Malware Bazaar Lookup with MSTICpy¶

Author: Thomas Roccia | @fr0gger_

This notebook demonstrates the usage of the MalwareBazaar module for threat enrichment.

More details can be found here: https://bazaar.abuse.ch/api/

# Import MBLookup from MSTICpy
from msticpy.context.tiproviders.mblookup import MBlookup

# Use the MBlookup class to get more details about the IOC.
mblookup = MBlookup()

Lookup IOC¶

The lookup_ioc function can be used to request several element to Malware Bazaar. It doesn't require any API key.

To use the function you must specify the observable and the Malware Bazaar type.

The list of type is the following:

'hash': the sha256 hash of your sample (nb: the module does not calculate the hash automatically)
'tag': the tag used on Malware Bazaar to retrieve a set of specific sample. You can use the 'limit' (default is 50)
'filetype': the type of files you want to retrieve. Limit is 50 by default
'clamav': the Clamav Signature that matches the samples you want to retrieve.
'imphash': the imphash of files you want to retrieve.
'dhash': the icon hash that matches the samples you want to retrieve.
'yara': the Yara rule that matches the samples.
'tlsh': the tlsh that matches the samples.
'telfhash': the Telfhash that matches the samples.
'issuerinfo': the certificate issuer that is used in the matching samples.
'subjectinfo': the certificate subject that used by the samples.
'certifcate': the serial number of the certificate.
'gimphash': the go import hash.

All that types must be specified in the mb_type variable with your IOC. The return of each will be a Pandas dataframe. The below examples shows how to use the module.

Single Hash¶

mbdetail = mblookup.lookup_ioc(observable='7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754', mb_type='hash')
display(mbdetail)

Latest samples that are tagged 'Emotet'¶

mbdetail = mblookup.lookup_ioc(observable='emotet', mb_type='tag', limit=10)
display(mbdetail)

Get Trickbot samples by signature¶

mbdetail = mblookup.lookup_ioc(observable='trickbot', mb_type='signature', limit=10)
display(mbdetail)

Latest executable samples (filter by filetype)¶

mbdetail = mblookup.lookup_ioc(observable='exe', mb_type='filetype', limit=10)
display(mbdetail)

Latest samples that matches Clamav signature "Doc.Downloader.Emotet-7580152-0"¶

mbdetail = mblookup.lookup_ioc(observable="Doc.Downloader.Emotet-7580152-0", mb_type='clamav', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified imphash¶

mbdetail = mblookup.lookup_ioc(observable="45d579faec0eaf279c0841b2233727cf", mb_type='imphash', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified icon dhash¶

mbdetail = mblookup.lookup_ioc(observable="48b9b2b0e8c18c90", mb_type='dhash', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified Yara rule¶

mbdetail = mblookup.lookup_ioc(observable="win_remcos_g0", mb_type='yara', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified TLSH¶

mbdetail = mblookup.lookup_ioc(observable="4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4FBC789AA020A31B05ED12350", mb_type='tlsh', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified Telfhash¶

mbdetail = mblookup.lookup_ioc(observable="ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037a00463e93033abe466069c7a", mb_type='telfhash', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified Gimphash¶

mbdetail = mblookup.lookup_ioc(observable="50f5783c2188897815d9b34a77aa4df70ac96a71542ddc79b94fef8ce7ba2120", mb_type='gimphash', limit=10)
display(mbdetail)

Retrieves latest samples that matches the specified Certificate Issuer Info¶

mbdetail = mblookup.lookup_ioc(observable="Sectigo RSA Code Signing CA", mb_type='issuerinfo')
display(mbdetail)

Retrieves latest samples that matches the specified Certificate Subject Info¶

mbdetail = mblookup.lookup_ioc(observable="Ekitai Data Inc.", mb_type='subjectinfo')
display(mbdetail)

Retrieves latest samples that matches the specified Certificate Serial Number¶

mbdetail = mblookup.lookup_ioc(observable="51CD5393514F7ACE2B407C3DBFB09D8D", mb_type='certificate')
display(mbdetail)

Get Recent Samples added¶

It is possible to retrieve the recent samples added to the Malware Bazaar database by using the function get_recent().

This function takes in parameter a 'selector' that can be:

'time': to retrieve the samples added in the latest 60 minutes
100: to get the latest 100 samples

The below examples shows how to use it.

mbrecent = mblookup.get_recent(selector='time')
display(mbrecent)

mbrecent = mblookup.get_recent(selector=100)
display(mbrecent)

Query Code Signing Certificate Blocklist (CSCB)¶

MalwareBazaar maintains a list of code signing certificates used by threat actors to sign malware. The CSCB is being generated every 5 minutes and availabe in CSV format.

