0cd0db8265537ea72c2c9d078fa2228 Group", "expiration": null, "is_active": 1 }, { "id": 3409659196, "indicator": "15ac422120f0e3d6057e118c3a9f4167a71e8fb2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-28-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"778c1764dd5c36c1eb96c49a8f8441e6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramData\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s5= \"sysprepsysprep.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s8= \"Win7Elevate.exe\" fullword wide \n \t\t $s9= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex9= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_21_c9c13df22da89f940c7ee711b362c89e3024312f40525636346ab20033196b72 Group", "expiration": null, "is_active": 1 }, { "id": 3409659197, "indicator": "492b7b66a1fa8f11737daf47b1fa3216044920c7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6de813a22b2b73e330085ec7c85e041b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s4= \"sysprepsysprep.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s7= \"Win7Elevate.exe\" fullword wide \n \t\t $s8= \"Win7Elevate proof-of-concept\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex5= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex6= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex7= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex8= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_21_067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659198, "indicator": "a9d910df0be3f734a09bceac0d3c7a96a02e68dc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"81591ae1c975b8a0b5ad5546a103992c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s3= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s4= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s5= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s6= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s7= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s8= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s9= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s10= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex5= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex6= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex7= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex8= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex9= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex10= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_21_213575cde5a1a5c8a70251159c7b1fba9de26e9d979929a66c0aa39fc57008c1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659199, "indicator": "4000432321429bfe5d9a1afc23f6f818e71b02c8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af { \n \tmeta: \n \t\t description= \"APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e5b1ffd2ecd7e610d07d093d65639da9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",44w#!9:7.83!Nd\" fullword wide \n \t\t $s2= \"C:ProgramData\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"~h3{p{i*ffs~f}jn\" fullword wide \n \t\t $s5= \".[HXLhzL,hf||eerhh|)|`qq\" fullword wide \n \t\t $s6= \"HYte8%UDQ@ u`9(`ud\" fullword wide \n \t\t $s7= \"kbny%lU@pAXJ\" fullword wide \n \t\t $s8= \"`md|s6U{l{zf7E8)\" fullword wide \n \t\t $s9= \"|mxitepal}hydu`q%hydu`q|mxitepa\" fullword wide \n \t\t $s10= \"okcua7r|wan+erbsAM^\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"sysprepCRYPTBASE.dll\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"Win7ElevateDLL.dll\" fullword wide \n \t\t $s16= \"Win7Elevate.exe\" fullword wide \n \t\t $s17= \"Win7Elevate proof-of-concept\" fullword wide \n \t\t $s18= \"yh}lq`udixm|apet1xm|apetyh}lq`ud\" fullword wide \n \t\t $s19= \"/ZIYEi{M-}kww`)9=dx{5fteC\" fullword wide \n \n \t\t $hex1= {2c??34??34??77??23??21??39??3a??37??2e??38??33??21??4e??64??0a??} \n \t\t $hex2= {2e??5b??48??58??4c??68??7a??4c??2c??68??66??7c??7c??65??65??72??68??68??7c??29??7c??60??71??71??0a??} \n \t\t $hex3= {2f??5a??49??59??45??69??7b??4d??2d??7d??6b??77??77??60??29??39??3d??64??78??7b??35??66??74??65??43??0a??} \n \t\t $hex4= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {48??59??74??65??38??25??55??44??51??40??20??75??60??39??28??60??75??64??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??69??6e??37??45??6c??65??76??61??74??65??20??70??72??6f??6f??66??2d??6f??66??2d??63??6f??6e??63??65??70??74??0a??} \n \t\t $hex10= {57??69??6e??37??45??6c??65??76??61??74??65??2e??65??78??65??0a??} \n \t\t $hex11= {57??69??6e??37??45??6c??65??76??61??74??65??44??4c??4c??2e??64??6c??6c??0a??} \n \t\t $hex12= {60??6d??64??7c??73??36??55??7b??6c??7b??7a??66??37??45??38??29??0a??} \n \t\t $hex13= {6b??62??6e??79??25??6c??55??40??70??41??58??4a??0a??} \n \t\t $hex14= {6f??6b??63??75??61??37??72??7c??77??61??6e??2b??65??72??62??73??41??4d??5e??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??0a??} \n \t\t $hex16= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex17= {79??68??7d??6c??71??60??75??64??69??78??6d??7c??61??70??65??74??31??78??6d??7c??61??70??65??74??79??68??7d??6c??71??60??} \n \t\t $hex18= {7c??6d??78??69??74??65??70??61??6c??7d??68??79??64??75??60??71??25??68??79??64??75??60??71??7c??6d??78??69??74??65??70??} \n \t\t $hex19= {7e??68??33??7b??70??7b??69??2a??66??66??73??7e??66??7d??6a??6e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_21_066bf4cca227eae7a9e46e65fa518c08673ae7cc19e9563d36a7e4a1325f14af Group", "expiration": null, "is_active": 1 }, { "id": 3409659200, "indicator": "e442f9307c17ada894e2e8170a79b173bea8a061", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_076f69134533003015381c3ce22752a2d259e580f9b6747ad3fe896576a15131 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_076f69134533003015381c3ce22752a2d259e580f9b6747ad3fe896576a15131 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"378177ddc1fd7d213b79c033da26327d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Catch...\" fullword wide \n \t\t $s2= \"About DebugView\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"&Append Comment Ctrl+I\" fullword wide \n \t\t $s7= \"APPICONDISABLED\" fullword wide \n \t\t $s8= \"&Auto Scroll Ctrl+A\" fullword wide \n \t\t $s9= \"Autoscroll (Ctrl+A)\" fullword wide \n \t\t $s10= \"Capture (Ctrl+E)\" fullword wide \n \t\t $s11= \"&Capture Events Ctrl+E\" fullword wide \n \t\t $s12= \"Capture &Kernel Ctrl+K\" fullword wide \n \t\t $s13= \"Capture &Win32 Ctrl+W\" fullword wide \n \t\t $s14= \"Clear &Display Ctrl+X\" fullword wide \n \t\t $s15= \"Clock &Time Ctrl+T\" fullword wide \n \t\t $s16= \"&Color choices:\" fullword wide \n \t\t $s17= \"CONNECT CONNECTED CRASHDUMP\" fullword wide \n \t\t $s18= \"&Connect... Ctrl+R\" fullword wide \n \t\t $s19= \"DbgQueryDebugFilterState\" fullword wide \n \t\t $s20= \"DbgSetDebugFilterState\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??74??63??68??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??70??70??65??6e??64??20??43??6f??6d??6d??65??6e??74??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex3= {26??41??75??74??6f??20??53??63??72??6f??6c??6c??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex4= {26??43??61??70??74??75??72??65??20??45??76??65??6e??74??73??20??43??74??72??6c??2b??45??0a??} \n \t\t $hex5= {26??43??6f??6c??6f??72??20??63??68??6f??69??63??65??73??3a??0a??} \n \t\t $hex6= {26??43??6f??6e??6e??65??63??74??2e??2e??2e??20??43??74??72??6c??2b??52??0a??} \n \t\t $hex7= {41??50??50??49??43??4f??4e??44??49??53??41??42??4c??45??44??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??44??65??62??75??67??56??69??65??77??0a??} \n \t\t $hex9= {41??75??74??6f??73??63??72??6f??6c??6c??20??28??43??74??72??6c??2b??41??29??0a??} \n \t\t $hex10= {43??4f??4e??4e??45??43??54??20??43??4f??4e??4e??45??43??54??45??44??20??43??52??41??53??48??44??55??4d??50??0a??} \n \t\t $hex11= {43??61??70??74??75??72??65??20??26??4b??65??72??6e??65??6c??20??43??74??72??6c??2b??4b??0a??} \n \t\t $hex12= {43??61??70??74??75??72??65??20??26??57??69??6e??33??32??20??43??74??72??6c??2b??57??0a??} \n \t\t $hex13= {43??61??70??74??75??72??65??20??28??43??74??72??6c??2b??45??29??0a??} \n \t\t $hex14= {43??6c??65??61??72??20??26??44??69??73??70??6c??61??79??20??43??74??72??6c??2b??58??0a??} \n \t\t $hex15= {43??6c??6f??63??6b??20??26??54??69??6d??65??20??43??74??72??6c??2b??54??0a??} \n \t\t $hex16= {44??62??67??51??75??65??72??79??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex17= {44??62??67??53??65??74??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_076f69134533003015381c3ce22752a2d259e580f9b6747ad3fe896576a15131 Group", "expiration": null, "is_active": 1 }, { "id": 3409659201, "indicator": "56acb4cebeb3b8bddfeb8d0add4a4237561ed7ef", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8def236d23dea950d9b1b222cb9a463a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"9.0.0 build-812388\" fullword wide \n \t\t $s2= \"AVMwareUnityVMListHookWnd\" fullword wide \n \t\t $s3= \"Component Categories\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"HKEY_CURRENT_CONFIG\" fullword wide \n \t\t $s6= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s7= \"HKEY_LOCAL_MACHINE\" fullword wide \n \t\t $s8= \"HKEY_PERFORMANCE_DATA\" fullword wide \n \t\t $s9= \"OriginalFilename\" fullword wide \n \t\t $s10= \"vmware-unity-helper.exe\" fullword wide \n \t\t $s11= \"VMware Workstation\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {39??2e??30??2e??30??20??62??75??69??6c??64??2d??38??31??32??33??38??38??0a??} \n \t\t $hex2= {41??56??4d??77??61??72??65??55??6e??69??74??79??56??4d??4c??69??73??74??48??6f??6f??6b??57??6e??64??0a??} \n \t\t $hex3= {43??6f??6d??70??6f??6e??65??6e??74??20??43??61??74??65??67??6f??72??69??65??73??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??43??4f??4e??46??49??47??0a??} \n \t\t $hex6= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex7= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex8= {48??4b??45??59??5f??50??45??52??46??4f??52??4d??41??4e??43??45??5f??44??41??54??41??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {56??4d??77??61??72??65??20??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex11= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex12= {76??6d??77??61??72??65??2d??75??6e??69??74??79??2d??68??65??6c??70??65??72??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e Group", "expiration": null, "is_active": 1 }, { "id": 3409659202, "indicator": "4b1c75747dc0684b51a3cb25d6503202b8f07378", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_e3cb14970160faf8181481af8c7d830f31b91d4a7ea95bb2891fbfccb6e43a87 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_e3cb14970160faf8181481af8c7d830f31b91d4a7ea95bb2891fbfccb6e43a87 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9bc355cbb5473f4f248f3e2be028ec0b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Catch...\" fullword wide \n \t\t $s2= \"About DebugView\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"&Append Comment Ctrl+I\" fullword wide \n \t\t $s7= \"APPICONDISABLED\" fullword wide \n \t\t $s8= \"&Auto Scroll Ctrl+A\" fullword wide \n \t\t $s9= \"Autoscroll (Ctrl+A)\" fullword wide \n \t\t $s10= \"Capture (Ctrl+E)\" fullword wide \n \t\t $s11= \"&Capture Events Ctrl+E\" fullword wide \n \t\t $s12= \"Capture &Kernel Ctrl+K\" fullword wide \n \t\t $s13= \"Capture &Win32 Ctrl+W\" fullword wide \n \t\t $s14= \"Clear &Display Ctrl+X\" fullword wide \n \t\t $s15= \"Clock &Time Ctrl+T\" fullword wide \n \t\t $s16= \"&Color choices:\" fullword wide \n \t\t $s17= \"CONNECT CONNECTED CRASHDUMP\" fullword wide \n \t\t $s18= \"&Connect... Ctrl+R\" fullword wide \n \t\t $s19= \"DbgQueryDebugFilterState\" fullword wide \n \t\t $s20= \"DbgSetDebugFilterState\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??74??63??68??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??70??70??65??6e??64??20??43??6f??6d??6d??65??6e??74??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex3= {26??41??75??74??6f??20??53??63??72??6f??6c??6c??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex4= {26??43??61??70??74??75??72??65??20??45??76??65??6e??74??73??20??43??74??72??6c??2b??45??0a??} \n \t\t $hex5= {26??43??6f??6c??6f??72??20??63??68??6f??69??63??65??73??3a??0a??} \n \t\t $hex6= {26??43??6f??6e??6e??65??63??74??2e??2e??2e??20??43??74??72??6c??2b??52??0a??} \n \t\t $hex7= {41??50??50??49??43??4f??4e??44??49??53??41??42??4c??45??44??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??44??65??62??75??67??56??69??65??77??0a??} \n \t\t $hex9= {41??75??74??6f??73??63??72??6f??6c??6c??20??28??43??74??72??6c??2b??41??29??0a??} \n \t\t $hex10= {43??4f??4e??4e??45??43??54??20??43??4f??4e??4e??45??43??54??45??44??20??43??52??41??53??48??44??55??4d??50??0a??} \n \t\t $hex11= {43??61??70??74??75??72??65??20??26??4b??65??72??6e??65??6c??20??43??74??72??6c??2b??4b??0a??} \n \t\t $hex12= {43??61??70??74??75??72??65??20??26??57??69??6e??33??32??20??43??74??72??6c??2b??57??0a??} \n \t\t $hex13= {43??61??70??74??75??72??65??20??28??43??74??72??6c??2b??45??29??0a??} \n \t\t $hex14= {43??6c??65??61??72??20??26??44??69??73??70??6c??61??79??20??43??74??72??6c??2b??58??0a??} \n \t\t $hex15= {43??6c??6f??63??6b??20??26??54??69??6d??65??20??43??74??72??6c??2b??54??0a??} \n \t\t $hex16= {44??62??67??51??75??65??72??79??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex17= {44??62??67??53??65??74??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_e3cb14970160faf8181481af8c7d830f31b91d4a7ea95bb2891fbfccb6e43a87 Group", "expiration": null, "is_active": 1 }, { "id": 3409659203, "indicator": "365866cbe6fe97c41dd6d72cc668c2fb41f900cd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_9c1b6e78e61eff42724eb4d7b009636fea0fa69b830d94344019c0988ef2aebe { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_9c1b6e78e61eff42724eb4d7b009636fea0fa69b830d94344019c0988ef2aebe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"57dfd2ec5401d9a3d68b4d125e1eb308\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"!$).056;>ACENQV[_`eimuz\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"http://e.mail.ru/cgi-bin/login\" fullword wide \n \t\t $s4= \"http://facebook.com\" fullword wide \n \t\t $s5= \"http://mail.126.com\" fullword wide \n \t\t $s6= \"http://mail.163.com\" fullword wide \n \t\t $s7= \"http://mail.qip.ru\" fullword wide \n \t\t $s8= \"http://mail.sina.com.cn\" fullword wide \n \t\t $s9= \"http://members.sina.com/index.php\" fullword wide \n \t\t $s10= \"http://passport.yandex.ru/passport\" fullword wide \n \t\t $s11= \"https://fastmail.fm/mail\" fullword wide \n \t\t $s12= \"https://login.live.com/login.srf\" fullword wide \n \t\t $s13= \"https://www.inbox.com/login.aspx\" fullword wide \n \t\t $s14= \"https://www.zoho.com/login.html\" fullword wide \n \t\t $s15= \"http://twitter.com\" fullword wide \n \t\t $s16= \"http://www.bigstring.com\" fullword wide \n \t\t $s17= \"http://www.gawab.com\" fullword wide \n \t\t $s18= \"http://www.gmx.com\" fullword wide \n \t\t $s19= \"http://www.mail.com/int\" fullword wide \n \t\t $s20= \"http://www.mail.lycos.com\" fullword wide \n \n \t\t $hex1= {21??24??29??2e??30??35??36??3b??3e??41??43??45??4e??51??56??5b??5f??60??65??69??6d??75??7a??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {68??74??74??70??3a??2f??2f??65??2e??6d??61??69??6c??2e??72??75??2f??63??67??69??2d??62??69??6e??2f??6c??6f??67??69??6e??} \n \t\t $hex4= {68??74??74??70??3a??2f??2f??66??61??63??65??62??6f??6f??6b??2e??63??6f??6d??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??32??36??2e??63??6f??6d??0a??} \n \t\t $hex6= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??36??33??2e??63??6f??6d??0a??} \n \t\t $hex7= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??71??69??70??2e??72??75??0a??} \n \t\t $hex8= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??73??69??6e??61??2e??63??6f??6d??2e??63??6e??0a??} \n \t\t $hex9= {68??74??74??70??3a??2f??2f??6d??65??6d??62??65??72??73??2e??73??69??6e??61??2e??63??6f??6d??2f??69??6e??64??65??78??2e??} \n \t\t $hex10= {68??74??74??70??3a??2f??2f??70??61??73??73??70??6f??72??74??2e??79??61??6e??64??65??78??2e??72??75??2f??70??61??73??73??} \n \t\t $hex11= {68??74??74??70??3a??2f??2f??74??77??69??74??74??65??72??2e??63??6f??6d??0a??} \n \t\t $hex12= {68??74??74??70??3a??2f??2f??77??77??77??2e??62??69??67??73??74??72??69??6e??67??2e??63??6f??6d??0a??} \n \t\t $hex13= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??61??77??61??62??2e??63??6f??6d??0a??} \n \t\t $hex14= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??6d??78??2e??63??6f??6d??0a??} \n \t\t $hex15= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??63??6f??6d??2f??69??6e??74??0a??} \n \t\t $hex16= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??6c??79??63??6f??73??2e??63??6f??6d??0a??} \n \t\t $hex17= {68??74??74??70??73??3a??2f??2f??66??61??73??74??6d??61??69??6c??2e??66??6d??2f??6d??61??69??6c??0a??} \n \t\t $hex18= {68??74??74??70??73??3a??2f??2f??6c??6f??67??69??6e??2e??6c??69??76??65??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??73??} \n \t\t $hex19= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??69??6e??62??6f??78??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??61??73??} \n \t\t $hex20= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??7a??6f??68??6f??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??68??74??6d??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_9c1b6e78e61eff42724eb4d7b009636fea0fa69b830d94344019c0988ef2aebe Group", "expiration": null, "is_active": 1 }, { "id": 3409659254, "indicator": "ddca34104edce914b175703b7e69e046fa86f88c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_77fd82b9c32cc158df0d50e3bf32a775b35fa8dae5eba43a4f2132c7b84cd976 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_77fd82b9c32cc158df0d50e3bf32a775b35fa8dae5eba43a4f2132c7b84cd976 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0d48f948b3c47d0c08e8ee026b8f4670\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Edown_mfc...\" fullword wide \n \t\t $s2= \"About Edown_mfc\" fullword wide \n \t\t $s3= \"Edown_mfc Application\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Invalid filename.\" fullword wide \n \t\t $s6= \"LegalTrademarks\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??0a??} \n \t\t $hex3= {45??64??6f??77??6e??5f??6d??66??63??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_77fd82b9c32cc158df0d50e3bf32a775b35fa8dae5eba43a4f2132c7b84cd976 Group", "expiration": null, "is_active": 1 }, { "id": 3409659255, "indicator": "http://www.hxedu.com.cn/", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659256, "indicator": "http://www.phei.com.cn/", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659257, "indicator": "110fb1f9470f9aaf0177393ee553f1c72dd2bf5c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_0efd49bfbdc8655e5db47d45b6ce4c2c64d6152665f45ef7ac57f04459369487 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_0efd49bfbdc8655e5db47d45b6ce4c2c64d6152665f45ef7ac57f04459369487 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"729a2f6c7e95075ff36947bc5811a5d3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"http://www.hxedu.com.cn/\" fullword wide \n \t\t $s2= \"http://www.phei.com.cn/\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"pheibookbook.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex2= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex3= {68??74??74??70??3a??2f??2f??77??77??77??2e??68??78??65??64??75??2e??63??6f??6d??2e??63??6e??2f??0a??} \n \t\t $hex4= {68??74??74??70??3a??2f??2f??77??77??77??2e??70??68??65??69??2e??63??6f??6d??2e??63??6e??2f??0a??} \n \t\t $hex5= {70??68??65??69??62??6f??6f??6b??62??6f??6f??6b??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_0efd49bfbdc8655e5db47d45b6ce4c2c64d6152665f45ef7ac57f04459369487 Group", "expiration": null, "is_active": 1 }, { "id": 3409659258, "indicator": "www.hxedu.com.cn", "type": "hostname", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659259, "indicator": "www.phei.com.cn", "type": "hostname", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659260, "indicator": "f1d4159f0bfe7ced89d4d510aed28bb5a7b72aba", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_de4ff8901766e8fc89e8443f8732394618bf925ce29b6a8aafe1d60f496e7f0e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_de4ff8901766e8fc89e8443f8732394618bf925ce29b6a8aafe1d60f496e7f0e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1971ee25847d246116835c7157cf7f89\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_de4ff8901766e8fc89e8443f8732394618bf925ce29b6a8aafe1d60f496e7f0e Group", "expiration": null, "is_active": 1 }, { "id": 3409659261, "indicator": "a377c65d6779e52c913f957ea54fc800d9782026", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_8582ad6a157bbd9e483a334ccf8e6c417db6b23587904549fbc89089979b395b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_8582ad6a157bbd9e483a334ccf8e6c417db6b23587904549fbc89089979b395b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2024679f61cf9ab60342eca58360737f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Edown_mfc...\" fullword wide \n \t\t $s2= \"About Edown_mfc\" fullword wide \n \t\t $s3= \"Edown_mfc Application\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Invalid filename.\" fullword wide \n \t\t $s6= \"LegalTrademarks\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??0a??} \n \t\t $hex3= {45??64??6f??77??6e??5f??6d??66??63??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_8582ad6a157bbd9e483a334ccf8e6c417db6b23587904549fbc89089979b395b Group", "expiration": null, "is_active": 1 }, { "id": 3409659262, "indicator": "f353e726bc8cda665c6b65d6effedeaf0e28999f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_5f23a3442fa4515ebba8e24f2254b52b3e4b000f12843a4f612da65de38db1de { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_5f23a3442fa4515ebba8e24f2254b52b3e4b000f12843a4f612da65de38db1de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1ec49ae6d535bfb3789d498f4fd0224f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_5f23a3442fa4515ebba8e24f2254b52b3e4b000f12843a4f612da65de38db1de Group", "expiration": null, "is_active": 1 }, { "id": 3409659263, "indicator": "319a0923890652a2a9fd891464fa937bfbeec41d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6619a4ff7f0478f8c15fc0391651a1694afe876d25ebd07e3da08167e4f0b3d3 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6619a4ff7f0478f8c15fc0391651a1694afe876d25ebd07e3da08167e4f0b3d3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"60af79fb0bd2c9f33375035609c931cb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6619a4ff7f0478f8c15fc0391651a1694afe876d25ebd07e3da08167e4f0b3d3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659264, "indicator": "d82a966e4a2370b2a7417b2956c96b3cfb1b55eb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_38f1e3b2fa64fb1cead2e022521998a1fb89416973d60e5492e589a99d92a13e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_38f1e3b2fa64fb1cead2e022521998a1fb89416973d60e5492e589a99d92a13e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"16139ce9025274a388a4281fef65049e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_38f1e3b2fa64fb1cead2e022521998a1fb89416973d60e5492e589a99d92a13e Group", "expiration": null, "is_active": 1 }, { "id": 3409659265, "indicator": "fed563113648dfd9329f9b3cf34e993163ee3c4f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_3f7c3bd8619fcbf81d21b9cc259dcdf857c4570065315934de497b88bca06708 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_3f7c3bd8619fcbf81d21b9cc259dcdf857c4570065315934de497b88bca06708 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"77669d11c3248a6553d3c15cd1d8a60e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"DeviceNDISKPRO\" fullword wide \n \t\t $s5= \"DosDevicesNDISKPRO\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??4e??44??49??53??4b??50??52??4f??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??4e??44??49??53??4b??50??52??4f??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex7= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_3f7c3bd8619fcbf81d21b9cc259dcdf857c4570065315934de497b88bca06708 Group", "expiration": null, "is_active": 1 }, { "id": 3409659266, "indicator": "e9dcf84c186ea7a48230eecc4cd29071d196d1d9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"42b9fea2ec56a90cefeecee3c84aade0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_58cfecb2308cdabb356371649ac082a127879290b20edba05ab75561671b52c5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659267, "indicator": "59971cd0e6a1478b4b5ee5605a971b6495dfe391", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_094bf3f13ab27384b217aa2013cd555cfe297ffcc4fb2fec58016051cfa7dfaa { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_094bf3f13ab27384b217aa2013cd555cfe297ffcc4fb2fec58016051cfa7dfaa Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"72869fc63d0ba875dfc539d2bcd48e4d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_094bf3f13ab27384b217aa2013cd555cfe297ffcc4fb2fec58016051cfa7dfaa Group", "expiration": null, "is_active": 1 }, { "id": 3254610816, "indicator": "f5062103792b41ffbe3ca9fbed6f9ab345081bbf", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32/Roficor.A, Win32/Garveep.E", "description": "SHA1 of ede6a67f7956686f753819c46f496c84", "expiration": null, "is_active": 1 }, { "id": 3254610817, "indicator": "76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32/Roficor.A, Win32/Garveep.E", "description": "SHA256 of ede6a67f7956686f753819c46f496c84", "expiration": null, "is_active": 1 }, { "id": 3409659268, "indicator": "b729d82de102a792544e28141cd543c39c6cfb94", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ede6a67f7956686f753819c46f496c84\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_76b9b9b82e695719e6fcf6742ac828c606241da2424c7e9ce9d0f8bacc4fcff4 Group", "expiration": null, "is_active": 1 }, { "id": 3254598720, "indicator": "0be64d83e465beaac567ff41de244a750ade92d5", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA1 of 5f05b4aff89a07dbac9914ae3cf1314f", "expiration": null, "is_active": 1 }, { "id": 3254598721, "indicator": "f7fafc73621f44cdd8994151537da12c665ae9953bab22360871af59ffd646fd", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Virus:Win32/Nemim.A", "description": "SHA256 of 5f05b4aff89a07dbac9914ae3cf1314f", "expiration": null, "is_active": 1 }, { "id": 3409659269, "indicator": "959c7fc228b862bf105a723171b46414543418a9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f7fafc73621f44cdd8994151537da12c665ae9953bab22360871af59ffd646fd { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f7fafc73621f44cdd8994151537da12c665ae9953bab22360871af59ffd646fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5f05b4aff89a07dbac9914ae3cf1314f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"File Encryption\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SBLEFT SBLEFTDIS\" fullword wide \n \t\t $s6= \"SBRIGHTDIS SBRIGHTDN\" fullword wide \n \t\t $s7= \"TRACK TRACKVERT\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??20??45??6e??63??72??79??70??74??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??42??4c??45??46??54??20??53??42??4c??45??46??54??44??49??53??0a??} \n \t\t $hex6= {53??42??52??49??47??48??54??44??49??53??20??53??42??52??49??47??48??54??44??4e??0a??} \n \t\t $hex7= {54??52??41??43??4b??20??54??52??41??43??4b??56??45??52??54??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f7fafc73621f44cdd8994151537da12c665ae9953bab22360871af59ffd646fd Group", "expiration": null, "is_active": 1 }, { "id": 3409659270, "indicator": "8a099f1b97ff462651044efebe0ca64af50ff832", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_49bb40ab78fa4834b45a2bd479637e81b56dbb7f299b620c2ebf3af922af7c7e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_49bb40ab78fa4834b45a2bd479637e81b56dbb7f299b620c2ebf3af922af7c7e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9ba119cf7107d6f4f910447c90c4985d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ConnectionMadeNoQOCInfo\" fullword wide \n \t\t $s2= \"EventSystem.EventSubscription\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Interactive User\" fullword wide \n \t\t $s5= \"LegalTrademarks1\" fullword wide \n \t\t $s6= \"LegalTrademarks2\" fullword wide \n \t\t $s7= \"Microsoft Corporation\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"PCHealthErrorRep\" fullword wide \n \t\t $s10= \"SubscriptionID=%s\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??6f??6e??6e??65??63??74??69??6f??6e??4d??61??64??65??4e??6f??51??4f??43??49??6e??66??6f??0a??} \n \t\t $hex2= {45??76??65??6e??74??53??79??73??74??65??6d??2e??45??76??65??6e??74??53??75??62??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {49??6e??74??65??72??61??63??74??69??76??65??20??55??73??65??72??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??31??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??32??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {50??43??48??65??61??6c??74??68??45??72??72??6f??72??52??65??70??0a??} \n \t\t $hex10= {53??75??62??73??63??72??69??70??74??69??6f??6e??49??44??3d??25??73??0a??} \n \t\t $hex11= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_49bb40ab78fa4834b45a2bd479637e81b56dbb7f299b620c2ebf3af922af7c7e Group", "expiration": null, "is_active": 1 }, { "id": 3409659271, "indicator": "bc2b13181768bb5ab0f6dd8cdc71ed1b8f5c9c12", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_ffa97eb4875129646376bc88e9ff99ffeff2c6bba3a06f6727d5f343fc7f6b51 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_ffa97eb4875129646376bc88e9ff99ffeff2c6bba3a06f6727d5f343fc7f6b51 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-27-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"00d8dd7ec8545134bdc2527b4190078b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Mozilla Foundation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \"webapprt-stub.exe\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??6f??7a??69??6c??6c??61??20??46??6f??75??6e??64??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {77??65??62??61??70??70??72??74??2d??73??74??75??62??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_ffa97eb4875129646376bc88e9ff99ffeff2c6bba3a06f6727d5f343fc7f6b51 Group", "expiration": null, "is_active": 1 }, { "id": 3409659272, "indicator": "71b8a0771774bba095497e1f602d1418fa781d61", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_ccc4b5fd8736fe67f2a6e49fd73b7e7bbe82ed51669e47f67179147a79c68315 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_ccc4b5fd8736fe67f2a6e49fd73b7e7bbe82ed51669e47f67179147a79c68315 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c4ac4924544877cd100e53f1115c7df9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_ccc4b5fd8736fe67f2a6e49fd73b7e7bbe82ed51669e47f67179147a79c68315 Group", "expiration": null, "is_active": 1 }, { "id": 3409659273, "indicator": "fa18e338923f814b098f0c7cdb229c1e58179338", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"686738eb5bb8027c524303751117e8a9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceKeyDrvClass\" fullword wide \n \t\t $s2= \"DosDevicesKeyDrvClass\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985 Group", "expiration": null, "is_active": 1 }, { "id": 3409659310, "indicator": "http://www.comicer.com", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659311, "indicator": "f0971ba6066f4756abcdef371a8adc9894523c56", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0b727001dfc90cc354bd2ccabe3c23a5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"#(-27;@EJOTY^chmrw|\" fullword wide \n \t\t $s2= \"Comics Document\" fullword wide \n \t\t $s3= \"ComicsViewer(&A)...\" fullword wide \n \t\t $s4= \"ComicsViewer.Document\" fullword wide \n \t\t $s5= \"ComicsViewer v1.44\" fullword wide \n \t\t $s6= \"DateTimePicker1\" fullword wide \n \t\t $s7= \"http://www.comicer.com\" fullword wide \n \t\t $s8= \"msctls_trackbar32\" fullword wide \n \t\t $s9= \"msctls_updown32\" fullword wide \n \t\t $s10= \"(&P)... Ctrl+A/P\" fullword wide \n \t\t $s11= \"stronghorse@tom.com\" fullword wide \n \t\t $s12= \"SysDateTimePick32\" fullword wide \n \t\t $s13= \"Windows 2000/XP\" fullword wide \n \n \t\t $hex1= {23??28??2d??32??37??3b??40??45??4a??4f??54??59??5e??63??68??6d??72??77??7c??0a??} \n \t\t $hex2= {28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??41??2f??50??0a??} \n \t\t $hex3= {43??6f??6d??69??63??73??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex4= {43??6f??6d??69??63??73??56??69??65??77??65??72??20??76??31??2e??34??34??0a??} \n \t\t $hex5= {43??6f??6d??69??63??73??56??69??65??77??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex6= {43??6f??6d??69??63??73??56??69??65??77??65??72??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex8= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex9= {57??69??6e??64??6f??77??73??20??32??30??30??30??2f??58??50??0a??} \n \t\t $hex10= {68??74??74??70??3a??2f??2f??77??77??77??2e??63??6f??6d??69??63??65??72??2e??63??6f??6d??0a??} \n \t\t $hex11= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \t\t $hex12= {6d??73??63??74??6c??73??5f??75??70??64??6f??77??6e??33??32??0a??} \n \t\t $hex13= {73??74??72??6f??6e??67??68??6f??72??73??65??40??74??6f??6d??2e??63??6f??6d??0a??} \n \n \tcondition: \n \t\t14 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_90b4088896a05f8e448d76c9df08aa928207319dc898f7136eeca19225047709 Group", "expiration": null, "is_active": 1 }, { "id": 3409659312, "indicator": "www.comicer.com", "type": "hostname", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659313, "indicator": "2adc77e58821d0d1e12d648855236d5f005d1e5c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_5f9d069841b5cacbbc2ec63d6e0055a60e41ea30cc469f9c57ade582dc865635 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_5f9d069841b5cacbbc2ec63d6e0055a60e41ea30cc469f9c57ade582dc865635 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a855b983f1f414461de0e813e2f72b24\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"$O*O/O5O:O@OFOLOROnOsO\" fullword wide \n \t\t $s2= \"accessories edit(&A)\" fullword wide \n \t\t $s3= \"accessory files(*.x,*.vac)\" fullword wide \n \t\t $s4= \"accessory file(*.x,*.vac)\" fullword wide \n \t\t $s5= \"anti-aliasing(&H)\" fullword wide \n \t\t $s6= \"AVI files(*.avi)\" fullword wide \n \t\t $s7= \"black background(&D)\" fullword wide \n \t\t $s8= \"Bmp files(*.bmp)\" fullword wide \n \t\t $s9= \"center position\" fullword wide \n \t\t $s10= \"DataDxOpenNI.dll\" fullword wide \n \t\t $s11= \"Dds files(*.dds)\" fullword wide \n \t\t $s12= \"DIB files(*.dib)\" fullword wide \n \t\t $s13= \"display bodies(&D)\" fullword wide \n \t\t $s14= \"English Mode(&E)\" fullword wide \n \t\t $s15= \"enhance model(&M)\" fullword wide \n \t\t $s16= \"facial expression(&M)\" fullword wide \n \t\t $s17= \"full screen(Alt+Enter)\" fullword wide \n \t\t $s18= \"gravity setting\" fullword wide \n \t\t $s19= \"gravity setting(&G)\" fullword wide \n \t\t $s20= \"HDR files(*.hdr)\" fullword wide \n \n \t\t $hex1= {24??4f??2a??4f??2f??4f??35??4f??3a??4f??40??4f??46??4f??4c??4f??52??4f??6e??4f??73??4f??0a??} \n \t\t $hex2= {41??56??49??20??66??69??6c??65??73??28??2a??2e??61??76??69??29??0a??} \n \t\t $hex3= {42??6d??70??20??66??69??6c??65??73??28??2a??2e??62??6d??70??29??0a??} \n \t\t $hex4= {44??49??42??20??66??69??6c??65??73??28??2a??2e??64??69??62??29??0a??} \n \t\t $hex5= {44??61??74??61??44??78??4f??70??65??6e??4e??49??2e??64??6c??6c??0a??} \n \t\t $hex6= {44??64??73??20??66??69??6c??65??73??28??2a??2e??64??64??73??29??0a??} \n \t\t $hex7= {45??6e??67??6c??69??73??68??20??4d??6f??64??65??28??26??45??29??0a??} \n \t\t $hex8= {48??44??52??20??66??69??6c??65??73??28??2a??2e??68??64??72??29??0a??} \n \t\t $hex9= {61??63??63??65??73??73??6f??72??69??65??73??20??65??64??69??74??28??26??41??29??0a??} \n \t\t $hex10= {61??63??63??65??73??73??6f??72??79??20??66??69??6c??65??28??2a??2e??78??2c??2a??2e??76??61??63??29??0a??} \n \t\t $hex11= {61??63??63??65??73??73??6f??72??79??20??66??69??6c??65??73??28??2a??2e??78??2c??2a??2e??76??61??63??29??0a??} \n \t\t $hex12= {61??6e??74??69??2d??61??6c??69??61??73??69??6e??67??28??26??48??29??0a??} \n \t\t $hex13= {62??6c??61??63??6b??20??62??61??63??6b??67??72??6f??75??6e??64??28??26??44??29??0a??} \n \t\t $hex14= {63??65??6e??74??65??72??20??70??6f??73??69??74??69??6f??6e??0a??} \n \t\t $hex15= {64??69??73??70??6c??61??79??20??62??6f??64??69??65??73??28??26??44??29??0a??} \n \t\t $hex16= {65??6e??68??61??6e??63??65??20??6d??6f??64??65??6c??28??26??4d??29??0a??} \n \t\t $hex17= {66??61??63??69??61??6c??20??65??78??70??72??65??73??73??69??6f??6e??28??26??4d??29??0a??} \n \t\t $hex18= {66??75??6c??6c??20??73??63??72??65??65??6e??28??41??6c??74??2b??45??6e??74??65??72??29??0a??} \n \t\t $hex19= {67??72??61??76??69??74??79??20??73??65??74??74??69??6e??67??0a??} \n \t\t $hex20= {67??72??61??76??69??74??79??20??73??65??74??74??69??6e??67??28??26??47??29??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_5f9d069841b5cacbbc2ec63d6e0055a60e41ea30cc469f9c57ade582dc865635 Group", "expiration": null, "is_active": 1 }, { "id": 3409659314, "indicator": "915f20d62b9026d249614d0ad2148c7d1b5b139d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_a6dde34a97c90c12400c1db92ea43b291a4736670324067f7a0b0c5c6a77000b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_a6dde34a97c90c12400c1db92ea43b291a4736670324067f7a0b0c5c6a77000b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"864cd4a59215a7db2740dfbe4a648053\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"!$).056;>ACENQV[_`eimuz\" fullword wide \n \t\t $s2= \"http://e.mail.ru/cgi-bin/login\" fullword wide \n \t\t $s3= \"http://facebook.com\" fullword wide \n \t\t $s4= \"http://mail.126.com\" fullword wide \n \t\t $s5= \"http://mail.163.com\" fullword wide \n \t\t $s6= \"http://mail.qip.ru\" fullword wide \n \t\t $s7= \"http://mail.sina.com.cn\" fullword wide \n \t\t $s8= \"http://members.sina.com/index.php\" fullword wide \n \t\t $s9= \"http://passport.yandex.ru/passport\" fullword wide \n \t\t $s10= \"https://fastmail.fm/mail\" fullword wide \n \t\t $s11= \"https://login.live.com/login.srf\" fullword wide \n \t\t $s12= \"https://www.inbox.com/login.aspx\" fullword wide \n \t\t $s13= \"https://www.zoho.com/login.html\" fullword wide \n \t\t $s14= \"http://twitter.com\" fullword wide \n \t\t $s15= \"http://www.bigstring.com\" fullword wide \n \t\t $s16= \"http://www.gawab.com\" fullword wide \n \t\t $s17= \"http://www.gmx.com\" fullword wide \n \t\t $s18= \"http://www.mail.com/int\" fullword wide \n \t\t $s19= \"http://www.mail.lycos.com\" fullword wide \n \t\t $s20= \"http://www.sohu.com\" fullword wide \n \n \t\t $hex1= {21??24??29??2e??30??35??36??3b??3e??41??43??45??4e??51??56??5b??5f??60??65??69??6d??75??7a??0a??} \n \t\t $hex2= {68??74??74??70??3a??2f??2f??65??2e??6d??61??69??6c??2e??72??75??2f??63??67??69??2d??62??69??6e??2f??6c??6f??67??69??6e??} \n \t\t $hex3= {68??74??74??70??3a??2f??2f??66??61??63??65??62??6f??6f??6b??2e??63??6f??6d??0a??} \n \t\t $hex4= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??32??36??2e??63??6f??6d??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??36??33??2e??63??6f??6d??0a??} \n \t\t $hex6= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??71??69??70??2e??72??75??0a??} \n \t\t $hex7= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??73??69??6e??61??2e??63??6f??6d??2e??63??6e??0a??} \n \t\t $hex8= {68??74??74??70??3a??2f??2f??6d??65??6d??62??65??72??73??2e??73??69??6e??61??2e??63??6f??6d??2f??69??6e??64??65??78??2e??} \n \t\t $hex9= {68??74??74??70??3a??2f??2f??70??61??73??73??70??6f??72??74??2e??79??61??6e??64??65??78??2e??72??75??2f??70??61??73??73??} \n \t\t $hex10= {68??74??74??70??3a??2f??2f??74??77??69??74??74??65??72??2e??63??6f??6d??0a??} \n \t\t $hex11= {68??74??74??70??3a??2f??2f??77??77??77??2e??62??69??67??73??74??72??69??6e??67??2e??63??6f??6d??0a??} \n \t\t $hex12= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??61??77??61??62??2e??63??6f??6d??0a??} \n \t\t $hex13= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??6d??78??2e??63??6f??6d??0a??} \n \t\t $hex14= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??63??6f??6d??2f??69??6e??74??0a??} \n \t\t $hex15= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??6c??79??63??6f??73??2e??63??6f??6d??0a??} \n \t\t $hex16= {68??74??74??70??3a??2f??2f??77??77??77??2e??73??6f??68??75??2e??63??6f??6d??0a??} \n \t\t $hex17= {68??74??74??70??73??3a??2f??2f??66??61??73??74??6d??61??69??6c??2e??66??6d??2f??6d??61??69??6c??0a??} \n \t\t $hex18= {68??74??74??70??73??3a??2f??2f??6c??6f??67??69??6e??2e??6c??69??76??65??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??73??} \n \t\t $hex19= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??69??6e??62??6f??78??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??61??73??} \n \t\t $hex20= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??7a??6f??68??6f??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??68??74??6d??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_a6dde34a97c90c12400c1db92ea43b291a4736670324067f7a0b0c5c6a77000b Group", "expiration": null, "is_active": 1 }, { "id": 3409659315, "indicator": "90094a6dbb3fd4237882a48dfd9baf50c3e7b2db", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_babf823e9cd1af89ab0388a5acc884c0e1367d0ab014f440bfe4a70b4d2207b3 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_babf823e9cd1af89ab0388a5acc884c0e1367d0ab014f440bfe4a70b4d2207b3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"720af0fa1f2633b1b73c278a0a016559\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"IrfanView Installer\" fullword wide \n \t\t $s3= \"iview436_setup.exe\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??72??66??61??6e??56??69??65??77??20??49??6e??73??74??61??6c??6c??65??72??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {69??76??69??65??77??34??33??36??5f??73??65??74??75??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_babf823e9cd1af89ab0388a5acc884c0e1367d0ab014f440bfe4a70b4d2207b3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659316, "indicator": "9218e81fc4431a58a493d6f03cebad6957d41e0e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f33e87ebc24cf366b459daacba87b9dde9ea35c3c1fc83f30bdf98e1b7c647e8 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f33e87ebc24cf366b459daacba87b9dde9ea35c3c1fc83f30bdf98e1b7c647e8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"804dceb3fa2b9bcf65595109b9465bbc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f33e87ebc24cf366b459daacba87b9dde9ea35c3c1fc83f30bdf98e1b7c647e8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659317, "indicator": "3ce1d4b58f2362ae1c5e15c9aa52d8abb35e97af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_618171fc9bb0dba400e4e592299e7847e479d96ed19fd9875210aaf927f5e72a { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_618171fc9bb0dba400e4e592299e7847e479d96ed19fd9875210aaf927f5e72a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b07f6065011621c569fc2decd27056df\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_618171fc9bb0dba400e4e592299e7847e479d96ed19fd9875210aaf927f5e72a Group", "expiration": null, "is_active": 1 }, { "id": 3409659318, "indicator": "8199acff9b95961f24f3fde02ad82a5e8546ccf0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_b3c31a5c57906233681ac8936088ada14adb4d4e4e7c2d7ffe429c5ffaab5b0c { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_b3c31a5c57906233681ac8936088ada14adb4d4e4e7c2d7ffe429c5ffaab5b0c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2431db868ebec1b967f5ad38abfd95c4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%4d-%2d-%2d %2d:%2d:%2d\" fullword wide \n \t\t $s2= \"4XLNetU.dll.new\" fullword wide \n \t\t $s3= \"B%04d-%02d-%02d %02d:%02d:%02d\" fullword wide \n \t\t $s4= \"CInvalid DateTime\" fullword wide \n \t\t $s5= \"CInvalid DateTimeSpan\" fullword wide \n \t\t $s6= \"devicephysicalmemory\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Programerror.dat\" fullword wide \n \t\t $s10= \"TIPSEXTEND_HOME\" fullword wide \n \t\t $s11= \"TipsExtend Module\" fullword wide \n \t\t $s12= \"TipsExtendProp.txt\" fullword wide \n \t\t $s13= \"tipsstat.xunlei.com\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \t\t $s15= \"%Y-%m-%d %H:%M:%S\" fullword wide \n \n \t\t $hex1= {25??34??64??2d??25??32??64??2d??25??32??64??20??25??32??64??3a??25??32??64??3a??25??32??64??0a??} \n \t\t $hex2= {25??59??2d??25??6d??2d??25??64??20??25??48??3a??25??4d??3a??25??53??0a??} \n \t\t $hex3= {34??58??4c??4e??65??74??55??2e??64??6c??6c??2e??6e??65??77??0a??} \n \t\t $hex4= {42??25??30??34??64??2d??25??30??32??64??2d??25??30??32??64??20??25??30??32??64??3a??25??30??32??64??3a??25??30??32??64??} \n \t\t $hex5= {43??49??6e??76??61??6c??69??64??20??44??61??74??65??54??69??6d??65??0a??} \n \t\t $hex6= {43??49??6e??76??61??6c??69??64??20??44??61??74??65??54??69??6d??65??53??70??61??6e??0a??} \n \t\t $hex7= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {50??72??6f??67??72??61??6d??65??72??72??6f??72??2e??64??61??74??0a??} \n \t\t $hex10= {54??49??50??53??45??58??54??45??4e??44??5f??48??4f??4d??45??0a??} \n \t\t $hex11= {54??69??70??73??45??78??74??65??6e??64??20??4d??6f??64??75??6c??65??0a??} \n \t\t $hex12= {54??69??70??73??45??78??74??65??6e??64??50??72??6f??70??2e??74??78??74??0a??} \n \t\t $hex13= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex14= {64??65??76??69??63??65??70??68??79??73??69??63??61??6c??6d??65??6d??6f??72??79??0a??} \n \t\t $hex15= {74??69??70??73??73??74??61??74??2e??78??75??6e??6c??65??69??2e??63??6f??6d??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_b3c31a5c57906233681ac8936088ada14adb4d4e4e7c2d7ffe429c5ffaab5b0c Group", "expiration": null, "is_active": 1 }, { "id": 3409659319, "indicator": "acf854763e6f2551b1aa039e10ed028b1d1657c4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_18d268d11f7d1e80fc195737f34d104745db691768decb994d5ec5588b81d086 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_18d268d11f7d1e80fc195737f34d104745db691768decb994d5ec5588b81d086 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"53dc9866fd77fe4933eea3c08666c7bb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_18d268d11f7d1e80fc195737f34d104745db691768decb994d5ec5588b81d086 Group", "expiration": null, "is_active": 1 }, { "id": 3409659320, "indicator": "720b0e1d00cf002e1329ab40517fd9f709d4d2f4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_00f60edc9acb15a56d49296418a018da4fd7477315e943a8eed26f8c3b6e8651 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_00f60edc9acb15a56d49296418a018da4fd7477315e943a8eed26f8c3b6e8651 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"17c99725043fa1573fd650e57c3c75d3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_00f60edc9acb15a56d49296418a018da4fd7477315e943a8eed26f8c3b6e8651 Group", "expiration": null, "is_active": 1 }, { "id": 3409659321, "indicator": "688573da1acd06aba9b77b39d137db7075ad9f08", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_d6a684b35cac3b7d434187a4623cf4c17864327968aa05a6ee58d89ba6ed9f1c { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_d6a684b35cac3b7d434187a4623cf4c17864327968aa05a6ee58d89ba6ed9f1c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"752c351778a8a18245f132dafdc54599\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxClosePending\" fullword wide \n \t\t $s7= \"AfxControlBar100su\" fullword wide \n \t\t $s8= \"AfxFrameOrView100su\" fullword wide \n \t\t $s9= \"AfxMDIFrame100su\" fullword wide \n \t\t $s10= \"AfxOldWndProc423\" fullword wide \n \t\t $s11= \"AfxOleControl100su\" fullword wide \n \t\t $s12= \"AFX_SUPERBAR_TAB\" fullword wide \n \t\t $s13= \"AFX_WM_CHANGE_CURRENT_FOLDER\" fullword wide \n \t\t $s14= \"AFX_WM_CHANGEVISUALMANAGER\" fullword wide \n \t\t $s15= \"AFX_WM_GETDRAGBOUNDS\" fullword wide \n \t\t $s16= \"@AFX_WM_ON_AFTER_SHELL_COMMAND\" fullword wide \n \t\t $s17= \"AFX_WM_ON_CANCELTABMOVE\" fullword wide \n \t\t $s18= \"AFX_WM_ONCHANGE_ACTIVE_TAB\" fullword wide \n \t\t $s19= \"AFX_WM_ON_CHANGE_RIBBON_CATEGORY\" fullword wide \n \t\t $s20= \"AFX_WM_ON_CHANGING_ACTIVE_TAB\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {40??41??46??58??5f??57??4d??5f??4f??4e??5f??41??46??54??45??52??5f??53??48??45??4c??4c??5f??43??4f??4d??4d??41??4e??44??} \n \t\t $hex4= {41??46??58??5f??53??55??50??45??52??42??41??52??5f??54??41??42??0a??} \n \t\t $hex5= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??56??49??53??55??41??4c??4d??41??4e??41??47??45??52??0a??} \n \t\t $hex6= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??5f??43??55??52??52??45??4e??54??5f??46??4f??4c??44??45??52??0a??} \n \t\t $hex7= {41??46??58??5f??57??4d??5f??47??45??54??44??52??41??47??42??4f??55??4e??44??53??0a??} \n \t\t $hex8= {41??46??58??5f??57??4d??5f??4f??4e??43??48??41??4e??47??45??5f??41??43??54??49??56??45??5f??54??41??42??0a??} \n \t\t $hex9= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??41??4e??43??45??4c??54??41??42??4d??4f??56??45??0a??} \n \t\t $hex10= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??48??41??4e??47??45??5f??52??49??42??42??4f??4e??5f??43??41??54??45??47??4f??} \n \t\t $hex11= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??48??41??4e??47??49??4e??47??5f??41??43??54??49??56??45??5f??54??41??42??0a??} \n \t\t $hex12= {41??66??78??43??6c??6f??73??65??50??65??6e??64??69??6e??67??0a??} \n \t\t $hex13= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??31??30??30??73??75??0a??} \n \t\t $hex14= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??31??30??30??73??75??0a??} \n \t\t $hex15= {41??66??78??4d??44??49??46??72??61??6d??65??31??30??30??73??75??0a??} \n \t\t $hex16= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex17= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??31??30??30??73??75??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_d6a684b35cac3b7d434187a4623cf4c17864327968aa05a6ee58d89ba6ed9f1c Group", "expiration": null, "is_active": 1 }, { "id": 3409659322, "indicator": "32b1bd7a3b586e7005935a9b02127fdc405dd13f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_275035630745793d55693edfb537775534ca75f4344c84b4b2d4047f6b71ddb6 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_275035630745793d55693edfb537775534ca75f4344c84b4b2d4047f6b71ddb6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6f7ec5ff103e4ee038a54816c6b9bc09\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"IDR_BONETEXTURE\" fullword wide \n \t\t $s3= \"IDR_CAMOUFLAGE_VS3\" fullword wide \n \t\t $s4= \"IDR_FIXEDCOLOR_VS2\" fullword wide \n \t\t $s5= \"IDR_FIXEDFUNCTION\" fullword wide \n \t\t $s6= \"IDR_FIXEDFUNCTION_VS2 IDR_GLARE\" fullword wide \n \t\t $s7= \"IDR_SPECULAR_VS3\" fullword wide \n \t\t $s8= \"IDR_TSGRAYSCALEDRAWSYS\" fullword wide \n \t\t $s9= \"IDR_TSNEGATIVESYS\" fullword wide \n \t\t $s10= \"IDR_UNIFIED_S1B\" fullword wide \n \t\t $s11= \"IDR_UNIFIED_S1B_VS3\" fullword wide \n \t\t $s12= \"IDR_UNIFIED_S1GL\" fullword wide \n \t\t $s13= \"IDR_UNIFIED_S1GL_VS3\" fullword wide \n \t\t $s14= \"IDR_UNIFIED_S1_VS3 IDR_WATER\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??44??52??5f??42??4f??4e??45??54??45??58??54??55??52??45??0a??} \n \t\t $hex3= {49??44??52??5f??43??41??4d??4f??55??46??4c??41??47??45??5f??56??53??33??0a??} \n \t\t $hex4= {49??44??52??5f??46??49??58??45??44??43??4f??4c??4f??52??5f??56??53??32??0a??} \n \t\t $hex5= {49??44??52??5f??46??49??58??45??44??46??55??4e??43??54??49??4f??4e??0a??} \n \t\t $hex6= {49??44??52??5f??46??49??58??45??44??46??55??4e??43??54??49??4f??4e??5f??56??53??32??20??49??44??52??5f??47??4c??41??52??} \n \t\t $hex7= {49??44??52??5f??53??50??45??43??55??4c??41??52??5f??56??53??33??0a??} \n \t\t $hex8= {49??44??52??5f??54??53??47??52??41??59??53??43??41??4c??45??44??52??41??57??53??59??53??0a??} \n \t\t $hex9= {49??44??52??5f??54??53??4e??45??47??41??54??49??56??45??53??59??53??0a??} \n \t\t $hex10= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??42??0a??} \n \t\t $hex11= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??42??5f??56??53??33??0a??} \n \t\t $hex12= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??47??4c??0a??} \n \t\t $hex13= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??47??4c??5f??56??53??33??0a??} \n \t\t $hex14= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??5f??56??53??33??20??49??44??52??5f??57??41??54??45??52??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_275035630745793d55693edfb537775534ca75f4344c84b4b2d4047f6b71ddb6 Group", "expiration": null, "is_active": 1 }, { "id": 3409659323, "indicator": "aac4c3538cac8a08675ab182c79e28a1e8bfc120", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_0a7c3259739432f52c61df38ecb2b28b73c1ceba0328955e7f2b672d131d30bb { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_0a7c3259739432f52c61df38ecb2b28b73c1ceba0328955e7f2b672d131d30bb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"873f26caddfe1e9af18181d8f5f18368\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Mozilla Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"plugin-container.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??6f??7a??69??6c??6c??61??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {70??6c??75??67??69??6e??2d??63??6f??6e??74??61??69??6e??65??72??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_0a7c3259739432f52c61df38ecb2b28b73c1ceba0328955e7f2b672d131d30bb Group", "expiration": null, "is_active": 1 }, { "id": 3409659324, "indicator": "6d7f29dca61ad5b1d60012df8d029f7eb49926a9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f9f7608d46fbdd1b700c69590c8ba913f977e8ae3fd4efd49cf5a82266910381 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f9f7608d46fbdd1b700c69590c8ba913f977e8ae3fd4efd49cf5a82266910381 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1f9d915d331f7e363c39108f41145c44\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accessories(&A)\" fullword wide \n \t\t $s2= \"accessory files(*.x,*.vac)\" fullword wide \n \t\t $s3= \"AVI files(*.avi)\" fullword wide \n \t\t $s4= \"Bmp files(*.bmp)\" fullword wide \n \t\t $s5= \"center position\" fullword wide \n \t\t $s6= \"display bodies(&D)\" fullword wide \n \t\t $s7= \"English Mode(&E)\" fullword wide \n \t\t $s8= \"enhance model(&M)\" fullword wide \n \t\t $s9= \"facial expression(&M)\" fullword wide \n \t\t $s10= \"gravity setting\" fullword wide \n \t\t $s11= \"gravity setting(&G)\" fullword wide \n \t\t $s12= \"information display(&D)\" fullword wide \n \t\t $s13= \"Japanese Mode(&J)\" fullword wide \n \t\t $s14= \"Jpeg Files(*.jpg)\" fullword wide \n \t\t $s15= \"mode global/local(G_key)\" fullword wide \n \t\t $s16= \"msctls_trackbar32\" fullword wide \n \t\t $s17= \"msctls_updown32\" fullword wide \n \t\t $s18= \"name(press 'Enter')\" fullword wide \n \t\t $s19= \"no calculation(&N)\" fullword wide \n \t\t $s20= \"numeric input(bone)\" fullword wide \n \n \t\t $hex1= {41??56??49??20??66??69??6c??65??73??28??2a??2e??61??76??69??29??0a??} \n \t\t $hex2= {42??6d??70??20??66??69??6c??65??73??28??2a??2e??62??6d??70??29??0a??} \n \t\t $hex3= {45??6e??67??6c??69??73??68??20??4d??6f??64??65??28??26??45??29??0a??} \n \t\t $hex4= {4a??61??70??61??6e??65??73??65??20??4d??6f??64??65??28??26??4a??29??0a??} \n \t\t $hex5= {4a??70??65??67??20??46??69??6c??65??73??28??2a??2e??6a??70??67??29??0a??} \n \t\t $hex6= {61??63??63??65??73??73??6f??72??69??65??73??28??26??41??29??0a??} \n \t\t $hex7= {61??63??63??65??73??73??6f??72??79??20??66??69??6c??65??73??28??2a??2e??78??2c??2a??2e??76??61??63??29??0a??} \n \t\t $hex8= {63??65??6e??74??65??72??20??70??6f??73??69??74??69??6f??6e??0a??} \n \t\t $hex9= {64??69??73??70??6c??61??79??20??62??6f??64??69??65??73??28??26??44??29??0a??} \n \t\t $hex10= {65??6e??68??61??6e??63??65??20??6d??6f??64??65??6c??28??26??4d??29??0a??} \n \t\t $hex11= {66??61??63??69??61??6c??20??65??78??70??72??65??73??73??69??6f??6e??28??26??4d??29??0a??} \n \t\t $hex12= {67??72??61??76??69??74??79??20??73??65??74??74??69??6e??67??0a??} \n \t\t $hex13= {67??72??61??76??69??74??79??20??73??65??74??74??69??6e??67??28??26??47??29??0a??} \n \t\t $hex14= {69??6e??66??6f??72??6d??61??74??69??6f??6e??20??64??69??73??70??6c??61??79??28??26??44??29??0a??} \n \t\t $hex15= {6d??6f??64??65??20??67??6c??6f??62??61??6c??2f??6c??6f??63??61??6c??28??47??5f??6b??65??79??29??0a??} \n \t\t $hex16= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \t\t $hex17= {6d??73??63??74??6c??73??5f??75??70??64??6f??77??6e??33??32??0a??} \n \t\t $hex18= {6e??61??6d??65??28??70??72??65??73??73??20??27??45??6e??74??65??72??27??29??0a??} \n \t\t $hex19= {6e??6f??20??63??61??6c??63??75??6c??61??74??69??6f??6e??28??26??4e??29??0a??} \n \t\t $hex20= {6e??75??6d??65??72??69??63??20??69??6e??70??75??74??28??62??6f??6e??65??29??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f9f7608d46fbdd1b700c69590c8ba913f977e8ae3fd4efd49cf5a82266910381 Group", "expiration": null, "is_active": 1 }, { "id": 3409659325, "indicator": "8d37e88aa28d1e0eb172abc6e69d438998fab0f7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_fd2df5e2cd529e936dc5144edb6b5d91bd9a88e33edd386e4e31ef4b3b9d49c6 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_fd2df5e2cd529e936dc5144edb6b5d91bd9a88e33edd386e4e31ef4b3b9d49c6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f7084cf91278eb8176c815ec4e269851\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Catch...\" fullword wide \n \t\t $s2= \"About DebugView\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"&Append Comment Ctrl+I\" fullword wide \n \t\t $s7= \"APPICONDISABLED\" fullword wide \n \t\t $s8= \"&Auto Scroll Ctrl+A\" fullword wide \n \t\t $s9= \"Autoscroll (Ctrl+A)\" fullword wide \n \t\t $s10= \"Capture (Ctrl+E)\" fullword wide \n \t\t $s11= \"&Capture Events Ctrl+E\" fullword wide \n \t\t $s12= \"Capture &Kernel Ctrl+K\" fullword wide \n \t\t $s13= \"Capture &Win32 Ctrl+W\" fullword wide \n \t\t $s14= \"Clear &Display Ctrl+X\" fullword wide \n \t\t $s15= \"Clock &Time Ctrl+T\" fullword wide \n \t\t $s16= \"&Color choices:\" fullword wide \n \t\t $s17= \"CONNECT CONNECTED CRASHDUMP\" fullword wide \n \t\t $s18= \"&Connect... Ctrl+R\" fullword wide \n \t\t $s19= \"DbgQueryDebugFilterState\" fullword wide \n \t\t $s20= \"DbgSetDebugFilterState\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??74??63??68??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??70??70??65??6e??64??20??43??6f??6d??6d??65??6e??74??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex3= {26??41??75??74??6f??20??53??63??72??6f??6c??6c??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex4= {26??43??61??70??74??75??72??65??20??45??76??65??6e??74??73??20??43??74??72??6c??2b??45??0a??} \n \t\t $hex5= {26??43??6f??6c??6f??72??20??63??68??6f??69??63??65??73??3a??0a??} \n \t\t $hex6= {26??43??6f??6e??6e??65??63??74??2e??2e??2e??20??43??74??72??6c??2b??52??0a??} \n \t\t $hex7= {41??50??50??49??43??4f??4e??44??49??53??41??42??4c??45??44??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??44??65??62??75??67??56??69??65??77??0a??} \n \t\t $hex9= {41??75??74??6f??73??63??72??6f??6c??6c??20??28??43??74??72??6c??2b??41??29??0a??} \n \t\t $hex10= {43??4f??4e??4e??45??43??54??20??43??4f??4e??4e??45??43??54??45??44??20??43??52??41??53??48??44??55??4d??50??0a??} \n \t\t $hex11= {43??61??70??74??75??72??65??20??26??4b??65??72??6e??65??6c??20??43??74??72??6c??2b??4b??0a??} \n \t\t $hex12= {43??61??70??74??75??72??65??20??26??57??69??6e??33??32??20??43??74??72??6c??2b??57??0a??} \n \t\t $hex13= {43??61??70??74??75??72??65??20??28??43??74??72??6c??2b??45??29??0a??} \n \t\t $hex14= {43??6c??65??61??72??20??26??44??69??73??70??6c??61??79??20??43??74??72??6c??2b??58??0a??} \n \t\t $hex15= {43??6c??6f??63??6b??20??26??54??69??6d??65??20??43??74??72??6c??2b??54??0a??} \n \t\t $hex16= {44??62??67??51??75??65??72??79??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex17= {44??62??67??53??65??74??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_fd2df5e2cd529e936dc5144edb6b5d91bd9a88e33edd386e4e31ef4b3b9d49c6 Group", "expiration": null, "is_active": 1 }, { "id": 3409659326, "indicator": "49081a11e8d80d91fc156bd977dd754338566c05", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_2eeae7447df15f4222baac0355552e52c54115845c8811a537f547cb6dc44b1f { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_2eeae7447df15f4222baac0355552e52c54115845c8811a537f547cb6dc44b1f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6a79c842a6edca3460b0026cd16c3670\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-2111)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"Microsoft Explorer\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_2eeae7447df15f4222baac0355552e52c54115845c8811a537f547cb6dc44b1f Group", "expiration": null, "is_active": 1 }, { "id": 3409659327, "indicator": "8ee7a2b7b7743f638ec52a47029b28bf5967d4a6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_c6698d974e7f1fce8d1af59b1d6f3eeadd506c9af38e43c2f2602ef926ef444b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_c6698d974e7f1fce8d1af59b1d6f3eeadd506c9af38e43c2f2602ef926ef444b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"56217179283737f5c46c0a64ebe28a82\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Mozilla Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??6f??7a??69??6c??6c??61??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_c6698d974e7f1fce8d1af59b1d6f3eeadd506c9af38e43c2f2602ef926ef444b Group", "expiration": null, "is_active": 1 }, { "id": 3409659328, "indicator": "c8a80ce4b06f1c0d07967d007bbc2a73de389147", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_a9b0a9508c374a1c891f873074514a8afcee2bb19ebf64dd5bb4e6a79a05640a { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_a9b0a9508c374a1c891f873074514a8afcee2bb19ebf64dd5bb4e6a79a05640a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1bfc1b606fc8aa85e1094b01b08eafd6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CheckConnectionAndGetIP\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SwindleWebBrowser\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??68??65??63??6b??43??6f??6e??6e??65??63??74??69??6f??6e??41??6e??64??47??65??74??49??50??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??77??69??6e??64??6c??65??57??65??62??42??72??6f??77??73??65??72??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_a9b0a9508c374a1c891f873074514a8afcee2bb19ebf64dd5bb4e6a79a05640a Group", "expiration": null, "is_active": 1 }, { "id": 3409659329, "indicator": "bda4f09ce806c15ed6ceab0dd7fdc3d547bd83e3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"26b7b5d019d7500efdb866f1d20d2000\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_bba3dda3733567019a876b734556005b0d9b727dadc55d215461d7e47dab808a Group", "expiration": null, "is_active": 1 }, { "id": 3409659330, "indicator": "343891d321e7384c64ddd4f411ab2d5ec6d26dbf", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_613d9a7ce2d7db4a31e846f75bf91eb9a0ef30ad23d1085cc78bcd8da327b5b3 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_613d9a7ce2d7db4a31e846f75bf91eb9a0ef30ad23d1085cc78bcd8da327b5b3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a6b0406dff68430aac6a5b738731e7d0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"$AliWangWang Modul\" fullword wide \n \t\t $s2= \"AliFileCheck.exe\" fullword wide \n \t\t $s3= \"AliFileCheck.File\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"-RegFileOpenCmd\" fullword wide \n \t\t $s7= \"SOFTWAREClasses\" fullword wide \n \t\t $s8= \"tooltips_class32\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \t\t $s10= \"WTL_BitmapButton\" fullword wide \n \n \t\t $hex1= {24??41??6c??69??57??61??6e??67??57??61??6e??67??20??4d??6f??64??75??6c??0a??} \n \t\t $hex2= {2d??52??65??67??46??69??6c??65??4f??70??65??6e??43??6d??64??0a??} \n \t\t $hex3= {41??6c??69??46??69??6c??65??43??68??65??63??6b??2e??46??69??6c??65??0a??} \n \t\t $hex4= {41??6c??69??46??69??6c??65??43??68??65??63??6b??2e??65??78??65??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??4f??46??54??57??41??52??45??43??6c??61??73??73??65??73??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {57??54??4c??5f??42??69??74??6d??61??70??42??75??74??74??6f??6e??0a??} \n \t\t $hex10= {74??6f??6f??6c??74??69??70??73??5f??63??6c??61??73??73??33??32??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_613d9a7ce2d7db4a31e846f75bf91eb9a0ef30ad23d1085cc78bcd8da327b5b3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659331, "indicator": "9caa51c9b49a93403f5de4407750d8e2bef442d9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_d4a15ab2af2be3d1b5697ffc27d5532b1dbc0b62c9466b6a1911386faa8f1d9c { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_d4a15ab2af2be3d1b5697ffc27d5532b1dbc0b62c9466b6a1911386faa8f1d9c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"64c4d56457516a646d10732f24214cf2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_d4a15ab2af2be3d1b5697ffc27d5532b1dbc0b62c9466b6a1911386faa8f1d9c Group", "expiration": null, "is_active": 1 }, { "id": 3409659332, "indicator": "b889ea0d5bfcd5bbdd39137e1f64e8c451a3c5f9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_1d24d8268c2f8e82b65d58429c166367eee9683c38a1408910536d8084f4ad46 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_1d24d8268c2f8e82b65d58429c166367eee9683c38a1408910536d8084f4ad46 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"043c84cef3e011e3dc731d643a205f4e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"msctls_progress32\" fullword wide \n \t\t $s3= \"NVIDIA Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4e??56??49??44??49??41??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_1d24d8268c2f8e82b65d58429c166367eee9683c38a1408910536d8084f4ad46 Group", "expiration": null, "is_active": 1 }, { "id": 3409659333, "indicator": "b81f57e4ff0642d623c8b61c28032456a37ab05f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"043f0dcea6f6fbd1305571e6bf0fa78c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_cf3b528361557500dde295ae01ab84d1b37496d7240210fd6b114dfd80483360 Group", "expiration": null, "is_active": 1 }, { "id": 3409659334, "indicator": "38362f7d6a1752ae4ae949739db5963cc052d5c5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_0a812976b9412ed28aee3ac3de57873fafe1ddfa0e6b9026078017b810d1b24e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_0a812976b9412ed28aee3ac3de57873fafe1ddfa0e6b9026078017b810d1b24e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-16-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"175aa0d1bdebfa60de29b90ab2c62189\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_0a812976b9412ed28aee3ac3de57873fafe1ddfa0e6b9026078017b810d1b24e Group", "expiration": null, "is_active": 1 }, { "id": 3409659335, "indicator": "ed493cee2523c98c0eac7587cc7cafdd55dcc714", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_608da4d2771afebd72ba09d877e708e0a40d3a0ca9638a34360a4ee33eb75e10 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_608da4d2771afebd72ba09d877e708e0a40d3a0ca9638a34360a4ee33eb75e10 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8190374c3d962f5c2cbb5e30007216c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"hmsctls_progress32\" fullword wide \n \t\t $s4= \"Installation progress\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"msctls_progress32\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {68??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex7= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_608da4d2771afebd72ba09d877e708e0a40d3a0ca9638a34360a4ee33eb75e10 Group", "expiration": null, "is_active": 1 }, { "id": 3409659380, "indicator": "e855438ef00c0ede57fd14b13b669549ad359ad6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_86af764b489e838982a4c5c1685ec3b43781d8b76c1ecda6edc238cfd7ee61d5 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_86af764b489e838982a4c5c1685ec3b43781d8b76c1ecda6edc238cfd7ee61d5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"033d922f3f56f9ea7c976f31107e366a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"bcryptprimitives.dll\" fullword wide \n \t\t $s2= \"ConsentPromptBehaviorAdmin\" fullword wide \n \t\t $s3= \"dummyparam.exe /Upgrade\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"KSoftwareClassesApplications\" fullword wide \n \t\t $s6= \"last-update.log\" fullword wide \n \t\t $s7= \"LegalTrademarks\" fullword wide \n \t\t $s8= \"maintenanceservice_installer.exe\" fullword wide \n \t\t $s9= \"Mozilla Foundation\" fullword wide \n \t\t $s10= \"MozillaMaintenance\" fullword wide \n \t\t $s11= \"msctls_progress32\" fullword wide \n \t\t $s12= \"OriginalFilename\" fullword wide \n \t\t $s13= \"PromptOnSecureDesktop\" fullword wide \n \t\t $s14= \"%s.moz-callback\" fullword wide \n \t\t $s15= \"%smoz_update_in_progress.lock\" fullword wide \n \t\t $s16= \"software-update\" fullword wide \n \t\t $s17= \"%s/update_elevated.lock\" fullword wide \n \t\t $s18= \"%s.update_in_progress.lock\" fullword wide \n \t\t $s19= \"%s/update.manifest\" fullword wide \n \t\t $s20= \"%s/update-settings.ini\" fullword wide \n \n \t\t $hex1= {25??73??2e??6d??6f??7a??2d??63??61??6c??6c??62??61??63??6b??0a??} \n \t\t $hex2= {25??73??2e??75??70??64??61??74??65??5f??69??6e??5f??70??72??6f??67??72??65??73??73??2e??6c??6f??63??6b??0a??} \n \t\t $hex3= {25??73??2f??75??70??64??61??74??65??2d??73??65??74??74??69??6e??67??73??2e??69??6e??69??0a??} \n \t\t $hex4= {25??73??2f??75??70??64??61??74??65??2e??6d??61??6e??69??66??65??73??74??0a??} \n \t\t $hex5= {25??73??2f??75??70??64??61??74??65??5f??65??6c??65??76??61??74??65??64??2e??6c??6f??63??6b??0a??} \n \t\t $hex6= {25??73??6d??6f??7a??5f??75??70??64??61??74??65??5f??69??6e??5f??70??72??6f??67??72??65??73??73??2e??6c??6f??63??6b??0a??} \n \t\t $hex7= {43??6f??6e??73??65??6e??74??50??72??6f??6d??70??74??42??65??68??61??76??69??6f??72??41??64??6d??69??6e??0a??} \n \t\t $hex8= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex9= {4b??53??6f??66??74??77??61??72??65??43??6c??61??73??73??65??73??41??70??70??6c??69??63??61??74??69??6f??6e??73??0a??} \n \t\t $hex10= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex11= {4d??6f??7a??69??6c??6c??61??20??46??6f??75??6e??64??61??74??69??6f??6e??0a??} \n \t\t $hex12= {4d??6f??7a??69??6c??6c??61??4d??61??69??6e??74??65??6e??61??6e??63??65??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {50??72??6f??6d??70??74??4f??6e??53??65??63??75??72??65??44??65??73??6b??74??6f??70??0a??} \n \t\t $hex15= {62??63??72??79??70??74??70??72??69??6d??69??74??69??76??65??73??2e??64??6c??6c??0a??} \n \t\t $hex16= {64??75??6d??6d??79??70??61??72??61??6d??2e??65??78??65??20??2f??55??70??67??72??61??64??65??0a??} \n \t\t $hex17= {6c??61??73??74??2d??75??70??64??61??74??65??2e??6c??6f??67??0a??} \n \t\t $hex18= {6d??61??69??6e??74??65??6e??61??6e??63??65??73??65??72??76??69??63??65??5f??69??6e??73??74??61??6c??6c??65??72??2e??65??} \n \t\t $hex19= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex20= {73??6f??66??74??77??61??72??65??2d??75??70??64??61??74??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_86af764b489e838982a4c5c1685ec3b43781d8b76c1ecda6edc238cfd7ee61d5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659381, "indicator": "791ae1fc44093f1ab321c9f8696210099b604eb8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_1c474ab0817b7cd9dc1f4efa6cc7f32e513f6f47e29c5573b4f5633e20248710 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_1c474ab0817b7cd9dc1f4efa6cc7f32e513f6f47e29c5573b4f5633e20248710 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7d304a9cdcda75b1cb9537618f5ed398\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2StrokeTimeOut Exclusive\" fullword wide \n \t\t $s2= \"AlwaysEditNewDocument\" fullword wide \n \t\t $s3= \"ASCII SHIFT-JIS\" fullword wide \n \t\t $s4= \"AutoSetSEAddress\" fullword wide \n \t\t $s5= \"BinaryEditor Stirling\" fullword wide \n \t\t $s6= \"CompareResultBack\" fullword wide \n \t\t $s7= \"CompareResultText\" fullword wide \n \t\t $s8= \"CurrentVersion ByteOrder\" fullword wide \n \t\t $s9= \"DockingBitImage\" fullword wide \n \t\t $s10= \"EnableEscapeMenu\" fullword wide \n \t\t $s11= \"EscCancelSelect\" fullword wide \n \t\t $s12= \"ExceptSystemFile\" fullword wide \n \t\t $s13= \"Execute%d BgrepType\" fullword wide \n \t\t $s14= \"FileDescription\" fullword wide \n \t\t $s15= \"FixedStructEdit\" fullword wide \n \t\t $s16= \"http://www2c.airnet.ne.jp/dds2\" fullword wide \n \t\t $s17= \"LittleEndian BigEndian\" fullword wide \n \t\t $s18= \"Mark1Text Mark2Text Mark3Text\" fullword wide \n \t\t $s19= \"MaximizeDocument\" fullword wide \n \t\t $s20= \"Menu%d StatusBar\" fullword wide \n \n \t\t $hex1= {32??53??74??72??6f??6b??65??54??69??6d??65??4f??75??74??20??45??78??63??6c??75??73??69??76??65??0a??} \n \t\t $hex2= {41??53??43??49??49??20??53??48??49??46??54??2d??4a??49??53??0a??} \n \t\t $hex3= {41??6c??77??61??79??73??45??64??69??74??4e??65??77??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex4= {41??75??74??6f??53??65??74??53??45??41??64??64??72??65??73??73??0a??} \n \t\t $hex5= {42??69??6e??61??72??79??45??64??69??74??6f??72??20??53??74??69??72??6c??69??6e??67??0a??} \n \t\t $hex6= {43??6f??6d??70??61??72??65??52??65??73??75??6c??74??42??61??63??6b??0a??} \n \t\t $hex7= {43??6f??6d??70??61??72??65??52??65??73??75??6c??74??54??65??78??74??0a??} \n \t\t $hex8= {43??75??72??72??65??6e??74??56??65??72??73??69??6f??6e??20??42??79??74??65??4f??72??64??65??72??0a??} \n \t\t $hex9= {44??6f??63??6b??69??6e??67??42??69??74??49??6d??61??67??65??0a??} \n \t\t $hex10= {45??6e??61??62??6c??65??45??73??63??61??70??65??4d??65??6e??75??0a??} \n \t\t $hex11= {45??73??63??43??61??6e??63??65??6c??53??65??6c??65??63??74??0a??} \n \t\t $hex12= {45??78??63??65??70??74??53??79??73??74??65??6d??46??69??6c??65??0a??} \n \t\t $hex13= {45??78??65??63??75??74??65??25??64??20??42??67??72??65??70??54??79??70??65??0a??} \n \t\t $hex14= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex15= {46??69??78??65??64??53??74??72??75??63??74??45??64??69??74??0a??} \n \t\t $hex16= {4c??69??74??74??6c??65??45??6e??64??69??61??6e??20??42??69??67??45??6e??64??69??61??6e??0a??} \n \t\t $hex17= {4d??61??72??6b??31??54??65??78??74??20??4d??61??72??6b??32??54??65??78??74??20??4d??61??72??6b??33??54??65??78??74??0a??} \n \t\t $hex18= {4d??61??78??69??6d??69??7a??65??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex19= {4d??65??6e??75??25??64??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex20= {68??74??74??70??3a??2f??2f??77??77??77??32??63??2e??61??69??72??6e??65??74??2e??6e??65??2e??6a??70??2f??64??64??73??32??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_1c474ab0817b7cd9dc1f4efa6cc7f32e513f6f47e29c5573b4f5633e20248710 Group", "expiration": null, "is_active": 1 }, { "id": 3409659382, "indicator": "4692aead4223bbe527b9f9b0168747094f3cee1d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_b5f71acac5b5eb9ad1b05d040729880da1d3617e5ec1e92805d14dcd94712da9 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_b5f71acac5b5eb9ad1b05d040729880da1d3617e5ec1e92805d14dcd94712da9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c2d00fef0659640c1345967d2f554278\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_b5f71acac5b5eb9ad1b05d040729880da1d3617e5ec1e92805d14dcd94712da9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659383, "indicator": "5622b37c1c34203a4ff9a0e75ebba04eac884601", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_ff86b21e8cc5d6540a05226695f0c5fa17a8f32b684b2b3f56fd665e9d13d2d4 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_ff86b21e8cc5d6540a05226695f0c5fa17a8f32b684b2b3f56fd665e9d13d2d4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"912a8c7cf1ad78cd4543bfb594c7db58\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Erase everything\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Invalid filename.\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"rusb Application\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {72??75??73??62??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_ff86b21e8cc5d6540a05226695f0c5fa17a8f32b684b2b3f56fd665e9d13d2d4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659384, "indicator": "efb8ad23b011c1e31717460aa87418940ac3e68a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f0c8f28e2daf82b080c80113243cb063c0512bce7d02a1977a399067618c4900 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f0c8f28e2daf82b080c80113243cb063c0512bce7d02a1977a399067618c4900 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1fcaa239cf4d627078179f6de299f320\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f0c8f28e2daf82b080c80113243cb063c0512bce7d02a1977a399067618c4900 Group", "expiration": null, "is_active": 1 }, { "id": 3409659385, "indicator": "99de4670c183723a8574f22c00bf1dfc5c99a9a8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_324834d2339d57e0e598baed98ecb543a54a59fe904a77be79c44430b42f33e2 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_324834d2339d57e0e598baed98ecb543a54a59fe904a77be79c44430b42f33e2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e579157fb503b5cbd59ce66f5381575c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_324834d2339d57e0e598baed98ecb543a54a59fe904a77be79c44430b42f33e2 Group", "expiration": null, "is_active": 1 }, { "id": 3409659386, "indicator": "51422db490f43fd14d088c3bb51e8da647ff283b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6350ea625ca0dbfe316539fcc04696cc45ce5ed3e9960591a03a3bfec4d5ce1d { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6350ea625ca0dbfe316539fcc04696cc45ce5ed3e9960591a03a3bfec4d5ce1d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ad35db962130becfac1de2f803a119ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"GAME_ICO GAME_ICON(\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(ZWG6MEY6CHRUW20)\" fullword wide \n \n \t\t $hex1= {28??5a??57??47??36??4d??45??59??36??43??48??52??55??57??32??30??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {47??41??4d??45??5f??49??43??4f??20??47??41??4d??45??5f??49??43??4f??4e??28??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6350ea625ca0dbfe316539fcc04696cc45ce5ed3e9960591a03a3bfec4d5ce1d Group", "expiration": null, "is_active": 1 }, { "id": 3409659387, "indicator": "72bea8f1bb0293808e19959f61a86c9cb373c77c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f14fdcad36ae519139aef52e796ff1eacec38db30bbe93dd6b4bfa2d928d1738 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f14fdcad36ae519139aef52e796ff1eacec38db30bbe93dd6b4bfa2d928d1738 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"12b88e36170472413a49ae71b1ac9a33\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Catch...\" fullword wide \n \t\t $s2= \"About DebugView\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"&Append Comment Ctrl+I\" fullword wide \n \t\t $s7= \"APPICONDISABLED\" fullword wide \n \t\t $s8= \"&Auto Scroll Ctrl+A\" fullword wide \n \t\t $s9= \"Autoscroll (Ctrl+A)\" fullword wide \n \t\t $s10= \"Capture (Ctrl+E)\" fullword wide \n \t\t $s11= \"&Capture Events Ctrl+E\" fullword wide \n \t\t $s12= \"Capture &Kernel Ctrl+K\" fullword wide \n \t\t $s13= \"Capture &Win32 Ctrl+W\" fullword wide \n \t\t $s14= \"Clear &Display Ctrl+X\" fullword wide \n \t\t $s15= \"Clock &Time Ctrl+T\" fullword wide \n \t\t $s16= \"&Color choices:\" fullword wide \n \t\t $s17= \"CONNECT CONNECTED CRASHDUMP\" fullword wide \n \t\t $s18= \"&Connect... Ctrl+R\" fullword wide \n \t\t $s19= \"DbgQueryDebugFilterState\" fullword wide \n \t\t $s20= \"DbgSetDebugFilterState\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??74??63??68??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??70??70??65??6e??64??20??43??6f??6d??6d??65??6e??74??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex3= {26??41??75??74??6f??20??53??63??72??6f??6c??6c??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex4= {26??43??61??70??74??75??72??65??20??45??76??65??6e??74??73??20??43??74??72??6c??2b??45??0a??} \n \t\t $hex5= {26??43??6f??6c??6f??72??20??63??68??6f??69??63??65??73??3a??0a??} \n \t\t $hex6= {26??43??6f??6e??6e??65??63??74??2e??2e??2e??20??43??74??72??6c??2b??52??0a??} \n \t\t $hex7= {41??50??50??49??43??4f??4e??44??49??53??41??42??4c??45??44??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??44??65??62??75??67??56??69??65??77??0a??} \n \t\t $hex9= {41??75??74??6f??73??63??72??6f??6c??6c??20??28??43??74??72??6c??2b??41??29??0a??} \n \t\t $hex10= {43??4f??4e??4e??45??43??54??20??43??4f??4e??4e??45??43??54??45??44??20??43??52??41??53??48??44??55??4d??50??0a??} \n \t\t $hex11= {43??61??70??74??75??72??65??20??26??4b??65??72??6e??65??6c??20??43??74??72??6c??2b??4b??0a??} \n \t\t $hex12= {43??61??70??74??75??72??65??20??26??57??69??6e??33??32??20??43??74??72??6c??2b??57??0a??} \n \t\t $hex13= {43??61??70??74??75??72??65??20??28??43??74??72??6c??2b??45??29??0a??} \n \t\t $hex14= {43??6c??65??61??72??20??26??44??69??73??70??6c??61??79??20??43??74??72??6c??2b??58??0a??} \n \t\t $hex15= {43??6c??6f??63??6b??20??26??54??69??6d??65??20??43??74??72??6c??2b??54??0a??} \n \t\t $hex16= {44??62??67??51??75??65??72??79??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex17= {44??62??67??53??65??74??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f14fdcad36ae519139aef52e796ff1eacec38db30bbe93dd6b4bfa2d928d1738 Group", "expiration": null, "is_active": 1 }, { "id": 3409659388, "indicator": "d4bfa05dfd7eb2b20f9c35d52bbc9c096e7248e0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_8b5147e08b77381f1c067dea849b33f4e6d1c55d550c5db802af851962f44d2d { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_8b5147e08b77381f1c067dea849b33f4e6d1c55d550c5db802af851962f44d2d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b44a988d18264735f39efc2001b29c63\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About JWPce...\" fullword wide \n \t\t $s2= \"Add/&Remove Kanji...\" fullword wide \n \t\t $s3= \"&Advanced Search\" fullword wide \n \t\t $s4= \"&Allocation Size\" fullword wide \n \t\t $s5= \"&Ascii Ctrl+A/(F4)\" fullword wide \n \t\t $s6= \"&Ascii Ctrl+A/(F4)/(Alt+^)\" fullword wide \n \t\t $s7= \"&Automatic Search\" fullword wide \n \t\t $s8= \"Au&tomatic Selection\" fullword wide \n \t\t $s9= \"&Bottom (lines):\" fullword wide \n \t\t $s10= \"&Bushu Lookup... Ctrl+Shift+L\" fullword wide \n \t\t $s11= \"Cancel Printing\" fullword wide \n \t\t $s12= \"&Cancel Replace\" fullword wide \n \t\t $s13= \"Character Information\" fullword wide \n \t\t $s14= \"Character Table\" fullword wide \n \t\t $s15= \"Char Information\" fullword wide \n \t\t $s16= \"&Classical dictionary\" fullword wide \n \t\t $s17= \"Clipboard &BITMAP\" fullword wide \n \t\t $s18= \"Clipboard Error!\" fullword wide \n \t\t $s19= \"Clipboard Options\" fullword wide \n \t\t $s20= \"C&lose All Alt+Shift+C\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??4a??57??50??63??65??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??64??76??61??6e??63??65??64??20??53??65??61??72??63??68??0a??} \n \t\t $hex3= {26??41??6c??6c??6f??63??61??74??69??6f??6e??20??53??69??7a??65??0a??} \n \t\t $hex4= {26??41??73??63??69??69??20??43??74??72??6c??2b??41??2f??28??46??34??29??0a??} \n \t\t $hex5= {26??41??73??63??69??69??20??43??74??72??6c??2b??41??2f??28??46??34??29??2f??28??41??6c??74??2b??5e??29??0a??} \n \t\t $hex6= {26??41??75??74??6f??6d??61??74??69??63??20??53??65??61??72??63??68??0a??} \n \t\t $hex7= {26??42??6f??74??74??6f??6d??20??28??6c??69??6e??65??73??29??3a??0a??} \n \t\t $hex8= {26??42??75??73??68??75??20??4c??6f??6f??6b??75??70??2e??2e??2e??20??43??74??72??6c??2b??53??68??69??66??74??2b??4c??0a??} \n \t\t $hex9= {26??43??61??6e??63??65??6c??20??52??65??70??6c??61??63??65??0a??} \n \t\t $hex10= {26??43??6c??61??73??73??69??63??61??6c??20??64??69??63??74??69??6f??6e??61??72??79??0a??} \n \t\t $hex11= {41??64??64??2f??26??52??65??6d??6f??76??65??20??4b??61??6e??6a??69??2e??2e??2e??0a??} \n \t\t $hex12= {41??75??26??74??6f??6d??61??74??69??63??20??53??65??6c??65??63??74??69??6f??6e??0a??} \n \t\t $hex13= {43??26??6c??6f??73??65??20??41??6c??6c??20??41??6c??74??2b??53??68??69??66??74??2b??43??0a??} \n \t\t $hex14= {43??61??6e??63??65??6c??20??50??72??69??6e??74??69??6e??67??0a??} \n \t\t $hex15= {43??68??61??72??20??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex16= {43??68??61??72??61??63??74??65??72??20??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex17= {43??68??61??72??61??63??74??65??72??20??54??61??62??6c??65??0a??} \n \t\t $hex18= {43??6c??69??70??62??6f??61??72??64??20??26??42??49??54??4d??41??50??0a??} \n \t\t $hex19= {43??6c??69??70??62??6f??61??72??64??20??45??72??72??6f??72??21??0a??} \n \t\t $hex20= {43??6c??69??70??62??6f??61??72??64??20??4f??70??74??69??6f??6e??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_8b5147e08b77381f1c067dea849b33f4e6d1c55d550c5db802af851962f44d2d Group", "expiration": null, "is_active": 1 }, { "id": 3409659389, "indicator": "700810025820b1ba12626a580ecddcfcc92ba948", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_4ec547e25818c9cc669a4281f9633196626d5d85b7c37a10aafdde8ff737b3a7 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_4ec547e25818c9cc669a4281f9633196626d5d85b7c37a10aafdde8ff737b3a7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e2b5c47156508a31b74a1f48e814fbe7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_4ec547e25818c9cc669a4281f9633196626d5d85b7c37a10aafdde8ff737b3a7 Group", "expiration": null, "is_active": 1 }, { "id": 3409659390, "indicator": "a8c0b39c1889c9a28961eee81b0582f32a706a10", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6c7e60bccb286283ca1b839aa0be2c3b106dc70f4290dd99357ede189bd0201b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6c7e60bccb286283ca1b839aa0be2c3b106dc70f4290dd99357ede189bd0201b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f47cdf5bfc7227382e18f8361249212b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6c7e60bccb286283ca1b839aa0be2c3b106dc70f4290dd99357ede189bd0201b Group", "expiration": null, "is_active": 1 }, { "id": 3409659391, "indicator": "60e9dd429dfa576f50108f6634bd9b943dc1cf4a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_9bfa356f71859ff0a0c97136cc795ed56edb0966e826c7bd988b89adafaaa971 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_9bfa356f71859ff0a0c97136cc795ed56edb0966e826c7bd988b89adafaaa971 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e52b7d5391152da89b1db64060ba96ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"IDR_BONETEXTURE\" fullword wide \n \t\t $s3= \"IDR_CAMOUFLAGE_VS3\" fullword wide \n \t\t $s4= \"IDR_FIXEDCOLOR_VS2\" fullword wide \n \t\t $s5= \"IDR_FIXEDFUNCTION\" fullword wide \n \t\t $s6= \"IDR_FIXEDFUNCTION_VS2 IDR_GLARE\" fullword wide \n \t\t $s7= \"IDR_SPECULAR_VS3\" fullword wide \n \t\t $s8= \"IDR_TSGRAYSCALEDRAWSYS\" fullword wide \n \t\t $s9= \"IDR_TSNEGATIVESYS\" fullword wide \n \t\t $s10= \"IDR_UNIFIED_S1B\" fullword wide \n \t\t $s11= \"IDR_UNIFIED_S1B_VS3\" fullword wide \n \t\t $s12= \"IDR_UNIFIED_S1GL\" fullword wide \n \t\t $s13= \"IDR_UNIFIED_S1GL_VS3\" fullword wide \n \t\t $s14= \"IDR_UNIFIED_S1_VS3 IDR_WATER\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??44??52??5f??42??4f??4e??45??54??45??58??54??55??52??45??0a??} \n \t\t $hex3= {49??44??52??5f??43??41??4d??4f??55??46??4c??41??47??45??5f??56??53??33??0a??} \n \t\t $hex4= {49??44??52??5f??46??49??58??45??44??43??4f??4c??4f??52??5f??56??53??32??0a??} \n \t\t $hex5= {49??44??52??5f??46??49??58??45??44??46??55??4e??43??54??49??4f??4e??0a??} \n \t\t $hex6= {49??44??52??5f??46??49??58??45??44??46??55??4e??43??54??49??4f??4e??5f??56??53??32??20??49??44??52??5f??47??4c??41??52??} \n \t\t $hex7= {49??44??52??5f??53??50??45??43??55??4c??41??52??5f??56??53??33??0a??} \n \t\t $hex8= {49??44??52??5f??54??53??47??52??41??59??53??43??41??4c??45??44??52??41??57??53??59??53??0a??} \n \t\t $hex9= {49??44??52??5f??54??53??4e??45??47??41??54??49??56??45??53??59??53??0a??} \n \t\t $hex10= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??42??0a??} \n \t\t $hex11= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??42??5f??56??53??33??0a??} \n \t\t $hex12= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??47??4c??0a??} \n \t\t $hex13= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??47??4c??5f??56??53??33??0a??} \n \t\t $hex14= {49??44??52??5f??55??4e??49??46??49??45??44??5f??53??31??5f??56??53??33??20??49??44??52??5f??57??41??54??45??52??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_9bfa356f71859ff0a0c97136cc795ed56edb0966e826c7bd988b89adafaaa971 Group", "expiration": null, "is_active": 1 }, { "id": 3409659392, "indicator": "6e0a1f946964b7142e03ee017d545d30eeca7837", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6ba280ee1b4f0fa38d88e7b8a871a5e42aba7fcdc824ffabe810289d16286c36 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6ba280ee1b4f0fa38d88e7b8a871a5e42aba7fcdc824ffabe810289d16286c36 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ed2119548aff161ff97d6837e6a08e84\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6ba280ee1b4f0fa38d88e7b8a871a5e42aba7fcdc824ffabe810289d16286c36 Group", "expiration": null, "is_active": 1 }, { "id": 3409659393, "indicator": "7374b04b51dfd2bf7278ad0a20616d7c32e0bc97", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_2e8d265191a86af4195ff0cdc24113d74369a05128a72b5212cbac6d7f94306c { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_2e8d265191a86af4195ff0cdc24113d74369a05128a72b5212cbac6d7f94306c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2600671b87dedbb50ca728285eb141b8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_2e8d265191a86af4195ff0cdc24113d74369a05128a72b5212cbac6d7f94306c Group", "expiration": null, "is_active": 1 }, { "id": 3254621539, "indicator": "d6cb1280b1817cdb09d56c37179107d388c7270f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA1 of b1048d7d2464f27a19b2adbf310158b1", "expiration": null, "is_active": 1 }, { "id": 3254621540, "indicator": "6a47ef472356a856084006049c38b7a298b6f038460f492ce832e7d7e7de7b96", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "TrojanDownloader:Win32/Garveep.D", "description": "SHA256 of b1048d7d2464f27a19b2adbf310158b1", "expiration": null, "is_active": 1 }, { "id": 3409659394, "indicator": "8fcc4edb0b0fce520e754e65f2fc85df71d94efa", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6a47ef472356a856084006049c38b7a298b6f038460f492ce832e7d7e7de7b96 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6a47ef472356a856084006049c38b7a298b6f038460f492ce832e7d7e7de7b96 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b1048d7d2464f27a19b2adbf310158b1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Catch...\" fullword wide \n \t\t $s2= \"About DebugView\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"&Append Comment Ctrl+I\" fullword wide \n \t\t $s7= \"APPICONDISABLED\" fullword wide \n \t\t $s8= \"&Auto Scroll Ctrl+A\" fullword wide \n \t\t $s9= \"Autoscroll (Ctrl+A)\" fullword wide \n \t\t $s10= \"Capture (Ctrl+E)\" fullword wide \n \t\t $s11= \"&Capture Events Ctrl+E\" fullword wide \n \t\t $s12= \"Capture &Kernel Ctrl+K\" fullword wide \n \t\t $s13= \"Capture &Win32 Ctrl+W\" fullword wide \n \t\t $s14= \"Clear &Display Ctrl+X\" fullword wide \n \t\t $s15= \"Clock &Time Ctrl+T\" fullword wide \n \t\t $s16= \"&Color choices:\" fullword wide \n \t\t $s17= \"CONNECT CONNECTED CRASHDUMP\" fullword wide \n \t\t $s18= \"&Connect... Ctrl+R\" fullword wide \n \t\t $s19= \"DbgQueryDebugFilterState\" fullword wide \n \t\t $s20= \"DbgSetDebugFilterState\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??74??63??68??2e??2e??2e??0a??