Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between December 29 and January 05. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
The most prevalent threats highlighted in this round up are:
Doc.Downloader.Trickbot-6412300-1
Office Macro Downloader
This downloader was submitted to ThreatGrid more than 50 times on December 26. This office document downloads a multipayload Trickbot loader. This post-Christmas gift is not something that somebody just back from the holiday wants to open.
Doc.Dropper.Agent-6412231-0
Office Macro Downloader
This is an obfuscated Office Macro downloader that attempts to download a malicious payload executable. The sample was unable to download the next stage so no further analysis is available.
Doc.Macro.Necurs-6412436-0
Downloader
Another wave of OLE based downloaders spiked in prevalence just prior to the new year. The samples use obfuscated VBA macros to download various malware families distributed for the Necurs botnet, including Locky.
Ppt.Downloader.CVE_2017_8759-6413368-0
Office Macro Downloader
These PowerPoint files contain an XML, located in ppt/slides/_rels/slide1.xml.rels, with a malicious SOAP WSDL definition that leverages CVE-2017-8759. If the file is saved as a PPSX, the slideshow will automatically start on opening, triggering the malicious code.
Win.Ransomware.PolyRansom-6413978-0
Ransomware
PolyRansom variants continue to thrive in 2018. PolyRansom is polymorphic ransomware that spreads by infecting other executables. It gains persistence through an installed service, and run keys added to the registry. Its primary infection vectors are share network drives, removable media, and email.
Win.Trojan.Generic-6414413-0
Trojan
This cluster provides generic detection for the Emotet Trojan downloaded onto a targets machine. Emotet is a banking trojan that has remained relevant due to its continual evolution to by pass antivirus products.
Win.Trojan.Multi-6413508-0
Trojan
This trojan will potentially connect to one or more servers to receive instructions and download additional malware.
Registry Keys
N/A
Mutexes
316D1C7871E00
Global\552FFA80-3393-423d-8671-7BA046BB5906
\BaseNamedObjects\C1A8DFE67F9832960
IP Addresses
89[.]161[.]153[.]74
Domain Names
jas-pol[.]com[.]pl
Files and or directories created
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\Inue8.bat
%AppData%\localservice\Wn-lbzpms.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\mo-r.exe
%AppData%\localservice\mo-r.exe
%TEMP%\Ecmjtqf.bat
%AppData%\localservice\Modules\injectDll64_configs\sinj
%AppData%\localservice\Modules\injectDll64_configs\dinj
%TEMP%\Wn-lbzpms.exe
File Hashes
3e5a5c672052182d9d10b0d094f07ec67f182939556c90f66236d75d4e795cd6
07a1d83e2fdce0b0383fc05e2931d3aa557e3eeeeca50762258431ecf6fc2c50
AMP
ThreatGrid
Umbrella
Screenshot
Registry Keys
N/A
Mutexes
N/A
IP Addresses
N/A
Domain Names
weekendfakc[.]top
Files and or directories created
N/A
File Hashes
024782b5d080879af2a7a4280d262929e85e9815b2b37e9aeb6384a26e97895e
0ad1db5a012d54fe11b06cf8b8822135e5285e21ab99e7ae5c8ca1892836375b
1283fc95f56f1f32dcfeb5ec042a53f6e0dbd05d49c5bbc892e389cfc5613d9a
1a5257c6cd2e03848758d9541cbf4918194ff33669029a06baee9317d1a9a527
211e5c8d07af1e6b61acb7af8bb1e0fefe25bee88275f2db8d53f868dc991e0e