The function get_cscb() can be used to retrieve the list in a pandas dataframe. This function can be used without any parameters.

mbcscb = mblookup.get_cscb()
display(mbrecent)

Download a specific sample from Malware Bazaar¶

The function download_sample() can be used to download a specific file by specifying a sha256. The downloaded file is zipped with a password. You can ask the password to @vx-underground. :p

sample = mblookup.download_sample("7de2c1bf58bce09eecc70476747d88a26163c3d6bb1d85235c24a558d1f16754")

# Copy the bytes into a file.
zippedsample = open("sample.zip", "wb")
zippedsample.write(sample)
zippedsample.close()

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	994c6b6e6d07592cea62bd2b667c60694e862f17f7e740...	3500e84cac6ea8504d98d1c59e27b497f6241cc6943a60...	21280cb8d696d79f68e9bb99661d77aaddfa97c1	51b3e08cb5b18fd46876b4a9bebb0fd0	2022-08-08 21:20:27	None	Sample_62a03e5baa5b3700182f075d.xlsm	47898	application/vnd.openxmlformats-officedocument....	xlsm	...	None	None	768:X5WHFKfQzXTmbfRzdDTKufT9nz0LTyY1NiMZFYpvrL...	None	[Emotet, Heodo, xlsm]	[]	[Sanesecurity.Malware.28370.badform.UNOFFICIAL...	362	1	None
1	c8a0a8bce7a0ea50386666600c2ce4c90e23adc02b921b...	4a055c57c7384f4caaf8f8a804cf0a0a40c448ede47126...	586ee85719397ae5548dbd724b92471ff62d5091	13e5decc722a39965a15f47bc3fabb44	2022-08-01 19:50:36	None	13e5decc722a39965a15f47bc3fabb44.exe	274472	application/x-dosexec	exe	...	None	None	6144:flqhx0eX9B4DfdnCpObaAzmR1NtJWNmd9yKvj:GP9...	1003873d31213f10	[Emotet, exe, Heodo]	[]	[Win.Dropper.Zeus-7729282-0, Win.Dropper.Zeus-...	433	1	None
2	16488a25bf5ef3bb38f176f1843bfabfc4a3d0beec81f4...	365fba2160ee6c644daa99aaa92c02f30cfb8d427ff667...	c0ff465eb0b6ccc0f3a36bb593ced7453736a750	8d925c0da257436438893e6fe7ce2f4f	2022-08-01 11:40:55	None	sample	348504	application/x-dosexec	dll	...	None	None	3072:KRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2...	None	[dll, Emotet, Heodo]	[]	[Win.Malware.Emotet-9823769-0, Win.Malware.Emo...	251	1	None
3	c409ad4f64a1ad925ffbfdb88f57dd9177123364a1875c...	42a45407c6132ce00c84add2111d159441acc5b35aa46e...	c8a2b0ae061b612f4d4a4cfc4ee3e1f7079b4240	7301880b88f87cd3a593f7106d5743cc	2022-07-23 02:54:09	None	7301880b88f87cd3a593f7106d5743cc	962048	application/x-dosexec	exe	...	None	None	12288:kvyPTUfrN+lSDLV9dRCYFdVlv6jVBv4w8N6zTlvd...	None	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[SecuriteInfo.com.Emotet-FTY5BBDDAC95C90.16550...	327	1	None
4	8b5a10f9a8f2b25057442111a01faf021ef7e048eab875...	4e9a56bdf35825419667963ec4bd061f0fcc3ce036902d...	c6c966e4ba623f9972273de07b842ffbb9a9efce	1dd34935a785a419fb552b5086ea682e	2022-07-22 11:52:08	None	1dd34935a785a419fb552b5086ea682e	850944	application/x-dosexec	exe	...	None	None	12288:jRCGXj4KVB9abMfyzfqvHWnyPv+LVHT2+2JNdX71...	None	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[SecuriteInfo.com.Emotet-FTNA218E3B03756.13897...	365	1	None
5	fc63829723b725fab3a69bac667f379d300b12d60cba35...	1b485e28ea1d8191366379171821e7f1dfa63e9be2a2f2...	02cb7bfaa6b00c7900a8d60040fe7d97ea9558d1	5c7b589a59f315aad49ca49c3481f2a9	2022-07-22 11:41:56	2022-07-22 18:20:13	5c7b589a59f315aad49ca49c3481f2a9	433664	application/x-dosexec	exe	...	None	None	12288:jTZfuSuI5OORAL3Onl/+HuVPxskfcg3gA:jTxuI5...	None	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[Win.Trojan.Emotet-9954177-0]	364	2	None