} \n \t\t $hex2= {26??41??70??70??65??6e??64??20??43??6f??6d??6d??65??6e??74??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex3= {26??41??75??74??6f??20??53??63??72??6f??6c??6c??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex4= {26??43??61??70??74??75??72??65??20??45??76??65??6e??74??73??20??43??74??72??6c??2b??45??0a??} \n \t\t $hex5= {26??43??6f??6c??6f??72??20??63??68??6f??69??63??65??73??3a??0a??} \n \t\t $hex6= {26??43??6f??6e??6e??65??63??74??2e??2e??2e??20??43??74??72??6c??2b??52??0a??} \n \t\t $hex7= {41??50??50??49??43??4f??4e??44??49??53??41??42??4c??45??44??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??44??65??62??75??67??56??69??65??77??0a??} \n \t\t $hex9= {41??75??74??6f??73??63??72??6f??6c??6c??20??28??43??74??72??6c??2b??41??29??0a??} \n \t\t $hex10= {43??4f??4e??4e??45??43??54??20??43??4f??4e??4e??45??43??54??45??44??20??43??52??41??53??48??44??55??4d??50??0a??} \n \t\t $hex11= {43??61??70??74??75??72??65??20??26??4b??65??72??6e??65??6c??20??43??74??72??6c??2b??4b??0a??} \n \t\t $hex12= {43??61??70??74??75??72??65??20??26??57??69??6e??33??32??20??43??74??72??6c??2b??57??0a??} \n \t\t $hex13= {43??61??70??74??75??72??65??20??28??43??74??72??6c??2b??45??29??0a??} \n \t\t $hex14= {43??6c??65??61??72??20??26??44??69??73??70??6c??61??79??20??43??74??72??6c??2b??58??0a??} \n \t\t $hex15= {43??6c??6f??63??6b??20??26??54??69??6d??65??20??43??74??72??6c??2b??54??0a??} \n \t\t $hex16= {44??62??67??51??75??65??72??79??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex17= {44??62??67??53??65??74??44??65??62??75??67??46??69??6c??74??65??72??53??74??61??74??65??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6a47ef472356a856084006049c38b7a298b6f038460f492ce832e7d7e7de7b96 Group", "expiration": null, "is_active": 1 }, { "id": 3409659395, "indicator": "954b9076c67f176dc5a92d05ecbad1ee6aa9b5af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_5235cc16625751e7fc356fcfddee656c8f5938a2c1d1a8a305520b083b2a1cee { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_5235cc16625751e7fc356fcfddee656c8f5938a2c1d1a8a305520b083b2a1cee Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4e01e648645d041d52af9dbb09e442ef\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_5235cc16625751e7fc356fcfddee656c8f5938a2c1d1a8a305520b083b2a1cee Group", "expiration": null, "is_active": 1 }, { "id": 3409659396, "indicator": "e3b8318ee8326d4c51cfd5821fc400d93a35bf4b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_36dbe5147c872da08b1c29cb581ff44f09e24e6db060b3ad16810f1481b5f1df { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_36dbe5147c872da08b1c29cb581ff44f09e24e6db060b3ad16810f1481b5f1df Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8cdd3b6c577a17b698333337dd1cf3e0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Coverages/Endorsements:\" fullword wide \n \t\t $s2= \"CRN Endorsements\" fullword wide \n \t\t $s3= \"Endorsement Description\" fullword wide \n \t\t $s4= \"Liablity Percentages\" fullword wide \n \t\t $s5= \"Loss Description\" fullword wide \n \t\t $s6= \"Loss Description:\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"SiebelAppServer.ApplicationObject\" fullword wide \n \t\t $s9= \"Vehicle Involved:\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??52??4e??20??45??6e??64??6f??72??73??65??6d??65??6e??74??73??0a??} \n \t\t $hex2= {43??6f??76??65??72??61??67??65??73??2f??45??6e??64??6f??72??73??65??6d??65??6e??74??73??3a??0a??} \n \t\t $hex3= {45??6e??64??6f??72??73??65??6d??65??6e??74??20??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??69??61??62??6c??69??74??79??20??50??65??72??63??65??6e??74??61??67??65??73??0a??} \n \t\t $hex5= {4c??6f??73??73??20??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??6f??73??73??20??44??65??73??63??72??69??70??74??69??6f??6e??3a??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {53??69??65??62??65??6c??41??70??70??53??65??72??76??65??72??2e??41??70??70??6c??69??63??61??74??69??6f??6e??4f??62??6a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex10= {56??65??68??69??63??6c??65??20??49??6e??76??6f??6c??76??65??64??3a??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_36dbe5147c872da08b1c29cb581ff44f09e24e6db060b3ad16810f1481b5f1df Group", "expiration": null, "is_active": 1 }, { "id": 3409659397, "indicator": "b346dff8dbbfb50302593be938f041fbe7bff1c8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_9f7b81e8479c09024e29ce4683a70a1a3f448631e694426c9cb4900bd67913c3 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_9f7b81e8479c09024e29ce4683a70a1a3f448631e694426c9cb4900bd67913c3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0396f7af9842dc5c8c0df1a44c01068c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_9f7b81e8479c09024e29ce4683a70a1a3f448631e694426c9cb4900bd67913c3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659398, "indicator": "ffa38c7298d643ca4bf5c9eb396320dc302952d1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"01cbd90ba5cf7e9595b208e4ca2d2d15\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16 Group", "expiration": null, "is_active": 1 }, { "id": 3409659399, "indicator": "618986c3d6a0d82a399d94f4840614a625ee5aff", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_962810f908daab4ed0796ff563433eb65a60507d23089ad4c9b25ccf2c8c7837 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_962810f908daab4ed0796ff563433eb65a60507d23089ad4c9b25ccf2c8c7837 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5f05acd53cfd91fb4dba3660ad1e3add\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_962810f908daab4ed0796ff563433eb65a60507d23089ad4c9b25ccf2c8c7837 Group", "expiration": null, "is_active": 1 }, { "id": 3409659400, "indicator": "354f8aa0201b1339eafc9eda97fa34804f99b4e7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0367f890595cf28c6c195dfabae53ba5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_8cc3ede145613b926268828965830ad7fbcf0b6db2b8772b4d485a55b88dd308 Group", "expiration": null, "is_active": 1 }, { "id": 3409659401, "indicator": "5128ffdd7fce1c35e86014bfbbd542bcfb2cd227", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_a80522d3a11f95ff57c74d45f99c48aa7aeae2f0c8296a52541ca5e87f0ff45e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_a80522d3a11f95ff57c74d45f99c48aa7aeae2f0c8296a52541ca5e87f0ff45e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5b7b8d3b844b4dbc22875a2a6866a862\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_a80522d3a11f95ff57c74d45f99c48aa7aeae2f0c8296a52541ca5e87f0ff45e Group", "expiration": null, "is_active": 1 }, { "id": 3409659402, "indicator": "f0ad84c45f71ee23967d67155a8d21f5105cd055", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_858ae3350ac3f7fc6ce235536e70b9eee1aef8df95fdc5d90bf67b825171e89a { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_858ae3350ac3f7fc6ce235536e70b9eee1aef8df95fdc5d90bf67b825171e89a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0fb91846ab9a4e9667c81154829f888b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CURSOR_BUTTON_COPY\" fullword wide \n \t\t $s2= \"CURSOR_BUTTON_MOVE\" fullword wide \n \t\t $s3= \"CURSOR_BUTTON_REPLACE\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"http://noraneco.pos.to/\" fullword wide \n \t\t $s6= \"LegalTrademarks\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"TADDOTHERPROGRAMFORM\" fullword wide \n \t\t $s9= \"TBTNSETTINGFORM\" fullword wide \n \t\t $s10= \"TENUMFILESOPTIONFORM\" fullword wide \n \t\t $s11= \"TSELECTHOMEFORM\" fullword wide \n \t\t $s12= \"TSKINSELECTERFORM\" fullword wide \n \t\t $s13= \"TUSERFONTSFORM TWAITFORM\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??55??52??53??4f??52??5f??42??55??54??54??4f??4e??5f??43??4f??50??59??0a??} \n \t\t $hex2= {43??55??52??53??4f??52??5f??42??55??54??54??4f??4e??5f??4d??4f??56??45??0a??} \n \t\t $hex3= {43??55??52??53??4f??52??5f??42??55??54??54??4f??4e??5f??52??45??50??4c??41??43??45??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {54??41??44??44??4f??54??48??45??52??50??52??4f??47??52??41??4d??46??4f??52??4d??0a??} \n \t\t $hex8= {54??42??54??4e??53??45??54??54??49??4e??47??46??4f??52??4d??0a??} \n \t\t $hex9= {54??45??4e??55??4d??46??49??4c??45??53??4f??50??54??49??4f??4e??46??4f??52??4d??0a??} \n \t\t $hex10= {54??53??45??4c??45??43??54??48??4f??4d??45??46??4f??52??4d??0a??} \n \t\t $hex11= {54??53??4b??49??4e??53??45??4c??45??43??54??45??52??46??4f??52??4d??0a??} \n \t\t $hex12= {54??55??53??45??52??46??4f??4e??54??53??46??4f??52??4d??20??54??57??41??49??54??46??4f??52??4d??0a??} \n \t\t $hex13= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex14= {68??74??74??70??3a??2f??2f??6e??6f??72??61??6e??65??63??6f??2e??70??6f??73??2e??74??6f??2f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_858ae3350ac3f7fc6ce235536e70b9eee1aef8df95fdc5d90bf67b825171e89a Group", "expiration": null, "is_active": 1 }, { "id": 3409659403, "indicator": "9790d34858594ec4df6e099d399f1bf2e60b2963", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_b71a3882d901af1e1eeaa6c954081ab673cb3a3d0e3e10c32036e3635ff1e1c8 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_b71a3882d901af1e1eeaa6c954081ab673cb3a3d0e3e10c32036e3635ff1e1c8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-15-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"93283599dbf3b2d47872dafae12afb21\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"!$).056;>ACENQV[_`eimuz\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"http://e.mail.ru/cgi-bin/login\" fullword wide \n \t\t $s4= \"http://facebook.com\" fullword wide \n \t\t $s5= \"http://mail.126.com\" fullword wide \n \t\t $s6= \"http://mail.163.com\" fullword wide \n \t\t $s7= \"http://mail.qip.ru\" fullword wide \n \t\t $s8= \"http://mail.sina.com.cn\" fullword wide \n \t\t $s9= \"http://members.sina.com/index.php\" fullword wide \n \t\t $s10= \"http://passport.yandex.ru/passport\" fullword wide \n \t\t $s11= \"https://fastmail.fm/mail\" fullword wide \n \t\t $s12= \"https://login.live.com/login.srf\" fullword wide \n \t\t $s13= \"https://www.inbox.com/login.aspx\" fullword wide \n \t\t $s14= \"https://www.zoho.com/login.html\" fullword wide \n \t\t $s15= \"http://twitter.com\" fullword wide \n \t\t $s16= \"http://www.bigstring.com\" fullword wide \n \t\t $s17= \"http://www.gawab.com\" fullword wide \n \t\t $s18= \"http://www.gmx.com\" fullword wide \n \t\t $s19= \"http://www.mail.com/int\" fullword wide \n \t\t $s20= \"http://www.mail.lycos.com\" fullword wide \n \n \t\t $hex1= {21??24??29??2e??30??35??36??3b??3e??41??43??45??4e??51??56??5b??5f??60??65??69??6d??75??7a??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {68??74??74??70??3a??2f??2f??65??2e??6d??61??69??6c??2e??72??75??2f??63??67??69??2d??62??69??6e??2f??6c??6f??67??69??6e??} \n \t\t $hex4= {68??74??74??70??3a??2f??2f??66??61??63??65??62??6f??6f??6b??2e??63??6f??6d??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??32??36??2e??63??6f??6d??0a??} \n \t\t $hex6= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??31??36??33??2e??63??6f??6d??0a??} \n \t\t $hex7= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??71??69??70??2e??72??75??0a??} \n \t\t $hex8= {68??74??74??70??3a??2f??2f??6d??61??69??6c??2e??73??69??6e??61??2e??63??6f??6d??2e??63??6e??0a??} \n \t\t $hex9= {68??74??74??70??3a??2f??2f??6d??65??6d??62??65??72??73??2e??73??69??6e??61??2e??63??6f??6d??2f??69??6e??64??65??78??2e??} \n \t\t $hex10= {68??74??74??70??3a??2f??2f??70??61??73??73??70??6f??72??74??2e??79??61??6e??64??65??78??2e??72??75??2f??70??61??73??73??} \n \t\t $hex11= {68??74??74??70??3a??2f??2f??74??77??69??74??74??65??72??2e??63??6f??6d??0a??} \n \t\t $hex12= {68??74??74??70??3a??2f??2f??77??77??77??2e??62??69??67??73??74??72??69??6e??67??2e??63??6f??6d??0a??} \n \t\t $hex13= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??61??77??61??62??2e??63??6f??6d??0a??} \n \t\t $hex14= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??6d??78??2e??63??6f??6d??0a??} \n \t\t $hex15= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??63??6f??6d??2f??69??6e??74??0a??} \n \t\t $hex16= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??61??69??6c??2e??6c??79??63??6f??73??2e??63??6f??6d??0a??} \n \t\t $hex17= {68??74??74??70??73??3a??2f??2f??66??61??73??74??6d??61??69??6c??2e??66??6d??2f??6d??61??69??6c??0a??} \n \t\t $hex18= {68??74??74??70??73??3a??2f??2f??6c??6f??67??69??6e??2e??6c??69??76??65??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??73??} \n \t\t $hex19= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??69??6e??62??6f??78??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??61??73??} \n \t\t $hex20= {68??74??74??70??73??3a??2f??2f??77??77??77??2e??7a??6f??68??6f??2e??63??6f??6d??2f??6c??6f??67??69??6e??2e??68??74??6d??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_b71a3882d901af1e1eeaa6c954081ab673cb3a3d0e3e10c32036e3635ff1e1c8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659446, "indicator": "c49513df1c71b9864205fbb1dd2a9a565e204371", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_5bf0a90a19b7001cafbb7e230a9b13a4d684dcb6577e857557457d1ec177ba63 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_5bf0a90a19b7001cafbb7e230a9b13a4d684dcb6577e857557457d1ec177ba63 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d46204e579808d520affcc71a7d35cda\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"August September\" fullword wide \n \t\t $s2= \"BDSUnthemedDesigner\" fullword wide \n \t\t $s3= \"BeginBufferedPaint\" fullword wide \n \t\t $s4= \"BufferedPaintSetAlpha\" fullword wide \n \t\t $s5= \"CHINESEBIG5_CHARSET\" fullword wide \n \t\t $s6= \"clActiveCaption\" fullword wide \n \t\t $s7= \"clGradientActiveCaption\" fullword wide \n \t\t $s8= \"clGradientInactiveCaption\" fullword wide \n \t\t $s9= \"clHighlightText\" fullword wide \n \t\t $s10= \"clInactiveBorder\" fullword wide \n \t\t $s11= \"clInactiveCaption\" fullword wide \n \t\t $s12= \"clInactiveCaptionText\" fullword wide \n \t\t $s13= \"clMenuHighlight\" fullword wide \n \t\t $s14= \"clWebAntiqueWhite\" fullword wide \n \t\t $s15= \"clWebAquamarine\" fullword wide \n \t\t $s16= \"clWebBlanchedAlmond\" fullword wide \n \t\t $s17= \"clWebBlueViolet\" fullword wide \n \t\t $s18= \"clWebChartreuse\" fullword wide \n \t\t $s19= \"clWebCornFlowerBlue\" fullword wide \n \t\t $s20= \"clWebDarkGoldenRod\" fullword wide \n \n \t\t $hex1= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex2= {42??44??53??55??6e??74??68??65??6d??65??64??44??65??73??69??67??6e??65??72??0a??} \n \t\t $hex3= {42??65??67??69??6e??42??75??66??66??65??72??65??64??50??61??69??6e??74??0a??} \n \t\t $hex4= {42??75??66??66??65??72??65??64??50??61??69??6e??74??53??65??74??41??6c??70??68??61??0a??} \n \t\t $hex5= {43??48??49??4e??45??53??45??42??49??47??35??5f??43??48??41??52??53??45??54??0a??} \n \t\t $hex6= {63??6c??41??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex7= {63??6c??47??72??61??64??69??65??6e??74??41??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex8= {63??6c??47??72??61??64??69??65??6e??74??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex9= {63??6c??48??69??67??68??6c??69??67??68??74??54??65??78??74??0a??} \n \t\t $hex10= {63??6c??49??6e??61??63??74??69??76??65??42??6f??72??64??65??72??0a??} \n \t\t $hex11= {63??6c??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex12= {63??6c??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??54??65??78??74??0a??} \n \t\t $hex13= {63??6c??4d??65??6e??75??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex14= {63??6c??57??65??62??41??6e??74??69??71??75??65??57??68??69??74??65??0a??} \n \t\t $hex15= {63??6c??57??65??62??41??71??75??61??6d??61??72??69??6e??65??0a??} \n \t\t $hex16= {63??6c??57??65??62??42??6c??61??6e??63??68??65??64??41??6c??6d??6f??6e??64??0a??} \n \t\t $hex17= {63??6c??57??65??62??42??6c??75??65??56??69??6f??6c??65??74??0a??} \n \t\t $hex18= {63??6c??57??65??62??43??68??61??72??74??72??65??75??73??65??0a??} \n \t\t $hex19= {63??6c??57??65??62??43??6f??72??6e??46??6c??6f??77??65??72??42??6c??75??65??0a??} \n \t\t $hex20= {63??6c??57??65??62??44??61??72??6b??47??6f??6c??64??65??6e??52??6f??64??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_5bf0a90a19b7001cafbb7e230a9b13a4d684dcb6577e857557457d1ec177ba63 Group", "expiration": null, "is_active": 1 }, { "id": 3409659447, "indicator": "7a6398a470b00558010f8272ec4fa02c8881aa2f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_8ccfd254277b451df5011669be99302761f224fe282a05c450e5320b3c77f2d8 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_8ccfd254277b451df5011669be99302761f224fe282a05c450e5320b3c77f2d8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5607a3ccdaf748fd5cd2d1bec4a771bd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_8ccfd254277b451df5011669be99302761f224fe282a05c450e5320b3c77f2d8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659448, "indicator": "ccb23469b558c20a2f3d28b194a0385fa1344f96", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"268d17f3763246ac27de7dc8024f23fa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"File Encryption\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SBLEFT SBLEFTDIS\" fullword wide \n \t\t $s6= \"SBRIGHTDIS SBRIGHTDN\" fullword wide \n \t\t $s7= \"TRACK TRACKVERT\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??20??45??6e??63??72??79??70??74??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??42??4c??45??46??54??20??53??42??4c??45??46??54??44??49??53??0a??} \n \t\t $hex6= {53??42??52??49??47??48??54??44??49??53??20??53??42??52??49??47??48??54??44??4e??0a??} \n \t\t $hex7= {54??52??41??43??4b??20??54??52??41??43??4b??56??45??52??54??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_fbee0422f1d775b6abd1a2bee86ec0644e9c18ee4c2631b09f0d3244c05b10d8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659449, "indicator": "736bd80257243d751e6afc9af8cd526950bf285c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_f4ab6fe2bb30364f3762f325d08ae3c00724faedad72facdb078d681b5afd47f { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_f4ab6fe2bb30364f3762f325d08ae3c00724faedad72facdb078d681b5afd47f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e5a31be7717c12a3cf9a173428ac7c38\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AboutToolStripMenuItem\" fullword wide \n \t\t $s2= \"AboutToolStripMenuItem1\" fullword wide \n \t\t $s3= \"Activation successfull\" fullword wide \n \t\t $s4= \"Application: Unresponsive\" fullword wide \n \t\t $s5= \"Assembly Version\" fullword wide \n \t\t $s6= \"ExitToolStripMenuItem\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"FileToolStripMenuItem\" fullword wide \n \t\t $s9= \"http:/www.ctforumgroup.com\" fullword wide \n \t\t $s10= \"InstallProductKey\" fullword wide \n \t\t $s11= \"J7PYM-6X6FJ-QRKYT-TW4KF-BY7H9\" fullword wide \n \t\t $s12= \"Microsoft Corporation\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"Other (Planned)\" fullword wide \n \t\t $s15= \"Other (Unplanned)\" fullword wide \n \t\t $s16= \"pcforum89logolive\" fullword wide \n \t\t $s17= \"RefreshLicenseStatus\" fullword wide \n \t\t $s18= \"shutdown power off\" fullword wide \n \t\t $s19= \"SoftwareLicensingProduct\" fullword wide \n \t\t $s20= \"SoftwareLicensingService\" fullword wide \n \n \t\t $hex1= {41??62??6f??75??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex2= {41??62??6f??75??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??31??0a??} \n \t\t $hex3= {41??63??74??69??76??61??74??69??6f??6e??20??73??75??63??63??65??73??73??66??75??6c??6c??0a??} \n \t\t $hex4= {41??70??70??6c??69??63??61??74??69??6f??6e??3a??20??55??6e??72??65??73??70??6f??6e??73??69??76??65??0a??} \n \t\t $hex5= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex6= {45??78??69??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex7= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex8= {46??69??6c??65??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex9= {49??6e??73??74??61??6c??6c??50??72??6f??64??75??63??74??4b??65??79??0a??} \n \t\t $hex10= {4a??37??50??59??4d??2d??36??58??36??46??4a??2d??51??52??4b??59??54??2d??54??57??34??4b??46??2d??42??59??37??48??39??0a??} \n \t\t $hex11= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex12= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {4f??74??68??65??72??20??28??50??6c??61??6e??6e??65??64??29??0a??} \n \t\t $hex14= {4f??74??68??65??72??20??28??55??6e??70??6c??61??6e??6e??65??64??29??0a??} \n \t\t $hex15= {52??65??66??72??65??73??68??4c??69??63??65??6e??73??65??53??74??61??74??75??73??0a??} \n \t\t $hex16= {53??6f??66??74??77??61??72??65??4c??69??63??65??6e??73??69??6e??67??50??72??6f??64??75??63??74??0a??} \n \t\t $hex17= {53??6f??66??74??77??61??72??65??4c??69??63??65??6e??73??69??6e??67??53??65??72??76??69??63??65??0a??} \n \t\t $hex18= {68??74??74??70??3a??2f??77??77??77??2e??63??74??66??6f??72??75??6d??67??72??6f??75??70??2e??63??6f??6d??0a??} \n \t\t $hex19= {70??63??66??6f??72??75??6d??38??39??6c??6f??67??6f??6c??69??76??65??0a??} \n \t\t $hex20= {73??68??75??74??64??6f??77??6e??20??70??6f??77??65??72??20??6f??66??66??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_f4ab6fe2bb30364f3762f325d08ae3c00724faedad72facdb078d681b5afd47f Group", "expiration": null, "is_active": 1 }, { "id": 3409659450, "indicator": "be038ed0b8f8194d829131b752dabe3ed74426e0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_bce210b844380014281a661792da2f320a0520134e1b87c66594992c6eaa2ccb { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_bce210b844380014281a661792da2f320a0520134e1b87c66594992c6eaa2ccb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2aac9d340620da09d96929ba570978c4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Edown_mfc...\" fullword wide \n \t\t $s2= \"About Edown_mfc\" fullword wide \n \t\t $s3= \"Edown_mfc Application\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Invalid filename.\" fullword wide \n \t\t $s6= \"LegalTrademarks\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??45??64??6f??77??6e??5f??6d??66??63??0a??} \n \t\t $hex3= {45??64??6f??77??6e??5f??6d??66??63??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_bce210b844380014281a661792da2f320a0520134e1b87c66594992c6eaa2ccb Group", "expiration": null, "is_active": 1 }, { "id": 3409659451, "indicator": "8d96f288f8e2ddd646af45491e267307b142f707", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_da7f9bab52597e36d5b90881a7acc4f2b92b5addff24bf0e350a446c51a600a1 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_da7f9bab52597e36d5b90881a7acc4f2b92b5addff24bf0e350a446c51a600a1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"08b04d6ef94d2764bfafd1457eb0d2a0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_da7f9bab52597e36d5b90881a7acc4f2b92b5addff24bf0e350a446c51a600a1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659452, "indicator": "08c2bf50760a8e510c91b88496248c312e4e9fe6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_eb8eefea77fb258bde014c3dfd9dc92c9b69598ecdbd74750d0ca609afc8808c { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_eb8eefea77fb258bde014c3dfd9dc92c9b69598ecdbd74750d0ca609afc8808c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"06ac12b8c51aec71cefcf8a507d82ce4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_eb8eefea77fb258bde014c3dfd9dc92c9b69598ecdbd74750d0ca609afc8808c Group", "expiration": null, "is_active": 1 }, { "id": 3409659453, "indicator": "926ffb09c8daf6e9cddbff0dc0be448e966e188a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_7b3b2e430cc41ab9df9526009b246adb0f1de75a680753f79819e284d0e73f6e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_7b3b2e430cc41ab9df9526009b246adb0f1de75a680753f79819e284d0e73f6e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"16e378d5f0a15fbd521b087c0951a2ab\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_7b3b2e430cc41ab9df9526009b246adb0f1de75a680753f79819e284d0e73f6e Group", "expiration": null, "is_active": 1 }, { "id": 3409659454, "indicator": "cb11bca616ca96163a4e6ea1e00ea76626165c4a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_276b17244408e7e698e837a0a105c7c3857acfac37e2e837d4b10e6904fd9dc3 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_276b17244408e7e698e837a0a105c7c3857acfac37e2e837d4b10e6904fd9dc3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"28b1569109fcae8cfcdcfbe9c4431b66\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_276b17244408e7e698e837a0a105c7c3857acfac37e2e837d4b10e6904fd9dc3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659455, "indicator": "7d92e6aca5b960efdc1fe8dc1a57b92bbbea5b9f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"131c5f8e98605f9d8074ca02fd1b9c34\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"ProgramFilesDir\" fullword wide \n \t\t $s6= \"RarHtmlClassName\" fullword wide \n \t\t $s7= \"REPLACEFILEDLG RENAMEDLG\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex5= {52??45??50??4c??41??43??45??46??49??4c??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_2381ef2fce6e8fa52e2f7717c893576f362c0cc54cc0ffa343a3902feead7784 Group", "expiration": null, "is_active": 1 }, { "id": 3409659456, "indicator": "5f96621b6378fdec44fceb498c9d8ca526bfff9b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_1a8655886ea6be9ae0a71e845b5a334b476494b3aad7bfe6510218059eba5788 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_1a8655886ea6be9ae0a71e845b5a334b476494b3aad7bfe6510218059eba5788 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c25d146b4cf05f7aaa9aebbe8d1563db\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ASkinPopupWindow\" fullword wide \n \t\t $s2= \"Atooltips_class32\" fullword wide \n \t\t $s3= \"BackgroundImage\" fullword wide \n \t\t $s4= \"Baofeng_BFVCM_Mutex\" fullword wide \n \t\t $s5= \"Baofeng_BFVKanDianYing\" fullword wide \n \t\t $s6= \"BFVCenter_ComponentInstall_Notify\" fullword wide \n \t\t $s7= \"BFVCMSkinFolder\" fullword wide \n \t\t $s8= \"BFVComponent.exe\" fullword wide \n \t\t $s9= \"..BFVKanDianYing.ver\" fullword wide \n \t\t $s10= \"ButtonAlwaywShow\" fullword wide \n \t\t $s11= \"ButtonDisableHide\" fullword wide \n \t\t $s12= \"ButtonLeftWidth\" fullword wide \n \t\t $s13= \"ButtonRightWidth\" fullword wide \n \t\t $s14= \"CaptionTextColor\" fullword wide \n \t\t $s15= \"CenterDirection\" fullword wide \n \t\t $s16= \"Component Categories\" fullword wide \n \t\t $s17= \"@CVideoTimeWindow\" fullword wide \n \t\t $s18= \"CVideoTimeWindow\" fullword wide \n \t\t $s19= \"%d.%02d.%04d.%04d\" fullword wide \n \t\t $s20= \"disablebackcolor\" fullword wide \n \n \t\t $hex1= {25??64??2e??25??30??32??64??2e??25??30??34??64??2e??25??30??34??64??0a??} \n \t\t $hex2= {2e??2e??42??46??56??4b??61??6e??44??69??61??6e??59??69??6e??67??2e??76??65??72??0a??} \n \t\t $hex3= {40??43??56??69??64??65??6f??54??69??6d??65??57??69??6e??64??6f??77??0a??} \n \t\t $hex4= {41??53??6b??69??6e??50??6f??70??75??70??57??69??6e??64??6f??77??0a??} \n \t\t $hex5= {41??74??6f??6f??6c??74??69??70??73??5f??63??6c??61??73??73??33??32??0a??} \n \t\t $hex6= {42??46??56??43??4d??53??6b??69??6e??46??6f??6c??64??65??72??0a??} \n \t\t $hex7= {42??46??56??43??65??6e??74??65??72??5f??43??6f??6d??70??6f??6e??65??6e??74??49??6e??73??74??61??6c??6c??5f??4e??6f??74??} \n \t\t $hex8= {42??46??56??43??6f??6d??70??6f??6e??65??6e??74??2e??65??78??65??0a??} \n \t\t $hex9= {42??61??63??6b??67??72??6f??75??6e??64??49??6d??61??67??65??0a??} \n \t\t $hex10= {42??61??6f??66??65??6e??67??5f??42??46??56??43??4d??5f??4d??75??74??65??78??0a??} \n \t\t $hex11= {42??61??6f??66??65??6e??67??5f??42??46??56??4b??61??6e??44??69??61??6e??59??69??6e??67??0a??} \n \t\t $hex12= {42??75??74??74??6f??6e??41??6c??77??61??79??77??53??68??6f??77??0a??} \n \t\t $hex13= {42??75??74??74??6f??6e??44??69??73??61??62??6c??65??48??69??64??65??0a??} \n \t\t $hex14= {42??75??74??74??6f??6e??4c??65??66??74??57??69??64??74??68??0a??} \n \t\t $hex15= {42??75??74??74??6f??6e??52??69??67??68??74??57??69??64??74??68??0a??} \n \t\t $hex16= {43??56??69??64??65??6f??54??69??6d??65??57??69??6e??64??6f??77??0a??} \n \t\t $hex17= {43??61??70??74??69??6f??6e??54??65??78??74??43??6f??6c??6f??72??0a??} \n \t\t $hex18= {43??65??6e??74??65??72??44??69??72??65??63??74??69??6f??6e??0a??} \n \t\t $hex19= {43??6f??6d??70??6f??6e??65??6e??74??20??43??61??74??65??67??6f??72??69??65??73??0a??} \n \t\t $hex20= {64??69??73??61??62??6c??65??62??61??63??6b??63??6f??6c??6f??72??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_1a8655886ea6be9ae0a71e845b5a334b476494b3aad7bfe6510218059eba5788 Group", "expiration": null, "is_active": 1 }, { "id": 3409659457, "indicator": "e1d0fae974330e7f4a3721ff866267e175be2c0f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6d562c472bcef1217c3122f4e0930a23a8516b36940d25c999adfa8da80ebbf9 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6d562c472bcef1217c3122f4e0930a23a8516b36940d25c999adfa8da80ebbf9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0fe3daf9e8b69255e592c8af97d24649\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About acroedit...\" fullword wide \n \t\t $s2= \"acroedit Application\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Invalid filename.\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??61??63??72??6f??65??64??69??74??2e??2e??2e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {61??63??72??6f??65??64??69??74??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6d562c472bcef1217c3122f4e0930a23a8516b36940d25c999adfa8da80ebbf9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659458, "indicator": "1c755815bfe8abf8617cd3afe749df1d922b0cfc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_9338630f8b136658808163282982dbc7903b0cecb4346fb5beec8a6e421bf91f { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_9338630f8b136658808163282982dbc7903b0cecb4346fb5beec8a6e421bf91f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6acd47c45a3e031411af351b3be5f82e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.0.351.0614 Build100614\" fullword wide \n \t\t $s2= \"Blader Download\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??30??2e??33??35??31??2e??30??36??31??34??20??42??75??69??6c??64??31??30??30??36??31??34??0a??} \n \t\t $hex2= {42??6c??61??64??65??72??20??44??6f??77??6e??6c??6f??61??64??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_9338630f8b136658808163282982dbc7903b0cecb4346fb5beec8a6e421bf91f Group", "expiration": null, "is_active": 1 }, { "id": 3409659459, "indicator": "eee0c0d3eb2cffed42330d0253a76a818895ccb3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_cb09c377721de670a698db9d56716be19946225ed7eb3dfccef283be28d7780d { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_cb09c377721de670a698db9d56716be19946225ed7eb3dfccef283be28d7780d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"032a7c67332a3abf6da179ed265e6e04\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Incorrect filename.\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {49??6e??63??6f??72??72??65??63??74??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_cb09c377721de670a698db9d56716be19946225ed7eb3dfccef283be28d7780d Group", "expiration": null, "is_active": 1 }, { "id": 3409659460, "indicator": "43ab5d5de810efe707298fa32ecc8c0884289bae", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_579bbcfbd9d5631489f5a2be73970ba67e51f3fcd7ac296695f83eeb04bcb2b0 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_579bbcfbd9d5631489f5a2be73970ba67e51f3fcd7ac296695f83eeb04bcb2b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"965e7d4785d23ba6b6608c1245586eba\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About BitComet...\" fullword wide \n \t\t $s2= \"BCSP_LOADING.GIF\" fullword wide \n \t\t $s3= \"&BitComet Homepage...\" fullword wide \n \t\t $s4= \"BitComet Passport\" fullword wide \n \t\t $s5= \"FileDescription\" fullword wide \n \t\t $s6= \"Floating window\" fullword wide \n \t\t $s7= \"Invalid filename.\" fullword wide \n \t\t $s8= \"Open Torrent Ctrl+O(&O)\" fullword wide \n \t\t $s9= \"PASSPORT_LOGIN.HTM\" fullword wide \n \t\t $s10= \"PASSPORT_LOGINNING.HTM\" fullword wide \n \t\t $s11= \"Passport Loginout\" fullword wide \n \t\t $s12= \"PASSPORT_LOGO.PNG\" fullword wide \n \t\t $s13= \"PASSPORT_TIMEOUT.HTM\" fullword wide \n \t\t $s14= \"&Restore Window\" fullword wide \n \t\t $s15= \"Show/Hide BitComet\" fullword wide \n \t\t $s16= \"VS_VERSION_INFO\" fullword wide \n \t\t $s17= \"www.BitComet.com\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??42??69??74??43??6f??6d??65??74??2e??2e??2e??0a??} \n \t\t $hex2= {26??42??69??74??43??6f??6d??65??74??20??48??6f??6d??65??70??61??67??65??2e??2e??2e??0a??} \n \t\t $hex3= {26??52??65??73??74??6f??72??65??20??57??69??6e??64??6f??77??0a??} \n \t\t $hex4= {42??43??53??50??5f??4c??4f??41??44??49??4e??47??2e??47??49??46??0a??} \n \t\t $hex5= {42??69??74??43??6f??6d??65??74??20??50??61??73??73??70??6f??72??74??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {46??6c??6f??61??74??69??6e??67??20??77??69??6e??64??6f??77??0a??} \n \t\t $hex8= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex9= {4f??70??65??6e??20??54??6f??72??72??65??6e??74??20??43??74??72??6c??2b??4f??28??26??4f??29??0a??} \n \t\t $hex10= {50??41??53??53??50??4f??52??54??5f??4c??4f??47??49??4e??2e??48??54??4d??0a??} \n \t\t $hex11= {50??41??53??53??50??4f??52??54??5f??4c??4f??47??49??4e??4e??49??4e??47??2e??48??54??4d??0a??} \n \t\t $hex12= {50??41??53??53??50??4f??52??54??5f??4c??4f??47??4f??2e??50??4e??47??0a??} \n \t\t $hex13= {50??41??53??53??50??4f??52??54??5f??54??49??4d??45??4f??55??54??2e??48??54??4d??0a??} \n \t\t $hex14= {50??61??73??73??70??6f??72??74??20??4c??6f??67??69??6e??6f??75??74??0a??} \n \t\t $hex15= {53??68??6f??77??2f??48??69??64??65??20??42??69??74??43??6f??6d??65??74??0a??} \n \t\t $hex16= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex17= {77??77??77??2e??42??69??74??43??6f??6d??65??74??2e??63??6f??6d??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_579bbcfbd9d5631489f5a2be73970ba67e51f3fcd7ac296695f83eeb04bcb2b0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659461, "indicator": "31dd004cb7f12abf3542c36bf19188a34dedd89d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_de18a47320a1eb08efd96e7bcee8ae0b3cd19683bc602063b854cf96a51536f5 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_de18a47320a1eb08efd96e7bcee8ae0b3cd19683bc602063b854cf96a51536f5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cd1134ad11d21b4626e28cf5a9eb6f0c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_de18a47320a1eb08efd96e7bcee8ae0b3cd19683bc602063b854cf96a51536f5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659462, "indicator": "c7845673a9995f12c67272045e391a159bd77e41", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_8119f075b901142e437224b2f4fc059d36d1080b31b3f92a68400c10c1fa3d56 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_8119f075b901142e437224b2f4fc059d36d1080b31b3f92a68400c10c1fa3d56 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f602fe96deb8615ab8cefbd959e1d438\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_8119f075b901142e437224b2f4fc059d36d1080b31b3f92a68400c10c1fa3d56 Group", "expiration": null, "is_active": 1 }, { "id": 3409659463, "indicator": "1a6a469aaecf5e2a14a5f3f43b0e3130886654ae", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_98165b4667ae606a8ff0c8f398f584c264f1bf337344f4f4e6ac9ef4b0322d7e { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_98165b4667ae606a8ff0c8f398f584c264f1bf337344f4f4e6ac9ef4b0322d7e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fda0320d1e28bc022e4d9e9aae544db4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceKeyDrvClass\" fullword wide \n \t\t $s2= \"DosDevicesKeyDrvClass\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_98165b4667ae606a8ff0c8f398f584c264f1bf337344f4f4e6ac9ef4b0322d7e Group", "expiration": null, "is_active": 1 }, { "id": 3409659464, "indicator": "a43bdab0b69e880b4b6b4bf99efff45577e69426", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_6c095b01ee712bbca41dc10d9bcc7875db2a87b1fa9a71f60b39d46f2b87983b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_6c095b01ee712bbca41dc10d9bcc7875db2a87b1fa9a71f60b39d46f2b87983b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9f56c7f03370692f1d4761ddb848daf5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_6c095b01ee712bbca41dc10d9bcc7875db2a87b1fa9a71f60b39d46f2b87983b Group", "expiration": null, "is_active": 1 }, { "id": 3409659465, "indicator": "f33c14959ba6b5481b69ad276c68f8c51ceea5ff", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e2ed43a6bbb72c927a4e083768e47254\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_9118767c897bd8a02e16a25e8d8d409a0d2d631886dbb64ed175d2a6294d01e1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659466, "indicator": "6eea5e581274aa6be6c304abe845b1de6a2d84ec", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_b7f6abeae241dcf48e880d81ed88858e4c31a584eb43de71104fd263c488c2e5 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_b7f6abeae241dcf48e880d81ed88858e4c31a584eb43de71104fd263c488c2e5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"35994a29128c08bed6f5d4aad28f102b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Liberalsoft LiberalInstaller\" fullword wide \n \t\t $s4= \"LiberalUNInstaller\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4c??69??62??65??72??61??6c??55??4e??49??6e??73??74??61??6c??6c??65??72??0a??} \n \t\t $hex4= {4c??69??62??65??72??61??6c??73??6f??66??74??20??4c??69??62??65??72??61??6c??49??6e??73??74??61??6c??6c??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_b7f6abeae241dcf48e880d81ed88858e4c31a584eb43de71104fd263c488c2e5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659467, "indicator": "0c791db24b4a0ea9d62028ea3c6f0ebf25b08672", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_1203693a4ad21c5c12ec157f4ebbede35132188f02de8ce0f3ee6780788dae55 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_1203693a4ad21c5c12ec157f4ebbede35132188f02de8ce0f3ee6780788dae55 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0d3e3fd44faa32e0d83b02c8b7cff49c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&360AutoClean.exe\" fullword wide \n \t\t $s2= \"360AutoClean.exe\" fullword wide \n \t\t $s3= \"360safe360OKClean.ini\" fullword wide \n \t\t $s4= \"360safetracecleanlog.ini\" fullword wide \n \t\t $s5= \"360safetrashcleanlog.ini\" fullword wide \n \t\t $s6= \"A360WebIdentify.dll\" fullword wide \n \t\t $s7= \"About 360AutoClean\" fullword wide \n \t\t $s8= \"{&#a=button:%d}%s\" fullword wide \n \t\t $s9= \"{&#color=0x048f38}%d\" fullword wide \n \t\t $s10= \"{&#/color}{&#/font}\" fullword wide \n \t\t $s11= \"{&#/color}{&#font=6}\" fullword wide \n \t\t $s12= \"Component Categories\" fullword wide \n \t\t $s13= \"delayquitaftercleanfinish\" fullword wide \n \t\t $s14= \"FileDescription\" fullword wide \n \t\t $s15= \"{&#font=6}{&#color=0xced0d2}\" fullword wide \n \t\t $s16= \"/funname=qinglilaji_yijianqingli\" fullword wide \n \t\t $s17= \"HKEY_CURRENT_CONFIG\" fullword wide \n \t\t $s18= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s19= \"HKEY_LOCAL_MACHINE\" fullword wide \n \t\t $s20= \"HKEY_PERFORMANCE_DATA\" fullword wide \n \n \t\t $hex1= {26??33??36??30??41??75??74??6f??43??6c??65??61??6e??2e??65??78??65??0a??} \n \t\t $hex2= {2f??66??75??6e??6e??61??6d??65??3d??71??69??6e??67??6c??69??6c??61??6a??69??5f??79??69??6a??69??61??6e??71??69??6e??67??} \n \t\t $hex3= {33??36??30??41??75??74??6f??43??6c??65??61??6e??2e??65??78??65??0a??} \n \t\t $hex4= {33??36??30??73??61??66??65??33??36??30??4f??4b??43??6c??65??61??6e??2e??69??6e??69??0a??} \n \t\t $hex5= {33??36??30??73??61??66??65??74??72??61??63??65??63??6c??65??61??6e??6c??6f??67??2e??69??6e??69??0a??} \n \t\t $hex6= {33??36??30??73??61??66??65??74??72??61??73??68??63??6c??65??61??6e??6c??6f??67??2e??69??6e??69??0a??} \n \t\t $hex7= {41??33??36??30??57??65??62??49??64??65??6e??74??69??66??79??2e??64??6c??6c??0a??} \n \t\t $hex8= {41??62??6f??75??74??20??33??36??30??41??75??74??6f??43??6c??65??61??6e??0a??} \n \t\t $hex9= {43??6f??6d??70??6f??6e??65??6e??74??20??43??61??74??65??67??6f??72??69??65??73??0a??} \n \t\t $hex10= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex11= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??43??4f??4e??46??49??47??0a??} \n \t\t $hex12= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex13= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex14= {48??4b??45??59??5f??50??45??52??46??4f??52??4d??41??4e??43??45??5f??44??41??54??41??0a??} \n \t\t $hex15= {64??65??6c??61??79??71??75??69??74??61??66??74??65??72??63??6c??65??61??6e??66??69??6e??69??73??68??0a??} \n \t\t $hex16= {7b??26??23??2f??63??6f??6c??6f??72??7d??7b??26??23??2f??66??6f??6e??74??7d??0a??} \n \t\t $hex17= {7b??26??23??2f??63??6f??6c??6f??72??7d??7b??26??23??66??6f??6e??74??3d??36??7d??0a??} \n \t\t $hex18= {7b??26??23??61??3d??62??75??74??74??6f??6e??3a??25??64??7d??25??73??0a??} \n \t\t $hex19= {7b??26??23??63??6f??6c??6f??72??3d??30??78??30??34??38??66??33??38??7d??25??64??0a??} \n \t\t $hex20= {7b??26??23??66??6f??6e??74??3d??36??7d??7b??26??23??63??6f??6c??6f??72??3d??30??78??63??65??64??30??64??32??7d??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_1203693a4ad21c5c12ec157f4ebbede35132188f02de8ce0f3ee6780788dae55 Group", "expiration": null, "is_active": 1 }, { "id": 3409659510, "indicator": "http://ukino.com", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659511, "indicator": "http://ukino.com/", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409659512, "indicator": "979b75028a51617dcc8ca1e54279d8dae348ef32", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_b1a26fec4b71446f5f12ddfd7d714fb5d452ba065e768ead0ed22778b3d10645 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_b1a26fec4b71446f5f12ddfd7d714fb5d452ba065e768ead0ed22778b3d10645 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"058efdf7d94c5da920a3c32cbadac2d0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"#AutoBackUpPath#\" fullword wide \n \t\t $s2= \"#AutoBackUpUse#\" fullword wide \n \t\t $s3= \"BackColor_Green\" fullword wide \n \t\t $s4= \"BackColor_SelectColor\" fullword wide \n \t\t $s5= \"BackColor_White\" fullword wide \n \t\t $s6= \"body>\" fullword wide \n \t\t $s7= \"body oncontextmenu=\" fullword wide \n \t\t $s8= \"br>\" fullword wide \n \t\t $s9= \"ChaAdminDataCate\" fullword wide \n \t\t $s10= \"ChaDataCategory\" fullword wide \n \t\t $s11= \"emyStoryViewMode\" fullword wide \n \t\t $s12= \"font color=blue>\" fullword wide \n \t\t $s13= \"FORMULA_DATA_LIST\" fullword wide \n \t\t $s14= \"FORMULA_NAME_LIST\" fullword wide \n \t\t $s15= \"frmCharacterAdmin\" fullword wide \n \t\t $s16= \"http://dic.naver.com/?frm=nt\" fullword wide \n \t\t $s17= \"http://search.daum.net/search?q=\" fullword wide \n \t\t $s18= \"http://ukino.com\" fullword wide \n \t\t $s19= \"http://ukino.com/\" fullword wide \n \t\t $s20= \"http://ukino.com/dreamnote_kor.php\" fullword wide \n \n \t\t $hex1= {23??41??75??74??6f??42??61??63??6b??55??70??50??61??74??68??23??0a??} \n \t\t $hex2= {23??41??75??74??6f??42??61??63??6b??55??70??55??73??65??23??0a??} \n \t\t $hex3= {42??61??63??6b??43??6f??6c??6f??72??5f??47??72??65??65??6e??0a??} \n \t\t $hex4= {42??61??63??6b??43??6f??6c??6f??72??5f??53??65??6c??65??63??74??43??6f??6c??6f??72??0a??} \n \t\t $hex5= {42??61??63??6b??43??6f??6c??6f??72??5f??57??68??69??74??65??0a??} \n \t\t $hex6= {43??68??61??41??64??6d??69??6e??44??61??74??61??43??61??74??65??0a??} \n \t\t $hex7= {43??68??61??44??61??74??61??43??61??74??65??67??6f??72??79??0a??} \n \t\t $hex8= {46??4f??52??4d??55??4c??41??5f??44??41??54??41??5f??4c??49??53??54??0a??} \n \t\t $hex9= {46??4f??52??4d??55??4c??41??5f??4e??41??4d??45??5f??4c??49??53??54??0a??} \n \t\t $hex10= {62??6f??64??79??20??6f??6e??63??6f??6e??74??65??78??74??6d??65??6e??75??3d??0a??} \n \t\t $hex11= {62??6f??64??79??3e??0a??} \n \t\t $hex12= {62??72??3e??0a??} \n \t\t $hex13= {65??6d??79??53??74??6f??72??79??56??69??65??77??4d??6f??64??65??0a??} \n \t\t $hex14= {66??6f??6e??74??20??63??6f??6c??6f??72??3d??62??6c??75??65??3e??0a??} \n \t\t $hex15= {66??72??6d??43??68??61??72??61??63??74??65??72??41??64??6d??69??6e??0a??} \n \t\t $hex16= {68??74??74??70??3a??2f??2f??64??69??63??2e??6e??61??76??65??72??2e??63??6f??6d??2f??3f??66??72??6d??3d??6e??74??0a??} \n \t\t $hex17= {68??74??74??70??3a??2f??2f??73??65??61??72??63??68??2e??64??61??75??6d??2e??6e??65??74??2f??73??65??61??72??63??68??3f??} \n \t\t $hex18= {68??74??74??70??3a??2f??2f??75??6b??69??6e??6f??2e??63??6f??6d??0a??} \n \t\t $hex19= {68??74??74??70??3a??2f??2f??75??6b??69??6e??6f??2e??63??6f??6d??2f??0a??} \n \t\t $hex20= {68??74??74??70??3a??2f??2f??75??6b??69??6e??6f??2e??63??6f??6d??2f??64??72??65??61??6d??6e??6f??74??65??5f??6b??6f??72??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_b1a26fec4b71446f5f12ddfd7d714fb5d452ba065e768ead0ed22778b3d10645 Group", "expiration": null, "is_active": 1 }, { "id": 3409659513, "indicator": "71b999421e986c8c50737c4628adbc9a22b7cfb1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_4c5b1304aa255bb334e22ebd368ab9261532fa3dab2bb032ba634c2ea6db8999 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_4c5b1304aa255bb334e22ebd368ab9261532fa3dab2bb032ba634c2ea6db8999 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d580cab0c05dd78215fd6252934c240f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_4c5b1304aa255bb334e22ebd368ab9261532fa3dab2bb032ba634c2ea6db8999 Group", "expiration": null, "is_active": 1 }, { "id": 3409659514, "indicator": "a85607ad5722bb52b4bfdd84dc4826c1d06be974", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_2db8a9c401911c7317e8a89c35d979d0e8e9ba718ae13a0a0cfedd957654ec10 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_2db8a9c401911c7317e8a89c35d979d0e8e9ba718ae13a0a0cfedd957654ec10 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"043d308bfda76e35122567cf933e1b2a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Explorer\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??45??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_2db8a9c401911c7317e8a89c35d979d0e8e9ba718ae13a0a0cfedd957654ec10 Group", "expiration": null, "is_active": 1 }, { "id": 3409659515, "indicator": "4af76c1a645aa5c60253f107f2e9ce447b92e964", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9305008e17b0805118a6a9bb45493441\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"RZCMBOBX_DEVICE\" fullword wide \n \t\t $s2= \"RZCMBOBX_FIXEDPITCH\" fullword wide \n \t\t $s3= \"RZCMBOBX_PRINTER\" fullword wide \n \t\t $s4= \"RZCMBOBX_TRUETYPE\" fullword wide \n \t\t $s5= \"RZCMBOBX_TRUETYPEFIXED\" fullword wide \n \t\t $s6= \"RZCOMMON_CANCEL\" fullword wide \n \t\t $s7= \"RZCOMMON_HANDCURSOR\" fullword wide \n \t\t $s8= \"RZCOMMON_IGNORE\" fullword wide \n \t\t $s9= \"SBLEFT SBLEFTDIS\" fullword wide \n \t\t $s10= \"SBRIGHTDIS SBRIGHTDN\" fullword wide \n \t\t $s11= \"TRACK TRACKVERT\" fullword wide \n \t\t $s12= \"TRZFRMCUSTOMIZETOOLBAR\" fullword wide \n \n \t\t $hex1= {52??5a??43??4d??42??4f??42??58??5f??44??45??56??49??43??45??0a??} \n \t\t $hex2= {52??5a??43??4d??42??4f??42??58??5f??46??49??58??45??44??50??49??54??43??48??0a??} \n \t\t $hex3= {52??5a??43??4d??42??4f??42??58??5f??50??52??49??4e??54??45??52??0a??} \n \t\t $hex4= {52??5a??43??4d??42??4f??42??58??5f??54??52??55??45??54??59??50??45??0a??} \n \t\t $hex5= {52??5a??43??4d??42??4f??42??58??5f??54??52??55??45??54??59??50??45??46??49??58??45??44??0a??} \n \t\t $hex6= {52??5a??43??4f??4d??4d??4f??4e??5f??43??41??4e??43??45??4c??0a??} \n \t\t $hex7= {52??5a??43??4f??4d??4d??4f??4e??5f??48??41??4e??44??43??55??52??53??4f??52??0a??} \n \t\t $hex8= {52??5a??43??4f??4d??4d??4f??4e??5f??49??47??4e??4f??52??45??0a??} \n \t\t $hex9= {53??42??4c??45??46??54??20??53??42??4c??45??46??54??44??49??53??0a??} \n \t\t $hex10= {53??42??52??49??47??48??54??44??49??53??20??53??42??52??49??47??48??54??44??4e??0a??} \n \t\t $hex11= {54??52??41??43??4b??20??54??52??41??43??4b??56??45??52??54??0a??} \n \t\t $hex12= {54??52??5a??46??52??4d??43??55??53??54??4f??4d??49??5a??45??54??4f??4f??4c??42??41??52??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_d6684a4aff4f0706c5a9818fb0b1a5f52cb22531c88d416e5950e28b67adfbdd Group", "expiration": null, "is_active": 1 }, { "id": 3409659516, "indicator": "d81f877924a0bf5525979e5f6603668c5d80d2a7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_25cbd45f2510444f86b10507e2884888decee0a5bec4bbab073cc6a6840b3a86 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_25cbd45f2510444f86b10507e2884888decee0a5bec4bbab073cc6a6840b3a86 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"611c4440aa2587f54702e7e58b7be75f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ADKAppsOfferManager.dll\" fullword wide \n \t\t $s2= \"BitTorrent Inc.\" fullword wide \n \t\t $s3= \"BunndleOfferManager\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??44??4b??41??70??70??73??4f??66??66??65??72??4d??61??6e??61??67??65??72??2e??64??6c??6c??0a??} \n \t\t $hex2= {42??69??74??54??6f??72??72??65??6e??74??20??49??6e??63??2e??0a??} \n \t\t $hex3= {42??75??6e??6e??64??6c??65??4f??66??66??65??72??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_25cbd45f2510444f86b10507e2884888decee0a5bec4bbab073cc6a6840b3a86 Group", "expiration": null, "is_active": 1 }, { "id": 3409659517, "indicator": "93b12617a53a053c7f4eb334b0d60accb27086ce", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_276a6c74b79740aff136d8eebb1c78e7a5be438c454847832e9426a7be4fa6c0 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_276a6c74b79740aff136d8eebb1c78e7a5be438c454847832e9426a7be4fa6c0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-14-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a47f6878da6480089c2ff3bdddbd7104\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceKeyDrvClass\" fullword wide \n \t\t $s2= \"DosDevicesKeyDrvClass\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??4b??65??79??44??72??76??43??6c??61??73??73??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_276a6c74b79740aff136d8eebb1c78e7a5be438c454847832e9426a7be4fa6c0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659518, "indicator": "a98b3242e8ea59a9fdfe2e541dd5581feea206ac", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_1f7cc3f242a2e79ccf055b144551ef44b6ad9449222d950e9d9647fe27ee22fe { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_1f7cc3f242a2e79ccf055b144551ef44b6ad9449222d950e9d9647fe27ee22fe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"42a3bb917778454fa96034ad4fb17832\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_1f7cc3f242a2e79ccf055b144551ef44b6ad9449222d950e9d9647fe27ee22fe Group", "expiration": null, "is_active": 1 }, { "id": 3409659519, "indicator": "0adff89e2e29682c62b2d4790a272200b42b996c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_402557e597c5f93cb35055c43335be5e7ab9de9cb088f3cd003e204ada2fbfe2 { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_402557e597c5f93cb35055c43335be5e7ab9de9cb088f3cd003e204ada2fbfe2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3e38b8ccd38682ad4ec1f0fcfc1fb16a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_402557e597c5f93cb35055c43335be5e7ab9de9cb088f3cd003e204ada2fbfe2 Group", "expiration": null, "is_active": 1 }, { "id": 3409659520, "indicator": "e9540d5a940f3e18d8c60090a300db876af2cef2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Dark_Hotel_4620cffee4c6397fedce5caf41492622dfa5435c79ac91e300556a0af329402b { \n \tmeta: \n \t\t description= \"APTMalware_Dark_Hotel_4620cffee4c6397fedce5caf41492622dfa5435c79ac91e300556a0af329402b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"adab033d420206fcd2503643d443956e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Dark_Hotel_4620cffee4c6397fedce5caf41492622dfa5435c79ac91e300556a0af329402b Group", "expiration": null, "is_active": 1 }, { "id": 3409659521, "indicator": "e56838536b1459b0d18832ee61cd9966a32fd4d1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"44652b7ac9cabecbe34364dea33d09e3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_066346170856972f6769705bc6ff4ad21e88d2658b4cacea6f94564f1856ed18 Group", "expiration": null, "is_active": 1 }, { "id": 3409659522, "indicator": "bc19bb2d19fc4401c24812944ab7e9b20f0711e2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_c32277fba70c82b237a86e9b542eb11b2b49e4995817b7c2da3ef67f6a971d4a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c32277fba70c82b237a86e9b542eb11b2b49e4995817b7c2da3ef67f6a971d4a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0a9ae7fdcd9a9fe0d8c5c106e8940701\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Language Neutral\" fullword wide \n \t\t $s3= \"mbCONFTOOL Setup\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??61??6e??67??75??61??67??65??20??4e??65??75??74??72??61??6c??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {6d??62??43??4f??4e??46??54??4f??4f??4c??20??53??65??74??75??70??0a??} \n \t\t $hex5= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c32277fba70c82b237a86e9b542eb11b2b49e4995817b7c2da3ef67f6a971d4a Group", "expiration": null, "is_active": 1 }, { "id": 3409659523, "indicator": "940446a84239c2d13917a82642f5b5781678b34a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3a922a167415d3e5abcaca21f6de0b3a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"ogizni.ru/wp-includes/pomo/idx.php\" fullword wide \n \t\t $s6= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \t\t $hex6= {6f??67??69??7a??6e??69??2e??72??75??2f??77??70??2d??69??6e??63??6c??75??64??65??73??2f??70??6f??6d??6f??2f??69??64??78??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_6e5f4296bffa7128b6e8fa72ad1924d2ff19b9d64775bd1e0a9ce9c5944bd419 Group", "expiration": null, "is_active": 1 }, { "id": 3409659524, "indicator": "ba956e4c99b7b320d48e1e90fdd76722820a17a3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"71c097357affb0bcffcf6307a9f3d5b3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_f1d6e8b07ac486469e09c876c3e267db2b2d651299c87557cbf4eafb861cf79c Group", "expiration": null, "is_active": 1 }, { "id": 3409659525, "indicator": "210efd3f424d39701f04ef7fb4922b444c743246", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bda42195bd9bb32b50a88b6a31f9a1e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f021\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??31??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a3a6f0dc5558eb93afa98434020a8642f7b29c41d35fa34809d6801d99d8c4f3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659526, "indicator": "0a22b3d9d68e01ba4be06f59dc217ffc02f63f25", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7b28d8a54fc15a96b8da49dd3fcc1dae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f025\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??35??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_684ea2083f2f7099f0a611c81f26f30127ad297fcac8988cabb60fcf56979dfc Group", "expiration": null, "is_active": 1 }, { "id": 3409659527, "indicator": "c4a311e998090ed95b892506c7823f58f40470b0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b7a6f203da2a8fe289465c71351e029a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f020\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??30??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_cd019e717779e2d2b1f4c27f75e940b5f98d4ebb48de604a6cf2ab911220ae50 Group", "expiration": null, "is_active": 1 }, { "id": 3409659528, "indicator": "13faf8500d22dfe25dabf9ab6e971c9823a0f09b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cfceef37dd8338f11a022f9afce0c451\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{5673236F-11AD7654-C856}\" fullword wide \n \t\t $s2= \"{7653B4A-C5468-80D4}\" fullword wide \n \t\t $s3= \"Accept: text/xml\" fullword wide \n \t\t $s4= \"Connection: Keep-Alive\" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"{DFC4A5-89AC-C654}\" fullword wide \n \t\t $s8= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??3a??20??74??65??78??74??2f??78??6d??6c??0a??} \n \t\t $hex2= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??4b??65??65??70??2d??41??6c??69??76??65??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex4= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \t\t $hex6= {7b??35??36??37??33??32??33??36??46??2d??31??31??41??44??37??36??35??34??2d??43??38??35??36??7d??0a??} \n \t\t $hex7= {7b??37??36??35??33??42??34??41??2d??43??35??34??36??38??2d??38??30??44??34??7d??0a??} \n \t\t $hex8= {7b??44??46??43??34??41??35??2d??38??39??41??43??2d??43??36??35??34??7d??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_53d2a3324f276f29c749727c20708a3421a5144046ce14a8e025a8133316e0ac Group", "expiration": null, "is_active": 1 }, { "id": 3409659529, "indicator": "8de3ca2db097d62aef58ce6d312547d1592a97f4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d153b77e32901546849ec44a71227694\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c987f8433c663c9e8600a7016cdf63cd14590a019118c52238c24c39c9ec02ad Group", "expiration": null, "is_active": 1 }, { "id": 3409659530, "indicator": "4218352f4c0309c998a85d61f96d0d2525efc233", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d532eb6835126e53e7ae491ae29fd8b3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f022\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??32??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_da3c1a7b63a6a7cce0c9ef01cf95fd4a53ba913bab88a085c6b4b8e4ed40d916 Group", "expiration": null, "is_active": 1 }, { "id": 3409659531, "indicator": "e290a52c74254c0b36a794745f2b10ea958ff8c4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"875b0702ef3cc2d909ecf720bb4079c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: deflate\" fullword wide \n \t\t $s2= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s3= \"Connection: keep-alive\" fullword wide \n \t\t $s4= \"Content-Length: \" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??64??65??66??6c??61??74??65??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??4c??61??6e??67??75??61??67??65??3a??20??65??6e??2d??55??53??2c??65??6e??3b??71??3d??30??2e??} \n \t\t $hex3= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex4= {43??6f??6e??74??65??6e??74??2d??4c??65??6e??67??74??68??3a??0a??} \n \t\t $hex5= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex6= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex7= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_a8e6abaa0ddc34b9db6bda17b502be7f802fb880941ce2bd0473fd9569113599 Group", "expiration": null, "is_active": 1 }, { "id": 3409659532, "indicator": "0544c9e4112c290a7f4aba9c05a2e9d6ecf4a7ed", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"56fc63042b5539d9f2ab2fcfd01cf998\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f022\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??32??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_43608e60883304c1ea389c7bad244b86ff5ecf169c3b5bca517a6e7125325c7b Group", "expiration": null, "is_active": 1 }, { "id": 3409659533, "indicator": "51813f902c8d775f77e1e883634e886a374bb52f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"149d6631ad66a915ca64cb853487337e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f020\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??30??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2f593c22a8fd0de3bbb57d26320446a9c7eed755ae354957c260908c93d8cf79 Group", "expiration": null, "is_active": 1 }, { "id": 3409659534, "indicator": "0d53dbfbeb31fafb6086f57f3014a5ca247a8090", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8bf9eef3ae42ad998e7948035117c37a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d3ee530abe41705a819ee9220aebb3ba01531e16df7cded050ba2cf051940e46 Group", "expiration": null, "is_active": 1 }, { "id": 3409659535, "indicator": "c8c568b3e041b1eb3168233542e0edb0f0e7ad91", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"635821f2e915c3534d1865725b45af9a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f022\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??32??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_1ba99d553582cc6b6256276a35c2e996e83e11b39665523f0d798beb91392c90 Group", "expiration": null, "is_active": 1 }, { "id": 3409659536, "indicator": "4e1ad8c251cad1541080ec5ac5fd21079d8c18e3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"92f584ca90d0f242fecb14235c505119\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f021\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??31??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_edb7caa3dce3543d65f29e047ea789a9e429e46bed5c29c4748e656285a08050 Group", "expiration": null, "is_active": 1 }, { "id": 3409659537, "indicator": "a889f3ac1cabf269437f8e8d95ff6680dce3fedb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_0b74282d9c03affb25bbecf28d5155c582e246f0ce21be27b75504f1779707f5 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_0b74282d9c03affb25bbecf28d5155c582e246f0ce21be27b75504f1779707f5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1d6b11f85debdda27e873662e721289e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"German (Germany)\" fullword wide \n \t\t $s3= \"msctls_progress32\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {47??65??72??6d??61??6e??20??28??47??65??72??6d??61??6e??79??29??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_0b74282d9c03affb25bbecf28d5155c582e246f0ce21be27b75504f1779707f5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659538, "indicator": "20ef863267da375709b3657bd0f83a9de0244d04", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_022da314d1439f779364aba958d51b119ac5fda07aac8f5ced77146dbf40c8ac { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_022da314d1439f779364aba958d51b119ac5fda07aac8f5ced77146dbf40c8ac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"93f121983ec74731c3af1f966395ded8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \".36 Safari/525.19\" fullword wide \n \t\t $s2= \".com/modules/mod_se\" fullword wide \n \t\t $s3= \"h/modules/Statistics/so\" fullword wide \n \t\t $s4= \"rch/src.php?id=\" fullword wide \n \t\t $s5= \"SoftwareMicrosoftInternet Explo\" fullword wide \n \t\t $s6= \"SoftwareMicrosoftW\" fullword wide \n \n \t\t $hex1= {2e??33??36??20??53??61??66??61??72??69??2f??35??32??35??2e??31??39??0a??} \n \t\t $hex2= {2e??63??6f??6d??2f??6d??6f??64??75??6c??65??73??2f??6d??6f??64??5f??73??65??0a??} \n \t\t $hex3= {53??6f??66??74??77??61??72??65??4d??69??63??72??6f??73??6f??66??74??49??6e??74??65??72??6e??65??74??20??45??78??70??6c??} \n \t\t $hex4= {53??6f??66??74??77??61??72??65??4d??69??63??72??6f??73??6f??66??74??57??0a??} \n \t\t $hex5= {68??2f??6d??6f??64??75??6c??65??73??2f??53??74??61??74??69??73??74??69??63??73??2f??73??6f??0a??} \n \t\t $hex6= {72??63??68??2f??73??72??63??2e??70??68??70??3f??69??64??3d??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_022da314d1439f779364aba958d51b119ac5fda07aac8f5ced77146dbf40c8ac Group", "expiration": null, "is_active": 1 }, { "id": 3409659539, "indicator": "4e65a175c24ffcbb3ed40ec17beab8f88b5c933b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-13-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a35fea299b2ec9b16bce86f01a1ba38\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"{5673236F-11AD7654-C856}\" fullword wide \n \t\t $s2= \"{7653B4A-C5468-80D4}\" fullword wide \n \t\t $s3= \"Accept: text/xml\" fullword wide \n \t\t $s4= \"Connection: Keep-Alive\" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"{DFC4A5-89AC-C654}\" fullword wide \n \t\t $s8= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??3a??20??74??65??78??74??2f??78??6d??6c??0a??} \n \t\t $hex2= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??4b??65??65??70??2d??41??6c??69??76??65??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex4= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \t\t $hex6= {7b??35??36??37??33??32??33??36??46??2d??31??31??41??44??37??36??35??34??2d??43??38??35??36??7d??0a??} \n \t\t $hex7= {7b??37??36??35??33??42??34??41??2d??43??35??34??36??38??2d??38??30??44??34??7d??0a??} \n \t\t $hex8= {7b??44??46??43??34??41??35??2d??38??39??41??43??2d??43??36??35??34??7d??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_dc75404b6fc8cdb73258c2cc7bc758347ffb4237c8d18222f3489dc303daf989 Group", "expiration": null, "is_active": 1 }, { "id": 3409659540, "indicator": "5747d0a390ab07f99479780c0444e3bb35b51b7a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2ad96c6eced12e76c45ac0e81cb7a526\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_fd689fcdcef0f1198b9c778b4d93adfbf6e80118733c94e61a450aeb701750b4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659541, "indicator": "f5cb48c3223123ec9843f41463d4bd3f79358d90", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0c3ae22a2b7c196cea3b0a46c720c79f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ask.az/chat/cgi-bin/source.php\" fullword wide \n \t\t $s2= \"Control PanelInternational\" fullword wide \n \t\t $s3= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s4= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s5= \"httpshellopencommand\" fullword wide \n \t\t $s6= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {61??73??6b??2e??61??7a??2f??63??68??61??74??2f??63??67??69??2d??62??69??6e??2f??73??6f??75??72??63??65??2e??70??68??70??} \n \t\t $hex6= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_8e222cb1a831c407a3f6c7863f3faa6358b424e70a041c196e91fb7989735b68 Group", "expiration": null, "is_active": 1 }, { "id": 3409659542, "indicator": "5ce63eafc0c4f289b86239d8c64935e6b0ea3a52", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"36228593bb258ddd0a385dea5d770a8b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: deflate\" fullword wide \n \t\t $s2= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s3= \"Connection: keep-alive\" fullword wide \n \t\t $s4= \"Content-Length: \" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??64??65??66??6c??61??74??65??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??4c??61??6e??67??75??61??67??65??3a??20??65??6e??2d??55??53??2c??65??6e??3b??71??3d??30??2e??} \n \t\t $hex3= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex4= {43??6f??6e??74??65??6e??74??2d??4c??65??6e??67??74??68??3a??0a??} \n \t\t $hex5= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex6= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex7= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_387d4ea82c51ecda162a3ffd68a3aca5a21a20a46dc08a0ebe51b03b7984abe9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659608, "indicator": "c5d03f78580b7ff232a7ccfa80628569776d5182", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"471896be829b9a48a1256d2e65b66282\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_bee9f2a01e0049d4cf94016284b16849136233366d1509489797084672e5448f Group", "expiration": null, "is_active": 1 }, { "id": 3409659609, "indicator": "4e4b347615aad75e93d4ab40de045a20996d0e80", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_70103c1078d6eb28b665a89ad0b3d11c1cbca61a05a18f87f6a16c79b501dfa9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_70103c1078d6eb28b665a89ad0b3d11c1cbca61a05a18f87f6a16c79b501dfa9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eb0dacdc8b346f44c8c370408bad4306\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"August September\" fullword wide \n \t\t $s2= \"eCatcher 4.0.0.13073\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Invalid filename\" fullword wide \n \t\t $s5= \"msctls_progress32\" fullword wide \n \t\t $s6= \"Privileged instruction\" fullword wide \n \t\t $s7= \"Tuesday Wednesday\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {50??72??69??76??69??6c??65??67??65??64??20??69??6e??73??74??72??75??63??74??69??6f??6e??0a??} \n \t\t $hex5= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {65??43??61??74??63??68??65??72??20??34??2e??30??2e??30??2e??31??33??30??37??33??0a??} \n \t\t $hex8= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_70103c1078d6eb28b665a89ad0b3d11c1cbca61a05a18f87f6a16c79b501dfa9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659610, "indicator": "3407eb64df187bb4d8c0d1e9d7e370c392ad6871", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"be30d12507c220c2c0944ad0623a02e6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_2dc296eb532097ac1808df7a16f7740ef8771afda3ac339d144d710f9cefceb4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659611, "indicator": "da5d1627ada31c63201162d11473c8e5221a9801", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7218f41670107e58971223c9880923ca\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_dc612882987fab581155466810f87fd8f0f2da5c61ad8fc618cef903c9650fcd Group", "expiration": null, "is_active": 1 }, { "id": 3409659612, "indicator": "a378f98d774070f0ab7128f7b2a723a38e94d906", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c839220da67b00963276d95cafe176c1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f022\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??32??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_98bd5e8353bc9b70f8a52786365bcdb28bd3aef164d62c38dae8df33e04ac11a Group", "expiration": null, "is_active": 1 }, { "id": 3409659613, "indicator": "de229626c7e50f4d2f3da6ea99133c5e78d37c6a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3f1fe2e5b3b8aac8f86d7363b92c71e0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: deflate\" fullword wide \n \t\t $s2= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s3= \"Connection: keep-alive\" fullword wide \n \t\t $s4= \"Content-Length: \" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??64??65??66??6c??61??74??65??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??4c??61??6e??67??75??61??67??65??3a??20??65??6e??2d??55??53??2c??65??6e??3b??71??3d??30??2e??} \n \t\t $hex3= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex4= {43??6f??6e??74??65??6e??74??2d??4c??65??6e??67??74??68??3a??0a??} \n \t\t $hex5= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex6= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex7= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df Group", "expiration": null, "is_active": 1 }, { "id": 3409659614, "indicator": "98443a02a390e5bf3635cc89f312b380ecae0db2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2b846203387b5d3985d7cd7e5b08ada4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_c25c1455dcab2f17fd6a25f8af2f09ca31c8d3773de1cb2a55acd7aeaa6963c8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659615, "indicator": "02784dff870691787861c9bbc09365d5535f4ac1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2e39e7bd5d566893fe3df0c7e145d83a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_778568b44e13751800bf66c17606dfdfe35bebbb94c8e6e2a2549c7482c33f7a Group", "expiration": null, "is_active": 1 }, { "id": 3409659616, "indicator": "82403c5a1b668d95e6a684b91ac5549cd85d335c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"106d5c778fdb6cc9ae4c4e57c4adabc5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Encoding: deflate\" fullword wide \n \t\t $s2= \"Accept-Language: en-US,en;q=0.5\" fullword wide \n \t\t $s3= \"Connection: keep-alive\" fullword wide \n \t\t $s4= \"Content-Length: \" fullword wide \n \t\t $s5= \"Control PanelInternational\" fullword wide \n \t\t $s6= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s7= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??64??65??66??6c??61??74??65??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??4c??61??6e??67??75??61??67??65??3a??20??65??6e??2d??55??53??2c??65??6e??3b??71??3d??30??2e??} \n \t\t $hex3= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex4= {43??6f??6e??74??65??6e??74??2d??4c??65??6e??67??74??68??3a??0a??} \n \t\t $hex5= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex6= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex7= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_31488f632f5f7d3ec0ea82eab1f9baba16826967c3a6fa141069ef5453b1eb95 Group", "expiration": null, "is_active": 1 }, { "id": 3409659617, "indicator": "c3b7b7ff16606bab9b5ec708e55d6d07030bd2f1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"418bfc05240ec86b91181f38bd751ccb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept: text/xml\" fullword wide \n \t\t $s2= \"Connection: Keep-Alive\" fullword wide \n \t\t $s3= \"Content-Length: \" fullword wide \n \t\t $s4= \"Control PanelInternational\" fullword wide \n \t\t $s5= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s6= \"httpshellopencommand\" fullword wide \n \n \t\t $hex1= {41??63??63??65??70??74??3a??20??74??65??78??74??2f??78??6d??6c??0a??} \n \t\t $hex2= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??4b??65??65??70??2d??41??6c??69??76??65??0a??} \n \t\t $hex3= {43??6f??6e??74??65??6e??74??2d??4c??65??6e??67??74??68??3a??0a??} \n \t\t $hex4= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex5= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex6= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659618, "indicator": "d4b9714ded110e557641aa575809090074c0769d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d { \n \tmeta: \n \t\t description= \"APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eb883545fb2757a875b192779d06b0c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Control PanelInternational\" fullword wide \n \t\t $s2= \"Control PanelInternationalGeo\" fullword wide \n \t\t $s3= \"HARDWAREDESCRIPTIONSystem\" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"\\\\.pipemypype-f024\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??6d??79??70??79??70??65??2d??66??30??32??34??0a??} \n \t\t $hex2= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??0a??} \n \t\t $hex3= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??49??6e??74??65??72??6e??61??74??69??6f??6e??61??6c??47??65??6f??0a??} \n \t\t $hex4= {48??41??52??44??57??41??52??45??44??45??53??43??52??49??50??54??49??4f??4e??53??79??73??74??65??6d??0a??} \n \t\t $hex5= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Energetic_Bear_9d530e2254580842574a740698d2348b68b46fd88312c9325321ad0d986f523d Group", "expiration": null, "is_active": 1 }, { "id": 1593573349, "indicator": "776c04a10bdeec9c10f51632a589e2c52aabdf48", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 8cb08140ddb00ac373d29d37657a03cc", "expiration": null, "is_active": 1 }, { "id": 2661577, "indicator": "690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 8cb08140ddb00ac373d29d37657a03cc", "expiration": null, "is_active": 1 }, { "id": 3409659619, "indicator": "9b723056b137f3284d0bfabc2d0e3b8cbf4a3749", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8cb08140ddb00ac373d29d37657a03cc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%.4d%.2d%.2d%.2d%.2d%.2d%.4d\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"S-1-5-21-1315235578-283289242\" fullword wide \n \t\t $s7= \"USBGuard Service\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??2e??34??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??34??64??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??2d??31??2d??35??2d??32??31??2d??31??33??31??35??32??33??35??35??37??38??2d??32??38??33??32??38??39??32??34??32??0a??} \n \t\t $hex7= {55??53??42??47??75??61??72??64??20??53??65??72??76??69??63??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_28_690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527 Group", "expiration": null, "is_active": 1 }, { "id": 3409659620, "indicator": "e6abb4433f77d1733594d6c701966a01d6fba5da", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"aa3e6af90c144112a1ad0c19bdf873ff\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a Group", "expiration": null, "is_active": 1 }, { "id": 623612329, "indicator": "51ae516792570bcd069a657c27859cd3fdc07d00", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Broban-AE\\ [Trj]", "description": "SHA1 of 66b4fb539806ce27be184b6735584339", "expiration": null, "is_active": 1 }, { "id": 886453239, "indicator": "11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Broban-AE\\ [Trj]", "description": "SHA256 of 66b4fb539806ce27be184b6735584339", "expiration": null, "is_active": 1 }, { "id": 3409659621, "indicator": "e80251dd9a6d8192246263a843d05c7d0f893b45", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"66b4fb539806ce27be184b6735584339\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Assertion failed\" fullword wide \n \t\t $s3= \"August September\" fullword wide \n \t\t $s4= \"Connection refused.\" fullword wide \n \t\t $s5= \"Enhanced Metafiles\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"Host unreachable.\" fullword wide \n \t\t $s8= \"Invalid argument\" fullword wide \n \t\t $s9= \"Invalid argument.\" fullword wide \n \t\t $s10= \"Invalid filename\" fullword wide \n \t\t $s11= \"Invalid ImageList\" fullword wide \n \t\t $s12= \"IPv6 unavailable\" fullword wide \n \t\t $s13= \"LegalTrademarks\" fullword wide \n \t\t $s14= \"Network unreachable.\" fullword wide \n \t\t $s15= \"OriginalFilename\" fullword wide \n \t\t $s16= \"Tuesday Wednesday\" fullword wide \n \t\t $s17= \"Unsupported operation.\" fullword wide \n \t\t $s18= \"Variant overflow\" fullword wide \n \t\t $s19= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex3= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??20??72??65??66??75??73??65??64??2e??0a??} \n \t\t $hex5= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {48??6f??73??74??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex8= {49??50??76??36??20??75??6e??61??76??61??69??6c??61??62??6c??65??0a??} \n \t\t $hex9= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex14= {4e??65??74??77??6f??72??6b??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex15= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex17= {55??6e??73??75??70??70??6f??72??74??65??64??20??6f??70??65??72??61??74??69??6f??6e??2e??0a??} \n \t\t $hex18= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex19= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_28_11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226 Group", "expiration": null, "is_active": 1 }, { "id": 1277081, "indicator": "499ff777c88aeacbbaa47edde183c944ac7e91d2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of ea726d3e8f6516807366584f3c5b5e2a", "expiration": null, "is_active": 1 }, { "id": 2661594, "indicator": "82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of ea726d3e8f6516807366584f3c5b5e2a", "expiration": null, "is_active": 1 }, { "id": 3409659622, "indicator": "c858cf1bd2784df09adf82777885dd91f8d644af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ea726d3e8f6516807366584f3c5b5e2a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ALLUSERSPROFILE\" fullword wide \n \t\t $s2= \"apiwin_v1.0.bat\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"unsuccess : \" fullword wide \n \t\t $s6= \"UserInitMprLogonScript\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??4c??4c??55??53??45??52??53??50??52??4f??46??49??4c??45??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {55??73??65??72??49??6e??69??74??4d??70??72??4c??6f??67??6f??6e??53??63??72??69??70??74??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {61??70??69??77??69??6e??5f??76??31??2e??30??2e??62??61??74??0a??} \n \t\t $hex7= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659623, "indicator": "4c5813419d9f2ad4ceb84b43a7ef8df643982a1c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"272f0fde35dbdfccbca1e33373b3570d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f Group", "expiration": null, "is_active": 1 }, { "id": 363480, "indicator": "d0db619a7a160949528d46d20fc0151bf9775c32", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of ee64d3273f9b4d80020c24edcbbf961e", "expiration": null, "is_active": 1 }, { "id": 2661607, "indicator": "e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of ee64d3273f9b4d80020c24edcbbf961e", "expiration": null, "is_active": 1 }, { "id": 3409659624, "indicator": "58e8d70e3e7a0f515ea725f53e5ed6534311ef55", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ee64d3273f9b4d80020c24edcbbf961e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ALLUSERSPROFILE\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??4c??4c??55??53??45??52??53??50??52??4f??46??49??4c??45??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81 Group", "expiration": null, "is_active": 1 }, { "id": 3409659625, "indicator": "fd546f5ff948e525d572c68e084ea3bea4e8fe19", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9e7053a4b6c9081220a694ec93211b4e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s3= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s4= \"Connection: keep-alive\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex3= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex5= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 Group", "expiration": null, "is_active": 1 }, { "id": 3409659626, "indicator": "9b5d4eeb51a8b789a7d5d7bd152205f7ff67c082", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"953c7321c4959655fdd53302550ce02d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.1.1101.87912\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??31??2e??31??2e??31??31??30??31??2e??38??37??39??31??32??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_e5d5a6fa74c229d81cb64781556b61ed0148c50c089ea638e7761bf97fe46d40 Group", "expiration": null, "is_active": 1 }, { "id": 3409659627, "indicator": "271866a37846de055dc4162fa5888e2ddd373582", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1d1287d4a3ba5d02cca91f51863db738\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2_wsopen_nolock\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s4= \"Assertion Failed\" fullword wide \n \t\t $s5= \"Assertion failed!\" fullword wide \n \t\t $s6= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s7= \"Connection: keep-alive\" fullword wide \n \t\t $s8= \"__copy_path_to_wide_string\" fullword wide \n \t\t $s9= \"_CrtCheckMemory()\" fullword wide \n \t\t $s10= \"_CrtIsValidHeapPointer(pUserData)\" fullword wide \n \t\t $s11= \"_CrtMemCheckpoint\" fullword wide \n \t\t $s12= \".__crtMessageWindowA\" fullword wide \n \t\t $s13= \"__crtMessageWindowW\" fullword wide \n \t\t $s14= \"_fread_nolock_s\" fullword wide \n \t\t $s15= \"_get_daylight(&daylight)\" fullword wide \n \t\t $s16= \"_get_dstbias(&dstbias)\" fullword wide \n \t\t $s17= \"_get_fmode(&fmode)\" fullword wide \n \t\t $s18= \"_get_timezone(&timezone)\" fullword wide \n \t\t $s19= \"_isindst_nolock\" fullword wide \n \t\t $s20= \"isleadbyte(_dbcsBuffer(fh))\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {2e??5f??5f??63??72??74??4d??65??73??73??61??67??65??57??69??6e??64??6f??77??41??0a??} \n \t\t $hex3= {32??5f??77??73??6f??70??65??6e??5f??6e??6f??6c??6f??63??6b??0a??} \n \t\t $hex4= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex5= {41??73??73??65??72??74??69??6f??6e??20??46??61??69??6c??65??64??0a??} \n \t\t $hex6= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??21??0a??} \n \t\t $hex7= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex8= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex9= {5f??43??72??74??43??68??65??63??6b??4d??65??6d??6f??72??79??28??29??0a??} \n \t\t $hex10= {5f??43??72??74??49??73??56??61??6c??69??64??48??65??61??70??50??6f??69??6e??74??65??72??28??70??55??73??65??72??44??61??} \n \t\t $hex11= {5f??43??72??74??4d??65??6d??43??68??65??63??6b??70??6f??69??6e??74??0a??} \n \t\t $hex12= {5f??5f??63??6f??70??79??5f??70??61??74??68??5f??74??6f??5f??77??69??64??65??5f??73??74??72??69??6e??67??0a??} \n \t\t $hex13= {5f??5f??63??72??74??4d??65??73??73??61??67??65??57??69??6e??64??6f??77??57??0a??} \n \t\t $hex14= {5f??66??72??65??61??64??5f??6e??6f??6c??6f??63??6b??5f??73??0a??} \n \t\t $hex15= {5f??67??65??74??5f??64??61??79??6c??69??67??68??74??28??26??64??61??79??6c??69??67??68??74??29??0a??} \n \t\t $hex16= {5f??67??65??74??5f??64??73??74??62??69??61??73??28??26??64??73??74??62??69??61??73??29??0a??} \n \t\t $hex17= {5f??67??65??74??5f??66??6d??6f??64??65??28??26??66??6d??6f??64??65??29??0a??} \n \t\t $hex18= {5f??67??65??74??5f??74??69??6d??65??7a??6f??6e??65??28??26??74??69??6d??65??7a??6f??6e??65??29??0a??} \n \t\t $hex19= {5f??69??73??69??6e??64??73??74??5f??6e??6f??6c??6f??63??6b??0a??} \n \t\t $hex20= {69??73??6c??65??61??64??62??79??74??65??28??5f??64??62??63??73??42??75??66??66??65??72??28??66??68??29??29??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_28_4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b Group", "expiration": null, "is_active": 1 }, { "id": 1072755, "indicator": "4c9c7c4fd83edaf7ec80687a7a957826de038dd7", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 0eefeaf2fb78ebc49e7beba505da273d", "expiration": null, "is_active": 1 }, { "id": 2661553, "indicator": "6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 0eefeaf2fb78ebc49e7beba505da273d", "expiration": null, "is_active": 1 }, { "id": 3409659628, "indicator": "1bd2a9c1e1da605c5fcdb934c445924381784cae", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-12-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0eefeaf2fb78ebc49e7beba505da273d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ConsentPromptBehaviorAdmin\" fullword wide \n \t\t $s2= \"c:programdatausersinit.exe\" fullword wide \n \t\t $s3= \"PromptOnSecureDesktop\" fullword wide \n \t\t $s4= \"%sSysWOW64sdbinst.exe\" fullword wide \n \t\t $s5= \"%sSysWOW64wusa.exe\" fullword wide \n \n \t\t $hex1= {25??73??53??79??73??57??4f??57??36??34??73??64??62??69??6e??73??74??2e??65??78??65??0a??} \n \t\t $hex2= {25??73??53??79??73??57??4f??57??36??34??77??75??73??61??2e??65??78??65??0a??} \n \t\t $hex3= {43??6f??6e??73??65??6e??74??50??72??6f??6d??70??74??42??65??68??61??76??69??6f??72??41??64??6d??69??6e??0a??} \n \t\t $hex4= {50??72??6f??6d??70??74??4f??6e??53??65??63??75??72??65??44??65??73??6b??74??6f??70??0a??} \n \t\t $hex5= {63??3a??70??72??6f??67??72??61??6d??64??61??74??61??75??73??65??72??73??69??6e??69??74??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659629, "indicator": "181de8492912bd2c2edb253fbd78e2b4bfa24838", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9d1a09bb98bf1ee31f390b60b0cf724d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.0.4421.4331splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corp.\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"RegisterServiceCtrlHandler\" fullword wide \n \t\t $s6= \"StartServiceCtrlDispatcher\" fullword wide \n \t\t $s7= \"unsuccess : \" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??30??2e??34??34??32??31??2e??34??33??33??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {52??65??67??69??73??74??65??72??53??65??72??76??69??63??65??43??74??72??6c??48??61??6e??64??6c??65??72??0a??} \n \t\t $hex6= {53??74??61??72??74??53??65??72??76??69??63??65??43??74??72??6c??44??69??73??70??61??74??63??68??65??72??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_28_dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d Group", "expiration": null, "is_active": 1 }, { "id": 3409659630, "indicator": "e9016dbae9cca5627e73ddf820506d5e35b3dbe7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"48656a93f9ba39410763a2196aabc67f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 Group", "expiration": null, "is_active": 1 }, { "id": 3409659631, "indicator": "025ec292331102fe0f9646a34dc3fb6cf509fcbb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3b0ecd011500f61237c205834db0e13a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965 Group", "expiration": null, "is_active": 1 }, { "id": 3409659632, "indicator": "353caa22e830adf69499e487f4f6bef10e811d30", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"607a7401962eaf78b93676c9f5ca6a26\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreateTree.dll\" fullword wide \n \t\t $s2= \"DosDevicesdfsflt\" fullword wide \n \t\t $s3= \"FsFltParametersc1\" fullword wide \n \t\t $s4= \"FsFltParametersc3\" fullword wide \n \t\t $s5= \"PLATFORMTARGETS\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"WSystem32sysprep\" fullword wide \n \n \t\t $hex1= {43??72??65??61??74??65??54??72??65??65??2e??64??6c??6c??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??64??66??73??66??6c??74??0a??} \n \t\t $hex3= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??31??0a??} \n \t\t $hex4= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??33??0a??} \n \t\t $hex5= {50??4c??41??54??46??4f??52??4d??54??41??52??47??45??54??53??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {57??53??79??73??74??65??6d??33??32??73??79??73??70??72??65??70??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587 Group", "expiration": null, "is_active": 1 }, { "id": 3409659633, "indicator": "ed6292ee1a6aadbb32940caa7aa3e0822eb964e1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19172b9210295518ca52e93a29cfe8f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s3= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s4= \"Connection: keep-alive\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex3= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex5= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f Group", "expiration": null, "is_active": 1 }, { "id": 3409659634, "indicator": "215c104332d426dffac242d2253c0057173fc39f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"404eb3f7554392e85e56aed414db8455\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.0.4621.4331splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"unsuccess : \" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??31??2e??30??2e??34??36??32??31??2e??34??33??33??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24 Group", "expiration": null, "is_active": 1 }, { "id": 3409659635, "indicator": "4c527c698948bda3117c7386f07f3705d3f21dd9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1c6f8eba504f2f429abf362626545c79\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"Secure Connector\" fullword wide \n \t\t $s4= \"SecureConnector\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {53??65??63??75??72??65??20??43??6f??6e??6e??65??63??74??6f??72??0a??} \n \t\t $hex4= {53??65??63??75??72??65??43??6f??6e??6e??65??63??74??6f??72??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_3ac11a74275725a22c233cd974229d2b167c336da667410f7262b4926dabd31b Group", "expiration": null, "is_active": 1 }, { "id": 3409659636, "indicator": "6785202d74866a57ff2a6114cdb5cef1c8edeeb1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"94ebc9ef5565f98b1aa1e97c6d35c2e0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&as_dt=e&as_oq=\" fullword wide \n \t\t $s2= \"&as_dt=i&as_oq=\" fullword wide \n \t\t $s3= \"http://intelmeserver.com/\" fullword wide \n \t\t $s4= \"PLATFORMTARGETS\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??61??73??5f??64??74??3d??65??26??61??73??5f??6f??71??3d??0a??} \n \t\t $hex2= {26??61??73??5f??64??74??3d??69??26??61??73??5f??6f??71??3d??0a??} \n \t\t $hex3= {50??4c??41??54??46??4f??52??4d??54??41??52??47??45??54??53??