Threat Roundup for March 22 to March 29

2019-03-29T10:04:00
ID TALOSBLOG:77B3CE40463361468D1C737E57AF5C10
Type talosblog
Reporter noreply@blogger.com (William Largent)
Modified 2019-03-29T17:04:42

Description

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 22 and March 29. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

For each threat described below, this blog post only lists 25 of the associated file hashes. An accompanying JSON file can be found here that includes the complete list of file hashes, as well as all other IOCs from this post. As always, please remember that all IOCs contained in this document are indicators, and one single IOC does not indicated maliciousness.

The most prevalent threats highlighted in this roundup are:

  • PUA.Win.Adware.Dealply-6911925-0
    Adware
    DealPly is an adware program that installs an add-on for web browsers and displays malicious ads.

  • Win.Malware.Razy-6911785-0
    Malware
    Razy is oftentimes a generic detection name for a Windows trojan. They collect sensitive information from the infected host and encrypt the data, and send it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting/creating a value in the registry for persistence.

  • Win.Malware.Emotet-6910311-0
    Malware
    Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails.

  • Win.Packed.Zbot-6911628-0
    Packed
    Zbot, also known as Zeus, is trojan that steals information such as banking credentials using a variety of methods, including key-logging and form-grabbing.

  • Win.Malware.Sakurel-6911517-0
    Malware
    Sakurel is a variant of the Sakula trojan (first surfaced in November 2012)that downloads potentially malicious files onto the compromised computer. It also enables an adversary to run interactive commands and upload files to the C2 host.

  • Win.Malware.Triusor-6911670-0
    Malware
    Triusor is a highly polymorphic malware family. All the binaries are packed and obfuscated to hinder the static analysis. The malware contains code that complicates the dynamic analysis. Once it is executed, the samples perform code injection.

  • Win.Malware.Lunam-6911603-0
    Malware
    Lunam is a trojan that contains Autorun-worm functionality. It injects into the Windows system to change permissions. It also disables anti-virus security suites or the Windows firewall and changes browser settings


Threats

PUA.Win.Adware.Dealply-6911925-0

Indicators of Compromise

Registry Keys

  • N/A Mutexes

  • N/A IP Addresses contacted by malware. Does not indicate maliciousness

  • 239[.]255[.]255[.]250

  • 172[.]217[.]12[.]206
  • 172[.]217[.]12[.]163
  • 172[.]217[.]10[.]67
  • 172[.]217[.]10[.]35
  • 224[.]0[.]0[.]251
  • 216[.]1[.]28[.]82
  • 172[.]217[.]15[.]99
  • 62[.]212[.]73[.]98
  • 100[.]43[.]94[.]16
  • 5[.]45[.]205[.]241
  • 5[.]45[.]205[.]244
  • 100[.]43[.]94[.]15
  • 172[.]217[.]10[.]109 Domain Names contacted by malware. Does not indicate maliciousness

  • accounts[.]google[.]com

  • www[.]gstatic[.]com
  • ssl[.]gstatic[.]com
  • update[.]googleapis[.]com
  • clients2[.]google[.]com
  • redirector[.]gvt1[.]com
  • _googlecast[.]_tcp[.]local
  • clientservices[.]googleapis[.]com
  • download[.]yandex[.]ru
  • dl[.]xetapp[.]us
  • xetapp[.]com
  • cdn[.]yandex[.]net
  • cache-ash03[.]cdn[.]yandex[.]net
  • r7---sn-mv-2iae[.]gvt1[.]com
  • YBFXNRZPPP
  • IJTEPYX
  • GVJDSZTMWUXYXZ Files and or directories created

  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk2.tmp\INetC.dll

  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\y_installer.exe
  • %TEMP%orary Internet Files\Content.IE5\X1IF8CSM\downloader[1].exe
  • \TEMP\Google Chrome\chrome.setup.exe
  • %WinDir%\Temp\gui2E57.tmp File Hashes