23c8026cd6414fa083f83c856c9142af5905747eabb32d0d0d839e21f941bf3e
25191548ef2032df4acb687d940854f134de3aa738b69fc578e5397e95496afd
28f9a67de7f6b79b4bf66da9d114c723e16d619f6787257eff856c71b1c7047f
29062cd2c2d09199fc0716485e0e3a1fff880195a92c78ecd5f0e5184ac07820
2b24aa417d6ab02fa9f82be1a41bc8c2e5de814057ed76074e2960d74f31d2d1
AMP
ThreatGrid
Umbrella
Registry Keys
<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce****Mutexes
Groove:PathMutex:tzanqCjN6dCs1QGzbKslin0UfIk=
IP Addresses
98[.]124[.]252[.]145
Domain Names
pragmaticinquiry[.]org
Files and or directories created
%TEMP%\ASPNETSetup_00001.log…doc
\Users\Administrator\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log…doc
\Users\Administrator\Read___ME.html
%TEMP%\ASPNETSetup.log…doc
\Users\Administrator\AppData\Local\Adobe\Acrobat\9.0\Updater\Read___ME.html
File Hashes
a3f68a31db23b9c7312219990bfe27bf9bb7c158fde4200c0af7a985bd7ac97d
d4a8da30821df543407bcbbc25bf2a89db3d3f5c8d49fddeddaecd3b47c111ef
a9db16baffc0b92aacae6647952fc2d32673998fc035493d50d32bad5bceb516
f07f747978b7d8bed904ccadbcc49f184bc16e872f22d7b53b1030bc22ebd794
9b48b6bc6ee491a2b180d6b353ae8f8da230f27a0cdfc1757c58a4819664b790
0c51e3df0b09f14e04b268102afc9342c35fcc2460c645f9c8d21b2413910d32
0cfdad54484cf1d4ff9be267469edefdb98e963ffabd6beeb081a208e3fca9ac
1c2f0a28b5c13eb2967078d947924c9a4a5f8f845d3899986df19e8a166d3ec0
241f83caf5c5a23a1d7adbeaa8c392da0edadff362f41bbb5727dc71887048c4
305790984d5ffa713794c1732eea4f83f18da6926e415a490b2fc090f2c4e8dc
305f855ff8d47be5cc2d57e137a436bb2e17b1783f6cc5b8302c2df56b75afd7
32d85f3dded85d0375965a50991ddb7b608166f51a12b297ae981348119512da
36fc2029280816810324e3be9cf3a4257f0dbb1a8b11eaffdbacdead863aaf44
3abdf9d8249e3cc7507529aec80d93551f1fcd714a61861a69c059662aa39e9f
495b93c1a9940e94c14063b1e52877864d54fb544a3a32e923b0530cb03c96cf
4c04d8aeebdd0eb1747a9a66b10e4681328a03edcbcbd0e9921c4a74367bbd08
580b05987531aa4ef4bed150bd51fdbbcad5f95abb63e8439e3d4bb07eb68598
5c4d5f6d7d0a8d4e805c1341cadf76a924aa2fe6437d432d96f103c4319e84c2
6e35534f8b79187dbe2fbdd1b0a21b03752a89df5981cb6fb89154eb7b34a087
8f36a3ebcb2714d7f6d99d8d0672bcdf16980da788331953cba52c21fde64efb
962beb562acef288c5ef09f14e366d7ff3f51a00dd28b3dc5c0e388c92d3c0a2
c2f482372523031b880b7a4f1909b30b5aa20304d0a691309484ad49a0c451d5
cab8fcbe8bce311464418e2fcd05e55353255c511e698726e009f075de82e2ea
ce5d33fb70fc7834d8faa7749d5cedbcb6b0958105ebe94633e2daba897612ef
d18256e9f4062259e941028c531c5219b63446a35c524ef00554c69de2110e98
AMP
ThreatGrid
Umbrella
Screenshot
Registry Keys
<HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN *Value: VRGTQMutexes
N/A
IP Addresses
N/A
Domain Names
u[.]teknik[.]io
kistags[.]com
graceland2017[.]com
0i3tenrainy[.]loan
goochandhousego[.]pro
dayi-yc[.]com
Files and or directories created
%ProgramFiles%\Rfjd\confighbch.exe
%TEMP%\dsruxkfs.0.cs
%TEMP%\dsruxkfs.cmdline
%TEMP%\dsruxkfs.err
%TEMP%\i02bp4bi.0.cs
%TEMP%\i02bp4bi.cmdline
%TEMP%\i02bp4bi.dll
%TEMP%\i02bp4bi.err
%TEMP%\tmp95D4.exe
%TEMP%\tmp970E.exe
%AppData%\Roaming\982PQQP9\982logrc.ini
%TEMP%\dsruxkfs.out
%TEMP%\svchost.exe
%AppData%\Roaming\982PQQP9\982logim.jpeg
%AppData%\Roaming\982PQQP9\982logrv.ini
%AppData%\Roaming\tmp.exe
%SystemRoot%\SysWOW64\com\SOAPAssembly\http100u4teknik4io0HUKzO4png.dll
%SystemRoot%\SysWOW64\com\SOAPAssembly\http100u4teknik4io0HUKzO4png.pdb