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??69??6e??74??65??6c??6d??65??73??65??72??76??65??72??2e??63??6f??6d??2f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d Group", "expiration": null, "is_active": 1 }, { "id": 1593573340, "indicator": "cf3220c867b81949d1ce2b36446642de7894c6dc", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 5882fda97fdf78b47081cc4105d44f7c", "expiration": null, "is_active": 1 }, { "id": 2326518, "indicator": "744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 5882fda97fdf78b47081cc4105d44f7c", "expiration": null, "is_active": 1 }, { "id": 3409659710, "indicator": "e4f6446c973506d9ca00caea9314df49c694e06a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5882fda97fdf78b47081cc4105d44f7c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39 Group", "expiration": null, "is_active": 1 }, { "id": 3409659711, "indicator": "2d569fa1feb3fcc11f64ffa21429f36161e442d1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_8646a5330f516adce0c05ad019cf041cf79c1ca069048c3f8db94dcbdb00c408 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_8646a5330f516adce0c05ad019cf041cf79c1ca069048c3f8db94dcbdb00c408 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"02b79c468c38c4312429a499fa4f6c81\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.1.1101.87912\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??31??2e??31??2e??31??31??30??31??2e??38??37??39??31??32??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_8646a5330f516adce0c05ad019cf041cf79c1ca069048c3f8db94dcbdb00c408 Group", "expiration": null, "is_active": 1 }, { "id": 1593573348, "indicator": "3e2e245b635b04f006a0044388bd968df9c3238c", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of ce151285e8f0e7b2b90162ba171a4b90\nSHA1 of ce151285e8f0e7b2b90162ba171a4b90", "expiration": null, "is_active": 1 }, { "id": 2661633, "indicator": "4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of ce151285e8f0e7b2b90162ba171a4b90\nSHA256 of ce151285e8f0e7b2b90162ba171a4b90", "expiration": null, "is_active": 1 }, { "id": 3409659712, "indicator": "d184adbddb25d934c65fc1ea6f0cbb6c9b6f95b7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ce151285e8f0e7b2b90162ba171a4b90\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%.4d%.2d%.2d%.2d%.2d%.2d%.2d%.4d\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Intel Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??2e??34??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??32??64??25??2e??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??74??65??6c??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659713, "indicator": "39ce49b863d47ff23a9032579c6cc7baf460b451", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"991ffdbf860756a4589164de26dd7ccf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AppPatchCustom*.sdb\" fullword wide \n \t\t $s2= \"ConsentPromptBehaviorAdmin\" fullword wide \n \t\t $s3= \"FsFltParametersc1\" fullword wide \n \t\t $s4= \"FsFltParametersc3\" fullword wide \n \t\t $s5= \"PLATFORMTARGETS\" fullword wide \n \t\t $s6= \"PromptOnSecureDesktop\" fullword wide \n \t\t $s7= \"SeLoadDriverPrivilege\" fullword wide \n \t\t $s8= \"%sSystem32sdbinst.exe\" fullword wide \n \t\t $s9= \"%sSystem32wusa.exe\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??73??53??79??73??74??65??6d??33??32??73??64??62??69??6e??73??74??2e??65??78??65??0a??} \n \t\t $hex2= {25??73??53??79??73??74??65??6d??33??32??77??75??73??61??2e??65??78??65??0a??} \n \t\t $hex3= {41??70??70??50??61??74??63??68??43??75??73??74??6f??6d??2a??2e??73??64??62??0a??} \n \t\t $hex4= {43??6f??6e??73??65??6e??74??50??72??6f??6d??70??74??42??65??68??61??76??69??6f??72??41??64??6d??69??6e??0a??} \n \t\t $hex5= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??31??0a??} \n \t\t $hex6= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??33??0a??} \n \t\t $hex7= {50??4c??41??54??46??4f??52??4d??54??41??52??47??45??54??53??0a??} \n \t\t $hex8= {50??72??6f??6d??70??74??4f??6e??53??65??63??75??72??65??44??65??73??6b??74??6f??70??0a??} \n \t\t $hex9= {53??65??4c??6f??61??64??44??72??69??76??65??72??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex10= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_28_44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2 Group", "expiration": null, "is_active": 1 }, { "id": 3409659714, "indicator": "03a9a47e326490786db9c5d9d7e3df632f28651d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a24552843b9fedd7d0084e1eb1dd6e35\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e Group", "expiration": null, "is_active": 1 }, { "id": 3409659715, "indicator": "91187e239aa70b4cf88d21b6b5a9a9a5b6360afb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"672b8d14d1d3e97c24baf69d50937afc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s3= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s4= \"Connection: keep-alive\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex3= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex5= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5 Group", "expiration": null, "is_active": 1 }, { "id": 3409659716, "indicator": "922ab285440b501848d376bc849a4d5de7c2ecf1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac3e087e43be67bdc674747c665b46c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s3= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s4= \"Connection: keep-alive\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex3= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex5= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3 Group", "expiration": null, "is_active": 1 }, { "id": 3409659717, "indicator": "1ea1abae0bbeb2871067fc44ac745e3535bdb2fd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-11-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b2dc7c29cbf8d71d1dd57b474f1e04b9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2_wsopen_nolock\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s4= \"Assertion Failed\" fullword wide \n \t\t $s5= \"Assertion failed!\" fullword wide \n \t\t $s6= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s7= \"Connection: keep-alive\" fullword wide \n \t\t $s8= \"__copy_path_to_wide_string\" fullword wide \n \t\t $s9= \"_CrtCheckMemory()\" fullword wide \n \t\t $s10= \"_CrtIsValidHeapPointer(pUserData)\" fullword wide \n \t\t $s11= \"_CrtMemCheckpoint\" fullword wide \n \t\t $s12= \".__crtMessageWindowA\" fullword wide \n \t\t $s13= \"__crtMessageWindowW\" fullword wide \n \t\t $s14= \"_fread_nolock_s\" fullword wide \n \t\t $s15= \"_get_daylight(&daylight)\" fullword wide \n \t\t $s16= \"_get_dstbias(&dstbias)\" fullword wide \n \t\t $s17= \"_get_fmode(&fmode)\" fullword wide \n \t\t $s18= \"_get_timezone(&timezone)\" fullword wide \n \t\t $s19= \"_isindst_nolock\" fullword wide \n \t\t $s20= \"isleadbyte(_dbcsBuffer(fh))\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {2e??5f??5f??63??72??74??4d??65??73??73??61??67??65??57??69??6e??64??6f??77??41??0a??} \n \t\t $hex3= {32??5f??77??73??6f??70??65??6e??5f??6e??6f??6c??6f??63??6b??0a??} \n \t\t $hex4= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex5= {41??73??73??65??72??74??69??6f??6e??20??46??61??69??6c??65??64??0a??} \n \t\t $hex6= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??21??0a??} \n \t\t $hex7= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex8= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex9= {5f??43??72??74??43??68??65??63??6b??4d??65??6d??6f??72??79??28??29??0a??} \n \t\t $hex10= {5f??43??72??74??49??73??56??61??6c??69??64??48??65??61??70??50??6f??69??6e??74??65??72??28??70??55??73??65??72??44??61??} \n \t\t $hex11= {5f??43??72??74??4d??65??6d??43??68??65??63??6b??70??6f??69??6e??74??0a??} \n \t\t $hex12= {5f??5f??63??6f??70??79??5f??70??61??74??68??5f??74??6f??5f??77??69??64??65??5f??73??74??72??69??6e??67??0a??} \n \t\t $hex13= {5f??5f??63??72??74??4d??65??73??73??61??67??65??57??69??6e??64??6f??77??57??0a??} \n \t\t $hex14= {5f??66??72??65??61??64??5f??6e??6f??6c??6f??63??6b??5f??73??0a??} \n \t\t $hex15= {5f??67??65??74??5f??64??61??79??6c??69??67??68??74??28??26??64??61??79??6c??69??67??68??74??29??0a??} \n \t\t $hex16= {5f??67??65??74??5f??64??73??74??62??69??61??73??28??26??64??73??74??62??69??61??73??29??0a??} \n \t\t $hex17= {5f??67??65??74??5f??66??6d??6f??64??65??28??26??66??6d??6f??64??65??29??0a??} \n \t\t $hex18= {5f??67??65??74??5f??74??69??6d??65??7a??6f??6e??65??28??26??74??69??6d??65??7a??6f??6e??65??29??0a??} \n \t\t $hex19= {5f??69??73??69??6e??64??73??74??5f??6e??6f??6c??6f??63??6b??0a??} \n \t\t $hex20= {69??73??6c??65??61??64??62??79??74??65??28??5f??64??62??63??73??42??75??66??66??65??72??28??66??68??29??29??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_28_c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca Group", "expiration": null, "is_active": 1 }, { "id": 3409659718, "indicator": "bbde92e73b037a33ff5a9e975de13ca8363ef2e3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9422ca55f7fca4449259d8878ede5e47\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"advstorshell.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {61??64??76??73??74??6f??72??73??68??65??6c??6c??2e??64??6c??6c??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659719, "indicator": "3e9db8e0fb31f6b4a2e4f4744613b0f255e29448", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ad44a7c5e18e9958dda66ccfc406cd44\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"-create-e4j-log\" fullword wide \n \t\t $s2= \"/create-e4j-log\" fullword wide \n \t\t $s3= \"&-create-i4j-log\" fullword wide \n \t\t $s4= \"/create-i4j-log\" fullword wide \n \t\t $s5= \"@MSG_ERROR_DIALOG_CAPTION@\" fullword wide \n \t\t $s6= \"@MSG_ERROR_DIALOG_OK@\" fullword wide \n \t\t $s7= \"@MSG_ERROR_DIALOG_TEXT@\" fullword wide \n \n \t\t $hex1= {26??2d??63??72??65??61??74??65??2d??69??34??6a??2d??6c??6f??67??0a??} \n \t\t $hex2= {2d??63??72??65??61??74??65??2d??65??34??6a??2d??6c??6f??67??0a??} \n \t\t $hex3= {2f??63??72??65??61??74??65??2d??65??34??6a??2d??6c??6f??67??0a??} \n \t\t $hex4= {2f??63??72??65??61??74??65??2d??69??34??6a??2d??6c??6f??67??0a??} \n \t\t $hex5= {40??4d??53??47??5f??45??52??52??4f??52??5f??44??49??41??4c??4f??47??5f??43??41??50??54??49??4f??4e??40??0a??} \n \t\t $hex6= {40??4d??53??47??5f??45??52??52??4f??52??5f??44??49??41??4c??4f??47??5f??4f??4b??40??0a??} \n \t\t $hex7= {40??4d??53??47??5f??45??52??52??4f??52??5f??44??49??41??4c??4f??47??5f??54??45??58??54??40??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659720, "indicator": "bedd227aa793cac187843506a62b6846f74ec45b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"26ac59dab32f6246e1ce3da7506d48fa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Accept-Language: en-us,en;q=0.5\" fullword wide \n \t\t $s2= \"adobeincorp.com\" fullword wide \n \t\t $s3= \"C:WindowsSystem32cmd.exe\" fullword wide \n \t\t $s4= \"edg6E85F98675.tmp\" fullword wide \n \t\t $s5= \"edg6EF885E2.tmp\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"\\\\.mailslotdns_check_mes_v47313\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"OriginalFilename\" fullword wide \n \t\t $s10= \"%szdg6E85F98675.tmp\" fullword wide \n \t\t $s11= \"%szdg6EF885E2.tmp\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \t\t $s13= \"webhp?rel=psy&hl=7&ai=\" fullword wide \n \n \t\t $hex1= {25??73??7a??64??67??36??45??38??35??46??39??38??36??37??35??2e??74??6d??70??0a??} \n \t\t $hex2= {25??73??7a??64??67??36??45??46??38??38??35??45??32??2e??74??6d??70??0a??} \n \t\t $hex3= {2e??6d??61??69??6c??73??6c??6f??74??64??6e??73??5f??63??68??65??63??6b??5f??6d??65??73??5f??76??34??37??33??31??33??0a??} \n \t\t $hex4= {41??63??63??65??70??74??2d??4c??61??6e??67??75??61??67??65??3a??20??65??6e??2d??75??73??2c??65??6e??3b??71??3d??30??2e??} \n \t\t $hex5= {43??3a??57??69??6e??64??6f??77??73??53??79??73??74??65??6d??33??32??63??6d??64??2e??65??78??65??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex10= {61??64??6f??62??65??69??6e??63??6f??72??70??2e??63??6f??6d??0a??} \n \t\t $hex11= {65??64??67??36??45??38??35??46??39??38??36??37??35??2e??74??6d??70??0a??} \n \t\t $hex12= {65??64??67??36??45??46??38??38??35??45??32??2e??74??6d??70??0a??} \n \t\t $hex13= {77??65??62??68??70??3f??72??65??6c??3d??70??73??79??26??68??6c??3d??37??26??61??69??3d??0a??} \n \n \tcondition: \n \t\t14 of them \n }", "title": "", "description": "APTMalware_APT_28_5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1 Group", "expiration": null, "is_active": 1 }, { "id": 363374, "indicator": "adobeincorp.com", "type": "domain", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 42655, "indicator": "3b52046dd7e1d5684eabbd9038b651726714ab69", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of d535c3fc5f0f98e021bea0d6277d2559", "expiration": null, "is_active": 1 }, { "id": 2661605, "indicator": "d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of d535c3fc5f0f98e021bea0d6277d2559", "expiration": null, "is_active": 1 }, { "id": 3409659721, "indicator": "d83e4e467469e7f7ecb1b58c6b95629cf89ae8c9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d535c3fc5f0f98e021bea0d6277d2559\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"-4f42-11e3-9712-806e6f6e6963}\" fullword wide \n \t\t $s2= \"AppDataRoaming\" fullword wide \n \t\t $s3= \"COMPUTERNAMEREM\" fullword wide \n \t\t $s4= \"C:UsersREMDesktop\" fullword wide \n \t\t $s5= \"C:UsersREMDesktopdesktop.ini\" fullword wide \n \t\t $s6= \"C:UsersREMDocumentsdesktop.ini\" fullword wide \n \t\t $s7= \"C:UsersREMDownloadsdesktop.ini\" fullword wide \n \t\t $s8= \"C:UsersREMMusicdesktop.ini\" fullword wide \n \t\t $s9= \"C:UsersREMPicturesdesktop.ini\" fullword wide \n \t\t $s10= \"C:UsersREMVideosdesktop.ini\" fullword wide \n \t\t $s11= \"C:WindowsLastGood\" fullword wide \n \t\t $s12= \"C:WindowsSYSTEM\" fullword wide \n \t\t $s13= \"C:Windowssystem32\" fullword wide \n \t\t $s14= \"C:WindowsSYSTEM32bcrypt.dll\" fullword wide \n \t\t $s15= \"C:Windowssystem32CFGMGR32.dll\" fullword wide \n \t\t $s16= \"C:WindowsSYSTEM32CRYPTBASE.dll\" fullword wide \n \t\t $s17= \"C:WindowsSYSTEM32CRYPTSP.dll\" fullword wide \n \t\t $s18= \"C:WindowsSystem32desktop.ini\" fullword wide \n \t\t $s19= \"C:WindowsSystem32iertutil.dll\" fullword wide \n \t\t $s20= \"C:Windowssystem32OLEAUT32.dll\" fullword wide \n \n \t\t $hex1= {2d??34??66??34??32??2d??31??31??65??33??2d??39??37??31??32??2d??38??30??36??65??36??66??36??65??36??39??36??33??7d??0a??} \n \t\t $hex2= {41??70??70??44??61??74??61??52??6f??61??6d??69??6e??67??0a??} \n \t\t $hex3= {43??3a??55??73??65??72??73??52??45??4d??44??65??73??6b??74??6f??70??0a??} \n \t\t $hex4= {43??3a??55??73??65??72??73??52??45??4d??44??65??73??6b??74??6f??70??64??65??73??6b??74??6f??70??2e??69??6e??69??0a??} \n \t\t $hex5= {43??3a??55??73??65??72??73??52??45??4d??44??6f??63??75??6d??65??6e??74??73??64??65??73??6b??74??6f??70??2e??69??6e??69??} \n \t\t $hex6= {43??3a??55??73??65??72??73??52??45??4d??44??6f??77??6e??6c??6f??61??64??73??64??65??73??6b??74??6f??70??2e??69??6e??69??} \n \t\t $hex7= {43??3a??55??73??65??72??73??52??45??4d??4d??75??73??69??63??64??65??73??6b??74??6f??70??2e??69??6e??69??0a??} \n \t\t $hex8= {43??3a??55??73??65??72??73??52??45??4d??50??69??63??74??75??72??65??73??64??65??73??6b??74??6f??70??2e??69??6e??69??0a??} \n \t\t $hex9= {43??3a??55??73??65??72??73??52??45??4d??56??69??64??65??6f??73??64??65??73??6b??74??6f??70??2e??69??6e??69??0a??} \n \t\t $hex10= {43??3a??57??69??6e??64??6f??77??73??4c??61??73??74??47??6f??6f??64??0a??} \n \t\t $hex11= {43??3a??57??69??6e??64??6f??77??73??53??59??53??54??45??4d??0a??} \n \t\t $hex12= {43??3a??57??69??6e??64??6f??77??73??53??59??53??54??45??4d??33??32??43??52??59??50??54??42??41??53??45??2e??64??6c??6c??} \n \t\t $hex13= {43??3a??57??69??6e??64??6f??77??73??53??59??53??54??45??4d??33??32??43??52??59??50??54??53??50??2e??64??6c??6c??0a??} \n \t\t $hex14= {43??3a??57??69??6e??64??6f??77??73??53??59??53??54??45??4d??33??32??62??63??72??79??70??74??2e??64??6c??6c??0a??} \n \t\t $hex15= {43??3a??57??69??6e??64??6f??77??73??53??79??73??74??65??6d??33??32??64??65??73??6b??74??6f??70??2e??69??6e??69??0a??} \n \t\t $hex16= {43??3a??57??69??6e??64??6f??77??73??53??79??73??74??65??6d??33??32??69??65??72??74??75??74??69??6c??2e??64??6c??6c??0a??} \n \t\t $hex17= {43??3a??57??69??6e??64??6f??77??73??73??79??73??74??65??6d??33??32??0a??} \n \t\t $hex18= {43??3a??57??69??6e??64??6f??77??73??73??79??73??74??65??6d??33??32??43??46??47??4d??47??52??33??32??2e??64??6c??6c??0a??} \n \t\t $hex19= {43??3a??57??69??6e??64??6f??77??73??73??79??73??74??65??6d??33??32??4f??4c??45??41??55??54??33??32??2e??64??6c??6c??0a??} \n \t\t $hex20= {43??4f??4d??50??55??54??45??52??4e??41??4d??45??52??45??4d??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_28_d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d Group", "expiration": null, "is_active": 1 }, { "id": 1593573343, "indicator": "6316258ca5ba2d85134ad7427f24a8a51ce4815b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA1 of da2a657dc69d7320f2ffc87013f257ad", "expiration": null, "is_active": 1 }, { "id": 2326485, "indicator": "d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA256 of da2a657dc69d7320f2ffc87013f257ad", "expiration": null, "is_active": 1 }, { "id": 3409659722, "indicator": "cf794295b7def4cb905fd8f4dc1bd14c3b149cb7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"da2a657dc69d7320f2ffc87013f257ad\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7 Group", "expiration": null, "is_active": 1 }, { "id": 3409659723, "indicator": "a98ed36feedda7efb1862f356e11cc893fbc5b1b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"93c589e9eaf3272bc0349d605b85c566\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramDatabk.exe\" fullword wide \n \t\t $s2= \"Impersonation Packages\" fullword wide \n \t\t $s3= \"install_com_x32_LL_full.dll,Start\" fullword wide \n \t\t $s4= \"System32sysprep\" fullword wide \n \t\t $s5= \"%temp%inst32.exe\" fullword wide \n \n \t\t $hex1= {25??74??65??6d??70??25??69??6e??73??74??33??32??2e??65??78??65??0a??} \n \t\t $hex2= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??62??6b??2e??65??78??65??0a??} \n \t\t $hex3= {49??6d??70??65??72??73??6f??6e??61??74??69??6f??6e??20??50??61??63??6b??61??67??65??73??0a??} \n \t\t $hex4= {53??79??73??74??65??6d??33??32??73??79??73??70??72??65??70??0a??} \n \t\t $hex5= {69??6e??73??74??61??6c??6c??5f??63??6f??6d??5f??78??33??32??5f??4c??4c??5f??66??75??6c??6c??2e??64??6c??6c??2c??53??74??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69 Group", "expiration": null, "is_active": 1 }, { "id": 3409659724, "indicator": "c094decf34543e4a9ba0b1b21284989e14647696", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9863f1efc5274b3d449b5b7467819d28\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2001.12.8530.16385\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {32??30??30??31??2e??31??32??2e??38??35??33??30??2e??31??36??33??38??35??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071 Group", "expiration": null, "is_active": 1 }, { "id": 3409659725, "indicator": "9599f9744c56a15e2353e56ef04158a8947ff3d6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"99b93cfcff258eb49e7af603d779a146\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"10.0.3601.4381splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"mnopqrstuvwxyz{|}~\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??30??2e??30??2e??33??36??30??31??2e??34??33??38??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {6d??6e??6f??70??71??72??73??74??75??76??77??78??79??7a??7b??7c??7d??7e??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_28_c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd Group", "expiration": null, "is_active": 1 }, { "id": 3409659726, "indicator": "2fcfdc52a2eba90499ecc41b6100f442f154cf20", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8c4fa713c5e2b009114adda758adc445\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a Group", "expiration": null, "is_active": 1 }, { "id": 3409659727, "indicator": "6ae784e3df146a4205a6c778f3a12eb37495ba84", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_e8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_e8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"aeebfc9eb9031e423797a5af1985242d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"_._-;-* #,##0_\" fullword wide \n \t\t $s2= \"_._-;-* #,##0.00_\" fullword wide \n \t\t $s3= \"DocumentSummaryInformation\" fullword wide \n \t\t $s4= \"Explanatory Text\" fullword wide \n \t\t $s5= \"SummaryInformation\" fullword wide \n \t\t $s6= \"TableStyleMedium9PivotStyleLight16\" fullword wide \n \t\t $s7= \"_VBA_PROJECT_CUR\" fullword wide \n \n \t\t $hex1= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex2= {45??78??70??6c??61??6e??61??74??6f??72??79??20??54??65??78??74??0a??} \n \t\t $hex3= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex4= {54??61??62??6c??65??53??74??79??6c??65??4d??65??64??69??75??6d??39??50??69??76??6f??74??53??74??79??6c??65??4c??69??67??} \n \t\t $hex5= {5f??2e??5f??2d??3b??2d??2a??20??23??2c??23??23??30??2e??30??30??5f??0a??} \n \t\t $hex6= {5f??2e??5f??2d??3b??2d??2a??20??23??2c??23??23??30??5f??0a??} \n \t\t $hex7= {5f??56??42??41??5f??50??52??4f??4a??45??43??54??5f??43??55??52??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_e8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05 Group", "expiration": null, "is_active": 1 }, { "id": 3409659728, "indicator": "9a9b4678c18630799ca8aa9928639d770789aaa5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_c7661b27a06a3a8c471fbb060ab8cab25fa9546e0a4c5c1101fe8098b2ad11e9 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_c7661b27a06a3a8c471fbb060ab8cab25fa9546e0a4c5c1101fe8098b2ad11e9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-10-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b88633376fbb144971dcb503f72fd192\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"Windows Defender\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??64??6f??77??73??20??44??65??66??65??6e??64??65??72??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_c7661b27a06a3a8c471fbb060ab8cab25fa9546e0a4c5c1101fe8098b2ad11e9 Group", "expiration": null, "is_active": 1 }, { "id": 3254613343, "indicator": "b6f7b17dd6590b4f5fe4d880cc86ae5761bb624e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of ede5d82bb6775a9b1659dccb699fadcb", "expiration": null, "is_active": 1 }, { "id": 3094343792, "indicator": "ba870596bc3a1808d547607d2477678a6f5751b270ae1b93d0d1de29377d5958", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of ede5d82bb6775a9b1659dccb699fadcb", "expiration": null, "is_active": 1 }, { "id": 3409659729, "indicator": "27e73143a8051684b6f4d42e18a3a3fa0abfbe42", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_ba870596bc3a1808d547607d2477678a6f5751b270ae1b93d0d1de29377d5958 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_ba870596bc3a1808d547607d2477678a6f5751b270ae1b93d0d1de29377d5958 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ede5d82bb6775a9b1659dccb699fadcb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"application/octet-stream\" fullword wide \n \t\t $s2= \"ConversationIndexTrackingEx\" fullword wide \n \t\t $s3= \"Danil.Sytnikov@uarpa.com\" fullword wide \n \t\t $s4= \"Danil.Sytnikov@uarpa.com>\" fullword wide \n \t\t $s5= \"European Parliament\" fullword wide \n \t\t $s6= \"Greetings Sir/Madam!\" fullword wide \n \t\t $s7= \"MIME-Version: 1.0\" fullword wide \n \t\t $s8= \"__nameid_version1.0\" fullword wide \n \t\t $s9= \"pressunit@europarl.europa.eu\" fullword wide \n \t\t $s10= \"__properties_version1.0\" fullword wide \n \t\t $s11= \"RESMSG03.RES.local\" fullword wide \n \t\t $s12= \"__substg1.0_00020102\" fullword wide \n \t\t $s13= \"__substg1.0_00030102\" fullword wide \n \t\t $s14= \"__substg1.0_00040102\" fullword wide \n \t\t $s15= \"__substg1.0_001A001F\" fullword wide \n \t\t $s16= \"__substg1.0_0037001F\" fullword wide \n \t\t $s17= \"__substg1.0_003B0102\" fullword wide \n \t\t $s18= \"__substg1.0_003D001F\" fullword wide \n \t\t $s19= \"__substg1.0_003F0102\" fullword wide \n \t\t $s20= \"__substg1.0_0040001F\" fullword wide \n \n \t\t $hex1= {43??6f??6e??76??65??72??73??61??74??69??6f??6e??49??6e??64??65??78??54??72??61??63??6b??69??6e??67??45??78??0a??} \n \t\t $hex2= {44??61??6e??69??6c??2e??53??79??74??6e??69??6b??6f??76??40??75??61??72??70??61??2e??63??6f??6d??0a??} \n \t\t $hex3= {44??61??6e??69??6c??2e??53??79??74??6e??69??6b??6f??76??40??75??61??72??70??61??2e??63??6f??6d??3e??0a??} \n \t\t $hex4= {45??75??72??6f??70??65??61??6e??20??50??61??72??6c??69??61??6d??65??6e??74??0a??} \n \t\t $hex5= {47??72??65??65??74??69??6e??67??73??20??53??69??72??2f??4d??61??64??61??6d??21??0a??} \n \t\t $hex6= {4d??49??4d??45??2d??56??65??72??73??69??6f??6e??3a??20??31??2e??30??0a??} \n \t\t $hex7= {52??45??53??4d??53??47??30??33??2e??52??45??53??2e??6c??6f??63??61??6c??0a??} \n \t\t $hex8= {5f??5f??6e??61??6d??65??69??64??5f??76??65??72??73??69??6f??6e??31??2e??30??0a??} \n \t\t $hex9= {5f??5f??70??72??6f??70??65??72??74??69??65??73??5f??76??65??72??73??69??6f??6e??31??2e??30??0a??} \n \t\t $hex10= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??30??32??30??31??30??32??0a??} \n \t\t $hex11= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??30??33??30??31??30??32??0a??} \n \t\t $hex12= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??30??34??30??31??30??32??0a??} \n \t\t $hex13= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??31??41??30??30??31??46??0a??} \n \t\t $hex14= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??33??37??30??30??31??46??0a??} \n \t\t $hex15= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??33??42??30??31??30??32??0a??} \n \t\t $hex16= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??33??44??30??30??31??46??0a??} \n \t\t $hex17= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??33??46??30??31??30??32??0a??} \n \t\t $hex18= {5f??5f??73??75??62??73??74??67??31??2e??30??5f??30??30??34??30??30??30??31??46??0a??} \n \t\t $hex19= {61??70??70??6c??69??63??61??74??69??6f??6e??2f??6f??63??74??65??74??2d??73??74??72??65??61??6d??0a??} \n \t\t $hex20= {70??72??65??73??73??75??6e??69??74??40??65??75??72??6f??70??61??72??6c??2e??65??75??72??6f??70??61??2e??65??75??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_28_ba870596bc3a1808d547607d2477678a6f5751b270ae1b93d0d1de29377d5958 Group", "expiration": null, "is_active": 1 }, { "id": 91594, "indicator": "a5fca59a2fae0a12512336ca1b78f857afc06445", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of f1d3447a2bff56646478b0adb7d0451c\nSHA1 of f1d3447a2bff56646478b0adb7d0451c", "expiration": null, "is_active": 1 }, { "id": 2661626, "indicator": "5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of f1d3447a2bff56646478b0adb7d0451c\nSHA256 of f1d3447a2bff56646478b0adb7d0451c", "expiration": null, "is_active": 1 }, { "id": 3409659730, "indicator": "1be0751743139b794f0a606c10d28e94eee00183", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f1d3447a2bff56646478b0adb7d0451c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2001.12.8530.16385\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {32??30??30??31??2e??31??32??2e??38??35??33??30??2e??31??36??33??38??35??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c Group", "expiration": null, "is_active": 1 }, { "id": 3409659731, "indicator": "d661a4c812eb408bdb9c5e85c976cadd59726b24", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"57cc08213ab8b6d4a538e4568d00a123\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.0.4621.4331splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"mnopqrstuvwxyz{|}~\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??31??2e??30??2e??34??36??32??31??2e??34??33??33??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {6d??6e??6f??70??71??72??73??74??75??76??77??78??79??7a??7b??7c??7d??7e??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_28_b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de Group", "expiration": null, "is_active": 1 }, { "id": 1593573337, "indicator": "ed48ef531d96e8c7360701da1c57e2ff13f12405", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA1 of ead4ec18ebce6890d20757bb9f5285b1", "expiration": null, "is_active": 1 }, { "id": 2326537, "indicator": "7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA256 of ead4ec18ebce6890d20757bb9f5285b1", "expiration": null, "is_active": 1 }, { "id": 3409659732, "indicator": "cd8177dca41c89234007dc3fc35efa65984df937", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ead4ec18ebce6890d20757bb9f5285b1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683 Group", "expiration": null, "is_active": 1 }, { "id": 3409659733, "indicator": "6ba4f1887758b7ba82f970b98fc3e55a13c64251", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"23ae20329174d44ebc8dbfa9891c6260\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FsFltParametersc1\" fullword wide \n \t\t $s2= \"FsFltParametersc3\" fullword wide \n \t\t $s3= \"PLATFORMTARGETS\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"WSystem32sysprep\" fullword wide \n \n \t\t $hex1= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??31??0a??} \n \t\t $hex2= {46??73??46??6c??74??50??61??72??61??6d??65??74??65??72??73??63??33??0a??} \n \t\t $hex3= {50??4c??41??54??46??4f??52??4d??54??41??52??47??45??54??53??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??53??79??73??74??65??6d??33??32??73??79??73??70??72??65??70??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d Group", "expiration": null, "is_active": 1 }, { "id": 3409659734, "indicator": "64572e7d0a1580acdf97b6aebf65039dd1a01b89", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9ca6ead1384953d787487d399c23cb41\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.0.4621.4331splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"unsuccess : \" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??31??2e??30??2e??34??36??32??31??2e??34??33??33??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6 Group", "expiration": null, "is_active": 1 }, { "id": 1593573339, "indicator": "d9c53adce8c35ec3b1e015ec8011078902e6800b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA1 of 1259c4fe5efd9bf07fc4c78466f2dd09", "expiration": null, "is_active": 1 }, { "id": 2326516, "indicator": "102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA256 of 1259c4fe5efd9bf07fc4c78466f2dd09", "expiration": null, "is_active": 1 }, { "id": 3409659735, "indicator": "a1ff252071a904f26785c34684b26fcab9167e9d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1259c4fe5efd9bf07fc4c78466f2dd09\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a Group", "expiration": null, "is_active": 1 }, { "id": 3409659736, "indicator": "332bb9444614393de5010237a8d1ab83b01b108a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8b6d824619e993f74973eedfaf18be78\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ALLUSERSPROFILE\" fullword wide \n \t\t $s2= \"c:ProgramDatamgswizap.dll\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"InProcServer32\" fullword wide \n \t\t $s5= \"Microsoft security\" fullword wide \n \t\t $s6= \"Microsoft surface\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"ServiceMonitor.dll\" fullword wide \n \t\t $s9= \"unsuccess : \" fullword wide \n \t\t $s10= \"UserInitMprLogonScript\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??4c??4c??55??53??45??52??53??50??52??4f??46??49??4c??45??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??73??65??63??75??72??69??74??79??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??73??75??72??66??61??63??65??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??65??72??76??69??63??65??4d??6f??6e??69??74??6f??72??2e??64??6c??6c??0a??} \n \t\t $hex8= {55??73??65??72??49??6e??69??74??4d??70??72??4c??6f??67??6f??6e??53??63??72??69??70??74??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex10= {63??3a??50??72??6f??67??72??61??6d??44??61??74??61??6d??67??73??77??69??7a??61??70??2e??64??6c??6c??0a??} \n \t\t $hex11= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_28_972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4 Group", "expiration": null, "is_active": 1 }, { "id": 3409659737, "indicator": "7c00854595c8644de9d51dab624cc4c033771174", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_68065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_68065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"12a9fff59de1663dec1b45ea2ede22f5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"11.0.4621.4331splm.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"mnopqrstuvwxyz{|}~\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"unsuccess : \" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"Windows Installer\" fullword wide \n \n \t\t $hex1= {31??31??2e??30??2e??34??36??32??31??2e??34??33??33??31??73??70??6c??6d??2e??64??6c??6c??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {57??69??6e??64??6f??77??73??20??49??6e??73??74??61??6c??6c??65??72??0a??} \n \t\t $hex7= {6d??6e??6f??70??71??72??73??74??75??76??77??78??79??7a??7b??7c??7d??7e??0a??} \n \t\t $hex8= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_28_68065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c Group", "expiration": null, "is_active": 1 }, { "id": 3409659738, "indicator": "c3cbf0fb5dcf0c04ad10b38281022cd567f28745", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-09-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a3c757af9e7a9a60e235d08d54740fbc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:ProgramDatamsgs.tmp-%d\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??44??61??74??61??6d??73??67??73??2e??74??6d??70??2d??25??64??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413 Group", "expiration": null, "is_active": 1 }, { "id": 3409659818, "indicator": "91488a19150f10e52f2ca5559773f79fca4357eb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2163a33330ae5786d3e984db09b2d9d2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"14.2.7765.12536\" fullword wide \n \t\t $s2= \"17.1.1010.56778\" fullword wide \n \t\t $s3= \"apisecconnect.dll\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??34??2e??32??2e??37??37??36??35??2e??31??32??35??33??36??0a??} \n \t\t $hex2= {31??37??2e??31??2e??31??30??31??30??2e??35??36??37??37??38??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {61??70??69??73??65??63??63??6f??6e??6e??65??63??74??2e??64??6c??6c??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead Group", "expiration": null, "is_active": 1 }, { "id": 3409659819, "indicator": "ed42326138cee8faa5cde4b3652162e8a5fbd417", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7a055cbe6672f77b2271c1cb8e2670b8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"mnopqrstuvwxyz{|}~\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"unsuccess : \" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \t\t $s7= \"Windows Installer\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??64??6f??77??73??20??49??6e??73??74??61??6c??6c??65??72??0a??} \n \t\t $hex6= {6d??6e??6f??70??71??72??73??74??75??76??77??78??79??7a??7b??7c??7d??7e??0a??} \n \t\t $hex7= {75??6e??73??75??63??63??65??73??73??26??6e??62??73??70??3a??26??6e??62??73??70??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_28_99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b Group", "expiration": null, "is_active": 1 }, { "id": 3409659820, "indicator": "850deb74782d79d64be88c203a826ab71f9565c4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8b92fe86c5b7a9e34f433a6fbac8bc3a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69 Group", "expiration": null, "is_active": 1 }, { "id": 3409659821, "indicator": "83957af4d4c18b82cc8288d1251e1137af232e11", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9eebfebe3987fec3c395594dc57a0c4c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75 Group", "expiration": null, "is_active": 1 }, { "id": 1593573344, "indicator": "367d40465fd1633c435b966fa9b289188aa444bc", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA1 of 791428601ad12b9230b9ace4f2138713", "expiration": null, "is_active": 1 }, { "id": 2326526, "indicator": "29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "SOFACY__Loader", "description": "SHA256 of 791428601ad12b9230b9ace4f2138713", "expiration": null, "is_active": 1 }, { "id": 3409659822, "indicator": "f8242a63e0f9a11bdc2c1be16e68727b35d32eb2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787 { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"791428601ad12b9230b9ace4f2138713\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787 Group", "expiration": null, "is_active": 1 }, { "id": 3409659823, "indicator": "ff38a851b6e939f6b9aa4dffb3d878f4a305faee", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7b1bfd7c1866040e8f618fe67b93bea5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2001.12.8530.16385\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {32??30??30??31??2e??31??32??2e??38??35??33??30??2e??31??36??33??38??35??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f Group", "expiration": null, "is_active": 1 }, { "id": 3409659824, "indicator": "825253d3db8b145588c92266708f2056ae3e3696", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ae4ded48da0766d237ce2262202c3c96\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"Accept-Encoding: gzip,deflate,sdch\" fullword wide \n \t\t $s3= \"Cache-Control: max-age=0\" fullword wide \n \t\t $s4= \"Connection: keep-alive\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {41??63??63??65??70??74??2d??45??6e??63??6f??64??69??6e??67??3a??20??67??7a??69??70??2c??64??65??66??6c??61??74??65??2c??} \n \t\t $hex3= {43??61??63??68??65??2d??43??6f??6e??74??72??6f??6c??3a??20??6d??61??78??2d??61??67??65??3d??30??0a??} \n \t\t $hex4= {43??6f??6e??6e??65??63??74??69??6f??6e??3a??20??6b??65??65??70??2d??61??6c??69??76??65??0a??} \n \t\t $hex5= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d Group", "expiration": null, "is_active": 1 }, { "id": 3409659825, "indicator": "6463e647e3e5f5a3500b6d27974d9da02b2e96f6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_28_a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb { \n \tmeta: \n \t\t description= \"APTMalware_APT_28_a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a96f4b8ac7aa9dbf4624424b7602d4f7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"advstorshell.dll\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {61??64??76??73??74??6f??72??73??68??65??6c??6c??2e??64??6c??6c??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_28_a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb Group", "expiration": null, "is_active": 1 }, { "id": 3409659826, "indicator": "d527aeccbceb1a8c59226735fe1fca58e7f992ad", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"19610f0d343657f6842d2045e8818f09\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_4521a74337a8b454f9b80c7d9e57b4c9580567f84e513d9a3ce763275c55e691 Group", "expiration": null, "is_active": 1 }, { "id": 3409659827, "indicator": "7f4bcfedf5a05005401c691540a41bce01282449", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_30ed11afe657695c221d2623bae7ae4e6361998c54b4655f4970cf069f65da22 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_30ed11afe657695c221d2623bae7ae4e6361998c54b4655f4970cf069f65da22 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0506cf6d4e86c9ad1d4ea985f43582c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"skk38sk4sf 1.21\" fullword wide \n \t\t $s9= \"SysTabControl32\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex10= {73??6b??6b??33??38??73??6b??34??73??66??20??31??2e??32??31??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_30ed11afe657695c221d2623bae7ae4e6361998c54b4655f4970cf069f65da22 Group", "expiration": null, "is_active": 1 }, { "id": 3409659828, "indicator": "8c49b4b1274b60511b1bc8afd1b38521c9ac48af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c0c8dcc9dad39da8278bf8956e30a3fc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_6605b27e95f5c3c8012e4a75d1861786fb749b9a712a5f4871adbad81addb59e Group", "expiration": null, "is_active": 1 }, { "id": 3409659829, "indicator": "95c80857c55d62e7b641d5ce7320d4b005a6e532", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of f6caa0160a6f0e5264fd16fa5ae95696", "expiration": null, "is_active": 1 }, { "id": 1598883560, "indicator": "fdb29bbc9b3257038bbb10f10140f5137e67cab3d38cf4afb60ffae54b60ab2e", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of f6caa0160a6f0e5264fd16fa5ae95696", "expiration": null, "is_active": 1 }, { "id": 3409659830, "indicator": "2d32ba1489ed0bf381c38c713cf9da392d37b776", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fdb29bbc9b3257038bbb10f10140f5137e67cab3d38cf4afb60ffae54b60ab2e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fdb29bbc9b3257038bbb10f10140f5137e67cab3d38cf4afb60ffae54b60ab2e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f6caa0160a6f0e5264fd16fa5ae95696\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Annuler Ctrl+Z\" fullword wide \n \t\t $s2= \"Application SoftHSM\" fullword wide \n \t\t $s3= \"&Barre d'outils\" fullword wide \n \t\t $s4= \"Convertir l'objet\" fullword wide \n \t\t $s5= \"&Enregistrer Ctrl+S\" fullword wide \n \t\t $s6= \"En®istrer sous...\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"&Imprimer... Ctrl+P\" fullword wide \n \t\t $s9= \"LegalTrademarks\" fullword wide \n \t\t $s10= \"msctls_progress32\" fullword wide \n \t\t $s11= \"msctls_trackbar32\" fullword wide \n \t\t $s12= \"&Nouveau Ctrl+N\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"&Ouvrir... Ctrl+O\" fullword wide \n \t\t $s15= \"rganization automatique\" fullword wide \n \t\t $s16= \"SoftHS Document\" fullword wide \n \t\t $s17= \"SoftHSM.Document\" fullword wide \n \t\t $s18= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??42??61??72??72??65??20??64??27??6f??75??74??69??6c??73??0a??} \n \t\t $hex3= {26??45??6e??72??65??67??69??73??74??72??65??72??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??65??72??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex5= {26??4e??6f??75??76??65??61??75??20??43??74??72??6c??2b??4e??0a??} \n \t\t $hex6= {26??4f??75??76??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex7= {41??70??70??6c??69??63??61??74??69??6f??6e??20??53??6f??66??74??48??53??4d??0a??} \n \t\t $hex8= {43??6f??6e??76??65??72??74??69??72??20??6c??27??6f??62??6a??65??74??0a??} \n \t\t $hex9= {45??6e??26??72??65??67??69??73??74??72??65??72??20??73??6f??75??73??2e??2e??2e??0a??} \n \t\t $hex10= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex11= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex12= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {53??6f??66??74??48??53??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex14= {53??6f??66??74??48??53??4d??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex16= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex17= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \t\t $hex18= {72??67??61??6e??69??7a??61??74??69??6f??6e??20??61??75??74??6f??6d??61??74??69??71??75??65??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_10_fdb29bbc9b3257038bbb10f10140f5137e67cab3d38cf4afb60ffae54b60ab2e Group", "expiration": null, "is_active": 1 }, { "id": 3409659831, "indicator": "aab458f537f429408193a409f79bba1b755abed7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3dca6cbf1981ab987987966228d95e55\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_715bdd918ac4c318172474a31b413d24e82316f246294f2262600eda90a83308 Group", "expiration": null, "is_active": 1 }, { "id": 3409659832, "indicator": "45578e22debe913dcf5ca6f79af2d9952994abfd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_737d2fbf51c72f4642056bbb0bee8e04259ee1a0cc4174549cfae11faac7e6f8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_737d2fbf51c72f4642056bbb0bee8e04259ee1a0cc4174549cfae11faac7e6f8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1942d1cc7552387393b91a14c9a3d73\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"SysTabControl32\" fullword wide \n \t\t $s5= \"VizorHtmlDialog\" fullword wide \n \t\t $s6= \"VizorHtmlDialog.exe\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??0a??} \n \t\t $hex7= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_737d2fbf51c72f4642056bbb0bee8e04259ee1a0cc4174549cfae11faac7e6f8 Group", "expiration": null, "is_active": 1 }, { "id": 3409659833, "indicator": "532350b75fc3ce1ebad3fb994b35dc676a854da1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5ba23fd19bc743eb0139f661e0c4521fd1c131628664bd0b6617eeb8fedc8237 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5ba23fd19bc743eb0139f661e0c4521fd1c131628664bd0b6617eeb8fedc8237 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"234257c192caa419d14096f104b03e06\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Platfrom...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"&Open... Ctrl+O\" fullword wide \n \t\t $s6= \"Platfr Document\" fullword wide \n \t\t $s7= \"Platfrom.Document\" fullword wide \n \t\t $s8= \"&Print... Ctrl+P\" fullword wide \n \t\t $s9= \"P&rint Setup...\" fullword wide \n \t\t $s10= \"Toggle StatusBar\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??50??6c??61??74??66??72??6f??6d??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex8= {50??6c??61??74??66??72??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {50??6c??61??74??66??72??6f??6d??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex11= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_5ba23fd19bc743eb0139f661e0c4521fd1c131628664bd0b6617eeb8fedc8237 Group", "expiration": null, "is_active": 1 }, { "id": 2569869596, "indicator": "c11f9e5bf67bbd1e8b4dd6f2bce870ff77ff0de1", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 26c7326f4449c1337fc42e43ca0790dd", "expiration": null, "is_active": 1 }, { "id": 1598883435, "indicator": "a80f6c57f772f20d63021c8971a280c19e8eafe7cc7088344c598d84026dda15", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 26c7326f4449c1337fc42e43ca0790dd", "expiration": null, "is_active": 1 }, { "id": 3409659834, "indicator": "17df1ce7869f1c622dc195e8baab9fb73a70e5af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_a80f6c57f772f20d63021c8971a280c19e8eafe7cc7088344c598d84026dda15 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a80f6c57f772f20d63021c8971a280c19e8eafe7cc7088344c598d84026dda15 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"26c7326f4449c1337fc42e43ca0790dd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"VizorHtmlDialog\" fullword wide \n \t\t $s9= \"VizorHtmlDialog.exe\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??0a??} \n \t\t $hex9= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??2e??65??78??65??0a??} \n \t\t $hex10= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_a80f6c57f772f20d63021c8971a280c19e8eafe7cc7088344c598d84026dda15 Group", "expiration": null, "is_active": 1 }, { "id": 3409659835, "indicator": "4a65ff78d51710afd9699278d996338dcfea806f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3afa9243b3aeb534e02426569d85e517\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_5961861d2b9f50d05055814e6bfd1c6291b30719f8a4d02d4cf80c2e87753fa1 Group", "expiration": null, "is_active": 1 }, { "id": 3409659836, "indicator": "86e67f4023b6b16b1ea16035952fc4e64984b714", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7af04a468de09c519681dcb0bd77030b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_1ebf3eabaf3ea08c45358ec57beca27de44d53cee2e5a8d545da9f75696d1fb7 Group", "expiration": null, "is_active": 1 }, { "id": 3409659837, "indicator": "75d540656bcc488e7ce44755b6959268244d9e8b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"23d03ee4bf57de7087055b230dae7c5b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e88f5bf4be37e0dc90ba1a06a2d47faaeea9047fec07c17c2a76f9f7ab98acf0 Group", "expiration": null, "is_active": 1 }, { "id": 3363914907, "indicator": "5efaf7b85678895b38d12a571c0e0bc1028d21fb", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA1 of c7f6e98e4539bd127573cd5934256c91", "expiration": null, "is_active": 1 }, { "id": 1598883417, "indicator": "8a0bcbbad2f1b0efc72069e16f23ac1314ca0df252647f99429dcb428506337c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA256 of c7f6e98e4539bd127573cd5934256c91", "expiration": null, "is_active": 1 }, { "id": 3409659838, "indicator": "b54dcf21908f19e5752d45beeb688ba6321dddbd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_8a0bcbbad2f1b0efc72069e16f23ac1314ca0df252647f99429dcb428506337c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_8a0bcbbad2f1b0efc72069e16f23ac1314ca0df252647f99429dcb428506337c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-08-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c7f6e98e4539bd127573cd5934256c91\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"My20130401.Document\" fullword wide \n \t\t $s8= \"My2013 Document\" fullword wide \n \t\t $s9= \"&Open... Ctrl+O\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"Paste &Special...\" fullword wide \n \t\t $s12= \"&Print... Ctrl+P\" fullword wide \n \t\t $s13= \"P&rint Setup...\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_8a0bcbbad2f1b0efc72069e16f23ac1314ca0df252647f99429dcb428506337c Group", "expiration": null, "is_active": 1 }, { "id": 3254663164, "indicator": "4a466d0a5f5acf2b569b2ddc14457d55853086a9", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of a2768b46a48c72e6f183c99333c14ff6", "expiration": null, "is_active": 1 }, { "id": 3254663165, "indicator": "8a78041b2bd5f4fdf37631e00e1c77b592a1e363ab18d99908989a7501b0b80a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of a2768b46a48c72e6f183c99333c14ff6", "expiration": null, "is_active": 1 }, { "id": 3409659839, "indicator": "35e299df7c086bf13c847666bd9bbbfd4903d201", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_8a78041b2bd5f4fdf37631e00e1c77b592a1e363ab18d99908989a7501b0b80a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_8a78041b2bd5f4fdf37631e00e1c77b592a1e363ab18d99908989a7501b0b80a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a2768b46a48c72e6f183c99333c14ff6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"2013-01-31T12:45:14\" fullword wide \n \t\t $s2= \"2013-02-22T17:58:50\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"Bresen Document\" fullword wide \n \t\t $s7= \"Bresenham(&A)...\" fullword wide \n \t\t $s8= \"Bresenham.Document\" fullword wide \n \t\t $s9= \"dafghdhrtutyijhjfdgh\" fullword wide \n \t\t $s10= \"eCMFCToolBarMenuButton\" fullword wide \n \t\t $s11= \"FileDescription\" fullword wide \n \t\t $s12= \"hgfdjryuyjuhfgjghj\" fullword wide \n \t\t $s13= \"@InProcServer32\" fullword wide \n \t\t $s14= \"OriginalFilename\" fullword wide \n \t\t $s15= \"RepoModuleRevision\" fullword wide \n \t\t $s16= \"tywrjjppoyuihjtijh\" fullword wide \n \t\t $s17= \"tywrpohgfjkdihjtijh\" fullword wide \n \t\t $s18= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {32??30??31??33??2d??30??31??2d??33??31??54??31??32??3a??34??35??3a??31??34??0a??} \n \t\t $hex2= {32??30??31??33??2d??30??32??2d??32??32??54??31??37??3a??35??38??3a??35??30??0a??} \n \t\t $hex3= {40??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {42??72??65??73??65??6e??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex5= {42??72??65??73??65??6e??68??61??6d??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex6= {42??72??65??73??65??6e??68??61??6d??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {52??65??70??6f??4d??6f??64??75??6c??65??52??65??76??69??73??69??6f??6e??0a??} \n \t\t $hex10= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex11= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex12= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex13= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex14= {64??61??66??67??68??64??68??72??74??75??74??79??69??6a??68??6a??66??64??67??68??0a??} \n \t\t $hex15= {65??43??4d??46??43??54??6f??6f??6c??42??61??72??4d??65??6e??75??42??75??74??74??6f??6e??0a??} \n \t\t $hex16= {68??67??66??64??6a??72??79??75??79??6a??75??68??66??67??6a??67??68??6a??0a??} \n \t\t $hex17= {74??79??77??72??6a??6a??70??70??6f??79??75??69??68??6a??74??69??6a??68??0a??} \n \t\t $hex18= {74??79??77??72??70??6f??68??67??66??6a??6b??64??69??68??6a??74??69??6a??68??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_10_8a78041b2bd5f4fdf37631e00e1c77b592a1e363ab18d99908989a7501b0b80a Group", "expiration": null, "is_active": 1 }, { "id": 3409659840, "indicator": "4e6e5d802ea94289ccce84615dde5f7dea63e706", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_643c66aba4481abfa7f5201653f3383c114b00e06b4242e94931598ab0bcb51d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_643c66aba4481abfa7f5201653f3383c114b00e06b4242e94931598ab0bcb51d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8d6b6e023b4221bae8ed37bb18407516\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"msctls_trackbar32\" fullword wide \n \t\t $s6= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s9= \"VizorHtmlDialog\" fullword wide \n \t\t $s10= \"VizorHtmlDialog.exe\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??0a??} \n \t\t $hex9= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??2e??65??78??65??0a??} \n \t\t $hex10= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex11= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_643c66aba4481abfa7f5201653f3383c114b00e06b4242e94931598ab0bcb51d Group", "expiration": null, "is_active": 1 }, { "id": 3190220671, "indicator": "5cafbcdb8ff731cca458ecde9a73e8f0514f0647", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 32d85825a7f627cdf8070a379b6b464f", "expiration": null, "is_active": 1 }, { "id": 1593528663, "indicator": "f75ddb8104bd84b15c1bc9fae54d6a0da809ad001fc9e5c76ab2e733ccb684d0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 32d85825a7f627cdf8070a379b6b464f", "expiration": null, "is_active": 1 }, { "id": 3409659841, "indicator": "6edcd41298f416395338b88973ee3059e027fa8b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f75ddb8104bd84b15c1bc9fae54d6a0da809ad001fc9e5c76ab2e733ccb684d0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f75ddb8104bd84b15c1bc9fae54d6a0da809ad001fc9e5c76ab2e733ccb684d0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"32d85825a7f627cdf8070a379b6b464f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"MFCRegister(&A)...\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SupportTool.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??46??43??52??65??67??69??73??74??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??75??70??70??6f??72??74??54??6f??6f??6c??2e??65??78??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_f75ddb8104bd84b15c1bc9fae54d6a0da809ad001fc9e5c76ab2e733ccb684d0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659910, "indicator": "03f2b10f4d818a541a5f0cbb2614e7e15f40760a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3de4f547b6ef69c9d60c1670d9dc93807eafeb15ffcf510fb1142b552b7214e9 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3de4f547b6ef69c9d60c1670d9dc93807eafeb15ffcf510fb1142b552b7214e9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1c3fe3ec1148fa72c18e2fcc3cdb354f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ceTitl Document\" fullword wide \n \t\t $s2= \"ceTitle.Document\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"msctls_progress32\" fullword wide \n \t\t $s6= \"&Open... Ctrl+O\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"&Print... Ctrl+P\" fullword wide \n \t\t $s9= \"P&rint Setup...\" fullword wide \n \t\t $s10= \"SysTabControl32\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex2= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {63??65??54??69??74??6c??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {63??65??54??69??74??6c??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex11= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_3de4f547b6ef69c9d60c1670d9dc93807eafeb15ffcf510fb1142b552b7214e9 Group", "expiration": null, "is_active": 1 }, { "id": 3409659911, "indicator": "0adc1af95d4282ba5a28e2ef844ab6b97a9e9f72", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_4b024f439385e7c1e850801526c58c9de201645a82b543f52e8b46c465c6f94a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4b024f439385e7c1e850801526c58c9de201645a82b543f52e8b46c465c6f94a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2d1e048030c27e2d57f0448df78142f6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Annuler Ctrl+Z\" fullword wide \n \t\t $s2= \"Application barckH\" fullword wide \n \t\t $s3= \"BarckH Document\" fullword wide \n \t\t $s4= \"BarckH.Document\" fullword wide \n \t\t $s5= \"&Barre d'outils\" fullword wide \n \t\t $s6= \"&Enregistrer Ctrl+S\" fullword wide \n \t\t $s7= \"En®istrer sous...\" fullword wide \n \t\t $s8= \"FileDescription\" fullword wide \n \t\t $s9= \"&Imprimer... Ctrl+P\" fullword wide \n \t\t $s10= \"LegalTrademarks\" fullword wide \n \t\t $s11= \"&Nouveau Ctrl+N\" fullword wide \n \t\t $s12= \"OriginalFilename\" fullword wide \n \t\t $s13= \"&Ouvrir... Ctrl+O\" fullword wide \n \t\t $s14= \"rganization automatique\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??42??61??72??72??65??20??64??27??6f??75??74??69??6c??73??0a??} \n \t\t $hex3= {26??45??6e??72??65??67??69??73??74??72??65??72??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??65??72??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex5= {26??4e??6f??75??76??65??61??75??20??43??74??72??6c??2b??4e??0a??} \n \t\t $hex6= {26??4f??75??76??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex7= {41??70??70??6c??69??63??61??74??69??6f??6e??20??62??61??72??63??6b??48??0a??} \n \t\t $hex8= {42??61??72??63??6b??48??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {42??61??72??63??6b??48??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {45??6e??26??72??65??67??69??73??74??72??65??72??20??73??6f??75??73??2e??2e??2e??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {72??67??61??6e??69??7a??61??74??69??6f??6e??20??61??75??74??6f??6d??61??74??69??71??75??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_4b024f439385e7c1e850801526c58c9de201645a82b543f52e8b46c465c6f94a Group", "expiration": null, "is_active": 1 }, { "id": 3409659912, "indicator": "be36877a3fd6ce6402a642ba3925feffd4a166f4", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of d67e2f5e6a0b046ae3bf5c61f1f384ec", "expiration": null, "is_active": 1 }, { "id": 1598883469, "indicator": "df989174c79870ca196b22e8dda6a43f2950c6cc72ab4d6faa4dadc5abedbebe", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of d67e2f5e6a0b046ae3bf5c61f1f384ec", "expiration": null, "is_active": 1 }, { "id": 3409659913, "indicator": "2e4d349546fca6c69f1e3698f30ae8d472ab1c60", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_df989174c79870ca196b22e8dda6a43f2950c6cc72ab4d6faa4dadc5abedbebe { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_df989174c79870ca196b22e8dda6a43f2950c6cc72ab4d6faa4dadc5abedbebe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d67e2f5e6a0b046ae3bf5c61f1f384ec\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"http://blog.csdn.net/programking\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??62??6c??6f??67??2e??63??73??64??6e??2e??6e??65??74??2f??70??72??6f??67??72??61??6d??6b??69??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_df989174c79870ca196b22e8dda6a43f2950c6cc72ab4d6faa4dadc5abedbebe Group", "expiration": null, "is_active": 1 }, { "id": 3078137892, "indicator": "eda10e99630ac348536a452d2d16746a4b412b9d", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 05c974fa1e5c11e472706f98c9923f61", "expiration": null, "is_active": 1 }, { "id": 1598883414, "indicator": "8297a50a06040fa9d28211e5024082a937a70e7488998ceeb26d8eb6ce866392", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 05c974fa1e5c11e472706f98c9923f61", "expiration": null, "is_active": 1 }, { "id": 3409659914, "indicator": "c545996b45801f4a38c8e50379467c2efb2cb676", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_8297a50a06040fa9d28211e5024082a937a70e7488998ceeb26d8eb6ce866392 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_8297a50a06040fa9d28211e5024082a937a70e7488998ceeb26d8eb6ce866392 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"05c974fa1e5c11e472706f98c9923f61\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Sundar_Game...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"Sundar_Game Application\" fullword wide \n \t\t $s6= \"Sundar_Game.EXE\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??53??75??6e??64??61??72??5f??47??61??6d??65??2e??2e??2e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??75??6e??64??61??72??5f??47??61??6d??65??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex6= {53??75??6e??64??61??72??5f??47??61??6d??65??2e??45??58??45??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_8297a50a06040fa9d28211e5024082a937a70e7488998ceeb26d8eb6ce866392 Group", "expiration": null, "is_active": 1 }, { "id": 3363914896, "indicator": "36d9d6473b3ce13cef5d7f1d54f8f3912f89c4d5", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of ac86c256b30534d5ede4a0df1019507e", "expiration": null, "is_active": 1 }, { "id": 2708570, "indicator": "c440d70db9e1190500bdde5b1613fd4f7014131a95032868836203d68ba187ed", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of ac86c256b30534d5ede4a0df1019507e", "expiration": null, "is_active": 1 }, { "id": 3409659915, "indicator": "e2ec2543ef2a757a2d44439fe9bca082b64fad57", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c440d70db9e1190500bdde5b1613fd4f7014131a95032868836203d68ba187ed { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c440d70db9e1190500bdde5b1613fd4f7014131a95032868836203d68ba187ed Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac86c256b30534d5ede4a0df1019507e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"8.0.2 build-591240\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VMware Workstation\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {38??2e??30??2e??32??20??62??75??69??6c??64??2d??35??39??31??32??34??30??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??4d??77??61??72??65??20??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_c440d70db9e1190500bdde5b1613fd4f7014131a95032868836203d68ba187ed Group", "expiration": null, "is_active": 1 }, { "id": 3409659916, "indicator": "382048c45f8b7c8a6af559086d4932b96c936776", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"de32915056d480b8b722e0a93164dbfe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_f6ad1a62033f3749aafd97dd4f345a47dddffd3465a7d8b3f1c838427c25aab6 Group", "expiration": null, "is_active": 1 }, { "id": 16317692, "indicator": "4413a7f864255767a6d84c3e8362b9873a7e224b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 01468a69ca8676b51a357676e0856c88", "expiration": null, "is_active": 1 }, { "id": 8633545, "indicator": "fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 01468a69ca8676b51a357676e0856c88", "expiration": null, "is_active": 1 }, { "id": 3409659917, "indicator": "7f8db98f5685a812201de734394c46aa0d3e61c0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"01468a69ca8676b51a357676e0856c88\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"eCMFCToolBarMenuButton\" fullword wide \n \t\t $s5= \"InsertParagraphAfter\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"Word.Application\" fullword wide \n \n \t\t $hex1= {49??6e??73??65??72??74??50??61??72??61??67??72??61??70??68??41??66??74??65??72??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??6f??72??64??2e??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex7= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex8= {65??43??4d??46??43??54??6f??6f??6c??42??61??72??4d??65??6e??75??42??75??74??74??6f??6e??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_fcccc611730474775ff1cfd4c60481deef586f01191348b07d7a143d174a07b0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659918, "indicator": "78a086df3672d4c505456c5235084ffb20bc1a05", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA1 of a07fea56b45d0d1ebb6df4589e750464", "expiration": null, "is_active": 1 }, { "id": 1598883474, "indicator": "f10cb0001c5c538a3c37b7ef695502d8be4984992747ad94b2bf3a55ba0122a7", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "MS_Visual_Cpp_6_0", "description": "SHA256 of a07fea56b45d0d1ebb6df4589e750464", "expiration": null, "is_active": 1 }, { "id": 3409659919, "indicator": "ca7a43f2089394fcdd24599648eb9206c44d81a5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f10cb0001c5c538a3c37b7ef695502d8be4984992747ad94b2bf3a55ba0122a7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f10cb0001c5c538a3c37b7ef695502d8be4984992747ad94b2bf3a55ba0122a7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a07fea56b45d0d1ebb6df4589e750464\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aggio&rna Ctrl+S\" fullword wide \n \t\t $s2= \"&Annulla Ctrl+Z\" fullword wide \n \t\t $s3= \"&Apri... Ctrl+A\" fullword wide \n \t\t $s4= \"Bakshe Document\" fullword wide \n \t\t $s5= \"bakshell Applicazione\" fullword wide \n \t\t $s6= \"Bakshell.Document\" fullword wide \n \t\t $s7= \"Colle&gamenti...\" fullword wide \n \t\t $s8= \"Converti oggetto\" fullword wide \n \t\t $s9= \"FileDescription\" fullword wide \n \t\t $s10= \"IDR_BAKSHETYPE_SRVR_IP\" fullword wide \n \t\t $s11= \"Imposta s&tampante...\" fullword wide \n \t\t $s12= \"&Incolla Ctrl+V\" fullword wide \n \t\t $s13= \"Incolla &speciale...\" fullword wide \n \t\t $s14= \"Incolla speciale\" fullword wide \n \t\t $s15= \"LegalTrademarks\" fullword wide \n \t\t $s16= \"OriginalFilename\" fullword wide \n \t\t $s17= \"Riquadro precedente\" fullword wide \n \t\t $s18= \"Seleziona tutto\" fullword wide \n \t\t $s19= \"Stam&pa... Ctrl+P\" fullword wide \n \t\t $s20= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??6c??61??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??41??70??72??69??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex3= {26??49??6e??63??6f??6c??6c??61??20??43??74??72??6c??2b??56??0a??} \n \t\t $hex4= {41??67??67??69??6f??26??72??6e??61??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex5= {42??61??6b??73??68??65??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex6= {42??61??6b??73??68??65??6c??6c??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {43??6f??6c??6c??65??26??67??61??6d??65??6e??74??69??2e??2e??2e??0a??} \n \t\t $hex8= {43??6f??6e??76??65??72??74??69??20??6f??67??67??65??74??74??6f??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??44??52??5f??42??41??4b??53??48??45??54??59??50??45??5f??53??52??56??52??5f??49??50??0a??} \n \t\t $hex11= {49??6d??70??6f??73??74??61??20??73??26??74??61??6d??70??61??6e??74??65??2e??2e??2e??0a??} \n \t\t $hex12= {49??6e??63??6f??6c??6c??61??20??26??73??70??65??63??69??61??6c??65??2e??2e??2e??0a??} \n \t\t $hex13= {49??6e??63??6f??6c??6c??61??20??73??70??65??63??69??61??6c??65??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {52??69??71??75??61??64??72??6f??20??70??72??65??63??65??64??65??6e??74??65??0a??} \n \t\t $hex17= {53??65??6c??65??7a??69??6f??6e??61??20??74??75??74??74??6f??0a??} \n \t\t $hex18= {53??74??61??6d??26??70??61??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex19= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex20= {62??61??6b??73??68??65??6c??6c??20??41??70??70??6c??69??63??61??7a??69??6f??6e??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_f10cb0001c5c538a3c37b7ef695502d8be4984992747ad94b2bf3a55ba0122a7 Group", "expiration": null, "is_active": 1 }, { "id": 3409659920, "indicator": "6180dcf55072611049e0e0503c80a23239a1bf0e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2bd698ae474b18cf4748edd99bd6c9e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"american english\" fullword wide \n \t\t $s3= \"american-english\" fullword wide \n \t\t $s4= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"chinese-hongkong\" fullword wide \n \t\t $s13= \"chinese-simplified\" fullword wide \n \t\t $s14= \"chinese-singapore\" fullword wide \n \t\t $s15= \"chinese-traditional\" fullword wide \n \t\t $s16= \"english-american\" fullword wide \n \t\t $s17= \"english-caribbean\" fullword wide \n \t\t $s18= \"english-jamaica\" fullword wide \n \t\t $s19= \"english-south africa\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex13= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex14= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex15= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex16= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex17= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex18= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex19= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex20= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_7612c9240a766c427ee63cdd81c434bf646070792ead8748d3dcb2d1d326758d Group", "expiration": null, "is_active": 1 }, { "id": 3409659921, "indicator": "a07f60f863ae11b65650b3dee497d8f6e79c17bc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c1cb28327d3364768d1c1e4ce0d9bc07\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s10= \"FileDescription\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_2c71eb5c781daa43047fa6e3d85d51a061aa1dfa41feb338e0d4139a6dfd6910 Group", "expiration": null, "is_active": 1 }, { "id": 3190220677, "indicator": "7c6a93b85ff05f47572b6525345723a5d9ee5cf0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 4d449395552584ef28c7dea47e54cb30", "expiration": null, "is_active": 1 }, { "id": 1598883473, "indicator": "ea911f1fa8e3467744f12ac0eccd639f9f70baa2cb6c7ea7b4177b48d8597352", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 4d449395552584ef28c7dea47e54cb30", "expiration": null, "is_active": 1 }, { "id": 3409659922, "indicator": "5709856f4212dae0a0736b35eca8067bcd12fffb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_ea911f1fa8e3467744f12ac0eccd639f9f70baa2cb6c7ea7b4177b48d8597352 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ea911f1fa8e3467744f12ac0eccd639f9f70baa2cb6c7ea7b4177b48d8597352 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4d449395552584ef28c7dea47e54cb30\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"copyright(C) 2012-2022\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {63??6f??70??79??72??69??67??68??74??28??43??29??20??32??30??31??32??2d??32??30??32??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_ea911f1fa8e3467744f12ac0eccd639f9f70baa2cb6c7ea7b4177b48d8597352 Group", "expiration": null, "is_active": 1 }, { "id": 3190220687, "indicator": "c0f6fdf2e9bc964c15e15810acdfaf3182ad7868", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 492c9ea17e215053db1c214bb369684f", "expiration": null, "is_active": 1 }, { "id": 1598883465, "indicator": "d9798d324227eeb90b7d1134fe7d1e271e22ace3feac687fd49b34c48501b480", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 492c9ea17e215053db1c214bb369684f", "expiration": null, "is_active": 1 }, { "id": 3409659923, "indicator": "5543853ba450f96bd3634eccaaf413cb2e539d03", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d9798d324227eeb90b7d1134fe7d1e271e22ace3feac687fd49b34c48501b480 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d9798d324227eeb90b7d1134fe7d1e271e22ace3feac687fd49b34c48501b480 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"492c9ea17e215053db1c214bb369684f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VizorHtmlDialog\" fullword wide \n \t\t $s5= \"VizorHtmlDialog.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??0a??} \n \t\t $hex6= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_d9798d324227eeb90b7d1134fe7d1e271e22ace3feac687fd49b34c48501b480 Group", "expiration": null, "is_active": 1 }, { "id": 3008023395, "indicator": "665071312c8bdcbe35a663201c3a86b10e3c6c11", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 08709f35581e0958d1ca4e50b7d86dba", "expiration": null, "is_active": 1 }, { "id": 1598883468, "indicator": "ddf26f97fb3b8caf13aedc2518ec27530c7d2efe9b2d8c356c202d21bb642d28", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 08709f35581e0958d1ca4e50b7d86dba", "expiration": null, "is_active": 1 }, { "id": 3409659924, "indicator": "f1538f954d32d5e3de6721c0b77844ea34aa6c33", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_ddf26f97fb3b8caf13aedc2518ec27530c7d2efe9b2d8c356c202d21bb642d28 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ddf26f97fb3b8caf13aedc2518ec27530c7d2efe9b2d8c356c202d21bb642d28 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"08709f35581e0958d1ca4e50b7d86dba\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"SysTabControl32\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_ddf26f97fb3b8caf13aedc2518ec27530c7d2efe9b2d8c356c202d21bb642d28 Group", "expiration": null, "is_active": 1 }, { "id": 3409659925, "indicator": "a796ad7a8bef502b50f23187012d6580d4a739e2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"472b1710794d5c420b9d921c484ca9e8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e6ecb146f469d243945ad8a5451ba1129c5b190f7d50c64580dbad4b8246f88e Group", "expiration": null, "is_active": 1 }, { "id": 3409659926, "indicator": "ca634a01d3eaa6731e16665846cf997027480158", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dbb867c2250b5be4e67d1977fcf721fb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_cb0c8681a407a76f8c0fd2512197aafad8120aa62e5c871c29d1fd2a102bc628 Group", "expiration": null, "is_active": 1 }, { "id": 3409659927, "indicator": "e94c572bf03294a0817c5d87a3c5a2ba9d9c8026", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"583ab1678588b754899b9d2c58f20aa2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_3827ea7e7a55a2e541661b78a70285414d2e3c2ff77dc2e20311b1d8c2dda9e0 Group", "expiration": null, "is_active": 1 }, { "id": 3409659928, "indicator": "0eda45eff3fbdb393b77fb01dfa111495147cd8a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0c0a39e1cab4fc9896bdf5ef3c96a716\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_316e89d866d5c710530c2103f183d86c31e9a90d55e2ebc2dda94f112f3bdb6d Group", "expiration": null, "is_active": 1 }, { "id": 3363915097, "indicator": "f29f91c47846535c478102a156a8ac2411d9cd5a", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of edfa6607207ddbca961ae7b78405f761", "expiration": null, "is_active": 1 }, { "id": 1598883460, "indicator": "d0e526a19497117a854f1ac9a9347f7621709afc3548c2e6a46b19e833578eac", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of edfa6607207ddbca961ae7b78405f761", "expiration": null, "is_active": 1 }, { "id": 3409659929, "indicator": "9b1da753cd637c5899ed0141e64003cb4104b7b0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d0e526a19497117a854f1ac9a9347f7621709afc3548c2e6a46b19e833578eac { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d0e526a19497117a854f1ac9a9347f7621709afc3548c2e6a46b19e833578eac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"edfa6607207ddbca961ae7b78405f761\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"english-american\" fullword wide \n \t\t $s8= \"english-caribbean\" fullword wide \n \t\t $s9= \"english-jamaica\" fullword wide \n \t\t $s10= \"english-south africa\" fullword wide \n \t\t $s11= \"french-canadian\" fullword wide \n \t\t $s12= \"french-luxembourg\" fullword wide \n \t\t $s13= \"german-austrian\" fullword wide \n \t\t $s14= \"german-lichtenstein\" fullword wide \n \t\t $s15= \"german-luxembourg\" fullword wide \n \t\t $s16= \"norwegian-bokmal\" fullword wide \n \t\t $s17= \"norwegian-nynorsk\" fullword wide \n \t\t $s18= \"portuguese-brazilian\" fullword wide \n \t\t $s19= \"spanish-argentina\" fullword wide \n \t\t $s20= \"spanish-bolivia\" fullword wide \n \n \t\t $hex1= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex4= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex7= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex8= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex9= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex11= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex12= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex13= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex14= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex15= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex16= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \t\t $hex17= {6e??6f??72??77??65??67??69??61??6e??2d??6e??79??6e??6f??72??73??6b??0a??} \n \t\t $hex18= {70??6f??72??74??75??67??75??65??73??65??2d??62??72??61??7a??69??6c??69??61??6e??0a??} \n \t\t $hex19= {73??70??61??6e??69??73??68??2d??61??72??67??65??6e??74??69??6e??61??0a??} \n \t\t $hex20= {73??70??61??6e??69??73??68??2d??62??6f??6c??69??76??69??61??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_d0e526a19497117a854f1ac9a9347f7621709afc3548c2e6a46b19e833578eac Group", "expiration": null, "is_active": 1 }, { "id": 3409659930, "indicator": "2dea58095d1798e884f7d6f3f3d40190ec3ab287", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of e85005524e8e6a8612c9d0899bb952d6", "expiration": null, "is_active": 1 }, { "id": 1294676591, "indicator": "13ea0b029b797ca222d54f81a22623719bc440a89cdd8108611ab2354152297c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of e85005524e8e6a8612c9d0899bb952d6", "expiration": null, "is_active": 1 }, { "id": 3409659931, "indicator": "4b06639a733741c27ebe21ee280c821ae1e19893", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_13ea0b029b797ca222d54f81a22623719bc440a89cdd8108611ab2354152297c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_13ea0b029b797ca222d54f81a22623719bc440a89cdd8108611ab2354152297c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-07-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e85005524e8e6a8612c9d0899bb952d6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"/a>\" fullword wide \n \t\t $s2= \"MfcFontComboBox\" fullword wide \n \t\t $s3= \"msctls_progress32\" fullword wide \n \t\t $s4= \"Win32CHbuQiFine\" fullword wide \n \t\t $s5= \"Win32CHbuQiFine\" fullword wide \n \n \t\t $hex1= {2f??61??3e??0a??} \n \t\t $hex2= {4d??66??63??46??6f??6e??74??43??6f??6d??62??6f??42??6f??78??0a??} \n \t\t $hex3= {57??69??6e??33??32??43??48??62??75??51??69??46??69??6e??65??0a??} \n \t\t $hex4= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_13ea0b029b797ca222d54f81a22623719bc440a89cdd8108611ab2354152297c Group", "expiration": null, "is_active": 1 }, { "id": 3409659932, "indicator": "4a723eb70c1696cdb03904243e996e4c650d3b00", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e0593f81fdf39eefd17427adac3825e2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NET\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"NetFramwork.exe\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"=^@ZTSFY|KyjAo=+7/lJ$x s#\" fullword wide \n \n \t\t $hex1= {3d??5e??40??5a??54??53??46??59??7c??4b??79??6a??41??6f??3d??2b??37??2f??6c??4a??24??78??20??73??23??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {43??3a??57??69??6e??64??6f??77??73??4d??69??63??72??6f??73??6f??66??74??2e??4e??45??54??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4e??65??74??46??72??61??6d??77??6f??72??6b??2e??65??78??65??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_bec6fd77ae63e20f319279adcbcb3585055a85496923d3aa7e5ccfaf40fdfe9a Group", "expiration": null, "is_active": 1 }, { "id": 3409659933, "indicator": "e4acf1d19a000b04fa2dc83d0773f4ca313adbf2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac0ff4bad83350b7dde27af8728a469f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"american english\" fullword wide \n \t\t $s3= \"american-english\" fullword wide \n \t\t $s4= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"chinese-hongkong\" fullword wide \n \t\t $s13= \"chinese-simplified\" fullword wide \n \t\t $s14= \"chinese-singapore\" fullword wide \n \t\t $s15= \"chinese-traditional\" fullword wide \n \t\t $s16= \"english-american\" fullword wide \n \t\t $s17= \"english-caribbean\" fullword wide \n \t\t $s18= \"english-jamaica\" fullword wide \n \t\t $s19= \"english-south africa\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex13= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex14= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex15= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex16= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex17= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex18= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex19= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex20= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_73794263b657632805c8c3907e2f20a9743d8c9b83aa3e21629eccc5de02b1ca Group", "expiration": null, "is_active": 1 }, { "id": 3409659934, "indicator": "251105b24be980f71801ae70ff763c412dd4b156", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3a3f50f69463fce29e3560e5eddcbc1366da47938d180c0930e53ea22d7385b2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3a3f50f69463fce29e3560e5eddcbc1366da47938d180c0930e53ea22d7385b2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0b87f38f9151ef81e07c2cdd8a602335\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"Copyright(C) 2012\" fullword wide \n \t\t $s3= \"DateTimePicker1\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s10= \"symantecErro Reporter\" fullword wide \n \t\t $s11= \"SysDateTimePick32\" fullword wide \n \t\t $s12= \"SysReporter.exe\" fullword wide \n \t\t $s13= \"SysTabControl32\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {43??6f??70??79??72??69??67??68??74??28??43??29??20??32??30??31??32??0a??} \n \t\t $hex5= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex10= {53??79??73??52??65??70??6f??72??74??65??72??2e??65??78??65??0a??} \n \t\t $hex11= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex12= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex13= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \t\t $hex14= {73??79??6d??61??6e??74??65??63??45??72??72??6f??20??52??65??70??6f??72??74??65??72??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_3a3f50f69463fce29e3560e5eddcbc1366da47938d180c0930e53ea22d7385b2 Group", "expiration": null, "is_active": 1 }, { "id": 3190220673, "indicator": "668ae28b10f14a01db4f80fa953bdad1be882585", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA1 of 22d799e3fe58e5d10341080d370b683e", "expiration": null, "is_active": 1 }, { "id": 1598883430, "indicator": "9d97fcae1f2d8a931cf235b022efe5a9e1656cfa6fcdf6f38446afa183fc1141", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-18", "description": "SHA256 of 22d799e3fe58e5d10341080d370b683e", "expiration": null, "is_active": 1 }, { "id": 3409660000, "indicator": "586d0b20d97590a91c41cbde677339d09f07dd31", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_9d97fcae1f2d8a931cf235b022efe5a9e1656cfa6fcdf6f38446afa183fc1141 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_9d97fcae1f2d8a931cf235b022efe5a9e1656cfa6fcdf6f38446afa183fc1141 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"22d799e3fe58e5d10341080d370b683e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"My20130401.Document\" fullword wide \n \t\t $s8= \"My2013 Document\" fullword wide \n \t\t $s9= \"&Open... Ctrl+O\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"Paste &Special...\" fullword wide \n \t\t $s12= \"&Print... Ctrl+P\" fullword wide \n \t\t $s13= \"P&rint Setup...\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_9d97fcae1f2d8a931cf235b022efe5a9e1656cfa6fcdf6f38446afa183fc1141 Group", "expiration": null, "is_active": 1 }, { "id": 3409660001, "indicator": "f541db188351981c40781a4bdfe9f34f768fbb54", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ca9644ef0f7ed355a842f6e2d4511546\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_bc2f07066c624663b0a6f71cb965009d4d9b480213de51809cdc454ca55f1a91 Group", "expiration": null, "is_active": 1 }, { "id": 3409660002, "indicator": "09908475d3b14cd885129a1cd48494a730ca05c0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e696b38ac71b23f50ee68da06a004af3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreateThread failed\" fullword wide \n \t\t $s2= \"CryptProtectMemory failed\" fullword wide \n \t\t $s3= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"li>\" fullword wide \n \t\t $s6= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s7= \"ProgramFilesDir\" fullword wide \n \t\t $s8= \"RarHtmlClassName\" fullword wide \n \t\t $s9= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s10= \"SeRestorePrivilege\" fullword wide \n \t\t $s11= \"SeSecurityPrivilege\" fullword wide \n \t\t $s12= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s13= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s14= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {43??72??65??61??74??65??54??68??72??65??61??64??20??66??61??69??6c??65??64??0a??} \n \t\t $hex2= {43??72??79??70??74??50??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex3= {43??72??79??70??74??55??6e??70??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??43??72??65??61??74??65??53??79??6d??62??6f??6c??69??63??4c??69??6e??6b??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex10= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex11= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex12= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex13= {6c??69??3e??0a??} \n \t\t $hex14= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_da01734bacb716ac303f3018d3c4cf7fdc0784d157bb99976bd3d5a51381d34e Group", "expiration": null, "is_active": 1 }, { "id": 3254663177, "indicator": "9ddd5e32b1d3b400d4a9ffaa90268a83673f6f11", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of e0ab70ff814592a18864eb05a516a711\nSHA1 of e0ab70ff814592a18864eb05a516a711", "expiration": null, "is_active": 1 }, { "id": 1636611047, "indicator": "5a8e92ae2ee4ce1493dbb56cceb13fdae1c0d46f3e6b0bb535412bd2a9e77f10", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of e0ab70ff814592a18864eb05a516a711\nSHA256 of e0ab70ff814592a18864eb05a516a711", "expiration": null, "is_active": 1 }, { "id": 3409660003, "indicator": "2da7f8f4dd0a2781cde0f1c91deaa3d3430bcba5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5a8e92ae2ee4ce1493dbb56cceb13fdae1c0d46f3e6b0bb535412bd2a9e77f10 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5a8e92ae2ee4ce1493dbb56cceb13fdae1c0d46f3e6b0bb535412bd2a9e77f10 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e0ab70ff814592a18864eb05a516a711\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"VS_VERSION_INFO\" fullword wide \n \t\t $s4= \"WinXorAbookCoeBao\" fullword wide \n \t\t $s5= \"WinXorAbookCoeBao\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??69??6e??58??6f??72??41??62??6f??6f??6b??43??6f??65??42??61??6f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_5a8e92ae2ee4ce1493dbb56cceb13fdae1c0d46f3e6b0bb535412bd2a9e77f10 Group", "expiration": null, "is_active": 1 }, { "id": 3409660004, "indicator": "de093b4e0cd26375594b7d473e6618b28714eefa", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5765f755db1cfb449ba22bafec5b646aebabddb51430a00cf02493aa522ab248 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5765f755db1cfb449ba22bafec5b646aebabddb51430a00cf02493aa522ab248 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"79e5a1d9adad4d64c8f5be2eb8345605\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Annuler Ctrl+Z\" fullword wide \n \t\t $s2= \"Application MFC\" fullword wide \n \t\t $s3= \"BarckH Document\" fullword wide \n \t\t $s4= \"BarckH.Document\" fullword wide \n \t\t $s5= \"&Barre d'outils\" fullword wide \n \t\t $s6= \"&Enregistrer Ctrl+S\" fullword wide \n \t\t $s7= \"En®istrer sous...\" fullword wide \n \t\t $s8= \"FileDescription\" fullword wide \n \t\t $s9= \"&Imprimer... Ctrl+P\" fullword wide \n \t\t $s10= \"LegalTrademarks\" fullword wide \n \t\t $s11= \"&Nouveau Ctrl+N\" fullword wide \n \t\t $s12= \"OriginalFilename\" fullword wide \n \t\t $s13= \"&Ouvrir... Ctrl+O\" fullword wide \n \t\t $s14= \"rganization automatique\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??42??61??72??72??65??20??64??27??6f??75??74??69??6c??73??0a??} \n \t\t $hex3= {26??45??6e??72??65??67??69??73??74??72??65??72??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??65??72??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex5= {26??4e??6f??75??76??65??61??75??20??43??74??72??6c??2b??4e??0a??} \n \t\t $hex6= {26??4f??75??76??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex7= {41??70??70??6c??69??63??61??74??69??6f??6e??20??4d??46??43??0a??} \n \t\t $hex8= {42??61??72??63??6b??48??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {42??61??72??63??6b??48??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {45??6e??26??72??65??67??69??73??74??72??65??72??20??73??6f??75??73??2e??2e??2e??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {72??67??61??6e??69??7a??61??74??69??6f??6e??20??61??75??74??6f??6d??61??74??69??71??75??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_5765f755db1cfb449ba22bafec5b646aebabddb51430a00cf02493aa522ab248 Group", "expiration": null, "is_active": 1 }, { "id": 3409660005, "indicator": "159e49b7a02e5a427943b87b924646a48da2d70e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"69f8ac18b047aa0c70eaf982fa1e483c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_e6ab4cde17065c97850c2e7e6c308918861c040e7398715138d1488e3ae38c34 Group", "expiration": null, "is_active": 1 }, { "id": 3254663171, "indicator": "72d97af0725d993e1679bdca183e7fd96a1378d4", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of babd8cd2f24c809fedec1a5642b5fe46", "expiration": null, "is_active": 1 }, { "id": 1636611316, "indicator": "e7a60eec1f66ac089f13f9478dcf06b922bfe4b4f3a4fbbbf054e3202e58519a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of babd8cd2f24c809fedec1a5642b5fe46", "expiration": null, "is_active": 1 }, { "id": 3409660006, "indicator": "8bbc25be18b2910477e5f78daaad25b48f45601b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_e7a60eec1f66ac089f13f9478dcf06b922bfe4b4f3a4fbbbf054e3202e58519a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e7a60eec1f66ac089f13f9478dcf06b922bfe4b4f3a4fbbbf054e3202e58519a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"babd8cd2f24c809fedec1a5642b5fe46\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"BmpFile(&A)...\" fullword wide \n \t\t $s2= \"BmpFile Microsoft\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??6d??70??46??69??6c??65??20??4d??69??63??72??6f??73??6f??66??74??0a??} \n \t\t $hex2= {42??6d??70??46??69??6c??65??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_e7a60eec1f66ac089f13f9478dcf06b922bfe4b4f3a4fbbbf054e3202e58519a Group", "expiration": null, "is_active": 1 }, { "id": 3409660007, "indicator": "293f2ccd526ac8246b690bb5fd4b028334b5b9e3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a93859e5f7079d6746832a3a22ff65c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"@Data/gl/b10.bmp\" fullword wide \n \t\t $s10= \"Data/info/floor.png\" fullword wide \n \t\t $s11= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s12= \"FileDescription\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {40??44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex13= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex14= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_ae6b45a92384f6e43672e617c53a44225e2944d66c1ffb074694526386074145 Group", "expiration": null, "is_active": 1 }, { "id": 3409660008, "indicator": "ae312a32fcfa37a6aeeea52020ae07da868aeadf", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5d731406a57beb742a69105397a9db85f5cfccf38a2cb939e45d0e0309281d5b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5d731406a57beb742a69105397a9db85f5cfccf38a2cb939e45d0e0309281d5b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a1d0f8895052b60c4d2860556494f233\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"WINDOWSActives.exe\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??49??4e??44??4f??57??53??41??63??74??69??76??65??73??