6	caa60b9025dfba07efac6cae5438a8e20d9b7c210a721a...	345acaa99928a3ab60ec0e860145372b7c38ce8cef078c...	abcbd283801a05390995862f59dcb5310f3d3d88	5d4728494832d03bbfb75367836fef4e	2022-07-22 11:08:27	2022-07-22 13:00:51	5d4728494832d03bbfb75367836fef4e	691200	application/x-dosexec	exe	...	None	None	12288:pBBKShhc/bQisqkxf3CJS+HQ58B6loNJYlvw9zaa...	None	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[Win.Trojan.Generic-9950172-0]	331	2	None
7	234bc8a9a4d46fc09e882c75900a3af46a21c3bae960a9...	50ef437e91839b6551a8c0345d7ed3391d3182204c77d4...	fb154557cdd2e98508a420140b2832fa9328fc08	d97a7ad99d03d6e71460ea1d070aabc6	2022-07-22 11:03:13	2022-07-22 23:09:45	d97a7ad99d03d6e71460ea1d070aabc6	782848	application/x-dosexec	exe	...	None	None	12288:hJheLDF+GBXYT7Ose6FPmg3T3tG2lqfn3tBzqgf/...	b2b2b2b2b268e868	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[SecuriteInfo.com.Emotet-FTNF37FD4B3B9A6.17126...	304	2	None
8	258bb2b23c6ea7434eb8c965a168e7eb87257f5d3e4c42...	9d9b1be066c88fdc6bda62a00369a05d53c4f2bac7cb2a...	d880badbb5b3041e401db1000079f4b06bb875d3	b2e8a93629044e790dff4d779dcbcd0d	2022-07-22 10:49:59	2022-07-22 13:02:10	b2e8a93629044e790dff4d779dcbcd0d	751104	application/x-dosexec	exe	...	None	None	12288:QolWKutgKC7t1DtuANCqKLvr+U4rG2a/FviAzPVC...	None	[Emotet, exe, Heodo, OpenCTI.BR, Sandboxed]	[]	[SecuriteInfo.com.Emotet-FTN7E05BA7C938A.25784...	295	2	None
9	4a688f571024b08f9793559427d8692471f5aa71588289...	bfc3326e7ae309fa30b28c6f1b7ef5cdf04d8c78df34dd...	0ea68aab3721e509ce0b1bff7e574eda037798be	83418a9af56db91ff2c78c4b2b9d62f8	2022-07-19 23:04:49	None	83418a9af56db91ff2c78c4b2b9d62f8	655360	application/x-dosexec	dll	...	None	None	6144:/6ZMFXzqfoSHr/mvcQYbi2HN8C8BgifO7y7TcuVqr...	90cccc4874cccce8	[32, dll, Emotet, exe, Heodo, trojan]	[]	[Win.Trojan.Generic-9942396-0, Win.Trojan.Gene...	215	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	b7cbc5e5dc182c8d99809cd64d36734abeb6bfac15e6ef...	40acf4c4f672dbc849d4159fd71d4207eacd324b359a76...	516c7a538e93f7cf4bff29196511f94e5fbb5a40	8402ab33eafb84178069f8f490ca604d	2022-07-08 09:22:51	None	sefff993.bin	377097	application/x-dosexec	exe	...	None	None	6144:jo5N5OazOZaTDWlVnrchrahdOxveC2wo80/agxb0z...	None	[exe, TrickBot]	[]	[Win.Trojan.Razy-7331425-0, Win.Trojan.Trickbo...	369	1	None
1	415e04eb340f1b092288cbcc71295a2c95e864fc1bbfcd...	d602957f9e390a1b02b86632b7ce7a5a41654eb1d3ab63...	d02f452d01660387fd78d40e9f2405c3e38c9668	367b6a5c0e0e8ec68ea14a085b1d32b3	2022-06-23 09:55:13	2022-06-24 08:59:27	solar.php	679008	application/x-dosexec	exe	...	None	None	12288:nO4BydKj3ACZfNFEnw6qJxs3UPwgDrZiI0OSnnox...	b8a424fcecec6c70	[exe, TrickBot]	[]	None	381	2	None
2	7e8c547fcc86e26b973e4c974da8ee2c4cfe84846e2cdf...	c8152131d11565c08615b267a2b103c2a3e3a4de03c406...	ac0724c724f8d6e2a54b41b86d99aa189e40dc81	17492f7b9906b807cffd30e8a0edd993	2022-05-25 12:44:48	None	bnuethogt.bin	550424	application/x-dosexec	exe	...	None	None	12288:QyeWT96x+MN2N4Bou8Bw1bFswwGFGvyLOE8uQnUK...	72f16979787a726c	[exe, TrickBot]	[]	None	502	1	None