  • 00123316d0d50612ae581d310b722adcfe97939180f3d02034deb8a4935db073

  • 005d28b3585939c62cdf9de3c8622d7d11a4a8e48a2066bea1a37e6bd59f19e6
  • 01b53d747656c8975c8dc26f6d1cf869209cb1cdc91e1b1d1ab0d2421e82c6dc
  • 03d4f4533bca92fc7f4f8b789b5406cde3dfa8e0f51587d442ab65576b051379
  • 0584466198891f6726a8bebd13bb5566deb9eaa7f9c39086959e43558576e5eb
  • 08aa13cd31f3a41d553f852cc15ae35104bb8fdea8ddc4183b60d3570733990c
  • 08d3879f6a6413026a2a3c0a2af5949fabd241f26be53081b72a03f71618fe3a
  • 08e5212e369cadc9997c0fa6ab388299424f3854c872e267b74195d2f64ff501
  • 09fbdc8c40da22238392ffc7d45c1aaba3a1fa4073ab5177fc799b722e12f252
  • 0b3af8d26acf742223b6dac474c571bf743bb72f58063279b408515cb3ebfbb7
  • 0d7b69e58899e6a43eb7b2827d9d00b208c30c22ee46852d96b80dafae7a04e2
  • 0e6a6dcb6e595f45cf8fe16af2f9bae5eaa8ce3b9169ac340d289c76957e22b1
  • 11445175b675b5ee7b10d5b28480db8c827e2ebe768b0834733e76dbf22b8ad6
  • 115e00754759406773da16c1b0668f88f23e5ea124e1d588a483bb2c56764b74
  • 11732b1aac1328bae5eb1b96aa697216b8ee6f1253f151a7d757bc4542f0c791
  • 11b4e49162f47d330544617a8f0fe6593329ce4d1cc839602460085444df70b8
  • 1210b7eb9b7c3b8c4718c77d7cff8856982b66080ad3c2331d45e4e8deac22ab
  • 1259006aa8f53918b989be47ca6a6cbe0e3335acea98ab1944c851879c3f42c1
  • 126892e91774e5ad27d17b80b48b781cb47d8087e2555bb4afa4bfbcb26e2f60
  • 12a3a0f24d76144112dbe76f48a82e41ada02464e9bb412a100a67dfb4c73165
  • 14176d5bcf716484d40e3a53c7e9038115fe74cb0a4f13f8a2f814e6cd2b361c
  • 15d3b56e2b9727161bca8cf336cff5db3673ba4a0d764216ab77818a2994567c
  • 164fbcde41707cbda009ec59bc09b66c7e24a6a2725b45f235074b30952cc1d0
  • 169a9b9d6722fa3a4336063814a5ad1ffefcb7a8f7e124fcdc2e64793201cd44
  • 17a7101429c0d488610f9d47c489cc220db79ed501db1f362840c879cdd7f25c

Coverage

Screenshots of Detection

AMP



ThreatGrid



Malware


Win.Malware.Razy-6911785-0

Indicators of Compromise

Registry Keys

  • N/A Mutexes

  • N/A IP Addresses contacted by malware. Does not indicate maliciousness

  • N/A Domain Names contacted by malware. Does not indicate maliciousness

  • N/A Files and or directories created

  • %SystemDrive%\TEMP\b35ab4f64eca00d5aea7ffefd5a39385a8412c6149e5b668ed283dca017891ef.exe

  • %SystemDrive%\375278630.exe
  • %SystemDrive%\old_375278630.exe (copy) File Hashes