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_5d731406a57beb742a69105397a9db85f5cfccf38a2cb939e45d0e0309281d5b Group", "expiration": null, "is_active": 1 }, { "id": 3190220661, "indicator": "2d7a1d30b31cf3622539c3473c5eb8a31d4bc006", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 6285cba13fc5c2538e31c7f2529c7069", "expiration": null, "is_active": 1 }, { "id": 1598883463, "indicator": "d7e1e1f3d4cde26ebf4c78cfadc6353ebb77682c286a016e72474175759cfe43", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 6285cba13fc5c2538e31c7f2529c7069", "expiration": null, "is_active": 1 }, { "id": 3409660009, "indicator": "80c9072d52efe0814b7afa124e696c15647926e2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d7e1e1f3d4cde26ebf4c78cfadc6353ebb77682c286a016e72474175759cfe43 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d7e1e1f3d4cde26ebf4c78cfadc6353ebb77682c286a016e72474175759cfe43 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6285cba13fc5c2538e31c7f2529c7069\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"My20130401.Document\" fullword wide \n \t\t $s8= \"My2013 Document\" fullword wide \n \t\t $s9= \"&Open... Ctrl+O\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"Paste &Special...\" fullword wide \n \t\t $s12= \"&Print... Ctrl+P\" fullword wide \n \t\t $s13= \"P&rint Setup...\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_d7e1e1f3d4cde26ebf4c78cfadc6353ebb77682c286a016e72474175759cfe43 Group", "expiration": null, "is_active": 1 }, { "id": 3409660010, "indicator": "58429d85a34ffe52cc6b463ffeb1ff85fc689271", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1bc481cb01b205095c86174a171676d8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"FileDescription\" fullword wide \n \t\t $s12= \"Microsoft Corporation\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??61??70??70??6d??6f??64??65??6c??2d??72??75??6e??74??69??6d??65??2d??6c??31??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex13= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex14= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_aab1bf0410ad886861770d1b72afd9528986680f3894fa59cded13c43d621454 Group", "expiration": null, "is_active": 1 }, { "id": 3363915096, "indicator": "f1e7e4020393a603bae8f4822ae9ca9af6bf36c2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of d84851ad131424f04fbffc3bbac03bff", "expiration": null, "is_active": 1 }, { "id": 1598883425, "indicator": "976aa2d1645c191ea44b9452dca9c8cf670ce45bfd014f0dcad4ae58eb37a501", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of d84851ad131424f04fbffc3bbac03bff", "expiration": null, "is_active": 1 }, { "id": 3409660011, "indicator": "5b316fa4702140e04ace03b63e46bf94a8afa390", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_976aa2d1645c191ea44b9452dca9c8cf670ce45bfd014f0dcad4ae58eb37a501 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_976aa2d1645c191ea44b9452dca9c8cf670ce45bfd014f0dcad4ae58eb37a501 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d84851ad131424f04fbffc3bbac03bff\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Sundar_Game...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"Sundar_Game Application\" fullword wide \n \t\t $s6= \"Sundar_Game.EXE\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??53??75??6e??64??61??72??5f??47??61??6d??65??2e??2e??2e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??75??6e??64??61??72??5f??47??61??6d??65??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex6= {53??75??6e??64??61??72??5f??47??61??6d??65??2e??45??58??45??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_976aa2d1645c191ea44b9452dca9c8cf670ce45bfd014f0dcad4ae58eb37a501 Group", "expiration": null, "is_active": 1 }, { "id": 3409660012, "indicator": "efc943157401f5b51bf836d070cb1959e29a369c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5b4028728d8011a2003b7ce6b9ec663dd6a60b7adcc20e2125da318e2d9e13f4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5b4028728d8011a2003b7ce6b9ec663dd6a60b7adcc20e2125da318e2d9e13f4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b4bea824c539785dedb83c8599c90255\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aggio&rna Ctrl+S\" fullword wide \n \t\t $s2= \"&Annulla Ctrl+Z\" fullword wide \n \t\t $s3= \"&Apri... Ctrl+A\" fullword wide \n \t\t $s4= \"Bakshe Document\" fullword wide \n \t\t $s5= \"bakshell Applicazione\" fullword wide \n \t\t $s6= \"Bakshell.Document\" fullword wide \n \t\t $s7= \"Colle&gamenti...\" fullword wide \n \t\t $s8= \"Converti oggetto\" fullword wide \n \t\t $s9= \"FileDescription\" fullword wide \n \t\t $s10= \"IDR_BAKSHETYPE_SRVR_IP\" fullword wide \n \t\t $s11= \"Imposta s&tampante...\" fullword wide \n \t\t $s12= \"&Incolla Ctrl+V\" fullword wide \n \t\t $s13= \"Incolla &speciale...\" fullword wide \n \t\t $s14= \"Incolla speciale\" fullword wide \n \t\t $s15= \"LegalTrademarks\" fullword wide \n \t\t $s16= \"OriginalFilename\" fullword wide \n \t\t $s17= \"Riquadro precedente\" fullword wide \n \t\t $s18= \"Seleziona tutto\" fullword wide \n \t\t $s19= \"Stam&pa... Ctrl+P\" fullword wide \n \t\t $s20= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??6c??61??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??41??70??72??69??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex3= {26??49??6e??63??6f??6c??6c??61??20??43??74??72??6c??2b??56??0a??} \n \t\t $hex4= {41??67??67??69??6f??26??72??6e??61??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex5= {42??61??6b??73??68??65??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex6= {42??61??6b??73??68??65??6c??6c??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {43??6f??6c??6c??65??26??67??61??6d??65??6e??74??69??2e??2e??2e??0a??} \n \t\t $hex8= {43??6f??6e??76??65??72??74??69??20??6f??67??67??65??74??74??6f??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??44??52??5f??42??41??4b??53??48??45??54??59??50??45??5f??53??52??56??52??5f??49??50??0a??} \n \t\t $hex11= {49??6d??70??6f??73??74??61??20??73??26??74??61??6d??70??61??6e??74??65??2e??2e??2e??0a??} \n \t\t $hex12= {49??6e??63??6f??6c??6c??61??20??26??73??70??65??63??69??61??6c??65??2e??2e??2e??0a??} \n \t\t $hex13= {49??6e??63??6f??6c??6c??61??20??73??70??65??63??69??61??6c??65??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {52??69??71??75??61??64??72??6f??20??70??72??65??63??65??64??65??6e??74??65??0a??} \n \t\t $hex17= {53??65??6c??65??7a??69??6f??6e??61??20??74??75??74??74??6f??0a??} \n \t\t $hex18= {53??74??61??6d??26??70??61??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex19= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex20= {62??61??6b??73??68??65??6c??6c??20??41??70??70??6c??69??63??61??7a??69??6f??6e??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_5b4028728d8011a2003b7ce6b9ec663dd6a60b7adcc20e2125da318e2d9e13f4 Group", "expiration": null, "is_active": 1 }, { "id": 3190220688, "indicator": "c1e365ebc4bb92f02f3ac64596c0fd56fdcce351", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 584f13c639ecf696781515a593234deb", "expiration": null, "is_active": 1 }, { "id": 1294676778, "indicator": "dc1b928dfaa59a17c5f97c6afacf7aea753c922f0b3e5d8b29d58d72af34134d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 584f13c639ecf696781515a593234deb", "expiration": null, "is_active": 1 }, { "id": 3409660013, "indicator": "14aaba2474aafbd8c788b354a3ab6b7d162c319a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_dc1b928dfaa59a17c5f97c6afacf7aea753c922f0b3e5d8b29d58d72af34134d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_dc1b928dfaa59a17c5f97c6afacf7aea753c922f0b3e5d8b29d58d72af34134d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"584f13c639ecf696781515a593234deb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"/a>\" fullword wide \n \t\t $s2= \"MfcFontComboBox\" fullword wide \n \t\t $s3= \"msctls_progress32\" fullword wide \n \t\t $s4= \"Win32CHbuQiFine\" fullword wide \n \t\t $s5= \"Win32CHbuQiFine\" fullword wide \n \n \t\t $hex1= {2f??61??3e??0a??} \n \t\t $hex2= {4d??66??63??46??6f??6e??74??43??6f??6d??62??6f??42??6f??78??0a??} \n \t\t $hex3= {57??69??6e??33??32??43??48??62??75??51??69??46??69??6e??65??0a??} \n \t\t $hex4= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_dc1b928dfaa59a17c5f97c6afacf7aea753c922f0b3e5d8b29d58d72af34134d Group", "expiration": null, "is_active": 1 }, { "id": 1818872669, "indicator": "86d61f252e99c72c2dfb53a4f774517842893451", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 5c5401fd7d32f481570511c73083e9a1", "expiration": null, "is_active": 1 }, { "id": 1598883557, "indicator": "f9612fd688b9acd67e2da56c3f953c0681fbd227f6048b09ec0252dfe104e903", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 5c5401fd7d32f481570511c73083e9a1", "expiration": null, "is_active": 1 }, { "id": 3409660014, "indicator": "0f613772945ca6f3e5900e6e5e3fb967548df08c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f9612fd688b9acd67e2da56c3f953c0681fbd227f6048b09ec0252dfe104e903 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f9612fd688b9acd67e2da56c3f953c0681fbd227f6048b09ec0252dfe104e903 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5c5401fd7d32f481570511c73083e9a1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"My20130401.Document\" fullword wide \n \t\t $s6= \"My2013 Document\" fullword wide \n \t\t $s7= \"&Open... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Paste &Special...\" fullword wide \n \t\t $s10= \"&Print... Ctrl+P\" fullword wide \n \t\t $s11= \"P&rint Setup...\" fullword wide \n \t\t $s12= \"Symantec Corporation\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex11= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex12= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_f9612fd688b9acd67e2da56c3f953c0681fbd227f6048b09ec0252dfe104e903 Group", "expiration": null, "is_active": 1 }, { "id": 3409660015, "indicator": "f60cee86e42873b5fe278a9e0d72031358723f53", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"16ab92cc9a5d40cf0e3fa01fed0dd80f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??61??70??70??6d??6f??64??65??6c??2d??72??75??6e??74??69??6d??65??2d??6c??31??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex11= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_104d02d4149b4983e411031c3d782db79783a41333a0308b6fc368605e10d5c7 Group", "expiration": null, "is_active": 1 }, { "id": 2582717249, "indicator": "ef4c2fba92c032633e02cab43fc99d435de651ae", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 6a3b8d24c125f3a3c7cff526e63297f3", "expiration": null, "is_active": 1 }, { "id": 1598883451, "indicator": "c05f366ebfe3bee7d41496f27789896b9cc581c6bd58c65c56c7f375dd079a03", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 6a3b8d24c125f3a3c7cff526e63297f3", "expiration": null, "is_active": 1 }, { "id": 3409660016, "indicator": "6d3d5ccad8d295e16dc0722ff788fa697807b5df", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c05f366ebfe3bee7d41496f27789896b9cc581c6bd58c65c56c7f375dd079a03 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c05f366ebfe3bee7d41496f27789896b9cc581c6bd58c65c56c7f375dd079a03 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6a3b8d24c125f3a3c7cff526e63297f3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"About crocodile\" fullword wide \n \t\t $s2= \"CopyRight(C) 2013\" fullword wide \n \t\t $s3= \"Crocod Document\" fullword wide \n \t\t $s4= \"crocodile(&A)...\" fullword wide \n \t\t $s5= \"Crocodile.Document\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"VirusScan Enterprise\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??62??6f??75??74??20??63??72??6f??63??6f??64??69??6c??65??0a??} \n \t\t $hex2= {43??6f??70??79??52??69??67??68??74??28??43??29??20??32??30??31??33??0a??} \n \t\t $hex3= {43??72??6f??63??6f??64??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex4= {43??72??6f??63??6f??64??69??6c??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {56??69??72??75??73??53??63??61??6e??20??45??6e??74??65??72??70??72??69??73??65??0a??} \n \t\t $hex8= {63??72??6f??63??6f??64??69??6c??65??28??26??41??29??2e??2e??2e??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_c05f366ebfe3bee7d41496f27789896b9cc581c6bd58c65c56c7f375dd079a03 Group", "expiration": null, "is_active": 1 }, { "id": 3254663178, "indicator": "7ec8129e63eb6b151dbfb2b5d4727ca9c6d8721c", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of f6a79b54c6351c32fe35cda9a78b607f", "expiration": null, "is_active": 1 }, { "id": 1598883424, "indicator": "97187a61b57d238bc7fd0092d570c5ab0cfcc132cf3b0969e2f6e4190b1fa942", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of f6a79b54c6351c32fe35cda9a78b607f", "expiration": null, "is_active": 1 }, { "id": 3409660017, "indicator": "f1c79b5e7d1dd5464af2f7b6451cb4074409ddab", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_97187a61b57d238bc7fd0092d570c5ab0cfcc132cf3b0969e2f6e4190b1fa942 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_97187a61b57d238bc7fd0092d570c5ab0cfcc132cf3b0969e2f6e4190b1fa942 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f6a79b54c6351c32fe35cda9a78b607f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Application Mircrosoft\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Application\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??70??70??6c??69??63??61??74??69??6f??6e??20??4d??69??72??63??72??6f??73??6f??66??74??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_97187a61b57d238bc7fd0092d570c5ab0cfcc132cf3b0969e2f6e4190b1fa942 Group", "expiration": null, "is_active": 1 }, { "id": 3254663166, "indicator": "110a0d45605e842bad1c022d69f912dcf39dfbfe", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 923c0e5dec753e3b7eb6d8f441a7206f", "expiration": null, "is_active": 1 }, { "id": 2708558, "indicator": "a6216402f9dd70c1e89541c6500197e4add10004725e9dade61b8d1c436e58fd", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 923c0e5dec753e3b7eb6d8f441a7206f", "expiration": null, "is_active": 1 }, { "id": 3409660018, "indicator": "bcc7cc6f42850711a6a005077cdaca38a44ada8b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_a6216402f9dd70c1e89541c6500197e4add10004725e9dade61b8d1c436e58fd { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a6216402f9dd70c1e89541c6500197e4add10004725e9dade61b8d1c436e58fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"923c0e5dec753e3b7eb6d8f441a7206f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"VS_VERSION_INFO\" fullword wide \n \t\t $s4= \"WinXorAbookCoeBao\" fullword wide \n \t\t $s5= \"WinXorAbookCoeBao\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??69??6e??58??6f??72??41??62??6f??6f??6b??43??6f??65??42??61??6f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_a6216402f9dd70c1e89541c6500197e4add10004725e9dade61b8d1c436e58fd Group", "expiration": null, "is_active": 1 }, { "id": 1404439742, "indicator": "b31ea528e067be6940482be56ebf52bda4c1d345", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 018509c1165817d4b0a3e728eab41ea0", "expiration": null, "is_active": 1 }, { "id": 1404440742, "indicator": "9b48e5d11bea55020e4ee9f062c5634bbb4977e60158d2cb1956e9962624c7e1", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 018509c1165817d4b0a3e728eab41ea0", "expiration": null, "is_active": 1 }, { "id": 3409660019, "indicator": "f6a776b7bff7c6c21e05f85b23632f9faea27dd7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_9b48e5d11bea55020e4ee9f062c5634bbb4977e60158d2cb1956e9962624c7e1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_9b48e5d11bea55020e4ee9f062c5634bbb4977e60158d2cb1956e9962624c7e1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-06-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"018509c1165817d4b0a3e728eab41ea0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"My20130401.Document\" fullword wide \n \t\t $s6= \"My2013 Document\" fullword wide \n \t\t $s7= \"&Open... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Paste &Special...\" fullword wide \n \t\t $s10= \"&Print... Ctrl+P\" fullword wide \n \t\t $s11= \"P&rint Setup...\" fullword wide \n \t\t $s12= \"Symantec Corporation\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex11= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex12= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_9b48e5d11bea55020e4ee9f062c5634bbb4977e60158d2cb1956e9962624c7e1 Group", "expiration": null, "is_active": 1 }, { "id": 3409660020, "indicator": "b8f4759903fa98ebe11d671482af74fddeec32d4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5c7efef3d8e3c13913f261425fb503df05d6246362c88c25ce2d41622fd58aef { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5c7efef3d8e3c13913f261425fb503df05d6246362c88c25ce2d41622fd58aef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bd1ae82185d3eb0a8c8c615e710240ac\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Bricks Document\" fullword wide \n \t\t $s2= \"Bricks.Document\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??72??69??63??6b??73??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex2= {42??72??69??63??6b??73??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_5c7efef3d8e3c13913f261425fb503df05d6246362c88c25ce2d41622fd58aef Group", "expiration": null, "is_active": 1 }, { "id": 3409660022, "indicator": "de649083c0b75cf55bb21018efabc153aedc7294", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9fb73e749107447fccd5bb48627fd6a9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%02X%02X%02X%02X%02X%02X\" fullword wide \n \t\t $s2= \"12.0.167.244 (647d516)\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"Adobe Photoshop\" fullword wide \n \t\t $s7= \"^[a-fA-F0-9]{32,32}_(d+)_.+$\" fullword wide \n \t\t $s8= \"AlternateTrustPolicy\" fullword wide \n \t\t $s9= \"AndroidStore.exe\" fullword wide \n \t\t $s10= \"AppLogReporter.exe\" fullword wide \n \t\t $s11= \"AppStoreHelper.dll\" fullword wide \n \t\t $s12= \"appstore_sync.exe\" fullword wide \n \t\t $s13= \"AppStoreUtilExe.exe\" fullword wide \n \t\t $s14= \"/b>\" fullword wide \n \t\t $s15= \"BaiduAndrHelper.exe\" fullword wide \n \t\t $s16= \"Baidu Antivirus\" fullword wide \n \t\t $s17= \"BaiduAntivirus\" fullword wide \n \t\t $s18= \"Baidu Antivirus\" fullword wide \n \t\t $s19= \"BaiduAntivirusinst.dat\" fullword wide \n \t\t $s20= \"BaiduAntivirusuurm.dat\" fullword wide \n \n \t\t $hex1= {25??30??32??58??25??30??32??58??25??30??32??58??25??30??32??58??25??30??32??58??25??30??32??58??0a??} \n \t\t $hex2= {2f??62??3e??0a??} \n \t\t $hex3= {31??32??2e??30??2e??31??36??37??2e??32??34??34??20??28??36??34??37??64??35??31??36??29??0a??} \n \t\t $hex4= {41??64??6f??62??65??20??50??68??6f??74??6f??73??68??6f??70??0a??} \n \t\t $hex5= {41??6c??74??65??72??6e??61??74??65??54??72??75??73??74??50??6f??6c??69??63??79??0a??} \n \t\t $hex6= {41??6e??64??72??6f??69??64??53??74??6f??72??65??2e??65??78??65??0a??} \n \t\t $hex7= {41??70??70??4c??6f??67??52??65??70??6f??72??74??65??72??2e??65??78??65??0a??} \n \t\t $hex8= {41??70??70??53??74??6f??72??65??48??65??6c??70??65??72??2e??64??6c??6c??0a??} \n \t\t $hex9= {41??70??70??53??74??6f??72??65??55??74??69??6c??45??78??65??2e??65??78??65??0a??} \n \t\t $hex10= {42??61??69??64??75??20??41??6e??74??69??76??69??72??75??73??0a??} \n \t\t $hex11= {42??61??69??64??75??41??6e??64??72??48??65??6c??70??65??72??2e??65??78??65??0a??} \n \t\t $hex12= {42??61??69??64??75??41??6e??74??69??76??69??72??75??73??0a??} \n \t\t $hex13= {42??61??69??64??75??41??6e??74??69??76??69??72??75??73??69??6e??73??74??2e??64??61??74??0a??} \n \t\t $hex14= {42??61??69??64??75??41??6e??74??69??76??69??72??75??73??75??75??72??6d??2e??64??61??74??0a??} \n \t\t $hex15= {5e??5b??61??2d??66??41??2d??46??30??2d??39??5d??7b??33??32??2c??33??32??7d??5f??28??64??2b??29??5f??2e??2b??24??0a??} \n \t\t $hex16= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex17= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex18= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex19= {61??70??70??73??74??6f??72??65??5f??73??79??6e??63??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_10_74eafbcfa04c25c916f93ca936a09d1945d893b116941a4061efe5f3b10e0b80 Group", "expiration": null, "is_active": 1 }, { "id": 3190220647, "indicator": "03bce4c88620812cd9881cfc9486668fa200fc04", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 24c2661aece1c089aa57c6efa7380e9d", "expiration": null, "is_active": 1 }, { "id": 1598883462, "indicator": "d4e3e172b1b928707369b7774919e67cbd655aaf682b9462dea8dd405f1087b0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 24c2661aece1c089aa57c6efa7380e9d", "expiration": null, "is_active": 1 }, { "id": 3409660023, "indicator": "c43c5312558a63201b1e49768ea355e93aa9ddb6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d4e3e172b1b928707369b7774919e67cbd655aaf682b9462dea8dd405f1087b0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d4e3e172b1b928707369b7774919e67cbd655aaf682b9462dea8dd405f1087b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"24c2661aece1c089aa57c6efa7380e9d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Annuler Ctrl+Z\" fullword wide \n \t\t $s2= \"Application MFC\" fullword wide \n \t\t $s3= \"BarckH Document\" fullword wide \n \t\t $s4= \"BarckH.Document\" fullword wide \n \t\t $s5= \"&Barre d'outils\" fullword wide \n \t\t $s6= \"&Enregistrer Ctrl+S\" fullword wide \n \t\t $s7= \"En®istrer sous...\" fullword wide \n \t\t $s8= \"FileDescription\" fullword wide \n \t\t $s9= \"&Imprimer... Ctrl+P\" fullword wide \n \t\t $s10= \"LegalTrademarks\" fullword wide \n \t\t $s11= \"&Nouveau Ctrl+N\" fullword wide \n \t\t $s12= \"OriginalFilename\" fullword wide \n \t\t $s13= \"&Ouvrir... Ctrl+O\" fullword wide \n \t\t $s14= \"rganization automatique\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??42??61??72??72??65??20??64??27??6f??75??74??69??6c??73??0a??} \n \t\t $hex3= {26??45??6e??72??65??67??69??73??74??72??65??72??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??65??72??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex5= {26??4e??6f??75??76??65??61??75??20??43??74??72??6c??2b??4e??0a??} \n \t\t $hex6= {26??4f??75??76??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex7= {41??70??70??6c??69??63??61??74??69??6f??6e??20??4d??46??43??0a??} \n \t\t $hex8= {42??61??72??63??6b??48??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {42??61??72??63??6b??48??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {45??6e??26??72??65??67??69??73??74??72??65??72??20??73??6f??75??73??2e??2e??2e??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {72??67??61??6e??69??7a??61??74??69??6f??6e??20??61??75??74??6f??6d??61??74??69??71??75??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_d4e3e172b1b928707369b7774919e67cbd655aaf682b9462dea8dd405f1087b0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660093, "indicator": "713da7d8cb061af74c854086c62b4f8ce2a61bd8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8af979b96c28131f394e267c6210ba91\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NET\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"NetFramwork.exe\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"vXvpH3FWWcBD!&ocp0 0Joe-!\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {43??3a??57??69??6e??64??6f??77??73??4d??69??63??72??6f??73??6f??66??74??2e??4e??45??54??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4e??65??74??46??72??61??6d??77??6f??72??6b??2e??65??78??65??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {76??58??76??70??48??33??46??57??57??63??42??44??21??26??6f??63??70??30??20??30??4a??6f??65??2d??21??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_d03ea2e4019e8e73bcb77c52f08c15bae4c1e0b3d30643f7b6d3e91b8f08a1de Group", "expiration": null, "is_active": 1 }, { "id": 3254663068, "indicator": "03347080f09deb58f7059a4774da66c3f71890c3", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA1 of f68008057ff5dbc67c938b3f5f68a54d", "expiration": null, "is_active": 1 }, { "id": 1636611297, "indicator": "d91807db680531bc9f41c4d56229558f39f04c0adef4448be9d5b4691eb919e8", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA256 of f68008057ff5dbc67c938b3f5f68a54d", "expiration": null, "is_active": 1 }, { "id": 3409660094, "indicator": "17ace2b83925527aed093fbdbee55a832b730864", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d91807db680531bc9f41c4d56229558f39f04c0adef4448be9d5b4691eb919e8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d91807db680531bc9f41c4d56229558f39f04c0adef4448be9d5b4691eb919e8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f68008057ff5dbc67c938b3f5f68a54d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Data/gl/b10.bmp\" fullword wide \n \t\t $s2= \"Data/info/f%d.png\" fullword wide \n \t\t $s3= \"Data/info/floor.png\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??25??64??2e??70??6e??67??0a??} \n \t\t $hex3= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_d91807db680531bc9f41c4d56229558f39f04c0adef4448be9d5b4691eb919e8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660095, "indicator": "99abbf6a1efa449d1dc31dc8e7e1f1a6989feba8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3cbb5664d70bbe62f19ee28f26f21d7e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s10= \"FileDescription\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_4cc0adf4baa1e3932d74282affb1a137b30820934ad4f80daceec712ba2bbe14 Group", "expiration": null, "is_active": 1 }, { "id": 3409660096, "indicator": "243e9a5f97f9898d45c8189d94dcadce9076478d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d1bab4a30f2889ad392d17573302f097\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_312dc69dd6ea16842d6e58cd7fd98ba4d28eefeb4fd4c4d198fac4eee76f93c3 Group", "expiration": null, "is_active": 1 }, { "id": 3254663170, "indicator": "7912d7faa9203b9d2e0e2683faa1b1e95b73013e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA1 of 99d33c40d22a14f90dd6cdb1d639163b", "expiration": null, "is_active": 1 }, { "id": 1636611443, "indicator": "f95f64c27687d6e8340c41af3b1a0128011eb61ab8a847280e8db8e344c62d86", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA256 of 99d33c40d22a14f90dd6cdb1d639163b", "expiration": null, "is_active": 1 }, { "id": 3409660097, "indicator": "a2f59b08bc041a198c4030a463a670b2c6cc03db", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f95f64c27687d6e8340c41af3b1a0128011eb61ab8a847280e8db8e344c62d86 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f95f64c27687d6e8340c41af3b1a0128011eb61ab8a847280e8db8e344c62d86 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"99d33c40d22a14f90dd6cdb1d639163b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"MFCRegister(&A)...\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SupportTool.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??46??43??52??65??67??69??73??74??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??75??70??70??6f??72??74??54??6f??6f??6c??2e??65??78??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_f95f64c27687d6e8340c41af3b1a0128011eb61ab8a847280e8db8e344c62d86 Group", "expiration": null, "is_active": 1 }, { "id": 3409660110, "indicator": "6db6a193617ad688847fab965a12a9183eeda241", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of d9f87e744dbc898212a9eaa4594301b0", "expiration": null, "is_active": 1 }, { "id": 1598883475, "indicator": "f5e444469407a3e894d368b79878a149696015ed2f666dddb49bd484f144d104", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of d9f87e744dbc898212a9eaa4594301b0", "expiration": null, "is_active": 1 }, { "id": 3409660111, "indicator": "9cccb5ee1abb5710b901fba79abe60f38f4059cf", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f5e444469407a3e894d368b79878a149696015ed2f666dddb49bd484f144d104 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f5e444469407a3e894d368b79878a149696015ed2f666dddb49bd484f144d104 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d9f87e744dbc898212a9eaa4594301b0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"9.0.0 build-812388\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VMware Workstation\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {39??2e??30??2e??30??20??62??75??69??6c??64??2d??38??31??32??33??38??38??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??4d??77??61??72??65??20??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_f5e444469407a3e894d368b79878a149696015ed2f666dddb49bd484f144d104 Group", "expiration": null, "is_active": 1 }, { "id": 3409660112, "indicator": "517b6e0debabfefe0b899318d900f3a05e0fba54", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"684888079aaf7ed25e725b55a3695062\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_2965c1b6ab9d1601752cb4aa26d64a444b0a535b1a190a70d5ce935be3f91699 Group", "expiration": null, "is_active": 1 }, { "id": 3409660113, "indicator": "ba2ae8a44ca144dd4511679e3325538eb1627300", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_68ddf05f1381260be8208ef9dcc15c506b5874ec40c4c1e1f7f72c2d303c5bef { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_68ddf05f1381260be8208ef9dcc15c506b5874ec40c4c1e1f7f72c2d303c5bef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"11ea8d8dd0ffde8285f3c0049861a442\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Mi.exe\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??4d??69??2e??65??78??65??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_68ddf05f1381260be8208ef9dcc15c506b5874ec40c4c1e1f7f72c2d303c5bef Group", "expiration": null, "is_active": 1 }, { "id": 2582706150, "indicator": "b96ba089e35d0623d0ae1e4844ca7527014bf503", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 392f15c431c00f049bb1282847d8967f", "expiration": null, "is_active": 1 }, { "id": 1598883434, "indicator": "a655f206209659007df2da3e0b08c1fedfdb3455d6a37e9721913fa04bfb6bd0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 392f15c431c00f049bb1282847d8967f", "expiration": null, "is_active": 1 }, { "id": 3409660114, "indicator": "43b47794c076d64def27d03b0868aefec85d2c40", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_a655f206209659007df2da3e0b08c1fedfdb3455d6a37e9721913fa04bfb6bd0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a655f206209659007df2da3e0b08c1fedfdb3455d6a37e9721913fa04bfb6bd0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"392f15c431c00f049bb1282847d8967f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"msctls_updown32\" fullword wide \n \t\t $s6= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??75??70??64??6f??77??6e??33??32??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_a655f206209659007df2da3e0b08c1fedfdb3455d6a37e9721913fa04bfb6bd0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660115, "indicator": "26b48f11c6aa7aa03727e76bfceee93cb15e927d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3d03a48e83f31ca6bf4385cbcb61602f77adeec83d69a999f94bb09774f3430c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3d03a48e83f31ca6bf4385cbcb61602f77adeec83d69a999f94bb09774f3430c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9af4c1e5bb81bf2df607653fcc25915a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Aggio&rna Ctrl+S\" fullword wide \n \t\t $s2= \"&Annulla Ctrl+Z\" fullword wide \n \t\t $s3= \"&Apri... Ctrl+A\" fullword wide \n \t\t $s4= \"Bakshe Document\" fullword wide \n \t\t $s5= \"bakshell Applicazione\" fullword wide \n \t\t $s6= \"Bakshell.Document\" fullword wide \n \t\t $s7= \"Colle&gamenti...\" fullword wide \n \t\t $s8= \"Converti oggetto\" fullword wide \n \t\t $s9= \"FileDescription\" fullword wide \n \t\t $s10= \"IDR_BAKSHETYPE_SRVR_IP\" fullword wide \n \t\t $s11= \"Imposta s&tampante...\" fullword wide \n \t\t $s12= \"&Incolla Ctrl+V\" fullword wide \n \t\t $s13= \"Incolla &speciale...\" fullword wide \n \t\t $s14= \"Incolla speciale\" fullword wide \n \t\t $s15= \"LegalTrademarks\" fullword wide \n \t\t $s16= \"OriginalFilename\" fullword wide \n \t\t $s17= \"Riquadro precedente\" fullword wide \n \t\t $s18= \"Seleziona tutto\" fullword wide \n \t\t $s19= \"Stam&pa... Ctrl+P\" fullword wide \n \t\t $s20= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??6c??61??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??41??70??72??69??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex3= {26??49??6e??63??6f??6c??6c??61??20??43??74??72??6c??2b??56??0a??} \n \t\t $hex4= {41??67??67??69??6f??26??72??6e??61??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex5= {42??61??6b??73??68??65??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex6= {42??61??6b??73??68??65??6c??6c??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {43??6f??6c??6c??65??26??67??61??6d??65??6e??74??69??2e??2e??2e??0a??} \n \t\t $hex8= {43??6f??6e??76??65??72??74??69??20??6f??67??67??65??74??74??6f??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??44??52??5f??42??41??4b??53??48??45??54??59??50??45??5f??53??52??56??52??5f??49??50??0a??} \n \t\t $hex11= {49??6d??70??6f??73??74??61??20??73??26??74??61??6d??70??61??6e??74??65??2e??2e??2e??0a??} \n \t\t $hex12= {49??6e??63??6f??6c??6c??61??20??26??73??70??65??63??69??61??6c??65??2e??2e??2e??0a??} \n \t\t $hex13= {49??6e??63??6f??6c??6c??61??20??73??70??65??63??69??61??6c??65??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {52??69??71??75??61??64??72??6f??20??70??72??65??63??65??64??65??6e??74??65??0a??} \n \t\t $hex17= {53??65??6c??65??7a??69??6f??6e??61??20??74??75??74??74??6f??0a??} \n \t\t $hex18= {53??74??61??6d??26??70??61??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex19= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex20= {62??61??6b??73??68??65??6c??6c??20??41??70??70??6c??69??63??61??7a??69??6f??6e??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_3d03a48e83f31ca6bf4385cbcb61602f77adeec83d69a999f94bb09774f3430c Group", "expiration": null, "is_active": 1 }, { "id": 3190220689, "indicator": "c54049a89702c8f8111c575570a5af4c24f5ed00", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 223d1396f2b5b7719702c980cbd1d6c0", "expiration": null, "is_active": 1 }, { "id": 1598883561, "indicator": "fe6b6f9e486f41606802a5e09ec6db0ec48aed12caf895fded57d91a2f29c188", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 223d1396f2b5b7719702c980cbd1d6c0", "expiration": null, "is_active": 1 }, { "id": 3409660116, "indicator": "36e21b7fa3cdb75b2dc2688110e990ed3d7d3d54", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fe6b6f9e486f41606802a5e09ec6db0ec48aed12caf895fded57d91a2f29c188 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fe6b6f9e486f41606802a5e09ec6db0ec48aed12caf895fded57d91a2f29c188 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"223d1396f2b5b7719702c980cbd1d6c0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"My20130401.Document\" fullword wide \n \t\t $s6= \"My2013 Document\" fullword wide \n \t\t $s7= \"&Open... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Paste &Special...\" fullword wide \n \t\t $s10= \"&Print... Ctrl+P\" fullword wide \n \t\t $s11= \"P&rint Setup...\" fullword wide \n \t\t $s12= \"Symantec Corporation\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex11= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex12= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_fe6b6f9e486f41606802a5e09ec6db0ec48aed12caf895fded57d91a2f29c188 Group", "expiration": null, "is_active": 1 }, { "id": 3409660117, "indicator": "d35a430960f37ab4366a2ac3302d113c12f5679b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0ad3ed5588eec7ba4988c8892a5c2946\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"american english\" fullword wide \n \t\t $s3= \"american-english\" fullword wide \n \t\t $s4= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"chinese-hongkong\" fullword wide \n \t\t $s13= \"chinese-simplified\" fullword wide \n \t\t $s14= \"chinese-singapore\" fullword wide \n \t\t $s15= \"chinese-traditional\" fullword wide \n \t\t $s16= \"english-american\" fullword wide \n \t\t $s17= \"english-caribbean\" fullword wide \n \t\t $s18= \"english-jamaica\" fullword wide \n \t\t $s19= \"english-south africa\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex13= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex14= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex15= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex16= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex17= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex18= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex19= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex20= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_180e5227aae20fa2d6ae421835dc7d92f9393681c3006213dc2f6e3fbd07e3de Group", "expiration": null, "is_active": 1 }, { "id": 3409660118, "indicator": "8e8e1e06ddd07ce5c6af4b3c01079bf321e76eef", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d69598758998cf5f677be9312b807938\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_5cebc133ae3b6afee27beb7d3cdb5f3d675c3f12b7204531f453e99acdaa87b1 Group", "expiration": null, "is_active": 1 }, { "id": 3409660119, "indicator": "3f06d3e5ee48303c712ce527ed8a12dfdc20b24f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b18a316b2ce6e099fe7fbf69283cbc5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%04u%02u%02u%02u%02u%02u%03u\" fullword wide \n \t\t $s2= \"%04u-%02u-%02u %02u:%02u:%02u.%03u\" fullword wide \n \t\t $s3= \"%.2X-%.2X-%.2X-%.2X-%.2X-%.2X\" fullword wide \n \t\t $s4= \"accDefaultAction\" fullword wide \n \t\t $s5= \"accDoDefaultAction\" fullword wide \n \t\t $s6= \"accKeyboardShortcut\" fullword wide \n \t\t $s7= \"AIExceptionProc\" fullword wide \n \t\t $s8= \"BIDownloadManager\" fullword wide \n \t\t $s9= \"Christian Gangsta\" fullword wide \n \t\t $s10= \"CometBrowser(&A)...\" fullword wide \n \t\t $s11= \"Component Categories\" fullword wide \n \t\t $s12= \"Contemporary Christian\" fullword wide \n \t\t $s13= \"dafdgdfgerggtuh\" fullword wide \n \t\t $s14= \"eCMFCToolBarMenuButton\" fullword wide \n \t\t $s15= \"FileDescription\" fullword wide \n \t\t $s16= \"FileMonitorMsgWnd\" fullword wide \n \t\t $s17= \"hghjgtyrtytryfghj\" fullword wide \n \t\t $s18= \"http://www.ip138.com/ip2city.asp\" fullword wide \n \t\t $s19= \"IDownloadManager2\" fullword wide \n \t\t $s20= \"ILoadOldPlayList\" fullword wide \n \n \t\t $hex1= {25??2e??32??58??2d??25??2e??32??58??2d??25??2e??32??58??2d??25??2e??32??58??2d??25??2e??32??58??2d??25??2e??32??58??0a??} \n \t\t $hex2= {25??30??34??75??25??30??32??75??25??30??32??75??25??30??32??75??25??30??32??75??25??30??32??75??25??30??33??75??0a??} \n \t\t $hex3= {25??30??34??75??2d??25??30??32??75??2d??25??30??32??75??20??25??30??32??75??3a??25??30??32??75??3a??25??30??32??75??2e??} \n \t\t $hex4= {41??49??45??78??63??65??70??74??69??6f??6e??50??72??6f??63??0a??} \n \t\t $hex5= {42??49??44??6f??77??6e??6c??6f??61??64??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex6= {43??68??72??69??73??74??69??61??6e??20??47??61??6e??67??73??74??61??0a??} \n \t\t $hex7= {43??6f??6d??65??74??42??72??6f??77??73??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex8= {43??6f??6d??70??6f??6e??65??6e??74??20??43??61??74??65??67??6f??72??69??65??73??0a??} \n \t\t $hex9= {43??6f??6e??74??65??6d??70??6f??72??61??72??79??20??43??68??72??69??73??74??69??61??6e??0a??} \n \t\t $hex10= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex11= {46??69??6c??65??4d??6f??6e??69??74??6f??72??4d??73??67??57??6e??64??0a??} \n \t\t $hex12= {49??44??6f??77??6e??6c??6f??61??64??4d??61??6e??61??67??65??72??32??0a??} \n \t\t $hex13= {49??4c??6f??61??64??4f??6c??64??50??6c??61??79??4c??69??73??74??0a??} \n \t\t $hex14= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex15= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex16= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex17= {64??61??66??64??67??64??66??67??65??72??67??67??74??75??68??0a??} \n \t\t $hex18= {65??43??4d??46??43??54??6f??6f??6c??42??61??72??4d??65??6e??75??42??75??74??74??6f??6e??0a??} \n \t\t $hex19= {68??67??68??6a??67??74??79??72??74??79??74??72??79??66??67??68??6a??0a??} \n \t\t $hex20= {68??74??74??70??3a??2f??2f??77??77??77??2e??69??70??31??33??38??2e??63??6f??6d??2f??69??70??32??63??69??74??79??2e??61??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_3dae326b5ff9f9c075c2d42347042fbb237dec697a729f432ba87e215f4dc8cf Group", "expiration": null, "is_active": 1 }, { "id": 3409660120, "indicator": "e9caccb3a492965afff59285a56c12ac7d6aee50", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0f6b00b0c5a26a5aa8942ae356329945\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"eCMFCToolBarMenuButton\" fullword wide \n \t\t $s5= \"InsertParagraphAfter\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"Word.Application\" fullword wide \n \n \t\t $hex1= {49??6e??73??65??72??74??50??61??72??61??67??72??61??70??68??41??66??74??65??72??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??6f??72??64??2e??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex7= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex8= {65??43??4d??46??43??54??6f??6f??6c??42??61??72??4d??65??6e??75??42??75??74??74??6f??6e??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_6392e0701a77ea25354b1f40f5b867a35c0142abde785a66b83c9c8d2c14c0c3 Group", "expiration": null, "is_active": 1 }, { "id": 3363914905, "indicator": "5af55d92b21935ada9748cf0396551f1262e651b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of b2dfe6d3be38cef08e9a3141ca3599c0", "expiration": null, "is_active": 1 }, { "id": 1598883445, "indicator": "b59977676c75d6eac63807202935f165b43583600aed80e44cc1fa9e9b0084b5", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of b2dfe6d3be38cef08e9a3141ca3599c0", "expiration": null, "is_active": 1 }, { "id": 3409660121, "indicator": "121eb93bb6f9afdb345dadb6a94a2ec05b7fcbe0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_b59977676c75d6eac63807202935f165b43583600aed80e44cc1fa9e9b0084b5 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b59977676c75d6eac63807202935f165b43583600aed80e44cc1fa9e9b0084b5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b2dfe6d3be38cef08e9a3141ca3599c0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"COPYRIGHT(C) 2015\" fullword wide \n \t\t $s2= \"DATAREPLACEW.EXE\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??4f??50??59??52??49??47??48??54??28??43??29??20??32??30??31??35??0a??} \n \t\t $hex2= {44??41??54??41??52??45??50??4c??41??43??45??57??2e??45??58??45??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_b59977676c75d6eac63807202935f165b43583600aed80e44cc1fa9e9b0084b5 Group", "expiration": null, "is_active": 1 }, { "id": 3409660122, "indicator": "b5e339b593b10e2acc623cc8d6d0118be9e87795", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_0ba8f399daf0e85789ac415274ef578e528dd2d68f3dc70e18243c34d18f276e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_0ba8f399daf0e85789ac415274ef578e528dd2d68f3dc70e18243c34d18f276e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"55b8690c0aae4e500e645d5f49ce5a13\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"About crocodile\" fullword wide \n \t\t $s2= \"CopyRight(C) 2013\" fullword wide \n \t\t $s3= \"Crocod Document\" fullword wide \n \t\t $s4= \"crocodile(&A)...\" fullword wide \n \t\t $s5= \"Crocodile.Document\" fullword wide \n \n \t\t $hex1= {41??62??6f??75??74??20??63??72??6f??63??6f??64??69??6c??65??0a??} \n \t\t $hex2= {43??6f??70??79??52??69??67??68??74??28??43??29??20??32??30??31??33??0a??} \n \t\t $hex3= {43??72??6f??63??6f??64??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex4= {43??72??6f??63??6f??64??69??6c??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex5= {63??72??6f??63??6f??64??69??6c??65??28??26??41??29??2e??2e??2e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_0ba8f399daf0e85789ac415274ef578e528dd2d68f3dc70e18243c34d18f276e Group", "expiration": null, "is_active": 1 }, { "id": 3363915093, "indicator": "daadf23bf09519e77a8d9259164e893bddd6e621", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of faf9576ce2af23aac67d3087eb85a92b", "expiration": null, "is_active": 1 }, { "id": 1598883466, "indicator": "db28df72ac3a076cc80eae301c4a1bcb1feab27331f33c928a99879f8290bcb3", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of faf9576ce2af23aac67d3087eb85a92b", "expiration": null, "is_active": 1 }, { "id": 3409660123, "indicator": "9369f58914a9c9a43fe042bf992e9fa611a83744", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_db28df72ac3a076cc80eae301c4a1bcb1feab27331f33c928a99879f8290bcb3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_db28df72ac3a076cc80eae301c4a1bcb1feab27331f33c928a99879f8290bcb3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"faf9576ce2af23aac67d3087eb85a92b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Adobechoose.exe\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"FoxSender(&A)...\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"MicrosoftCreateFile\" fullword wide \n \t\t $s6= \"msctls_progress32\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??64??6f??62??65??63??68??6f??6f??73??65??2e??65??78??65??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {46??6f??78??53??65??6e??64??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??43??72??65??61??74??65??46??69??6c??65??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_db28df72ac3a076cc80eae301c4a1bcb1feab27331f33c928a99879f8290bcb3 Group", "expiration": null, "is_active": 1 }, { "id": 3409660124, "indicator": "37416eb7a1ff680353471b347982fb981adbf6fd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_27edf822ce1c97b6421c5811efacf614fe7966d490db419378dfb4af467e55e7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_27edf822ce1c97b6421c5811efacf614fe7966d490db419378dfb4af467e55e7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3160654955f818072f6f8a8782e0f16f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft EXL.2012\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??45??58??4c??2e??32??30??31??32??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_27edf822ce1c97b6421c5811efacf614fe7966d490db419378dfb4af467e55e7 Group", "expiration": null, "is_active": 1 }, { "id": 3190220694, "indicator": "d720562176061954bf13de6279cd909ad99491c9", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 0dc209a146d163f70a8f7d2a6cfd33e1", "expiration": null, "is_active": 1 }, { "id": 1636611110, "indicator": "8f2aa94e3046e13ba6a7f134a61d1d66192f715d15f38c26eba74c424b1e315f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 0dc209a146d163f70a8f7d2a6cfd33e1", "expiration": null, "is_active": 1 }, { "id": 3409660125, "indicator": "1c7e6636a6259f8402d8f30be188b81c6c7e88de", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_8f2aa94e3046e13ba6a7f134a61d1d66192f715d15f38c26eba74c424b1e315f { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_8f2aa94e3046e13ba6a7f134a61d1d66192f715d15f38c26eba74c424b1e315f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0dc209a146d163f70a8f7d2a6cfd33e1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Abrir... Ctrl+A\" fullword wide \n \t\t $s2= \"Archivo reciente\" fullword wide \n \t\t $s3= \"Cancelar presentaci\" fullword wide \n \t\t $s4= \"Con&figurar impresora...\" fullword wide \n \t\t $s5= \"Convertir objetos\" fullword wide \n \t\t $s6= \"&Deshacer Ctrl+Z\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"ginas completas\" fullword wide \n \t\t $s9= \"Guardar c&omo...\" fullword wide \n \t\t $s10= \"&Guardar Ctrl+G\" fullword wide \n \t\t $s11= \"&Imprimir... Ctrl+I\" fullword wide \n \t\t $s12= \"IMuestra informaci\" fullword wide \n \t\t $s13= \"LegalTrademarks\" fullword wide \n \t\t $s14= \"ListaBMuestra informaci\" fullword wide \n \t\t $s15= \"&Organizar autom\" fullword wide \n \t\t $s16= \"&Organizar iconos\" fullword wide \n \t\t $s17= \"Organizar &iconos\" fullword wide \n \t\t $s18= \"OriginalFilename\" fullword wide \n \t\t $s19= \"Pegado &especial...\" fullword wide \n \t\t $s20= \"Pegado especial\" fullword wide \n \n \t\t $hex1= {26??41??62??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex2= {26??44??65??73??68??61??63??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex3= {26??47??75??61??72??64??61??72??20??43??74??72??6c??2b??47??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??69??72??2e??2e??2e??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex5= {26??4f??72??67??61??6e??69??7a??61??72??20??61??75??74??6f??6d??0a??} \n \t\t $hex6= {26??4f??72??67??61??6e??69??7a??61??72??20??69??63??6f??6e??6f??73??0a??} \n \t\t $hex7= {41??72??63??68??69??76??6f??20??72??65??63??69??65??6e??74??65??0a??} \n \t\t $hex8= {43??61??6e??63??65??6c??61??72??20??70??72??65??73??65??6e??74??61??63??69??0a??} \n \t\t $hex9= {43??6f??6e??26??66??69??67??75??72??61??72??20??69??6d??70??72??65??73??6f??72??61??2e??2e??2e??0a??} \n \t\t $hex10= {43??6f??6e??76??65??72??74??69??72??20??6f??62??6a??65??74??6f??73??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {47??75??61??72??64??61??72??20??63??26??6f??6d??6f??2e??2e??2e??0a??} \n \t\t $hex13= {49??4d??75??65??73??74??72??61??20??69??6e??66??6f??72??6d??61??63??69??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4c??69??73??74??61??42??4d??75??65??73??74??72??61??20??69??6e??66??6f??72??6d??61??63??69??0a??} \n \t\t $hex16= {4f??72??67??61??6e??69??7a??61??72??20??26??69??63??6f??6e??6f??73??0a??} \n \t\t $hex17= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex18= {50??65??67??61??64??6f??20??26??65??73??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex19= {50??65??67??61??64??6f??20??65??73??70??65??63??69??61??6c??0a??} \n \t\t $hex20= {67??69??6e??61??73??20??63??6f??6d??70??6c??65??74??61??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_8f2aa94e3046e13ba6a7f134a61d1d66192f715d15f38c26eba74c424b1e315f Group", "expiration": null, "is_active": 1 }, { "id": 3409660126, "indicator": "e21ab49bba58e07b7c1a5cf4a8e6330af5e19861", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"686bb59ea637fb3af214c8c21761cda8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_033dadbcc9a167802ade91c3fb2c2d27aee097de7f23665b5121fd836ab1e6f2 Group", "expiration": null, "is_active": 1 }, { "id": 3409660127, "indicator": "74ea700e7348f45044707db654ced6d2e71c5dc8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-05-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"076ec3aa6b0cb93e7d4cd607f3ced946\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"0612Russo-JapaneseInvestment\" fullword wide \n \t\t $s2= \"0612Russo-JapaneseInvestment.exe\" fullword wide \n \t\t $s3= \"?? bricks(&A)...\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {30??36??31??32??52??75??73??73??6f??2d??4a??61??70??61??6e??65??73??65??49??6e??76??65??73??74??6d??65??6e??74??0a??} \n \t\t $hex2= {30??36??31??32??52??75??73??73??6f??2d??4a??61??70??61??6e??65??73??65??49??6e??76??65??73??74??6d??65??6e??74??2e??65??} \n \t\t $hex3= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex4= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex5= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex10= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_35415b9ebd464c190c3ab8dababaff19f39de32cdafc2bab442b7fa70d84aed7 Group", "expiration": null, "is_active": 1 }, { "id": 3190220648, "indicator": "060dbd0210bfdeae17f6fcdf64c73391512c31ce", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 098bfd5c1e7a5cf9f914c09abacb58f9", "expiration": null, "is_active": 1 }, { "id": 2708548, "indicator": "c7470eecd0783d2eb1d83798d71471a523c080bb331745aabeaa64ca57eecf47", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 098bfd5c1e7a5cf9f914c09abacb58f9", "expiration": null, "is_active": 1 }, { "id": 3409660128, "indicator": "89ac2b60bfdc21de580eeb36f83da27292500819", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c7470eecd0783d2eb1d83798d71471a523c080bb331745aabeaa64ca57eecf47 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c7470eecd0783d2eb1d83798d71471a523c080bb331745aabeaa64ca57eecf47 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"098bfd5c1e7a5cf9f914c09abacb58f9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Data/gl/b10.bmp\" fullword wide \n \t\t $s2= \"Data/info/f%d.png\" fullword wide \n \t\t $s3= \"Data/info/floor.png\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??25??64??2e??70??6e??67??0a??} \n \t\t $hex3= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_c7470eecd0783d2eb1d83798d71471a523c080bb331745aabeaa64ca57eecf47 Group", "expiration": null, "is_active": 1 }, { "id": 3254663191, "indicator": "2362116b9e9e880e91ce00f3e01dbf65261cc047", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of a79f96647c4ca5527e56057d5173ab47", "expiration": null, "is_active": 1 }, { "id": 3254663192, "indicator": "a90aa4a2fcd2992442bedd1fb093241b5cb841a903fcee5dddbd6e5f85923bd3", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of a79f96647c4ca5527e56057d5173ab47", "expiration": null, "is_active": 1 }, { "id": 3409660129, "indicator": "594f5c4636289210a24cff91a40f5f75065c8983", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_a90aa4a2fcd2992442bedd1fb093241b5cb841a903fcee5dddbd6e5f85923bd3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_a90aa4a2fcd2992442bedd1fb093241b5cb841a903fcee5dddbd6e5f85923bd3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a79f96647c4ca5527e56057d5173ab47\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DateTimePicker1\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"(*.prn)|*.prn|\" fullword wide \n \t\t $s6= \"School Document\" fullword wide \n \t\t $s7= \"School.Document\" fullword wide \n \t\t $s8= \"SysDateTimePick32\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {28??2a??2e??70??72??6e??29??7c??2a??2e??70??72??6e??7c??0a??} \n \t\t $hex2= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??63??68??6f??6f??6c??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {53??63??68??6f??6f??6c??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_a90aa4a2fcd2992442bedd1fb093241b5cb841a903fcee5dddbd6e5f85923bd3 Group", "expiration": null, "is_active": 1 }, { "id": 3409660130, "indicator": "848ceba8e8f982cd635e529b9278a137dd6c0f0d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3ba35e0c61597852e9e3636f33432f040684a50e7b70e5ee4febccebc24b3f55 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3ba35e0c61597852e9e3636f33432f040684a50e7b70e5ee4febccebc24b3f55 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5f3b25e36f6c6637eb08dcca1c3a8ed6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"My20130401.Document\" fullword wide \n \t\t $s6= \"My2013 Document\" fullword wide \n \t\t $s7= \"&Open... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Paste &Special...\" fullword wide \n \t\t $s10= \"&Print... Ctrl+P\" fullword wide \n \t\t $s11= \"P&rint Setup...\" fullword wide \n \t\t $s12= \"Symantec Corporation\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex11= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex12= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_3ba35e0c61597852e9e3636f33432f040684a50e7b70e5ee4febccebc24b3f55 Group", "expiration": null, "is_active": 1 }, { "id": 3409660131, "indicator": "18d7e3cb2ffdeb42e74e15a23f8c71aa3898485b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f03f70d331c6564aec8931f481949188\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreateThread failed\" fullword wide \n \t\t $s2= \"CryptProtectMemory failed\" fullword wide \n \t\t $s3= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"li>\" fullword wide \n \t\t $s6= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s7= \"ProgramFilesDir\" fullword wide \n \t\t $s8= \"RarHtmlClassName\" fullword wide \n \t\t $s9= \"SeCreateSymbolicLinkPrivilege\" fullword wide \n \t\t $s10= \"SeRestorePrivilege\" fullword wide \n \t\t $s11= \"SeSecurityPrivilege\" fullword wide \n \t\t $s12= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s13= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s14= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {43??72??65??61??74??65??54??68??72??65??61??64??20??66??61??69??6c??65??64??0a??} \n \t\t $hex2= {43??72??79??70??74??50??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex3= {43??72??79??70??74??55??6e??70??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??43??72??65??61??74??65??53??79??6d??62??6f??6c??69??63??4c??69??6e??6b??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex10= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex11= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex12= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex13= {6c??69??3e??0a??} \n \t\t $hex14= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_45d804f35266b26bf63e3d616715fc593931e33aa07feba5ad6875609692efa2 Group", "expiration": null, "is_active": 1 }, { "id": 3363914904, "indicator": "4cb535edce60aec85c3a3c2b93f9f3ec480cae37", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Jorik-8691", "description": "SHA1 of b0f541cd6bff77de916e58d493f54b10", "expiration": null, "is_active": 1 }, { "id": 1598883458, "indicator": "c92446e73e190b1361df27937219196723f1cbdcc24a5f4f5856bca9fe788aaa", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Jorik-8691", "description": "SHA256 of b0f541cd6bff77de916e58d493f54b10", "expiration": null, "is_active": 1 }, { "id": 3409660132, "indicator": "d5fe8cf7a15b81d17268d183ff974bc8ab71eb93", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c92446e73e190b1361df27937219196723f1cbdcc24a5f4f5856bca9fe788aaa { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c92446e73e190b1361df27937219196723f1cbdcc24a5f4f5856bca9fe788aaa Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b0f541cd6bff77de916e58d493f54b10\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"msctls_trackbar32\" fullword wide \n \t\t $s6= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s9= \"SysTabControl32\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex10= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_c92446e73e190b1361df27937219196723f1cbdcc24a5f4f5856bca9fe788aaa Group", "expiration": null, "is_active": 1 }, { "id": 3409660201, "indicator": "d79660373ad26bc67b200526004318996feeb9a5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4e6bf299554a356e91e9d230014075fc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"@Data/gl/b10.bmp\" fullword wide \n \t\t $s10= \"Data/info/floor.png\" fullword wide \n \t\t $s11= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s12= \"FileDescription\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {40??44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex13= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex14= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_c2539cb0495fc09f1ba8b29c6eec17af61f502d4406cc214a0ee65211441efba Group", "expiration": null, "is_active": 1 }, { "id": 3409660202, "indicator": "f2c0188c5833c92615a36a3b69e1255d9b43cd56", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f586edd88023f49bc4f9d84f9fb6bd7d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d Group", "expiration": null, "is_active": 1 }, { "id": 3409660203, "indicator": "22eab1d8be3ea0da1c41bbff381e2f458f9ae723", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8f3790cfac1b104965dead841dc20b2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-appmodel-runtime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s9= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s10= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s11= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s12= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s13= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??61??70??70??6d??6f??64??65??6c??2d??72??75??6e??74??69??6d??65??2d??6c??31??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex13= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t14 of them \n }", "title": "", "description": "APTMalware_APT_10_b4bd76150a5011a8ee517f8cb22b373404305648334ccfb195e5fb8939538e2e Group", "expiration": null, "is_active": 1 }, { "id": 3409660204, "indicator": "c196369cd892cd242e409e2b74d8fe288ae49f59", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3a7f2746838d785a45a9fd3b02829f7f5dd3d0ec122d6be69fd1ba7225454910 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3a7f2746838d785a45a9fd3b02829f7f5dd3d0ec122d6be69fd1ba7225454910 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c578b8db3869d92482fc77eeedf41eb0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"msctls_trackbar32\" fullword wide \n \t\t $s6= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_3a7f2746838d785a45a9fd3b02829f7f5dd3d0ec122d6be69fd1ba7225454910 Group", "expiration": null, "is_active": 1 }, { "id": 3409660205, "indicator": "603342702f73e691df9e98f443edf92b95fe5641", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"42c6e38375e46075eb1abd7a41ae15c5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxControlBar90su\" fullword wide \n \t\t $s7= \"AfxFrameOrView90su\" fullword wide \n \t\t $s8= \"AfxMDIFrame90su\" fullword wide \n \t\t $s9= \"AfxOldWndProc423\" fullword wide \n \t\t $s10= \"AfxOleControl90su\" fullword wide \n \t\t $s11= \"CLSID%1AuxUserType2\" fullword wide \n \t\t $s12= \"CLSID%1AuxUserType3\" fullword wide \n \t\t $s13= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s14= \"CLSID%1DefaultIcon\" fullword wide \n \t\t $s15= \"CLSID%1DocObject\" fullword wide \n \t\t $s16= \"CLSID%1InprocHandler32\" fullword wide \n \t\t $s17= \"CLSID%1InProcServer32\" fullword wide \n \t\t $s18= \"CLSID%1Insertable\" fullword wide \n \t\t $s19= \"CLSID%1LocalServer32\" fullword wide \n \t\t $s20= \"CLSID%1MiscStatus\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??39??30??73??75??0a??} \n \t\t $hex4= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??39??30??73??75??0a??} \n \t\t $hex5= {41??66??78??4d??44??49??46??72??61??6d??65??39??30??73??75??0a??} \n \t\t $hex6= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex7= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??39??30??73??75??0a??} \n \t\t $hex8= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??32??0a??} \n \t\t $hex9= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??33??0a??} \n \t\t $hex10= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??45??78??74??65??6e??73??69??6f??6e??0a??} \n \t\t $hex11= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??49??63??6f??6e??0a??} \n \t\t $hex12= {43??4c??53??49??44??25??31??44??6f??63??4f??62??6a??65??63??74??0a??} \n \t\t $hex13= {43??4c??53??49??44??25??31??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex14= {43??4c??53??49??44??25??31??49??6e??70??72??6f??63??48??61??6e??64??6c??65??72??33??32??0a??} \n \t\t $hex15= {43??4c??53??49??44??25??31??49??6e??73??65??72??74??61??62??6c??65??0a??} \n \t\t $hex16= {43??4c??53??49??44??25??31??4c??6f??63??61??6c??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex17= {43??4c??53??49??44??25??31??4d??69??73??63??53??74??61??74??75??73??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192 Group", "expiration": null, "is_active": 1 }, { "id": 3190220649, "indicator": "062517b193143d897afe6acc9f17bd89aed67c12", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 6ff16afc92ce09acd2e3890b780efd86", "expiration": null, "is_active": 1 }, { "id": 2708549, "indicator": "df029b80da7bd51216bc143caa362e02fb88f7bd00349a95b1712af3c8d3d96d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 6ff16afc92ce09acd2e3890b780efd86", "expiration": null, "is_active": 1 }, { "id": 3409660206, "indicator": "2c83ccd711e9e7f36f694d25560c8df15a1c7f39", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_df029b80da7bd51216bc143caa362e02fb88f7bd00349a95b1712af3c8d3d96d { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_df029b80da7bd51216bc143caa362e02fb88f7bd00349a95b1712af3c8d3d96d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6ff16afc92ce09acd2e3890b780efd86\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Bricks Document\" fullword wide \n \t\t $s2= \"Bricks.Document\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??72??69??63??6b??73??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex2= {42??72??69??63??6b??73??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_df029b80da7bd51216bc143caa362e02fb88f7bd00349a95b1712af3c8d3d96d Group", "expiration": null, "is_active": 1 }, { "id": 12129080, "indicator": "2723fa5a414a503262d634fcc781d7d57c6f76ee", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of e61c043005c16028dd55c04b14041f5e", "expiration": null, "is_active": 1 }, { "id": 2663227, "indicator": "66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of e61c043005c16028dd55c04b14041f5e", "expiration": null, "is_active": 1 }, { "id": 3409660207, "indicator": "1447faf27b43be5680011c02edce499f797a7b21", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e61c043005c16028dd55c04b14041f5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"E61DA404E6D.jpg\" fullword wide \n \t\t $s2= \"E61DA404E6D.txt\" fullword wide \n \t\t $s3= \"ExceptionHandler.dll\" fullword wide \n \t\t $s4= \"LocateNtdllEntry err\" fullword wide \n \t\t $s5= \"SeDebugPrivilege\" fullword wide \n \t\t $s6= \"szGetCmdLine err1\" fullword wide \n \t\t $s7= \"szGetCmdLine err2\" fullword wide \n \t\t $s8= \"VMPTMPE61DA404E6D.jpg\" fullword wide \n \t\t $s9= \"VMPTMPE61DA404E6D.txt\" fullword wide \n \t\t $s10= \"VMPTMPExceptionHandler.dll\" fullword wide \n \t\t $s11= \"VMPTMPwin.dat\" fullword wide \n \t\t $s12= \"WinDbgFrameClass\" fullword wide \n \n \t\t $hex1= {45??36??31??44??41??34??30??34??45??36??44??2e??6a??70??67??0a??} \n \t\t $hex2= {45??36??31??44??41??34??30??34??45??36??44??2e??74??78??74??0a??} \n \t\t $hex3= {45??78??63??65??70??74??69??6f??6e??48??61??6e??64??6c??65??72??2e??64??6c??6c??0a??} \n \t\t $hex4= {4c??6f??63??61??74??65??4e??74??64??6c??6c??45??6e??74??72??79??20??65??72??72??0a??} \n \t\t $hex5= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex6= {56??4d??50??54??4d??50??45??36??31??44??41??34??30??34??45??36??44??2e??6a??70??67??0a??} \n \t\t $hex7= {56??4d??50??54??4d??50??45??36??31??44??41??34??30??34??45??36??44??2e??74??78??74??0a??} \n \t\t $hex8= {56??4d??50??54??4d??50??45??78??63??65??70??74??69??6f??6e??48??61??6e??64??6c??65??72??2e??64??6c??6c??0a??} \n \t\t $hex9= {56??4d??50??54??4d??50??77??69??6e??2e??64??61??74??0a??} \n \t\t $hex10= {57??69??6e??44??62??67??46??72??61??6d??65??43??6c??61??73??73??0a??} \n \t\t $hex11= {73??7a??47??65??74??43??6d??64??4c??69??6e??65??20??65??72??72??31??0a??} \n \t\t $hex12= {73??7a??47??65??74??43??6d??64??4c??69??6e??65??20??65??72??72??32??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_66e677b081e0361020cda4f218a501497faad1f6c0897f26c25ca51c4a5dad40 Group", "expiration": null, "is_active": 1 }, { "id": 2880023506, "indicator": "768c2678a1dbd2f85f179811e5a367b544bc7ac2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 8c9e843d62ff89f15c25517eff02497b", "expiration": null, "is_active": 1 }, { "id": 2708568, "indicator": "f38b52777796f413a8cf7333a58a3cdbc4976855a9214d44b20a999a76395531", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 8c9e843d62ff89f15c25517eff02497b", "expiration": null, "is_active": 1 }, { "id": 3409660208, "indicator": "1f31c8aea54817ac8e3c51c16302a7ad6241ccb0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f38b52777796f413a8cf7333a58a3cdbc4976855a9214d44b20a999a76395531 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f38b52777796f413a8cf7333a58a3cdbc4976855a9214d44b20a999a76395531 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8c9e843d62ff89f15c25517eff02497b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"20130401 Application\" fullword wide \n \t\t $s2= \"&About 20130401...\" fullword wide \n \t\t $s3= \"Erase everything\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"My20130401.Document\" fullword wide \n \t\t $s7= \"My2013 Document\" fullword wide \n \t\t $s8= \"&Open... Ctrl+O\" fullword wide \n \t\t $s9= \"OriginalFilename\" fullword wide \n \t\t $s10= \"Paste &Special...\" fullword wide \n \t\t $s11= \"&Print... Ctrl+P\" fullword wide \n \t\t $s12= \"P&rint Setup...\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {32??30??31??33??30??34??30??31??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_f38b52777796f413a8cf7333a58a3cdbc4976855a9214d44b20a999a76395531 Group", "expiration": null, "is_active": 1 }, { "id": 3409660209, "indicator": "1d9dc530e57d8127ebcd7c3afed28ab2f234de00", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"13cdd0d9f222a47589c5c71fa3ac2cbe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"american english\" fullword wide \n \t\t $s3= \"american-english\" fullword wide \n \t\t $s4= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"chinese-hongkong\" fullword wide \n \t\t $s13= \"chinese-simplified\" fullword wide \n \t\t $s14= \"chinese-singapore\" fullword wide \n \t\t $s15= \"chinese-traditional\" fullword wide \n \t\t $s16= \"english-american\" fullword wide \n \t\t $s17= \"english-caribbean\" fullword wide \n \t\t $s18= \"english-jamaica\" fullword wide \n \t\t $s19= \"english-south africa\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex13= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex14= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex15= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex16= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex17= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex18= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex19= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex20= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_1ba4f8d569dafdf2c0152d706fc9cc3d6eb646e8ea639c410c8f95e07bc2551e Group", "expiration": null, "is_active": 1 }, { "id": 3190220657, "indicator": "1e5226e1581fc95416990b4ff35692476d1e53ac", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 4b7cc736e85f6c2d128a78c69280f12c", "expiration": null, "is_active": 1 }, { "id": 3190220852, "indicator": "ad4b4bccc23b312f62461e80250c82afd1fe3a0910fcfc94f197d2803bd1c30b", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 4b7cc736e85f6c2d128a78c69280f12c", "expiration": null, "is_active": 1 }, { "id": 3409660210, "indicator": "c08fa44fdb33c4dd721d2bda020274947e29175e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_ad4b4bccc23b312f62461e80250c82afd1fe3a0910fcfc94f197d2803bd1c30b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_ad4b4bccc23b312f62461e80250c82afd1fe3a0910fcfc94f197d2803bd1c30b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4b7cc736e85f6c2d128a78c69280f12c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"/a>\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \";fsize=-12;[/.]\" fullword wide \n \t\t $s4= \"MfcFontComboBox\" fullword wide \n \t\t $s5= \"msctls_progress32\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {2f??61??3e??0a??} \n \t\t $hex2= {3b??66??73??69??7a??65??3d??2d??31??32??3b??5b??2f??2e??5d??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??66??63??46??6f??6e??74??43??6f??6d??62??6f??42??6f??78??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_ad4b4bccc23b312f62461e80250c82afd1fe3a0910fcfc94f197d2803bd1c30b Group", "expiration": null, "is_active": 1 }, { "id": 3409660211, "indicator": "2f1978dfe028e7f13817123e506233226ed23ccc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f5744d72c6919f994ff452b0e758ffee\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_f251485a62e104dfd8629dc4d2dfd572ebd0ab554602d682a28682876a47e773 Group", "expiration": null, "is_active": 1 }, { "id": 3409660212, "indicator": "9f73bf1d02089497addab6c6935f328f462f6d48", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9da42d0bce9f5dbf22d33df77c561bda\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"american english\" fullword wide \n \t\t $s3= \"american-english\" fullword wide \n \t\t $s4= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s6= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s10= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s11= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s12= \"chinese-hongkong\" fullword wide \n \t\t $s13= \"chinese-simplified\" fullword wide \n \t\t $s14= \"chinese-singapore\" fullword wide \n \t\t $s15= \"chinese-traditional\" fullword wide \n \t\t $s16= \"english-american\" fullword wide \n \t\t $s17= \"english-caribbean\" fullword wide \n \t\t $s18= \"english-jamaica\" fullword wide \n \t\t $s19= \"english-south africa\" fullword wide \n \t\t $s20= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex13= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex14= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex15= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex16= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex17= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex18= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex19= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex20= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_f9f2b38e11402b56fe05127bf0e688d74bb6e55834b93b7a0f6c61174670177a Group", "expiration": null, "is_active": 1 }, { "id": 2582690309, "indicator": "6d1280824fe6c6386e5bf08a59f0e5b2eb19cdd0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 21567cce2c26e7543b977a205845ba77", "expiration": null, "is_active": 1 }, { "id": 1598883419, "indicator": "8cc24c507de155942dd99f94f90f7cc8088cc74ce6e89155b764e5d40ca649f4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 21567cce2c26e7543b977a205845ba77", "expiration": null, "is_active": 1 }, { "id": 3409660213, "indicator": "13b2c141f8e000e1f69aa1a7e31cddb7e6854caa", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_8cc24c507de155942dd99f94f90f7cc8088cc74ce6e89155b764e5d40ca649f4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_8cc24c507de155942dd99f94f90f7cc8088cc74ce6e89155b764e5d40ca649f4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"21567cce2c26e7543b977a205845ba77\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"SynTPperSrv.exe\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??6e??54??50??70??65??72??53??72??76??2e??65??78??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_8cc24c507de155942dd99f94f90f7cc8088cc74ce6e89155b764e5d40ca649f4 Group", "expiration": null, "is_active": 1 }, { "id": 3409660214, "indicator": "a28dc2dedfad269e9d252f0dccb543e6b6a84020", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"07abd6583295061eac2435ae470eff78\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"@Data/gl/b10.bmp\" fullword wide \n \t\t $s10= \"Data/info/floor.png\" fullword wide \n \t\t $s11= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s12= \"FileDescription\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {40??44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex13= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex14= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_efa0b414a831cbf724d1c67808b7483dec22a981ae670947793d114048f88057 Group", "expiration": null, "is_active": 1 }, { "id": 3190220701, "indicator": "f16f185ba0e339f97d6533b112c92bb447a3840e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 10c13a817bf7622b2359d1816be4c122", "expiration": null, "is_active": 1 }, { "id": 1598883559, "indicator": "fbd40f66f24d4c3e060b4e6df8605f7271714958b7c0b801c41251e2b7510d00", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 10c13a817bf7622b2359d1816be4c122", "expiration": null, "is_active": 1 }, { "id": 3409660215, "indicator": "7760a66e8ae0313e44cf33d7e63bf035001d5a02", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fbd40f66f24d4c3e060b4e6df8605f7271714958b7c0b801c41251e2b7510d00 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fbd40f66f24d4c3e060b4e6df8605f7271714958b7c0b801c41251e2b7510d00 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-04-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"10c13a817bf7622b2359d1816be4c122\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"VizorHtmlDialog\" fullword wide \n \t\t $s9= \"VizorHtmlDialog.exe\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??0a??} \n \t\t $hex9= {56??69??7a??6f??72??48??74??6d??6c??44??69??61??6c??6f??67??2e??65??78??65??0a??} \n \t\t $hex10= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_fbd40f66f24d4c3e060b4e6df8605f7271714958b7c0b801c41251e2b7510d00 Group", "expiration": null, "is_active": 1 }, { "id": 2610074214, "indicator": "3be8191425e27f891dc80f3aa2e31b215a77c429", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Downloader.24465-1", "description": "SHA1 of d9a958d55d457d745998ee70cf025cb9", "expiration": null, "is_active": 1 }, { "id": 1598883376, "indicator": "33a3243659c05ada3a42c846e0af049a8fda6c0d1687d8100e33ab38e2cc90f6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Downloader.24465-1", "description": "SHA256 of d9a958d55d457d745998ee70cf025cb9", "expiration": null, "is_active": 1 }, { "id": 3409660216, "indicator": "5b59326e35f08f406a883c531a02d167758b2ffe", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_33a3243659c05ada3a42c846e0af049a8fda6c0d1687d8100e33ab38e2cc90f6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_33a3243659c05ada3a42c846e0af049a8fda6c0d1687d8100e33ab38e2cc90f6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d9a958d55d457d745998ee70cf025cb9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"skk38sk4sf 1.21\" fullword wide \n \t\t $s9= \"SysTabControl32\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex10= {73??6b??6b??33??38??73??6b??34??73??66??20??31??2e??32??31??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_33a3243659c05ada3a42c846e0af049a8fda6c0d1687d8100e33ab38e2cc90f6 Group", "expiration": null, "is_active": 1 }, { "id": 3409660217, "indicator": "f64067719e8caae49281a89e7e125555c705ff13", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b34402586a077b7ed11b44d042c7aabf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"About StatePattern_Game\" fullword wide \n \t\t $s3= \"DateTimePicker1\" fullword wide \n \t\t $s4= \"Erase everything\" fullword wide \n \t\t $s5= \"EStatePattern_Game\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"LegalTrademarks\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"sssfeeasfeaeasfae\" fullword wide \n \t\t $s10= \"StatePattern_Game\" fullword wide \n \t\t $s11= \"StatePatternGame.Document\" fullword wide \n \t\t $s12= \"StateP Document\" fullword wide \n \t\t $s13= \"SysDateTimePick32\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex3= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex4= {45??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex5= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {53??74??61??74??65??50??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {53??74??61??74??65??50??61??74??74??65??72??6e??47??61??6d??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex11= {53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex12= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {73??73??73??66??65??65??61??73??66??65??61??65??61??73??66??61??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_c4eaadd10deb0a500bb693480507367b492564079a1548963da4639c0bf861bd Group", "expiration": null, "is_active": 1 }, { "id": 3409660218, "indicator": "e75f891673a5a81c171e3395e4ad11004335086d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_01f8b2524a0322e2e32b9725155685e20bac5c111d2d253d1a60639faf616b2f { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_01f8b2524a0322e2e32b9725155685e20bac5c111d2d253d1a60639faf616b2f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"35947b085e4593ccf38a5eb26ca4d4cf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"201301 Application\" fullword wide \n \t\t $s2= \"&About 20130401...\" fullword wide \n \t\t $s3= \"Erase everything\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"My20130401.Document\" fullword wide \n \t\t $s7= \"My2013 Document\" fullword wide \n \t\t $s8= \"&Open... Ctrl+O\" fullword wide \n \t\t $s9= \"OriginalFilename\" fullword wide \n \t\t $s10= \"Paste &Special...\" fullword wide \n \t\t $s11= \"&Print... Ctrl+P\" fullword wide \n \t\t $s12= \"P&rint Setup...\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {32??30??31??33??30??31??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_01f8b2524a0322e2e32b9725155685e20bac5c111d2d253d1a60639faf616b2f Group", "expiration": null, "is_active": 1 }, { "id": 3409660219, "indicator": "e15512dfc47c63308369c99d51065ba4dcd406d6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_06a07e78b844910886c95d493c0a23cbe3f27422a436afde35f6bbb1ed8fe620 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_06a07e78b844910886c95d493c0a23cbe3f27422a436afde35f6bbb1ed8fe620 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"726788726dfb19231c6fc9c83ee2f392\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"My20130401.Document\" fullword wide \n \t\t $s8= \"My2013 Document\" fullword wide \n \t\t $s9= \"&Open... Ctrl+O\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"Paste &Special...\" fullword wide \n \t\t $s12= \"&Print... Ctrl+P\" fullword wide \n \t\t $s13= \"P&rint Setup...\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_06a07e78b844910886c95d493c0a23cbe3f27422a436afde35f6bbb1ed8fe620 Group", "expiration": null, "is_active": 1 }, { "id": 3409660220, "indicator": "348921ee3ec8aeb07e7950b51b2e2df5fc394aea", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5e57aed3bf9d7625ed853f40cc59c2e0c872ca7b9b63cf7d252b5bb106c806bf { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5e57aed3bf9d7625ed853f40cc59c2e0c872ca7b9b63cf7d252b5bb106c806bf Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9a014c33f9a9958ffbcf99d2a71d52fe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"Microsoft Mi.exe\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"skk38sk4sf 1.21\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4d??69??63??72??6f??73??6f??66??74??20??4d??69??2e??65??78??65??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {73??6b??6b??33??38??73??6b??34??73??66??20??31??2e??32??31??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_5e57aed3bf9d7625ed853f40cc59c2e0c872ca7b9b63cf7d252b5bb106c806bf Group", "expiration": null, "is_active": 1 }, { "id": 3363914888, "indicator": "0887485dcd03b954acaef3738841d0e6331ecbf0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of d81b91cd4c6f42eb7049109cb42461ed", "expiration": null, "is_active": 1 }, { "id": 1598883423, "indicator": "96a204e8533f829b32b1c6da03578e5275b613d7fa2bde9dcfdd669f71df4eed", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of d81b91cd4c6f42eb7049109cb42461ed", "expiration": null, "is_active": 1 }, { "id": 3409660221, "indicator": "d1c3b677ecb748a423b85368c30b3f205ce3b19d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_96a204e8533f829b32b1c6da03578e5275b613d7fa2bde9dcfdd669f71df4eed { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_96a204e8533f829b32b1c6da03578e5275b613d7fa2bde9dcfdd669f71df4eed Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d81b91cd4c6f42eb7049109cb42461ed\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"WinMai Document\" fullword wide \n \t\t $s6= \"WinMain(&A)...\" fullword wide \n \t\t $s7= \"WinMain.Document\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??4d??61??69??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex6= {57??69??6e??4d??61??69??6e??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex7= {57??69??6e??4d??61??69??6e??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_96a204e8533f829b32b1c6da03578e5275b613d7fa2bde9dcfdd669f71df4eed Group", "expiration": null, "is_active": 1 }, { "id": 3409660285, "indicator": "762e72b1b7cb38972aa0e6c7d606b7951419fbe2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c2a07ca21ecad714821df647ada8ecaa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"@Data/gl/b10.bmp\" fullword wide \n \t\t $s10= \"Data/info/floor.png\" fullword wide \n \t\t $s11= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s12= \"FileDescription\" fullword wide \n \t\t $s13= \"OriginalFilename\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {40??44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex12= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex13= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex14= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_c885a4f5c066b00e9d4de8cc0f5463f27ce49869519db8cfdc7a9ae19cdce4f0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660286, "indicator": "eedd7382d9b4f20cde137809c4bcd1882500fc20", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"db212129be94fe77362751c557d0e893\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s10= \"FileDescription\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_fadf362a52dcf884f0d41ce3df9eaa9bb30227afda50c0e0657c096baff501f0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660287, "indicator": "3a2fa2a01c566fa2de7bb433d0ee6fa77e21a5c5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"da5ee020bef41dc95c3532cbaa1ea8f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"ColumnOrdinal ASC\" fullword wide \n \t\t $s3= \"CreationOriginatorId\" fullword wide \n \t\t $s4= \"CreationOriginatorIdColumn\" fullword wide \n \t\t $s5= \"CreationTracking\" fullword wide \n \t\t $s6= \"CreationTrackingColumn\" fullword wide \n \t\t $s7= \"DeletionOriginatorId\" fullword wide \n \t\t $s8= \"DeletionOriginatorIdColumn\" fullword wide \n \t\t $s9= \"DeletionTracking\" fullword wide \n \t\t $s10= \"DeletionTrackingColumn\" fullword wide \n \t\t $s11= \"FileDescription\" fullword wide \n \t\t $s12= \"filterParameter\" fullword wide \n \t\t $s13= \"FilterParameters\" fullword wide \n \t\t $s14= \"http://www.microsoft.com/sql/\" fullword wide \n \t\t $s15= \"_last_received_anchor\" fullword wide \n \t\t $s16= \"Microsoft Corporation\" fullword wide \n \t\t $s17= \"NumericPrecision\" fullword wide \n \t\t $s18= \"OriginalFilename\" fullword wide \n \t\t $s19= \"OverloadNotSupportedWithSCT\" fullword wide \n \t\t $s20= \"@@QUOTED_TABLE_NAME@@\" fullword wide \n \n \t\t $hex1= {40??40??51??55??4f??54??45??44??5f??54??41??42??4c??45??5f??4e??41??4d??45??40??40??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {43??6f??6c??75??6d??6e??4f??72??64??69??6e??61??6c??20??41??53??43??0a??} \n \t\t $hex4= {43??72??65??61??74??69??6f??6e??4f??72??69??67??69??6e??61??74??6f??72??49??64??0a??} \n \t\t $hex5= {43??72??65??61??74??69??6f??6e??4f??72??69??67??69??6e??61??74??6f??72??49??64??43??6f??6c??75??6d??6e??0a??} \n \t\t $hex6= {43??72??65??61??74??69??6f??6e??54??72??61??63??6b??69??6e??67??0a??} \n \t\t $hex7= {43??72??65??61??74??69??6f??6e??54??72??61??63??6b??69??6e??67??43??6f??6c??75??6d??6e??0a??} \n \t\t $hex8= {44??65??6c??65??74??69??6f??6e??4f??72??69??67??69??6e??61??74??6f??72??49??64??0a??} \n \t\t $hex9= {44??65??6c??65??74??69??6f??6e??4f??72??69??67??69??6e??61??74??6f??72??49??64??43??6f??6c??75??6d??6e??0a??} \n \t\t $hex10= {44??65??6c??65??74??69??6f??6e??54??72??61??63??6b??69??6e??67??0a??} \n \t\t $hex11= {44??65??6c??65??74??69??6f??6e??54??72??61??63??6b??69??6e??67??43??6f??6c??75??6d??6e??0a??} \n \t\t $hex12= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex13= {46??69??6c??74??65??72??50??61??72??61??6d??65??74??65??72??73??0a??} \n \t\t $hex14= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex15= {4e??75??6d??65??72??69??63??50??72??65??63??69??73??69??6f??6e??0a??} \n \t\t $hex16= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex17= {4f??76??65??72??6c??6f??61??64??4e??6f??74??53??75??70??70??6f??72??74??65??64??57??69??74??68??53??43??54??0a??} \n \t\t $hex18= {5f??6c??61??73??74??5f??72??65??63??65??69??76??65??64??5f??61??6e??63??68??6f??72??0a??} \n \t\t $hex19= {66??69??6c??74??65??72??50??61??72??61??6d??65??74??65??72??0a??} \n \t\t $hex20= {68??74??74??70??3a??2f??2f??77??77??77??2e??6d??69??63??72??6f??73??6f??66??74??2e??63??6f??6d??2f??73??71??6c??2f??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_2e933b9823f15038eaf786f0898df03508a17ace8620a404edf5229aea0b9f18 Group", "expiration": null, "is_active": 1 }, { "id": 3409660288, "indicator": "802c2d5714e4efc4f073b011dc19a5842df396a5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d316848ce47c098ccfe72aa7311aaffa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DateTimePicker1\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"(*.prn)|*.prn|\" fullword wide \n \t\t $s6= \"School Document\" fullword wide \n \t\t $s7= \"School.Document\" fullword wide \n \t\t $s8= \"ShorcutLauncher\" fullword wide \n \t\t $s9= \"ShorcutLauncher.exe\" fullword wide \n \t\t $s10= \"SysDateTimePick32\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {28??2a??2e??70??72??6e??29??7c??2a??2e??70??72??6e??7c??0a??} \n \t\t $hex2= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??63??68??6f??6f??6c??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex7= {53??63??68??6f??6f??6c??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {53??68??6f??72??63??75??74??4c??61??75??6e??63??68??65??72??0a??} \n \t\t $hex9= {53??68??6f??72??63??75??74??4c??61??75??6e??63??68??65??72??2e??65??78??65??0a??} \n \t\t $hex10= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex11= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_6c7e85e426999579dd6a540fcd827b644a79cda0ad50211d585a0be513571586 Group", "expiration": null, "is_active": 1 }, { "id": 3409660289, "indicator": "ce557741c761fccaea5ab36cc9b0671dcbf14567", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"62898b77bd9e8e286d6bc760f3e28981\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681 Group", "expiration": null, "is_active": 1 }, { "id": 2582695136, "indicator": "8464b20f776f9717ec797374860d4fb1151dd1f2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of e1663b6462115ba929b05bb75a61ed5f", "expiration": null, "is_active": 1 }, { "id": 1598883403, "indicator": "646194791590993c21a49e16465c245094e288c077d1e279258c3d22de0febf8", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of e1663b6462115ba929b05bb75a61ed5f", "expiration": null, "is_active": 1 }, { "id": 3409660290, "indicator": "82e47b266273b73470bbb2e2d5ead1b402b94048", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_646194791590993c21a49e16465c245094e288c077d1e279258c3d22de0febf8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_646194791590993c21a49e16465c245094e288c077d1e279258c3d22de0febf8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e1663b6462115ba929b05bb75a61ed5f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_646194791590993c21a49e16465c245094e288c077d1e279258c3d22de0febf8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660291, "indicator": "2364d78c99291976fc96b3a1aa1d6ab5ed9193da", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b0649c1f7fb15796805ca983fd8f95a3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_fd6a956a7708708cddff78c8505c7db73d7c4e961da8a3c00cc5a51171a92b7b Group", "expiration": null, "is_active": 1 }, { "id": 3078137893, "indicator": "8b045ce919166148d12d69e5e46f6815a257af41", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of 08f10881e2c57eb6f7368b7c06735826", "expiration": null, "is_active": 1 }, { "id": 1598883464, "indicator": "d93cc9da23444d0139bb0f34c51f67330e4e31088bf40a4c65526710e7210da0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of 08f10881e2c57eb6f7368b7c06735826", "expiration": null, "is_active": 1 }, { "id": 3409660310, "indicator": "dff1041acd9068d62d69e657f51703d0d5a9f272", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d93cc9da23444d0139bb0f34c51f67330e4e31088bf40a4c65526710e7210da0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d93cc9da23444d0139bb0f34c51f67330e4e31088bf40a4c65526710e7210da0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"08f10881e2c57eb6f7368b7c06735826\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"SysTabControl32\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_d93cc9da23444d0139bb0f34c51f67330e4e31088bf40a4c65526710e7210da0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660311, "indicator": "9cf759cd68db155267f36aa850adcab5537fc3c9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5bb956a9ae970bde4b273f33fc2424882174c0c70205dc191b2dd479a218a947 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5bb956a9ae970bde4b273f33fc2424882174c0c70205dc191b2dd479a218a947 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-03-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2a92aff566d6b1253e5c63336c32df73\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Abrir... Ctrl+A\" fullword wide \n \t\t $s2= \"Archivo reciente\" fullword wide \n \t\t $s3= \"Cancelar presentaci\" fullword wide \n \t\t $s4= \"Con&figurar impresora...