3	236f4e149402cba69141e6055a113a68f2bd8653936521...	8bfe50bdbc0e728854537a7cb921898c5519774a486c96...	7cb195e05a78a39cacb0c0d4d4fa23e4c3366785	e05d85acc62b2795bfb94a681e64e20f	2022-03-21 03:04:08	None	sample2.exe	207360	application/x-dosexec	exe	...	None	None	6144:2LMNe5kFT/RK1WoJg4ouLl2pFUBm5iKsTFxcW3Qt0...	None	[exe, TrickBot]	[]	[Win.Dropper.TrickBot-7071016-0, Win.Dropper.T...	636	1	None
4	bf374475be396528cdfd21a3eac292bb420e398ba9ee9a...	676c8853fb886d2c3b0fa4bffa1b35ef9cc3b619881d2c...	20c1b26ddd2ae336f811bf658fbbe24c011b6393	958c82aca0066454c7a8062c5b93c348	2022-03-14 09:04:03	2022-03-14 11:23:38	Client_documents_access_5506-2425.xlsm	164251	application/vnd.openxmlformats-officedocument....	xlsm	...	None	None	3072:UDegPM4xKT72cL5RWU/S//////////25QMUMWhTHH...	None	[TrickBot, xlsm]	[]	[TwinWave.EvilDoc.DOCXSTRGOOD.XMLENTITY.HTTP, ...	578	2	None
5	fcde8f225a14fe70009f32c4acfba0407b5fd6b0da5c2f...	df687c25df1e6c99177f9422b8c921f25bd24b35205556...	c1a72d736eb870684a190bad60d1da7d1292c37b	218c5b56132ee73c7a5ad2e5c96c64d4	2021-12-31 09:34:43	None	218c5b56132ee73c7a5ad2e5c96c64d4.exe	422912	application/x-dosexec	exe	...	None	None	6144:YFn61kciCuR6b15sZwkst8K5YHJHJ4wX4wp16SiVy...	e4d0d0f8e4e8d804	[exe, top166, TrickBot]	[]	[Win.Packed.Generickdz-9929038-0]	1032	1	None
6	1a6bef8525a2b7eded1ea8c92e65cea20a08dc2fff175e...	5e52701ea01aec1f13be846809d29634449a2cd6b83f9a...	421b355c7b3311961359bea6e886a316e410bbf8	da42b3f16999890ffa59a2aa10a334e5	2021-12-30 07:39:42	None	da42b3f16999890ffa59a2aa10a334e5.exe	422400	application/x-dosexec	exe	...	None	None	12288:5F61k9CuRQuCBifx5ABMQ2f6OArPtMZotp:fCuGl...	e4d0d0f8e4e8d804	[exe, TrickBot]	[]	None	946	1	None
7	01c69d0acc8734993ba9cbfe9b0da4616bb05041e103af...	a3612c1deff78976343e226fbcde7e7f70a396380ab1f0...	6010fb83b30adfeba34ac6f302c2c8e865cdc705	1e19cdc980488fb82c9245fde3ba28f8	2021-12-29 12:46:45	None	1e19cdc980488fb82c9245fde3ba28f8.exe	422912	application/x-dosexec	exe	...	None	None	6144:YFn61kciCuRBb15sZwkst8K5YHJHJ4wX4wp16SiVy...	e4d0d0f8e4e8d804	[exe, top166, TrickBot]	[]	None	813	1	None
8	5c032f85c0a9a4a551f6c0057ecc78aec6b625df77fcbf...	53576688e522d84b6e976c933eab2d7eb74a0930666d40...	0cb109a1a37622d8147d11b1b5ffbe858388707b	e9d4ef1a8d0371d5760cd8a815cf1acd	2021-12-29 01:36:34	None	SecuriteInfo.com.W32.AIDetect.malware1.29332.2...	422400	application/x-dosexec	exe	...	None	None	12288:5F61k9CuREuCBifx5ABMQ2f6OArPtMZotp:fCuOl...	e4d0d0f8e4e8d804	[exe, TrickBot]	[]	[SecuriteInfo.com.W32.AIDetect.malware1.29332....	751	1	None
9	d9ef2723a2d54f8774224b15ad9324598e2213597cf882...	5a1a255ed0fb5e476a0954cf0817d24b1eb816ee868493...	a47aa744bdcf3523b8957d57a620cc5a48ab2f16	e6211b1c55e1f978dfef54d9916ece48	2021-12-28 21:54:13	None	e6211b1c55e1f978dfef54d9916ece48	422400	application/x-dosexec	exe	...	None	None	12288:5F61k9CuRbuCBifx5ABMQ2f6OArPtMZotp:fCuFl...	e4d0d0f8e4e8d804	[32, exe, TrickBot]	[]	None	680	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	ce1e8e57264e84d75ed4960855768418c7a73707d0855d...	2945d468176ca3766e5982574652025887cdce34028f4c...	7fd429ceb24c476a9b3796fe71961575e7637738	fea743ac96b30d64f914d491e802abc1	2022-08-11 09:22:06	None	Copia di pagamento-3400753232678_001-11.08.202...	625664	application/x-dosexec	exe	...	T178D4D02025AE7219E039BB7909D7706047F5F622DE1A...	None	None	12288:3GVq6azddQyxvS8Fhyq+rq5IhAW3Lm1u9Cj0Vpzm...	d4e2c8b4ccc8f2cc	[AgentTesla, exe]	None	119	1	None