  • 3a05c43d6d78b963868d6a5c753adfbc15278a8e28f53d88cfbd872547ec3aec

  • 41b538fe12a5e63e8098e697f74bf54eecb3110ac76e40815691962a8d9d3f09
  • 533084e836d9450028b1bdf1513af2a608ee34fed7b8e3a72e68840b838ab5b1
  • 815131146c5665a49b103b24c32a55cde259e2019d3f1b086d822aedbb8ab3db
  • 838db2a9ceaf95fd2eaaec1c09707c763e6d7c349d62c9d9cb6037ed43dab1bc
  • 84c8d09cdbf087971625951be2cd3a3d284b079917e9511b6b3195e1b37caa6b
  • 9d5a0d566dcbeccb9d5f4a6f566491169d4c40730308907e37ff56a655646f2f
  • b35ab4f64eca00d5aea7ffefd5a39385a8412c6149e5b668ed283dca017891ef
  • bf78cb5fe8652c2d8fefbb2180266763b54d6714de861496373fd4d3383f1fb0
  • c1d8276493d369115b9c7cd2bf4aeb7cc19541daac649febe0fb9e5d921d67b1
  • d33d6e3c9eea1d11b5264243a78ee3224d2c25d80ba50dc654d5b8f78d3c8560
  • d67cae05ddf102085c273532565eb11060311ef323a493dc0892876e5ad6fb42
  • e643beed5c1dc1b4a28e8f0c6cc2452a8f5199b1225d6bc3231c3d805ca32085

Coverage

Screenshots of Detection

AMP

ThreatGrid

Malware

Win.Malware.Emotet-6910311-0

Indicators of Compromise

Registry Keys

  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\startedturned
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: Type
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: Start
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: ErrorControl
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: ImagePath
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: DisplayName
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: WOW64
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED
    • Value Name: ObjectName
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\STARTEDTURNED

    • Value Name: Description Mutexes
  • Global\I98B68E3C

  • Global\M98B68E3C IP Addresses contacted by malware. Does not indicate maliciousness

  • 190[.]48[.]129[.]88

  • 186[.]71[.]61[.]94
  • 189[.]250[.]182[.]236
  • 188[.]48[.]145[.]96
  • 189[.]155[.]152[.]129
  • 187[.]136[.]144[.]197
  • 189[.]236[.]193[.]173 Domain Names contacted by malware. Does not indicate maliciousness

  • N/A Files and or directories created

  • %WinDir%\SysWOW64\XS0hFlArdwCf0zhrY35.exe File Hashes

  • 02dc761ae5a8a5542891efd4c7c5e5f60c52b34fc2934aa0d4f2995a02ac2bc4

  • 0f5c870d9dd71cd8d69d94ae0bedbc1f6d9a987819b3267e5b418448ae2d5d06
  • 1f34fd280d7c58e27f43025d09b39a77227fe79b1256e11e546beee969661ae8
  • 3e0482cb8f6a4f2d5be6c231595b00e609d0ce1838e82557d831f9a040b736ff
  • 40e798c3b6a17cea35eec9d36e19769d08b5943d6a268fd604982700a5190cf5
  • 453660efedf6d54a62413366943f253ce66ae2b7e86279cc97422f10ad70c3de
  • 4c95516e8c914ae60f88d592755325a681dfb733b5d0bbd61bf9fc531df54488
  • 61739f55965706a048c60f1e71be620da070ff36a14c4d73979144725e580513
  • 7184a99a2bd5bf6db7ba4da71339f43bbfde3609ed2cc4be8b1d907306d14428
  • 762234da23e0457add13183b41711504bbd2feff7c7c72074491c6a072111bd7
  • 8f0e47da47bd92eb6b9378f45b5ac9a5f74272d9cca6579163167f05437a02d3
  • 9e7f5171472e332c77f8b7d0579269e57c8134b159c88a68855b7f72ca170ad3
  • ae9c8e66b79f89482e2f000f45d038c1d34f9fd273bdce7e39bb41f74ddd5feb
  • c8a066be1844023052522a57c358b1a8f2b33efebbc4e9d4571bb853782490cc
  • dc411454126d314aa4163c446bc127acb4f5d3089c04307cc3b2a80d788b32eb
  • e022960903709ba6bc0686a41ecba98dddbeb2afc45c8ec3ef6612d3ca7154af
  • e1c8d1494031d4e48044da56b6f9e42a4debfee273bb23c34bfcaf01f24d03ba
  • fa57b2fa7dff02e445be673d1c20e09c6e15515b05b729c5ae29c38cf4ca1918