\" fullword wide \n \t\t $s5= \"Convertir objetos\" fullword wide \n \t\t $s6= \"&Deshacer Ctrl+Z\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"ginas completas\" fullword wide \n \t\t $s9= \"Guardar c&omo...\" fullword wide \n \t\t $s10= \"&Guardar Ctrl+G\" fullword wide \n \t\t $s11= \"&Imprimir... Ctrl+I\" fullword wide \n \t\t $s12= \"IMuestra informaci\" fullword wide \n \t\t $s13= \"LegalTrademarks\" fullword wide \n \t\t $s14= \"ListaBMuestra informaci\" fullword wide \n \t\t $s15= \"&Organizar autom\" fullword wide \n \t\t $s16= \"&Organizar iconos\" fullword wide \n \t\t $s17= \"Organizar &iconos\" fullword wide \n \t\t $s18= \"OriginalFilename\" fullword wide \n \t\t $s19= \"Pegado &especial...\" fullword wide \n \t\t $s20= \"Pegado especial\" fullword wide \n \n \t\t $hex1= {26??41??62??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex2= {26??44??65??73??68??61??63??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex3= {26??47??75??61??72??64??61??72??20??43??74??72??6c??2b??47??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??69??72??2e??2e??2e??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex5= {26??4f??72??67??61??6e??69??7a??61??72??20??61??75??74??6f??6d??0a??} \n \t\t $hex6= {26??4f??72??67??61??6e??69??7a??61??72??20??69??63??6f??6e??6f??73??0a??} \n \t\t $hex7= {41??72??63??68??69??76??6f??20??72??65??63??69??65??6e??74??65??0a??} \n \t\t $hex8= {43??61??6e??63??65??6c??61??72??20??70??72??65??73??65??6e??74??61??63??69??0a??} \n \t\t $hex9= {43??6f??6e??26??66??69??67??75??72??61??72??20??69??6d??70??72??65??73??6f??72??61??2e??2e??2e??0a??} \n \t\t $hex10= {43??6f??6e??76??65??72??74??69??72??20??6f??62??6a??65??74??6f??73??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {47??75??61??72??64??61??72??20??63??26??6f??6d??6f??2e??2e??2e??0a??} \n \t\t $hex13= {49??4d??75??65??73??74??72??61??20??69??6e??66??6f??72??6d??61??63??69??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4c??69??73??74??61??42??4d??75??65??73??74??72??61??20??69??6e??66??6f??72??6d??61??63??69??0a??} \n \t\t $hex16= {4f??72??67??61??6e??69??7a??61??72??20??26??69??63??6f??6e??6f??73??0a??} \n \t\t $hex17= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex18= {50??65??67??61??64??6f??20??26??65??73??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex19= {50??65??67??61??64??6f??20??65??73??70??65??63??69??61??6c??0a??} \n \t\t $hex20= {67??69??6e??61??73??20??63??6f??6d??70??6c??65??74??61??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_5bb956a9ae970bde4b273f33fc2424882174c0c70205dc191b2dd479a218a947 Group", "expiration": null, "is_active": 1 }, { "id": 3190220693, "indicator": "d3632c579a700901e234842b628274cac86714a6", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Hydraq-93", "description": "SHA1 of 6fea7954ab3d31414946d95e72f3152c", "expiration": null, "is_active": 1 }, { "id": 1598883446, "indicator": "b9618847bd56419947576e9f14e43aa0f8397619f9456f2d4bff4d292c03faae", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Hydraq-93", "description": "SHA256 of 6fea7954ab3d31414946d95e72f3152c", "expiration": null, "is_active": 1 }, { "id": 3409660312, "indicator": "696bf3bc4dc0f96fb76491a30a65a7ef31e4dab2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_b9618847bd56419947576e9f14e43aa0f8397619f9456f2d4bff4d292c03faae { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b9618847bd56419947576e9f14e43aa0f8397619f9456f2d4bff4d292c03faae Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6fea7954ab3d31414946d95e72f3152c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.0 (xpclient.010817-1148)\" fullword wide \n \t\t $s2= \"&About Calculator\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"D&igit grouping\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"LegalTrademarks\" fullword wide \n \t\t $s9= \"Microsoft Corporation\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??43??61??6c??63??75??6c??61??74??6f??72??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??30??20??28??78??70??63??6c??69??65??6e??74??2e??30??31??30??38??31??37??2d??31??31??} \n \t\t $hex3= {44??26??69??67??69??74??20??67??72??6f??75??70??69??6e??67??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex10= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex11= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_10_b9618847bd56419947576e9f14e43aa0f8397619f9456f2d4bff4d292c03faae Group", "expiration": null, "is_active": 1 }, { "id": 3409660313, "indicator": "eb6206aea5d8c498c36d4dfce3cef4d744200982", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b3139b26a2dabb9b6e728884d8fa8b33\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"accDefaultAction\" fullword wide \n \t\t $s2= \"accDoDefaultAction\" fullword wide \n \t\t $s3= \"accKeyboardShortcut\" fullword wide \n \t\t $s4= \"BInProcServer32\" fullword wide \n \t\t $s5= \"eCMFCToolBarMenuButton\" fullword wide \n \t\t $s6= \"InsertParagraphAfter\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"Word.Application\" fullword wide \n \n \t\t $hex1= {42??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex2= {49??6e??73??65??72??74??50??61??72??61??67??72??61??70??68??41??66??74??65??72??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??6f??72??64??2e??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex5= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex6= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex7= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex8= {65??43??4d??46??43??54??6f??6f??6c??42??61??72??4d??65??6e??75??42??75??74??74??6f??6e??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_5262cb9791df50fafcb2fbd5f93226050b51efe400c2924eecba97b7ce437481 Group", "expiration": null, "is_active": 1 }, { "id": 3409660314, "indicator": "a748ff6305cafe65236a74783a443e718b8f20d5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1d0105cf8e076b33ed499f1dfef9a46b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_d26dae0d8e5c23ec35e8b9cf126cded45b8096fc07560ad1c06585357921eeed Group", "expiration": null, "is_active": 1 }, { "id": 3409660315, "indicator": "a602e1fb66f8a83d2d0b693f6712156c9e544f7c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"93a4328e1e347447044146b53972cd37\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About Tanks...\" fullword wide \n \t\t $s2= \"Available connections\" fullword wide \n \t\t $s3= \"Communication setting\" fullword wide \n \t\t $s4= \"&Disconnect player\" fullword wide \n \t\t $s5= \"FileDescription\" fullword wide \n \t\t $s6= \"Game preferences\" fullword wide \n \t\t $s7= \"Invalid filename.\" fullword wide \n \t\t $s8= \"Keyboard mapping\" fullword wide \n \t\t $s9= \"Movement controls\" fullword wide \n \t\t $s10= \"msctls_trackbar32\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"&Player's guide\" fullword wide \n \t\t $s13= \"&Server management...\" fullword wide \n \t\t $s14= \"Server management\" fullword wide \n \t\t $s15= \"Session options\" fullword wide \n \t\t $s16= \"Symantec Corporation\" fullword wide \n \t\t $s17= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??54??61??6e??6b??73??2e??2e??2e??0a??} \n \t\t $hex2= {26??44??69??73??63??6f??6e??6e??65??63??74??20??70??6c??61??79??65??72??0a??} \n \t\t $hex3= {26??50??6c??61??79??65??72??27??73??20??67??75??69??64??65??0a??} \n \t\t $hex4= {26??53??65??72??76??65??72??20??6d??61??6e??61??67??65??6d??65??6e??74??2e??2e??2e??0a??} \n \t\t $hex5= {41??76??61??69??6c??61??62??6c??65??20??63??6f??6e??6e??65??63??74??69??6f??6e??73??0a??} \n \t\t $hex6= {43??6f??6d??6d??75??6e??69??63??61??74??69??6f??6e??20??73??65??74??74??69??6e??67??0a??} \n \t\t $hex7= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex8= {47??61??6d??65??20??70??72??65??66??65??72??65??6e??63??65??73??0a??} \n \t\t $hex9= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??2e??0a??} \n \t\t $hex10= {4b??65??79??62??6f??61??72??64??20??6d??61??70??70??69??6e??67??0a??} \n \t\t $hex11= {4d??6f??76??65??6d??65??6e??74??20??63??6f??6e??74??72??6f??6c??73??0a??} \n \t\t $hex12= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {53??65??72??76??65??72??20??6d??61??6e??61??67??65??6d??65??6e??74??0a??} \n \t\t $hex14= {53??65??73??73??69??6f??6e??20??6f??70??74??69??6f??6e??73??0a??} \n \t\t $hex15= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex16= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex17= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_APT_10_5bb461b61837faa881d32849068c8e41172ccb6f86166582f46bdb450b98c1ef Group", "expiration": null, "is_active": 1 }, { "id": 3363914892, "indicator": "2ac27342d2bce99510708b427390de80f454b6c2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 95da3987c6ebd2646e90b7c2a42c19a7", "expiration": null, "is_active": 1 }, { "id": 1598883415, "indicator": "842da7dc7f3a93c3825d4567646244af2cc38870c07a98eaebf043b33eed0342", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 95da3987c6ebd2646e90b7c2a42c19a7", "expiration": null, "is_active": 1 }, { "id": 3409660316, "indicator": "6e0a2c687a68b79312754daaebb1758944df0ec7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_842da7dc7f3a93c3825d4567646244af2cc38870c07a98eaebf043b33eed0342 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_842da7dc7f3a93c3825d4567646244af2cc38870c07a98eaebf043b33eed0342 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"95da3987c6ebd2646e90b7c2a42c19a7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_842da7dc7f3a93c3825d4567646244af2cc38870c07a98eaebf043b33eed0342 Group", "expiration": null, "is_active": 1 }, { "id": 3409660317, "indicator": "dd658a6841af31bd22f1e9dbc0d036a8371a18c8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"429f5048462fd037e3ad7f8a211004c6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_012fe771283404e5231ed2f71e4932674f89d52aa93608bfcaf67150e53609b0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660318, "indicator": "9d83400a444fefab9303cda76087ff8c955a5774", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d108706282a7ec7a9a9452e6e88e33ea\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"3primaryGroupID\" fullword wide \n \t\t $s2= \"5.2.3790.0 (srv03_rtm.030324-2048)\" fullword wide \n \t\t $s3= \"badPasswordTime\" fullword wide \n \t\t $s4= \"Credentials Establishment\" fullword wide \n \t\t $s5= \"defaultNamingContext\" fullword wide \n \t\t $s6= \"distinguishedName\" fullword wide \n \t\t $s7= \"Export Specific\" fullword wide \n \t\t $s8= \"FileDescription\" fullword wide \n \t\t $s9= \"General Parameters\" fullword wide \n \t\t $s10= \"isCriticalSystemObject\" fullword wide \n \t\t $s11= \"lastLogonTimestamp\" fullword wide \n \t\t $s12= \"ldapDisplayName\" fullword wide \n \t\t $s13= \"Loading entries%0\" fullword wide \n \t\t $s14= \"Microsoft Corporation\" fullword wide \n \t\t $s15= \"modifiedCountAtLastProm\" fullword wide \n \t\t $s16= \"(objectClass=*)\" fullword wide \n \t\t $s17= \"OriginalFilename\" fullword wide \n \t\t $s18= \"replPropertyMetaData\" fullword wide \n \t\t $s19= \"schemaNamingContext\" fullword wide \n \t\t $s20= \"supplementalCredentials\" fullword wide \n \n \t\t $hex1= {28??6f??62??6a??65??63??74??43??6c??61??73??73??3d??2a??29??0a??} \n \t\t $hex2= {33??70??72??69??6d??61??72??79??47??72??6f??75??70??49??44??0a??} \n \t\t $hex3= {35??2e??32??2e??33??37??39??30??2e??30??20??28??73??72??76??30??33??5f??72??74??6d??2e??30??33??30??33??32??34??2d??32??} \n \t\t $hex4= {43??72??65??64??65??6e??74??69??61??6c??73??20??45??73??74??61??62??6c??69??73??68??6d??65??6e??74??0a??} \n \t\t $hex5= {45??78??70??6f??72??74??20??53??70??65??63??69??66??69??63??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {47??65??6e??65??72??61??6c??20??50??61??72??61??6d??65??74??65??72??73??0a??} \n \t\t $hex8= {4c??6f??61??64??69??6e??67??20??65??6e??74??72??69??65??73??25??30??0a??} \n \t\t $hex9= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {62??61??64??50??61??73??73??77??6f??72??64??54??69??6d??65??0a??} \n \t\t $hex12= {64??65??66??61??75??6c??74??4e??61??6d??69??6e??67??43??6f??6e??74??65??78??74??0a??} \n \t\t $hex13= {64??69??73??74??69??6e??67??75??69??73??68??65??64??4e??61??6d??65??0a??} \n \t\t $hex14= {69??73??43??72??69??74??69??63??61??6c??53??79??73??74??65??6d??4f??62??6a??65??63??74??0a??} \n \t\t $hex15= {6c??61??73??74??4c??6f??67??6f??6e??54??69??6d??65??73??74??61??6d??70??0a??} \n \t\t $hex16= {6c??64??61??70??44??69??73??70??6c??61??79??4e??61??6d??65??0a??} \n \t\t $hex17= {6d??6f??64??69??66??69??65??64??43??6f??75??6e??74??41??74??4c??61??73??74??50??72??6f??6d??0a??} \n \t\t $hex18= {72??65??70??6c??50??72??6f??70??65??72??74??79??4d??65??74??61??44??61??74??61??0a??} \n \t\t $hex19= {73??63??68??65??6d??61??4e??61??6d??69??6e??67??43??6f??6e??74??65??78??74??0a??} \n \t\t $hex20= {73??75??70??70??6c??65??6d??65??6e??74??61??6c??43??72??65??64??65??6e??74??69??61??6c??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_f09a3b82775cc0a87d775cb22483064ad5e3abb77929073a18220b2e62d2d142 Group", "expiration": null, "is_active": 1 }, { "id": 3409660319, "indicator": "a423a99c666b75e6e050f216f62ab6701c7d04d3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ac725400d9a5fe832dd40a1afb2951f8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_590d5e0858893951e22e392a7dad76b30765c8fd139ca288efeead9b86836237 Group", "expiration": null, "is_active": 1 }, { "id": 3078137890, "indicator": "5047bb227c4db1013270c3b1e0ca2ae0580dbf84", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 0232172544079ff42890db4fd248cc11", "expiration": null, "is_active": 1 }, { "id": 1598883428, "indicator": "9b5b3c037d7b20322b80da3cd787cd7da0526d92c7dc72822f8fdcd32fc01b6f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 0232172544079ff42890db4fd248cc11", "expiration": null, "is_active": 1 }, { "id": 3409660320, "indicator": "70553eeda121a93f33a1a72e08e6fb8d008fb63d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_9b5b3c037d7b20322b80da3cd787cd7da0526d92c7dc72822f8fdcd32fc01b6f { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_9b5b3c037d7b20322b80da3cd787cd7da0526d92c7dc72822f8fdcd32fc01b6f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0232172544079ff42890db4fd248cc11\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"msctls_progress32\" fullword wide \n \t\t $s5= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s8= \"SysTabControl32\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??54??61??62??43??6f??6e??74??72??6f??6c??33??32??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_9b5b3c037d7b20322b80da3cd787cd7da0526d92c7dc72822f8fdcd32fc01b6f Group", "expiration": null, "is_active": 1 }, { "id": 2688538981, "indicator": "b1f96d1b47ea22a0f456e086455c6cc7059fbf1b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of d7dc970923cc80be272aaf6bd1a59fe7", "expiration": null, "is_active": 1 }, { "id": 1598883367, "indicator": "27876dc5e6f746ff6003450eeea5e98de5d96cbcba9e4694dad94ca3e9fb1ddc", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of d7dc970923cc80be272aaf6bd1a59fe7", "expiration": null, "is_active": 1 }, { "id": 3409660321, "indicator": "7c383dee8fa2af4d4a2927bfc9ffbdd831e836ff", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_27876dc5e6f746ff6003450eeea5e98de5d96cbcba9e4694dad94ca3e9fb1ddc { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_27876dc5e6f746ff6003450eeea5e98de5d96cbcba9e4694dad94ca3e9fb1ddc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d7dc970923cc80be272aaf6bd1a59fe7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"My20130401.Document\" fullword wide \n \t\t $s6= \"My2013 Document\" fullword wide \n \t\t $s7= \"&Open... Ctrl+O\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"Paste &Special...\" fullword wide \n \t\t $s10= \"&Print... Ctrl+P\" fullword wide \n \t\t $s11= \"P&rint Setup...\" fullword wide \n \t\t $s12= \"Symantec Corporation\" fullword wide \n \t\t $s13= \"Toggle StatusBar\" fullword wide \n \t\t $s14= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex11= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex12= {53??79??6d??61??6e??74??65??63??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t15 of them \n }", "title": "", "description": "APTMalware_APT_10_27876dc5e6f746ff6003450eeea5e98de5d96cbcba9e4694dad94ca3e9fb1ddc Group", "expiration": null, "is_active": 1 }, { "id": 3409660322, "indicator": "fc3e4a9bdc2c2c1e7a9a64a82c6ba9bb93fd8bc1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"007f5599898ab9013672226b4c5f57e1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"About StatePattern_Game\" fullword wide \n \t\t $s3= \"DateTimePicker1\" fullword wide \n \t\t $s4= \"Erase everything\" fullword wide \n \t\t $s5= \"EStatePattern_Game\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"LegalTrademarks\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"sssfeeasfeaeasfae\" fullword wide \n \t\t $s10= \"StatePattern_Game\" fullword wide \n \t\t $s11= \"StatePatternGame.Document\" fullword wide \n \t\t $s12= \"StateP Document\" fullword wide \n \t\t $s13= \"SysDateTimePick32\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex3= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex4= {45??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex5= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex8= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex9= {53??74??61??74??65??50??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {53??74??61??74??65??50??61??74??74??65??72??6e??47??61??6d??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex11= {53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex12= {53??79??73??44??61??74??65??54??69??6d??65??50??69??63??6b??33??32??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {73??73??73??66??65??65??61??73??66??65??61??65??61??73??66??61??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_28a273ddd8dd9206fe6b56bb631409c2d5e18af23e89a15daa8b7889663e23da Group", "expiration": null, "is_active": 1 }, { "id": 3409660323, "indicator": "5b2381d45082de444b7334e3b5a39386bebdfd77", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37c89f291dbe880b1f3ac036e6b9c558\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_e90064884190b14a6621c18d1f9719a37b9e5f98506e28ff0636438e3282098b Group", "expiration": null, "is_active": 1 }, { "id": 3254663161, "indicator": "1b76d88942096ec3a708b29b442005efd601b5c6", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of ef9d8cd06de03bd5f07b01c1cce9761f", "expiration": null, "is_active": 1 }, { "id": 2708539, "indicator": "d0344d530a732b51b6a71c5b7aa3f86f16f434ef31074d6aa5803bfbc571b6d7", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of ef9d8cd06de03bd5f07b01c1cce9761f", "expiration": null, "is_active": 1 }, { "id": 3409660324, "indicator": "5a990b789a3f33728ea116336f72af049a47af75", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_d0344d530a732b51b6a71c5b7aa3f86f16f434ef31074d6aa5803bfbc571b6d7 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_d0344d530a732b51b6a71c5b7aa3f86f16f434ef31074d6aa5803bfbc571b6d7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ef9d8cd06de03bd5f07b01c1cce9761f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"BmpFile(&A)...\" fullword wide \n \t\t $s2= \"BmpFiles Microsoft\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??6d??70??46??69??6c??65??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {42??6d??70??46??69??6c??65??73??20??4d??69??63??72??6f??73??6f??66??74??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_d0344d530a732b51b6a71c5b7aa3f86f16f434ef31074d6aa5803bfbc571b6d7 Group", "expiration": null, "is_active": 1 }, { "id": 3363914899, "indicator": "42f42969dcc82654346c0875ed2b374f7afd2b8a", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of fc26ad639598a92546af2daa6f6a7afd\nSHA1 of fc26ad639598a92546af2daa6f6a7afd", "expiration": null, "is_active": 1 }, { "id": 1598883359, "indicator": "098e5a0b744dadbe54a2abeaa1014b3386a9e2cdd845df329d5cb8664f60711b", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of fc26ad639598a92546af2daa6f6a7afd\nSHA256 of fc26ad639598a92546af2daa6f6a7afd", "expiration": null, "is_active": 1 }, { "id": 3409660325, "indicator": "9d1c52fde7dc7009f85e1de2f9a924a9b5182c64", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_098e5a0b744dadbe54a2abeaa1014b3386a9e2cdd845df329d5cb8664f60711b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_098e5a0b744dadbe54a2abeaa1014b3386a9e2cdd845df329d5cb8664f60711b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fc26ad639598a92546af2daa6f6a7afd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AlecyCheck.exe\" fullword wide \n \t\t $s2= \"copyright(C) 2012-2029\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??6c??65??63??79??43??68??65??63??6b??2e??65??78??65??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {63??6f??70??79??72??69??67??68??74??28??43??29??20??32??30??31??32??2d??32??30??32??39??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_098e5a0b744dadbe54a2abeaa1014b3386a9e2cdd845df329d5cb8664f60711b Group", "expiration": null, "is_active": 1 }, { "id": 3190220675, "indicator": "704936eff6c7ceb97512b2893dd2b7bfaedd6ace", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA1 of 40ae680e0f9cf3ae344ad97c55723aa9", "expiration": null, "is_active": 1 }, { "id": 1598883413, "indicator": "813c529de3006284b4e993a1ec5261bd8387d08379dc9595992ed4dcd6e38b71", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win32:Evo-gen", "description": "SHA256 of 40ae680e0f9cf3ae344ad97c55723aa9", "expiration": null, "is_active": 1 }, { "id": 3409660326, "indicator": "0a9ae1a1e60223f1a0dd74a125c4c4e6186d5a33", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_813c529de3006284b4e993a1ec5261bd8387d08379dc9595992ed4dcd6e38b71 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_813c529de3006284b4e993a1ec5261bd8387d08379dc9595992ed4dcd6e38b71 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"40ae680e0f9cf3ae344ad97c55723aa9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Mi.exe\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??4d??69??2e??65??78??65??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_813c529de3006284b4e993a1ec5261bd8387d08379dc9595992ed4dcd6e38b71 Group", "expiration": null, "is_active": 1 }, { "id": 18499, "indicator": "eab98fc12e896f1e91960db2f7fb52c1b8767027", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of cddfa154bbe89d4627210eba087c3504", "expiration": null, "is_active": 1 }, { "id": 1598883441, "indicator": "af5182946b0a6bc0b457a048c133d5b23fa4ab2411f7833f0c5513a5994fc5f0", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of cddfa154bbe89d4627210eba087c3504", "expiration": null, "is_active": 1 }, { "id": 3409660327, "indicator": "ee22c753206573a73720969a54dd1eb31c0f21a3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_af5182946b0a6bc0b457a048c133d5b23fa4ab2411f7833f0c5513a5994fc5f0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_af5182946b0a6bc0b457a048c133d5b23fa4ab2411f7833f0c5513a5994fc5f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-01-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cddfa154bbe89d4627210eba087c3504\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Data/gl/b10.bmp\" fullword wide \n \t\t $s2= \"Data/info/f%d.png\" fullword wide \n \t\t $s3= \"Data/info/floor.png\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??61??74??61??2f??67??6c??2f??62??31??30??2e??62??6d??70??0a??} \n \t\t $hex2= {44??61??74??61??2f??69??6e??66??6f??2f??66??25??64??2e??70??6e??67??0a??} \n \t\t $hex3= {44??61??74??61??2f??69??6e??66??6f??2f??66??6c??6f??6f??72??2e??70??6e??67??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_10_af5182946b0a6bc0b457a048c133d5b23fa4ab2411f7833f0c5513a5994fc5f0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660328, "indicator": "54f8749ddd2d4f2c3a0b01f3dfa3eb270208add5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"72f50a28656fa65b6d770af89ed82d69\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About StatePattern_Game...\" fullword wide \n \t\t $s2= \"About StatePattern_Game\" fullword wide \n \t\t $s3= \"Erase everything\" fullword wide \n \t\t $s4= \"EStatePattern_Game\" fullword wide \n \t\t $s5= \"FileDescription\" fullword wide \n \t\t $s6= \"LegalTrademarks\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"StatePattern_Game\" fullword wide \n \t\t $s9= \"StatePatternGame.Document\" fullword wide \n \t\t $s10= \"StateP Document\" fullword wide \n \t\t $s11= \"Toggle StatusBar\" fullword wide \n \t\t $s12= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??2e??2e??2e??0a??} \n \t\t $hex2= {41??62??6f??75??74??20??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex3= {45??53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {53??74??61??74??65??50??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {53??74??61??74??65??50??61??74??74??65??72??6e??47??61??6d??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {53??74??61??74??65??50??61??74??74??65??72??6e??5f??47??61??6d??65??0a??} \n \t\t $hex11= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex12= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_3b011bfde408e8e4589f2e06e874c0a04db021f9fb18c11350b259307a27d7d3 Group", "expiration": null, "is_active": 1 }, { "id": 2582696142, "indicator": "891d0ed7eedd45030dea79f092fa83ef5b04de7f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 6f3d15cf788e28ca504a6370c4ff6a1e", "expiration": null, "is_active": 1 }, { "id": 1598883556, "indicator": "f7ef4a429dec2409fd6f300fd33b42e334f2ada827224bd91d2d74ddfb94da25", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 6f3d15cf788e28ca504a6370c4ff6a1e", "expiration": null, "is_active": 1 }, { "id": 3409660329, "indicator": "34ff35725b6cbff5107668fd694259df3cadc0f3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f7ef4a429dec2409fd6f300fd33b42e334f2ada827224bd91d2d74ddfb94da25 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f7ef4a429dec2409fd6f300fd33b42e334f2ada827224bd91d2d74ddfb94da25 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6f3d15cf788e28ca504a6370c4ff6a1e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft EXL.2012\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??45??58??4c??2e??32??30??31??32??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_f7ef4a429dec2409fd6f300fd33b42e334f2ada827224bd91d2d74ddfb94da25 Group", "expiration": null, "is_active": 1 }, { "id": 3409660330, "indicator": "8a460a875d53321fd53eac82bf2f466f1faf2442", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_328e16b06dcd881c190f073fe9b3edcd94330bec8419ae2626403ab2cfe28243 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_328e16b06dcd881c190f073fe9b3edcd94330bec8419ae2626403ab2cfe28243 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"59a3ff3496740ceea97ff70a980bc3ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Annuler Ctrl+Z\" fullword wide \n \t\t $s2= \"Application MFC\" fullword wide \n \t\t $s3= \"BarckH Document\" fullword wide \n \t\t $s4= \"BarckH.Document\" fullword wide \n \t\t $s5= \"&Barre d'outils\" fullword wide \n \t\t $s6= \"&Enregistrer Ctrl+S\" fullword wide \n \t\t $s7= \"En®istrer sous...\" fullword wide \n \t\t $s8= \"FileDescription\" fullword wide \n \t\t $s9= \"&Imprimer... Ctrl+P\" fullword wide \n \t\t $s10= \"LegalTrademarks\" fullword wide \n \t\t $s11= \"&Nouveau Ctrl+N\" fullword wide \n \t\t $s12= \"OriginalFilename\" fullword wide \n \t\t $s13= \"&Ouvrir... Ctrl+O\" fullword wide \n \t\t $s14= \"rganization automatique\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??6e??6e??75??6c??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex2= {26??42??61??72??72??65??20??64??27??6f??75??74??69??6c??73??0a??} \n \t\t $hex3= {26??45??6e??72??65??67??69??73??74??72??65??72??20??43??74??72??6c??2b??53??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??65??72??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex5= {26??4e??6f??75??76??65??61??75??20??43??74??72??6c??2b??4e??0a??} \n \t\t $hex6= {26??4f??75??76??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex7= {41??70??70??6c??69??63??61??74??69??6f??6e??20??4d??46??43??0a??} \n \t\t $hex8= {42??61??72??63??6b??48??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {42??61??72??63??6b??48??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {45??6e??26??72??65??67??69??73??74??72??65??72??20??73??6f??75??73??2e??2e??2e??0a??} \n \t\t $hex11= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex12= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {72??67??61??6e??69??7a??61??74??69??6f??6e??20??61??75??74??6f??6d??61??74??69??71??75??65??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_328e16b06dcd881c190f073fe9b3edcd94330bec8419ae2626403ab2cfe28243 Group", "expiration": null, "is_active": 1 }, { "id": 3409660331, "indicator": "5ec11948d080604c7eae2fd1bc03af9089a72a96", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_4994822460df6734a914406bd1c6cae1cda6dba631d5914c23ceb169f0311643 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_4994822460df6734a914406bd1c6cae1cda6dba631d5914c23ceb169f0311643 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37a5d27d49385f4e8edb94ad83b38164\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"TestCalculatorDemo\" fullword wide \n \t\t $s5= \"TestCalculatorDemo\" fullword wide \n \t\t $s6= \"TestCalculatorDemo \" fullword wide \n \t\t $s7= \"TestCalculatorDemo(&A)...\" fullword wide \n \t\t $s8= \"TestCalculatorDemo.EXE\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {54??65??73??74??43??61??6c??63??75??6c??61??74??6f??72??44??65??6d??6f??0a??} \n \t\t $hex5= {54??65??73??74??43??61??6c??63??75??6c??61??74??6f??72??44??65??6d??6f??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex6= {54??65??73??74??43??61??6c??63??75??6c??61??74??6f??72??44??65??6d??6f??2e??45??58??45??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_4994822460df6734a914406bd1c6cae1cda6dba631d5914c23ceb169f0311643 Group", "expiration": null, "is_active": 1 }, { "id": 3409660332, "indicator": "230d3f4d72358e0ffebc5ca970ea32d7e0bb8cba", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA1 of 9ed1164f4f6a337cde2ba6e7c72730cf", "expiration": null, "is_active": 1 }, { "id": 1598883562, "indicator": "feac6c86f3935313bb3373207f7182af619bc1a138a112f2803dbb67ef6e93ab", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Armadillov171", "description": "SHA256 of 9ed1164f4f6a337cde2ba6e7c72730cf", "expiration": null, "is_active": 1 }, { "id": 3409660333, "indicator": "0a15c15ed45e6b54bcd05d1366d19dc238738726", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_feac6c86f3935313bb3373207f7182af619bc1a138a112f2803dbb67ef6e93ab { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_feac6c86f3935313bb3373207f7182af619bc1a138a112f2803dbb67ef6e93ab Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9ed1164f4f6a337cde2ba6e7c72730cf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"copyright(C) 2012\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {63??6f??70??79??72??69??67??68??74??28??43??29??20??32??30??31??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_feac6c86f3935313bb3373207f7182af619bc1a138a112f2803dbb67ef6e93ab Group", "expiration": null, "is_active": 1 }, { "id": 3409660334, "indicator": "f38bf46d8dc07b614873d8bb8200d455134159d5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_21b717aec3c02bc57adb465aae610e9a7fe1b889321b373c2808187eade50397 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_21b717aec3c02bc57adb465aae610e9a7fe1b889321b373c2808187eade50397 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"82f926009c06dfa452714608da21cb77\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"?? bricks(&A)...\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"??(&O)... Ctrl+O\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"??(&P)... Ctrl+P\" fullword wide \n \t\t $s7= \"skk38sk4sf 1.21\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??3b??20??63??72??20??62??72??69??63??6b??73??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex2= {3f??3f??28??26??4f??29??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {3f??3f??28??26??50??29??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {73??6b??6b??33??38??73??6b??34??73??66??20??31??2e??32??31??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_21b717aec3c02bc57adb465aae610e9a7fe1b889321b373c2808187eade50397 Group", "expiration": null, "is_active": 1 }, { "id": 3363915091, "indicator": "cc52f6ffb462c1572521df21934d1d729bdf9a4e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA1 of e84b87db6ae7c34fc7e6bc2f0bef4ae4", "expiration": null, "is_active": 1 }, { "id": 1598883416, "indicator": "888089a489ffd2768169dfca7bccb9379741efa32a75580b912e6328b3b2e8db", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Ag-3", "description": "SHA256 of e84b87db6ae7c34fc7e6bc2f0bef4ae4", "expiration": null, "is_active": 1 }, { "id": 3409660408, "indicator": "649b2c0eef6b27c4b4de982a33e44b79ae6827f5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_888089a489ffd2768169dfca7bccb9379741efa32a75580b912e6328b3b2e8db { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_888089a489ffd2768169dfca7bccb9379741efa32a75580b912e6328b3b2e8db Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e84b87db6ae7c34fc7e6bc2f0bef4ae4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"About crocodile\" fullword wide \n \t\t $s2= \"CopyRight(C) 2013\" fullword wide \n \t\t $s3= \"Crocod Document\" fullword wide \n \t\t $s4= \"crocodile(&A)...\" fullword wide \n \t\t $s5= \"Crocodile.Document\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"LegalTrademarks\" fullword wide \n \t\t $s8= \"OriginalFilename\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??62??6f??75??74??20??63??72??6f??63??6f??64??69??6c??65??0a??} \n \t\t $hex2= {43??6f??70??79??52??69??67??68??74??28??43??29??20??32??30??31??33??0a??} \n \t\t $hex3= {43??72??6f??63??6f??64??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex4= {43??72??6f??63??6f??64??69??6c??65??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {63??72??6f??63??6f??64??69??6c??65??28??26??41??29??2e??2e??2e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_888089a489ffd2768169dfca7bccb9379741efa32a75580b912e6328b3b2e8db Group", "expiration": null, "is_active": 1 }, { "id": 3409660409, "indicator": "cdcca43942c3662af9e18a5bfb8b754c4a74e25c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_6de873f013f846403cacf6adf867b5b84c56adfd28c1242dd0e8ebaa22a6487b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6de873f013f846403cacf6adf867b5b84c56adfd28c1242dd0e8ebaa22a6487b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1a14bd60f4c49d1aebd245968a3a654f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"/a>\" fullword wide \n \t\t $s2= \"MfcFontComboBox\" fullword wide \n \t\t $s3= \"msctls_progress32\" fullword wide \n \t\t $s4= \"Win32CHbuQiFine\" fullword wide \n \t\t $s5= \"Win32CHbuQiFine\" fullword wide \n \n \t\t $hex1= {2f??61??3e??0a??} \n \t\t $hex2= {4d??66??63??46??6f??6e??74??43??6f??6d??62??6f??42??6f??78??0a??} \n \t\t $hex3= {57??69??6e??33??32??43??48??62??75??51??69??46??69??6e??65??0a??} \n \t\t $hex4= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_10_6de873f013f846403cacf6adf867b5b84c56adfd28c1242dd0e8ebaa22a6487b Group", "expiration": null, "is_active": 1 }, { "id": 3409660410, "indicator": "286095d796b4c224ee75036a04218325717e2fef", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7891f00dcab0e4a2f928422062e94213\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_b20ce00a6864225f05de6407fac80ddb83cd0aec00ada438c1e354cdd0d7d5df Group", "expiration": null, "is_active": 1 }, { "id": 3409660411, "indicator": "ae76bfb2f370b107786fe0facfd96723ca8b66b0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_0d6fe94c8b4bab0b4fc5bea4f0ba93a44e7695c1a46377e60da251fac9b7b74a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_0d6fe94c8b4bab0b4fc5bea4f0ba93a44e7695c1a46377e60da251fac9b7b74a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7bee1d0709169e07db6182e65dc50b60\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About 20130401...\" fullword wide \n \t\t $s2= \"Erase everything\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"msctls_trackbar32\" fullword wide \n \t\t $s7= \"My20130401.Document\" fullword wide \n \t\t $s8= \"My2013 Document\" fullword wide \n \t\t $s9= \"&Open... Ctrl+O\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"Paste &Special...\" fullword wide \n \t\t $s12= \"&Print... Ctrl+P\" fullword wide \n \t\t $s13= \"P&rint Setup...\" fullword wide \n \t\t $s14= \"Toggle StatusBar\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??32??30??31??33??30??34??30??31??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {26??50??72??69??6e??74??2e??2e??2e??20??43??74??72??6c??2b??50??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex8= {4d??79??32??30??31??33??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4d??79??32??30??31??33??30??34??30??31??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex10= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex11= {50??26??72??69??6e??74??20??53??65??74??75??70??2e??2e??2e??0a??} \n \t\t $hex12= {50??61??73??74??65??20??26??53??70??65??63??69??61??6c??2e??2e??2e??0a??} \n \t\t $hex13= {54??6f??67??67??6c??65??20??53??74??61??74??75??73??42??61??72??0a??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {6d??73??63??74??6c??73??5f??74??72??61??63??6b??62??61??72??33??32??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_APT_10_0d6fe94c8b4bab0b4fc5bea4f0ba93a44e7695c1a46377e60da251fac9b7b74a Group", "expiration": null, "is_active": 1 }, { "id": 3409660412, "indicator": "73832177d1b84c18789c9c6832f151d7644d0bd8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_49e9a0249c3c4290e51953225efb6ef2c384e75c0489ff1e835f16b78d29a62f { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_49e9a0249c3c4290e51953225efb6ef2c384e75c0489ff1e835f16b78d29a62f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"494e65cf21ad559fccf3dacdd69acc94\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Bricks Document\" fullword wide \n \t\t $s2= \"Bricks.Document\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??72??69??63??6b??73??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex2= {42??72??69??63??6b??73??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_49e9a0249c3c4290e51953225efb6ef2c384e75c0489ff1e835f16b78d29a62f Group", "expiration": null, "is_active": 1 }, { "id": 3409660413, "indicator": "b13fc057608e0eb02b27ef3755938933933b2ecd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1b891bc2e5038615efafabe48920f200\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_9a6692690c03ec33c758cb5648be1ed886ff039e6b72f1c43b23fbd9c342ce8c Group", "expiration": null, "is_active": 1 }, { "id": 3409660414, "indicator": "ac872a6fc830ea36252ab3d71b15c447d8410cbd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e1fbf8d74b622fde3cf765a3a51ca39f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s2= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s5= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s7= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s8= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s9= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \n \t\t $hex1= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex2= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex3= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex9= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_10_6f992d2e6a805dc04ea01262328f4e34de31322be3cad3de944c0bdbd1d7deff Group", "expiration": null, "is_active": 1 }, { "id": 3409660415, "indicator": "f073252e347602b87303764b5ad141f964a12b05", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"75500bb4143a052795ec7d2e61ac3261\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_19aa5019f3c00211182b2a80dd9675721dac7cfb31d174436d3b8ec9f97d898b Group", "expiration": null, "is_active": 1 }, { "id": 3409660416, "indicator": "da849afd687e972094618440e5b931beb455a229", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"83448fc10f297a6968aeda7c02b09051\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxControlBar90su\" fullword wide \n \t\t $s7= \"AfxFrameOrView90su\" fullword wide \n \t\t $s8= \"AfxMDIFrame90su\" fullword wide \n \t\t $s9= \"AfxOldWndProc423\" fullword wide \n \t\t $s10= \"AfxOleControl90su\" fullword wide \n \t\t $s11= \"CLSID%1AuxUserType2\" fullword wide \n \t\t $s12= \"CLSID%1AuxUserType3\" fullword wide \n \t\t $s13= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s14= \"CLSID%1DefaultIcon\" fullword wide \n \t\t $s15= \"CLSID%1DocObject\" fullword wide \n \t\t $s16= \"CLSID%1InprocHandler32\" fullword wide \n \t\t $s17= \"CLSID%1InProcServer32\" fullword wide \n \t\t $s18= \"CLSID%1Insertable\" fullword wide \n \t\t $s19= \"CLSID%1LocalServer32\" fullword wide \n \t\t $s20= \"CLSID%1MiscStatus\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??39??30??73??75??0a??} \n \t\t $hex4= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??39??30??73??75??0a??} \n \t\t $hex5= {41??66??78??4d??44??49??46??72??61??6d??65??39??30??73??75??0a??} \n \t\t $hex6= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex7= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??39??30??73??75??0a??} \n \t\t $hex8= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??32??0a??} \n \t\t $hex9= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??33??0a??} \n \t\t $hex10= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??45??78??74??65??6e??73??69??6f??6e??0a??} \n \t\t $hex11= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??49??63??6f??6e??0a??} \n \t\t $hex12= {43??4c??53??49??44??25??31??44??6f??63??4f??62??6a??65??63??74??0a??} \n \t\t $hex13= {43??4c??53??49??44??25??31??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex14= {43??4c??53??49??44??25??31??49??6e??70??72??6f??63??48??61??6e??64??6c??65??72??33??32??0a??} \n \t\t $hex15= {43??4c??53??49??44??25??31??49??6e??73??65??72??74??61??62??6c??65??0a??} \n \t\t $hex16= {43??4c??53??49??44??25??31??4c??6f??63??61??6c??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex17= {43??4c??53??49??44??25??31??4d??69??73??63??53??74??61??74??75??73??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_3804f50c6b6284c2de6cc218bb33801a62e2d047c6e8ff44615c14b2dd289356 Group", "expiration": null, "is_active": 1 }, { "id": 3409660417, "indicator": "6f5cde428a5e5c12d56992e92d899a54c589870d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_37b2ec1ef108536132a493ac21bda5557f6f2b3e5dbf4a0779d43af66884737a { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_37b2ec1ef108536132a493ac21bda5557f6f2b3e5dbf4a0779d43af66884737a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c1e5c46e4ef284f2922bb458c9ba3ce2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Abrir... Ctrl+A\" fullword wide \n \t\t $s2= \"Archivo reciente\" fullword wide \n \t\t $s3= \"Con&figurar impresora...\" fullword wide \n \t\t $s4= \"&Deshacer Ctrl+Z\" fullword wide \n \t\t $s5= \"FileDescription\" fullword wide \n \t\t $s6= \"ginas completas\" fullword wide \n \t\t $s7= \"Guardar c&omo...\" fullword wide \n \t\t $s8= \"&Guardar Ctrl+G\" fullword wide \n \t\t $s9= \"Iconos grandes%Mostr\" fullword wide \n \t\t $s10= \"&Imprimir... Ctrl+I\" fullword wide \n \t\t $s11= \"IMuestra informaci\" fullword wide \n \t\t $s12= \"LegalTrademarks\" fullword wide \n \t\t $s13= \"&Organizar autom\" fullword wide \n \t\t $s14= \"&Organizar iconos\" fullword wide \n \t\t $s15= \"Organizar &iconos\" fullword wide \n \t\t $s16= \"OriginalFilename\" fullword wide \n \t\t $s17= \"Siguiente secci\" fullword wide \n \t\t $s18= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??72??69??72??2e??2e??2e??20??43??74??72??6c??2b??41??0a??} \n \t\t $hex2= {26??44??65??73??68??61??63??65??72??20??43??74??72??6c??2b??5a??0a??} \n \t\t $hex3= {26??47??75??61??72??64??61??72??20??43??74??72??6c??2b??47??0a??} \n \t\t $hex4= {26??49??6d??70??72??69??6d??69??72??2e??2e??2e??20??43??74??72??6c??2b??49??0a??} \n \t\t $hex5= {26??4f??72??67??61??6e??69??7a??61??72??20??61??75??74??6f??6d??0a??} \n \t\t $hex6= {26??4f??72??67??61??6e??69??7a??61??72??20??69??63??6f??6e??6f??73??0a??} \n \t\t $hex7= {41??72??63??68??69??76??6f??20??72??65??63??69??65??6e??74??65??0a??} \n \t\t $hex8= {43??6f??6e??26??66??69??67??75??72??61??72??20??69??6d??70??72??65??73??6f??72??61??2e??2e??2e??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {47??75??61??72??64??61??72??20??63??26??6f??6d??6f??2e??2e??2e??0a??} \n \t\t $hex11= {49??4d??75??65??73??74??72??61??20??69??6e??66??6f??72??6d??61??63??69??0a??} \n \t\t $hex12= {49??63??6f??6e??6f??73??20??67??72??61??6e??64??65??73??25??4d??6f??73??74??72??0a??} \n \t\t $hex13= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex14= {4f??72??67??61??6e??69??7a??61??72??20??26??69??63??6f??6e??6f??73??0a??} \n \t\t $hex15= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {53??69??67??75??69??65??6e??74??65??20??73??65??63??63??69??0a??} \n \t\t $hex17= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex18= {67??69??6e??61??73??20??63??6f??6d??70??6c??65??74??61??73??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_10_37b2ec1ef108536132a493ac21bda5557f6f2b3e5dbf4a0779d43af66884737a Group", "expiration": null, "is_active": 1 }, { "id": 3254663190, "indicator": "89bda0569dc5a83fa5e024fbe1e4338361e79719", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA1 of f0be554b1d9b394bc2a90322ca944fce", "expiration": null, "is_active": 1 }, { "id": 431140108, "indicator": "1acd0212ee970abfea717c2eac9a73613787f86dab42298f1d74a06f79554f0f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PlugX", "description": "SHA256 of f0be554b1d9b394bc2a90322ca944fce", "expiration": null, "is_active": 1 }, { "id": 3409660418, "indicator": "eaed91a0c5c007ddcc9c01c3a0dd507e7f2349df", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_1acd0212ee970abfea717c2eac9a73613787f86dab42298f1d74a06f79554f0f { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_1acd0212ee970abfea717c2eac9a73613787f86dab42298f1d74a06f79554f0f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0be554b1d9b394bc2a90322ca944fce\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"MFCRegister(&A)...\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"SupportTool.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??46??43??52??65??67??69??73??74??65??72??28??26??41??29??2e??2e??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??75??70??70??6f??72??74??54??6f??6f??6c??2e??65??78??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_10_1acd0212ee970abfea717c2eac9a73613787f86dab42298f1d74a06f79554f0f Group", "expiration": null, "is_active": 1 }, { "id": 3409660419, "indicator": "05f43e08c52d6c36b11a5755397165bd279d64a8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_13-00-01\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"102494d665b137bf91e902076f339185\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ACCESS_VIOLATION\" fullword wide \n \t\t $s2= \"ARRAY_BOUNDS_EXCEEDED\" fullword wide \n \t\t $s3= \"CS:EIP:%04X:%08X\" fullword wide \n \t\t $s4= \"DATATYPE_MISALIGNMENT\" fullword wide \n \t\t $s5= \"FileDescription\" fullword wide \n \t\t $s6= \"FLT_DENORMAL_OPERAND\" fullword wide \n \t\t $s7= \"FLT_DIVIDE_BY_ZERO\" fullword wide \n \t\t $s8= \"FLT_INEXACT_RESULT\" fullword wide \n \t\t $s9= \"FLT_INVALID_OPERATION\" fullword wide \n \t\t $s10= \"FLT_STACK_CHECK\" fullword wide \n \t\t $s11= \"ILLEGAL_INSTRUCTION\" fullword wide \n \t\t $s12= \"INT_DIVIDE_BY_ZERO\" fullword wide \n \t\t $s13= \"INVALID_DISPOSITION\" fullword wide \n \t\t $s14= \"LegalTrademarks\" fullword wide \n \t\t $s15= \"Mozilla/4.0 (compatible)\" fullword wide \n \t\t $s16= \"NONCONTINUABLE_EXCEPTION\" fullword wide \n \t\t $s17= \"OriginalFilename\" fullword wide \n \t\t $s18= \"PRIV_INSTRUCTION\" fullword wide \n \t\t $s19= \"SeDebugPrivilege\" fullword wide \n \t\t $s20= \"SeShutdownPrivilege\" fullword wide \n \n \t\t $hex1= {41??43??43??45??53??53??5f??56??49??4f??4c??41??54??49??4f??4e??0a??} \n \t\t $hex2= {41??52??52??41??59??5f??42??4f??55??4e??44??53??5f??45??58??43??45??45??44??45??44??0a??} \n \t\t $hex3= {43??53??3a??45??49??50??3a??25??30??34??58??3a??25??30??38??58??0a??} \n \t\t $hex4= {44??41??54??41??54??59??50??45??5f??4d??49??53??41??4c??49??47??4e??4d??45??4e??54??0a??} \n \t\t $hex5= {46??4c??54??5f??44??45??4e??4f??52??4d??41??4c??5f??4f??50??45??52??41??4e??44??0a??} \n \t\t $hex6= {46??4c??54??5f??44??49??56??49??44??45??5f??42??59??5f??5a??45??52??4f??0a??} \n \t\t $hex7= {46??4c??54??5f??49??4e??45??58??41??43??54??5f??52??45??53??55??4c??54??0a??} \n \t\t $hex8= {46??4c??54??5f??49??4e??56??41??4c??49??44??5f??4f??50??45??52??41??54??49??4f??4e??0a??} \n \t\t $hex9= {46??4c??54??5f??53??54??41??43??4b??5f??43??48??45??43??4b??0a??} \n \t\t $hex10= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??4c??4c??45??47??41??4c??5f??49??4e??53??54??52??55??43??54??49??4f??4e??0a??} \n \t\t $hex12= {49??4e??54??5f??44??49??56??49??44??45??5f??42??59??5f??5a??45??52??4f??0a??} \n \t\t $hex13= {49??4e??56??41??4c??49??44??5f??44??49??53??50??4f??53??49??54??49??4f??4e??0a??} \n \t\t $hex14= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex15= {4d??6f??7a??69??6c??6c??61??2f??34??2e??30??20??28??63??6f??6d??70??61??74??69??62??6c??65??29??0a??} \n \t\t $hex16= {4e??4f??4e??43??4f??4e??54??49??4e??55??41??42??4c??45??5f??45??58??43??45??50??54??49??4f??4e??0a??} \n \t\t $hex17= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex18= {50??52??49??56??5f??49??4e??53??54??52??55??43??54??49??4f??4e??0a??} \n \t\t $hex19= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex20= {53??65??53??68??75??74??64??6f??77??6e??50??72??69??76??69??6c??65??67??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_10_c1dbf481b2c3ba596b3542c7dc4e368f322d5c9950a78197a4ddbbaacbd07064 Group", "expiration": null, "is_active": 1 }, { "id": 3409660420, "indicator": "f791ac08bc78681fdaf29971cfeabdcbe1c0d0f3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"84e767032054e0c2fef5764fb60679f4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"C:WindowsMicrosoft.NET\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"NetFramwork.exe\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"=^@ZTSFY|KyjAo=+7/lJ$x s#\" fullword wide \n \n \t\t $hex1= {3d??5e??40??5a??54??53??46??59??7c??4b??79??6a??41??6f??3d??2b??37??2f??6c??4a??24??78??20??73??23??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {43??3a??57??69??6e??64??6f??77??73??4d??69??63??72??6f??73??6f??66??74??2e??4e??45??54??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4e??65??74??46??72??61??6d??77??6f??72??6b??2e??65??78??65??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_APT_10_f6585f10656585f5dce353530fb3db3d8de2c311480d5e199d8605a7fd898581 Group", "expiration": null, "is_active": 1 }, { "id": 3409660421, "indicator": "2044aba786fa6aa58a6936ed30a1886549eeb0ff", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_72d40c0fa8f179c2917455df6d1ae7ab7736e71ce5752955dc58da18310ebb8c { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_72d40c0fa8f179c2917455df6d1ae7ab7736e71ce5752955dc58da18310ebb8c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"841dfe3eaafe68cc0b989fbf55a34c9c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&About MdiSquares...\" fullword wide \n \t\t $s2= \"About MdiSquares\" fullword wide \n \t\t $s3= \"Erase everything\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"MdiSquares.Document\" fullword wide \n \t\t $s7= \"MdiSqu Document\" fullword wide \n \t\t $s8= \"&Open... Ctrl+O\" fullword wide \n \t\t $s9= \"OriginalFilename\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??41??62??6f??75??74??20??4d??64??69??53??71??75??61??72??65??73??2e??2e??2e??0a??} \n \t\t $hex2= {26??4f??70??65??6e??2e??2e??2e??20??43??74??72??6c??2b??4f??0a??} \n \t\t $hex3= {41??62??6f??75??74??20??4d??64??69??53??71??75??61??72??65??73??0a??} \n \t\t $hex4= {45??72??61??73??65??20??65??76??65??72??79??74??68??69??6e??67??0a??} \n \t\t $hex5= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex6= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex7= {4d??64??69??53??71??75??20??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex8= {4d??64??69??53??71??75??61??72??65??73??2e??44??6f??63??75??6d??65??6e??74??0a??} \n \t\t $hex9= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex10= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_10_72d40c0fa8f179c2917455df6d1ae7ab7736e71ce5752955dc58da18310ebb8c Group", "expiration": null, "is_active": 1 }, { "id": 3409660422, "indicator": "b3b2bc91482b5cf99e7f0c3f6c62156a43feffdd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b { \n \tmeta: \n \t\t description= \"APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"257b3ed1145c25e3e67f83f61a637034\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AFX_DIALOG_LAYOUT\" fullword wide \n \t\t $s2= \"api-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s3= \"api-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s4= \"api-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s5= \"api-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s6= \"api-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s7= \"api-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s8= \"api-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s9= \"api-ms-win-core-xstate-l2-1-0\" fullword wide \n \t\t $s10= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s11= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s12= \"HKEY_LOCAL_MACHINE\" fullword wide \n \n \t\t $hex1= {41??46??58??5f??44??49??41??4c??4f??47??5f??4c??41??59??4f??55??54??0a??} \n \t\t $hex2= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex3= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex4= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??} \n \t\t $hex5= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex6= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex7= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex8= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex9= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??} \n \t\t $hex10= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex11= {61??70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \t\t $hex12= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_10_eb199a20dff8d125a89fa20d3da40a8c59e915c404e367365bb8aeafec80af4b Group", "expiration": null, "is_active": 1 }, { "id": 2582712583, "indicator": "d83723ff43093c1d398db6ab1ea96dfc4a87adb9", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of f2a0df6b2a8de26d2f6e86ec46683808\nSHA1 of f2a0df6b2a8de26d2f6e86ec46683808", "expiration": null, "is_active": 1 }, { "id": 30345575, "indicator": "4f4fa26bc26fd90c64dd3b347a92817b67b64506c025248330aa69b00b97051f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of f2a0df6b2a8de26d2f6e86ec46683808\nSHA256 of f2a0df6b2a8de26d2f6e86ec46683808", "expiration": null, "is_active": 1 }, { "id": 3409660423, "indicator": "48447ff0d80063da5d5a9222f3db56b767a296dc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_4f4fa26bc26fd90c64dd3b347a92817b67b64506c025248330aa69b00b97051f { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_4f4fa26bc26fd90c64dd3b347a92817b67b64506c025248330aa69b00b97051f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-48\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f2a0df6b2a8de26d2f6e86ec46683808\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s8= \"english-american\" fullword wide \n \t\t $s9= \"english-caribbean\" fullword wide \n \t\t $s10= \"english-jamaica\" fullword wide \n \t\t $s11= \"english-south africa\" fullword wide \n \t\t $s12= \"french-canadian\" fullword wide \n \t\t $s13= \"french-luxembourg\" fullword wide \n \t\t $s14= \"german-austrian\" fullword wide \n \t\t $s15= \"german-lichtenstein\" fullword wide \n \t\t $s16= \"german-luxembourg\" fullword wide \n \t\t $s17= \"norwegian-bokmal\" fullword wide \n \t\t $s18= \"norwegian-nynorsk\" fullword wide \n \t\t $s19= \"portuguese-brazilian\" fullword wide \n \t\t $s20= \"SeDebugPrivilege\" fullword wide \n \n \t\t $hex1= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex7= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex8= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex9= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex11= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex12= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex13= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex14= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex15= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex16= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex17= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex18= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \t\t $hex19= {6e??6f??72??77??65??67??69??61??6e??2d??6e??79??6e??6f??72??73??6b??0a??} \n \t\t $hex20= {70??6f??72??74??75??67??75??65??73??65??2d??62??72??61??7a??69??6c??69??61??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Winnti_4f4fa26bc26fd90c64dd3b347a92817b67b64506c025248330aa69b00b97051f Group", "expiration": null, "is_active": 1 }, { "id": 3409660424, "indicator": "be43f9088c771c4b2491032e2cf9277da5dd3689", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_5d6986f440e89f4a309a62f9df8ea5989a8880229dc02b132dd1bb3d0e0083d1 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_5d6986f440e89f4a309a62f9df8ea5989a8880229dc02b132dd1bb3d0e0083d1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c1d4b96374cfe485179b547ebacc1ee1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"OUPXVNOHXVTRMY.QFJDUIK~\" fullword wide \n \t\t $s5= \"RpcEndpoint.exe\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??55??50??58??56??4e??4f??48??58??56??54??52??4d??59??2e??51??46??4a??44??55??49??4b??7e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_5d6986f440e89f4a309a62f9df8ea5989a8880229dc02b132dd1bb3d0e0083d1 Group", "expiration": null, "is_active": 1 }, { "id": 2582704169, "indicator": "b033f60a9007d19221beafd6ef31ef357a24b1bd", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "TrojanDropperWinNTEnterok", "description": "SHA1 of fe9971fe78f3bc22c8df0553dced52ed", "expiration": null, "is_active": 1 }, { "id": 30345627, "indicator": "ec49983235a079c72c32212f0e216fb8ebd2354b6936c39cfd736c4a2dd018e4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "TrojanDropperWinNTEnterok", "description": "SHA256 of fe9971fe78f3bc22c8df0553dced52ed", "expiration": null, "is_active": 1 }, { "id": 3409660425, "indicator": "d8f12d30e2de00ec7e4ac145290d30acba0a37fb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_ec49983235a079c72c32212f0e216fb8ebd2354b6936c39cfd736c4a2dd018e4 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_ec49983235a079c72c32212f0e216fb8ebd2354b6936c39cfd736c4a2dd018e4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-59-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fe9971fe78f3bc22c8df0553dced52ed\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceGpeNetSafe\" fullword wide \n \t\t $s2= \"DosDevicesGpeNetSafe\" fullword wide \n \t\t $s3= \"InprocServer32\" fullword wide \n \t\t $s4= \"ObGetObjectType\" fullword wide \n \t\t $s5= \"ObQueryNameInfo\" fullword wide \n \t\t $s6= \"PendingFileRenameOperations\" fullword wide \n \t\t $s7= \"PsReferenceProcessFilePointer\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??47??70??65??4e??65??74??53??61??66??65??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??47??70??65??4e??65??74??53??61??66??65??0a??} \n \t\t $hex3= {49??6e??70??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4f??62??47??65??74??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex5= {4f??62??51??75??65??72??79??4e??61??6d??65??49??6e??66??6f??0a??} \n \t\t $hex6= {50??65??6e??64??69??6e??67??46??69??6c??65??52??65??6e??61??6d??65??4f??70??65??72??61??74??69??6f??6e??73??0a??} \n \t\t $hex7= {50??73??52??65??66??65??72??65??6e??63??65??50??72??6f??63??65??73??73??46??69??6c??65??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Winnti_ec49983235a079c72c32212f0e216fb8ebd2354b6936c39cfd736c4a2dd018e4 Group", "expiration": null, "is_active": 1 }, { "id": 3409660426, "indicator": "f5859df151375fd91bb47217d09da3466efac394", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_200ba936cd229cce4dc0b45a6ab78a5a3e84c5884d56adcc41c7fa7d5b9c831a { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_200ba936cd229cce4dc0b45a6ab78a5a3e84c5884d56adcc41c7fa7d5b9c831a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"527bfd801206c4b382487320ce2a245e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"[$PRODUCT_NAME]\" fullword wide \n \t\t $s2= \"B B4BDBXB`BhBpBxB\" fullword wide \n \t\t $s3= \"d1wmnlsnh8rftl.cloudfront.net\" fullword wide \n \t\t $s4= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s5= \"eInstalleInstall.exe\" fullword wide \n \t\t $s6= \"eshellctx64.dll\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"remove_config_files>\" fullword wide \n \t\t $s9= \"remove_config_folder>\" fullword wide \n \t\t $s10= \"remove_shortcut>\" fullword wide \n \t\t $s11= \"romove_from_firewall>\" fullword wide \n \t\t $s12= \"SOFTWAREhdcode\" fullword wide \n \t\t $s13= \"SOFTWAREMicrosoftCryptography\" fullword wide \n \t\t $s14= \"SOFTWAREwinzipersvc\" fullword wide \n \t\t $s15= \"TrayDownloader.exe\" fullword wide \n \t\t $s16= \"uninstallerOmigaZip.inst\" fullword wide \n \t\t $s17= \"UninstallString\" fullword wide \n \t\t $s18= \"VS_VERSION_INFO\" fullword wide \n \t\t $s19= \"winzipersvc.exe\" fullword wide \n \t\t $s20= \"winzipersvc.exe\" fullword wide \n \n \t\t $hex1= {42??20??42??34??42??44??42??58??42??60??42??68??42??70??42??78??42??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {53??4f??46??54??57??41??52??45??4d??69??63??72??6f??73??6f??66??74??43??72??79??70??74??6f??67??72??61??70??68??79??0a??} \n \t\t $hex4= {53??4f??46??54??57??41??52??45??68??64??63??6f??64??65??0a??} \n \t\t $hex5= {53??4f??46??54??57??41??52??45??77??69??6e??7a??69??70??65??72??73??76??63??0a??} \n \t\t $hex6= {54??72??61??79??44??6f??77??6e??6c??6f??61??64??65??72??2e??65??78??65??0a??} \n \t\t $hex7= {55??6e??69??6e??73??74??61??6c??6c??53??74??72??69??6e??67??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex9= {5b??24??50??52??4f??44??55??43??54??5f??4e??41??4d??45??5d??0a??} \n \t\t $hex10= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex11= {64??31??77??6d??6e??6c??73??6e??68??38??72??66??74??6c??2e??63??6c??6f??75??64??66??72??6f??6e??74??2e??6e??65??74??0a??} \n \t\t $hex12= {65??49??6e??73??74??61??6c??6c??65??49??6e??73??74??61??6c??6c??2e??65??78??65??0a??} \n \t\t $hex13= {65??73??68??65??6c??6c??63??74??78??36??34??2e??64??6c??6c??0a??} \n \t\t $hex14= {72??65??6d??6f??76??65??5f??63??6f??6e??66??69??67??5f??66??69??6c??65??73??3e??0a??} \n \t\t $hex15= {72??65??6d??6f??76??65??5f??63??6f??6e??66??69??67??5f??66??6f??6c??64??65??72??3e??0a??} \n \t\t $hex16= {72??65??6d??6f??76??65??5f??73??68??6f??72??74??63??75??74??3e??0a??} \n \t\t $hex17= {72??6f??6d??6f??76??65??5f??66??72??6f??6d??5f??66??69??72??65??77??61??6c??6c??3e??0a??} \n \t\t $hex18= {75??6e??69??6e??73??74??61??6c??6c??65??72??4f??6d??69??67??61??5a??69??70??2e??69??6e??73??74??0a??} \n \t\t $hex19= {77??69??6e??7a??69??70??65??72??73??76??63??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Winnti_200ba936cd229cce4dc0b45a6ab78a5a3e84c5884d56adcc41c7fa7d5b9c831a Group", "expiration": null, "is_active": 1 }, { "id": 2582688113, "indicator": "6246c66140be50c416d0d304ecc0c9ba79a0a586", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of eaaa0408c3cd686a30871fedf31ce241", "expiration": null, "is_active": 1 }, { "id": 30345620, "indicator": "d6f3151ed4fb00b766cf70df678b932c616a122c6c9f2a62e33d4a103465f8af", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of eaaa0408c3cd686a30871fedf31ce241", "expiration": null, "is_active": 1 }, { "id": 3409660427, "indicator": "a43e85199847bea95606bef11908be9294670c23", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_d6f3151ed4fb00b766cf70df678b932c616a122c6c9f2a62e33d4a103465f8af { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_d6f3151ed4fb00b766cf70df678b932c616a122c6c9f2a62e33d4a103465f8af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"eaaa0408c3cd686a30871fedf31ce241\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_d6f3151ed4fb00b766cf70df678b932c616a122c6c9f2a62e33d4a103465f8af Group", "expiration": null, "is_active": 1 }, { "id": 2582687105, "indicator": "5d5ea7ea215944a8fef0f717dece637cf44e6bad", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA1 of a445d0bfafe5947492e4044cb49eda13", "expiration": null, "is_active": 1 }, { "id": 30345631, "indicator": "fb6e4912fca91d99a9747ad2c68ee82da60f787984fadf77aaab40dac7bed3eb", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA256 of a445d0bfafe5947492e4044cb49eda13", "expiration": null, "is_active": 1 }, { "id": 3409660428, "indicator": "7c723397e543f0226bd88be112dd2be7dcfb870f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_fb6e4912fca91d99a9747ad2c68ee82da60f787984fadf77aaab40dac7bed3eb { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_fb6e4912fca91d99a9747ad2c68ee82da60f787984fadf77aaab40dac7bed3eb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a445d0bfafe5947492e4044cb49eda13\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_fb6e4912fca91d99a9747ad2c68ee82da60f787984fadf77aaab40dac7bed3eb Group", "expiration": null, "is_active": 1 }, { "id": 2912756618, "indicator": "8febaaf3ce4030f045894aa3ee40c6d18c6026e1", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 35bdc5a2acf35bdf9fb9169e1a47d3e7", "expiration": null, "is_active": 1 }, { "id": 2912756616, "indicator": "b123d7e7c18f0d3e87f3ffb49b6113c119fd3c4b0c1ba83ef93c06e3dfce17f6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 35bdc5a2acf35bdf9fb9169e1a47d3e7", "expiration": null, "is_active": 1 }, { "id": 3409660429, "indicator": "3ee4a5c27cc91b5f8222f1a10fabc7c047dba4e9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_b123d7e7c18f0d3e87f3ffb49b6113c119fd3c4b0c1ba83ef93c06e3dfce17f6 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_b123d7e7c18f0d3e87f3ffb49b6113c119fd3c4b0c1ba83ef93c06e3dfce17f6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"35bdc5a2acf35bdf9fb9169e1a47d3e7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Advanced Server\" fullword wide \n \t\t $s2= \"Business Edition\" fullword wide \n \t\t $s3= \"[clear],strRandomFile[%s]\" fullword wide \n \t\t $s4= \"clear successfully.\" fullword wide \n \t\t $s5= \"Datacenter Edition\" fullword wide \n \t\t $s6= \"Datacenter Server\" fullword wide \n \t\t $s7= \"Disk Information:\" fullword wide \n \t\t $s8= \"[doAction_CreateThread],FileMG1\" fullword wide \n \t\t $s9= \"[doAction_CreateThread],RDServer\" fullword wide \n \t\t $s10= \"[doAction_CreateThread],rPortMap\" fullword wide \n \t\t $s11= \"D:ZeusServer.txt\" fullword wide \n \t\t $s12= \"Enterprise Edition\" fullword wide \n \t\t $s13= \"[ExeCommand],recv [%s]\" fullword wide \n \t\t $s14= \"[FileMG1],Entry,Socket[%d]\" fullword wide \n \t\t $s15= \"[InitFirst],g_szDllName[%s]\" fullword wide \n \t\t $s16= \"[InitFirst],g_szDllPath[%s]\" fullword wide \n \t\t $s17= \"[InitFirst],g_szExePath[%s]\" fullword wide \n \t\t $s18= \"[InitFirst],g_szServiceName[%s]\" fullword wide \n \t\t $s19= \"Organization: %s\" fullword wide \n \t\t $s20= \"ProcessorNameString\" fullword wide \n \n \t\t $hex1= {41??64??76??61??6e??63??65??64??20??53??65??72??76??65??72??0a??} \n \t\t $hex2= {42??75??73??69??6e??65??73??73??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex3= {44??3a??5a??65??75??73??53??65??72??76??65??72??2e??74??78??74??0a??} \n \t\t $hex4= {44??61??74??61??63??65??6e??74??65??72??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex5= {44??61??74??61??63??65??6e??74??65??72??20??53??65??72??76??65??72??0a??} \n \t\t $hex6= {44??69??73??6b??20??49??6e??66??6f??72??6d??61??74??69??6f??6e??3a??0a??} \n \t\t $hex7= {45??6e??74??65??72??70??72??69??73??65??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex8= {4f??72??67??61??6e??69??7a??61??74??69??6f??6e??3a??20??25??73??0a??} \n \t\t $hex9= {50??72??6f??63??65??73??73??6f??72??4e??61??6d??65??53??74??72??69??6e??67??0a??} \n \t\t $hex10= {5b??45??78??65??43??6f??6d??6d??61??6e??64??5d??2c??72??65??63??76??20??5b??25??73??5d??0a??} \n \t\t $hex11= {5b??46??69??6c??65??4d??47??31??5d??2c??45??6e??74??72??79??2c??53??6f??63??6b??65??74??5b??25??64??5d??0a??} \n \t\t $hex12= {5b??49??6e??69??74??46??69??72??73??74??5d??2c??67??5f??73??7a??44??6c??6c??4e??61??6d??65??5b??25??73??5d??0a??} \n \t\t $hex13= {5b??49??6e??69??74??46??69??72??73??74??5d??2c??67??5f??73??7a??44??6c??6c??50??61??74??68??5b??25??73??5d??0a??} \n \t\t $hex14= {5b??49??6e??69??74??46??69??72??73??74??5d??2c??67??5f??73??7a??45??78??65??50??61??74??68??5b??25??73??5d??0a??} \n \t\t $hex15= {5b??49??6e??69??74??46??69??72??73??74??5d??2c??67??5f??73??7a??53??65??72??76??69??63??65??4e??61??6d??65??5b??25??73??} \n \t\t $hex16= {5b??63??6c??65??61??72??5d??2c??73??74??72??52??61??6e??64??6f??6d??46??69??6c??65??5b??25??73??5d??0a??} \n \t\t $hex17= {5b??64??6f??41??63??74??69??6f??6e??5f??43??72??65??61??74??65??54??68??72??65??61??64??5d??2c??46??69??6c??65??4d??47??} \n \t\t $hex18= {5b??64??6f??41??63??74??69??6f??6e??5f??43??72??65??61??74??65??54??68??72??65??61??64??5d??2c??52??44??53??65??72??76??} \n \t\t $hex19= {5b??64??6f??41??63??74??69??6f??6e??5f??43??72??65??61??74??65??54??68??72??65??61??64??5d??2c??72??50??6f??72??74??4d??} \n \t\t $hex20= {63??6c??65??61??72??20??73??75??63??63??65??73??73??66??75??6c??6c??79??2e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Winnti_b123d7e7c18f0d3e87f3ffb49b6113c119fd3c4b0c1ba83ef93c06e3dfce17f6 Group", "expiration": null, "is_active": 1 }, { "id": 2582699135, "indicator": "973e1c177e10c0094f77f1ae216d4d4c457a3ed2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of e72a55235a65811e4afe31b857c5294d\nSHA1 of e72a55235a65811e4afe31b857c5294d", "expiration": null, "is_active": 1 }, { "id": 30345577, "indicator": "52de57d6ea3174cf2463f5d32abc7c61d0f0d461c3d543e968a5c09ec0740ddc", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of e72a55235a65811e4afe31b857c5294d\nSHA256 of e72a55235a65811e4afe31b857c5294d", "expiration": null, "is_active": 1 }, { "id": 3409660497, "indicator": "a3d2fa4766cd9fa9a51a26dedf692f7f297b987e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_52de57d6ea3174cf2463f5d32abc7c61d0f0d461c3d543e968a5c09ec0740ddc { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_52de57d6ea3174cf2463f5d32abc7c61d0f0d461c3d543e968a5c09ec0740ddc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e72a55235a65811e4afe31b857c5294d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_52de57d6ea3174cf2463f5d32abc7c61d0f0d461c3d543e968a5c09ec0740ddc Group", "expiration": null, "is_active": 1 }, { "id": 2582718405, "indicator": "f40ac53550177ce7e81ceea2292ddee0b814e0f6", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA1 of ff7611be7e3137708a68ea8523093419", "expiration": null, "is_active": 1 }, { "id": 30345605, "indicator": "96377dbd06a57e63e8b3c6b18c92beb2b2e87c9aa155ec11bc7f24ec1e5d7699", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA256 of ff7611be7e3137708a68ea8523093419", "expiration": null, "is_active": 1 }, { "id": 3409660498, "indicator": "d14ac7e817c778badcc55fa1a7105a0786bf815f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_96377dbd06a57e63e8b3c6b18c92beb2b2e87c9aa155ec11bc7f24ec1e5d7699 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_96377dbd06a57e63e8b3c6b18c92beb2b2e87c9aa155ec11bc7f24ec1e5d7699 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ff7611be7e3137708a68ea8523093419\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_96377dbd06a57e63e8b3c6b18c92beb2b2e87c9aa155ec11bc7f24ec1e5d7699 Group", "expiration": null, "is_active": 1 }, { "id": 3409660499, "indicator": "16cd529451a97d1a7770b8456de39d9187c63ee0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_77a15c0e45c1dfa42d135321576c725c40f890d95e9ad44bdabeae9eb5d71a9f { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_77a15c0e45c1dfa42d135321576c725c40f890d95e9ad44bdabeae9eb5d71a9f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8cb10b202c47c41e1a2c11a721851654\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_77a15c0e45c1dfa42d135321576c725c40f890d95e9ad44bdabeae9eb5d71a9f Group", "expiration": null, "is_active": 1 }, { "id": 2582683134, "indicator": "4a6c8a3d07dfb02ce1fad074522c5bf6725980ed", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.B", "description": "SHA1 of f3917d618a37342eadfee90f8539b3b9\nSHA1 of f3917d618a37342eadfee90f8539b3b9", "expiration": null, "is_active": 1 }, { "id": 30345568, "indicator": "3f50ced416c9d7feaa0ad6fb16be1f1289590b497024e20c34b139c2b5194e7c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.B", "description": "SHA256 of f3917d618a37342eadfee90f8539b3b9\nSHA256 of f3917d618a37342eadfee90f8539b3b9", "expiration": null, "is_active": 1 }, { "id": 3409660500, "indicator": "ff8a9d2a31b19463a0002154abf10cc36c38e32c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_3f50ced416c9d7feaa0ad6fb16be1f1289590b497024e20c34b139c2b5194e7c { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_3f50ced416c9d7feaa0ad6fb16be1f1289590b497024e20c34b139c2b5194e7c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f3917d618a37342eadfee90f8539b3b9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_3f50ced416c9d7feaa0ad6fb16be1f1289590b497024e20c34b139c2b5194e7c Group", "expiration": null, "is_active": 1 }, { "id": 2582705762, "indicator": "b78d7f6701ef3f506951134b3af59017f84022dd", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 70e41bc5daa6ff811317afef75498062", "expiration": null, "is_active": 1 }, { "id": 30345622, "indicator": "df013d3b048931a23dcc9db63e6b7d76dfc4373a3f41a274744179b6546e4cd1", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 70e41bc5daa6ff811317afef75498062", "expiration": null, "is_active": 1 }, { "id": 3409660510, "indicator": "23ae00b0ca816e1887561dab62041b669043c980", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_df013d3b048931a23dcc9db63e6b7d76dfc4373a3f41a274744179b6546e4cd1 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_df013d3b048931a23dcc9db63e6b7d76dfc4373a3f41a274744179b6546e4cd1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"70e41bc5daa6ff811317afef75498062\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_df013d3b048931a23dcc9db63e6b7d76dfc4373a3f41a274744179b6546e4cd1 Group", "expiration": null, "is_active": 1 }, { "id": 2582718632, "indicator": "f570db4813c1cfaf7f1735418b8b95a6825d503b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of e61a40e9ddccc2412435d2f22b4227c2", "expiration": null, "is_active": 1 }, { "id": 30345546, "indicator": "0c7b952c64db7add5b8b50b1199fc7d82e9b6ac07193d9ec30e5b8d353b1f6d2", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of e61a40e9ddccc2412435d2f22b4227c2", "expiration": null, "is_active": 1 }, { "id": 3409660511, "indicator": "30381da5ac80364ca10c538f4961c53af121f11f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_0c7b952c64db7add5b8b50b1199fc7d82e9b6ac07193d9ec30e5b8d353b1f6d2 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_0c7b952c64db7add5b8b50b1199fc7d82e9b6ac07193d9ec30e5b8d353b1f6d2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e61a40e9ddccc2412435d2f22b4227c2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_0c7b952c64db7add5b8b50b1199fc7d82e9b6ac07193d9ec30e5b8d353b1f6d2 Group", "expiration": null, "is_active": 1 }, { "id": 3409660512, "indicator": "5aaa13c5f6593a248994c5cfdd96e8170fbe57ce", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_490c3e4af829e85751a44d21b25de1781cfe4961afdef6bb5759d9451f530994 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_490c3e4af829e85751a44d21b25de1781cfe4961afdef6bb5759d9451f530994 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-58-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"36711896cfeb67f599305b590f195aec\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_490c3e4af829e85751a44d21b25de1781cfe4961afdef6bb5759d9451f530994 Group", "expiration": null, "is_active": 1 }, { "id": 3409660513, "indicator": "e1ac82938fea37790250ec6138798181907cc753", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_692abc19ed30132d3d8b5ba2b31268677641ca24a3902d2cfc97497f2b7b5b85 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_692abc19ed30132d3d8b5ba2b31268677641ca24a3902d2cfc97497f2b7b5b85 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e8e1f133ef1a303e2e901e59329af1dd\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_692abc19ed30132d3d8b5ba2b31268677641ca24a3902d2cfc97497f2b7b5b85 Group", "expiration": null, "is_active": 1 }, { "id": 2582711591, "indicator": "d3424a1e9e918f1f2820db7bf968c3450e0c0e11", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VMProtectSDK", "description": "SHA1 of de7d2d4a6b093365013e6acf3e1d5a41\nSHA1 of de7d2d4a6b093365013e6acf3e1d5a41", "expiration": null, "is_active": 1 }, { "id": 30345582, "indicator": "5f851ffcee7f301bfcffc3c023a78611f6a1264575ffbafa1f3bc420b27f7eac", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VMProtectSDK", "description": "SHA256 of de7d2d4a6b093365013e6acf3e1d5a41\nSHA256 of de7d2d4a6b093365013e6acf3e1d5a41", "expiration": null, "is_active": 1 }, { "id": 3409660514, "indicator": "bef8d1a6d504e347c1a891f050e9b67af64cdbb5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_5f851ffcee7f301bfcffc3c023a78611f6a1264575ffbafa1f3bc420b27f7eac { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_5f851ffcee7f301bfcffc3c023a78611f6a1264575ffbafa1f3bc420b27f7eac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"de7d2d4a6b093365013e6acf3e1d5a41\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceGpeNetSafe\" fullword wide \n \t\t $s2= \"DosDevicesGpeNetSafe\" fullword wide \n \t\t $s3= \"InprocServer32\" fullword wide \n \t\t $s4= \"ObGetObjectType\" fullword wide \n \t\t $s5= \"ObQueryNameInfo\" fullword wide \n \t\t $s6= \"PendingFileRenameOperations\" fullword wide \n \t\t $s7= \"PsReferenceProcessFilePointer\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??47??70??65??4e??65??74??53??61??66??65??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??47??70??65??4e??65??74??53??61??66??65??0a??} \n \t\t $hex3= {49??6e??70??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4f??62??47??65??74??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex5= {4f??62??51??75??65??72??79??4e??61??6d??65??49??6e??66??6f??0a??} \n \t\t $hex6= {50??65??6e??64??69??6e??67??46??69??6c??65??52??65??6e??61??6d??65??4f??70??65??72??61??74??69??6f??6e??73??0a??} \n \t\t $hex7= {50??73??52??65??66??65??72??65??6e??63??65??50??72??6f??63??65??73??73??46??69??6c??65??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Winnti_5f851ffcee7f301bfcffc3c023a78611f6a1264575ffbafa1f3bc420b27f7eac Group", "expiration": null, "is_active": 1 }, { "id": 3409660515, "indicator": "fe4aef332e23a05ecdb4d6aab7129584854cd52e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"28af0e2520713b81659c95430220d2b9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"Microsoft Corporation.\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5 Group", "expiration": null, "is_active": 1 }, { "id": 2642272136, "indicator": "bd7b5c56f58db4a94c3097e8d7f78eaf51dbf335", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "RAR_Archive", "description": "SHA1 of 3b58e122d9e17121416b146daab4db9d", "expiration": null, "is_active": 1 }, { "id": 2642272089, "indicator": "8f939e65e9ffedd16ae86687e154adbe607d56950d082778300039283f2f8330", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "RAR_Archive", "description": "SHA256 of 3b58e122d9e17121416b146daab4db9d", "expiration": null, "is_active": 1 }, { "id": 3409660516, "indicator": "a2f1d7eed1882e73582e2c95304c0fab643ea4f1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_8f939e65e9ffedd16ae86687e154adbe607d56950d082778300039283f2f8330 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_8f939e65e9ffedd16ae86687e154adbe607d56950d082778300039283f2f8330 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3b58e122d9e17121416b146daab4db9d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%4d-%02d-%02d-%02d-%02d-%02d-%03d\" fullword wide \n \t\t $s2= \"ARarHtmlClassName\" fullword wide \n \t\t $s3= \"CreateThread failed\" fullword wide \n \t\t $s4= \"CryptProtectMemory failed\" fullword wide \n \t\t $s5= \"CryptUnprotectMemory failed\" fullword wide \n \t\t $s6= \"&Destination folder\" fullword wide \n \t\t $s7= \"ext-ms-win-ntuser-dialogbox-l1-1-0\" fullword wide \n \t\t $s8= \"Extraction progress\" fullword wide \n \t\t $s9= \"Installation progress\" fullword wide \n \t\t $s10= \"jmsctls_progress32\" fullword wide \n \t\t $s11= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s12= \"pi-ms-win-core-datetime-l1-1-1\" fullword wide \n \t\t $s13= \"pi-ms-win-core-fibers-l1-1-1\" fullword wide \n \t\t $s14= \"pi-ms-win-core-file-l2-1-1\" fullword wide \n \t\t $s15= \"pi-ms-win-core-localization-l1-2-1\" fullword wide \n \t\t $s16= \"pi-ms-win-core-string-l1-1-0\" fullword wide \n \t\t $s17= \"pi-ms-win-core-synch-l1-2-0\" fullword wide \n \t\t $s18= \"pi-ms-win-core-sysinfo-l1-2-1\" fullword wide \n \t\t $s19= \"pi-ms-win-core-winrt-l1-1-0\" fullword wide \n \t\t $s20= \"pi-ms-win-core-xstate-l2-1-0\" fullword wide \n \n \t\t $hex1= {25??34??64??2d??25??30??32??64??2d??25??30??32??64??2d??25??30??32??64??2d??25??30??32??64??2d??25??30??32??64??2d??25??} \n \t\t $hex2= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex3= {41??52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex4= {43??72??65??61??74??65??54??68??72??65??61??64??20??66??61??69??6c??65??64??0a??} \n \t\t $hex5= {43??72??79??70??74??50??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex6= {43??72??79??70??74??55??6e??70??72??6f??74??65??63??74??4d??65??6d??6f??72??79??20??66??61??69??6c??65??64??0a??} \n \t\t $hex7= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex8= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex9= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex10= {65??78??74??2d??6d??73??2d??77??69??6e??2d??6e??74??75??73??65??72??2d??64??69??61??6c??6f??67??62??6f??78??2d??6c??31??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??64??61??74??65??74??69??6d??65??2d??6c??31??2d??31??2d??31??} \n \t\t $hex13= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??62??65??72??73??2d??6c??31??2d??31??2d??31??0a??} \n \t\t $hex14= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??66??69??6c??65??2d??6c??32??2d??31??2d??31??0a??} \n \t\t $hex15= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??6c??6f??63??61??6c??69??7a??61??74??69??6f??6e??2d??6c??31??} \n \t\t $hex16= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??74??72??69??6e??67??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex17= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??6e??63??68??2d??6c??31??2d??32??2d??30??0a??} \n \t\t $hex18= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??73??79??73??69??6e??66??6f??2d??6c??31??2d??32??2d??31??0a??} \n \t\t $hex19= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??77??69??6e??72??74??2d??6c??31??2d??31??2d??30??0a??} \n \t\t $hex20= {70??69??2d??6d??73??2d??77??69??6e??2d??63??6f??72??65??2d??78??73??74??61??74??65??2d??6c??32??2d??31??2d??30??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Winnti_8f939e65e9ffedd16ae86687e154adbe607d56950d082778300039283f2f8330 Group", "expiration": null, "is_active": 1 }, { "id": 2582711143, "indicator": "d0cdce0e3f66894dd082239cdd20dbe6920cdca5", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 22de97c025f3cc9ad3f835d97b0a7fab", "expiration": null, "is_active": 1 }, { "id": 30345604, "indicator": "95a33b0c5f2408adabbebeba6f4c618ba2b392f9dbcd1d9a9ff9db5a519380d8", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 22de97c025f3cc9ad3f835d97b0a7fab", "expiration": null, "is_active": 1 }, { "id": 3409660517, "indicator": "51e5f56d9c0f4ef5c20e22d7fa347c3c5d947706", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_95a33b0c5f2408adabbebeba6f4c618ba2b392f9dbcd1d9a9ff9db5a519380d8 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_95a33b0c5f2408adabbebeba6f4c618ba2b392f9dbcd1d9a9ff9db5a519380d8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"22de97c025f3cc9ad3f835d97b0a7fab\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_95a33b0c5f2408adabbebeba6f4c618ba2b392f9dbcd1d9a9ff9db5a519380d8 Group", "expiration": null, "is_active": 1 }, { "id": 2582682508, "indicator": "476749c900bb43c62f50cb2f448901a589d56aac", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of d73d232a9ae0e948c589148b061ccf03", "expiration": null, "is_active": 1 }, { "id": 30345596, "indicator": "830d48b2c6de780783e697346a6afe96c6e33654d85b71bb86627b88f09f298c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of d73d232a9ae0e948c589148b061ccf03", "expiration": null, "is_active": 1 }, { "id": 3409660518, "indicator": "a83a92611789189ab3a7883ae0e9acf9fb7a3e9d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_830d48b2c6de780783e697346a6afe96c6e33654d85b71bb86627b88f09f298c { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_830d48b2c6de780783e697346a6afe96c6e33654d85b71bb86627b88f09f298c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d73d232a9ae0e948c589148b061ccf03\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_830d48b2c6de780783e697346a6afe96c6e33654d85b71bb86627b88f09f298c Group", "expiration": null, "is_active": 1 }, { "id": 3409660519, "indicator": "86dde8af2ae19d10f1993a3ffa48d12e4d5e8fc0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Fakeav-21700", "description": "SHA1 of d1cdff47853aae8fd697e569a0897d5e", "expiration": null, "is_active": 1 }, { "id": 3409660520, "indicator": "d892cac17339fcfe4aca03980b590bd029e519e4f92f46623bf4e862b9483fd3", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Fakeav-21700", "description": "SHA256 of d1cdff47853aae8fd697e569a0897d5e", "expiration": null, "is_active": 1 }, { "id": 3409660521, "indicator": "9650a18f74c554c6542bbda2d366fc2cb1a297c7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_d892cac17339fcfe4aca03980b590bd029e519e4f92f46623bf4e862b9483fd3 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_d892cac17339fcfe4aca03980b590bd029e519e4f92f46623bf4e862b9483fd3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d1cdff47853aae8fd697e569a0897d5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"-2] #,##0.00)\" fullword wide \n \t\t $s2= \"-2] #,##0.00_);[Red]([$\" fullword wide \n \t\t $s3= \"Adobe Photoshop\" fullword wide \n \t\t $s4= \"DocumentSummaryInformation\" fullword wide \n \t\t $s5= \"SummaryInformation\" fullword wide \n \t\t $s6= \"TableStyleMedium2PivotStyleLight16\" fullword wide \n \n \t\t $hex1= {2d??32??5d??20??23??2c??23??23??30??2e??30??30??29??0a??} \n \t\t $hex2= {2d??32??5d??20??23??2c??23??23??30??2e??30??30??5f??29??3b??5b??52??65??64??5d??28??5b??24??0a??} \n \t\t $hex3= {41??64??6f??62??65??20??50??68??6f??74??6f??73??68??6f??70??0a??} \n \t\t $hex4= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex5= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex6= {54??61??62??6c??65??53??74??79??6c??65??4d??65??64??69??75??6d??32??50??69??76??6f??74??53??74??79??6c??65??4c??69??67??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_d892cac17339fcfe4aca03980b590bd029e519e4f92f46623bf4e862b9483fd3 Group", "expiration": null, "is_active": 1 }, { "id": 3409660522, "indicator": "43086d9857f9e6ad2f16c4113782cf71395f0e27", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_0832ec4e7a6e59fe03fe7d7614eadd67ceea3f330b309cadb4aacaf05d46ba61 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_0832ec4e7a6e59fe03fe7d7614eadd67ceea3f330b309cadb4aacaf05d46ba61 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"afe4ec9a88f84fbf9c1eb0f3ff47a12b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Advanced Server\" fullword wide \n \t\t $s2= \"Business Edition\" fullword wide \n \t\t $s3= \"C:windowsproerr.log\" fullword wide \n \t\t $s4= \"C:windowssetupapi.dll\" fullword wide \n \t\t $s5= \"C:windowssystem32setupapi.dll\" fullword wide \n \t\t $s6= \"Datacenter Edition\" fullword wide \n \t\t $s7= \"Datacenter Server\" fullword wide \n \t\t $s8= \"DeviceCabViewer\" fullword wide \n \t\t $s9= \"Disk Information:\" fullword wide \n \t\t $s10= \"DosDevicesCabViewer\" fullword wide \n \t\t $s11= \"Enterprise Edition\" fullword wide \n \t\t $s12= \"Organization: %s\" fullword wide \n \t\t $s13= \"ProcessorNameString\" fullword wide \n \t\t $s14= \"rD:ZeusServer.txt\" fullword wide \n \t\t $s15= \"RegisteredOrganization\" fullword wide \n \t\t $s16= \"RegisteredOwner\" fullword wide \n \t\t $s17= \"Standard Edition\" fullword wide \n \t\t $s18= \"Starter Edition\" fullword wide \n \t\t $s19= \"Ultimate Edition\" fullword wide \n \n \t\t $hex1= {41??64??76??61??6e??63??65??64??20??53??65??72??76??65??72??0a??} \n \t\t $hex2= {42??75??73??69??6e??65??73??73??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex3= {43??3a??77??69??6e??64??6f??77??73??70??72??6f??65??72??72??2e??6c??6f??67??0a??} \n \t\t $hex4= {43??3a??77??69??6e??64??6f??77??73??73??65??74??75??70??61??70??69??2e??64??6c??6c??0a??} \n \t\t $hex5= {43??3a??77??69??6e??64??6f??77??73??73??79??73??74??65??6d??33??32??73??65??74??75??70??61??70??69??2e??64??6c??6c??0a??} \n \t\t $hex6= {44??61??74??61??63??65??6e??74??65??72??