File Hashes
22ae9fc528b63ecfe163c2b4c472e68869e049023be009ef118c59346247082d
129bddde9c3cb01c69d92d9029d5da963a0dd5a72143054f9fa97471a388e9c0
2d92ee55d56e96822aca748c7d69344d90a663e0db77e7ddd0ce9befa54aba98
3894ba1250493f0798f9212fc20e96e8114dcc218850fef13979410dc63affba
3a26d63160a43b64ee4f4adba0a5c19cb3ee6db2dc44c0ffb7b72b621548c4f8
4b4efd1527b404064604707dbf7a143745d764629d6cfcc05a6c204b66238db8
56b951fe25e1d0266dd49eba6b127efe63c49d71063533cee2ba3bb7eac08744
56ede7ef1d1e5216231c847eead200bc8b5c5f8ef7ac8389b7dc5f069b37831d
650abb87b45b41a344c677c0d6bb6a13cbe9a66785b87a0f2ff3fb378220448c
72399fbb24239a2e1897132ad0e3270103c727253275009e010c74a94f36700d
7b58861aab0a53cac5ac90af09723703fb47fda584fc66212ff663c52a8150a4
7ed5fec1aabe2e91524a9a84d2c4f4d29a8da5777289023c40ffbcc7810b2ee8
84593a125442a9541b2992a2934f4db5cbe1a87b6e5f5edd17982e677667c53f
9f9217702cc1d59edc29007f745eeec78118941f3d4f99b2f664a9677867ffb6
b28a3bd9be8ec8d9dec980896002d84e2544acb2625e1acbbe8351d57b2b6cfc
c0ed86aab56032d1ba313aa6b5eaabcd687caa28937f56f23832206f81ec1271
c5b450ac63234f3d23ace0379486a33788187f14b47801971ad96ace76f85410
AMP
ThreatGrid
Umbrella
Registry Keys
<HKLM>\SYSTEM\CONTROLSET001\SERVICES\ZSCGIYAL ***Value: **Type
<HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **FacAQkYU.exe
<HKLM>\SYSTEM\CONTROLSET001\SERVICES\ZSCGIYAL ***Value: **Start
<HKLM>\SYSTEM\CONTROLSET001\SERVICES\zscgIYAL****Mutexes
\BaseNamedObjects\mMkUAokE
Âë@
MkUUAgkc1
ºë@
poAUcoMg1
\BaseNamedObjects\lEwoEIAg
\BaseNamedObjects\sgwQgcAM0
²ë@
fusUgwwA
oskQowMk
¢ë@
\BaseNamedObjects\hYsQEUYI0
\BaseNamedObjects\ @
ªë@
IP Addresses
N/A
Domain Names
N/A
Files and or directories created
%SystemDrive%\Documents and Settings\All Users\Lgwg.txt
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nOowsYQI.bat
File Hashes
cd32c7982ceca8711ec2f6c7ad83103db41b5d2c644b9beee07c81f92efa30a5
1ff90f71632162646145cd91a22fdb24683cb25e54254f9c311d54cbc633fb92
377a4c54239536019cef4c3fb2ed835a0142f58d64bc0bf49063440b7700a0b7
aff6517827847137411d37bafc0aee2915e87b9d2494493c1723634ba1014792
38c7c22fd8526dd108422befd6fd38212ef45fb30db3272d5016fa942cd2323d
3ab0d96b041b994d6f32a4351120b822d39b681d2c5133f12bb507fe2fb66e19
ca8eb5e89426e3c6771a72cffac6998abce9ca2a6011207691e47df1738cdeb6
8957b057803dd6369f877c359b96423b61129fa3f68257c272644e1d56c7c667
c4471377f58643e454ef33f21dc65f696567bf8700ae120caac5086f85bfeace
64fac9307649854e520f733df3df40ed960650103a78b8460488319156e059cf
1dd699b7fdb082c35677938f6f064e02e226033f995189889799adac08811a18
9ca5fd8ee403b418f92118836171b72a334caeb94fae9b5b46d6246742bf1345
78286db82473a9f1eddba51f39333a77c2b30fb582e9fe3e71d2924e060eb273
7e888fabc1451dce556864690cc55e70c8236db2a7b01b8726af0a5700ebafea
6f15dc426b87da591d0a2d4965558a22857e2b1c8e1e6fdfe9c36c8a4b50a99c
AMP
ThreatGrid
Screenshot
Registry Keys
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **internat.exe
<HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **Microsoft Windows Manager
<HKLM>\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND ***Value: **Start
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **Microsoft Windows Manager
<HKU>\Software\Microsoft\Windows\ShellNoRoam\MUICache *<HKU>\Software\Microsoft\Windows\CurrentVersion\Run *<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List *<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mutexes