Coverage

Screenshots of Detection

AMP



ThreatGrid

Win.Packed.Zbot-6911628-0

Indicators of Compromise

Registry Keys

  • N/A Mutexes

  • N/A IP Addresses contacted by malware. Does not indicate maliciousness

  • 207[.]148[.]248[.]143 Domain Names contacted by malware. Does not indicate maliciousness

  • aatextiles[.]com Files and or directories created

  • %LocalAppData%\Temp\budha.exe File Hashes

  • 006fcf37a0eb468cc72fd889b5a681d95408211c72ff26f9622bf6f34deac34a

  • 032c2e1170585576a48dac78598f2c6e0cff6660a2357aaf530bc48a09a88bf5
  • 03f24818854c539e345eadf79579b18a07bae62cb0694e57f2fa38dcfaab2b6e
  • 04d1f5ec23449c4f732acc9871df1bc0273ebd7decaecf4a23cf0d36c9492050
  • 053b92b9d7df8f0da498304efe8630b1a52206cc4ec97d72e4372ea4feeebeaf
  • 0577c05d5a14456d6ecaf2e89f44fe2765fddc26e4ad1a8be0561883546b5ce1
  • 064718741b944136613994295d0bfd2aaa4e8e0ccc4ce926cb8e5fea73d99b43
  • 07bd1541aba14c60addc1eb4850c14c227d826ecfd0ddd27705c15aad8b321f8
  • 07cb9376ea9258a4589f0c163035139c6ee8198df832dffa0de6cbc4995e1f10
  • 0862089c5b5460b063b4d31e5f1f86e196e5c9eb2d5bad1ddaeba547dfa468f1
  • 089c5bcad0f614fd269e5965bbb1511def4900f291ea8a4f4a1aca40216ac937
  • 08fed1af781ac399a40d43f2e24b63407523e0b14f95b9eb6e4684ef41dbf8da
  • 093b2949f7eeb6b39257a2c8f39e13bb9db57d67d061c27e27ef6e277a6ea8b5
  • 097259c049318a5db1857e229b1ee7c9d94ec345a18520d8575fdf35eac82176
  • 0b7f0baf87ed9c40db3b4e815d8f6c7f0bd7b8e7d7206995ca8a5ace51abbf28
  • 0c63edade791db8a62b82efe5a939cbf8d4871ae591bf15c76fa33b644a82b0b
  • 0dd82df5bb5e22a46bb144b4160979a35c5e797312c0fb0bbbc8c9d9ebb4338a
  • 0e26f8c0c7c9135596c7509af558f395b448c1e86bb5aee9390ee273bd7e94f8
  • 0edbb5f72d21295d80038f417a5820d9b14b5a9f925ee7fc4729bad033e7102c
  • 0efda7d9834bfa4a6376a3ee2015d46839617a459b1a1e6f6ad4bbe18f3c1460
  • 11f616a534a8ddd2c4a6f568170ba94fd6201f3e32df93a9c1a3ddde65280bb5
  • 1219a20531c12eb6eee26c29cd0eabfd5b5576891529b2d47b6d13607481d1de
  • 123730b855330b05fb55d5c2cd2aa8f7afb7949370c4271b3d826880c22f89ba
  • 1341bafd3d3de435258abc5bd5b45a7930cb4c8755cbabdee1b7df022cfb5119
  • 1378a83d0b13060d77f0312292b79f374633475dffeaebaea7b4bcef0639dd3f

Coverage

Screenshots of Detection

AMP

ThreatGrid


Win.Malware.Sakurel-6911517-0

Indicators of Compromise

Registry Keys

  • N/A Mutexes

  • \BaseNamedObjects\I-Worm.PlutonX IP Addresses contacted by malware. Does not indicate maliciousness

  • 204[.]11[.]56[.]48

  • 184[.]22[.]175[.]13
  • 216[.]218[.]206[.]69 Domain Names contacted by malware. Does not indicate maliciousness