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex7= {44??61??74??61??63??65??6e??74??65??72??20??53??65??72??76??65??72??0a??} \n \t\t $hex8= {44??65??76??69??63??65??43??61??62??56??69??65??77??65??72??0a??} \n \t\t $hex9= {44??69??73??6b??20??49??6e??66??6f??72??6d??61??74??69??6f??6e??3a??0a??} \n \t\t $hex10= {44??6f??73??44??65??76??69??63??65??73??43??61??62??56??69??65??77??65??72??0a??} \n \t\t $hex11= {45??6e??74??65??72??70??72??69??73??65??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex12= {4f??72??67??61??6e??69??7a??61??74??69??6f??6e??3a??20??25??73??0a??} \n \t\t $hex13= {50??72??6f??63??65??73??73??6f??72??4e??61??6d??65??53??74??72??69??6e??67??0a??} \n \t\t $hex14= {52??65??67??69??73??74??65??72??65??64??4f??72??67??61??6e??69??7a??61??74??69??6f??6e??0a??} \n \t\t $hex15= {52??65??67??69??73??74??65??72??65??64??4f??77??6e??65??72??0a??} \n \t\t $hex16= {53??74??61??6e??64??61??72??64??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex17= {53??74??61??72??74??65??72??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex18= {55??6c??74??69??6d??61??74??65??20??45??64??69??74??69??6f??6e??0a??} \n \t\t $hex19= {72??44??3a??5a??65??75??73??53??65??72??76??65??72??2e??74??78??74??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Winnti_0832ec4e7a6e59fe03fe7d7614eadd67ceea3f330b309cadb4aacaf05d46ba61 Group", "expiration": null, "is_active": 1 }, { "id": 2582694552, "indicator": "8197dd95e88c790ea3f26de7c34b9057f289c7ef", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 11898306703dcbeb1ca2cd7746384829", "expiration": null, "is_active": 1 }, { "id": 30345611, "indicator": "aded00e1dab93e15161dc14206d75eccfb4657c360e7e13b6101e00ef26e3399", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 11898306703dcbeb1ca2cd7746384829", "expiration": null, "is_active": 1 }, { "id": 3409660523, "indicator": "706bc7afe03d36f50b73b7adc3ddf8f96dc1ddf0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_aded00e1dab93e15161dc14206d75eccfb4657c360e7e13b6101e00ef26e3399 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_aded00e1dab93e15161dc14206d75eccfb4657c360e7e13b6101e00ef26e3399 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"11898306703dcbeb1ca2cd7746384829\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_aded00e1dab93e15161dc14206d75eccfb4657c360e7e13b6101e00ef26e3399 Group", "expiration": null, "is_active": 1 }, { "id": 3409660524, "indicator": "5220b4fadabe0c02447d78947b32b0523af5945a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_24e3ea78835748c9995e0d0c64f4f6bd3a0ca1b495b61a601703eb19b8c27f95 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_24e3ea78835748c9995e0d0c64f4f6bd3a0ca1b495b61a601703eb19b8c27f95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b5e7832464bff54896b1d42a76760dbc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_24e3ea78835748c9995e0d0c64f4f6bd3a0ca1b495b61a601703eb19b8c27f95 Group", "expiration": null, "is_active": 1 }, { "id": 2582692995, "indicator": "7aa1ccaa1e2c9a982a93d4be1aa568838d0610b1", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA1 of 276aaea14d125f69fe7e80e5a30180d7", "expiration": null, "is_active": 1 }, { "id": 30345628, "indicator": "ef393ea4f3e9ac177593470d84cd4ae6af496212c2a8a5c489e5d34b7e4e5c78", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Winnti.V!dha", "description": "SHA256 of 276aaea14d125f69fe7e80e5a30180d7", "expiration": null, "is_active": 1 }, { "id": 3409660525, "indicator": "53c048658e8f54eba0d1999cd45f59921bc4a379", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_ef393ea4f3e9ac177593470d84cd4ae6af496212c2a8a5c489e5d34b7e4e5c78 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_ef393ea4f3e9ac177593470d84cd4ae6af496212c2a8a5c489e5d34b7e4e5c78 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-57-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"276aaea14d125f69fe7e80e5a30180d7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",2015-07-16(GlobalSing\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {2c??32??30??31??35??2d??30??37??2d??31??36??28??47??6c??6f??62??61??6c??53??69??6e??67??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_ef393ea4f3e9ac177593470d84cd4ae6af496212c2a8a5c489e5d34b7e4e5c78 Group", "expiration": null, "is_active": 1 }, { "id": 2582711179, "indicator": "d160e519632ee61bd3ab5e88101beba318164254", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of f1059405feaaae373c59860fdec66fd0", "expiration": null, "is_active": 1 }, { "id": 30345557, "indicator": "24a9bfbff81615a42e42755711c8d04f359f3bf815fb338022edca860ff1908a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of f1059405feaaae373c59860fdec66fd0", "expiration": null, "is_active": 1 }, { "id": 3409660526, "indicator": "4cd94605e2d923debd36a09d713bf3bf1c9e3d5b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_24a9bfbff81615a42e42755711c8d04f359f3bf815fb338022edca860ff1908a { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_24a9bfbff81615a42e42755711c8d04f359f3bf815fb338022edca860ff1908a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-56-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f1059405feaaae373c59860fdec66fd0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s8= \"english-american\" fullword wide \n \t\t $s9= \"english-caribbean\" fullword wide \n \t\t $s10= \"english-jamaica\" fullword wide \n \t\t $s11= \"english-south africa\" fullword wide \n \t\t $s12= \"french-canadian\" fullword wide \n \t\t $s13= \"french-luxembourg\" fullword wide \n \t\t $s14= \"german-austrian\" fullword wide \n \t\t $s15= \"german-lichtenstein\" fullword wide \n \t\t $s16= \"german-luxembourg\" fullword wide \n \t\t $s17= \"norwegian-bokmal\" fullword wide \n \t\t $s18= \"norwegian-nynorsk\" fullword wide \n \t\t $s19= \"portuguese-brazilian\" fullword wide \n \t\t $s20= \"SeDebugPrivilege\" fullword wide \n \n \t\t $hex1= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex7= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex8= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex9= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex11= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex12= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex13= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex14= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex15= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex16= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex17= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex18= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \t\t $hex19= {6e??6f??72??77??65??67??69??61??6e??2d??6e??79??6e??6f??72??73??6b??0a??} \n \t\t $hex20= {70??6f??72??74??75??67??75??65??73??65??2d??62??72??61??7a??69??6c??69??61??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Winnti_24a9bfbff81615a42e42755711c8d04f359f3bf815fb338022edca860ff1908a Group", "expiration": null, "is_active": 1 }, { "id": 2582705581, "indicator": "b6d57573dd36ed341bdc57ae94a333060da0f4ca", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_1", "description": "SHA1 of 773afaa800f539ce195540e2f1882270", "expiration": null, "is_active": 1 }, { "id": 30345597, "indicator": "8585342d297b4726900e8818817b14042e1a3da5a1497380572a64dcf6d4819c", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_1", "description": "SHA256 of 773afaa800f539ce195540e2f1882270", "expiration": null, "is_active": 1 }, { "id": 3409660527, "indicator": "6e8a0691a6508414c5bd204a67a08a19f2087d37", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_8585342d297b4726900e8818817b14042e1a3da5a1497380572a64dcf6d4819c { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_8585342d297b4726900e8818817b14042e1a3da5a1497380572a64dcf6d4819c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-56-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"773afaa800f539ce195540e2f1882270\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"C:Program Files\" fullword wide \n \t\t $s8= \"C:Program FilesExcalibur\" fullword wide \n \t\t $s9= \"C:Program FilesExcalibur\" fullword wide \n \t\t $s10= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s11= \"english-american\" fullword wide \n \t\t $s12= \"english-caribbean\" fullword wide \n \t\t $s13= \"english-jamaica\" fullword wide \n \t\t $s14= \"english-south africa\" fullword wide \n \t\t $s15= \"french-canadian\" fullword wide \n \t\t $s16= \"french-luxembourg\" fullword wide \n \t\t $s17= \"german-austrian\" fullword wide \n \t\t $s18= \"german-lichtenstein\" fullword wide \n \t\t $s19= \"german-luxembourg\" fullword wide \n \t\t $s20= \"norwegian-bokmal\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??20??46??69??6c??65??73??0a??} \n \t\t $hex2= {43??3a??50??72??6f??67??72??61??6d??20??46??69??6c??65??73??45??78??63??61??6c??69??62??75??72??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex7= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex8= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex9= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex11= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex12= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex13= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex14= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex15= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex16= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex17= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex18= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex19= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Winnti_8585342d297b4726900e8818817b14042e1a3da5a1497380572a64dcf6d4819c Group", "expiration": null, "is_active": 1 }, { "id": 2582688585, "indicator": "64e15a29c64538fe40137184d8f963027aec7a62", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VMProtectSDK", "description": "SHA1 of c3869609968c97fd27e3dc71f26d98d3", "expiration": null, "is_active": 1 }, { "id": 30345553, "indicator": "1ade09a1c54800787dc63d09b76f69fd2cca8b4bbb63c8c39c720628ea37471a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VMProtectSDK", "description": "SHA256 of c3869609968c97fd27e3dc71f26d98d3", "expiration": null, "is_active": 1 }, { "id": 3409660528, "indicator": "cc0c0f2d641eb6185a14bebc4f20776d14d4d1b3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_1ade09a1c54800787dc63d09b76f69fd2cca8b4bbb63c8c39c720628ea37471a { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_1ade09a1c54800787dc63d09b76f69fd2cca8b4bbb63c8c39c720628ea37471a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-56-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c3869609968c97fd27e3dc71f26d98d3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_1ade09a1c54800787dc63d09b76f69fd2cca8b4bbb63c8c39c720628ea37471a Group", "expiration": null, "is_active": 1 }, { "id": 2582682924, "indicator": "4953726626de58f59f18f259a1386f1e3a511b9b", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA1 of 027eb2cda9f1c8df00e26641ce4ef12d", "expiration": null, "is_active": 1 }, { "id": 30345613, "indicator": "b46786252512197a96093ab4cb906a851f75f82da7ad850c220a44002f39c739", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA256 of 027eb2cda9f1c8df00e26641ce4ef12d", "expiration": null, "is_active": 1 }, { "id": 3409660529, "indicator": "6f560f9698805e72e94dcd5b373d73b0aac7bd59", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_b46786252512197a96093ab4cb906a851f75f82da7ad850c220a44002f39c739 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_b46786252512197a96093ab4cb906a851f75f82da7ad850c220a44002f39c739 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-56-06\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"027eb2cda9f1c8df00e26641ce4ef12d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceGameGuard\" fullword wide \n \t\t $s2= \"DosDevicesGameGuard\" fullword wide \n \t\t $s3= \"InprocServer32\" fullword wide \n \t\t $s4= \"ObGetObjectType\" fullword wide \n \t\t $s5= \"ObQueryNameInfo\" fullword wide \n \t\t $s6= \"PsReferenceProcessFilePointer\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex3= {49??6e??70??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4f??62??47??65??74??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex5= {4f??62??51??75??65??72??79??4e??61??6d??65??49??6e??66??6f??0a??} \n \t\t $hex6= {50??73??52??65??66??65??72??65??6e??63??65??50??72??6f??63??65??73??73??46??69??6c??65??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Winnti_b46786252512197a96093ab4cb906a851f75f82da7ad850c220a44002f39c739 Group", "expiration": null, "is_active": 1 }, { "id": 2582690184, "indicator": "6d017deab9e3cc4a0c10e43bcd1612c9e3c6e3e3", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of cbcff0eb404183902457332e72915d07", "expiration": null, "is_active": 1 }, { "id": 30345566, "indicator": "320b73e5cee7590a529001af9cea5f36520adc5c50ef48c72912e2dae7283ac6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of cbcff0eb404183902457332e72915d07", "expiration": null, "is_active": 1 }, { "id": 3409660530, "indicator": "5381e74a86fb194cb37384bff8912b3dbae1106f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_320b73e5cee7590a529001af9cea5f36520adc5c50ef48c72912e2dae7283ac6 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_320b73e5cee7590a529001af9cea5f36520adc5c50ef48c72912e2dae7283ac6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-56-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cbcff0eb404183902457332e72915d07\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_320b73e5cee7590a529001af9cea5f36520adc5c50ef48c72912e2dae7283ac6 Group", "expiration": null, "is_active": 1 }, { "id": 2688541080, "indicator": "33d3157633eb0c024d741373c4a5ed3c9e49a17c", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "BackdoorWin32Mdmbot", "description": "SHA1 of 1caa2b7cc66d901994a0893baecd2e06", "expiration": null, "is_active": 1 }, { "id": 2688541016, "indicator": "b9aba520eeaf6511877c1eec5f7d71e0eea017312a104f30d3b8f17c89db47e8", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "BackdoorWin32Mdmbot", "description": "SHA256 of 1caa2b7cc66d901994a0893baecd2e06", "expiration": null, "is_active": 1 }, { "id": 3409660531, "indicator": "dde311829cbaa33bf87002e034a814ee46cd6852", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_b9aba520eeaf6511877c1eec5f7d71e0eea017312a104f30d3b8f17c89db47e8 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_b9aba520eeaf6511877c1eec5f7d71e0eea017312a104f30d3b8f17c89db47e8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1caa2b7cc66d901994a0893baecd2e06\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"&SGInternet DKOnLin\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {26??53??47??49??6e??74??65??72??6e??65??74??20??44??4b??4f??6e??4c??69??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_b9aba520eeaf6511877c1eec5f7d71e0eea017312a104f30d3b8f17c89db47e8 Group", "expiration": null, "is_active": 1 }, { "id": 2582695168, "indicator": "84cbf443e65f10a6d1b14ac735ade1b72503e7b6", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of f2449ecf637a370b6a0632a4b45cd554\nSHA1 of f2449ecf637a370b6a0632a4b45cd554", "expiration": null, "is_active": 1 }, { "id": 30345571, "indicator": "475d1c2d36b2cf28b28b202ada78168e7482a98b42ff980bbb2f65c6483db5b4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of f2449ecf637a370b6a0632a4b45cd554\nSHA256 of f2449ecf637a370b6a0632a4b45cd554", "expiration": null, "is_active": 1 }, { "id": 3409660532, "indicator": "b11d5d001c9f547a9f5d1d9210dbae9849646962", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_475d1c2d36b2cf28b28b202ada78168e7482a98b42ff980bbb2f65c6483db5b4 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_475d1c2d36b2cf28b28b202ada78168e7482a98b42ff980bbb2f65c6483db5b4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f2449ecf637a370b6a0632a4b45cd554\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_475d1c2d36b2cf28b28b202ada78168e7482a98b42ff980bbb2f65c6483db5b4 Group", "expiration": null, "is_active": 1 }, { "id": 2582679893, "indicator": "3aaa3fbcb897831c504214384a4f52d15a4bfa57", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA1 of 48c21badebacdc9239416a9848b4855c", "expiration": null, "is_active": 1 }, { "id": 30345616, "indicator": "b95f611c73c0176e5e8121b0300f4076c147b72115c6706c425a122ff10c10a4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Moniap.A", "description": "SHA256 of 48c21badebacdc9239416a9848b4855c", "expiration": null, "is_active": 1 }, { "id": 3409660533, "indicator": "2531b093fdb13f7fa053f331f4ec35b7fe86cf18", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_b95f611c73c0176e5e8121b0300f4076c147b72115c6706c425a122ff10c10a4 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_b95f611c73c0176e5e8121b0300f4076c147b72115c6706c425a122ff10c10a4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"48c21badebacdc9239416a9848b4855c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_b95f611c73c0176e5e8121b0300f4076c147b72115c6706c425a122ff10c10a4 Group", "expiration": null, "is_active": 1 }, { "id": 3409660534, "indicator": "832b248b003f4aaf4f5bcb5b60219aa4062627f3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_5a723f65da58bdcfc639f557f490213ca8c5009db0ddde7fffef8d2bcf3966f5 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_5a723f65da58bdcfc639f557f490213ca8c5009db0ddde7fffef8d2bcf3966f5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a8ee6f199438776f6842aab67fb953d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_5a723f65da58bdcfc639f557f490213ca8c5009db0ddde7fffef8d2bcf3966f5 Group", "expiration": null, "is_active": 1 }, { "id": 3409660535, "indicator": "67c72fd7fabe231cbfc0c8c65a1bc39356453951", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8349691b6c37d9e5fa75ee6365b40bf5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_016250b7d62e49ba386404cc6db38cb65323d26cf80bc94e2810d5ab9e59fff2 Group", "expiration": null, "is_active": 1 }, { "id": 2582687997, "indicator": "622eae2a57f613caa7257ec3f202d9455a455b98", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 1826efb7b1a4f135785ccfc8b0e79094", "expiration": null, "is_active": 1 }, { "id": 30345630, "indicator": "fb1ab5a92af54263f1dd6bdf5657ac0c4b52d9639acecb4b339a82c5650b9a6f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 1826efb7b1a4f135785ccfc8b0e79094", "expiration": null, "is_active": 1 }, { "id": 3409660536, "indicator": "ebb3b984261ff253dfc98d8d997846abf9d2cc9a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_fb1ab5a92af54263f1dd6bdf5657ac0c4b52d9639acecb4b339a82c5650b9a6f { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_fb1ab5a92af54263f1dd6bdf5657ac0c4b52d9639acecb4b339a82c5650b9a6f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1826efb7b1a4f135785ccfc8b0e79094\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"230826198006235297\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"Microsoft Corporation.\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {32??33??30??38??32??36??31??39??38??30??30??36??32??33??35??32??39??37??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??2e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_fb1ab5a92af54263f1dd6bdf5657ac0c4b52d9639acecb4b339a82c5650b9a6f Group", "expiration": null, "is_active": 1 }, { "id": 2582673740, "indicator": "1cc3ef87e7c1eabdde8370d95cad456a90576d47", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "dbgdetect_funcs", "description": "SHA1 of 72b1bfaf65ad9ec596860c1ea3bfb4cc", "expiration": null, "is_active": 1 }, { "id": 30345618, "indicator": "c93a654e21e61a7ae325447091d0f64de4504d35589f60aeb2502fdc54268d8d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "dbgdetect_funcs", "description": "SHA256 of 72b1bfaf65ad9ec596860c1ea3bfb4cc", "expiration": null, "is_active": 1 }, { "id": 3409660537, "indicator": "03816437b05cc1cc5483c1e560b33edd07c33b12", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_c93a654e21e61a7ae325447091d0f64de4504d35589f60aeb2502fdc54268d8d { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_c93a654e21e61a7ae325447091d0f64de4504d35589f60aeb2502fdc54268d8d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"72b1bfaf65ad9ec596860c1ea3bfb4cc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"[$PRODUCT_NAME]\" fullword wide \n \t\t $s2= \"d1wmnlsnh8rftl.cloudfront.net\" fullword wide \n \t\t $s3= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s4= \"eInstalleInstall.exe\" fullword wide \n \t\t $s5= \"eshellctx64.dll\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"remove_config_files>\" fullword wide \n \t\t $s8= \"remove_config_folder>\" fullword wide \n \t\t $s9= \"remove_shortcut>\" fullword wide \n \t\t $s10= \"romove_from_firewall>\" fullword wide \n \t\t $s11= \"SOFTWAREhdcode\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftCryptography\" fullword wide \n \t\t $s13= \"SOFTWAREwinzipersvc\" fullword wide \n \t\t $s14= \"TrayDownloader.exe\" fullword wide \n \t\t $s15= \"uninstallerOmigaZip.inst\" fullword wide \n \t\t $s16= \"UninstallString\" fullword wide \n \t\t $s17= \"VS_VERSION_INFO\" fullword wide \n \t\t $s18= \"winzipersvc.exe\" fullword wide \n \t\t $s19= \"winzipersvc.exe\" fullword wide \n \n \t\t $hex1= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex2= {53??4f??46??54??57??41??52??45??4d??69??63??72??6f??73??6f??66??74??43??72??79??70??74??6f??67??72??61??70??68??79??0a??} \n \t\t $hex3= {53??4f??46??54??57??41??52??45??68??64??63??6f??64??65??0a??} \n \t\t $hex4= {53??4f??46??54??57??41??52??45??77??69??6e??7a??69??70??65??72??73??76??63??0a??} \n \t\t $hex5= {54??72??61??79??44??6f??77??6e??6c??6f??61??64??65??72??2e??65??78??65??0a??} \n \t\t $hex6= {55??6e??69??6e??73??74??61??6c??6c??53??74??72??69??6e??67??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {5b??24??50??52??4f??44??55??43??54??5f??4e??41??4d??45??5d??0a??} \n \t\t $hex9= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex10= {64??31??77??6d??6e??6c??73??6e??68??38??72??66??74??6c??2e??63??6c??6f??75??64??66??72??6f??6e??74??2e??6e??65??74??0a??} \n \t\t $hex11= {65??49??6e??73??74??61??6c??6c??65??49??6e??73??74??61??6c??6c??2e??65??78??65??0a??} \n \t\t $hex12= {65??73??68??65??6c??6c??63??74??78??36??34??2e??64??6c??6c??0a??} \n \t\t $hex13= {72??65??6d??6f??76??65??5f??63??6f??6e??66??69??67??5f??66??69??6c??65??73??3e??0a??} \n \t\t $hex14= {72??65??6d??6f??76??65??5f??63??6f??6e??66??69??67??5f??66??6f??6c??64??65??72??3e??0a??} \n \t\t $hex15= {72??65??6d??6f??76??65??5f??73??68??6f??72??74??63??75??74??3e??0a??} \n \t\t $hex16= {72??6f??6d??6f??76??65??5f??66??72??6f??6d??5f??66??69??72??65??77??61??6c??6c??3e??0a??} \n \t\t $hex17= {75??6e??69??6e??73??74??61??6c??6c??65??72??4f??6d??69??67??61??5a??69??70??2e??69??6e??73??74??0a??} \n \t\t $hex18= {77??69??6e??7a??69??70??65??72??73??76??63??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Winnti_c93a654e21e61a7ae325447091d0f64de4504d35589f60aeb2502fdc54268d8d Group", "expiration": null, "is_active": 1 }, { "id": 3409660538, "indicator": "72ce99a776ef0623d463a00c060601a358f55b2a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_e00b052e63b503507d6b35636d9685cb14114ff4c81ce1fb0425b4b843350f8c { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_e00b052e63b503507d6b35636d9685cb14114ff4c81ce1fb0425b4b843350f8c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-29\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"06d8b1468f09d10aa5c4b115544ccc6e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ArbiterServer.exe\" fullword wide \n \t\t $s2= \"Component Categories\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Invalid DateTime\" fullword wide \n \t\t $s5= \"Invalid DateTimeSpan\" fullword wide \n \t\t $s6= \"Microsoft Corporation\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"Program Manager\" fullword wide \n \t\t $s9= \"SeDebugPrivilege\" fullword wide \n \t\t $s10= \"SYSTEMControlSet001ControlLsa\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??72??62??69??74??65??72??53??65??72??76??65??72??2e??65??78??65??0a??} \n \t\t $hex2= {43??6f??6d??70??6f??6e??65??6e??74??20??43??61??74??65??67??6f??72??69??65??73??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {49??6e??76??61??6c??69??64??20??44??61??74??65??54??69??6d??65??0a??} \n \t\t $hex5= {49??6e??76??61??6c??69??64??20??44??61??74??65??54??69??6d??65??53??70??61??6e??0a??} \n \t\t $hex6= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex7= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex8= {50??72??6f??67??72??61??6d??20??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex9= {53??59??53??54??45??4d??43??6f??6e??74??72??6f??6c??53??65??74??30??30??31??43??6f??6e??74??72??6f??6c??4c??73??61??0a??} \n \t\t $hex10= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex11= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_Winnti_e00b052e63b503507d6b35636d9685cb14114ff4c81ce1fb0425b4b843350f8c Group", "expiration": null, "is_active": 1 }, { "id": 3409660615, "indicator": "f4553fbbc2a466049f59310af944039c08ead3ae", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8d20017f576fbd58cce25637d29826ca\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78 Group", "expiration": null, "is_active": 1 }, { "id": 2582685126, "indicator": "540a0a20f4a75dac1023e4191fd3188d0ad7ee7f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of a4c07dbaa8ce969fd0f347d01776d03b", "expiration": null, "is_active": 1 }, { "id": 30345629, "indicator": "f9778c4e07642f5658285e64297c076877633a4bff9528827d0d3c2108259f72", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of a4c07dbaa8ce969fd0f347d01776d03b", "expiration": null, "is_active": 1 }, { "id": 3409660616, "indicator": "4a38eb5b1738a62f4a4a7c57ee54eacf8df842b2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_f9778c4e07642f5658285e64297c076877633a4bff9528827d0d3c2108259f72 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_f9778c4e07642f5658285e64297c076877633a4bff9528827d0d3c2108259f72 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-25\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a4c07dbaa8ce969fd0f347d01776d03b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_f9778c4e07642f5658285e64297c076877633a4bff9528827d0d3c2108259f72 Group", "expiration": null, "is_active": 1 }, { "id": 2582689979, "indicator": "6bf203966ddf5a444f3a645d3607f26f4e2f7c22", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA1 of 175c7694d32191091334e20509a7b2c0", "expiration": null, "is_active": 1 }, { "id": 30345619, "indicator": "cbd62862584f8544aadca0b4f8f3405576378f5542b776bc4e91f384ad146440", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA256 of 175c7694d32191091334e20509a7b2c0", "expiration": null, "is_active": 1 }, { "id": 3409660617, "indicator": "06bd96e9657fed020cb305871fa1dab2eb94ef5d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_cbd62862584f8544aadca0b4f8f3405576378f5542b776bc4e91f384ad146440 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_cbd62862584f8544aadca0b4f8f3405576378f5542b776bc4e91f384ad146440 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"175c7694d32191091334e20509a7b2c0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceGameGuard\" fullword wide \n \t\t $s2= \"DosDevicesGameGuard\" fullword wide \n \t\t $s3= \"InprocServer32\" fullword wide \n \t\t $s4= \"ObGetObjectType\" fullword wide \n \t\t $s5= \"ObQueryNameInfo\" fullword wide \n \t\t $s6= \"PendingFileRenameOperations\" fullword wide \n \t\t $s7= \"PsReferenceProcessFilePointer\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex3= {49??6e??70??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4f??62??47??65??74??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex5= {4f??62??51??75??65??72??79??4e??61??6d??65??49??6e??66??6f??0a??} \n \t\t $hex6= {50??65??6e??64??69??6e??67??46??69??6c??65??52??65??6e??61??6d??65??4f??70??65??72??61??74??69??6f??6e??73??0a??} \n \t\t $hex7= {50??73??52??65??66??65??72??65??6e??63??65??50??72??6f??63??65??73??73??46??69??6c??65??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Winnti_cbd62862584f8544aadca0b4f8f3405576378f5542b776bc4e91f384ad146440 Group", "expiration": null, "is_active": 1 }, { "id": 2582686375, "indicator": "5a67a4415fcf6244ff8d6def19b91781fbb1bcca", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 75b713b8d54403c51317679b4038a6ff", "expiration": null, "is_active": 1 }, { "id": 30345624, "indicator": "e61e56b8f2666b9e605127b4fcc7dc23871c1ae25aa0a4ea23b48c9de35d5f55", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 75b713b8d54403c51317679b4038a6ff", "expiration": null, "is_active": 1 }, { "id": 3409660618, "indicator": "e69eb6bdfaa8b724253fead07be8b396f056ad17", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_e61e56b8f2666b9e605127b4fcc7dc23871c1ae25aa0a4ea23b48c9de35d5f55 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_e61e56b8f2666b9e605127b4fcc7dc23871c1ae25aa0a4ea23b48c9de35d5f55 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"75b713b8d54403c51317679b4038a6ff\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s8= \"english-american\" fullword wide \n \t\t $s9= \"english-caribbean\" fullword wide \n \t\t $s10= \"english-jamaica\" fullword wide \n \t\t $s11= \"english-south africa\" fullword wide \n \t\t $s12= \"french-canadian\" fullword wide \n \t\t $s13= \"french-luxembourg\" fullword wide \n \t\t $s14= \"german-austrian\" fullword wide \n \t\t $s15= \"german-lichtenstein\" fullword wide \n \t\t $s16= \"german-luxembourg\" fullword wide \n \t\t $s17= \"norwegian-bokmal\" fullword wide \n \t\t $s18= \"norwegian-nynorsk\" fullword wide \n \t\t $s19= \"portuguese-brazilian\" fullword wide \n \t\t $s20= \"SeDebugPrivilege\" fullword wide \n \n \t\t $hex1= {53??65??44??65??62??75??67??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex2= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex7= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex8= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex9= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex11= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex12= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex13= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex14= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex15= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex16= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex17= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex18= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \t\t $hex19= {6e??6f??72??77??65??67??69??61??6e??2d??6e??79??6e??6f??72??73??6b??0a??} \n \t\t $hex20= {70??6f??72??74??75??67??75??65??73??65??2d??62??72??61??7a??69??6c??69??61??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Winnti_e61e56b8f2666b9e605127b4fcc7dc23871c1ae25aa0a4ea23b48c9de35d5f55 Group", "expiration": null, "is_active": 1 }, { "id": 3409660619, "indicator": "62025df0dbe4c112cf9a06271deccac47019bfec", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_b42bb2221490b763a84714140d75c8eb3189caac0f5940626d07b8303eccedec { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_b42bb2221490b763a84714140d75c8eb3189caac0f5940626d07b8303eccedec Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e4192340a54d73dca73685ce999dc561\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_b42bb2221490b763a84714140d75c8eb3189caac0f5940626d07b8303eccedec Group", "expiration": null, "is_active": 1 }, { "id": 2582702336, "indicator": "a71001ade416fbfa30a2b1748efd108efd86a3f1", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA1 of b15f9a6a0d6a5e52abc7a8134f856949", "expiration": null, "is_active": 1 }, { "id": 30345595, "indicator": "81986d0559db51317ca03f1d4102f8ddf86451ec18ba9649129c7704373cfed1", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "PassCV_Sabre_Malware_Signing_Cert", "description": "SHA256 of b15f9a6a0d6a5e52abc7a8134f856949", "expiration": null, "is_active": 1 }, { "id": 3409660620, "indicator": "be134b122d96715d39456e2b4f790fb3161c50bd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_81986d0559db51317ca03f1d4102f8ddf86451ec18ba9649129c7704373cfed1 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_81986d0559db51317ca03f1d4102f8ddf86451ec18ba9649129c7704373cfed1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-55-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b15f9a6a0d6a5e52abc7a8134f856949\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DeviceGameGuard\" fullword wide \n \t\t $s2= \"DosDevicesGameGuard\" fullword wide \n \t\t $s3= \"InprocServer32\" fullword wide \n \t\t $s4= \"ObGetObjectType\" fullword wide \n \t\t $s5= \"ObQueryNameInfo\" fullword wide \n \t\t $s6= \"PendingFileRenameOperations\" fullword wide \n \t\t $s7= \"PsReferenceProcessFilePointer\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex2= {44??6f??73??44??65??76??69??63??65??73??47??61??6d??65??47??75??61??72??64??0a??} \n \t\t $hex3= {49??6e??70??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex4= {4f??62??47??65??74??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex5= {4f??62??51??75??65??72??79??4e??61??6d??65??49??6e??66??6f??0a??} \n \t\t $hex6= {50??65??6e??64??69??6e??67??46??69??6c??65??52??65??6e??61??6d??65??4f??70??65??72??61??74??69??6f??6e??73??0a??} \n \t\t $hex7= {50??73??52??65??66??65??72??65??6e??63??65??50??72??6f??63??65??73??73??46??69??6c??65??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Winnti_81986d0559db51317ca03f1d4102f8ddf86451ec18ba9649129c7704373cfed1 Group", "expiration": null, "is_active": 1 }, { "id": 2582680556, "indicator": "3e89edf4cd94eb9ff2b55a2b3e254ca4846eb762", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of dfee3a4e1a137eda06e90540f3604ecb", "expiration": null, "is_active": 1 }, { "id": 30345599, "indicator": "8736b2d7a73643f0763c74c9fbf50c0109adcabdc794f4973927e3cba4eca220", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of dfee3a4e1a137eda06e90540f3604ecb", "expiration": null, "is_active": 1 }, { "id": 3409660621, "indicator": "cee0ca6893434a2f998f80c060ea4c7748e56679", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_8736b2d7a73643f0763c74c9fbf50c0109adcabdc794f4973927e3cba4eca220 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_8736b2d7a73643f0763c74c9fbf50c0109adcabdc794f4973927e3cba4eca220 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dfee3a4e1a137eda06e90540f3604ecb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_8736b2d7a73643f0763c74c9fbf50c0109adcabdc794f4973927e3cba4eca220 Group", "expiration": null, "is_active": 1 }, { "id": 2582682147, "indicator": "4619b2ed9fec98ad39785fda34c37811b5a14dcc", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 04dc04a1a61769f33b234ad0f19fdc53", "expiration": null, "is_active": 1 }, { "id": 30345621, "indicator": "da29ff774a0facd58bdfb3a45d12024bda401bba91f87077784b5b79251805c9", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 04dc04a1a61769f33b234ad0f19fdc53", "expiration": null, "is_active": 1 }, { "id": 3409660622, "indicator": "1046c358c31fae33c0d5d6389154e5eebaa35bc0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_da29ff774a0facd58bdfb3a45d12024bda401bba91f87077784b5b79251805c9 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_da29ff774a0facd58bdfb3a45d12024bda401bba91f87077784b5b79251805c9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"04dc04a1a61769f33b234ad0f19fdc53\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_da29ff774a0facd58bdfb3a45d12024bda401bba91f87077784b5b79251805c9 Group", "expiration": null, "is_active": 1 }, { "id": 2582705010, "indicator": "b42ee531a714e3b1c015338a5362ec0bd0ee1ff5", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of c91efaa99a5d9c51dfe86ea286fab519", "expiration": null, "is_active": 1 }, { "id": 30345587, "indicator": "7581d381c073d2b67bf2b21f5878855183f9fddf935557021ee6d813b7dda802", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of c91efaa99a5d9c51dfe86ea286fab519", "expiration": null, "is_active": 1 }, { "id": 3409660623, "indicator": "aebb3a1c9d922325a5cf3412dd8798a5e577a2d3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_7581d381c073d2b67bf2b21f5878855183f9fddf935557021ee6d813b7dda802 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_7581d381c073d2b67bf2b21f5878855183f9fddf935557021ee6d813b7dda802 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c91efaa99a5d9c51dfe86ea286fab519\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"american english\" fullword wide \n \t\t $s2= \"american-english\" fullword wide \n \t\t $s3= \"chinese-hongkong\" fullword wide \n \t\t $s4= \"chinese-simplified\" fullword wide \n \t\t $s5= \"chinese-singapore\" fullword wide \n \t\t $s6= \"chinese-traditional\" fullword wide \n \t\t $s7= \"C:Program Files\" fullword wide \n \t\t $s8= \"C:Program FilesExcalibur\" fullword wide \n \t\t $s9= \"C:Program FilesExcalibur\" fullword wide \n \t\t $s10= \"d\\\\.PhysicalDrive%d\" fullword wide \n \t\t $s11= \"english-american\" fullword wide \n \t\t $s12= \"english-caribbean\" fullword wide \n \t\t $s13= \"english-jamaica\" fullword wide \n \t\t $s14= \"english-south africa\" fullword wide \n \t\t $s15= \"french-canadian\" fullword wide \n \t\t $s16= \"french-luxembourg\" fullword wide \n \t\t $s17= \"german-austrian\" fullword wide \n \t\t $s18= \"german-lichtenstein\" fullword wide \n \t\t $s19= \"german-luxembourg\" fullword wide \n \t\t $s20= \"norwegian-bokmal\" fullword wide \n \n \t\t $hex1= {43??3a??50??72??6f??67??72??61??6d??20??46??69??6c??65??73??0a??} \n \t\t $hex2= {43??3a??50??72??6f??67??72??61??6d??20??46??69??6c??65??73??45??78??63??61??6c??69??62??75??72??0a??} \n \t\t $hex3= {61??6d??65??72??69??63??61??6e??20??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex4= {61??6d??65??72??69??63??61??6e??2d??65??6e??67??6c??69??73??68??0a??} \n \t\t $hex5= {63??68??69??6e??65??73??65??2d??68??6f??6e??67??6b??6f??6e??67??0a??} \n \t\t $hex6= {63??68??69??6e??65??73??65??2d??73??69??6d??70??6c??69??66??69??65??64??0a??} \n \t\t $hex7= {63??68??69??6e??65??73??65??2d??73??69??6e??67??61??70??6f??72??65??0a??} \n \t\t $hex8= {63??68??69??6e??65??73??65??2d??74??72??61??64??69??74??69??6f??6e??61??6c??0a??} \n \t\t $hex9= {64??2e??50??68??79??73??69??63??61??6c??44??72??69??76??65??25??64??0a??} \n \t\t $hex10= {65??6e??67??6c??69??73??68??2d??61??6d??65??72??69??63??61??6e??0a??} \n \t\t $hex11= {65??6e??67??6c??69??73??68??2d??63??61??72??69??62??62??65??61??6e??0a??} \n \t\t $hex12= {65??6e??67??6c??69??73??68??2d??6a??61??6d??61??69??63??61??0a??} \n \t\t $hex13= {65??6e??67??6c??69??73??68??2d??73??6f??75??74??68??20??61??66??72??69??63??61??0a??} \n \t\t $hex14= {66??72??65??6e??63??68??2d??63??61??6e??61??64??69??61??6e??0a??} \n \t\t $hex15= {66??72??65??6e??63??68??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex16= {67??65??72??6d??61??6e??2d??61??75??73??74??72??69??61??6e??0a??} \n \t\t $hex17= {67??65??72??6d??61??6e??2d??6c??69??63??68??74??65??6e??73??74??65??69??6e??0a??} \n \t\t $hex18= {67??65??72??6d??61??6e??2d??6c??75??78??65??6d??62??6f??75??72??67??0a??} \n \t\t $hex19= {6e??6f??72??77??65??67??69??61??6e??2d??62??6f??6b??6d??61??6c??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Winnti_7581d381c073d2b67bf2b21f5878855183f9fddf935557021ee6d813b7dda802 Group", "expiration": null, "is_active": 1 }, { "id": 3409660624, "indicator": "abd0ba0abc0c1414db4cdcc08a2c228dafdf90ac", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Winnti.A", "description": "SHA1 of d350ae5dc15bcc18fde382b84f4bb3d0", "expiration": null, "is_active": 1 }, { "id": 3409660625, "indicator": "f12efd87568e0a91cbd8fd35640d93bfcceb0e2a2d340bf461ef1e5011ea281e", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Winnti.A", "description": "SHA256 of d350ae5dc15bcc18fde382b84f4bb3d0", "expiration": null, "is_active": 1 }, { "id": 3409660626, "indicator": "439e3752cebcd4da89a7c21b3d783311f1d372fc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_f12efd87568e0a91cbd8fd35640d93bfcceb0e2a2d340bf461ef1e5011ea281e { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_f12efd87568e0a91cbd8fd35640d93bfcceb0e2a2d340bf461ef1e5011ea281e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d350ae5dc15bcc18fde382b84f4bb3d0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_f12efd87568e0a91cbd8fd35640d93bfcceb0e2a2d340bf461ef1e5011ea281e Group", "expiration": null, "is_active": 1 }, { "id": 3409660627, "indicator": "5847bd53aa53f095a3ce4c305cc9a5245749e567", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_557647451b5727f7bb56fbf4f00bf29b103db0022b5dbd9741dbfab4bc1def97 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_557647451b5727f7bb56fbf4f00bf29b103db0022b5dbd9741dbfab4bc1def97 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37c37e327a766a1b2db2fb9c934ff16e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \",2016-06-27(GlobalSing\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {2c??32??30??31??36??2d??30??36??2d??32??37??28??47??6c??6f??62??61??6c??53??69??6e??67??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_557647451b5727f7bb56fbf4f00bf29b103db0022b5dbd9741dbfab4bc1def97 Group", "expiration": null, "is_active": 1 }, { "id": 3409660628, "indicator": "5d81310d72392fc607c10c77b3ecf66d4bf0b6fd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_7b108c9a51643faa140edcad8b13b00c30c6fefdd21667318a24474cde44f796 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_7b108c9a51643faa140edcad8b13b00c30c6fefdd21667318a24474cde44f796 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"679ba94211a4e027c2b56b959e62c8e3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_7b108c9a51643faa140edcad8b13b00c30c6fefdd21667318a24474cde44f796 Group", "expiration": null, "is_active": 1 }, { "id": 2582720073, "indicator": "fcc370dc8863f995da8e0d0ed04b82ce10c9a5fb", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 6e4846b1029fed9118bbfaa0bd66f0a9", "expiration": null, "is_active": 1 }, { "id": 30345610, "indicator": "ad2a42e4024a320ce763524e17ef7262add649651e2a277b5fc56a9bdc44e449", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 6e4846b1029fed9118bbfaa0bd66f0a9", "expiration": null, "is_active": 1 }, { "id": 3409660629, "indicator": "2432fe11facb5653ee46330de39f683e4dabcc02", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_ad2a42e4024a320ce763524e17ef7262add649651e2a277b5fc56a9bdc44e449 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_ad2a42e4024a320ce763524e17ef7262add649651e2a277b5fc56a9bdc44e449 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6e4846b1029fed9118bbfaa0bd66f0a9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_ad2a42e4024a320ce763524e17ef7262add649651e2a277b5fc56a9bdc44e449 Group", "expiration": null, "is_active": 1 }, { "id": 2582678348, "indicator": "338001e7d3e09cd62c6b58090af1d9dc293c86b3", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA1 of 3a9503ce79a0ac3b6f2f38163d55554d", "expiration": null, "is_active": 1 }, { "id": 30345606, "indicator": "9941fd97327d54a18209d0bb1f36992a18a3809aa8d163e7fe80193a4348610a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "UPX", "description": "SHA256 of 3a9503ce79a0ac3b6f2f38163d55554d", "expiration": null, "is_active": 1 }, { "id": 3409660630, "indicator": "2301e39ea79722c9467ff7815c37bdf66f67fb44", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_9941fd97327d54a18209d0bb1f36992a18a3809aa8d163e7fe80193a4348610a { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_9941fd97327d54a18209d0bb1f36992a18a3809aa8d163e7fe80193a4348610a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3a9503ce79a0ac3b6f2f38163d55554d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_9941fd97327d54a18209d0bb1f36992a18a3809aa8d163e7fe80193a4348610a Group", "expiration": null, "is_active": 1 }, { "id": 3409660631, "indicator": "e284aaa5fe793d612846543cb2a1e22ab1fc7dfb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_28123038d24ef74a396a2a88700f947bfa72cdddd6bc56524c113a529a3423cd { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_28123038d24ef74a396a2a88700f947bfa72cdddd6bc56524c113a529a3423cd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-54-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cd82d1dc730eb9e7e19802500417e58a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_28123038d24ef74a396a2a88700f947bfa72cdddd6bc56524c113a529a3423cd Group", "expiration": null, "is_active": 1 }, { "id": 3409660632, "indicator": "4896097c0dacee7e5f9a2918255c5538c99ca589", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_49ef2b98b414c321bcdbab107b8fa71a537958fe1e05ae62aaa01fe7773c3b4b { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_49ef2b98b414c321bcdbab107b8fa71a537958fe1e05ae62aaa01fe7773c3b4b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b6be3f0864354a2e68144d17c3884d3b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"7zSfxFolder%02d\" fullword wide \n \t\t $s2= \"7ZSfxMod_x86.exe\" fullword wide \n \t\t $s3= \"Application error:\" fullword wide \n \t\t $s4= \"CommonDocuments\" fullword wide \n \t\t $s5= \"Exception code:\" fullword wide \n \t\t $s6= \"Exception data:\" fullword wide \n \t\t $s7= \"ExecuteParameters\" fullword wide \n \t\t $s8= \"ExtractCancelText\" fullword wide \n \t\t $s9= \"ExtractDialogText\" fullword wide \n \t\t $s10= \"ExtractDialogWidth\" fullword wide \n \t\t $s11= \"Extraction path\" fullword wide \n \t\t $s12= \"Extraction path:\" fullword wide \n \t\t $s13= \"ExtractPathText\" fullword wide \n \t\t $s14= \"ExtractPathTitle\" fullword wide \n \t\t $s15= \"ExtractPathWidth\" fullword wide \n \t\t $s16= \"FileDescription\" fullword wide \n \t\t $s17= \"msctls_progress32\" fullword wide \n \t\t $s18= \"OriginalFilename\" fullword wide \n \t\t $s19= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {37??5a??53??66??78??4d??6f??64??5f??78??38??36??2e??65??78??65??0a??} \n \t\t $hex2= {37??7a??53??66??78??46??6f??6c??64??65??72??25??30??32??64??0a??} \n \t\t $hex3= {41??70??70??6c??69??63??61??74??69??6f??6e??20??65??72??72??6f??72??3a??0a??} \n \t\t $hex4= {43??6f??6d??6d??6f??6e??44??6f??63??75??6d??65??6e??74??73??0a??} \n \t\t $hex5= {45??78??63??65??70??74??69??6f??6e??20??63??6f??64??65??3a??0a??} \n \t\t $hex6= {45??78??63??65??70??74??69??6f??6e??20??64??61??74??61??3a??0a??} \n \t\t $hex7= {45??78??65??63??75??74??65??50??61??72??61??6d??65??74??65??72??73??0a??} \n \t\t $hex8= {45??78??74??72??61??63??74??43??61??6e??63??65??6c??54??65??78??74??0a??} \n \t\t $hex9= {45??78??74??72??61??63??74??44??69??61??6c??6f??67??54??65??78??74??0a??} \n \t\t $hex10= {45??78??74??72??61??63??74??44??69??61??6c??6f??67??57??69??64??74??68??0a??} \n \t\t $hex11= {45??78??74??72??61??63??74??50??61??74??68??54??65??78??74??0a??} \n \t\t $hex12= {45??78??74??72??61??63??74??50??61??74??68??54??69??74??6c??65??0a??} \n \t\t $hex13= {45??78??74??72??61??63??74??50??61??74??68??57??69??64??74??68??0a??} \n \t\t $hex14= {45??78??74??72??61??63??74??69??6f??6e??20??70??61??74??68??0a??} \n \t\t $hex15= {45??78??74??72??61??63??74??69??6f??6e??20??70??61??74??68??3a??0a??} \n \t\t $hex16= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex17= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex18= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex19= {6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Winnti_49ef2b98b414c321bcdbab107b8fa71a537958fe1e05ae62aaa01fe7773c3b4b Group", "expiration": null, "is_active": 1 }, { "id": 3409660633, "indicator": "a27ab94b4e2598bce95d5974e2d12cfe60a8f2f9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_2c1613c2a9387151854b398fb8d104abe684bd57800857512f068fb84152d355 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_2c1613c2a9387151854b398fb8d104abe684bd57800857512f068fb84152d355 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6f5a10edc2c7319b8d7abc0a606e5ce6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_2c1613c2a9387151854b398fb8d104abe684bd57800857512f068fb84152d355 Group", "expiration": null, "is_active": 1 }, { "id": 3409660634, "indicator": "d6b7eaba838e55e597c3d27eb9e474666291aea8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_48f8c31530d621de0cb401fb32c282eecc91bdac602aac9bd4ddbe8c6a6ceb39 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_48f8c31530d621de0cb401fb32c282eecc91bdac602aac9bd4ddbe8c6a6ceb39 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"485ca8d140169ebbc8e5b3d7eaed544f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_48f8c31530d621de0cb401fb32c282eecc91bdac602aac9bd4ddbe8c6a6ceb39 Group", "expiration": null, "is_active": 1 }, { "id": 3409660635, "indicator": "081d7e31467c69f846668c562c0eaf9d1fc8dbab", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_0cf6d9a5aa3b390f97f20b2fbd2cd9df76c5bb018c997c26d2e16eb44127c624 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_0cf6d9a5aa3b390f97f20b2fbd2cd9df76c5bb018c997c26d2e16eb44127c624 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"494bedc21836a3323f88717066150abf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"RpcEndpoint.exe\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {52??70??63??45??6e??64??70??6f??69??6e??74??2e??65??78??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_0cf6d9a5aa3b390f97f20b2fbd2cd9df76c5bb018c997c26d2e16eb44127c624 Group", "expiration": null, "is_active": 1 }, { "id": 3409660636, "indicator": "ee5483e7623191e2c396f4d76a117b5482567ced", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_79190925bd1c3fae65b0d11db40ac8e61fb9326ccfed9b7e09084b891089602d { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_79190925bd1c3fae65b0d11db40ac8e61fb9326ccfed9b7e09084b891089602d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a0a96138b57ee24eed31b652ddf60d4e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_79190925bd1c3fae65b0d11db40ac8e61fb9326ccfed9b7e09084b891089602d Group", "expiration": null, "is_active": 1 }, { "id": 3409660637, "indicator": "ba6237186743f96a81da3093cc4122d5f9349167", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_2936ae7f7099c32e701c3b956a7eb7ef800bf5748122c883819c834ec61af44a { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_2936ae7f7099c32e701c3b956a7eb7ef800bf5748122c883819c834ec61af44a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6103f34ec409f99762e9c3714dfa1262\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.0420.2600.2180\" fullword wide \n \t\t $s2= \"6.0420.2600.2180 (rtm.040803-2158)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??0a??} \n \t\t $hex2= {36??2e??30??34??32??30??2e??32??36??30??30??2e??32??31??38??30??20??28??72??74??6d??2e??30??34??30??38??30??33??2d??32??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Winnti_2936ae7f7099c32e701c3b956a7eb7ef800bf5748122c883819c834ec61af44a Group", "expiration": null, "is_active": 1 }, { "id": 3409660638, "indicator": "966012a188f90e5ab0e4f23d3c5f320b7430e00c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_0d2c333e089fd28fda0060e8c1ab910e4a91d4225823e33a200f831e8c93d770 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_0d2c333e089fd28fda0060e8c1ab910e4a91d4225823e33a200f831e8c93d770 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-53-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f4c9bc4f045b90c496df4b75398dfa5c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Certificate Policy\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??65??72??74??69??66??69??63??61??74??65??20??50??6f??6c??69??63??79??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_0d2c333e089fd28fda0060e8c1ab910e4a91d4225823e33a200f831e8c93d770 Group", "expiration": null, "is_active": 1 }, { "id": 3409660639, "indicator": "da1b23cbb0314657b2731eb5a4313ac40000955b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Winnti_22562716be013e3114c79ffe69a7b19e2e0275ef2aa74e5bf518b225c41dce76 { \n \tmeta: \n \t\t description= \"APTMalware_Winnti_22562716be013e3114c79ffe69a7b19e2e0275ef2aa74e5bf518b225c41dce76 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ca04aa367e6f090903018131245296ce\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DevicePORTLESS_DeviceName\" fullword wide \n \t\t $s2= \"IoDeviceObjectType\" fullword wide \n \t\t $s3= \"IoDriverObjectType\" fullword wide \n \t\t $s4= \"REGISTRYMACHINE\" fullword wide \n \t\t $s5= \"REGISTRYMACHINESYSTEM\" fullword wide \n \n \t\t $hex1= {44??65??76??69??63??65??50??4f??52??54??4c??45??53??53??5f??44??65??76??69??63??65??4e??61??6d??65??0a??} \n \t\t $hex2= {49??6f??44??65??76??69??63??65??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex3= {49??6f??44??72??69??76??65??72??4f??62??6a??65??63??74??54??79??70??65??0a??} \n \t\t $hex4= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex5= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Winnti_22562716be013e3114c79ffe69a7b19e2e0275ef2aa74e5bf518b225c41dce76 Group", "expiration": null, "is_active": 1 }, { "id": 3409660640, "indicator": "e6219cc8f2bc777ce4d0a8cdde5e2780735c0638", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"740561c8d5d2c658d2134d5107802a9d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxControlBar90su\" fullword wide \n \t\t $s7= \"AfxFrameOrView90su\" fullword wide \n \t\t $s8= \"AfxMDIFrame90su\" fullword wide \n \t\t $s9= \"AfxOldWndProc423\" fullword wide \n \t\t $s10= \"AfxOleControl90su\" fullword wide \n \t\t $s11= \"*Akyzoxyas*Cd~oxdo~*Yoi\" fullword wide \n \t\t $s12= \"*]cdne}y*Cdy~kffox*\" fullword wide \n \t\t $s13= \"*]cdne}y*]exay~k~cedy\" fullword wide \n \t\t $s14= \"*]cdne}y*]exay~k~cedy2\" fullword wide \n \t\t $s15= \"CLSID%1AuxUserType2\" fullword wide \n \t\t $s16= \"CLSID%1AuxUserType3\" fullword wide \n \t\t $s17= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s18= \"CLSID%1DefaultIcon\" fullword wide \n \t\t $s19= \"CLSID%1DocObject\" fullword wide \n \t\t $s20= \"CLSID%1InprocHandler32\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {2a??41??6b??79??7a??6f??78??79??61??73??2a??43??64??7e??6f??78??64??6f??7e??2a??59??6f??69??0a??} \n \t\t $hex4= {2a??5d??63??64??6e??65??7d??79??2a??43??64??79??7e??6b??66??66??6f??78??2a??0a??} \n \t\t $hex5= {2a??5d??63??64??6e??65??7d??79??2a??5d??65??78??61??79??7e??6b??7e??63??65??64??79??0a??} \n \t\t $hex6= {2a??5d??63??64??6e??65??7d??79??2a??5d??65??78??61??79??7e??6b??7e??63??65??64??79??32??0a??} \n \t\t $hex7= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??39??30??73??75??0a??} \n \t\t $hex8= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??39??30??73??75??0a??} \n \t\t $hex9= {41??66??78??4d??44??49??46??72??61??6d??65??39??30??73??75??0a??} \n \t\t $hex10= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex11= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??39??30??73??75??0a??} \n \t\t $hex12= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??32??0a??} \n \t\t $hex13= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??33??0a??} \n \t\t $hex14= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??45??78??74??65??6e??73??69??6f??6e??0a??} \n \t\t $hex15= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??49??63??6f??6e??0a??} \n \t\t $hex16= {43??4c??53??49??44??25??31??44??6f??63??4f??62??6a??65??63??74??0a??} \n \t\t $hex17= {43??4c??53??49??44??25??31??49??6e??70??72??6f??63??48??61??6e??64??6c??65??72??33??32??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_19_81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d Group", "expiration": null, "is_active": 1 }, { "id": 3409660641, "indicator": "4179c0f89e295596043c28fa1cad4aa6bb26057c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_49f7c45453c3a478393ff841b0423ae011d1c2ef26fdf6b9ca4009e3810d9d93 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_49f7c45453c3a478393ff841b0423ae011d1c2ef26fdf6b9ca4009e3810d9d93 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7f466312a3b1176f052f8c05f7781715\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {53??65??41??73??73??69??67??6e??50??72??69??6d??61??72??79??54??6f??6b??65??6e??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_19_49f7c45453c3a478393ff841b0423ae011d1c2ef26fdf6b9ca4009e3810d9d93 Group", "expiration": null, "is_active": 1 }, { "id": 3409660642, "indicator": "b786ddac334cabdf1d9f6e37bd1f7e3358d30f7e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_e27fb16dce7fff714f4b05f2cef53e1919a34d7ec0e595f2eaa155861a213e59 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_e27fb16dce7fff714f4b05f2cef53e1919a34d7ec0e595f2eaa155861a213e59 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3f3d35208bfe32e64f82593ee89ff462\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DosDevicespipe\" fullword wide \n \t\t $s2= \"Drivernsiproxy\" fullword wide \n \t\t $s3= \"Enpi)Vmrqs$Mmnm-Bivesahl$Dvirev\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"FileSystemNtfs\" fullword wide \n \t\t $s6= \"FmlaDasgrmppikn\" fullword wide \n \t\t $s7= \"KdDisableDebugger\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"Microsoft update\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"??pipeusbpcex%d\" fullword wide \n \t\t $s12= \"\\\\.pipeusbpcex%d\" fullword wide \n \t\t $s13= \"??pipeusbpcg%d\" fullword wide \n \t\t $s14= \"\\\\.pipeusbpcg%d\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \t\t $s16= \"VW_REVSMOJ_MNBO\" fullword wide \n \t\t $s17= \"WYWCKRA.54*4*0*412\" fullword wide \n \t\t $s18= \"WYWCKRA.54*4*0*412$F57(F58\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex2= {2e??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex3= {3f??3f??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex4= {3f??3f??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex5= {44??6f??73??44??65??76??69??63??65??73??70??69??70??65??0a??} \n \t\t $hex6= {44??72??69??76??65??72??6e??73??69??70??72??6f??78??79??0a??} \n \t\t $hex7= {45??6e??70??69??29??56??6d??72??71??73??24??4d??6d??6e??6d??2d??42??69??76??65??73??61??68??6c??24??44??76??69??72??65??} \n \t\t $hex8= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex9= {46??69??6c??65??53??79??73??74??65??6d??4e??74??66??73??0a??} \n \t\t $hex10= {46??6d??6c??61??44??61??73??67??72??6d??70??70??69??6b??6e??0a??} \n \t\t $hex11= {4b??64??44??69??73??61??62??6c??65??44??65??62??75??67??67??65??72??0a??} \n \t\t $hex12= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex14= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex16= {56??57??5f??52??45??56??53??4d??4f??4a??5f??4d??4e??42??4f??0a??} \n \t\t $hex17= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??0a??} \n \t\t $hex18= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??24??46??35??37??28??46??35??38??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_19_e27fb16dce7fff714f4b05f2cef53e1919a34d7ec0e595f2eaa155861a213e59 Group", "expiration": null, "is_active": 1 }, { "id": 3409660643, "indicator": "69fc14ee288733b1c8e48aa523225863b8842589", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_c177df78fa62496bf86b7fcbe5c8cb51e25da6d139345710700e963f6911eeab { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_c177df78fa62496bf86b7fcbe5c8cb51e25da6d139345710700e963f6911eeab Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1faf6402f643c306bba4aa50c536f4e1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"Microsoft update\" fullword wide \n \t\t $s4= \"SystemCurrentControlSetServices\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex4= {53??79??73??74??65??6d??43??75??72??72??65??6e??74??43??6f??6e??74??72??6f??6c??53??65??74??53??65??72??76??69??63??65??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_19_c177df78fa62496bf86b7fcbe5c8cb51e25da6d139345710700e963f6911eeab Group", "expiration": null, "is_active": 1 }, { "id": 3409660710, "indicator": "13734fffcc248331c37bcd974d4176f38829e4b4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_50174311e524b97ea5cb4f3ea571dd477d1f0eee06cd3ed73af39a15f3e6484a { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_50174311e524b97ea5cb4f3ea571dd477d1f0eee06cd3ed73af39a15f3e6484a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"24e9870973cea42e6faf705b14208e52\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DosDevicespipe\" fullword wide \n \t\t $s2= \"Drivernsiproxy\" fullword wide \n \t\t $s3= \"Enpi)Vmrqs$Mmnm-Bivesahl$Dvirev\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"FileSystemNtfs\" fullword wide \n \t\t $s6= \"FmlaDasgrmppikn\" fullword wide \n \t\t $s7= \"KdDisableDebugger\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"Microsoft update\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"??pipeusbpcex%d\" fullword wide \n \t\t $s12= \"\\\\.pipeusbpcex%d\" fullword wide \n \t\t $s13= \"??pipeusbpcg%d\" fullword wide \n \t\t $s14= \"\\\\.pipeusbpcg%d\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \t\t $s16= \"VW_REVSMOJ_MNBO\" fullword wide \n \t\t $s17= \"WYWCKRA.54*4*0*412\" fullword wide \n \t\t $s18= \"WYWCKRA.54*4*0*412$F57(F58\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex2= {2e??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex3= {3f??3f??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex4= {3f??3f??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex5= {44??6f??73??44??65??76??69??63??65??73??70??69??70??65??0a??} \n \t\t $hex6= {44??72??69??76??65??72??6e??73??69??70??72??6f??78??79??0a??} \n \t\t $hex7= {45??6e??70??69??29??56??6d??72??71??73??24??4d??6d??6e??6d??2d??42??69??76??65??73??61??68??6c??24??44??76??69??72??65??} \n \t\t $hex8= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex9= {46??69??6c??65??53??79??73??74??65??6d??4e??74??66??73??0a??} \n \t\t $hex10= {46??6d??6c??61??44??61??73??67??72??6d??70??70??69??6b??6e??0a??} \n \t\t $hex11= {4b??64??44??69??73??61??62??6c??65??44??65??62??75??67??67??65??72??0a??} \n \t\t $hex12= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex14= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex16= {56??57??5f??52??45??56??53??4d??4f??4a??5f??4d??4e??42??4f??0a??} \n \t\t $hex17= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??0a??} \n \t\t $hex18= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??24??46??35??37??28??46??35??38??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_19_50174311e524b97ea5cb4f3ea571dd477d1f0eee06cd3ed73af39a15f3e6484a Group", "expiration": null, "is_active": 1 }, { "id": 3409660711, "indicator": "0ea66a3389be5180d439ac57f59e171b3f251e88", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_77b5e11b30aa9edffaa2cfe2bb6614d269b32b321c9599f803f037a958bd42d0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_77b5e11b30aa9edffaa2cfe2bb6614d269b32b321c9599f803f037a958bd42d0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2dce7fc3f52a692d8a84a0c182519133\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"InstManager.exe\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \";WV\" fullword wide \n \n \t\t $hex1= {3b??57??56??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {49??6e??73??74??4d??61??6e??61??67??65??72??2e??65??78??65??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_19_77b5e11b30aa9edffaa2cfe2bb6614d269b32b321c9599f803f037a958bd42d0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660712, "indicator": "5ac6e0e088860c74a86fff7f0f3eb6ff8913b993", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_de33dfce8143f9f929abda910632f7536ffa809603ec027a4193d5e57880b292 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_de33dfce8143f9f929abda910632f7536ffa809603ec027a4193d5e57880b292 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8afecc8e61fe3805fdd41d4591710976\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"6.1.7601.17514 \" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"http://www.google.com\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"SeAssignPrimaryTokenPrivilege\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {36??2e??31??2e??37??36??30??31??2e??31??37??35??31??34??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??65??41??73??73??69??67??6e??50??72??69??6d??61??72??79??54??6f??6b??65??6e??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex7= {68??74??74??70??3a??2f??2f??77??77??77??2e??67??6f??6f??67??6c??65??2e??63??6f??6d??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_19_de33dfce8143f9f929abda910632f7536ffa809603ec027a4193d5e57880b292 Group", "expiration": null, "is_active": 1 }, { "id": 3409660713, "indicator": "bb0b08c4ce9f5fd69a3696464b68683f850cd954", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"98721c78dfbf8a45d152a888c804427c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxControlBar90su\" fullword wide \n \t\t $s7= \"AfxFrameOrView90su\" fullword wide \n \t\t $s8= \"AfxMDIFrame90su\" fullword wide \n \t\t $s9= \"AfxOldWndProc423\" fullword wide \n \t\t $s10= \"AfxOleControl90su\" fullword wide \n \t\t $s11= \"CITRIX System,Inc\" fullword wide \n \t\t $s12= \"CLSID%1AuxUserType2\" fullword wide \n \t\t $s13= \"CLSID%1AuxUserType3\" fullword wide \n \t\t $s14= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s15= \"CLSID%1DefaultIcon\" fullword wide \n \t\t $s16= \"CLSID%1DocObject\" fullword wide \n \t\t $s17= \"CLSID%1InprocHandler32\" fullword wide \n \t\t $s18= \"CLSID%1InProcServer32\" fullword wide \n \t\t $s19= \"CLSID%1Insertable\" fullword wide \n \t\t $s20= \"CLSID%1LocalServer32\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??39??30??73??75??0a??} \n \t\t $hex4= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??39??30??73??75??0a??} \n \t\t $hex5= {41??66??78??4d??44??49??46??72??61??6d??65??39??30??73??75??0a??} \n \t\t $hex6= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex7= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??39??30??73??75??0a??} \n \t\t $hex8= {43??49??54??52??49??58??20??53??79??73??74??65??6d??2c??49??6e??63??0a??} \n \t\t $hex9= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??32??0a??} \n \t\t $hex10= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??33??0a??} \n \t\t $hex11= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??45??78??74??65??6e??73??69??6f??6e??0a??} \n \t\t $hex12= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??49??63??6f??6e??0a??} \n \t\t $hex13= {43??4c??53??49??44??25??31??44??6f??63??4f??62??6a??65??63??74??0a??} \n \t\t $hex14= {43??4c??53??49??44??25??31??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex15= {43??4c??53??49??44??25??31??49??6e??70??72??6f??63??48??61??6e??64??6c??65??72??33??32??0a??} \n \t\t $hex16= {43??4c??53??49??44??25??31??49??6e??73??65??72??74??61??62??6c??65??0a??} \n \t\t $hex17= {43??4c??53??49??44??25??31??4c??6f??63??61??6c??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_19_8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9 Group", "expiration": null, "is_active": 1 }, { "id": 3409660714, "indicator": "73c8d5b12fc88433c5439d54a44eb4d2b9a3a3e2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_6fecd042c3c0b54e7354cd8dfb1975c626acd8df55f88c4149462e15e77918b0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_6fecd042c3c0b54e7354cd8dfb1975c626acd8df55f88c4149462e15e77918b0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2b5b8070c460bb085921eb3a9e12fa87\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"Microsoft update\" fullword wide \n \t\t $s4= \"%temp%_instE547.$$1\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??74??65??6d??70??25??5f??69??6e??73??74??45??35??34??37??2e??24??24??31??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_19_6fecd042c3c0b54e7354cd8dfb1975c626acd8df55f88c4149462e15e77918b0 Group", "expiration": null, "is_active": 1 }, { "id": 3409660715, "indicator": "1ca719537f94f70e5a18d0777c70bdafaf45d860", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_95e08990fdf11251e9ee935f0b2e075667133758bc68c4d390e82f041a54e4b3 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_95e08990fdf11251e9ee935f0b2e075667133758bc68c4d390e82f041a54e4b3 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"de7500fc1065a081180841f32f06a537\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WindowsSystem32sysprep\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"HKEY_CURRENT_CONFIG\" fullword wide \n \t\t $s4= \"HKEY_CURRENT_USER\" fullword wide \n \t\t $s5= \"HKEY_LOCAL_MACHINE\" fullword wide \n \t\t $s6= \"HTTPMail Password2\" fullword wide \n \t\t $s7= \"L$_RasDefaultCredentials#0\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"Microsoft update\" fullword wide \n \t\t $s10= \"Microsoft_WinInet_\" fullword wide \n \t\t $s11= \"RasDialParams!%s#0\" fullword wide \n \t\t $s12= \"SOFTWAREMicrosoftRpc\" fullword wide \n \t\t $s13= \"sysprepsysprep.exe\" fullword wide \n \t\t $s14= \"SystemCurrentControlSetServices\" fullword wide \n \t\t $s15= \"SystemCurrentControlSetServices\" fullword wide \n \t\t $s16= \"VS_VERSION_INFO\" fullword wide \n \t\t $s17= \"zhudongfangyu.exe\" fullword wide \n \n \t\t $hex1= {43??3a??57??69??6e??64??6f??77??73??53??79??73??74??65??6d??33??32??73??79??73??70??72??65??70??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??43??4f??4e??46??49??47??0a??} \n \t\t $hex4= {48??4b??45??59??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??0a??} \n \t\t $hex5= {48??4b??45??59??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??45??0a??} \n \t\t $hex6= {48??54??54??50??4d??61??69??6c??20??50??61??73??73??77??6f??72??64??32??0a??} \n \t\t $hex7= {4c??24??5f??52??61??73??44??65??66??61??75??6c??74??43??72??65??64??65??6e??74??69??61??6c??73??23??30??0a??} \n \t\t $hex8= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex9= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex10= {4d??69??63??72??6f??73??6f??66??74??5f??57??69??6e??49??6e??65??74??5f??0a??} \n \t\t $hex11= {52??61??73??44??69??61??6c??50??61??72??61??6d??73??21??25??73??23??30??0a??} \n \t\t $hex12= {53??4f??46??54??57??41??52??45??4d??69??63??72??6f??73??6f??66??74??52??70??63??0a??} \n \t\t $hex13= {53??79??73??74??65??6d??43??75??72??72??65??6e??74??43??6f??6e??74??72??6f??6c??53??65??74??53??65??72??76??69??63??65??} \n \t\t $hex14= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex15= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \t\t $hex16= {7a??68??75??64??6f??6e??67??66??61??6e??67??79??75??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_APT_19_95e08990fdf11251e9ee935f0b2e075667133758bc68c4d390e82f041a54e4b3 Group", "expiration": null, "is_active": 1 }, { "id": 3409660716, "indicator": "fc9eab6392c4964eb13e7f835a9b04128867de02", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-15\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4a23e0f2c6f926a41b28d574cbc6ac30\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"VS_VERSION_INFO\" fullword wide \n \t\t $s4= \"WINDOWSSYSTEM32INETSRVW3WP.EXE\" fullword wide \n \t\t $s5= \"WINDOWSSYSTEM32WINLOGON.EXE\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex4= {57??49??4e??44??4f??57??53??53??59??53??54??45??4d??33??32??49??4e??45??54??53??52??56??57??33??57??50??2e??45??58??45??} \n \t\t $hex5= {57??49??4e??44??4f??57??53??53??59??53??54??45??4d??33??32??57??49??4e??4c??4f??47??4f??4e??2e??45??58??45??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_19_76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 Group", "expiration": null, "is_active": 1 }, { "id": 3409660717, "indicator": "01ed840b4648fda9f53b57c287e188e6208a03c8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_9e14bc163a69b76ae649ee385e8d02bbe9486e98c818b56b09d94f31c89158ad { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_9e14bc163a69b76ae649ee385e8d02bbe9486e98c818b56b09d94f31c89158ad Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-11\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dae6b9b3b8e39b08b10a51a6457444d8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Drivernsiproxy\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"KdDisableDebugger\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"Microsoft update\" fullword wide \n \t\t $s6= \"REGISTRYMACHINESYSTEM\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {44??72??69??76??65??72??6e??73??69??70??72??6f??78??79??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4b??64??44??69??73??61??62??6c??65??44??65??62??75??67??67??65??72??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex6= {52??45??47??49??53??54??52??59??4d??41??43??48??49??4e??45??53??59??53??54??45??4d??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_19_9e14bc163a69b76ae649ee385e8d02bbe9486e98c818b56b09d94f31c89158ad Group", "expiration": null, "is_active": 1 }, { "id": 3409660718, "indicator": "f59aa5041567eac20700be82ecdb848ee06e6ed1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_c317733322bd1c42601cefb6428e72eec2623ca2c0bfcaf8fb4d7256208f8748 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_c317733322bd1c42601cefb6428e72eec2623ca2c0bfcaf8fb4d7256208f8748 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"16652d4213991ae58e268ae03a4c4e97\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s2= \"http://icanhazip.com/\" fullword wide \n \t\t $s3= \"http://ipinfo.io/ip\" fullword wide \n \t\t $s4= \"http://myip.dnsomatic.com/\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex3= {68??74??74??70??3a??2f??2f??69??63??61??6e??68??61??7a??69??70??2e??63??6f??6d??2f??0a??} \n \t\t $hex4= {68??74??74??70??3a??2f??2f??69??70??69??6e??66??6f??2e??69??6f??2f??69??70??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??6d??79??69??70??2e??64??6e??73??6f??6d??61??74??69??63??2e??63??6f??6d??2f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_19_c317733322bd1c42601cefb6428e72eec2623ca2c0bfcaf8fb4d7256208f8748 Group", "expiration": null, "is_active": 1 }, { "id": 3409660719, "indicator": "f9cfacacd9137798d728f887f14e6504e9a3da37", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"230d8a7a60a07df28a291b13ddf3351f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"accDefaultAction\" fullword wide \n \t\t $s4= \"accDoDefaultAction\" fullword wide \n \t\t $s5= \"accKeyboardShortcut\" fullword wide \n \t\t $s6= \"AfxControlBar90su\" fullword wide \n \t\t $s7= \"AfxFrameOrView90su\" fullword wide \n \t\t $s8= \"AfxMDIFrame90su\" fullword wide \n \t\t $s9= \"AfxOldWndProc423\" fullword wide \n \t\t $s10= \"AfxOleControl90su\" fullword wide \n \t\t $s11= \"CLSID%1AuxUserType2\" fullword wide \n \t\t $s12= \"CLSID%1AuxUserType3\" fullword wide \n \t\t $s13= \"CLSID%1DefaultExtension\" fullword wide \n \t\t $s14= \"CLSID%1DefaultIcon\" fullword wide \n \t\t $s15= \"CLSID%1DocObject\" fullword wide \n \t\t $s16= \"CLSID%1InprocHandler32\" fullword wide \n \t\t $s17= \"CLSID%1InProcServer32\" fullword wide \n \t\t $s18= \"CLSID%1Insertable\" fullword wide \n \t\t $s19= \"CLSID%1LocalServer32\" fullword wide \n \t\t $s20= \"CLSID%1MiscStatus\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??39??30??73??75??0a??} \n \t\t $hex4= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??39??30??73??75??0a??} \n \t\t $hex5= {41??66??78??4d??44??49??46??72??61??6d??65??39??30??73??75??0a??} \n \t\t $hex6= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex7= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??39??30??73??75??0a??} \n \t\t $hex8= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??32??0a??} \n \t\t $hex9= {43??4c??53??49??44??25??31??41??75??78??55??73??65??72??54??79??70??65??33??0a??} \n \t\t $hex10= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??45??78??74??65??6e??73??69??6f??6e??0a??} \n \t\t $hex11= {43??4c??53??49??44??25??31??44??65??66??61??75??6c??74??49??63??6f??6e??0a??} \n \t\t $hex12= {43??4c??53??49??44??25??31??44??6f??63??4f??62??6a??65??63??74??0a??} \n \t\t $hex13= {43??4c??53??49??44??25??31??49??6e??50??72??6f??63??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex14= {43??4c??53??49??44??25??31??49??6e??70??72??6f??63??48??61??6e??64??6c??65??72??33??32??0a??} \n \t\t $hex15= {43??4c??53??49??44??25??31??49??6e??73??65??72??74??61??62??6c??65??0a??} \n \t\t $hex16= {43??4c??53??49??44??25??31??4c??6f??63??61??6c??53??65??72??76??65??72??33??32??0a??} \n \t\t $hex17= {43??4c??53??49??44??25??31??4d??69??73??63??53??74??61??74??75??73??0a??} \n \t\t $hex18= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex20= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_19_d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d Group", "expiration": null, "is_active": 1 }, { "id": 3409660720, "indicator": "fb7aeebeed43247fb5cf1f5d9573ebd96be4a0d5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-52-03\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0a9545f9fc7a6d8596cf07a59f400fd3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"ConsentPromptBehaviorAdmin\" fullword wide \n \t\t $s2= \"C:WindowsSystem32sysprep\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"HTTPMail Password2\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"Microsoft update\" fullword wide \n \t\t $s7= \"Microsoft_WinInet_\" fullword wide \n \t\t $s8= \"sysprepsysprep.exe\" fullword wide \n \t\t $s9= \"SystemCurrentControlSetServices\" fullword wide \n \t\t $s10= \"SYSTEMCurrentControlSetServices\" fullword wide \n \t\t $s11= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??3a??57??69??6e??64??6f??77??73??53??79??73??74??65??6d??33??32??73??79??73??70??72??65??70??0a??} \n \t\t $hex2= {43??6f??6e??73??65??6e??74??50??72??6f??6d??70??74??42??65??68??61??76??69??6f??72??41??64??6d??69??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {48??54??54??50??4d??61??69??6c??20??50??61??73??73??77??6f??72??64??32??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex7= {4d??69??63??72??6f??73??6f??66??74??5f??57??69??6e??49??6e??65??74??5f??0a??} \n \t\t $hex8= {53??59??53??54??45??4d??43??75??72??72??65??6e??74??43??6f??6e??74??72??6f??6c??53??65??74??53??65??72??76??69??63??65??} \n \t\t $hex9= {53??79??73??74??65??6d??43??75??72??72??65??6e??74??43??6f??6e??74??72??6f??6c??53??65??74??53??65??72??76??69??63??65??} \n \t\t $hex10= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex11= {73??79??73??70??72??65??70??73??79??73??70??72??65??70??2e??65??78??65??0a??} \n \n \tcondition: \n \t\t12 of them \n }", "title": "", "description": "APTMalware_APT_19_77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d Group", "expiration": null, "is_active": 1 }, { "id": 3409660721, "indicator": "83eed1f161fba1ea102136f9c0ba99322ff43ef4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_6cdb65dbfb2c236b6d149fd9836cb484d0608ea082cf5bd88edde31ad11a0d58 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_6cdb65dbfb2c236b6d149fd9836cb484d0608ea082cf5bd88edde31ad11a0d58 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-51-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"422f3353164aae7afa7429e6721703cc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DosDevicespipe\" fullword wide \n \t\t $s2= \"Drivernsiproxy\" fullword wide \n \t\t $s3= \"Enpi)Vmrqs$Mmnm-Bivesahl$Dvirev\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"FileSystemNtfs\" fullword wide \n \t\t $s6= \"FmlaDasgrmppikn\" fullword wide \n \t\t $s7= \"KdDisableDebugger\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"Microsoft update\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"??pipeusbpcex%d\" fullword wide \n \t\t $s12= \"\\\\.pipeusbpcex%d\" fullword wide \n \t\t $s13= \"??pipeusbpcg%d\" fullword wide \n \t\t $s14= \"\\\\.pipeusbpcg%d\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \t\t $s16= \"VW_REVSMOJ_MNBO\" fullword wide \n \t\t $s17= \"WYWCKRA.54*4*0*412\" fullword wide \n \t\t $s18= \"WYWCKRA.54*4*0*412$F57(F58\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex2= {2e??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex3= {3f??3f??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex4= {3f??3f??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex5= {44??6f??73??44??65??76??69??63??65??73??70??69??70??65??0a??} \n \t\t $hex6= {44??72??69??76??65??72??6e??73??69??70??72??6f??78??79??0a??} \n \t\t $hex7= {45??6e??70??69??29??56??6d??72??71??73??24??4d??6d??6e??6d??2d??42??69??76??65??73??61??68??6c??24??44??76??69??72??65??} \n \t\t $hex8= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex9= {46??69??6c??65??53??79??73??74??65??6d??4e??74??66??73??0a??} \n \t\t $hex10= {46??6d??6c??61??44??61??73??67??72??6d??70??70??69??6b??6e??0a??} \n \t\t $hex11= {4b??64??44??69??73??61??62??6c??65??44??65??62??75??67??67??65??72??0a??} \n \t\t $hex12= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex14= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex16= {56??57??5f??52??45??56??53??4d??4f??4a??5f??4d??4e??42??4f??0a??} \n \t\t $hex17= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??0a??} \n \t\t $hex18= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??24??46??35??37??28??46??35??38??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_19_6cdb65dbfb2c236b6d149fd9836cb484d0608ea082cf5bd88edde31ad11a0d58 Group", "expiration": null, "is_active": 1 }, { "id": 3409660722, "indicator": "473f6245e494f36f97ce87cc17a9e6a4e97ec066", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_1b449121300b0188ff9f6a8c399fb818d0cf53fd36cf012e6908a2665a27f016 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_1b449121300b0188ff9f6a8c399fb818d0cf53fd36cf012e6908a2665a27f016 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-51-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6668e339d1f11a724aa286593c192472\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DosDevicespipe\" fullword wide \n \t\t $s2= \"Drivernsiproxy\" fullword wide \n \t\t $s3= \"Enpi)Vmrqs$Mmnm-Bivesahl$Dvirev\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"FileSystemNtfs\" fullword wide \n \t\t $s6= \"FmlaDasgrmppikn\" fullword wide \n \t\t $s7= \"KdDisableDebugger\" fullword wide \n \t\t $s8= \"Microsoft Corporation\" fullword wide \n \t\t $s9= \"Microsoft update\" fullword wide \n \t\t $s10= \"OriginalFilename\" fullword wide \n \t\t $s11= \"??pipeusbpcex%d\" fullword wide \n \t\t $s12= \"\\\\.pipeusbpcex%d\" fullword wide \n \t\t $s13= \"??pipeusbpcg%d\" fullword wide \n \t\t $s14= \"\\\\.pipeusbpcg%d\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \t\t $s16= \"VW_REVSMOJ_MNBO\" fullword wide \n \t\t $s17= \"WYWCKRA.54*4*0*412\" fullword wide \n \t\t $s18= \"WYWCKRA.54*4*0*412$F57(F58\" fullword wide \n \n \t\t $hex1= {2e??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex2= {2e??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex3= {3f??3f??70??69??70??65??75??73??62??70??63??65??78??25??64??0a??} \n \t\t $hex4= {3f??3f??70??69??70??65??75??73??62??70??63??67??25??64??0a??} \n \t\t $hex5= {44??6f??73??44??65??76??69??63??65??73??70??69??70??65??0a??} \n \t\t $hex6= {44??72??69??76??65??72??6e??73??69??70??72??6f??78??79??0a??} \n \t\t $hex7= {45??6e??70??69??29??56??6d??72??71??73??24??4d??6d??6e??6d??2d??42??69??76??65??73??61??68??6c??24??44??76??69??72??65??} \n \t\t $hex8= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex9= {46??69??6c??65??53??79??73??74??65??6d??4e??74??66??73??0a??} \n \t\t $hex10= {46??6d??6c??61??44??61??73??67??72??6d??70??70??69??6b??6e??0a??} \n \t\t $hex11= {4b??64??44??69??73??61??62??6c??65??44??65??62??75??67??67??65??72??0a??} \n \t\t $hex12= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex13= {4d??69??63??72??6f??73??6f??66??74??20??75??70??64??61??74??65??0a??} \n \t\t $hex14= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex16= {56??57??5f??52??45??56??53??4d??4f??4a??5f??4d??4e??42??4f??0a??} \n \t\t $hex17= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??0a??} \n \t\t $hex18= {57??59??57??43??4b??52??41??2e??35??34??2a??34??2a??30??2a??34??31??32??24??46??35??37??28??46??35??38??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_APT_19_1b449121300b0188ff9f6a8c399fb818d0cf53fd36cf012e6908a2665a27f016 Group", "expiration": null, "is_active": 1 }, { "id": 3409660723, "indicator": "506b89095502adfb355c48c26916ee7145f54b25", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_19_c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129 { \n \tmeta: \n \t\t description= \"APTMalware_APT_19_c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-51-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8ee244ad6b6f2b814d34d26dae880f12\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2protocolStdFileEditingserver\" fullword wide \n \t\t $s2= \"%2protocolStdFileEditingverb0\" fullword wide \n \t\t $s3= \"{3n{y#3n{y#3n{y#3n{y#3n{y#3n{y#3\" fullword wide \n \t\t $s4= \"accDefaultAction\" fullword wide \n \t\t $s5= \"accDoDefaultAction\" fullword wide \n \t\t $s6= \"accKeyboardShortcut\" fullword wide \n \t\t $s7= \"AfxClosePending\" fullword wide \n \t\t $s8= \"AfxControlBar100su\" fullword wide \n \t\t $s9= \"AfxFrameOrView100su\" fullword wide \n \t\t $s10= \"AfxMDIFrame100su\" fullword wide \n \t\t $s11= \"AfxOldWndProc423\" fullword wide \n \t\t $s12= \"AfxOleControl100su\" fullword wide \n \t\t $s13= \"AFX_SUPERBAR_TAB\" fullword wide \n \t\t $s14= \"AFX_WM_CHANGE_CURRENT_FOLDER\" fullword wide \n \t\t $s15= \"AFX_WM_CHANGEVISUALMANAGER\" fullword wide \n \t\t $s16= \"AFX_WM_GETDRAGBOUNDS\" fullword wide \n \t\t $s17= \"AFX_WM_ON_AFTER_SHELL_COMMAND\" fullword wide \n \t\t $s18= \"AFX_WM_ON_CANCELTABMOVE\" fullword wide \n \t\t $s19= \"AFX_WM_ONCHANGE_ACTIVE_TAB\" fullword wide \n \t\t $s20= \"AFX_WM_ON_CHANGE_RIBBON_CATEGORY\" fullword wide \n \n \t\t $hex1= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??73??65??72??76??65??72??} \n \t\t $hex2= {25??32??70??72??6f??74??6f??63??6f??6c??53??74??64??46??69??6c??65??45??64??69??74??69??6e??67??76??65??72??62??30??0a??} \n \t\t $hex3= {41??46??58??5f??53??55??50??45??52??42??41??52??5f??54??41??42??0a??} \n \t\t $hex4= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??56??49??53??55??41??4c??4d??41??4e??41??47??45??52??0a??} \n \t\t $hex5= {41??46??58??5f??57??4d??5f??43??48??41??4e??47??45??5f??43??55??52??52??45??4e??54??5f??46??4f??4c??44??45??52??0a??} \n \t\t $hex6= {41??46??58??5f??57??4d??5f??47??45??54??44??52??41??47??42??4f??55??4e??44??53??0a??} \n \t\t $hex7= {41??46??58??5f??57??4d??5f??4f??4e??43??48??41??4e??47??45??5f??41??43??54??49??56??45??5f??54??41??42??0a??} \n \t\t $hex8= {41??46??58??5f??57??4d??5f??4f??4e??5f??41??46??54??45??52??5f??53??48??45??4c??4c??5f??43??4f??4d??4d??41??4e??44??0a??} \n \t\t $hex9= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??41??4e??43??45??4c??54??41??42??4d??4f??56??45??0a??} \n \t\t $hex10= {41??46??58??5f??57??4d??5f??4f??4e??5f??43??48??41??4e??47??45??5f??52??49??42??42??4f??4e??5f??43??41??54??45??47??4f??} \n \t\t $hex11= {41??66??78??43??6c??6f??73??65??50??65??6e??64??69??6e??67??0a??} \n \t\t $hex12= {41??66??78??43??6f??6e??74??72??6f??6c??42??61??72??31??30??30??73??75??0a??} \n \t\t $hex13= {41??66??78??46??72??61??6d??65??4f??72??56??69??65??77??31??30??30??73??75??0a??} \n \t\t $hex14= {41??66??78??4d??44??49??46??72??61??6d??65??31??30??30??73??75??0a??} \n \t\t $hex15= {41??66??78??4f??6c??64??57??6e??64??50??72??6f??63??34??32??33??0a??} \n \t\t $hex16= {41??66??78??4f??6c??65??43??6f??6e??74??72??6f??6c??31??30??30??73??75??0a??} \n \t\t $hex17= {61??63??63??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex18= {61??63??63??44??6f??44??65??66??61??75??6c??74??41??63??74??69??6f??6e??0a??} \n \t\t $hex19= {61??63??63??4b??65??79??62??6f??61??72??64??53??68??6f??72??74??63??75??74??0a??} \n \t\t $hex20= {7b??33??6e??7b??79??23??33??6e??7b??79??23??33??6e??7b??79??23??33??6e??7b??79??23??33??6e??7b??79??23??33??6e??7b??79??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_19_c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129 Group", "expiration": null, "is_active": 1 }, { "id": 2584656846, "indicator": "4383afa57dcfa49af4abf0bf31b20d707536e4b5", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-96509", "description": "SHA1 of b1912db011633d98bc40ac568a4167a7", "expiration": null, "is_active": 1 }, { "id": 2589643878, "indicator": "873c459c3c3aa7f0e9a488f69c4391669cbf24c6db7f5fb5fe5c2336f3ad9da8", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-96509", "description": "SHA256 of b1912db011633d98bc40ac568a4167a7", "expiration": null, "is_active": 1 }, { "id": 3409660724, "indicator": "9bc37c306259c1a09c85da7b903fd265461224d6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_873c459c3c3aa7f0e9a488f69c4391669cbf24c6db7f5fb5fe5c2336f3ad9da8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_873c459c3c3aa7f0e9a488f69c4391669cbf24c6db7f5fb5fe5c2336f3ad9da8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-45-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b1912db011633d98bc40ac568a4167a7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_873c459c3c3aa7f0e9a488f69c4391669cbf24c6db7f5fb5fe5c2336f3ad9da8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660725, "indicator": "1a15dcb2e95441ed1e8ea8084dc96b769663b18f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_1beb718309c249360873925f4cf285bf83b87ad65fc035f0c03d1d7e519e0f4a { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_1beb718309c249360873925f4cf285bf83b87ad65fc035f0c03d1d7e519e0f4a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-45-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7c82cd17b0fa420f09f97e060621ed7b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_1beb718309c249360873925f4cf285bf83b87ad65fc035f0c03d1d7e519e0f4a Group", "expiration": null, "is_active": 1 }, { "id": 3409660726, "indicator": "933a4200d922136349c3a0055324bb5fabb0447f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_dadfdbe7aa173f42e0c3b67518d3e3e5216db3258df139d6706bb5330fc8a883 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_dadfdbe7aa173f42e0c3b67518d3e3e5216db3258df139d6706bb5330fc8a883 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-45-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7fc52a32337386d867a952a2c8644353\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&()[]{}^=;!%'+,`~\" fullword wide \n \t\t $s2= \"%02d%s%02d%s%02d\" fullword wide \n \t\t $s3= \"%2d%s%02d%s%02d%s%02d\" fullword wide \n \t\t $s4= \"5.1.2600.5512 (xpsp.080413-2111)\" fullword wide \n \t\t $s5= \"ASSOC [.ext[=[fileType]]]\" fullword wide \n \t\t $s6= \"%%CMDEXTVERSION%% \" fullword wide \n \t\t $s7= \".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS\" fullword wide \n \t\t $s8= \"command execution.\" fullword wide \n \t\t $s9= \"control character.\" fullword wide \n \t\t $s10= \"DelayedExpansion\" fullword wide \n \t\t $s11= \"DISABLEDELAYEDEXPANSION\" fullword wide \n \t\t $s12= \"DISABLEEXTENSIONS\" fullword wide \n \t\t $s13= \"DISABLEEXTENSIONS \" fullword wide \n \t\t $s14= \"DisableUNCCheck\" fullword wide \n \t\t $s15= \"ENABLEDELAYEDEXPANSION\" fullword wide \n \t\t $s16= \"EnableExtensions\" fullword wide \n \t\t $s17= \"FileDescription\" fullword wide \n \t\t $s18= \"MD [drive:]path\" fullword wide \n \t\t $s19= \"Microsoft Corporation\" fullword wide \n \t\t $s20= \"Missing operand.\" fullword wide \n \n \t\t $hex1= {25??25??43??4d??44??45??58??54??56??45??52??53??49??4f??4e??25??25??0a??} \n \t\t $hex2= {25??30??32??64??25??73??25??30??32??64??25??73??25??30??32??64??0a??} \n \t\t $hex3= {25??32??64??25??73??25??30??32??64??25??73??25??30??32??64??25??73??25??30??32??64??0a??} \n \t\t $hex4= {26??28??29??5b??5d??7b??7d??5e??3d??3b??21??25??27??2b??2c??60??7e??0a??} \n \t\t $hex5= {2e??43??4f??4d??3b??2e??45??58??45??3b??2e??42??41??54??3b??2e??43??4d??44??3b??2e??56??42??53??3b??2e??4a??53??3b??2e??} \n \t\t $hex6= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??