1	2582008cc5626a748f4926d0973f1b4ea0717e5167e1f7...	05d09b744be600daf03e2f67bcdc4b81ee317336ee7988...	e03a9f658327fc96d774ae19d714add257a10d88	2f4a3782d2ab90126ff927026dac5077	2022-08-11 09:19:47	None	2f4a3782d2ab90126ff927026dac5077	834560	application/x-dosexec	exe	...	T18D052344079587BCC9AE167C048142641338EB02B2B6...	None	None	12288:EoFor+A0cb27/9DAx35L4Zk9ykn72GU7VfsLjuGB...	None	[32, exe, RemcosRAT, trojan]	None	109	1	None
2	6e294639b9e9dec345a4b9bdeb29bd5695ea2d84e0fa88...	7ba5d10ded17ef135d101e5caec3c8e8959b0beb25e6bd...	69bf7182f7cd72ca775be7736b843345efbbdc0e	ca25cc1a0351513cbb0bb70343b03862	2022-08-11 09:19:27	None	ca25cc1a0351513cbb0bb70343b03862	857600	application/x-dosexec	exe	...	T10105BEAF7E9C440ECC218B31E84C81B99FA5FDA17912...	None	None	12288:WEoKggb2iNdvpc++HRBTEdG6gAGYN/lXXE5fRPcX...	None	[32, exe, FormBook, trojan]	[SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL]	101	1	None
3	9bc54f008c1a379e2a422b64b57339e7a3d8ee01745dd0...	513b59672d898a92ea8b79a2c015cc79867ed7cac5d271...	117b1e130cc2f2406b0f38d3b3677e4699f65214	57ecac082ee320cf94b2de1a0927a994	2022-08-11 09:19:13	None	57ecac082ee320cf94b2de1a0927a994	879616	application/x-dosexec	exe	...	T13315BFAFAB9C441FCC228B31E84C81B99FA5FC613922...	None	None	24576:eoKgK1XpSN1RgXrhOquNb9cMQSKScGWgi:bKgKV7...	None	[32, AgentTesla, exe]	[SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL]	107	1	None
4	f2a4cc133dfeca5432bf22c2817aeb8edb434057711727...	13ad83f7ec5e622b022a06b80f2afa90272cb6a5d7eb5f...	b1eedf6d0b197b0d743e60390864aa279f1f915a	b9694513a38e321b8cbfd807367b7e21	2022-08-11 09:15:26	None	Project sheets.pdf.exe	147736	application/x-dosexec	exe	...	T116E37B9C325071DFC8ABD0728EA91D74EA2034BB931B...	None	None	3072:rTpc2Du8SknETVtyMl9Rrhr7jmSBe9BeZ/F8xB2dM...	d2e8ecb2b2a2b282	[exe, Loki]	None	122	1	None
5	f53a803c52691f8506f33d2719028822db93ae1799d0ba...	32b0422e11faafaa49f39f0df7b093cddeb316f5087134...	9b2c6fddac6ea6c27a2c5c25d515d389429703c0	4e416bdf228c332a60a4fc0d8326373f	2022-08-11 09:00:33	None	4e416bdf228c332a60a4fc0d8326373f.exe	207360	application/x-dosexec	exe	...	T14514CF1677A98A2FE2DE85B8701246468379C2E3D8C3...	None	None	3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIPs...	None	[exe, NanoCore, RAT]	[Win.Dropper.Nancrat-9869495-0, Win.Dropper.Na...	145	1	None
6	ba66c7a46a35c1b38aa76a199ae19a65674786771b153e...	5983e487146283ae8c880a5c21b7ef989307d0a0327d59...	b340afd00d6feb4da15b9b10446417e51d3f7082	e6ae2071837c90e79a7f4c6e8e778f0f	2022-08-11 09:00:31	None	e6ae2071837c90e79a7f4c6e8e778f0f.exe	923829	application/x-dosexec	exe	...	T18F15123962C1827BD1621A314D4BD3B3FD3ABA041B3C...	None	None	24576:pAT8QE+kEVNpJc7Y/sDZ0239GhjS9knREHXsW02E...	b298acbab2ca7a72	[exe, recordbreaker]	[SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL]	133	1	None