  • citrix[.]vipreclod[.]com Files and or directories created

  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MicroMedia\MediaCenter.exe

  • \My Downloads\Winzip 8.0 Full Downloader.exe
  • \My Downloads\The Neverending Story Part I ISO - Full Downloader.exe
  • \My Downloads\The Eye Of Kraken ISO - Full Downloader.exe
  • \My Downloads\The Thing Crack.exe
  • \My Downloads\Zidane-ScreenInstaler Crack.exe
  • %WinDir%\rundll32_.exe
  • \My Downloads\The Thing Full Downloader.exe
  • \My Downloads\The Eye Of Kraken Full Downloader.exe
  • \My Downloads\ZoneAlarm Firewall Full Downloader.exe
  • \My Downloads\Xbox.info Crack.exe File Hashes

  • 21d0875cb4b3a6eaa8aaedc10df7ac41491933d83bf5737ac2b153b04bbaaa25

  • 31729931bcf1f4880d7ba572162c9de25e4c492da45dde394388a589db572973
  • 47d4dc07f53d47045c9429f7c58b9a3f7a2b1f4f9896372de24aaab6a195006b
  • 59dcec5311f321bc0271b412fbdf3a3afc7e081b7248cc34ee41b705a71de37a
  • 5fea4433f887675fff05d18a1e73b51c711075743f5effd0124d386161eb714e
  • 7b98c5758daae76d49f2cc088385920c8c0025e605170a76db82e076461cf4cf
  • 8486bbbd2b8dd837bfb5ffdefeb3bd6462696792ce768bf4d4bd07f60b0b6023
  • a55672ffa051c6331e51e36e050a37a1822c3e4ad3b23c32fbc712101c1841cc
  • c12dcb306f9f3d54aeb93672fb67bbb6e02e7bfd02606a24964902ea5c31988b
  • cc8b72eab90eddc9495b3168f7f5e56b61831c7f5828a8c2ac019d7821ae05ce
  • f3dc6f0e865e4aee50a83467eec156c3d38ca856edffb75714cfec73d692965e
  • f9a769450b23e9b2e7dd54092f84b902cab433ed83ad9cd3aa7dbb915fe7c3a9

Coverage

Screenshots of Detection

AMP



ThreatGrid

Win.Malware.Triusor-6911670-0

Indicators of Compromise

Registry Keys

  • N/A Mutexes

  • --- IP Addresses contacted by malware. Does not indicate maliciousness

  • N/A Domain Names contacted by malware. Does not indicate maliciousness

  • N/A Files and or directories created

  • %WinDir%\SysWOW64\URTTEMP\regtlib.exe

  • %SystemDrive%\System Volume Information\_restore{2DD8912A-F65A-4BB8-A47E-3B7997479CBD}\RP1\A0000192.exe
  • %SystemDrive%\System Volume Information\_restore{2DD8912A-F65A-4BB8-A47E-3B7997479CBD}\RP1\A0000193.exe File Hashes