} \n \t\t $hex7= {41??53??53??4f??43??20??5b??2e??65??78??74??5b??3d??5b??66??69??6c??65??54??79??70??65??5d??5d??5d??0a??} \n \t\t $hex8= {44??49??53??41??42??4c??45??44??45??4c??41??59??45??44??45??58??50??41??4e??53??49??4f??4e??0a??} \n \t\t $hex9= {44??49??53??41??42??4c??45??45??58??54??45??4e??53??49??4f??4e??53??0a??} \n \t\t $hex10= {44??65??6c??61??79??65??64??45??78??70??61??6e??73??69??6f??6e??0a??} \n \t\t $hex11= {44??69??73??61??62??6c??65??55??4e??43??43??68??65??63??6b??0a??} \n \t\t $hex12= {45??4e??41??42??4c??45??44??45??4c??41??59??45??44??45??58??50??41??4e??53??49??4f??4e??0a??} \n \t\t $hex13= {45??6e??61??62??6c??65??45??78??74??65??6e??73??69??6f??6e??73??0a??} \n \t\t $hex14= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex15= {4d??44??20??5b??64??72??69??76??65??3a??5d??70??61??74??68??0a??} \n \t\t $hex16= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex17= {4d??69??73??73??69??6e??67??20??6f??70??65??72??61??6e??64??2e??0a??} \n \t\t $hex18= {63??6f??6d??6d??61??6e??64??20??65??78??65??63??75??74??69??6f??6e??2e??0a??} \n \t\t $hex19= {63??6f??6e??74??72??6f??6c??20??63??68??61??72??61??63??74??65??72??2e??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_APT_1_dadfdbe7aa173f42e0c3b67518d3e3e5216db3258df139d6706bb5330fc8a883 Group", "expiration": null, "is_active": 1 }, { "id": 3409660727, "indicator": "e6b3dffe2150aecc33208df93b43d9d76a39ccd3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ea43d8973fdfa6eb77e1f6b6a5276c5e06c614071d26f68f19fbcb25fe09aad4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ea43d8973fdfa6eb77e1f6b6a5276c5e06c614071d26f68f19fbcb25fe09aad4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b3defdbd173738d44137f88a571647e1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-0852)\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LanmanWorkstation\" fullword wide \n \t\t $s5= \"microsoft corp.\" fullword wide \n \t\t $s6= \"Microsoft Corporation\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"superhard corp.\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??30??38??35??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??69??63??72??6f??73??6f??66??74??20??63??6f??72??70??2e??0a??} \n \t\t $hex9= {73??75??70??65??72??68??61??72??64??20??63??6f??72??70??2e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_ea43d8973fdfa6eb77e1f6b6a5276c5e06c614071d26f68f19fbcb25fe09aad4 Group", "expiration": null, "is_active": 1 }, { "id": 3409660728, "indicator": "91b34029c347c82a5cd07722e858993531987aaa", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ce82f2b530f028644c8c7238c065eb88e4af153598447179aa784482efba454e { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ce82f2b530f028644c8c7238c065eb88e4af153598447179aa784482efba454e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"120c2e085992ff59a21ba401ec29fec9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_ce82f2b530f028644c8c7238c065eb88e4af153598447179aa784482efba454e Group", "expiration": null, "is_active": 1 }, { "id": 3409660729, "indicator": "cbe640641a7fad6ee341cda8e00cad583ac98fc1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_08d0eb1b10cdc8b5ba6d87d7b330fb69791f5e64b528feed19fc25a969a4034c { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_08d0eb1b10cdc8b5ba6d87d7b330fb69791f5e64b528feed19fc25a969a4034c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"2daa4a4574ba06aa3203ae0e0b45b3b8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s9= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s10= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex8= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex9= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex10= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_1_08d0eb1b10cdc8b5ba6d87d7b330fb69791f5e64b528feed19fc25a969a4034c Group", "expiration": null, "is_active": 1 }, { "id": 2584657238, "indicator": "568ae00e312a62e04237e0b00fcbdb44df610788", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of b3bc979d8de3be09728c5de1a0297c4b", "expiration": null, "is_active": 1 }, { "id": 2589541082, "indicator": "6b3b6ae4dd02cbd4a01075f0a3d92412c338368e281fbb7f413ebcb9d5a79990", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of b3bc979d8de3be09728c5de1a0297c4b", "expiration": null, "is_active": 1 }, { "id": 3409660730, "indicator": "6c5e07fbcc80651a7655f6cfe4aacf0af682deee", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_6b3b6ae4dd02cbd4a01075f0a3d92412c338368e281fbb7f413ebcb9d5a79990 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_6b3b6ae4dd02cbd4a01075f0a3d92412c338368e281fbb7f413ebcb9d5a79990 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-39\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b3bc979d8de3be09728c5de1a0297c4b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_6b3b6ae4dd02cbd4a01075f0a3d92412c338368e281fbb7f413ebcb9d5a79990 Group", "expiration": null, "is_active": 1 }, { "id": 3409660731, "indicator": "c787003250c2450542d30547ae12b6483af6b602", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_626eb96a340c865ea8ed721c94fac4504db147b0992e0190438b7cc144c05614 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_626eb96a340c865ea8ed721c94fac4504db147b0992e0190438b7cc144c05614 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c799e1d25839e1efb2b3d42d6d6efd26\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(xpsp.080413-2111)\" fullword wide \n \n \t\t $hex1= {28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??31??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_626eb96a340c865ea8ed721c94fac4504db147b0992e0190438b7cc144c05614 Group", "expiration": null, "is_active": 1 }, { "id": 2584655798, "indicator": "0c7ca03821af51400f84638ebdd61e38bbad5d3f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA1 of da6b0ee7ec735029d1ff4fa863a71de8", "expiration": null, "is_active": 1 }, { "id": 2592902295, "indicator": "ce268a8af9a9e0af70f048e6fc5c51e449a01b5c9683513a9d4a9b4dd0ab94f6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Connapts", "description": "SHA256 of da6b0ee7ec735029d1ff4fa863a71de8", "expiration": null, "is_active": 1 }, { "id": 3409660732, "indicator": "125352b1abd78d151ee81796b57e05be3226e309", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ce268a8af9a9e0af70f048e6fc5c51e449a01b5c9683513a9d4a9b4dd0ab94f6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ce268a8af9a9e0af70f048e6fc5c51e449a01b5c9683513a9d4a9b4dd0ab94f6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"da6b0ee7ec735029d1ff4fa863a71de8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OLESelfRegister\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??4c??45??53??65??6c??66??52??65??67??69??73??74??65??72??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_ce268a8af9a9e0af70f048e6fc5c51e449a01b5c9683513a9d4a9b4dd0ab94f6 Group", "expiration": null, "is_active": 1 }, { "id": 3409660733, "indicator": "410f748282434044a622df2680ba25db322a3c75", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_7f489a9493c233018342defc7e9140e1c8b6ecdc9d0baa31c9c0ee62c844272d { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_7f489a9493c233018342defc7e9140e1c8b6ecdc9d0baa31c9c0ee62c844272d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6c65c697bcff935484a5cd2e7dd2e7d2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"BoldFundingTitles\" fullword wide \n \t\t $s2= \"DocumentSummaryInformation\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OnlineFigureLabel\" fullword wide \n \t\t $s5= \"OnlineFigureOff\" fullword wide \n \t\t $s6= \"OnlineTableLabel\" fullword wide \n \t\t $s7= \"Richard Pettibone\" fullword wide \n \t\t $s8= \"SummaryInformation\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??6f??6c??64??46??75??6e??64??69??6e??67??54??69??74??6c??65??73??0a??} \n \t\t $hex2= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??6e??6c??69??6e??65??46??69??67??75??72??65??4c??61??62??65??6c??0a??} \n \t\t $hex5= {4f??6e??6c??69??6e??65??46??69??67??75??72??65??4f??66??66??0a??} \n \t\t $hex6= {4f??6e??6c??69??6e??65??54??61??62??6c??65??4c??61??62??65??6c??0a??} \n \t\t $hex7= {52??69??63??68??61??72??64??20??50??65??74??74??69??62??6f??6e??65??0a??} \n \t\t $hex8= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_7f489a9493c233018342defc7e9140e1c8b6ecdc9d0baa31c9c0ee62c844272d Group", "expiration": null, "is_active": 1 }, { "id": 2584658880, "indicator": "ace6981109a5f1074c57f3adfa94769ac53500f6", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Sluegot.A", "description": "SHA1 of 5c6f30cc369cd164d44941d381e282cc", "expiration": null, "is_active": 1 }, { "id": 430172564, "indicator": "6929c66312fce3ba740040dc0f0d98ce33fd0ef777930d8b69d9cddf19491e60", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Sluegot.A", "description": "SHA256 of 5c6f30cc369cd164d44941d381e282cc", "expiration": null, "is_active": 1 }, { "id": 3409660793, "indicator": "51e01fb510bb80d0de62e4b44bfd6a559a4befcd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_6929c66312fce3ba740040dc0f0d98ce33fd0ef777930d8b69d9cddf19491e60 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_6929c66312fce3ba740040dc0f0d98ce33fd0ef777930d8b69d9cddf19491e60 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5c6f30cc369cd164d44941d381e282cc\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"BoldFundingTitles\" fullword wide \n \t\t $s2= \"DocumentSummaryInformation\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OnlineFigureLabel\" fullword wide \n \t\t $s5= \"OnlineFigureOff\" fullword wide \n \t\t $s6= \"OnlineTableLabel\" fullword wide \n \t\t $s7= \"Richard Pettibone\" fullword wide \n \t\t $s8= \"SummaryInformation\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {42??6f??6c??64??46??75??6e??64??69??6e??67??54??69??74??6c??65??73??0a??} \n \t\t $hex2= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??6e??6c??69??6e??65??46??69??67??75??72??65??4c??61??62??65??6c??0a??} \n \t\t $hex5= {4f??6e??6c??69??6e??65??46??69??67??75??72??65??4f??66??66??0a??} \n \t\t $hex6= {4f??6e??6c??69??6e??65??54??61??62??6c??65??4c??61??62??65??6c??0a??} \n \t\t $hex7= {52??69??63??68??61??72??64??20??50??65??74??74??69??62??6f??6e??65??0a??} \n \t\t $hex8= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex9= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_6929c66312fce3ba740040dc0f0d98ce33fd0ef777930d8b69d9cddf19491e60 Group", "expiration": null, "is_active": 1 }, { "id": 3409660794, "indicator": "e9b48d30e62254baf78ddd22869cd44eba8d1958", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_837485ae1a0d843692bac9f91ad3f3c77f576414c2f1abc477b053dbc3302939 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_837485ae1a0d843692bac9f91ad3f3c77f576414c2f1abc477b053dbc3302939 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-44-14\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ef6c375e3e6930e2b50e1e97fe6fbcc9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"JpgCommand Application\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4a??70??67??43??6f??6d??6d??61??6e??64??20??41??70??70??6c??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_837485ae1a0d843692bac9f91ad3f3c77f576414c2f1abc477b053dbc3302939 Group", "expiration": null, "is_active": 1 }, { "id": 3409660795, "indicator": "d5b5aca00967f2694f5430ceafdffaf0f2d015b8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_825858c467b49923adac73ee23fd972ac5fb709690ec605e153315398b991dc1 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_825858c467b49923adac73ee23fd972ac5fb709690ec605e153315398b991dc1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-56\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c763e041c8e85c195ade90e120338be7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(xpsp.080413-2111)\" fullword wide \n \n \t\t $hex1= {28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??31??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_825858c467b49923adac73ee23fd972ac5fb709690ec605e153315398b991dc1 Group", "expiration": null, "is_active": 1 }, { "id": 3409660796, "indicator": "bc70552b911f2e950719a507ffc830dee4075083", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_b13eb0eb3cddf1b2c22232952aa30c1f2b5c59e72c9626e9fbd52882cfc03a32 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_b13eb0eb3cddf1b2c22232952aa30c1f2b5c59e72c9626e9fbd52882cfc03a32 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"41bb847963a8fce70ad21e70dd786107\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_b13eb0eb3cddf1b2c22232952aa30c1f2b5c59e72c9626e9fbd52882cfc03a32 Group", "expiration": null, "is_active": 1 }, { "id": 2584656807, "indicator": "3fbfc027d4bb6f8f717e510e11e50379e53e8f71", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 68c67a6e26855ebc2569d67689c69a6e\nSHA1 of 68c67a6e26855ebc2569d67689c69a6e", "expiration": null, "is_active": 1 }, { "id": 2589376961, "indicator": "478c29a4370717d2304e88920b68d6f219d96724d5393b9026553723243a03fe", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 68c67a6e26855ebc2569d67689c69a6e\nSHA256 of 68c67a6e26855ebc2569d67689c69a6e", "expiration": null, "is_active": 1 }, { "id": 3409660797, "indicator": "719989e2a800cd29ffa5522e0f3c063a8fcfb5fd", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_478c29a4370717d2304e88920b68d6f219d96724d5393b9026553723243a03fe { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_478c29a4370717d2304e88920b68d6f219d96724d5393b9026553723243a03fe Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"68c67a6e26855ebc2569d67689c69a6e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_478c29a4370717d2304e88920b68d6f219d96724d5393b9026553723243a03fe Group", "expiration": null, "is_active": 1 }, { "id": 3409660798, "indicator": "8b0e4ddff669ab5dc846226d12fd92c05bc52464", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_1d1a290668c7331317309eb7336e9df94e0b034a175bb8d477cb46b7dfaf26f6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_1d1a290668c7331317309eb7336e9df94e0b034a175bb8d477cb46b7dfaf26f6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c3af09a9fc487314eb4c9fe92a01845a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"MicroSoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"['@oR*vF,#Ephkn;\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??53??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {5b??27??40??6f??52??2a??76??46??2c??23??45??70??68??6b??6e??3b??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_1_1d1a290668c7331317309eb7336e9df94e0b034a175bb8d477cb46b7dfaf26f6 Group", "expiration": null, "is_active": 1 }, { "id": 2584655786, "indicator": "0ba62c41592ae7b306b395d5507522fccf463327", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-96509", "description": "SHA1 of 3fb8f4cdcb4d1d48be2e473fd8727239", "expiration": null, "is_active": 1 }, { "id": 2589292282, "indicator": "1fad1fd0a49b4677b6648008f8ddc8c8dc6483ee3c797e938d3637eb8b4ce3b4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-96509", "description": "SHA256 of 3fb8f4cdcb4d1d48be2e473fd8727239", "expiration": null, "is_active": 1 }, { "id": 3409660799, "indicator": "91c9be8ba450de0b0258d98bc0f0a569f6300000", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_1fad1fd0a49b4677b6648008f8ddc8c8dc6483ee3c797e938d3637eb8b4ce3b4 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_1fad1fd0a49b4677b6648008f8ddc8c8dc6483ee3c797e938d3637eb8b4ce3b4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3fb8f4cdcb4d1d48be2e473fd8727239\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_1fad1fd0a49b4677b6648008f8ddc8c8dc6483ee3c797e938d3637eb8b4ce3b4 Group", "expiration": null, "is_active": 1 }, { "id": 3409660800, "indicator": "95da26ec041f428b831c34f70bcf6360f8d90085", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_16632b14f50fcace587ec54d70359f45a32e68a5abb2bad971c778aa6b99d3ab { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_16632b14f50fcace587ec54d70359f45a32e68a5abb2bad971c778aa6b99d3ab Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-21\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1ede2c69d50e0efbe23f758d902216e0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_16632b14f50fcace587ec54d70359f45a32e68a5abb2bad971c778aa6b99d3ab Group", "expiration": null, "is_active": 1 }, { "id": 3409660801, "indicator": "4f186b0603e6125e6768e13c5aa1a1bb21a0a5d0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ece1610907c50cdeaf158d0ec13aa8b4aa31a8b831db8d3791da1e35296aa527 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ece1610907c50cdeaf158d0ec13aa8b4aa31a8b831db8d3791da1e35296aa527 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-18\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d7aa32b7465f55c368230bb52d52d885\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_ece1610907c50cdeaf158d0ec13aa8b4aa31a8b831db8d3791da1e35296aa527 Group", "expiration": null, "is_active": 1 }, { "id": 3409660802, "indicator": "5357cfbf00efb2a5d3d998636421fca7a8cefcad", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_6e417e9fadda9948ed7a8bf472d48285126369c407aad8b0b3cd1e8229f26fa6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_6e417e9fadda9948ed7a8bf472d48285126369c407aad8b0b3cd1e8229f26fa6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1fb4ce2e56ced51ddf1edff8ed15c21b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_6e417e9fadda9948ed7a8bf472d48285126369c407aad8b0b3cd1e8229f26fa6 Group", "expiration": null, "is_active": 1 }, { "id": 3409660803, "indicator": "9685824457b3d82e1afe33be45d2219e32c4aff3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_3aee06747c29dece72b537c6f7b6c36c1e65ee11c2501b6c285802ae52edb036 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_3aee06747c29dece72b537c6f7b6c36c1e65ee11c2501b6c285802ae52edb036 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"150c4c1f589c4baa794160276a3d4aba\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-0852)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??30??38??35??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_3aee06747c29dece72b537c6f7b6c36c1e65ee11c2501b6c285802ae52edb036 Group", "expiration": null, "is_active": 1 }, { "id": 3409660804, "indicator": "96b7b386bc40da3e9312dbf5fa047f27dfb60401", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_08af44d381df5250323cf196444aa90597f8049dad55712fe45e80b1a8d8cded { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_08af44d381df5250323cf196444aa90597f8049dad55712fe45e80b1a8d8cded Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-43-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ddf3db31f9fa21cd43ff19dde393aba8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2.2d-%2.2d-%4.4d %2.2d:%2.2d\" fullword wide \n \t\t $s2= \"5.1.2600.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??32??2e??32??64??2d??25??32??2e??32??64??2d??25??34??2e??34??64??20??25??32??2e??32??64??3a??25??32??2e??32??64??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_08af44d381df5250323cf196444aa90597f8049dad55712fe45e80b1a8d8cded Group", "expiration": null, "is_active": 1 }, { "id": 2582718670, "indicator": "f5f82285141fe18b8b6f592510d85d2d0aa9707f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Gloox-1", "description": "SHA1 of 3de1bd0f2107198931177b2b23877df4", "expiration": null, "is_active": 1 }, { "id": 2564714305, "indicator": "75f0072a6c408cdc30190ed534d7503906881d958504d1d11634c3677dbaf623", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Gloox-1", "description": "SHA256 of 3de1bd0f2107198931177b2b23877df4", "expiration": null, "is_active": 1 }, { "id": 3409660805, "indicator": "http://camaya.net/gloox", "type": "URL", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409660806, "indicator": "4280dca6cd9d16aeba13db06babb58868784b2f2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_75f0072a6c408cdc30190ed534d7503906881d958504d1d11634c3677dbaf623 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_75f0072a6c408cdc30190ed534d7503906881d958504d1d11634c3677dbaf623 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-42-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3de1bd0f2107198931177b2b23877df4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"http://camaya.net/gloox\" fullword wide \n \t\t $s3= \"Jakob Schroeter\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4a??61??6b??6f??62??20??53??63??68??72??6f??65??74??65??72??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??63??61??6d??61??79??61??2e??6e??65??74??2f??67??6c??6f??6f??78??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_75f0072a6c408cdc30190ed534d7503906881d958504d1d11634c3677dbaf623 Group", "expiration": null, "is_active": 1 }, { "id": 816603, "indicator": "camaya.net", "type": "domain", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1 }, { "id": 3409660807, "indicator": "5f1c1a75392cbca9ad96d77b19d8cc26d6626177", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_f94eb96f380a47bac95cb453e690ca78ae9ae1d078fbe2a433635a63bb73785b { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_f94eb96f380a47bac95cb453e690ca78ae9ae1d078fbe2a433635a63bb73785b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-42-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"57f98d16ac439a11012860f88db21831\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \"Windows Installer\" fullword wide \n \t\t $s7= \"WinInstaller.exe\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {57??69??6e??49??6e??73??74??61??6c??6c??65??72??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??64??6f??77??73??20??49??6e??73??74??61??6c??6c??65??72??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_f94eb96f380a47bac95cb453e690ca78ae9ae1d078fbe2a433635a63bb73785b Group", "expiration": null, "is_active": 1 }, { "id": 2584657802, "indicator": "745b7a2ad45a1e46daceb20bb182a07522772605", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA1 of 6d2320af561b2315c1241e3efd86067f", "expiration": null, "is_active": 1 }, { "id": 431139253, "indicator": "8c3f24599f9c46c5aff0c1e7fb4fe6777239221bbb66488f7cba1049985989fb", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Likseput.B", "description": "SHA256 of 6d2320af561b2315c1241e3efd86067f", "expiration": null, "is_active": 1 }, { "id": 3409660808, "indicator": "1d5d601fa7a16fe0f517617be03d86ad920f85e6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_8c3f24599f9c46c5aff0c1e7fb4fe6777239221bbb66488f7cba1049985989fb { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_8c3f24599f9c46c5aff0c1e7fb4fe6777239221bbb66488f7cba1049985989fb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-42-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6d2320af561b2315c1241e3efd86067f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_8c3f24599f9c46c5aff0c1e7fb4fe6777239221bbb66488f7cba1049985989fb Group", "expiration": null, "is_active": 1 }, { "id": 3409660809, "indicator": "64789ad0fe518daf10327f051dac1a83dfdfeca4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_e458031e9cee02dc4b7a9404d6dd3fcce5169ab13ca3e915357d45816af4e9f2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_e458031e9cee02dc4b7a9404d6dd3fcce5169ab13ca3e915357d45816af4e9f2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-42-12\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4c6bddcca2695d6202df38708e14fc7e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-0852)\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LanmanWorkstation\" fullword wide \n \t\t $s5= \"microsoft corp.\" fullword wide \n \t\t $s6= \"Microsoft Corporation\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"superhard corp.\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??30??38??35??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??69??63??72??6f??73??6f??66??74??20??63??6f??72??70??2e??0a??} \n \t\t $hex9= {73??75??70??65??72??68??61??72??64??20??63??6f??72??70??2e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_e458031e9cee02dc4b7a9404d6dd3fcce5169ab13ca3e915357d45816af4e9f2 Group", "expiration": null, "is_active": 1 }, { "id": 3409660810, "indicator": "9318299ef25eab5467fc5facdf589b78f4de4427", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_36f8ae291b0ff0193f51bcaed533701a52d2bff4964d2f49591eed703d442168 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_36f8ae291b0ff0193f51bcaed533701a52d2bff4964d2f49591eed703d442168 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d5fd1ce9189cd54f157d691e317c0821\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"http://camaya.net/gloox\" fullword wide \n \t\t $s3= \"Jakob Schroeter\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4a??61??6b??6f??62??20??53??63??68??72??6f??65??74??65??72??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {68??74??74??70??3a??2f??2f??63??61??6d??61??79??61??2e??6e??65??74??2f??67??6c??6f??6f??78??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_36f8ae291b0ff0193f51bcaed533701a52d2bff4964d2f49591eed703d442168 Group", "expiration": null, "is_active": 1 }, { "id": 3409660811, "indicator": "221c297f3acd66f4bb0be3ed28a6d9b49a7473f0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_6bb937d1a3d6fdce5108af79716b20b0c8a609763f10135d9a62314ced2a5fb8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_6bb937d1a3d6fdce5108af79716b20b0c8a609763f10135d9a62314ced2a5fb8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e4be1e46775081b1d5405b3dd7dd1c64\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \t\t $s6= \"Windows Installer\" fullword wide \n \t\t $s7= \"WinInstaller.exe\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {57??69??6e??49??6e??73??74??61??6c??6c??65??72??2e??65??78??65??0a??} \n \t\t $hex7= {57??69??6e??64??6f??77??73??20??49??6e??73??74??61??6c??6c??65??72??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_6bb937d1a3d6fdce5108af79716b20b0c8a609763f10135d9a62314ced2a5fb8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660812, "indicator": "ea7bf48f422d6958ad0c97a5eeaebfc26c7368a8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_23e687a00f3cf28d58a7d4c0476c3d6c4b0c1eff82286b412164f2798caec1ff { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_23e687a00f3cf28d58a7d4c0476c3d6c4b0c1eff82286b412164f2798caec1ff Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"46c36c11238100e155f6d418332869ea\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_23e687a00f3cf28d58a7d4c0476c3d6c4b0c1eff82286b412164f2798caec1ff Group", "expiration": null, "is_active": 1 }, { "id": 2584657618, "indicator": "6a95860594cd8b7e3636bafa8f812e05359a64ca", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-30723", "description": "SHA1 of 6a4fbcfb44717eae2145c761c1c99b6a", "expiration": null, "is_active": 1 }, { "id": 2589323371, "indicator": "36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-30723", "description": "SHA256 of 6a4fbcfb44717eae2145c761c1c99b6a", "expiration": null, "is_active": 1 }, { "id": 3409660813, "indicator": "6e961d56b9b984a7ec600c41544b8d1c5f5f5105", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-30\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6a4fbcfb44717eae2145c761c1c99b6a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CREATE_MAILSLOT\" fullword wide \n \t\t $s2= \"CREATE_NAMED_PIPE\" fullword wide \n \t\t $s3= \"Devicemimikatz\" fullword wide \n \t\t $s4= \"DIRECTORY_CONTROL\" fullword wide \n \t\t $s5= \"DosDevicesmimikatz\" fullword wide \n \t\t $s6= \"FILE_SYSTEM_CONTROL\" fullword wide \n \t\t $s7= \"INTERNAL_DEVICE_CONTROL\" fullword wide \n \t\t $s8= \"kListNotifyImages\" fullword wide \n \t\t $s9= \"kListNotifyProcesses\" fullword wide \n \t\t $s10= \"kListNotifyRegistry\" fullword wide \n \t\t $s11= \"kListNotifyThreads\" fullword wide \n \t\t $s12= \"kMiniFiltersList\" fullword wide \n \t\t $s13= \"listMinifilters\" fullword wide \n \t\t $s14= \"listNotifImages\" fullword wide \n \t\t $s15= \"listNotifProcesses\" fullword wide \n \t\t $s16= \"listNotifRegistry\" fullword wide \n \t\t $s17= \"listNotifThreads\" fullword wide \n \t\t $s18= \"QUERY_INFORMATION\" fullword wide \n \t\t $s19= \"QUERY_VOLUME_INFORMATION\" fullword wide \n \t\t $s20= \"RtlQueryModuleInformation\" fullword wide \n \n \t\t $hex1= {43??52??45??41??54??45??5f??4d??41??49??4c??53??4c??4f??54??0a??} \n \t\t $hex2= {43??52??45??41??54??45??5f??4e??41??4d??45??44??5f??50??49??50??45??0a??} \n \t\t $hex3= {44??49??52??45??43??54??4f??52??59??5f??43??4f??4e??54??52??4f??4c??0a??} \n \t\t $hex4= {44??65??76??69??63??65??6d??69??6d??69??6b??61??74??7a??0a??} \n \t\t $hex5= {44??6f??73??44??65??76??69??63??65??73??6d??69??6d??69??6b??61??74??7a??0a??} \n \t\t $hex6= {46??49??4c??45??5f??53??59??53??54??45??4d??5f??43??4f??4e??54??52??4f??4c??0a??} \n \t\t $hex7= {49??4e??54??45??52??4e??41??4c??5f??44??45??56??49??43??45??5f??43??4f??4e??54??52??4f??4c??0a??} \n \t\t $hex8= {51??55??45??52??59??5f??49??4e??46??4f??52??4d??41??54??49??4f??4e??0a??} \n \t\t $hex9= {51??55??45??52??59??5f??56??4f??4c??55??4d??45??5f??49??4e??46??4f??52??4d??41??54??49??4f??4e??0a??} \n \t\t $hex10= {52??74??6c??51??75??65??72??79??4d??6f??64??75??6c??65??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex11= {6b??4c??69??73??74??4e??6f??74??69??66??79??49??6d??61??67??65??73??0a??} \n \t\t $hex12= {6b??4c??69??73??74??4e??6f??74??69??66??79??50??72??6f??63??65??73??73??65??73??0a??} \n \t\t $hex13= {6b??4c??69??73??74??4e??6f??74??69??66??79??52??65??67??69??73??74??72??79??0a??} \n \t\t $hex14= {6b??4c??69??73??74??4e??6f??74??69??66??79??54??68??72??65??61??64??73??0a??} \n \t\t $hex15= {6b??4d??69??6e??69??46??69??6c??74??65??72??73??4c??69??73??74??0a??} \n \t\t $hex16= {6c??69??73??74??4d??69??6e??69??66??69??6c??74??65??72??73??0a??} \n \t\t $hex17= {6c??69??73??74??4e??6f??74??69??66??49??6d??61??67??65??73??0a??} \n \t\t $hex18= {6c??69??73??74??4e??6f??74??69??66??50??72??6f??63??65??73??73??65??73??0a??} \n \t\t $hex19= {6c??69??73??74??4e??6f??74??69??66??52??65??67??69??73??74??72??79??0a??} \n \t\t $hex20= {6c??69??73??74??4e??6f??74??69??66??54??68??72??65??61??64??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_1_36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d Group", "expiration": null, "is_active": 1 }, { "id": 3409660814, "indicator": "45c15166ac554e8a78c941233e99dacd83260d94", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_a0a32295ef3ae57348820477dcea5c97d6daf1cc8d445eab3dc5a3289cc6a37b { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_a0a32295ef3ae57348820477dcea5c97d6daf1cc8d445eab3dc5a3289cc6a37b Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-26\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8f4863b4dfb52d8362c031d3720a6d97\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_a0a32295ef3ae57348820477dcea5c97d6daf1cc8d445eab3dc5a3289cc6a37b Group", "expiration": null, "is_active": 1 }, { "id": 2584655850, "indicator": "0fa4ec6540d7e8cbbc0a33bc9a7bcbcba7af4c7e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA1 of ef8e0fb20e7228c7492ccdc59d87c690", "expiration": null, "is_active": 1 }, { "id": 2589809564, "indicator": "b3d3fe54f71d41414232c342c37f539651ae3ee49ec2d47789cd2c71c6271b48", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA256 of ef8e0fb20e7228c7492ccdc59d87c690", "expiration": null, "is_active": 1 }, { "id": 3409660815, "indicator": "7f306e5345b5a7aa5a16b3c0745d97999918fa1b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_b3d3fe54f71d41414232c342c37f539651ae3ee49ec2d47789cd2c71c6271b48 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_b3d3fe54f71d41414232c342c37f539651ae3ee49ec2d47789cd2c71c6271b48 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ef8e0fb20e7228c7492ccdc59d87c690\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-0852)\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LanmanWorkstation\" fullword wide \n \t\t $s5= \"microsoft corp.\" fullword wide \n \t\t $s6= \"Microsoft Corporation\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"superhard corp.\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??30??38??35??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {6d??69??63??72??6f??73??6f??66??74??20??63??6f??72??70??2e??0a??} \n \t\t $hex9= {73??75??70??65??72??68??61??72??64??20??63??6f??72??70??2e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_b3d3fe54f71d41414232c342c37f539651ae3ee49ec2d47789cd2c71c6271b48 Group", "expiration": null, "is_active": 1 }, { "id": 3409660816, "indicator": "58928d5f5f5a670388773fbf32283513e1b65d85", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_751f34b13e526b2acc3a9a855bff71ff47131f7b1ac01b29f83c1ebe8a465f9a { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_751f34b13e526b2acc3a9a855bff71ff47131f7b1ac01b29f83c1ebe8a465f9a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-22\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"58b020fd3bc0d34e8c4eaf0a3f3135af\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_751f34b13e526b2acc3a9a855bff71ff47131f7b1ac01b29f83c1ebe8a465f9a Group", "expiration": null, "is_active": 1 }, { "id": 3409660817, "indicator": "6bdd172a30394ca7997d5090c7de19c8d2983272", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_93bd2bf8a2335dcc07d2a3fe19c956151e3ae07aa045d2d39379e519ddd67f49 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_93bd2bf8a2335dcc07d2a3fe19c956151e3ae07aa045d2d39379e519ddd67f49 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fc9d20d555a88fc827f3a2bfec4dfa36\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_93bd2bf8a2335dcc07d2a3fe19c956151e3ae07aa045d2d39379e519ddd67f49 Group", "expiration": null, "is_active": 1 }, { "id": 3409660818, "indicator": "82346b297e57f246a445892ff87b157d695210f0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ad58ace8fa83d04af57aad608b2aa1b629ce7bcd373934ab84fe608397061ddc { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ad58ace8fa83d04af57aad608b2aa1b629ce7bcd373934ab84fe608397061ddc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"31e5e58dbdfad05175613e795298ebb5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"jmsctls_progress32\" fullword wide \n \t\t $s2= \"li>\" fullword wide \n \t\t $s3= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s4= \"ProgramFilesDir\" fullword wide \n \t\t $s5= \"RarHtmlClassName\" fullword wide \n \t\t $s6= \"SeRestorePrivilege\" fullword wide \n \t\t $s7= \"SeSecurityPrivilege\" fullword wide \n \t\t $s8= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s9= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s10= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex2= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex3= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex4= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex5= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex6= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex7= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex8= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex9= {6c??69??3e??0a??} \n \t\t $hex10= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_1_ad58ace8fa83d04af57aad608b2aa1b629ce7bcd373934ab84fe608397061ddc Group", "expiration": null, "is_active": 1 }, { "id": 3409660819, "indicator": "3bc146773da8611926fd84381f92f5109fa00a33", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_527e57759cc5f5ff21643edbd6250acbe99421fb41c9c6aa9573e9e5fa417026 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_527e57759cc5f5ff21643edbd6250acbe99421fb41c9c6aa9573e9e5fa417026 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d262cb8267beb0e218f6d11d6af9052e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_527e57759cc5f5ff21643edbd6250acbe99421fb41c9c6aa9573e9e5fa417026 Group", "expiration": null, "is_active": 1 }, { "id": 2584656288, "indicator": "27011d2fc22e894bd8a48de03a82b64f0bdbbacb", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Mikatz", "description": "SHA1 of d8b7b276710127d233abcdb7313aac36\nSHA1 of d8b7b276710127d233abcdb7313aac36", "expiration": null, "is_active": 1 }, { "id": 2589443335, "indicator": "55a1612963fed3094e0c6817112dbdde5b2d24c2bc0d76e8435d0a5b108b9e57", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win64/Mikatz", "description": "SHA256 of d8b7b276710127d233abcdb7313aac36\nSHA256 of d8b7b276710127d233abcdb7313aac36", "expiration": null, "is_active": 1 }, { "id": 3409660820, "indicator": "78a751a804f66277fadf1bd930971763694ddeec", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_55a1612963fed3094e0c6817112dbdde5b2d24c2bc0d76e8435d0a5b108b9e57 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_55a1612963fed3094e0c6817112dbdde5b2d24c2bc0d76e8435d0a5b108b9e57 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-41-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d8b7b276710127d233abcdb7313aac36\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@Base Taille Module Path\" fullword wide \n \t\t $s2= \"CAPIPRIVATEBLOB\" fullword wide \n \t\t $s3= \"CERT_SYSTEM_STORE_CURRENT_SERVICE\" fullword wide \n \t\t $s4= \"CERT_SYSTEM_STORE_CURRENT_USER\" fullword wide \n \t\t $s5= \"CERT_SYSTEM_STORE_LOCAL_MACHINE\" fullword wide \n \t\t $s6= \"CERT_SYSTEM_STORE_SERVICES\" fullword wide \n \t\t $s7= \"CERT_SYSTEM_STORE_USERS\" fullword wide \n \t\t $s8= \"CONTINUE_PENDING\" fullword wide \n \t\t $s9= \"DisableRegistryTools\" fullword wide \n \t\t $s10= \"DOMAIN_CERTIFICATE\" fullword wide \n \t\t $s11= \"DOMAIN_EXTENDED\" fullword wide \n \t\t $s12= \"DOMAIN_PASSWORD\" fullword wide \n \t\t $s13= \"DOMAIN_VISIBLE_PASSWORD\" fullword wide \n \t\t $s14= \"ENABLED_BY_DEFAULT \" fullword wide \n \t\t $s15= \"es d'identification\" fullword wide \n \t\t $s16= \"exportCertificates\" fullword wide \n \t\t $s17= \"FileDescription\" fullword wide \n \t\t $s18= \"FILE_SYSTEM_DRIVER\" fullword wide \n \t\t $s19= \"ge AssignPrimaryToken\" fullword wide \n \t\t $s20= \"GENERIC_CERTIFICAT\" fullword wide \n \n \t\t $hex1= {40??42??61??73??65??20??54??61??69??6c??6c??65??20??4d??6f??64??75??6c??65??20??50??61??74??68??0a??} \n \t\t $hex2= {43??41??50??49??50??52??49??56??41??54??45??42??4c??4f??42??0a??} \n \t\t $hex3= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??53??45??52??56??} \n \t\t $hex4= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??} \n \t\t $hex5= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??} \n \t\t $hex6= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??53??45??52??56??49??43??45??53??0a??} \n \t\t $hex7= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??55??53??45??52??53??0a??} \n \t\t $hex8= {43??4f??4e??54??49??4e??55??45??5f??50??45??4e??44??49??4e??47??0a??} \n \t\t $hex9= {44??4f??4d??41??49??4e??5f??43??45??52??54??49??46??49??43??41??54??45??0a??} \n \t\t $hex10= {44??4f??4d??41??49??4e??5f??45??58??54??45??4e??44??45??44??0a??} \n \t\t $hex11= {44??4f??4d??41??49??4e??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex12= {44??4f??4d??41??49??4e??5f??56??49??53??49??42??4c??45??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex13= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??54??6f??6f??6c??73??0a??} \n \t\t $hex14= {45??4e??41??42??4c??45??44??5f??42??59??5f??44??45??46??41??55??4c??54??0a??} \n \t\t $hex15= {46??49??4c??45??5f??53??59??53??54??45??4d??5f??44??52??49??56??45??52??0a??} \n \t\t $hex16= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex17= {47??45??4e??45??52??49??43??5f??43??45??52??54??49??46??49??43??41??54??0a??} \n \t\t $hex18= {65??73??20??64??27??69??64??65??6e??74??69??66??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex19= {65??78??70??6f??72??74??43??65??72??74??69??66??69??63??61??74??65??73??0a??} \n \t\t $hex20= {67??65??20??41??73??73??69??67??6e??50??72??69??6d??61??72??79??54??6f??6b??65??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_1_55a1612963fed3094e0c6817112dbdde5b2d24c2bc0d76e8435d0a5b108b9e57 Group", "expiration": null, "is_active": 1 }, { "id": 3409660821, "indicator": "c5ea3ca6847b2d93e8334a794e36b67bd88a3212", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_c23f1d9c00300528aabfddc5d3afb6b7deee1aa07b5eccd0806153bae848aa69 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_c23f1d9c00300528aabfddc5d3afb6b7deee1aa07b5eccd0806153bae848aa69 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-40-51\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ea1b44094ae4d8e2b63a1771a3e61fd5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_1_c23f1d9c00300528aabfddc5d3afb6b7deee1aa07b5eccd0806153bae848aa69 Group", "expiration": null, "is_active": 1 }, { "id": 3409660822, "indicator": "e0e89f3e80e17bbde20c4c93dc9a2580bdf25a86", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_4b1a437fbe161b0f1dd4d9eca647b4b82f89e810f6eedef0c4f9176c89d0fea6 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_4b1a437fbe161b0f1dd4d9eca647b4b82f89e810f6eedef0c4f9176c89d0fea6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-40-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3364813bcbd111fc5ec1e4265c533506\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_4b1a437fbe161b0f1dd4d9eca647b4b82f89e810f6eedef0c4f9176c89d0fea6 Group", "expiration": null, "is_active": 1 }, { "id": 3409660823, "indicator": "72bc5cdac4ef690b1eca86ee4c7b0e0589ff93f6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_415a49754486b222b7a38355988c17fcbd671109020c67109aefca2f90d7ef41 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_415a49754486b222b7a38355988c17fcbd671109020c67109aefca2f90d7ef41 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-40-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"36cd49ad631e99125a3bb2786e405cea\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2.2d-%2.2d-%4.4d %2.2d:%2.2d\" fullword wide \n \t\t $s2= \"5.1.2600.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??32??2e??32??64??2d??25??32??2e??32??64??2d??25??34??2e??34??64??20??25??32??2e??32??64??3a??25??32??2e??32??64??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_415a49754486b222b7a38355988c17fcbd671109020c67109aefca2f90d7ef41 Group", "expiration": null, "is_active": 1 }, { "id": 3409660824, "indicator": "56a6b7328715773caf52e63830de88e5a49f8b6d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_f6b90315124d45c925812d043f5a98c8f9625449c312f22b3b64f5afc6dbf7ee { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_f6b90315124d45c925812d043f5a98c8f9625449c312f22b3b64f5afc6dbf7ee Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-40-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"341f5e7215826d07ada1ed2b96264c0d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_f6b90315124d45c925812d043f5a98c8f9625449c312f22b3b64f5afc6dbf7ee Group", "expiration": null, "is_active": 1 }, { "id": 3409660825, "indicator": "dccfd9b62b0e341f6b448adb3c205f73c99ac89d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_80607067fdcdffba9fa52c6da83bae7f164026811ba21d077e55b263d926591c { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_80607067fdcdffba9fa52c6da83bae7f164026811ba21d077e55b263d926591c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-40-10\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b1ff1ef983a1aee3a395788ec441d006\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_80607067fdcdffba9fa52c6da83bae7f164026811ba21d077e55b263d926591c Group", "expiration": null, "is_active": 1 }, { "id": 2584660425, "indicator": "fbb7d5ff90814ca6b5c50771eab325ca4bff54f0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA1 of f4f8067d501bfef385274912d2a833b5", "expiration": null, "is_active": 1 }, { "id": 2589767219, "indicator": "a4d70f2cf36a00e1985a1275020078c8c4fb472c478aea708cd271ee4163009a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Backdoor:Win32/Touasper.A", "description": "SHA256 of f4f8067d501bfef385274912d2a833b5", "expiration": null, "is_active": 1 }, { "id": 3409660883, "indicator": "11cbd0c57ddf478fe0d35a5f8098d8785605369e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_a4d70f2cf36a00e1985a1275020078c8c4fb472c478aea708cd271ee4163009a { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_a4d70f2cf36a00e1985a1275020078c8c4fb472c478aea708cd271ee4163009a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f4f8067d501bfef385274912d2a833b5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512 (xpsp.080413-0852)\" fullword wide \n \t\t $s2= \"%)+/5;=CGIOSYaegkmq\" fullword wide \n \t\t $s3= \"bmicrosoft corp.\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"LanmanWorkstation\" fullword wide \n \t\t $s6= \"Microsoft Corporation\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"superhard corp.\" fullword wide \n \t\t $s9= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??29??2b??2f??35??3b??3d??43??47??49??4f??53??59??61??65??67??6b??6d??71??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??30??38??35??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??61??6e??6d??61??6e??57??6f??72??6b??73??74??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {62??6d??69??63??72??6f??73??6f??66??74??20??63??6f??72??70??2e??0a??} \n \t\t $hex9= {73??75??70??65??72??68??61??72??64??20??63??6f??72??70??2e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_APT_1_a4d70f2cf36a00e1985a1275020078c8c4fb472c478aea708cd271ee4163009a Group", "expiration": null, "is_active": 1 }, { "id": 2584660279, "indicator": "f5acf072031748440ab4bb1434e528ac1e726834", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA1 of 8a86df3d382bfd1e4c4165f4cacfdff8", "expiration": null, "is_active": 1 }, { "id": 430172562, "indicator": "6c02de0a1d481f1baac0f4c36a05c8f4b4fa8ffd6164f297e115c86c754d594e", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Sluegot.C", "description": "SHA256 of 8a86df3d382bfd1e4c4165f4cacfdff8", "expiration": null, "is_active": 1 }, { "id": 3409660884, "indicator": "c7fc5722dad2a91feb73e7084e5028a99a113748", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_6c02de0a1d481f1baac0f4c36a05c8f4b4fa8ffd6164f297e115c86c754d594e { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_6c02de0a1d481f1baac0f4c36a05c8f4b4fa8ffd6164f297e115c86c754d594e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-49\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8a86df3d382bfd1e4c4165f4cacfdff8\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation.\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??2e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_6c02de0a1d481f1baac0f4c36a05c8f4b4fa8ffd6164f297e115c86c754d594e Group", "expiration": null, "is_active": 1 }, { "id": 3409660885, "indicator": "795afb21ae7ffbd4da77c3f9a829669f71b8b3d7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_5b2d2de9a95add2b71f3a9aa6c02fa56555b7d58270fd073384187f52b76a603 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_5b2d2de9a95add2b71f3a9aa6c02fa56555b7d58270fd073384187f52b76a603 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"39e28f48c138dc156d1436fd02222e45\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(xpsp.080413-2111)\" fullword wide \n \n \t\t $hex1= {28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??31??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_5b2d2de9a95add2b71f3a9aa6c02fa56555b7d58270fd073384187f52b76a603 Group", "expiration": null, "is_active": 1 }, { "id": 3409660886, "indicator": "4127b913acba410b00d91aa7a5fbf7a5b997a550", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_ffaf09da6b9f31e8da677c351f73a0f53e326ba2ff2e59ff47d9814931463cb8 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_ffaf09da6b9f31e8da677c351f73a0f53e326ba2ff2e59ff47d9814931463cb8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4e551abcd14506092a0f8d54a45f3569\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s9= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s10= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex8= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex9= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex10= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_APT_1_ffaf09da6b9f31e8da677c351f73a0f53e326ba2ff2e59ff47d9814931463cb8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660887, "indicator": "c19b996b4fd79a6ec356184fe8f4b8388b664abe", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_f6fb9f851ac2ad81a9f990a75a663bd6ddcebdcfe6a3b7346300b4ba47ed6757 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_f6fb9f851ac2ad81a9f990a75a663bd6ddcebdcfe6a3b7346300b4ba47ed6757 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cd2102c5db1ed828a9c196448c40af3e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_f6fb9f851ac2ad81a9f990a75a663bd6ddcebdcfe6a3b7346300b4ba47ed6757 Group", "expiration": null, "is_active": 1 }, { "id": 3409660888, "indicator": "9c912024e8eb0374548ec30cb16408f8dc2799ea", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_f6b5d52f3680c53839a1078e9a33ff6fa439af6cb9002cbbb227f3a3b831ed30 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_f6b5d52f3680c53839a1078e9a33ff6fa439af6cb9002cbbb227f3a3b831ed30 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-39-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"15244d2321faa3a271ff0b1e5a23148f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2.2d-%2.2d-%4.4d %2.2d:%2.2d\" fullword wide \n \t\t $s2= \"5.1.2601.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??32??2e??32??64??2d??25??32??2e??32??64??2d??25??34??2e??34??64??20??25??32??2e??32??64??3a??25??32??2e??32??64??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??31??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_f6b5d52f3680c53839a1078e9a33ff6fa439af6cb9002cbbb227f3a3b831ed30 Group", "expiration": null, "is_active": 1 }, { "id": 2584659094, "indicator": "b8ebe34384c9f68525d98c01b96f97ede4a7ae41", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA1 of 7a7a46e8fbc25a624d58e897dee04ffa\nSHA1 of 7a7a46e8fbc25a624d58e897dee04ffa", "expiration": null, "is_active": 1 }, { "id": 2589234789, "indicator": "048329f3ac884ee53ff6e7509fedce7e5f44939fe509e5fdda7b323db0990166", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Skeeyah", "description": "SHA256 of 7a7a46e8fbc25a624d58e897dee04ffa\nSHA256 of 7a7a46e8fbc25a624d58e897dee04ffa", "expiration": null, "is_active": 1 }, { "id": 3409660889, "indicator": "688810bb2e7c5917b4788ad83986fce88f368db8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_048329f3ac884ee53ff6e7509fedce7e5f44939fe509e5fdda7b323db0990166 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_048329f3ac884ee53ff6e7509fedce7e5f44939fe509e5fdda7b323db0990166 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7a7a46e8fbc25a624d58e897dee04ffa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"LegalTrademarks\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_048329f3ac884ee53ff6e7509fedce7e5f44939fe509e5fdda7b323db0990166 Group", "expiration": null, "is_active": 1 }, { "id": 3409660890, "indicator": "679f4f9f2f19e8e1931dcc4c4a7e728d5c94f364", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_dd5261df621077ed13be8741f748f61c5ed09bd04ca48526492fc0b559832184 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_dd5261df621077ed13be8741f748f61c5ed09bd04ca48526492fc0b559832184 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-44\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a99e06e2f90db4e506ef1347a8774dd5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(xpsp.080413-2111)\" fullword wide \n \n \t\t $hex1= {28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??31??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_dd5261df621077ed13be8741f748f61c5ed09bd04ca48526492fc0b559832184 Group", "expiration": null, "is_active": 1 }, { "id": 3409660910, "indicator": "090b710fac2930bedd081d2841de53db9299e64b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_cca3eee2650d20cf1bf50b76e7f97a3b0e26caff3af8546462c92f2e73d730f9 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_cca3eee2650d20cf1bf50b76e7f97a3b0e26caff3af8546462c92f2e73d730f9 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"37ddd3d72ead03c7518f5d47650c8572\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Microsoft Corporation\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"(xpsp.080413-2111)\" fullword wide \n \n \t\t $hex1= {28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??31??31??29??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_cca3eee2650d20cf1bf50b76e7f97a3b0e26caff3af8546462c92f2e73d730f9 Group", "expiration": null, "is_active": 1 }, { "id": 2584660297, "indicator": "f7348b1a88070d6225fa5ce737dae9433f559a5d", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win32/Mikatz!dha", "description": "SHA1 of 827040a5f5ae8de281a63899224b2f3a", "expiration": null, "is_active": 1 }, { "id": 431145506, "indicator": "92d24128a45f33bdca5f28eb0319668cb97fb2f8a7e7b72d70a3aa4c897a4975", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "HackTool:Win32/Mikatz!dha", "description": "SHA256 of 827040a5f5ae8de281a63899224b2f3a", "expiration": null, "is_active": 1 }, { "id": 3409660911, "indicator": "84af4820dcd9c9f12d2dbd55ca58c18315d3da2f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_92d24128a45f33bdca5f28eb0319668cb97fb2f8a7e7b72d70a3aa4c897a4975 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_92d24128a45f33bdca5f28eb0319668cb97fb2f8a7e7b72d70a3aa4c897a4975 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"827040a5f5ae8de281a63899224b2f3a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@Base Taille Module Path\" fullword wide \n \t\t $s2= \"CAPIPRIVATEBLOB\" fullword wide \n \t\t $s3= \"CERT_SYSTEM_STORE_CURRENT_SERVICE\" fullword wide \n \t\t $s4= \"CERT_SYSTEM_STORE_CURRENT_USER\" fullword wide \n \t\t $s5= \"CERT_SYSTEM_STORE_LOCAL_MACHINE\" fullword wide \n \t\t $s6= \"CERT_SYSTEM_STORE_SERVICES\" fullword wide \n \t\t $s7= \"CERT_SYSTEM_STORE_USERS\" fullword wide \n \t\t $s8= \"CONTINUE_PENDING\" fullword wide \n \t\t $s9= \"DisableRegistryTools\" fullword wide \n \t\t $s10= \"DOMAIN_CERTIFICATE\" fullword wide \n \t\t $s11= \"DOMAIN_EXTENDED\" fullword wide \n \t\t $s12= \"DOMAIN_PASSWORD\" fullword wide \n \t\t $s13= \"DOMAIN_VISIBLE_PASSWORD\" fullword wide \n \t\t $s14= \"ENABLED_BY_DEFAULT \" fullword wide \n \t\t $s15= \"es d'identification\" fullword wide \n \t\t $s16= \"exportCertificates\" fullword wide \n \t\t $s17= \"FileDescription\" fullword wide \n \t\t $s18= \"FILE_SYSTEM_DRIVER\" fullword wide \n \t\t $s19= \"ge AssignPrimaryToken\" fullword wide \n \t\t $s20= \"GENERIC_CERTIFICAT\" fullword wide \n \n \t\t $hex1= {40??42??61??73??65??20??54??61??69??6c??6c??65??20??4d??6f??64??75??6c??65??20??50??61??74??68??0a??} \n \t\t $hex2= {43??41??50??49??50??52??49??56??41??54??45??42??4c??4f??42??0a??} \n \t\t $hex3= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??53??45??52??56??} \n \t\t $hex4= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??} \n \t\t $hex5= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??} \n \t\t $hex6= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??53??45??52??56??49??43??45??53??0a??} \n \t\t $hex7= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??55??53??45??52??53??0a??} \n \t\t $hex8= {43??4f??4e??54??49??4e??55??45??5f??50??45??4e??44??49??4e??47??0a??} \n \t\t $hex9= {44??4f??4d??41??49??4e??5f??43??45??52??54??49??46??49??43??41??54??45??0a??} \n \t\t $hex10= {44??4f??4d??41??49??4e??5f??45??58??54??45??4e??44??45??44??0a??} \n \t\t $hex11= {44??4f??4d??41??49??4e??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex12= {44??4f??4d??41??49??4e??5f??56??49??53??49??42??4c??45??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex13= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??54??6f??6f??6c??73??0a??} \n \t\t $hex14= {45??4e??41??42??4c??45??44??5f??42??59??5f??44??45??46??41??55??4c??54??0a??} \n \t\t $hex15= {46??49??4c??45??5f??53??59??53??54??45??4d??5f??44??52??49??56??45??52??0a??} \n \t\t $hex16= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex17= {47??45??4e??45??52??49??43??5f??43??45??52??54??49??46??49??43??41??54??0a??} \n \t\t $hex18= {65??73??20??64??27??69??64??65??6e??74??69??66??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex19= {65??78??70??6f??72??74??43??65??72??74??69??66??69??63??61??74??65??73??0a??} \n \t\t $hex20= {67??65??20??41??73??73??69??67??6e??50??72??69??6d??61??72??79??54??6f??6b??65??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_1_92d24128a45f33bdca5f28eb0319668cb97fb2f8a7e7b72d70a3aa4c897a4975 Group", "expiration": null, "is_active": 1 }, { "id": 3409660912, "indicator": "58d2e1d123b44e8e07d47dd7663296c9642b657c", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_22ac3c11b2ac05981ede405380952aa481ad850b97da51605a7ee425e25c5c02 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_22ac3c11b2ac05981ede405380952aa481ad850b97da51605a7ee425e25c5c02 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d4ba6430996fb4021241efc97c607504\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"@Base Taille Module Path\" fullword wide \n \t\t $s2= \"CAPIPRIVATEBLOB\" fullword wide \n \t\t $s3= \"CERT_SYSTEM_STORE_CURRENT_SERVICE\" fullword wide \n \t\t $s4= \"CERT_SYSTEM_STORE_CURRENT_USER\" fullword wide \n \t\t $s5= \"CERT_SYSTEM_STORE_LOCAL_MACHINE\" fullword wide \n \t\t $s6= \"CERT_SYSTEM_STORE_SERVICES\" fullword wide \n \t\t $s7= \"CERT_SYSTEM_STORE_USERS\" fullword wide \n \t\t $s8= \"CONTINUE_PENDING\" fullword wide \n \t\t $s9= \"DisableRegistryTools\" fullword wide \n \t\t $s10= \"DOMAIN_CERTIFICATE\" fullword wide \n \t\t $s11= \"DOMAIN_EXTENDED\" fullword wide \n \t\t $s12= \"DOMAIN_PASSWORD\" fullword wide \n \t\t $s13= \"DOMAIN_VISIBLE_PASSWORD\" fullword wide \n \t\t $s14= \"ENABLED_BY_DEFAULT \" fullword wide \n \t\t $s15= \"es d'identification\" fullword wide \n \t\t $s16= \"exportCertificates\" fullword wide \n \t\t $s17= \"FileDescription\" fullword wide \n \t\t $s18= \"FILE_SYSTEM_DRIVER\" fullword wide \n \t\t $s19= \"ge AssignPrimaryToken\" fullword wide \n \t\t $s20= \"GENERIC_CERTIFICAT\" fullword wide \n \n \t\t $hex1= {40??42??61??73??65??20??54??61??69??6c??6c??65??20??4d??6f??64??75??6c??65??20??50??61??74??68??0a??} \n \t\t $hex2= {43??41??50??49??50??52??49??56??41??54??45??42??4c??4f??42??0a??} \n \t\t $hex3= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??53??45??52??56??} \n \t\t $hex4= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??43??55??52??52??45??4e??54??5f??55??53??45??52??} \n \t\t $hex5= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??4c??4f??43??41??4c??5f??4d??41??43??48??49??4e??} \n \t\t $hex6= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??53??45??52??56??49??43??45??53??0a??} \n \t\t $hex7= {43??45??52??54??5f??53??59??53??54??45??4d??5f??53??54??4f??52??45??5f??55??53??45??52??53??0a??} \n \t\t $hex8= {43??4f??4e??54??49??4e??55??45??5f??50??45??4e??44??49??4e??47??0a??} \n \t\t $hex9= {44??4f??4d??41??49??4e??5f??43??45??52??54??49??46??49??43??41??54??45??0a??} \n \t\t $hex10= {44??4f??4d??41??49??4e??5f??45??58??54??45??4e??44??45??44??0a??} \n \t\t $hex11= {44??4f??4d??41??49??4e??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex12= {44??4f??4d??41??49??4e??5f??56??49??53??49??42??4c??45??5f??50??41??53??53??57??4f??52??44??0a??} \n \t\t $hex13= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??54??6f??6f??6c??73??0a??} \n \t\t $hex14= {45??4e??41??42??4c??45??44??5f??42??59??5f??44??45??46??41??55??4c??54??0a??} \n \t\t $hex15= {46??49??4c??45??5f??53??59??53??54??45??4d??5f??44??52??49??56??45??52??0a??} \n \t\t $hex16= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex17= {47??45??4e??45??52??49??43??5f??43??45??52??54??49??46??49??43??41??54??0a??} \n \t\t $hex18= {65??73??20??64??27??69??64??65??6e??74??69??66??69??63??61??74??69??6f??6e??0a??} \n \t\t $hex19= {65??78??70??6f??72??74??43??65??72??74??69??66??69??63??61??74??65??73??0a??} \n \t\t $hex20= {67??65??20??41??73??73??69??67??6e??50??72??69??6d??61??72??79??54??6f??6b??65??6e??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_APT_1_22ac3c11b2ac05981ede405380952aa481ad850b97da51605a7ee425e25c5c02 Group", "expiration": null, "is_active": 1 }, { "id": 2584657835, "indicator": "76fa2552411430ad9312ecb8fc35e652ac5f6631", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Barkiofork!dha", "description": "SHA1 of 7acb0d1df51706536f33bbdb990041d3", "expiration": null, "is_active": 1 }, { "id": 427871008, "indicator": "1df3dfdd4acb25fd6bddd91121c5ee58c92460429e693f4bb8f0a86e7f94f886", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Barkiofork!dha", "description": "SHA256 of 7acb0d1df51706536f33bbdb990041d3", "expiration": null, "is_active": 1 }, { "id": 3409660913, "indicator": "629857932f9262926a4e5dada369378780b2455d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_1df3dfdd4acb25fd6bddd91121c5ee58c92460429e693f4bb8f0a86e7f94f886 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_1df3dfdd4acb25fd6bddd91121c5ee58c92460429e693f4bb8f0a86e7f94f886 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-16\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"7acb0d1df51706536f33bbdb990041d3\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2.2d-%2.2d-%4.4d %2.2d:%2.2d\" fullword wide \n \t\t $s2= \"5.1.2600.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??32??2e??32??64??2d??25??32??2e??32??64??2d??25??34??2e??34??64??20??25??32??2e??32??64??3a??25??32??2e??32??64??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_1df3dfdd4acb25fd6bddd91121c5ee58c92460429e693f4bb8f0a86e7f94f886 Group", "expiration": null, "is_active": 1 }, { "id": 3409660914, "indicator": "9a43b67389729dccb7b9871a62ca646da97571c1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_c9b2a0d55146b68ac4480a5d1f3fed19aa2ca271d184b0d5802ba39793d9f299 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_c9b2a0d55146b68ac4480a5d1f3fed19aa2ca271d184b0d5802ba39793d9f299 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d7796209412da17b2ee2ccf2309b4abf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%2.2d-%2.2d-%4.4d %2.2d:%2.2d\" fullword wide \n \t\t $s2= \"5.1.2600.5512 (xpsp.080413-2105)\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"Microsoft Corporation\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {25??32??2e??32??64??2d??25??32??2e??32??64??2d??25??34??2e??34??64??20??25??32??2e??32??64??3a??25??32??2e??32??64??0a??} \n \t\t $hex2= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??20??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_APT_1_c9b2a0d55146b68ac4480a5d1f3fed19aa2ca271d184b0d5802ba39793d9f299 Group", "expiration": null, "is_active": 1 }, { "id": 3409660915, "indicator": "5bccdc84d9ba65f5a5cc80ea6a5e04bb201b9cd2", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_5b6ab65db84b4db5e8f249df55cae039839e3c73d1a00fef54d63d532db93ac2 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_5b6ab65db84b4db5e8f249df55cae039839e3c73d1a00fef54d63d532db93ac2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-38-02\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fe8ff84a23feb673a59d8571575fee0b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Automatic Updates\" fullword wide \n \t\t $s2= \"COPY Copy file\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??75??74??6f??6d??61??74??69??63??20??55??70??64??61??74??65??73??0a??} \n \t\t $hex2= {43??4f??50??59??20??43??6f??70??79??20??66??69??6c??65??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_APT_1_5b6ab65db84b4db5e8f249df55cae039839e3c73d1a00fef54d63d532db93ac2 Group", "expiration": null, "is_active": 1 }, { "id": 3409660916, "indicator": "87dc3db3f5a4a4bd11514779496145623a93d78d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_3afdf6103f65bac8a75c614ca61d6f99697dd58116e53281bb4f4f79fefb8bf0 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_3afdf6103f65bac8a75c614ca61d6f99697dd58116e53281bb4f4f79fefb8bf0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cc17fe9f2d254ad28d050bf5c1df983d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"5.1.2600.5512(xpsp.080413-2108)\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"Microsoft Corporation\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {35??2e??31??2e??32??36??30??30??2e??35??35??31??32??28??78??70??73??70??2e??30??38??30??34??31??33??2d??32??31??30??38??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_APT_1_3afdf6103f65bac8a75c614ca61d6f99697dd58116e53281bb4f4f79fefb8bf0 Group", "expiration": null, "is_active": 1 }, { "id": 2584657441, "indicator": "61796e8d48d366269430054c4e3aeb2bbbec9d29", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "WinRAR_SFX", "description": "SHA1 of e476e4a24f8b4ff4c8a0b260aa35fc9f", "expiration": null, "is_active": 1 }, { "id": 2589615164, "indicator": "8202efa793dbb7fca2922810ccf24f6baced4a7f57f7fc475c95b75b70a68838", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "WinRAR_SFX", "description": "SHA256 of e476e4a24f8b4ff4c8a0b260aa35fc9f", "expiration": null, "is_active": 1 }, { "id": 3409660917, "indicator": "71407a6ea68a93b36ece388c0f2d3796419b5211", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_APT_1_8202efa793dbb7fca2922810ccf24f6baced4a7f57f7fc475c95b75b70a68838 { \n \tmeta: \n \t\t description= \"APTMalware_APT_1_8202efa793dbb7fca2922810ccf24f6baced4a7f57f7fc475c95b75b70a68838 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"e476e4a24f8b4ff4c8a0b260aa35fc9f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"&Destination folder\" fullword wide \n \t\t $s2= \"Extraction progress\" fullword wide \n \t\t $s3= \"Installation progress\" fullword wide \n \t\t $s4= \"jmsctls_progress32\" fullword wide \n \t\t $s5= \"LICENSEDLG RENAMEDLG\" fullword wide \n \t\t $s6= \"ProgramFilesDir\" fullword wide \n \t\t $s7= \"RarHtmlClassName\" fullword wide \n \t\t $s8= \"SeRestorePrivilege\" fullword wide \n \t\t $s9= \"SeSecurityPrivilege\" fullword wide \n \t\t $s10= \"SoftwareWinRAR SFX\" fullword wide \n \t\t $s11= \"__tmp_rar_sfx_access_check_%u\" fullword wide \n \t\t $s12= \"winrarsfxmappingfile.tmp\" fullword wide \n \n \t\t $hex1= {26??44??65??73??74??69??6e??61??74??69??6f??6e??20??66??6f??6c??64??65??72??0a??} \n \t\t $hex2= {45??78??74??72??61??63??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex3= {49??6e??73??74??61??6c??6c??61??74??69??6f??6e??20??70??72??6f??67??72??65??73??73??0a??} \n \t\t $hex4= {4c??49??43??45??4e??53??45??44??4c??47??20??52??45??4e??41??4d??45??44??4c??47??0a??} \n \t\t $hex5= {50??72??6f??67??72??61??6d??46??69??6c??65??73??44??69??72??0a??} \n \t\t $hex6= {52??61??72??48??74??6d??6c??43??6c??61??73??73??4e??61??6d??65??0a??} \n \t\t $hex7= {53??65??52??65??73??74??6f??72??65??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex8= {53??65??53??65??63??75??72??69??74??79??50??72??69??76??69??6c??65??67??65??0a??} \n \t\t $hex9= {53??6f??66??74??77??61??72??65??57??69??6e??52??41??52??20??53??46??58??0a??} \n \t\t $hex10= {5f??5f??74??6d??70??5f??72??61??72??5f??73??66??78??5f??61??63??63??65??73??73??5f??63??68??65??63??6b??5f??25??75??0a??} \n \t\t $hex11= {6a??6d??73??63??74??6c??73??5f??70??72??6f??67??72??65??73??73??33??32??0a??} \n \t\t $hex12= {77??69??6e??72??61??72??73??66??78??6d??61??70??70??69??6e??67??66??69??6c??65??2e??74??6d??70??0a??} \n \n \tcondition: \n \t\t13 of them \n }", "title": "", "description": "APTMalware_APT_1_8202efa793dbb7fca2922810ccf24f6baced4a7f57f7fc475c95b75b70a68838 Group", "expiration": null, "is_active": 1 }, { "id": 3409660918, "indicator": "5869475c0443c596a34079489e6772d7ec19c3ee", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"01acef7885819f372377801f7095ec66\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DocumentSummaryInformation\" fullword wide \n \t\t $s2= \"Explanatory Text\" fullword wide \n \t\t $s3= \"SummaryInformation\" fullword wide \n \t\t $s4= \"TableStyleMedium2PivotStyleMedium9\" fullword wide \n \t\t $s5= \"_VBA_PROJECT_CUR\" fullword wide \n \n \t\t $hex1= {44??6f??63??75??6d??65??6e??74??53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex2= {45??78??70??6c??61??6e??61??74??6f??72??79??20??54??65??78??74??0a??} \n \t\t $hex3= {53??75??6d??6d??61??72??79??49??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex4= {54??61??62??6c??65??53??74??79??6c??65??4d??65??64??69??75??6d??32??50??69??76??6f??74??53??74??79??6c??65??4d??65??64??} \n \t\t $hex5= {5f??56??42??41??5f??50??52??4f??4a??45??43??54??5f??43??55??52??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_257219aff0dc096c6ed2f677f0d1a4903b7b46de843612062e3fc4e6b80d7f1c Group", "expiration": null, "is_active": 1 }, { "id": 3409660919, "indicator": "01495f6cc56c61d34f1bc8d9418134d6d941bcd9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-31\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bc7b77e4a6946b1b95c1d49f6631a126\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"COVOEMUEOXZONEZEVCCCEMOERRX\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"FileDescripti}z\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {43??4f??56??4f??45??4d??55??45??4f??58??5a??4f??4e??45??5a??45??56??43??43??43??45??4d??4f??45??52??52??58??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??7d??7a??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c8e3e4f8127af5b89fa9d92a09eede83a6b39b028461632d8970a2b94dbbb73c Group", "expiration": null, "is_active": 1 }, { "id": 3409660920, "indicator": "93935d9df08eaa8f4eb0e0c7de79f6a6ea2a0b27", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "MSIL:GenMalicious-LB\\ [Trj]", "description": "SHA1 of a70b547506888862bc2ab8dc84b73e15", "expiration": null, "is_active": 1 }, { "id": 1386572940, "indicator": "e4a2daa8913ec60c0155f635d0633de9423a2b11a03f5ce8e992cf56cfa3d0f6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "MSIL:GenMalicious-LB\\ [Trj]", "description": "SHA256 of a70b547506888862bc2ab8dc84b73e15", "expiration": null, "is_active": 1 }, { "id": 3409660921, "indicator": "d4107dd554964e15cf09b424dfc3141d418486e5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_e4a2daa8913ec60c0155f635d0633de9423a2b11a03f5ce8e992cf56cfa3d0f6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e4a2daa8913ec60c0155f635d0633de9423a2b11a03f5ce8e992cf56cfa3d0f6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a70b547506888862bc2ab8dc84b73e15\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"35828137-254d-fa\" fullword wide \n \t\t $s2= \"4819af83-95a8-ef0\" fullword wide \n \t\t $s3= \"4819af83-95a8-ef1\" fullword wide \n \t\t $s4= \"4819af83-95a8-ef10\" fullword wide \n \t\t $s5= \"4819af83-95a8-ef11\" fullword wide \n \t\t $s6= \"4819af83-95a8-ef12\" fullword wide \n \t\t $s7= \"4819af83-95a8-ef13\" fullword wide \n \t\t $s8= \"4819af83-95a8-ef14\" fullword wide \n \t\t $s9= \"4819af83-95a8-ef15\" fullword wide \n \t\t $s10= \"4819af83-95a8-ef16\" fullword wide \n \t\t $s11= \"4819af83-95a8-ef17\" fullword wide \n \t\t $s12= \"4819af83-95a8-ef18\" fullword wide \n \t\t $s13= \"4819af83-95a8-ef19\" fullword wide \n \t\t $s14= \"4819af83-95a8-ef2\" fullword wide \n \t\t $s15= \"4819af83-95a8-ef20\" fullword wide \n \t\t $s16= \"4819af83-95a8-ef21\" fullword wide \n \t\t $s17= \"4819af83-95a8-ef22\" fullword wide \n \t\t $s18= \"4819af83-95a8-ef23\" fullword wide \n \t\t $s19= \"4819af83-95a8-ef24\" fullword wide \n \t\t $s20= \"4819af83-95a8-ef25\" fullword wide \n \n \t\t $hex1= {33??35??38??32??38??31??33??37??2d??32??35??34??64??2d??66??61??0a??} \n \t\t $hex2= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??30??0a??} \n \t\t $hex3= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??0a??} \n \t\t $hex4= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??30??0a??} \n \t\t $hex5= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??31??0a??} \n \t\t $hex6= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??32??0a??} \n \t\t $hex7= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??33??0a??} \n \t\t $hex8= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??34??0a??} \n \t\t $hex9= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??35??0a??} \n \t\t $hex10= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??36??0a??} \n \t\t $hex11= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??37??0a??} \n \t\t $hex12= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??38??0a??} \n \t\t $hex13= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??31??39??0a??} \n \t\t $hex14= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??0a??} \n \t\t $hex15= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??30??0a??} \n \t\t $hex16= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??31??0a??} \n \t\t $hex17= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??32??0a??} \n \t\t $hex18= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??33??0a??} \n \t\t $hex19= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??34??0a??} \n \t\t $hex20= {34??38??31??39??61??66??38??33??2d??39??35??61??38??2d??65??66??32??35??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e4a2daa8913ec60c0155f635d0633de9423a2b11a03f5ce8e992cf56cfa3d0f6 Group", "expiration": null, "is_active": 1 }, { "id": 3409660922, "indicator": "f4966d11993b5d9ca0f13405040880e531d3e413", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_4b05c18243e17e91584d538cb144dbac085dee43153ac5c66ff681dd7b0fbda8 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4b05c18243e17e91584d538cb144dbac085dee43153ac5c66ff681dd7b0fbda8 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-37-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"30fd06fb1cd1c0471294a9666ed401a1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"Button Highlight\" fullword wide \n \t\t $s5= \"DBN_EDIT DBN_FIRST\" fullword wide \n \t\t $s6= \"DBN_POST DBN_PRIOR\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Enhanced Metafiles\" fullword wide \n \t\t $s9= \"Highlight Background\" fullword wide \n \t\t $s10= \"Inactive Border\" fullword wide \n \t\t $s11= \"Inactive Caption\" fullword wide \n \t\t $s12= \"Integer overflow\" fullword wide \n \t\t $s13= \"Invalid argument\" fullword wide \n \t\t $s14= \"Invalid filename\" fullword wide \n \t\t $s15= \"Invalid ImageList\" fullword wide \n \t\t $s16= \"TPASSWORDDIALOG\" fullword wide \n \t\t $s17= \"Tuesday Wednesday\" fullword wide \n \t\t $s18= \"Variant overflow\" fullword wide \n \t\t $s19= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex5= {44??42??4e??5f??45??44??49??54??20??44??42??4e??5f??46??49??52??53??54??0a??} \n \t\t $hex6= {44??42??4e??5f??50??4f??53??54??20??44??42??4e??5f??50??52??49??4f??52??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex9= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex12= {49??6e??74??65??67??65??72??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {54??50??41??53??53??57??4f??52??44??44??49??41??4c??4f??47??0a??} \n \t\t $hex17= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex18= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex19= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4b05c18243e17e91584d538cb144dbac085dee43153ac5c66ff681dd7b0fbda8 Group", "expiration": null, "is_active": 1 }, { "id": 3409660923, "indicator": "f78bc3f84ccdd1330c9af5bc8e2f697221148066", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of f0153996f8566457edcdd269320db3c4", "expiration": null, "is_active": 1 }, { "id": 1386573002, "indicator": "ee1d34ecee777c5ad15c7dec46aac0e7c5ca19a58d83460102685448d48035f5", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of f0153996f8566457edcdd269320db3c4", "expiration": null, "is_active": 1 }, { "id": 3409660924, "indicator": "c1e249e49ed7b8b6fcf3c2b20e51934b6cf71ddc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_ee1d34ecee777c5ad15c7dec46aac0e7c5ca19a58d83460102685448d48035f5 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ee1d34ecee777c5ad15c7dec46aac0e7c5ca19a58d83460102685448d48035f5 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0153996f8566457edcdd269320db3c4\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"FileDescription\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Info Background\" fullword wide \n \t\t $s12= \"Invalid argument\" fullword wide \n \t\t $s13= \"Invalid argument.\" fullword wide \n \t\t $s14= \"Invalid filename\" fullword wide \n \t\t $s15= \"Invalid ImageList\" fullword wide \n \t\t $s16= \"Oracle Corporation\" fullword wide \n \t\t $s17= \"OriginalFilename\" fullword wide \n \t\t $s18= \"Tuesday Wednesday\" fullword wide \n \t\t $s19= \"Variant overflow\" fullword wide \n \t\t $s20= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??66??6f??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {4f??72??61??63??6c??65??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex17= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex18= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex19= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex20= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ee1d34ecee777c5ad15c7dec46aac0e7c5ca19a58d83460102685448d48035f5 Group", "expiration": null, "is_active": 1 }, { "id": 3409660925, "indicator": "3b4a0b1df2ce33cfa15dae90ce85107e620fe537", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_81b9f8fa95f22536fa856a224834a4b8043874793b0cd7f32670f6b9901242e0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_81b9f8fa95f22536fa856a224834a4b8043874793b0cd7f32670f6b9901242e0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-37\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"26f89718dd0ac7af779ccf423aeee5a2\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_81b9f8fa95f22536fa856a224834a4b8043874793b0cd7f32670f6b9901242e0 Group", "expiration": null, "is_active": 1 }, { "id": 1220914869, "indicator": "7f899743f57d26e0415d082c8227301afd1fc033", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA1 of dc6c3ba6de46fb9f83ddec935a606ba6", "expiration": null, "is_active": 1 }, { "id": 1220914862, "indicator": "e1b6f1c7b0786d3f383eb23390ea3344c5608d9529b40f44f3b15b85a968e1bb", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Skeeyah.A!bit", "description": "SHA256 of dc6c3ba6de46fb9f83ddec935a606ba6", "expiration": null, "is_active": 1 }, { "id": 3409660926, "indicator": "4636b119099cfd4ae1d0b3834adf80786c934e13", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_e1b6f1c7b0786d3f383eb23390ea3344c5608d9529b40f44f3b15b85a968e1bb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e1b6f1c7b0786d3f383eb23390ea3344c5608d9529b40f44f3b15b85a968e1bb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"dc6c3ba6de46fb9f83ddec935a606ba6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Menu Background\" fullword wide \n \t\t $s15= \"Tuesday Wednesday\" fullword wide \n \t\t $s16= \"Variant overflow\" fullword wide \n \t\t $s17= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {4d??65??6e??75??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex15= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex16= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex17= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e1b6f1c7b0786d3f383eb23390ea3344c5608d9529b40f44f3b15b85a968e1bb Group", "expiration": null, "is_active": 1 }, { "id": 3409660927, "indicator": "2c8a1e7b8316eb1626b1c386f5cce9a3616ee2d7", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"d7fedad434c8b6a9d112896006a072a0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DisableRegistry\" fullword wide \n \t\t $s2= \"DisableRegistryTools\" fullword wide \n \t\t $s3= \"DisableTaskManager\" fullword wide \n \t\t $s4= \"EnableTaskManager\" fullword wide \n \t\t $s5= \"process explorer\" fullword wide \n \t\t $s6= \"restartcomputer\" fullword wide \n \t\t $s7= \"shutdowncomputer\" fullword wide \n \n \t\t $hex1= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??0a??} \n \t\t $hex2= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??54??6f??6f??6c??73??0a??} \n \t\t $hex3= {44??69??73??61??62??6c??65??54??61??73??6b??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex4= {45??6e??61??62??6c??65??54??61??73??6b??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex5= {70??72??6f??63??65??73??73??20??65??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex6= {72??65??73??74??61??72??74??63??6f??6d??70??75??74??65??72??0a??} \n \t\t $hex7= {73??68??75??74??64??6f??77??6e??63??6f??6d??70??75??74??65??72??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_822ac77de47d345d09da7c2a93916bb251710bfe61b2ec179564f09bcb5ea6cb Group", "expiration": null, "is_active": 1 }, { "id": 3409660928, "indicator": "ebd586a4edd529f7ec61a8e93a6928754e3c3644", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of f0a6ab4839f4dd44ffd75dbe9293424f\nSHA1 of f0a6ab4839f4dd44ffd75dbe9293424f", "expiration": null, "is_active": 1 }, { "id": 1386399285, "indicator": "4c6e3d8fdb2394edffe4a5bc45a238749e929301efa8bcfa3a247b1ab68eac54", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of f0a6ab4839f4dd44ffd75dbe9293424f\nSHA256 of f0a6ab4839f4dd44ffd75dbe9293424f", "expiration": null, "is_active": 1 }, { "id": 3409660929, "indicator": "3a7afb0afcc1030b66639fb0234fe1c0d969bf24", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_4c6e3d8fdb2394edffe4a5bc45a238749e929301efa8bcfa3a247b1ab68eac54 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4c6e3d8fdb2394edffe4a5bc45a238749e929301efa8bcfa3a247b1ab68eac54 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-07\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0a6ab4839f4dd44ffd75dbe9293424f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Inactive Border\" fullword wide \n \t\t $s9= \"Inactive Caption\" fullword wide \n \t\t $s10= \"Invalid argument\" fullword wide \n \t\t $s11= \"Invalid filename\" fullword wide \n \t\t $s12= \"Invalid ImageList\" fullword wide \n \t\t $s13= \"Tuesday Wednesday\" fullword wide \n \t\t $s14= \"Variant overflow\" fullword wide \n \t\t $s15= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex14= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex15= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4c6e3d8fdb2394edffe4a5bc45a238749e929301efa8bcfa3a247b1ab68eac54 Group", "expiration": null, "is_active": 1 }, { "id": 3409660930, "indicator": "089fc778dba1755698223eb633c3a1e7a912bee0", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-6572411-0", "description": "SHA1 of a36089092d4acb9f848160327dc906fb", "expiration": null, "is_active": 1 }, { "id": 1386572722, "indicator": "b44da3408ce13004bf2fee28d6c173c0c53de9dd7fd9fb96317568e9db52d150", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Agent-6572411-0", "description": "SHA256 of a36089092d4acb9f848160327dc906fb", "expiration": null, "is_active": 1 }, { "id": 3409660931, "indicator": "420f69ecc3b74aec9d39317ea0e5838f24a6b95d", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_b44da3408ce13004bf2fee28d6c173c0c53de9dd7fd9fb96317568e9db52d150 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b44da3408ce13004bf2fee28d6c173c0c53de9dd7fd9fb96317568e9db52d150 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-36-05\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a36089092d4acb9f848160327dc906fb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b44da3408ce13004bf2fee28d6c173c0c53de9dd7fd9fb96317568e9db52d150 Group", "expiration": null, "is_active": 1 }, { "id": 3409660932, "indicator": "6ec528493c81e04e9eee903869421e95a2ece477", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_47c2d38e081abc652067262d0dec41cdf29b880d425fb6affd06c2a3ec5ed2fd { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_47c2d38e081abc652067262d0dec41cdf29b880d425fb6affd06c2a3ec5ed2fd Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-35-59\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1ed381e278bd1f74fe6124353907ce96\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"$#%#&#'#(#)#*#+*,#-#.#0/1/2/3/4/5/\" fullword wide \n \t\t $s2= \"Assembly Version\" fullword wide \n \t\t $s3= \"c774aa03-929c-b40\" fullword wide \n \t\t $s4= \"c774aa03-929c-b41\" fullword wide \n \t\t $s5= \"c774aa03-929c-b410\" fullword wide \n \t\t $s6= \"c774aa03-929c-b411\" fullword wide \n \t\t $s7= \"c774aa03-929c-b412\" fullword wide \n \t\t $s8= \"c774aa03-929c-b413\" fullword wide \n \t\t $s9= \"c774aa03-929c-b414\" fullword wide \n \t\t $s10= \"c774aa03-929c-b42\" fullword wide \n \t\t $s11= \"c774aa03-929c-b43\" fullword wide \n \t\t $s12= \"c774aa03-929c-b44\" fullword wide \n \t\t $s13= \"c774aa03-929c-b45\" fullword wide \n \t\t $s14= \"c774aa03-929c-b46\" fullword wide \n \t\t $s15= \"c774aa03-929c-b47\" fullword wide \n \t\t $s16= \"c774aa03-929c-b48\" fullword wide \n \t\t $s17= \"c774aa03-929c-b49\" fullword wide \n \t\t $s18= \"fdabda0d-312e-08\" fullword wide \n \t\t $s19= \"FileDescription\" fullword wide \n \t\t $s20= \"LegalTrademarks\" fullword wide \n \n \t\t $hex1= {24??23??25??23??26??23??27??23??28??23??29??23??2a??23??2b??2a??2c??23??2d??23??2e??23??30??2f??31??2f??32??2f??33??2f??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??30??0a??} \n \t\t $hex6= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??0a??} \n \t\t $hex7= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??30??0a??} \n \t\t $hex8= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??31??0a??} \n \t\t $hex9= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??32??0a??} \n \t\t $hex10= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??33??0a??} \n \t\t $hex11= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??31??34??0a??} \n \t\t $hex12= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??32??0a??} \n \t\t $hex13= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??33??0a??} \n \t\t $hex14= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??34??0a??} \n \t\t $hex15= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??35??0a??} \n \t\t $hex16= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??36??0a??} \n \t\t $hex17= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??37??0a??} \n \t\t $hex18= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??38??0a??} \n \t\t $hex19= {63??37??37??34??61??61??30??33??2d??39??32??39??63??2d??62??34??39??0a??} \n \t\t $hex20= {66??64??61??62??64??61??30??64??2d??33??31??32??65??2d??30??38??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_47c2d38e081abc652067262d0dec41cdf29b880d425fb6affd06c2a3ec5ed2fd Group", "expiration": null, "is_active": 1 }, { "id": 3409660933, "indicator": "efe43229dd505d4cffe875eac278dfada124c408", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA1 of 664e48fcd0df81f9971482d05d0d5da6", "expiration": null, "is_active": 1 }, { "id": 1386572859, "indicator": "d308a0fbc40017b691193b4e01315fa23932f4a8f2bd7b21883695930b25b734", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA256 of 664e48fcd0df81f9971482d05d0d5da6", "expiration": null, "is_active": 1 }, { "id": 3409660934, "indicator": "6ecd17d29a330845952a85235442b6b1f16271c0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_d308a0fbc40017b691193b4e01315fa23932f4a8f2bd7b21883695930b25b734 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d308a0fbc40017b691193b4e01315fa23932f4a8f2bd7b21883695930b25b734 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-35-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"664e48fcd0df81f9971482d05d0d5da6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"C*C8CFCTCbCpC~C\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Enhanced Metafiles\" fullword wide \n \t\t $s9= \"Highlight Background\" fullword wide \n \t\t $s10= \"Inactive Border\" fullword wide \n \t\t $s11= \"Inactive Caption\" fullword wide \n \t\t $s12= \"Invalid argument\" fullword wide \n \t\t $s13= \"Invalid argument.\" fullword wide \n \t\t $s14= \"Invalid filename\" fullword wide \n \t\t $s15= \"Invalid ImageList\" fullword wide \n \t\t $s16= \"Tuesday Wednesday\" fullword wide \n \t\t $s17= \"Variant overflow\" fullword wide \n \t\t $s18= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {43??2a??43??38??43??46??43??54??43??62??43??70??43??7e??43??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex9= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex17= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex18= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t20 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d308a0fbc40017b691193b4e01315fa23932f4a8f2bd7b21883695930b25b734 Group", "expiration": null, "is_active": 1 }, { "id": 3409660935, "indicator": "6ae0a72057405b6b55c91596b7b83cbd4a02b4d0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-34-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"83401e92df749f28fc1ba09297c42a0d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_53483cac73b9aeb9985d4408226eb1ef031b8b882df8d8a3872308d33d3be705 Group", "expiration": null, "is_active": 1 }, { "id": 3409660936, "indicator": "595f9fe26b1f1ed95c129b9774534ae26736edae", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of 38922c07375c89b273826f06ae07eacf", "expiration": null, "is_active": 1 }, { "id": 1386572128, "indicator": "2546e3120e60789758d1b6d14fdff6b32a6e8bc37de9317769f47a8ed5b9e918", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of 38922c07375c89b273826f06ae07eacf", "expiration": null, "is_active": 1 }, { "id": 3409660987, "indicator": "312a5643dbfa292e0705699344dae2ac2615cf79", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_2546e3120e60789758d1b6d14fdff6b32a6e8bc37de9317769f47a8ed5b9e918 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_2546e3120e60789758d1b6d14fdff6b32a6e8bc37de9317769f47a8ed5b9e918 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-34-53\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"38922c07375c89b273826f06ae07eacf\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Already connected.\" fullword wide \n \t\t $s3= \"Application Workspace\" fullword wide \n \t\t $s4= \"Assertion failed\" fullword wide \n \t\t $s5= \"August September\" fullword wide \n \t\t $s6= \"Button Highlight\" fullword wide \n \t\t $s7= \"Connection refused.\" fullword wide \n \t\t $s8= \"Default Gray Text\" fullword wide \n \t\t $s9= \"Highlight Background\" fullword wide \n \t\t $s10= \"Host unreachable.\" fullword wide \n \t\t $s11= \"Inactive Border\" fullword wide \n \t\t $s12= \"Inactive Caption\" fullword wide \n \t\t $s13= \"Invalid argument\" fullword wide \n \t\t $s14= \"Invalid argument.\" fullword wide \n \t\t $s15= \"Invalid filename\" fullword wide \n \t\t $s16= \"Invalid ImageList\" fullword wide \n \t\t $s17= \"Network unreachable.\" fullword wide \n \t\t $s18= \"Tuesday Wednesday\" fullword wide \n \t\t $s19= \"Variant overflow\" fullword wide \n \t\t $s20= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??6c??72??65??61??64??79??20??63??6f??6e??6e??65??63??74??65??64??2e??0a??} \n \t\t $hex3= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex4= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex5= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex6= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex7= {43??6f??6e??6e??65??63??74??69??6f??6e??20??72??65??66??75??73??65??64??2e??0a??} \n \t\t $hex8= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex9= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex10= {48??6f??73??74??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex12= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex16= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex17= {4e??65??74??77??6f??72??6b??