7	93b24291abe4b2c7d3eebd64168cf86e5b36571bd30645...	bc79bfe7cf79004f707014cae678bb19a55a91402cc143...	92b194b6c75c6c2e8e693fca7f0c660fbcd70be5	76755f4c31240a6247689c0ffdc6e627	2022-08-11 08:45:49	None	AST_928765425672-09876353B.exe	864256	application/x-dosexec	exe	...	T18805E79113A9EC11C97DBFF0295939B1C2F275C6A9AC...	None	None	12288:9N+7nP3i1XkYIgj7wPQdh0TLeb9hIv001mWfTd0:...	c496b2b8fcccacdc	[AgentTesla, exe]	None	175	1	None
8	08375457359c0439dde333b220071987d355b3a2b0aa9f...	ca9ceb34ae3cd40cd0767a8d665a8346af419f56fd023b...	58133e441cebee95176aba75ef533a99af208758	bb2518245e5b20e35c7a22521be3b6fb	2022-08-11 08:45:38	None	MV TONIC_CTM REQUEST.exe	762368	application/x-dosexec	exe	...	T136F4ADAFBA9C440ECC624B31E84C80B95FA5FCA17922...	None	None	12288:xqoKggb2iNdvpc++E4+xp985R+J0vuxrHeBCVLbC...	None	[exe, Loki]	[SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL]	159	1	None
9	f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6...	936d638104e56fd4cdbf6f56c1ea63679a02e763eaef01...	cd8ddf4094ff130568ace0dfc578500213eb5be4	d3c1e94c64ce0e37e03af92f18067ea4	2022-08-11 08:40:28	None	d3c1e94c64ce0e37e03af92f18067ea4.exe	922983	application/x-dosexec	exe	...	T1AC1512396281827BD1621A31494BD3B7FD3AB7041B3C...	None	None	24576:pAT8QE+kHVNpJc7Y/sDZ0239GhjS9knREHXsW02E...	b298acbab2ca7a72	[exe, recordbreaker]	[SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL]	158	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	c59dc2c1dfeeb1396f7d5c6dd909f830da34247b35cb86...	9c1144395e4002f8dcf5f323846f133f069ac2bc6b5ede...	6546af75a7dfbdb3852edd1c248abe97942ce327	000abe09d01b60f777eec90fe14c431b	2020-03-29 08:17:18	2020-03-29 08:17:39	c59dc2c1dfeeb1396f7d5c6dd909f830da34247b35cb86...	208655	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgP76EOp...	None	[autoexec, base64, hex, macros, ole]	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	101	2	None
1	10b1ddd91ee8d2da9ef9dfa5953c526b4c139d14dfa659...	42851417a263d6f87eab2aec15d3fcb912f1df4dd8fe87...	eab6c59c252d1737e2039d6414a7f87b50640abb	c2b47e5a02ac0c89e9ed854ae0cd565c	2020-03-29 08:16:39	2020-03-29 08:19:17	10b1ddd91ee8d2da9ef9dfa5953c526b4c139d14dfa659...	207740	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgJz6EOp...	None	[autoexec, base64, hex, macros, ole]	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	98	2	None
2	bdf5c8be5ef48385c71f424c912523c3cfe6ffa0215d08...	c1605a7c42f38e2dd474f24c4828c19d58b9a5433b2c05...	0fb5d80e11e61ee842a7c1a7d2943a77ecbf42cf	08531ac8e995bfc4692cd0591e985734	2020-03-24 07:42:41	2020-03-29 08:18:05	bdf5c8be5ef48385c71f424c912523c3cfe6ffa0215d08...	207295	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUggz6EOp...	None	[autoexec, base64, hex, macros, ole]	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	90	3	None
3	542c29b3dfea261203a5c99b3657016a633a66231a82a9...	c54ebe98f5c9d9c800a11dd83622313e871ff72bd6a8ed...	8ffeeadd4f843f0070134d65a6b29e2ddbe66bc4	d7194984c4e923d1c59233bf0b640bf7	2020-03-24 07:41:27	None	542c29b3dfea261203a5c99b3657016a633a66231a82a9...	208657	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgvH6EOp...	None	[autoexec, base64, Emotet, Heodo, hex, macros,...	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	95	1	None