  • 03aff9a48d8198ce8c40f2b0ad2a922bc0e80f598f66d97b75c12c89aec0bfce

  • 048d526df6efc4adc3b9e6ad2ef8936ba423fa5a8401a67365093206690a74f8
  • 05f6b95ebcb80d1d4fc67a3fa37b5575dcaefb5f19af24a22e1593e43a6828da
  • 0eb229b7c25a75faf6408b0b34a8e6318fd0de237399b20abea960cce1e74a33
  • 118a87e2a3491c374cbdf2a322a7c526fa4313774198ca094a2b9b5167010045
  • 134006bdec93b2bb61a839d95e006ac336c7bc139860200874ad9ac720fa1716
  • 13565a1b840b26a75e10d2860210c2eec745e738e967dfc992ce68498f05e37b
  • 14dc5638711af0d523fa82bed60f12e2072f18f6aad26c3d7118140778ba8111
  • 1c221eb1e17a85f205833b23ed2b6ab314715fe9c4742d189ba91ad0d9e56a7f
  • 2079a72947018cb8aee28ac29aae59049eb55eeae62b274dc4432d4e10ae4b2b
  • 27a45ef2fca67f3ad606ef9a321d2c06718b19906c13d2836976200cadbb8cdd
  • 280dd92b330515c2643f9608d93a4035eab996694423b6fca2e3bd95bd2e97a5
  • 299bbeb900d33999fb20b9c38b772590161e9f815de24049e066ab90e33dac34
  • 2b3b5caa2b92330216ec6bdd6bae21221b29086e128a3fb176f20525432042f9
  • 335900e28645a0958e3c97c62f5d4ded50e4f87a980a19c35269bbf433e006cd
  • 34c13a759df60c7ba1360a54f01bcdf791dac658fcaf10c57455b45ee4d016f5
  • 37710f05180b0678f4d3bd7672d4ca37d030ff452c19ef76e64142b96c960f9d
  • 3d7c4d54cee4d196a7cd556ce8e3b4689721d734119327337c9bc2744927484a
  • 42de9566d55d8f6ce77ba26caafae8185bd5dc3f1309c5b2bc9d733eafa84a9c
  • 436a31762430ce02a1bb023d82302fa21e4a00be29e9f1bac8547a78ec0ae5a6
  • 4888619469ca159498876d4e744005bb19e9d9dff35aab73d5ecfb5a706bc691
  • 4efa26b70dc73146483af6f5fe626d983d2a11d26f652938617dba46598b9e2d
  • 4f8339dfff27003cbe79b1be2527da1948c44d70ae08c7a54d3babadb5e3e147
  • 51881a2de30681cd4f4ebb00bd8512bb4a96448c1cb2d7756b686913c5e2d06a
  • 52b9af1d286700f44cf182dd18f521707ae9886caa8dbada02613f7d94c1bad8

Coverage

Screenshots of Detection

AMP



ThreatGrid

Win.Malware.Lunam-6911603-0

Indicators of Compromise

Registry Keys

  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
    • Value Name: ShowSuperHidden
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
    • Value Name: HideFileExt
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
    • Value Name: SuperHidden
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDEFILEEXT
    • Value Name: DefaultValue
  • <HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
    • Value Name: PC
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

    • Value Name: avscan Mutexes
  • N/A IP Addresses contacted by malware. Does not indicate maliciousness

  • N/A Domain Names contacted by malware. Does not indicate maliciousness

  • N/A Files and or directories created

  • %SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

  • \Autorun.inf
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avscan.exe
  • %WinDir%\W_X_C.vbs
  • %WinDir%\hosts.exe
  • %WinDir%\W_X_C.bat
  • \Rahasia_Ku.exe
  • \usb.exe File Hashes

  • 268360c9cb3592f64adf615a6cbd3f9dd799c3dbac53ebf42991400f95ef47ff

  • 2f0bb43a6456a418be91581203c6bae6c32ff2d6397b1ffabab8026e9182f0d9
  • 35d132fbcaded5414ae1a2b1b4ef24c6a8c4756a43149b3da77f6aef8a572213
  • 48acda29ed39adbddc39578160cdc8a01c4c50ead27fea48a8b9a6b42c43a1d3
  • 589367bc5cbad71d471ab9089c9afa2b48f6492f994b4e1f30e35d7c97529d85
  • 716d112abbcfc643dabaa7671862689c4f93c1ee42b5c2d7761335184c277dc2
  • 758af45b0efa214661c2f555f721d77fa378c91de8feec5f510116b701049000
  • 80aa6589cdf6d87c1edca15d9fd1759347b3a1d9e3536ad21edbb35c27a4a832
  • d0e0d54cde79126e6417b1b6650aee61d9bef995cb5eea17ea418e207c163f81
  • ea6acafa5950c15740e1b1f6a9975283b484e775318720bedc9b90f8f258e45b
  • f20e50dbe18dee4e864259f99ffc8b7b6c2a41e6a821093502746e1daf8efabe

Coverage

Screenshots of Detection

AMP

ThreatGrid