\BaseNamedObjects\b11
b11
IP Addresses
220[.]181[.]87[.]80
69[.]49[.]96[.]16
Domain Names
www[.]murphysisters[.]org
Files and or directories created
\DAV RPC SERVICE
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H3T7LZRL\m[1].exe
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cymycvgmtt.exe
;Z:000000000000d46c\192.168.0.1\vm9-116\_\DeviceConfigManager.exe
%AppData%\winmgr.txt
;Z:000000000000d46c\192.168.0.1\vm9-116\autorun.inf
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ftoidjlwgv.exe
;Z:000000000000d46c\192.168.0.1\vm9-116\DeviceConfigManager.bat
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H3T7LZRL\b11[1].exe
%WinDir%\M-5050572947025827857375865240\winmgr.exe
%TEMP%\phqghumeay
;Z:000000000000d46c\192.168.0.1\vm9-116\.lnk
%TEMP%\rgjqmvnkyr
%TEMP%\edakubnfgu
;Z:000000000000d46c\192.168.0.1\vm9-116\DeviceConfigManager.vbs
%TEMP%\gwhroqkhwu
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rdwpamlgaz.bat
File Hashes
22bcff79015a6f2d450ff4713bc1a195f6333444e96e616fb070ccf885f790ad
c06da956f726a78aff82e8c2ec2ed7989f227ac560511512fd609574685f6c4f
e474e51a6f29b9e32702445797ef4baaa96b1e30fa3f212ae2953bbb843a559b
c9329790645ae7404cd3c746b9a26bcd667b6c1c45f727e504d0833d04726488
b95a5e8f1dc23677e9e700b44d014aeee127869e46af6a674f93d34da3c606d0
f3ee9f0be76f80faaa683ef580e3f018e1e0108e5b4457bad379e99dda2c627f
b010ae9122a8651be194c5bc3d49540d51287040f1a1f066e193835f942277a9
d775f05eb68ce4ef44776de0ad2b3c6181ad6a99813612a1ce3cc8b453359482
a3940c00bd3e8d07eb70cd23148d030a473f134a7aa19ff6b777862af6d5f8e3
2104784585c92828df37feab86fcabddf3ffdb2718dfc3718ae529ad9c4956e0
43d2b149b3e4fd33b03321d2bfb6980734d3725483fee21cd996f280618865d9
9e7ae2436474bbad1e9ce20f8fc7a294586fde89c39b3bd2e2fd257d269ca636
10c96fcbeee7e93309abc9616958ef214953f512f236ddff2db39f12a8f4a817
08c9fedfcf1100f8450ad930a55a2cbf7dcc0fa88b646da2c5916ff42565c575
113e003896939e85f048e528b6f50fa9e984009fe2677143c7cfaad9ee693293
0d136160f510d87af7edeeb1533979a5cdc1d1511528798d5871bbb88bb1f0f4
33fd94f82800a1f8551e73aebbbac4169c3c08cbe12c69e9fab52875d56c96bc
1b6651d1e43c7ff8dd291d178b8bad9fbfd1bb426d49da419ee7e4a4d7912ba1
1cfd3043ecc8fd7c254201fcafe6865dfdb1c0d6ccc343d0e62e1cab261fefa3
201c0ca83973186aab93376147f1b60d009ef13ec827d0de5d19b483d3c0f353
23db71997ed2f558e06232f600d3cc7b4e5eb58f18039923127c5b4fa7fec2f9
26f1a92cb36e4caff3fccc45fba269647410fbee71cc4f4a00e5d4c282ba01f8
2ab47d6d82225c62487054db91e804418060b3334531e09d96dc6d3630fa54b3
34ae5c841f6e992fe09979fff521d2e8367385260cf73112e79ce656e952bbb5
564ace4ef8e2c3aab367969748e02a0dee555733e9085fcc0a86b9f1b70fb7b3
AMP
ThreatGrid
Umbrella
Registry Keys
<HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **Logman
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS ***Value: **load
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS ***Value: **run
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS ***Value: **ProxyServer
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **internat.exe
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS ***Value: **AutoDetect
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS ***Value: **ProxyOverride
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CONNECTIONS ***Value: **DefaultConnectionSettings
<HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **Session Manager
<HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN ***Value: **lsm service
<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ***Value: **ClipSrv
<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run *<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run *<HKU>\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion **<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap* *<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings *<HKU>\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Mutexes
N/A
IP Addresses
N/A
Domain Names
www[.]wholists[.]org
Files and or directories created
%System16%\lsm.exe
%AppData%\clipsrv.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\lsm.exe (copy)
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\dllhost.exe (copy)
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\spoolsv.exe
%SystemDrive%\Documents and Settings\All Users\Microsoft\RCX2.tmp
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\RCX8.tmp
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\spoolsv.exe (copy)
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\RCX6.tmp
%AppData%\ieudinit.exe
%SystemDrive%\DOCUME~1\ALLUSE~1\clipsrv.exe
\TEMP\d0a08beb99882af4b1771426905ee556.exe
%SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\dllhost.exe
\Users\Administrator\AppData\Local\Microsoft\dllhst3g.exe
%System16%\smss.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\RCX4.tmp
%WinDir%\SysWOW64\drivers\ieudinit.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\lsm.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\dllhst3g.exe
%SystemDrive%\Documents and Settings\All Users\Microsoft\mstinit.exe (copy)
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\esentutl.exe
%SystemDrive%\DOCUME~1\ALLUSE~1\clipsrv.exe (copy)
%SystemDrive%\Documents and Settings\All Users\Microsoft\mstinit.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\dllhst3g.exe (copy)
%WinDir%\spoolsv.exe (copy)
\Users\Administrator\AppData\Local\Microsoft\rsvp.exe
%WinDir%\logman.exe
%WinDir%\spoolsv.exe
%SystemDrive%\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\esentutl.exe (copy)
File Hashes
ec3075ac9775e3c41bc8227a00ef76905bbd96a62b813c99f277865ff353c5ce
f4b6b76dec96cc9d530dd6cb64bdd743a115a12a7b03e41f7ec737e4d80b6850
b1da876da56ba09770d594765727d167bf1a655247f094360e032a35d3d41461
b82ebd17236c41d9e457f640a2871695326ef8014ebd71b7a5f37d8b2c3a4522
b3f5ad44f682104d536c60832d2064f71d3261ffbf0e1555c236a36b505619d3
a27376262110767a28e376b723caa46d3cc50d33da60029df8e7af024ff67be9
f1b2bbf13bde9ce65cbe1cee7e3d86a61e0511f206ae74589329dc1fffc5f7e0
17023d977e2b041c8a1994e7ae69b65e10f7097febefc9b47817dd9f7985cd52
e5c95545895dc13626b3f20b47fe2f0f1b5dc3915fef44c3c7a5352e95beb382
6d1b40fbdcad0c96c687f661469e39b7b10a0b083a9ea3c9f6bb959c284df149
7d1ae051d633a3ed3c0991aaa3ed63357804a80e67dd19ae5deab71e525947a6
799e5b77de09f7971f0187b69266e45f70e0cda170c615c604806ec2444ab89a
910b590e28bc72bc14c05d47a026ed56928ea8b6608f626555d955beccb719c8
7d326add0d36be4543317c4d14823e2cb380f7b07bacc1f893ec86bdd0b04468
5af23d9dedc83e1fe8c808fe62d858767dd95f2b9402fa785072cc7247a2e4c6
bf828a8f3fb1a27532aa9f3fb0383a1ce3418f7dd52cefa4264ab2e3e941e8d9
AMP
ThreatGrid