4	9e0f471dcc7e1f874dc550fa5ea840391bfe33e8576e26...	8a24530041c75ede2fe03f2d9c8103314ad65516219750...	fe1f0c74137e19db8d893a29afd75f227283593c	096000880d75f7f35acf59f533c58b77	2020-03-24 07:38:05	2020-03-29 08:13:48	9e0f471dcc7e1f874dc550fa5ea840391bfe33e8576e26...	208471	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgsz6EOp...	None	[autoexec, base64, Emotet, Heodo, hex, macros,...	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	94	2	None
5	5a4fc3c23be16cff577a8b9af743cdfc330a1a3a8efea3...	cdb35169fb4be823e35b659fd21ebcdcf832125817e886...	9a687b92317df18848fd77f179fb34889f4e4a04	24f0c3737e9f5b5f37ebd2d97816ed17	2020-03-23 18:49:10	2020-03-29 08:19:52	5a4fc3c23be16cff577a8b9af743cdfc330a1a3a8efea3...	208248	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUg2f6EOp...	None	[Emotet, Heodo]	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	75	3	None
6	6c9abcc36eabca228547b6478a2da6026d8c1874f8ba68...	2eb9a63f336aa5518f99ac7aa57bed6905e7c8440e4885...	4167167b821b2ac0718c68cfb6482bc58bca9d41	99fae99a021d5ef85291293f89c34f9a	2020-03-23 16:57:26	2020-03-23 18:55:47	6c9abcc36eabca228547b6478a2da6026d8c1874f8ba68...	207795	application/msword	docx	...	None	None	3072:Z2y/Gdy5ktGDWLS0HZWD5w8K7Nk9yD7IBUgDH6EOp...	None	[Emotet, Heodo]	[]	[Doc.Downloader.Emotet-7580152-0, Doc.Download...	74	2	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	gimphash	ssdeep	dhash_icon	tags	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail.Generic	intelligence.mail.IT	intelligence.mail.CH
0	3335f6bcfb168bfad8fe8622f515ffc6e4e3b74c9bab6b...	4978e72d546964948d4836970991611f4890f1aaea6181...	190122935eafdbf0d1c5b0a7c86cb24c04aee308	0d0faa3ffb8ea5d041d2dd24b544d2b1	2020-07-24 09:18:30	None	File 2.exe	809472	application/x-dosexec	exe	...	None	12288:zRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLO...	None	[exe, Loki]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	71	1	low	NaN	NaN
1	97938446027c2f5c4c5eeebff3b37cb3812da2fe45f092...	553a03ed1ba38c7604dfa2a421371b6f3e9e0576f12735...	9979b550d2414f1e97d51b44116ae4fb14ea9265	943c81115f3e9d31fd1ef58690d46acc	2020-07-23 13:49:30	None	commercial invoice + packing list.exe	744960	application/x-dosexec	exe	...	None	12288:yRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLK...	None	[AgentTesla, exe]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	74	1	low	NaN	NaN
2	14a985c4f8b469d858f155c59618c45365a0a7b87a73d9...	a59bfde721bd0409e1436c059d1873ec702e7000eab8a7...	5ce575f5ef1611f3594675f593c582a9ff6b356f	a32ac4f5fba2b7224e68d6ad9bfbc2e0	2020-07-22 10:58:06	None	Shipping Document VESSEL SCHEDULE.exe	626688	application/x-dosexec	exe	...	None	12288:QRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLt...	None	[exe, Loki]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	83	1	low	NaN	NaN
3	612a1123c2ca0a0c3f077aa506b48cfbbeb815c1c026b8...	cffb01732f112ad64d2da07c03377f47501d92f75e8e5d...	3303e4acce086996bec36fd46ad396e01960820a	55aaee46446d832abbad8ed6bde21085	2020-07-22 10:44:20	None	1014-07222020.exe	730112	application/x-dosexec	exe	...	None	12288:HRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLp...	None	[exe, NanoCore, nVpn, RAT]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	85	1	low	NaN	NaN