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex18= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex19= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex20= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_2546e3120e60789758d1b6d14fdff6b32a6e8bc37de9317769f47a8ed5b9e918 Group", "expiration": null, "is_active": 1 }, { "id": 3409660988, "indicator": "4eb8068ec34f20264695f8fa22c83b0f3d9d9d2c", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Malware.Fareit-6626679-0", "description": "SHA1 of 74dcb7ba2cd0d1265bcd0c2853b23af9", "expiration": null, "is_active": 1 }, { "id": 1386572924, "indicator": "e2036815b96261d674aaaca304727ebdd67b2f7e5c99de828899c8e5ed7f5857", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Malware.Fareit-6626679-0", "description": "SHA256 of 74dcb7ba2cd0d1265bcd0c2853b23af9", "expiration": null, "is_active": 1 }, { "id": 3409660989, "indicator": "d5dece4106e1628a8c6334bd81c8df2fbd2cff4e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_e2036815b96261d674aaaca304727ebdd67b2f7e5c99de828899c8e5ed7f5857 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e2036815b96261d674aaaca304727ebdd67b2f7e5c99de828899c8e5ed7f5857 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-33-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"74dcb7ba2cd0d1265bcd0c2853b23af9\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"KAMStuDIO troUp\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"sourcefIRE, cNC.\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4b??41??4d??53??74??75??44??49??4f??20??74??72??6f??55??70??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {73??6f??75??72??63??65??66??49??52??45??2c??20??63??4e??43??2e??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e2036815b96261d674aaaca304727ebdd67b2f7e5c99de828899c8e5ed7f5857 Group", "expiration": null, "is_active": 1 }, { "id": 889390679, "indicator": "5c6f932d6774a026bb6785b284571110ce89f499", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA1 of a497aa958cc456a6dbf599ea76f897c1", "expiration": null, "is_active": 1 }, { "id": 889391679, "indicator": "b85e9ccc9a6f00beba918e9320cd5de5cca16b89d4db54cf6377d715bd70bb3a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA256 of a497aa958cc456a6dbf599ea76f897c1", "expiration": null, "is_active": 1 }, { "id": 3409660990, "indicator": "abe4122ca58f638bfeb281451f6963793d8557f3", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_b85e9ccc9a6f00beba918e9320cd5de5cca16b89d4db54cf6377d715bd70bb3a { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b85e9ccc9a6f00beba918e9320cd5de5cca16b89d4db54cf6377d715bd70bb3a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-33-42\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"a497aa958cc456a6dbf599ea76f897c1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"A1TIqiriq5PDPf2k.Framework.exe\" fullword wide \n \t\t $s2= \"Assembly Version\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"System.Core.dll\" fullword wide \n \t\t $s6= \"System.Drawing.dll\" fullword wide \n \t\t $s7= \"System.Management.dll\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??31??54??49??71??69??72??69??71??35??50??44??50??66??32??6b??2e??46??72??61??6d??65??77??6f??72??6b??2e??65??78??65??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {53??79??73??74??65??6d??2e??43??6f??72??65??2e??64??6c??6c??0a??} \n \t\t $hex6= {53??79??73??74??65??6d??2e??44??72??61??77??69??6e??67??2e??64??6c??6c??0a??} \n \t\t $hex7= {53??79??73??74??65??6d??2e??4d??61??6e??61??67??65??6d??65??6e??74??2e??64??6c??6c??0a??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b85e9ccc9a6f00beba918e9320cd5de5cca16b89d4db54cf6377d715bd70bb3a Group", "expiration": null, "is_active": 1 }, { "id": 3409660991, "indicator": "7e187475cf9e1478d0ed4e6678ecfdc5844626a4", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 0e0ea9d429fa54e7ca87d9b2ced3bb8c", "expiration": null, "is_active": 1 }, { "id": 1386572483, "indicator": "76c043ac044f732861301ba2bd9af9ab99540311d660c55e7b4537e4d7ac3f76", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 0e0ea9d429fa54e7ca87d9b2ced3bb8c", "expiration": null, "is_active": 1 }, { "id": 3409660992, "indicator": "e113bd5b692836dddb5862d48532c268d95d0d86", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_76c043ac044f732861301ba2bd9af9ab99540311d660c55e7b4537e4d7ac3f76 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_76c043ac044f732861301ba2bd9af9ab99540311d660c55e7b4537e4d7ac3f76 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-33-27\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0e0ea9d429fa54e7ca87d9b2ced3bb8c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"COR_ENABLE_PROFILING\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"Profiler detected\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {43??4f??52??5f??45??4e??41??42??4c??45??5f??50??52??4f??46??49??4c??49??4e??47??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {50??72??6f??66??69??6c??65??72??20??64??65??74??65??63??74??65??64??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_76c043ac044f732861301ba2bd9af9ab99540311d660c55e7b4537e4d7ac3f76 Group", "expiration": null, "is_active": 1 }, { "id": 3409660993, "indicator": "a5fd037961ed5420108fc4d58c3ebe378db53e3e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-33-08\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fb36d6140fb192ca27df75b26e05a4a6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"AboutToolStripMenuItem\" fullword wide \n \t\t $s2= \"ArrangeIconsToolStripMenuItem\" fullword wide \n \t\t $s3= \"Assembly Version\" fullword wide \n \t\t $s4= \"CascadeToolStripMenuItem\" fullword wide \n \t\t $s5= \"CheckedListBox1\" fullword wide \n \t\t $s6= \"CloseAllToolStripMenuItem\" fullword wide \n \t\t $s7= \"ContentsToolStripMenuItem\" fullword wide \n \t\t $s8= \"CopyToolStripMenuItem\" fullword wide \n \t\t $s9= \"CopyToolStripMenuItem.Image\" fullword wide \n \t\t $s10= \"CutToolStripMenuItem\" fullword wide \n \t\t $s11= \"CutToolStripMenuItem.Image\" fullword wide \n \t\t $s12= \"DateTimePicker1\" fullword wide \n \t\t $s13= \"dfsjghfdfgghfg.Resources\" fullword wide \n \t\t $s14= \"ExitToolStripMenuItem\" fullword wide \n \t\t $s15= \"FileDescription\" fullword wide \n \t\t $s16= \"HelpToolStripButton\" fullword wide \n \t\t $s17= \"HelpToolStripButton.Image\" fullword wide \n \t\t $s18= \"IndexToolStripMenuItem\" fullword wide \n \t\t $s19= \"IndexToolStripMenuItem.Image\" fullword wide \n \t\t $s20= \"NewToolStripButton\" fullword wide \n \n \t\t $hex1= {41??62??6f??75??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex2= {41??72??72??61??6e??67??65??49??63??6f??6e??73??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex3= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex4= {43??61??73??63??61??64??65??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex5= {43??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??31??0a??} \n \t\t $hex6= {43??6c??6f??73??65??41??6c??6c??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex7= {43??6f??6e??74??65??6e??74??73??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex8= {43??6f??70??79??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex9= {43??6f??70??79??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??2e??49??6d??61??67??65??0a??} \n \t\t $hex10= {43??75??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex11= {43??75??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??2e??49??6d??61??67??65??0a??} \n \t\t $hex12= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex13= {45??78??69??74??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex14= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex15= {48??65??6c??70??54??6f??6f??6c??53??74??72??69??70??42??75??74??74??6f??6e??0a??} \n \t\t $hex16= {48??65??6c??70??54??6f??6f??6c??53??74??72??69??70??42??75??74??74??6f??6e??2e??49??6d??61??67??65??0a??} \n \t\t $hex17= {49??6e??64??65??78??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??0a??} \n \t\t $hex18= {49??6e??64??65??78??54??6f??6f??6c??53??74??72??69??70??4d??65??6e??75??49??74??65??6d??2e??49??6d??61??67??65??0a??} \n \t\t $hex19= {4e??65??77??54??6f??6f??6c??53??74??72??69??70??42??75??74??74??6f??6e??0a??} \n \t\t $hex20= {64??66??73??6a??67??68??66??64??66??67??67??68??66??67??2e??52??65??73??6f??75??72??63??65??73??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_6d17273e4b6ff0bcafb3b0a12637bd58b8c80fc552f9154a873bcfd8d4f764fc Group", "expiration": null, "is_active": 1 }, { "id": 3409660994, "indicator": "a66069c0ca8b3df53227823152cae7dba1c8de90", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_bb3354f130a2ced2219851aaa08578ff9c716bbc9d586cf7c488cbf2ae4c9bee { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_bb3354f130a2ced2219851aaa08578ff9c716bbc9d586cf7c488cbf2ae4c9bee Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-32-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"078d16e03fcbdc31c499feff72381dbb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"checkedListBox1\" fullword wide \n \t\t $s3= \"checkedListBox10\" fullword wide \n \t\t $s4= \"checkedListBox2\" fullword wide \n \t\t $s5= \"checkedListBox3\" fullword wide \n \t\t $s6= \"checkedListBox4\" fullword wide \n \t\t $s7= \"checkedListBox5\" fullword wide \n \t\t $s8= \"checkedListBox6\" fullword wide \n \t\t $s9= \"checkedListBox7\" fullword wide \n \t\t $s10= \"checkedListBox8\" fullword wide \n \t\t $s11= \"checkedListBox9\" fullword wide \n \t\t $s12= \"dateTimePicker1\" fullword wide \n \t\t $s13= \"dateTimePicker10\" fullword wide \n \t\t $s14= \"dateTimePicker2\" fullword wide \n \t\t $s15= \"dateTimePicker3\" fullword wide \n \t\t $s16= \"dateTimePicker4\" fullword wide \n \t\t $s17= \"dateTimePicker5\" fullword wide \n \t\t $s18= \"dateTimePicker6\" fullword wide \n \t\t $s19= \"dateTimePicker7\" fullword wide \n \t\t $s20= \"dateTimePicker8\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??31??0a??} \n \t\t $hex3= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??31??30??0a??} \n \t\t $hex4= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??32??0a??} \n \t\t $hex5= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??33??0a??} \n \t\t $hex6= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??34??0a??} \n \t\t $hex7= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??35??0a??} \n \t\t $hex8= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??36??0a??} \n \t\t $hex9= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??37??0a??} \n \t\t $hex10= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??38??0a??} \n \t\t $hex11= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??39??0a??} \n \t\t $hex12= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex13= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??30??0a??} \n \t\t $hex14= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??32??0a??} \n \t\t $hex15= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??33??0a??} \n \t\t $hex16= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??34??0a??} \n \t\t $hex17= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??35??0a??} \n \t\t $hex18= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??36??0a??} \n \t\t $hex19= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??37??0a??} \n \t\t $hex20= {64??61??74??65??54??69??6d??65??50??69??63??6b??65??72??38??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_bb3354f130a2ced2219851aaa08578ff9c716bbc9d586cf7c488cbf2ae4c9bee Group", "expiration": null, "is_active": 1 }, { "id": 3409660995, "indicator": "9bb57d02f3c4edfc66344887fd67f494a9fdcd0e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-32-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"13bce871a7a076d15b477892ddcdb741\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"CreateDecryptor\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"GetExecutingAssembly\" fullword wide \n \t\t $s4= \"Microsoft Corporation\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"System.Reflection.Assembly\" fullword wide \n \t\t $s7= \"System.Resources.ResourceManager\" fullword wide \n \t\t $s8= \"System.String[]\" fullword wide \n \t\t $s9= \"System.Threading.Thread\" fullword wide \n \t\t $s10= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {43??72??65??61??74??65??44??65??63??72??79??70??74??6f??72??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {47??65??74??45??78??65??63??75??74??69??6e??67??41??73??73??65??6d??62??6c??79??0a??} \n \t\t $hex4= {4d??69??63??72??6f??73??6f??66??74??20??43??6f??72??70??6f??72??61??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??79??73??74??65??6d??2e??52??65??66??6c??65??63??74??69??6f??6e??2e??41??73??73??65??6d??62??6c??79??0a??} \n \t\t $hex7= {53??79??73??74??65??6d??2e??52??65??73??6f??75??72??63??65??73??2e??52??65??73??6f??75??72??63??65??4d??61??6e??61??67??} \n \t\t $hex8= {53??79??73??74??65??6d??2e??53??74??72??69??6e??67??5b??5d??0a??} \n \t\t $hex9= {53??79??73??74??65??6d??2e??54??68??72??65??61??64??69??6e??67??2e??54??68??72??65??61??64??0a??} \n \t\t $hex10= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t11 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_19d11a83a2e5ca0b8793bbf5fb7253d29487d1425d0926ff4714398b0d201b73 Group", "expiration": null, "is_active": 1 }, { "id": 3409660996, "indicator": "2149f29e042b32e153a0d61e46d0ec007518ce40", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-32-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bfa36d239ed5e0bf919b3c074288465f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7bf330666c586e8adf6751c911a2821fe67d39f34c8f10d3618fddcbd81a9e53 Group", "expiration": null, "is_active": 1 }, { "id": 3409660997, "indicator": "0d02135533d8529d4971a01c97304fb6a5e093c2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/VBInject", "description": "SHA1 of 3468e9349c0de79b3e5f926b8bb4974b", "expiration": null, "is_active": 1 }, { "id": 1386572216, "indicator": "36b03b59bcc2eff7658e359576bd23f7f52b9237317addec566f6af09ec2054f", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/VBInject", "description": "SHA256 of 3468e9349c0de79b3e5f926b8bb4974b", "expiration": null, "is_active": 1 }, { "id": 3409660998, "indicator": "1d347462be92d1295932c340f3d7614fe05bd506", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_36b03b59bcc2eff7658e359576bd23f7f52b9237317addec566f6af09ec2054f { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_36b03b59bcc2eff7658e359576bd23f7f52b9237317addec566f6af09ec2054f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"3468e9349c0de79b3e5f926b8bb4974b\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"OriginalFilename\" fullword wide \n \t\t $s3= \"Palilicium0.exe\" fullword wide \n \t\t $s4= \"techsmith corporatioN\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex3= {50??61??6c??69??6c??69??63??69??75??6d??30??2e??65??78??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {74??65??63??68??73??6d??69??74??68??20??63??6f??72??70??6f??72??61??74??69??6f??4e??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_36b03b59bcc2eff7658e359576bd23f7f52b9237317addec566f6af09ec2054f Group", "expiration": null, "is_active": 1 }, { "id": 3409660999, "indicator": "a2b25810dfe7f9df70980208feb9cf30393f8812", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 97a4a5fa687287e4f0bd3c7e6dc504b7\nSHA1 of 97a4a5fa687287e4f0bd3c7e6dc504b7", "expiration": null, "is_active": 1 }, { "id": 1386572282, "indicator": "4a30b0537dda3caf4d48fc11b73e4b1141ab3c762fa8c10e63944e1dd42c73c1", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 97a4a5fa687287e4f0bd3c7e6dc504b7\nSHA256 of 97a4a5fa687287e4f0bd3c7e6dc504b7", "expiration": null, "is_active": 1 }, { "id": 3409661000, "indicator": "6a19c98a9c3b2991f53eeba052d2d7f485372c36", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_4a30b0537dda3caf4d48fc11b73e4b1141ab3c762fa8c10e63944e1dd42c73c1 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4a30b0537dda3caf4d48fc11b73e4b1141ab3c762fa8c10e63944e1dd42c73c1 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-28\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"97a4a5fa687287e4f0bd3c7e6dc504b7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"iCbyPv4sn3yqvWZV.Framework.exe\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"System.Core.dll\" fullword wide \n \t\t $s6= \"System.Drawing.dll\" fullword wide \n \t\t $s7= \"System.Management.dll\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {53??79??73??74??65??6d??2e??43??6f??72??65??2e??64??6c??6c??0a??} \n \t\t $hex5= {53??79??73??74??65??6d??2e??44??72??61??77??69??6e??67??2e??64??6c??6c??0a??} \n \t\t $hex6= {53??79??73??74??65??6d??2e??4d??61??6e??61??67??65??6d??65??6e??74??2e??64??6c??6c??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {69??43??62??79??50??76??34??73??6e??33??79??71??76??57??5a??56??2e??46??72??61??6d??65??77??6f??72??6b??2e??65??78??65??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4a30b0537dda3caf4d48fc11b73e4b1141ab3c762fa8c10e63944e1dd42c73c1 Group", "expiration": null, "is_active": 1 }, { "id": 3409661001, "indicator": "1141f18df401de8abdb88691d48412c102508943", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-19\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c4cd26618cd65160ba9724814e56613a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"DisableRegistry\" fullword wide \n \t\t $s2= \"DisableRegistryTools\" fullword wide \n \t\t $s3= \"DisableTaskManager\" fullword wide \n \t\t $s4= \"EnableTaskManager\" fullword wide \n \t\t $s5= \"process explorer\" fullword wide \n \t\t $s6= \"restartcomputer\" fullword wide \n \t\t $s7= \"shutdowncomputer\" fullword wide \n \n \t\t $hex1= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??0a??} \n \t\t $hex2= {44??69??73??61??62??6c??65??52??65??67??69??73??74??72??79??54??6f??6f??6c??73??0a??} \n \t\t $hex3= {44??69??73??61??62??6c??65??54??61??73??6b??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex4= {45??6e??61??62??6c??65??54??61??73??6b??4d??61??6e??61??67??65??72??0a??} \n \t\t $hex5= {70??72??6f??63??65??73??73??20??65??78??70??6c??6f??72??65??72??0a??} \n \t\t $hex6= {72??65??73??74??61??72??74??63??6f??6d??70??75??74??65??72??0a??} \n \t\t $hex7= {73??68??75??74??64??6f??77??6e??63??6f??6d??70??75??74??65??72??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_0125b8f29f335a9ae6ed3f190dcfb920537515d4f1f9a0270862672e39f9e0ef Group", "expiration": null, "is_active": 1 }, { "id": 3409661002, "indicator": "e14b7cca32d9b56d8dc064b3952ad59ec6829cc9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-17\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"ef6ccd7f68a1db97e7e02e3393158c5e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"HZPHTULLIQQVVAELGTUMIC\" fullword wide \n \t\t $s4= \"KGQZQJZIQLIGHBHSSKBLBFWC\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"WZBUQAKQATCYQOYZFALQGC\" fullword wide \n \t\t $s9= \"YKNIFBGCCRSIZPGQRZKNPIWDUWUMN\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {48??5a??50??48??54??55??4c??4c??49??51??51??56??56??41??45??4c??47??54??55??4d??49??43??0a??} \n \t\t $hex4= {4b??47??51??5a??51??4a??5a??49??51??4c??49??47??48??42??48??53??53??4b??42??4c??42??46??57??43??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex8= {57??5a??42??55??51??41??4b??51??41??54??43??59??51??4f??59??5a??46??41??4c??51??47??43??0a??} \n \t\t $hex9= {59??4b??4e??49??46??42??47??43??43??52??53??49??5a??50??47??51??52??5a??4b??4e??50??49??57??44??55??57??55??4d??4e??0a??} \n \n \tcondition: \n \t\t10 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_fc2f1c026b2dcbb3a7b8ebb81c438ea07ddeac476fb0f5cb5c93e3461f56d98c Group", "expiration": null, "is_active": 1 }, { "id": 3409661003, "indicator": "8f430f40d561de2a9416d942e43adaed3dfef071", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of b5218953e6cedf0a0cb03368f2889321", "expiration": null, "is_active": 1 }, { "id": 1386572516, "indicator": "7e5865a0a2139a3e13b1d4d953b202b381436ac38827d4d32cdf01baf2d97eac", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of b5218953e6cedf0a0cb03368f2889321", "expiration": null, "is_active": 1 }, { "id": 3409661004, "indicator": "8531eb5d89c514ddcbc9c33794845b037e2c4e55", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_7e5865a0a2139a3e13b1d4d953b202b381436ac38827d4d32cdf01baf2d97eac { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7e5865a0a2139a3e13b1d4d953b202b381436ac38827d4d32cdf01baf2d97eac Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b5218953e6cedf0a0cb03368f2889321\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Compression error\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Enhanced Metafiles\" fullword wide \n \t\t $s9= \"FileDescription\" fullword wide \n \t\t $s10= \"Highlight Background\" fullword wide \n \t\t $s11= \"Inactive Border\" fullword wide \n \t\t $s12= \"Inactive Caption\" fullword wide \n \t\t $s13= \"Invalid argument\" fullword wide \n \t\t $s14= \"Invalid argument.\" fullword wide \n \t\t $s15= \"Invalid filename\" fullword wide \n \t\t $s16= \"Invalid ImageList\" fullword wide \n \t\t $s17= \"LegalTrademarks\" fullword wide \n \t\t $s18= \"Menu Background\" fullword wide \n \t\t $s19= \"OriginalFilename\" fullword wide \n \t\t $s20= \"TeamViewer GmbH\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {43??6f??6d??70??72??65??73??73??69??6f??6e??20??65??72??72??6f??72??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex12= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex16= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex17= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex18= {4d??65??6e??75??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex19= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex20= {54??65??61??6d??56??69??65??77??65??72??20??47??6d??62??48??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7e5865a0a2139a3e13b1d4d953b202b381436ac38827d4d32cdf01baf2d97eac Group", "expiration": null, "is_active": 1 }, { "id": 3409661005, "indicator": "7d98c8def7fdee0a3844154fb7133e307233b3e0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_9d490424a488cdf23a07c35682ea6f853b3f648015389bbbb76dba87a722a4c6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_9d490424a488cdf23a07c35682ea6f853b3f648015389bbbb76dba87a722a4c6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-31-00\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"08de5338e34666910fde893148176e7e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"Button Highlight\" fullword wide \n \t\t $s5= \"DBN_EDIT DBN_FIRST\" fullword wide \n \t\t $s6= \"DBN_POST DBN_PRIOR\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Enhanced Metafiles\" fullword wide \n \t\t $s9= \"Highlight Background\" fullword wide \n \t\t $s10= \"Inactive Border\" fullword wide \n \t\t $s11= \"Inactive Caption\" fullword wide \n \t\t $s12= \"Integer overflow\" fullword wide \n \t\t $s13= \"Invalid argument\" fullword wide \n \t\t $s14= \"Invalid filename\" fullword wide \n \t\t $s15= \"Invalid ImageList\" fullword wide \n \t\t $s16= \"Menu Background\" fullword wide \n \t\t $s17= \"Tuesday Wednesday\" fullword wide \n \t\t $s18= \"Variant overflow\" fullword wide \n \t\t $s19= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex5= {44??42??4e??5f??45??44??49??54??20??44??42??4e??5f??46??49??52??53??54??0a??} \n \t\t $hex6= {44??42??4e??5f??50??4f??53??54??20??44??42??4e??5f??50??52??49??4f??52??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex9= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex12= {49??6e??74??65??67??65??72??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {4d??65??6e??75??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex17= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex18= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex19= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_9d490424a488cdf23a07c35682ea6f853b3f648015389bbbb76dba87a722a4c6 Group", "expiration": null, "is_active": 1 }, { "id": 3409661006, "indicator": "e89be5394aeb5bcd15bad16a47582e1385ebf45f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of b6cb34db116c3847e79f5f3a8e0f3223\nSHA1 of b6cb34db116c3847e79f5f3a8e0f3223", "expiration": null, "is_active": 1 }, { "id": 1386572336, "indicator": "573bb412d9060ddf48433272f26f55e8e5215619b9be9d877848c48d444ec9f4", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of b6cb34db116c3847e79f5f3a8e0f3223\nSHA256 of b6cb34db116c3847e79f5f3a8e0f3223", "expiration": null, "is_active": 1 }, { "id": 3409661007, "indicator": "13100ff4d3fd7fe6169546fb1c95b77551b48abf", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_573bb412d9060ddf48433272f26f55e8e5215619b9be9d877848c48d444ec9f4 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_573bb412d9060ddf48433272f26f55e8e5215619b9be9d877848c48d444ec9f4 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-57\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b6cb34db116c3847e79f5f3a8e0f3223\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Connection refused.\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Host unreachable.\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid argument.\" fullword wide \n \t\t $s13= \"Invalid filename\" fullword wide \n \t\t $s14= \"Invalid ImageList\" fullword wide \n \t\t $s15= \"Network unreachable.\" fullword wide \n \t\t $s16= \"SetCipher failed.\" fullword wide \n \t\t $s17= \"Tuesday Wednesday\" fullword wide \n \t\t $s18= \"Variant overflow\" fullword wide \n \t\t $s19= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {43??6f??6e??6e??65??63??74??69??6f??6e??20??72??65??66??75??73??65??64??2e??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {48??6f??73??74??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {4e??65??74??77??6f??72??6b??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex16= {53??65??74??43??69??70??68??65??72??20??66??61??69??6c??65??64??2e??0a??} \n \t\t $hex17= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex18= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex19= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_573bb412d9060ddf48433272f26f55e8e5215619b9be9d877848c48d444ec9f4 Group", "expiration": null, "is_active": 1 }, { "id": 3409661008, "indicator": "b0d28c1a06cbdbf41b7f97514b8341bef46706c9", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA1 of 92e0f4b0b4cb094bda52966982f552a1", "expiration": null, "is_active": 1 }, { "id": 1386573020, "indicator": "f46d3fd6ba2e53f2d510d589f1d1f2792e3cc5ac0e293d3c0ba182ebc0c64c25", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA256 of 92e0f4b0b4cb094bda52966982f552a1", "expiration": null, "is_active": 1 }, { "id": 3409661009, "indicator": "9580c944ff6777b64c3820e0753f7d8d43d6640f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_f46d3fd6ba2e53f2d510d589f1d1f2792e3cc5ac0e293d3c0ba182ebc0c64c25 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_f46d3fd6ba2e53f2d510d589f1d1f2792e3cc5ac0e293d3c0ba182ebc0c64c25 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"92e0f4b0b4cb094bda52966982f552a1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Inactive Border\" fullword wide \n \t\t $s9= \"Inactive Caption\" fullword wide \n \t\t $s10= \"Invalid argument\" fullword wide \n \t\t $s11= \"Invalid filename\" fullword wide \n \t\t $s12= \"Invalid ImageList\" fullword wide \n \t\t $s13= \"Tuesday Wednesday\" fullword wide \n \t\t $s14= \"Variant overflow\" fullword wide \n \t\t $s15= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex14= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex15= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_f46d3fd6ba2e53f2d510d589f1d1f2792e3cc5ac0e293d3c0ba182ebc0c64c25 Group", "expiration": null, "is_active": 1 }, { "id": 3409661010, "indicator": "15b1380cebebadae6ee4bebd773ad97ddc2c7144", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of cb09f04e898843a9fbc5cd7e87c0fe45", "expiration": null, "is_active": 1 }, { "id": 1386572149, "indicator": "2ab8a240c143b3fd0ca8207ffa340c3a188172f1905d424307b9dc5058c9d5ec", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of cb09f04e898843a9fbc5cd7e87c0fe45", "expiration": null, "is_active": 1 }, { "id": 3409661011, "indicator": "505d403a7a7dbc6279acd1c1c4668565be964c40", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_2ab8a240c143b3fd0ca8207ffa340c3a188172f1905d424307b9dc5058c9d5ec { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_2ab8a240c143b3fd0ca8207ffa340c3a188172f1905d424307b9dc5058c9d5ec Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-50\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cb09f04e898843a9fbc5cd7e87c0fe45\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"9BE7279CBE87FC1CCAE\" fullword wide \n \t\t $s2= \"9BE7279CBE87FC1CCAE.exe\" fullword wide \n \t\t $s3= \"Assembly Version\" fullword wide \n \t\t $s4= \"FileDescription\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {39??42??45??37??32??37??39??43??42??45??38??37??46??43??31??43??43??41??45??0a??} \n \t\t $hex2= {39??42??45??37??32??37??39??43??42??45??38??37??46??43??31??43??43??41??45??2e??65??78??65??0a??} \n \t\t $hex3= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex4= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_2ab8a240c143b3fd0ca8207ffa340c3a188172f1905d424307b9dc5058c9d5ec Group", "expiration": null, "is_active": 1 }, { "id": 3409661012, "indicator": "8c8fa00ce7de7e160d5c66ba254b768860ac90b7", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of 04e3d309e2a400b3f582d264968d6c9f", "expiration": null, "is_active": 1 }, { "id": 921692951, "indicator": "192a44548a2f3094eb7ad10e775caca07417d2f9525d8a6941e154872860e20a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of 04e3d309e2a400b3f582d264968d6c9f", "expiration": null, "is_active": 1 }, { "id": 3409661013, "indicator": "6a515a3215d0c5f676978c4320036492d114a5e5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_192a44548a2f3094eb7ad10e775caca07417d2f9525d8a6941e154872860e20a { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_192a44548a2f3094eb7ad10e775caca07417d2f9525d8a6941e154872860e20a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"04e3d309e2a400b3f582d264968d6c9f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_192a44548a2f3094eb7ad10e775caca07417d2f9525d8a6941e154872860e20a Group", "expiration": null, "is_active": 1 }, { "id": 3409661014, "indicator": "c06e3f31851af04f14f394428f85ec77b2949433", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"47f0e070b3a2695bf74a32d60e0835ce\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"$this.Localizable\" fullword wide \n \t\t $s2= \"$this.SnapToGrid\" fullword wide \n \t\t $s3= \"$this.TrayHeight\" fullword wide \n \t\t $s4= \"$this.TrayLargeIcon\" fullword wide \n \t\t $s5= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s6= \"progressBar1.Locked\" fullword wide \n \t\t $s7= \"progressBar1.Modifiers\" fullword wide \n \n \t\t $hex1= {24??74??68??69??73??2e??4c??6f??63??61??6c??69??7a??61??62??6c??65??0a??} \n \t\t $hex2= {24??74??68??69??73??2e??53??6e??61??70??54??6f??47??72??69??64??0a??} \n \t\t $hex3= {24??74??68??69??73??2e??54??72??61??79??48??65??69??67??68??74??0a??} \n \t\t $hex4= {24??74??68??69??73??2e??54??72??61??79??4c??61??72??67??65??49??63??6f??6e??0a??} \n \t\t $hex5= {47??65??74??44??65??6c??65??67??61??74??65??46??6f??72??46??75??6e??63??74??69??6f??6e??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex6= {70??72??6f??67??72??65??73??73??42??61??72??31??2e??4c??6f??63??6b??65??64??0a??} \n \t\t $hex7= {70??72??6f??67??72??65??73??73??42??61??72??31??2e??4d??6f??64??69??66??69??65??72??73??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4e121bf3e79d1f8d146331b77bdb83fdcd404f541a4717caea4cc44c06dbd909 Group", "expiration": null, "is_active": 1 }, { "id": 3409661015, "indicator": "73bc5b633c31c04bdaf37445ef3f9d2d300f24fa", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-36\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"f0e3397681817cd915d6aa70e2749011\" \n \n \tstrings: \n \n \t \n \t\t $s1= \")[71[DA[WQ[WY[Wa[Wi[Wq[Wy[W\" fullword wide \n \t\t $s2= \"Assembly Version\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s5= \"LegalTrademarks\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {29??5b??37??31??5b??44??41??5b??57??51??5b??57??59??5b??57??61??5b??57??69??5b??57??71??5b??57??79??5b??57??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {47??65??74??44??65??6c??65??67??61??74??65??46??6f??72??46??75??6e??63??74??69??6f??6e??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex5= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {53??79??73??74??65??6d??2e??52??65??66??6c??65??63??74??69??6f??6e??2e??52??75??6e??74??69??6d??65??4d??6f??64??75??6c??} \n \t\t $hex8= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_245ff120431f9a902860319933dbac5da748858e750ecba6fc493c75a44fdbd6 Group", "expiration": null, "is_active": 1 }, { "id": 3369203337, "indicator": "d00bf2fbcbbab2aa5ea1931a8ee1a34f913f2cb2", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of 6633c99b2c5bebfc2b32aa2c3d8667aa", "expiration": null, "is_active": 1 }, { "id": 1386572202, "indicator": "3201b8a148880cd9348f4567f394e57c55e4aba7198dfff43658f4206c5cbf58", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of 6633c99b2c5bebfc2b32aa2c3d8667aa", "expiration": null, "is_active": 1 }, { "id": 3409661016, "indicator": "5e230f33b6f3cbf08e8d44f9a8d53f9110efd05f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_3201b8a148880cd9348f4567f394e57c55e4aba7198dfff43658f4206c5cbf58 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_3201b8a148880cd9348f4567f394e57c55e4aba7198dfff43658f4206c5cbf58 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-30-23\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6633c99b2c5bebfc2b32aa2c3d8667aa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Connection refused.\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Host unreachable.\" fullword wide \n \t\t $s10= \"Inactive Border\" fullword wide \n \t\t $s11= \"Inactive Caption\" fullword wide \n \t\t $s12= \"Invalid argument\" fullword wide \n \t\t $s13= \"Invalid argument.\" fullword wide \n \t\t $s14= \"Invalid filename\" fullword wide \n \t\t $s15= \"Invalid ImageList\" fullword wide \n \t\t $s16= \"Network unreachable.\" fullword wide \n \t\t $s17= \"Tuesday Wednesday\" fullword wide \n \t\t $s18= \"Variant overflow\" fullword wide \n \t\t $s19= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {43??6f??6e??6e??65??63??74??69??6f??6e??20??72??65??66??75??73??65??64??2e??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {48??6f??73??74??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex16= {4e??65??74??77??6f??72??6b??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex17= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex18= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex19= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t21 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_3201b8a148880cd9348f4567f394e57c55e4aba7198dfff43658f4206c5cbf58 Group", "expiration": null, "is_active": 1 }, { "id": 3409661071, "indicator": "556afe17e9b07f69769f5337e2fc8d3110f42852", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6097232bc136d0af5321b7be782ade5d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"360BrowserBrowser\" fullword wide \n \t\t $s2= \"bform_password_control\" fullword wide \n \t\t $s3= \"CatalinaGroupCitrio\" fullword wide \n \t\t $s4= \"ComodoChromodo\" fullword wide \n \t\t $s5= \"#document.favoriteManager*\" fullword wide \n \t\t $s6= \"eCurrentVersion\" fullword wide \n \t\t $s7= \"form_username_control\" fullword wide \n \t\t $s8= \"GoogleChrome SxS\" fullword wide \n \t\t $s9= \"HTTPMail Password2\" fullword wide \n \t\t $s10= \"HTTPMail Server\" fullword wide \n \t\t $s11= \"Install Directory\" fullword wide \n \t\t $s12= \"LastUsedProfile\" fullword wide \n \t\t $s13= \"MapleStudioChromePlus\" fullword wide \n \t\t $s14= \"Mustang Browser\" fullword wide \n \t\t $s15= \"OperaOpera Nextdata\" fullword wide \n \t\t $s16= \"%s32BitFtp.ini\" fullword wide \n \t\t $s17= \"%s32BitFtp.TMP\" fullword wide \n \t\t $s18= \"%sBitKinexbitkinex.ds\" fullword wide \n \t\t $s19= \"%sBlazeFtpsite.dat\" fullword wide \n \t\t $s20= \"%sComodoIceDragonprofiles.ini\" fullword wide \n \n \t\t $hex1= {23??64??6f??63??75??6d??65??6e??74??2e??66??61??76??6f??72??69??74??65??4d??61??6e??61??67??65??72??2a??0a??} \n \t\t $hex2= {25??73??33??32??42??69??74??46??74??70??2e??54??4d??50??0a??} \n \t\t $hex3= {25??73??33??32??42??69??74??46??74??70??2e??69??6e??69??0a??} \n \t\t $hex4= {25??73??42??69??74??4b??69??6e??65??78??62??69??74??6b??69??6e??65??78??2e??64??73??0a??} \n \t\t $hex5= {25??73??42??6c??61??7a??65??46??74??70??73??69??74??65??2e??64??61??74??0a??} \n \t\t $hex6= {25??73??43??6f??6d??6f??64??6f??49??63??65??44??72??61??67??6f??6e??70??72??6f??66??69??6c??65??73??2e??69??6e??69??0a??} \n \t\t $hex7= {33??36??30??42??72??6f??77??73??65??72??42??72??6f??77??73??65??72??0a??} \n \t\t $hex8= {43??61??74??61??6c??69??6e??61??47??72??6f??75??70??43??69??74??72??69??6f??0a??} \n \t\t $hex9= {43??6f??6d??6f??64??6f??43??68??72??6f??6d??6f??64??6f??0a??} \n \t\t $hex10= {47??6f??6f??67??6c??65??43??68??72??6f??6d??65??20??53??78??53??0a??} \n \t\t $hex11= {48??54??54??50??4d??61??69??6c??20??50??61??73??73??77??6f??72??64??32??0a??} \n \t\t $hex12= {48??54??54??50??4d??61??69??6c??20??53??65??72??76??65??72??0a??} \n \t\t $hex13= {49??6e??73??74??61??6c??6c??20??44??69??72??65??63??74??6f??72??79??0a??} \n \t\t $hex14= {4c??61??73??74??55??73??65??64??50??72??6f??66??69??6c??65??0a??} \n \t\t $hex15= {4d??61??70??6c??65??53??74??75??64??69??6f??43??68??72??6f??6d??65??50??6c??75??73??0a??} \n \t\t $hex16= {4d??75??73??74??61??6e??67??20??42??72??6f??77??73??65??72??0a??} \n \t\t $hex17= {4f??70??65??72??61??4f??70??65??72??61??20??4e??65??78??74??64??61??74??61??0a??} \n \t\t $hex18= {62??66??6f??72??6d??5f??70??61??73??73??77??6f??72??64??5f??63??6f??6e??74??72??6f??6c??0a??} \n \t\t $hex19= {65??43??75??72??72??65??6e??74??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex20= {66??6f??72??6d??5f??75??73??65??72??6e??61??6d??65??5f??63??6f??6e??74??72??6f??6c??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675 Group", "expiration": null, "is_active": 1 }, { "id": 3409661072, "indicator": "8601992cf53862525e825ce63527cd426c38909f", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-52\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"6653234c3abaf0ac582d7078afd20b2c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_0e7d3772de05d030ca4c0083e2f48be06cfab01db0ab9091916ddd275765e9ba Group", "expiration": null, "is_active": 1 }, { "id": 3409661073, "indicator": "3a366ca13eee32a177a15a431838741584cef655", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-40\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"52de0906f129b1eb5ab6d79239db6e7d\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_69061deb711b6c29e51e37808c49699741c0f923b15391f073239cdb1a295e27 Group", "expiration": null, "is_active": 1 }, { "id": 3409661074, "indicator": "fef761c032fcd75d943b87c434a95d0ea230d0f5", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"68f82a9f4d90cb41bb11a0767df6b8ae\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"#(-27;@EJOTY^chmrw|\" fullword wide \n \t\t $s2= \"activeschoolyear\" fullword wide \n \t\t $s3= \"AfdKzTKBPaHvvQfrTn\" fullword wide \n \t\t $s4= \"akESFsSpQxPBfFQKdaw\" fullword wide \n \t\t $s5= \"'and tblSection.SchoolYear='\" fullword wide \n \t\t $s6= \"ATaiQCLMKntBfsrHLN\" fullword wide \n \t\t $s7= \"bQHVgOOBBdlyatZx\" fullword wide \n \t\t $s8= \"bRrTzwfSoejtccOOqyLn\" fullword wide \n \t\t $s9= \"bSrGzjRToQjtOcOBdzxa\" fullword wide \n \t\t $s10= \"bSrUzjfTofjtccPBdzLa\" fullword wide \n \t\t $s11= \"buZxPbMGZVtdntp\" fullword wide \n \t\t $s12= \"CountOfEnrollmentID\" fullword wide \n \t\t $s13= \"Departmenttitle\" fullword wide \n \t\t $s14= \"egMSmukPKLJOzGNFEUKMEeGljR\" fullword wide \n \t\t $s15= \"eIhyZzKEFdMQdZlBQY\" fullword wide \n \t\t $s16= \"EIjJUOheAVvnjuLbwkt\" fullword wide \n \t\t $s17= \"EKembHCCBGrkrVwiyBEw\" fullword wide \n \t\t $s18= \"ePTuUgaspLhGyuFQmH\" fullword wide \n \t\t $s19= \"FileDescription\" fullword wide \n \t\t $s20= \"gpBexdAfSPJcawgq\" fullword wide \n \n \t\t $hex1= {23??28??2d??32??37??3b??40??45??4a??4f??54??59??5e??63??68??6d??72??77??7c??0a??} \n \t\t $hex2= {27??61??6e??64??20??74??62??6c??53??65??63??74??69??6f??6e??2e??53??63??68??6f??6f??6c??59??65??61??72??3d??27??0a??} \n \t\t $hex3= {41??54??61??69??51??43??4c??4d??4b??6e??74??42??66??73??72??48??4c??4e??0a??} \n \t\t $hex4= {41??66??64??4b??7a??54??4b??42??50??61??48??76??76??51??66??72??54??6e??0a??} \n \t\t $hex5= {43??6f??75??6e??74??4f??66??45??6e??72??6f??6c??6c??6d??65??6e??74??49??44??0a??} \n \t\t $hex6= {44??65??70??61??72??74??6d??65??6e??74??74??69??74??6c??65??0a??} \n \t\t $hex7= {45??49??6a??4a??55??4f??68??65??41??56??76??6e??6a??75??4c??62??77??6b??74??0a??} \n \t\t $hex8= {45??4b??65??6d??62??48??43??43??42??47??72??6b??72??56??77??69??79??42??45??77??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {61??63??74??69??76??65??73??63??68??6f??6f??6c??79??65??61??72??0a??} \n \t\t $hex11= {61??6b??45??53??46??73??53??70??51??78??50??42??66??46??51??4b??64??61??77??0a??} \n \t\t $hex12= {62??51??48??56??67??4f??4f??42??42??64??6c??79??61??74??5a??78??0a??} \n \t\t $hex13= {62??52??72??54??7a??77??66??53??6f??65??6a??74??63??63??4f??4f??71??79??4c??6e??0a??} \n \t\t $hex14= {62??53??72??47??7a??6a??52??54??6f??51??6a??74??4f??63??4f??42??64??7a??78??61??0a??} \n \t\t $hex15= {62??53??72??55??7a??6a??66??54??6f??66??6a??74??63??63??50??42??64??7a??4c??61??0a??} \n \t\t $hex16= {62??75??5a??78??50??62??4d??47??5a??56??74??64??6e??74??70??0a??} \n \t\t $hex17= {65??49??68??79??5a??7a??4b??45??46??64??4d??51??64??5a??6c??42??51??59??0a??} \n \t\t $hex18= {65??50??54??75??55??67??61??73??70??4c??68??47??79??75??46??51??6d??48??0a??} \n \t\t $hex19= {65??67??4d??53??6d??75??6b??50??4b??4c??4a??4f??7a??47??4e??46??45??55??4b??4d??45??65??47??6c??6a??52??0a??} \n \t\t $hex20= {67??70??42??65??78??64??41??66??53??50??4a??63??61??77??67??71??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1cd08d7b56c4ecc9e671d7d93ec7bac093fb4ca89e65a9ab5f3157faf5355e2c Group", "expiration": null, "is_active": 1 }, { "id": 3409661075, "indicator": "cbf1bfa6b8c0776e1e3f0d2a32fd4593dd1d4cbc", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"918324d01bfb4f434b54467f649f2b43\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"C:WINDOWSsystem32userinit.exe, \" fullword wide \n \t\t $s2= \"eUninstallString\" fullword wide \n \t\t $s3= \"fso.DeleteFile \" fullword wide \n \t\t $s4= \"httpshellopencommand\" fullword wide \n \t\t $s5= \"InstallLocation\" fullword wide \n \t\t $s6= \"time_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \t\t $s7= \"wnd_%04i%02i%02i_%02i%02i%02i\" fullword wide \n \t\t $s8= \"WScript.Sleep 1000\" fullword wide \n \n \t\t $hex1= {43??3a??57??49??4e??44??4f??57??53??73??79??73??74??65??6d??33??32??75??73??65??72??69??6e??69??74??2e??65??78??65??2c??} \n \t\t $hex2= {49??6e??73??74??61??6c??6c??4c??6f??63??61??74??69??6f??6e??0a??} \n \t\t $hex3= {57??53??63??72??69??70??74??2e??53??6c??65??65??70??20??31??30??30??30??0a??} \n \t\t $hex4= {65??55??6e??69??6e??73??74??61??6c??6c??53??74??72??69??6e??67??0a??} \n \t\t $hex5= {66??73??6f??2e??44??65??6c??65??74??65??46??69??6c??65??0a??} \n \t\t $hex6= {68??74??74??70??73??68??65??6c??6c??6f??70??65??6e??63??6f??6d??6d??61??6e??64??0a??} \n \t\t $hex7= {74??69??6d??65??5f??25??30??34??69??25??30??32??69??25??30??32??69??5f??25??30??32??69??25??30??32??69??25??30??32??69??} \n \t\t $hex8= {77??6e??64??5f??25??30??34??69??25??30??32??69??25??30??32??69??5f??25??30??32??69??25??30??32??69??25??30??32??69??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1f393d3de2fe3ec9f94bade8996326f53ec76c39ce450ffccc0d1994850589cc Group", "expiration": null, "is_active": 1 }, { "id": 3409661076, "indicator": "9a6ca0c9a98d833c308950ab0c3909438a11dc15", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Generic-0-6574657-0", "description": "SHA1 of 9555d8d43446954253e08d0aecd286f1", "expiration": null, "is_active": 1 }, { "id": 1386399283, "indicator": "26151f1e24bc97532e49013fbe04919de1f51e346dba1f10ce2e389160f2fb9d", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Trojan.Generic-0-6574657-0", "description": "SHA256 of 9555d8d43446954253e08d0aecd286f1", "expiration": null, "is_active": 1 }, { "id": 3409661077, "indicator": "a6876300737d211ce5b3cdbcb9a0baae45362e3e", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_26151f1e24bc97532e49013fbe04919de1f51e346dba1f10ce2e389160f2fb9d { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_26151f1e24bc97532e49013fbe04919de1f51e346dba1f10ce2e389160f2fb9d Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-29-04\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"9555d8d43446954253e08d0aecd286f1\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_26151f1e24bc97532e49013fbe04919de1f51e346dba1f10ce2e389160f2fb9d Group", "expiration": null, "is_active": 1 }, { "id": 3409661078, "indicator": "74f49cdf4eef02fd6a94f3f791d2cb9d55f785ae", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-28-55\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"658fd93fd4e8aaf0510bee2c1af6c777\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_dd003aa02f3c7ef6179e6b79d868d62afcf273ad3c79f99ccc779c12f46a17b2 Group", "expiration": null, "is_active": 1 }, { "id": 3409661079, "indicator": "339d37620abcd9a2185097faff860fef04024b75", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_ccf11edb3c7aa64ebf7eaff916b0894fbe1e500a61cf3dec3d6673dba3cf69f7 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ccf11edb3c7aa64ebf7eaff916b0894fbe1e500a61cf3dec3d6673dba3cf69f7 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-28-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"248bbade477d88d0725d7d4ec48a5587\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"KAMStuDIO troUp\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"sourcefIRE, cNC.\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {4b??41??4d??53??74??75??44??49??4f??20??74??72??6f??55??70??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {73??6f??75??72??63??65??66??49??52??45??2c??20??63??4e??43??2e??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ccf11edb3c7aa64ebf7eaff916b0894fbe1e500a61cf3dec3d6673dba3cf69f7 Group", "expiration": null, "is_active": 1 }, { "id": 3409661080, "indicator": "122ac6856b73a55a297ad97e06a896a866f66e87", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_e214833e7bd22dda2a8c8ee0e0633e7956b4b4577a06717e05e9f9e7b31880f0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_e214833e7bd22dda2a8c8ee0e0633e7956b4b4577a06717e05e9f9e7b31880f0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-28-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1b2a3a848f87cbbcc42537e99251f3bb\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"JwVMJBbmrEv5YULV.CIL.exe\" fullword wide \n \t\t $s4= \"lld.eroC.metsyS\" fullword wide \n \t\t $s5= \"lld.gniwarD.metsyS\" fullword wide \n \t\t $s6= \"lld.tnemeganaM.metsyS\" fullword wide \n \t\t $s7= \"OriginalFilename\" fullword wide \n \t\t $s8= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4a??77??56??4d??4a??42??62??6d??72??45??76??35??59??55??4c??56??2e??43??49??4c??2e??65??78??65??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex6= {6c??6c??64??2e??65??72??6f??43??2e??6d??65??74??73??79??53??0a??} \n \t\t $hex7= {6c??6c??64??2e??67??6e??69??77??61??72??44??2e??6d??65??74??73??79??53??0a??} \n \t\t $hex8= {6c??6c??64??2e??74??6e??65??6d??65??67??61??6e??61??4d??2e??6d??65??74??73??79??53??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_e214833e7bd22dda2a8c8ee0e0633e7956b4b4577a06717e05e9f9e7b31880f0 Group", "expiration": null, "is_active": 1 }, { "id": 3409661081, "indicator": "ac1ae2a5fc1e8fa8a36ab475a5f46a5978872297", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of 63d4d8a277f530503a77b59d9e6066f6", "expiration": null, "is_active": 1 }, { "id": 1386572200, "indicator": "311e5c20a50f6949c6b1c962bde7a583c5f4b02e1d57b6f93effbf3d9029b0bb", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of 63d4d8a277f530503a77b59d9e6066f6", "expiration": null, "is_active": 1 }, { "id": 3409661082, "indicator": "ad590ddc94d8bef330751d3e80468ad856b16922", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_311e5c20a50f6949c6b1c962bde7a583c5f4b02e1d57b6f93effbf3d9029b0bb { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_311e5c20a50f6949c6b1c962bde7a583c5f4b02e1d57b6f93effbf3d9029b0bb Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-27-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"63d4d8a277f530503a77b59d9e6066f6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Connection refused.\" fullword wide \n \t\t $s7= \"Default Gray Text\" fullword wide \n \t\t $s8= \"Enhanced Metafiles\" fullword wide \n \t\t $s9= \"Highlight Background\" fullword wide \n \t\t $s10= \"Host unreachable.\" fullword wide \n \t\t $s11= \"Inactive Border\" fullword wide \n \t\t $s12= \"Inactive Caption\" fullword wide \n \t\t $s13= \"Invalid argument\" fullword wide \n \t\t $s14= \"Invalid argument.\" fullword wide \n \t\t $s15= \"Invalid filename\" fullword wide \n \t\t $s16= \"Invalid ImageList\" fullword wide \n \t\t $s17= \"Network unreachable.\" fullword wide \n \t\t $s18= \"Tuesday Wednesday\" fullword wide \n \t\t $s19= \"Variant overflow\" fullword wide \n \t\t $s20= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {43??6f??6e??6e??65??63??74??69??6f??6e??20??72??65??66??75??73??65??64??2e??0a??} \n \t\t $hex7= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex8= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex9= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex10= {48??6f??73??74??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex11= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex12= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex15= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex16= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex17= {4e??65??74??77??6f??72??6b??20??75??6e??72??65??61??63??68??61??62??6c??65??2e??0a??} \n \t\t $hex18= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex19= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex20= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_311e5c20a50f6949c6b1c962bde7a583c5f4b02e1d57b6f93effbf3d9029b0bb Group", "expiration": null, "is_active": 1 }, { "id": 3409661083, "indicator": "9ad9b92b883bf3cfefddf5624f557f4814d26b3a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-27-41\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4dce5b84c18684f38cd13a52d675b1f6\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"OriginalFilename\" fullword wide \n \t\t $s4= \"VS_VERSION_INFO\" fullword wide \n \t\t $s5= \"WinForms_RecursiveFormCreate\" fullword wide \n \t\t $s6= \"WinForms_SeeInnerException\" fullword wide \n \t\t $s7= \"wirjwewe.Resources\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??69??6e??46??6f??72??6d??73??5f??52??65??63??75??72??73??69??76??65??46??6f??72??6d??43??72??65??61??74??65??0a??} \n \t\t $hex6= {57??69??6e??46??6f??72??6d??73??5f??53??65??65??49??6e??6e??65??72??45??78??63??65??70??74??69??6f??6e??0a??} \n \t\t $hex7= {77??69??72??6a??77??65??77??65??2e??52??65??73??6f??75??72??63??65??73??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_a1669957257226ace07aa63b449ec895c42ed6a8458f872929ddbec5d3a9b5cc Group", "expiration": null, "is_active": 1 }, { "id": 3409661110, "indicator": "c7ef4a07ee43fdd14adecf3d9b0d264c2babf33b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-27-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"45871ed002cf2573df1905dba2b276fe\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"23ypJErqMONnQSfhihme\" fullword wide \n \t\t $s2= \"2vKCowqAzwzUaiXJjMZR\" fullword wide \n \t\t $s3= \"3EDkyrisiCxmNMFHBDeE\" fullword wide \n \t\t $s4= \"3HLxzLBv33Iecpmz03Mi\" fullword wide \n \t\t $s5= \"3S4FqPCcJde1zCalRWw1\" fullword wide \n \t\t $s6= \"8GRghuEhyQl7WC1gpAcL\" fullword wide \n \t\t $s7= \"9uoQNs6JeKi5ozMENtAk\" fullword wide \n \t\t $s8= \"Assazi.Properties\" fullword wide \n \t\t $s9= \"Assembly Version\" fullword wide \n \t\t $s10= \"bDSvNsSyPJouxYgcY1uU\" fullword wide \n \t\t $s11= \"c4LYU6IJJMnvgVUxuFyK\" fullword wide \n \t\t $s12= \"CT9SvR3kaRyOymJu2FHc\" fullword wide \n \t\t $s13= \"FCMgS8pTIrRTs3uAn1SI\" fullword wide \n \t\t $s14= \"FileDescription\" fullword wide \n \t\t $s15= \"ID25aThxT04qZdVsAvII\" fullword wide \n \t\t $s16= \"IquSxE9c5xQshD9ILXsn\" fullword wide \n \t\t $s17= \"iZw8fzZ9COJhxBUsaRGw\" fullword wide \n \t\t $s18= \"J7wHC2hZanFYYWNkJwUy\" fullword wide \n \t\t $s19= \"kWn5NRrfMhKWnakZ\" fullword wide \n \t\t $s20= \"kWn5NRrfMhKWnakZX\" fullword wide \n \n \t\t $hex1= {32??33??79??70??4a??45??72??71??4d??4f??4e??6e??51??53??66??68??69??68??6d??65??0a??} \n \t\t $hex2= {32??76??4b??43??6f??77??71??41??7a??77??7a??55??61??69??58??4a??6a??4d??5a??52??0a??} \n \t\t $hex3= {33??45??44??6b??79??72??69??73??69??43??78??6d??4e??4d??46??48??42??44??65??45??0a??} \n \t\t $hex4= {33??48??4c??78??7a??4c??42??76??33??33??49??65??63??70??6d??7a??30??33??4d??69??0a??} \n \t\t $hex5= {33??53??34??46??71??50??43??63??4a??64??65??31??7a??43??61??6c??52??57??77??31??0a??} \n \t\t $hex6= {38??47??52??67??68??75??45??68??79??51??6c??37??57??43??31??67??70??41??63??4c??0a??} \n \t\t $hex7= {39??75??6f??51??4e??73??36??4a??65??4b??69??35??6f??7a??4d??45??4e??74??41??6b??0a??} \n \t\t $hex8= {41??73??73??61??7a??69??2e??50??72??6f??70??65??72??74??69??65??73??0a??} \n \t\t $hex9= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex10= {43??54??39??53??76??52??33??6b??61??52??79??4f??79??6d??4a??75??32??46??48??63??0a??} \n \t\t $hex11= {46??43??4d??67??53??38??70??54??49??72??52??54??73??33??75??41??6e??31??53??49??0a??} \n \t\t $hex12= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex13= {49??44??32??35??61??54??68??78??54??30??34??71??5a??64??56??73??41??76??49??49??0a??} \n \t\t $hex14= {49??71??75??53??78??45??39??63??35??78??51??73??68??44??39??49??4c??58??73??6e??0a??} \n \t\t $hex15= {4a??37??77??48??43??32??68??5a??61??6e??46??59??59??57??4e??6b??4a??77??55??79??0a??} \n \t\t $hex16= {62??44??53??76??4e??73??53??79??50??4a??6f??75??78??59??67??63??59??31??75??55??0a??} \n \t\t $hex17= {63??34??4c??59??55??36??49??4a??4a??4d??6e??76??67??56??55??78??75??46??79??4b??0a??} \n \t\t $hex18= {69??5a??77??38??66??7a??5a??39??43??4f??4a??68??78??42??55??73??61??52??47??77??0a??} \n \t\t $hex19= {6b??57??6e??35??4e??52??72??66??4d??68??4b??57??6e??61??6b??5a??0a??} \n \t\t $hex20= {6b??57??6e??35??4e??52??72??66??4d??68??4b??57??6e??61??6b??5a??58??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_06100a57bd26d49c7316db0f21461a1f75c1b2a659da2d3818e222167812182f Group", "expiration": null, "is_active": 1 }, { "id": 266038652, "indicator": "cc9903ed0a57b55ed3aa68f36690976f50400b26", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of b90355c0dd12bd74dab2ec2b6ad374a7", "expiration": null, "is_active": 1 }, { "id": 266039216, "indicator": "b5c2e18a004b8a4644541710612baacef6ea882da493e4affd7e237a9404701e", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of b90355c0dd12bd74dab2ec2b6ad374a7", "expiration": null, "is_active": 1 }, { "id": 3409661111, "indicator": "1da150237173c30404022c793c3240db4887e4af", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_b5c2e18a004b8a4644541710612baacef6ea882da493e4affd7e237a9404701e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b5c2e18a004b8a4644541710612baacef6ea882da493e4affd7e237a9404701e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-27-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"b90355c0dd12bd74dab2ec2b6ad374a7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Inactive Border\" fullword wide \n \t\t $s9= \"Inactive Caption\" fullword wide \n \t\t $s10= \"Invalid argument\" fullword wide \n \t\t $s11= \"Invalid filename\" fullword wide \n \t\t $s12= \"Invalid ImageList\" fullword wide \n \t\t $s13= \"Menu Background\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {4d??65??6e??75??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b5c2e18a004b8a4644541710612baacef6ea882da493e4affd7e237a9404701e Group", "expiration": null, "is_active": 1 }, { "id": 3409661112, "indicator": "472c94714e33a1dba2bacd3f1bd3295203f0151c", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA1 of 4813f9463dca4ef614038d2c0ca6ceb5", "expiration": null, "is_active": 1 }, { "id": 1386572472, "indicator": "746d45c649d0370fa04144ed8206be89989f3ca3bea1e878bc74bf19206acc44", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:Win32/CeeInject", "description": "SHA256 of 4813f9463dca4ef614038d2c0ca6ceb5", "expiration": null, "is_active": 1 }, { "id": 3409661113, "indicator": "41802219466296bc06d20c4a1faa2850d79fcb3b", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_746d45c649d0370fa04144ed8206be89989f3ca3bea1e878bc74bf19206acc44 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_746d45c649d0370fa04144ed8206be89989f3ca3bea1e878bc74bf19206acc44 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4813f9463dca4ef614038d2c0ca6ceb5\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_746d45c649d0370fa04144ed8206be89989f3ca3bea1e878bc74bf19206acc44 Group", "expiration": null, "is_active": 1 }, { "id": 3409661114, "indicator": "d92e9c7ec992c82ab9b2d421758b422be3872018", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-47\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"5e5cb33acff6aa9dd06e76c73c0fe6fa\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"255.255.255.255\" fullword wide \n \t\t $s2= \"%4d%02d%02d%02d%02d%02d\" fullword wide \n \t\t $s3= \"ADLIBUNREGISTER\" fullword wide \n \t\t $s4= \"APPDATACOMMONDIR\" fullword wide \n \t\t $s5= \"/AutoIt3ExecuteLine\" fullword wide \n \t\t $s6= \"/AutoIt3ExecuteScript\" fullword wide \n \t\t $s7= \"/AutoIt3OutputDebug\" fullword wide \n \t\t $s8= \"AUTOITCALLVARIABLE%d\" fullword wide \n \t\t $s9= \"AUTOITSETOPTION\" fullword wide \n \t\t $s10= \"AUTOITWINGETTITLE\" fullword wide \n \t\t $s11= \"AUTOITWINSETTITLE\" fullword wide \n \t\t $s12= \"BROWSER_FAVORTIES\" fullword wide \n \t\t $s13= \"BROWSER_FORWARD\" fullword wide \n \t\t $s14= \"BROWSER_REFRESH\" fullword wide \n \t\t $s15= \"#comments-start\" fullword wide \n \t\t $s16= \"CONSOLEWRITEERROR\" fullword wide \n \t\t $s17= \"CONTROLGETFOCUS\" fullword wide \n \t\t $s18= \"CONTROLGETHANDLE\" fullword wide \n \t\t $s19= \"CONTROLLISTVIEW\" fullword wide \n \t\t $s20= \"Control PanelAppearance\" fullword wide \n \n \t\t $hex1= {23??63??6f??6d??6d??65??6e??74??73??2d??73??74??61??72??74??0a??} \n \t\t $hex2= {25??34??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??25??30??32??64??0a??} \n \t\t $hex3= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??4c??69??6e??65??0a??} \n \t\t $hex4= {2f??41??75??74??6f??49??74??33??45??78??65??63??75??74??65??53??63??72??69??70??74??0a??} \n \t\t $hex5= {2f??41??75??74??6f??49??74??33??4f??75??74??70??75??74??44??65??62??75??67??0a??} \n \t\t $hex6= {32??35??35??2e??32??35??35??2e??32??35??35??2e??32??35??35??0a??} \n \t\t $hex7= {41??44??4c??49??42??55??4e??52??45??47??49??53??54??45??52??0a??} \n \t\t $hex8= {41??50??50??44??41??54??41??43??4f??4d??4d??4f??4e??44??49??52??0a??} \n \t\t $hex9= {41??55??54??4f??49??54??43??41??4c??4c??56??41??52??49??41??42??4c??45??25??64??0a??} \n \t\t $hex10= {41??55??54??4f??49??54??53??45??54??4f??50??54??49??4f??4e??0a??} \n \t\t $hex11= {41??55??54??4f??49??54??57??49??4e??47??45??54??54??49??54??4c??45??0a??} \n \t\t $hex12= {41??55??54??4f??49??54??57??49??4e??53??45??54??54??49??54??4c??45??0a??} \n \t\t $hex13= {42??52??4f??57??53??45??52??5f??46??41??56??4f??52??54??49??45??53??0a??} \n \t\t $hex14= {42??52??4f??57??53??45??52??5f??46??4f??52??57??41??52??44??0a??} \n \t\t $hex15= {42??52??4f??57??53??45??52??5f??52??45??46??52??45??53??48??0a??} \n \t\t $hex16= {43??4f??4e??53??4f??4c??45??57??52??49??54??45??45??52??52??4f??52??0a??} \n \t\t $hex17= {43??4f??4e??54??52??4f??4c??47??45??54??46??4f??43??55??53??0a??} \n \t\t $hex18= {43??4f??4e??54??52??4f??4c??47??45??54??48??41??4e??44??4c??45??0a??} \n \t\t $hex19= {43??4f??4e??54??52??4f??4c??4c??49??53??54??56??49??45??57??0a??} \n \t\t $hex20= {43??6f??6e??74??72??6f??6c??20??50??61??6e??65??6c??41??70??70??65??61??72??61??6e??63??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_d579b32bedbe846c9d3c89aeb8d0c33ac22d6c0d9a1d3345b0203eb351dc7f95 Group", "expiration": null, "is_active": 1 }, { "id": 3409661115, "indicator": "3a3ac865dc27b6d888e83d8e335648dd79043ed4", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-35\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"cf90d9961b012e81dba645a7d9f0d074\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"BBYES CL_MPBACK\" fullword wide \n \t\t $s6= \"Button Highlight\" fullword wide \n \t\t $s7= \"CL_MPEJECT CL_MPNEXT\" fullword wide \n \t\t $s8= \"CL_MPPAUSE CL_MPPLAY CL_MPPREV\" fullword wide \n \t\t $s9= \"Default Gray Text\" fullword wide \n \t\t $s10= \"DI_MPEJECT DI_MPNEXT\" fullword wide \n \t\t $s11= \"DI_MPPAUSE DI_MPPLAY DI_MPPREV\" fullword wide \n \t\t $s12= \"EN_MPEJECT EN_MPNEXT\" fullword wide \n \t\t $s13= \"EN_MPPAUSE EN_MPPLAY EN_MPPREV\" fullword wide \n \t\t $s14= \"EN_MPRECORD EN_MPSTEP EN_MPSTOP\" fullword wide \n \t\t $s15= \"Highlight Background\" fullword wide \n \t\t $s16= \"Inactive Border\" fullword wide \n \t\t $s17= \"Inactive Caption\" fullword wide \n \t\t $s18= \"Invalid argument\" fullword wide \n \t\t $s19= \"Invalid filename\" fullword wide \n \t\t $s20= \"Invalid ImageList\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??42??59??45??53??20??43??4c??5f??4d??50??42??41??43??4b??0a??} \n \t\t $hex6= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex7= {43??4c??5f??4d??50??45??4a??45??43??54??20??43??4c??5f??4d??50??4e??45??58??54??0a??} \n \t\t $hex8= {43??4c??5f??4d??50??50??41??55??53??45??20??43??4c??5f??4d??50??50??4c??41??59??20??43??4c??5f??4d??50??50??52??45??56??} \n \t\t $hex9= {44??49??5f??4d??50??45??4a??45??43??54??20??44??49??5f??4d??50??4e??45??58??54??0a??} \n \t\t $hex10= {44??49??5f??4d??50??50??41??55??53??45??20??44??49??5f??4d??50??50??4c??41??59??20??44??49??5f??4d??50??50??52??45??56??} \n \t\t $hex11= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex12= {45??4e??5f??4d??50??45??4a??45??43??54??20??45??4e??5f??4d??50??4e??45??58??54??0a??} \n \t\t $hex13= {45??4e??5f??4d??50??50??41??55??53??45??20??45??4e??5f??4d??50??50??4c??41??59??20??45??4e??5f??4d??50??50??52??45??56??} \n \t\t $hex14= {45??4e??5f??4d??50??52??45??43??4f??52??44??20??45??4e??5f??4d??50??53??54??45??50??20??45??4e??5f??4d??50??53??54??4f??} \n \t\t $hex15= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex16= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex17= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex18= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex19= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex20= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_67fd6afd7fed1c4229ef59b16450a803fcf5a4ab004664f5e8cb827bea7af6a0 Group", "expiration": null, "is_active": 1 }, { "id": 3409661116, "indicator": "a4b29f419c3f1cca7aee24cff1ebb10416c18695", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA1 of 8337d48e68802bf418a2e00283ab1914", "expiration": null, "is_active": 1 }, { "id": 1386572058, "indicator": "1251e556fd7af5f92ba248b630393034278d7ee4fb0a7732593e0b3bcae0189a", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "", "description": "SHA256 of 8337d48e68802bf418a2e00283ab1914", "expiration": null, "is_active": 1 }, { "id": 3409661117, "indicator": "611758ed3ab6cd430cc90c83997c5690eb786f04", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_1251e556fd7af5f92ba248b630393034278d7ee4fb0a7732593e0b3bcae0189a { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_1251e556fd7af5f92ba248b630393034278d7ee4fb0a7732593e0b3bcae0189a Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-34\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8337d48e68802bf418a2e00283ab1914\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"EdenStream.Properties.Resources\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {45??64??65??6e??53??74??72??65??61??6d??2e??50??72??6f??70??65??72??74??69??65??73??2e??52??65??73??6f??75??72??63??65??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t6 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_1251e556fd7af5f92ba248b630393034278d7ee4fb0a7732593e0b3bcae0189a Group", "expiration": null, "is_active": 1 }, { "id": 3409661118, "indicator": "6c14eafec36396e2d58c003669c27268c67f625a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-13\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1b3c5144369e21c102063fc18adae793\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"$this.Localizable\" fullword wide \n \t\t $s2= \"$this.SnapToGrid\" fullword wide \n \t\t $s3= \"$this.TrayHeight\" fullword wide \n \t\t $s4= \"$this.TrayLargeIcon\" fullword wide \n \t\t $s5= \"Assembly Version\" fullword wide \n \t\t $s6= \"FileDescription\" fullword wide \n \t\t $s7= \"GetDelegateForFunctionPointer\" fullword wide \n \t\t $s8= \"LegalTrademarks\" fullword wide \n \t\t $s9= \"NanoCoreFUD_01.exe\" fullword wide \n \t\t $s10= \"NetRunpe.vItKUvDNTRnTi\" fullword wide \n \t\t $s11= \"OriginalFilename\" fullword wide \n \t\t $s12= \"progressBar1.Locked\" fullword wide \n \t\t $s13= \"progressBar1.Modifiers\" fullword wide \n \t\t $s14= \"System.Reflection.RuntimeModule\" fullword wide \n \t\t $s15= \"VS_VERSION_INFO\" fullword wide \n \t\t $s16= \"WdQhmLTWtHDbRcmpOkwpMhYoiOLZ\" fullword wide \n \n \t\t $hex1= {24??74??68??69??73??2e??4c??6f??63??61??6c??69??7a??61??62??6c??65??0a??} \n \t\t $hex2= {24??74??68??69??73??2e??53??6e??61??70??54??6f??47??72??69??64??0a??} \n \t\t $hex3= {24??74??68??69??73??2e??54??72??61??79??48??65??69??67??68??74??0a??} \n \t\t $hex4= {24??74??68??69??73??2e??54??72??61??79??4c??61??72??67??65??49??63??6f??6e??0a??} \n \t\t $hex5= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex6= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex7= {47??65??74??44??65??6c??65??67??61??74??65??46??6f??72??46??75??6e??63??74??69??6f??6e??50??6f??69??6e??74??65??72??0a??} \n \t\t $hex8= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex9= {4e??61??6e??6f??43??6f??72??65??46??55??44??5f??30??31??2e??65??78??65??0a??} \n \t\t $hex10= {4e??65??74??52??75??6e??70??65??2e??76??49??74??4b??55??76??44??4e??54??52??6e??54??69??0a??} \n \t\t $hex11= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex12= {53??79??73??74??65??6d??2e??52??65??66??6c??65??63??74??69??6f??6e??2e??52??75??6e??74??69??6d??65??4d??6f??64??75??6c??} \n \t\t $hex13= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex14= {57??64??51??68??6d??4c??54??57??74??48??44??62??52??63??6d??70??4f??6b??77??70??4d??68??59??6f??69??4f??4c??5a??0a??} \n \t\t $hex15= {70??72??6f??67??72??65??73??73??42??61??72??31??2e??4c??6f??63??6b??65??64??0a??} \n \t\t $hex16= {70??72??6f??67??72??65??73??73??42??61??72??31??2e??4d??6f??64??69??66??69??65??72??73??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b0deda9f8354364d78134de41f845a194f29dc6e24f6e68c6d959e2e518f3791 Group", "expiration": null, "is_active": 1 }, { "id": 3409661119, "indicator": "abda33315e91add70b3afbbcc8c663c703340d78", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-26-09\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"48159a39e517694cd35dec553de4ee04\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"'Beginnings' Dresser\" fullword wide \n \t\t $s3= \"Chambord Dresser\" fullword wide \n \t\t $s4= \"checkedListBox1\" fullword wide \n \t\t $s5= \"Corporate information\" fullword wide \n \t\t $s6= \"Customer service\" fullword wide \n \t\t $s7= \"Customer Support\" fullword wide \n \t\t $s8= \"DateTimePicker1\" fullword wide \n \t\t $s9= \"FileDescription\" fullword wide \n \t\t $s10= \"'Gabriella' Bookcase\" fullword wide \n \t\t $s11= \"LegalTrademarks\" fullword wide \n \t\t $s12= \"MAJOR APPLIANCES\" fullword wide \n \t\t $s13= \"NetRunpe.vItKUvDNTRnTi\" fullword wide \n \t\t $s14= \"OriginalFilename\" fullword wide \n \t\t $s15= \"Our Re-invention\" fullword wide \n \t\t $s16= \"Product recalls\" fullword wide \n \t\t $s17= \"Protection Plans\" fullword wide \n \t\t $s18= \"rectangular (3)\" fullword wide \n \t\t $s19= \"Rewards Program\" fullword wide \n \t\t $s20= \"Silverlight.exe\" fullword wide \n \n \t\t $hex1= {27??42??65??67??69??6e??6e??69??6e??67??73??27??20??44??72??65??73??73??65??72??0a??} \n \t\t $hex2= {27??47??61??62??72??69??65??6c??6c??61??27??20??42??6f??6f??6b??63??61??73??65??0a??} \n \t\t $hex3= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex4= {43??68??61??6d??62??6f??72??64??20??44??72??65??73??73??65??72??0a??} \n \t\t $hex5= {43??6f??72??70??6f??72??61??74??65??20??69??6e??66??6f??72??6d??61??74??69??6f??6e??0a??} \n \t\t $hex6= {43??75??73??74??6f??6d??65??72??20??53??75??70??70??6f??72??74??0a??} \n \t\t $hex7= {43??75??73??74??6f??6d??65??72??20??73??65??72??76??69??63??65??0a??} \n \t\t $hex8= {44??61??74??65??54??69??6d??65??50??69??63??6b??65??72??31??0a??} \n \t\t $hex9= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex10= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex11= {4d??41??4a??4f??52??20??41??50??50??4c??49??41??4e??43??45??53??0a??} \n \t\t $hex12= {4e??65??74??52??75??6e??70??65??2e??76??49??74??4b??55??76??44??4e??54??52??6e??54??69??0a??} \n \t\t $hex13= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {4f??75??72??20??52??65??2d??69??6e??76??65??6e??74??69??6f??6e??0a??} \n \t\t $hex15= {50??72??6f??64??75??63??74??20??72??65??63??61??6c??6c??73??0a??} \n \t\t $hex16= {50??72??6f??74??65??63??74??69??6f??6e??20??50??6c??61??6e??73??0a??} \n \t\t $hex17= {52??65??77??61??72??64??73??20??50??72??6f??67??72??61??6d??0a??} \n \t\t $hex18= {53??69??6c??76??65??72??6c??69??67??68??74??2e??65??78??65??0a??} \n \t\t $hex19= {63??68??65??63??6b??65??64??4c??69??73??74??42??6f??78??31??0a??} \n \t\t $hex20= {72??65??63??74??61??6e??67??75??6c??61??72??20??28??33??29??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_5cb8b4b4511802763cb4203ee9af57b798cf44d1b921925c1980921012800c0c Group", "expiration": null, "is_active": 1 }, { "id": 3409661120, "indicator": "8cc33500b9589458e9c19e2ecc03d07445d44e2f", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Dynamer!rfn", "description": "SHA1 of bd448ed9c8b1e367ea4f846bfc13c17e", "expiration": null, "is_active": 1 }, { "id": 1386572213, "indicator": "34a0e40e9bdd241244a224dee2942aec879d395318e70768e7cfce2e0276fda6", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Dynamer!rfn", "description": "SHA256 of bd448ed9c8b1e367ea4f846bfc13c17e", "expiration": null, "is_active": 1 }, { "id": 3409661121, "indicator": "c4196a730829d5cb627315ad14cc1a70223282ad", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_34a0e40e9bdd241244a224dee2942aec879d395318e70768e7cfce2e0276fda6 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_34a0e40e9bdd241244a224dee2942aec879d395318e70768e7cfce2e0276fda6 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-25-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bd448ed9c8b1e367ea4f846bfc13c17e\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid filename\" fullword wide \n \t\t $s13= \"Invalid ImageList\" fullword wide \n \t\t $s14= \"Tuesday Wednesday\" fullword wide \n \t\t $s15= \"Variant overflow\" fullword wide \n \t\t $s16= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex14= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex15= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex16= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t17 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_34a0e40e9bdd241244a224dee2942aec879d395318e70768e7cfce2e0276fda6 Group", "expiration": null, "is_active": 1 }, { "id": 3409661122, "indicator": "14ffa74eac88ab864f68973ab3c748c143f4f84e", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 8cf1c74955a561ce883a703b1faff789", "expiration": null, "is_active": 1 }, { "id": 1386572413, "indicator": "63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 8cf1c74955a561ce883a703b1faff789", "expiration": null, "is_active": 1 }, { "id": 3409661123, "indicator": "eb1a3b3930a89452a97c9e854b29f02574fd8735", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-25-54\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8cf1c74955a561ce883a703b1faff789\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"NIY11m28SK5wC17\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"SpotStream.Properties.Resources\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4e??49??59??31??31??6d??32??38??53??4b??35??77??43??31??37??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??70??6f??74??53??74??72??65??61??6d??2e??50??72??6f??70??65??72??74??69??65??73??2e??52??65??73??6f??75??72??63??65??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29 Group", "expiration": null, "is_active": 1 }, { "id": 3409661124, "indicator": "078f65134c89bf071a61efb5948de10c9427df00", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_c359fd0f9dac8f4af2962f21260dd4661fc27a7d787e1e6c7a71dc056b95071e { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_c359fd0f9dac8f4af2962f21260dd4661fc27a7d787e1e6c7a71dc056b95071e Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-25-45\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"1601fd5152f9fa9551c0c61fb208ebb7\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"10DqxnCVtA3Puc7\" fullword wide \n \t\t $s2= \"Assembly Version\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"LegalTrademarks\" fullword wide \n \t\t $s5= \"N2544Zo5g163dw0\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {31??30??44??71??78??6e??43??56??74??41??33??50??75??63??37??0a??} \n \t\t $hex2= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex5= {4e??32??35??34??34??5a??6f??35??67??31??36??33??64??77??30??0a??} \n \t\t $hex6= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_c359fd0f9dac8f4af2962f21260dd4661fc27a7d787e1e6c7a71dc056b95071e Group", "expiration": null, "is_active": 1 }, { "id": 3409661125, "indicator": "ddeba8d58c67cbd87ef474ba10b5d047d60b1650", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA1 of bd816e3d3f328b6d534d012927d513af", "expiration": null, "is_active": 1 }, { "id": 1386572731, "indicator": "b87b55e4fd40aeee2a92add4aec6b4273c5f723550e5d13923858ba623e5acf2", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "VirTool:MSIL/Injector", "description": "SHA256 of bd816e3d3f328b6d534d012927d513af", "expiration": null, "is_active": 1 }, { "id": 3409661126, "indicator": "888e63a94118dfa99b3d2ae7e64c0e47ccba6fc6", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_b87b55e4fd40aeee2a92add4aec6b4273c5f723550e5d13923858ba623e5acf2 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_b87b55e4fd40aeee2a92add4aec6b4273c5f723550e5d13923858ba623e5acf2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-25-43\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"bd816e3d3f328b6d534d012927d513af\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"FileDescription\" fullword wide \n \t\t $s3= \"lld.eroC.metsyS\" fullword wide \n \t\t $s4= \"lld.gniwarD.metsyS\" fullword wide \n \t\t $s5= \"lld.tnemeganaM.metsyS\" fullword wide \n \t\t $s6= \"OriginalFilename\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \t\t $s8= \"WAIeN1keYiysVwBI.Program.exe\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex3= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex4= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \t\t $hex5= {57??41??49??65??4e??31??6b??65??59??69??79??73??56??77??42??49??2e??50??72??6f??67??72??61??6d??2e??65??78??65??0a??} \n \t\t $hex6= {6c??6c??64??2e??65??72??6f??43??2e??6d??65??74??73??79??53??0a??} \n \t\t $hex7= {6c??6c??64??2e??67??6e??69??77??61??72??44??2e??6d??65??74??73??79??53??0a??} \n \t\t $hex8= {6c??6c??64??2e??74??6e??65??6d??65??67??61??6e??61??4d??2e??6d??65??74??73??79??53??0a??} \n \n \tcondition: \n \t\t8 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_b87b55e4fd40aeee2a92add4aec6b4273c5f723550e5d13923858ba623e5acf2 Group", "expiration": null, "is_active": 1 }, { "id": 3409661127, "indicator": "83092d1431354a29f2c37a9c0686e6b9d300e675", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA1 of 4e6bafcec589088de1311aab0d183732", "expiration": null, "is_active": 1 }, { "id": 1386399296, "indicator": "db4d8d931f1b979cf32d311f9b03e851d3283b4f7e86252730247da25cf9f093", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Trojan:Win32/Tiggre!rfn", "description": "SHA256 of 4e6bafcec589088de1311aab0d183732", "expiration": null, "is_active": 1 }, { "id": 3409661128, "indicator": "798d4547ae6a75d47d5ce209afc06db0dfc57a8a", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_db4d8d931f1b979cf32d311f9b03e851d3283b4f7e86252730247da25cf9f093 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_db4d8d931f1b979cf32d311f9b03e851d3283b4f7e86252730247da25cf9f093 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-58\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"4e6bafcec589088de1311aab0d183732\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Inactive Border\" fullword wide \n \t\t $s9= \"Inactive Caption\" fullword wide \n \t\t $s10= \"Invalid argument\" fullword wide \n \t\t $s11= \"Invalid filename\" fullword wide \n \t\t $s12= \"Invalid ImageList\" fullword wide \n \t\t $s13= \"Tuesday Wednesday\" fullword wide \n \t\t $s14= \"Variant overflow\" fullword wide \n \t\t $s15= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex14= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex15= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_db4d8d931f1b979cf32d311f9b03e851d3283b4f7e86252730247da25cf9f093 Group", "expiration": null, "is_active": 1 }, { "id": 3409661129, "indicator": "b509d1f414758b77fe9a0a6013638d8125427ffc", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA1 of fe211cdbef08afc113c6347e8421a94a", "expiration": null, "is_active": 1 }, { "id": 1386572689, "indicator": "ae24f8b00a0132160e5c54873dcd0b9441f917bf36b4c3673169ca56ad9a49af", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Delphi", "description": "SHA256 of fe211cdbef08afc113c6347e8421a94a", "expiration": null, "is_active": 1 }, { "id": 3409661130, "indicator": "0bd99cd74a8631fa8f7a77b4d8a390b12ecfd6a1", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_ae24f8b00a0132160e5c54873dcd0b9441f917bf36b4c3673169ca56ad9a49af { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_ae24f8b00a0132160e5c54873dcd0b9441f917bf36b4c3673169ca56ad9a49af Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-46\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"fe211cdbef08afc113c6347e8421a94a\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Info Background\" fullword wide \n \t\t $s12= \"Invalid argument\" fullword wide \n \t\t $s13= \"Invalid filename\" fullword wide \n \t\t $s14= \"Invalid ImageList\" fullword wide \n \t\t $s15= \"Tuesday Wednesday\" fullword wide \n \t\t $s16= \"Variant overflow\" fullword wide \n \t\t $s17= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??66??6f??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex16= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex17= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_ae24f8b00a0132160e5c54873dcd0b9441f917bf36b4c3673169ca56ad9a49af Group", "expiration": null, "is_active": 1 }, { "id": 3409661131, "indicator": "5f6a4d0e57839b6552af6e36ad9a85bfd96932a8", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_5f6811148946aa6c9ed7e97818c56305ace453fc39547e7987e6eb3ec1ebb153 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_5f6811148946aa6c9ed7e97818c56305ace453fc39547e7987e6eb3ec1ebb153 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-38\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"23ab444e2dfd407fb24eb2e806b5064f\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"FileDescription\" fullword wide \n \t\t $s2= \"Hyperforklet7.exe\" fullword wide \n \t\t $s3= \"LegalTrademarks\" fullword wide \n \t\t $s4= \"MOLLAXMSKIERD567\" fullword wide \n \t\t $s5= \"OriginalFilename\" fullword wide \n \t\t $s6= \"SDJIOFSRJKFHGJASDFHJKSDF\" fullword wide \n \t\t $s7= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex2= {48??79??70??65??72??66??6f??72??6b??6c??65??74??37??2e??65??78??65??0a??} \n \t\t $hex3= {4c??65??67??61??6c??54??72??61??64??65??6d??61??72??6b??73??0a??} \n \t\t $hex4= {4d??4f??4c??4c??41??58??4d??53??4b??49??45??52??44??35??36??37??0a??} \n \t\t $hex5= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex6= {53??44??4a??49??4f??46??53??52??4a??4b??46??48??47??4a??41??53??44??46??48??4a??4b??53??44??46??0a??} \n \t\t $hex7= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t7 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_5f6811148946aa6c9ed7e97818c56305ace453fc39547e7987e6eb3ec1ebb153 Group", "expiration": null, "is_active": 1 }, { "id": 3409661132, "indicator": "47f3d13317f6ba67b0373b7697d95b4b542e27eb", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-33\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"0d63350bd3ce6881618dd44b776b29f0\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"%1:.2d:%2:.2d:%3:.2d\" fullword wide \n \t\t $s2= \"Access violation\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"BDSUnthemedDesigner\" fullword wide \n \t\t $s6= \"CHINESEBIG5_CHARSET\" fullword wide \n \t\t $s7= \"clActiveCaption\" fullword wide \n \t\t $s8= \"clGradientActiveCaption\" fullword wide \n \t\t $s9= \"clGradientInactiveCaption\" fullword wide \n \t\t $s10= \"clHighlightText\" fullword wide \n \t\t $s11= \"clInactiveBorder\" fullword wide \n \t\t $s12= \"clInactiveCaption\" fullword wide \n \t\t $s13= \"clInactiveCaptionText\" fullword wide \n \t\t $s14= \"clMenuHighlight\" fullword wide \n \t\t $s15= \"clWebAntiqueWhite\" fullword wide \n \t\t $s16= \"clWebAquamarine\" fullword wide \n \t\t $s17= \"clWebBlanchedAlmond\" fullword wide \n \t\t $s18= \"clWebBlueViolet\" fullword wide \n \t\t $s19= \"clWebChartreuse\" fullword wide \n \t\t $s20= \"clWebCornFlowerBlue\" fullword wide \n \n \t\t $hex1= {25??31??3a??2e??32??64??3a??25??32??3a??2e??32??64??3a??25??33??3a??2e??32??64??0a??} \n \t\t $hex2= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??44??53??55??6e??74??68??65??6d??65??64??44??65??73??69??67??6e??65??72??0a??} \n \t\t $hex6= {43??48??49??4e??45??53??45??42??49??47??35??5f??43??48??41??52??53??45??54??0a??} \n \t\t $hex7= {63??6c??41??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex8= {63??6c??47??72??61??64??69??65??6e??74??41??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex9= {63??6c??47??72??61??64??69??65??6e??74??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {63??6c??48??69??67??68??6c??69??67??68??74??54??65??78??74??0a??} \n \t\t $hex11= {63??6c??49??6e??61??63??74??69??76??65??42??6f??72??64??65??72??0a??} \n \t\t $hex12= {63??6c??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex13= {63??6c??49??6e??61??63??74??69??76??65??43??61??70??74??69??6f??6e??54??65??78??74??0a??} \n \t\t $hex14= {63??6c??4d??65??6e??75??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex15= {63??6c??57??65??62??41??6e??74??69??71??75??65??57??68??69??74??65??0a??} \n \t\t $hex16= {63??6c??57??65??62??41??71??75??61??6d??61??72??69??6e??65??0a??} \n \t\t $hex17= {63??6c??57??65??62??42??6c??61??6e??63??68??65??64??41??6c??6d??6f??6e??64??0a??} \n \t\t $hex18= {63??6c??57??65??62??42??6c??75??65??56??69??6f??6c??65??74??0a??} \n \t\t $hex19= {63??6c??57??65??62??43??68??61??72??74??72??65??75??73??65??0a??} \n \t\t $hex20= {63??6c??57??65??62??43??6f??72??6e??46??6c??6f??77??65??72??42??6c??75??65??0a??} \n \n \tcondition: \n \t\t22 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_845ff37f059c40d0110f4d3ad82f04e196040079702f9277fd16a0fef7b22b40 Group", "expiration": null, "is_active": 1 }, { "id": 3409661133, "indicator": "9e1ba141e0d431e4de80919b646a2817be51a9ec", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "LokiBot", "description": "SHA1 of c03d1a32826e492be949149e8a410d61\nSHA1 of c03d1a32826e492be949149e8a410d61", "expiration": null, "is_active": 1 }, { "id": 1386572302, "indicator": "4efe96995fbf6b6398b515b5fca1b4c4e20b5c2a6fc2403d90a6f5b4debabaa2", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "LokiBot", "description": "SHA256 of c03d1a32826e492be949149e8a410d61\nSHA256 of c03d1a32826e492be949149e8a410d61", "expiration": null, "is_active": 1 }, { "id": 3409661134, "indicator": "0389f6438ff60f6df0cf25f1199485aa9c8faf26", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_4efe96995fbf6b6398b515b5fca1b4c4e20b5c2a6fc2403d90a6f5b4debabaa2 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_4efe96995fbf6b6398b515b5fca1b4c4e20b5c2a6fc2403d90a6f5b4debabaa2 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-32\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"c03d1a32826e492be949149e8a410d61\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Assembly Version\" fullword wide \n \t\t $s2= \"CCVMMZERECCNMXXRE\" fullword wide \n \t\t $s3= \"FileDescription\" fullword wide \n \t\t $s4= \"OriginalFilename\" fullword wide \n \t\t $s5= \"VS_VERSION_INFO\" fullword wide \n \n \t\t $hex1= {41??73??73??65??6d??62??6c??79??20??56??65??72??73??69??6f??6e??0a??} \n \t\t $hex2= {43??43??56??4d??4d??5a??45??52??45??43??43??4e??4d??58??58??52??45??0a??} \n \t\t $hex3= {46??69??6c??65??44??65??73??63??72??69??70??74??69??6f??6e??0a??} \n \t\t $hex4= {4f??72??69??67??69??6e??61??6c??46??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex5= {56??53??5f??56??45??52??53??49??4f??4e??5f??49??4e??46??4f??0a??} \n \n \tcondition: \n \t\t5 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_4efe96995fbf6b6398b515b5fca1b4c4e20b5c2a6fc2403d90a6f5b4debabaa2 Group", "expiration": null, "is_active": 1 }, { "id": 3409661135, "indicator": "32a640869725f00921de5112ea6041d34c6c69ab", "type": "FileHash-SHA1", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Malware.Daqc-6598201-0", "description": "SHA1 of 8181a196f61993494d896d9d3b5de72c", "expiration": null, "is_active": 1 }, { "id": 1386572467, "indicator": "7345fb4cbc01d8df8208b66a393aab61b77edd79f4d1a34516b70e9711b8c840", "type": "FileHash-SHA256", "created": "2022-03-28T19:17:23", "content": "", "title": "Win.Malware.Daqc-6598201-0", "description": "SHA256 of 8181a196f61993494d896d9d3b5de72c", "expiration": null, "is_active": 1 }, { "id": 3409661136, "indicator": "acbe50496d16bf065a824478cc58836d931fddc9", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_7345fb4cbc01d8df8208b66a393aab61b77edd79f4d1a34516b70e9711b8c840 { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_7345fb4cbc01d8df8208b66a393aab61b77edd79f4d1a34516b70e9711b8c840 Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-24\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"8181a196f61993494d896d9d3b5de72c\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Enhanced Metafiles\" fullword wide \n \t\t $s8= \"Highlight Background\" fullword wide \n \t\t $s9= \"Inactive Border\" fullword wide \n \t\t $s10= \"Inactive Caption\" fullword wide \n \t\t $s11= \"Invalid argument\" fullword wide \n \t\t $s12= \"Invalid argument.\" fullword wide \n \t\t $s13= \"Invalid filename\" fullword wide \n \t\t $s14= \"Invalid ImageList\" fullword wide \n \t\t $s15= \"Tuesday Wednesday\" fullword wide \n \t\t $s16= \"Variant overflow\" fullword wide \n \t\t $s17= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {45??6e??68??61??6e??63??65??64??20??4d??65??74??61??66??69??6c??65??73??0a??} \n \t\t $hex8= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex10= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex13= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??2e??0a??} \n \t\t $hex14= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex15= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex16= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex17= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t18 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_7345fb4cbc01d8df8208b66a393aab61b77edd79f4d1a34516b70e9711b8c840 Group", "expiration": null, "is_active": 1 }, { "id": 3409661137, "indicator": "fd982f64938d1b4733c43b785f04c24856dee3b0", "type": "YARA", "created": "2022-03-28T19:17:23", "content": "rule resteex_APTMalware_Gorgon_Group_f4a092fb455c70d6c3bb259da079742aa44935d77c4a63a9f150f9e8bb5fa42c { \n \tmeta: \n \t\t description= \"APTMalware_Gorgon_Group_f4a092fb455c70d6c3bb259da079742aa44935d77c4a63a9f150f9e8bb5fa42c Group\" \n \t\t author = \"Resteex Generator\" \n \t\t date = \"2022-03-28_12-24-20\" \n \t\t license = \"https://github.com/resteex0/yarex\" \n \t\t hash1= \"29f4c6cf1897ed6c158f6335e0998a38\" \n \n \tstrings: \n \n \t \n \t\t $s1= \"Access violation\" fullword wide \n \t\t $s2= \"Application Workspace\" fullword wide \n \t\t $s3= \"Assertion failed\" fullword wide \n \t\t $s4= \"August September\" fullword wide \n \t\t $s5= \"Button Highlight\" fullword wide \n \t\t $s6= \"Default Gray Text\" fullword wide \n \t\t $s7= \"Highlight Background\" fullword wide \n \t\t $s8= \"Inactive Border\" fullword wide \n \t\t $s9= \"Inactive Caption\" fullword wide \n \t\t $s10= \"Invalid argument\" fullword wide \n \t\t $s11= \"Invalid filename\" fullword wide \n \t\t $s12= \"Invalid ImageList\" fullword wide \n \t\t $s13= \"Tuesday Wednesday\" fullword wide \n \t\t $s14= \"Variant overflow\" fullword wide \n \t\t $s15= \"Window Background\" fullword wide \n \n \t\t $hex1= {41??63??63??65??73??73??20??76??69??6f??6c??61??74??69??6f??6e??0a??} \n \t\t $hex2= {41??70??70??6c??69??63??61??74??69??6f??6e??20??57??6f??72??6b??73??70??61??63??65??0a??} \n \t\t $hex3= {41??73??73??65??72??74??69??6f??6e??20??66??61??69??6c??65??64??0a??} \n \t\t $hex4= {41??75??67??75??73??74??20??53??65??70??74??65??6d??62??65??72??0a??} \n \t\t $hex5= {42??75??74??74??6f??6e??20??48??69??67??68??6c??69??67??68??74??0a??} \n \t\t $hex6= {44??65??66??61??75??6c??74??20??47??72??61??79??20??54??65??78??74??0a??} \n \t\t $hex7= {48??69??67??68??6c??69??67??68??74??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \t\t $hex8= {49??6e??61??63??74??69??76??65??20??42??6f??72??64??65??72??0a??} \n \t\t $hex9= {49??6e??61??63??74??69??76??65??20??43??61??70??74??69??6f??6e??0a??} \n \t\t $hex10= {49??6e??76??61??6c??69??64??20??49??6d??61??67??65??4c??69??73??74??0a??} \n \t\t $hex11= {49??6e??76??61??6c??69??64??20??61??72??67??75??6d??65??6e??74??0a??} \n \t\t $hex12= {49??6e??76??61??6c??69??64??20??66??69??6c??65??6e??61??6d??65??0a??} \n \t\t $hex13= {54??75??65??73??64??61??79??20??57??65??64??6e??65??73??64??61??79??0a??} \n \t\t $hex14= {56??61??72??69??61??6e??74??20??6f??76??65??72??66??6c??6f??77??0a??} \n \t\t $hex15= {57??69??6e??64??6f??77??20??42??61??63??6b??67??72??6f??75??6e??64??0a??} \n \n \tcondition: \n \t\t16 of them \n }", "title": "", "description": "APTMalware_Gorgon_Group_f4a092fb455c70d6c3bb259da079742aa44935d77c4a63a9f150f9e8bb5fa42c Group", "expiration": null, "is_active": 1 } ]