4	45b7e7e404b6cd8eaca7798b5977fe17cae6a261e45d6a...	076bdaf9a9578bb2ea4cdbc5de2485fc81dd539b9ddda9...	6a7b3c48b240e8566aa53d73d75d438856015e0a	cd0a2bd06bdbf4047a3d4f01227cb5b5	2020-07-22 10:42:42	None	Ordine nÂ° 2000837220720.exe	729088	application/x-dosexec	exe	...	None	12288:PRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLK...	None	[AgentTesla, exe]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	83	1	low	low	NaN
5	585dbee4540fb6bf72116be77c1902ef1c1a716a70b491...	1a04194b0ad44ddeb25b7d155ce59429fa3eaed4f83547...	7ae1b49f968d668faded948c1c674011af4d95a0	ec1de4028f8a2f58111370668da35a39	2020-07-22 10:15:11	None	Factura Adiego.exe	829440	application/x-dosexec	exe	...	None	12288:5RmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqL2...	None	[exe, NanoCore, nVpn, RAT]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	87	1	low	NaN	NaN
6	4dd2b414c77ad5e60685dd8afbb92d5bf6e3ed11edfa36...	d2c6de54c4357e3df26c370a252c4887b5ab447d02470f...	f3dbd99925f98b225ff23a799001495d04097bce	bd66883c753dde3a74f14e8b5ff9f163	2020-07-22 10:13:47	None	Solicitud de presupuesto 009876.exe	737280	application/x-dosexec	exe	...	None	12288:KRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLJ...	None	[AgentTesla, exe]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	82	1	low	NaN	NaN
7	52e864374ebb34727b88f278970946520a53383c0b7e85...	f1558f950057bb5cb78df801b8b80ec3670cf0841cd837...	acbdf5ae0b8b73d8203f52b1e104205ac39432d6	2e0754487143853f2791b729f2222146	2020-07-22 10:11:26	None	Product Inquiry.exe	1161216	application/x-dosexec	exe	...	None	24576:O0B4U+Qo5Ph4ZWkQ5egqLEYctMqp0l7IQVDtyqkx...	None	[exe, MassLogger]	[SecuriteInfo.com.Win32.Herz.B.125.14884.UNOFF...	76	1	low	NaN	NaN
8	26e7e2592001dcae03d24805daf839378a61263b2aab7a...	f69e210ee6c857145684a95b98f0647538804322d10078...	d1fd550d804bf18c3cebfc9e0839d1f4667ff9b7	d90a279bbb5237ed268a6d2f1b7ff435	2020-07-22 10:10:49	2020-07-22 14:26:26	Shipping Documents.exe	726016	application/x-dosexec	exe	...	None	12288:3RmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLJ...	None	[AgentTesla, exe]	[PUA.Win.Adware.Slugin-6803969-0, PUA.Win.Adwa...	78	2	low	NaN	NaN
9	0de023c805c4aabdc9dab70f5660298017276e1a14ca05...	81c3e6882ad0adbba0e816a99627d4c7b0eb6c341091cc...	536dc660173b996bc930e9d6a8e1885af58af181	6df4fddd3267ebfec3f7bd6f9101afa0	2020-07-22 10:10:39	None	IMG-00120200721_0099991.xls.exe	1159680	application/x-dosexec	exe	...	None	24576:u0B4U+Qo5Ph4ZWkQ5egqLk8FH5k4LbIkcYcZpRqQ...	None	[exe, geo, MassLogger, TUR]	[SecuriteInfo.com.Win32.Herz.B.125.14884.UNOFF...	78	1	low	NaN	low

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	5c7376642ae772ebc0e2363467174c4f83c111a98b3658...	8a4ff9a844323ca6e311b023fd0ddf9f1afa7a63323aa8...	318989d3c23db978109546b586d0a0b3e496843a	c69936d8205c54b3fa75e79aa3abe2a7	2021-08-30 12:25:47	None	5C7376642AE772EBC0E2363467174C4F83C111A98B365.exe	477184	application/x-dosexec	exe	...	T19AA401127A90C432C4961A344936E7B05BBABD7159B4...	None	None	6144:7VXoa6rJsXSlvYdyBYlQahhyvuAsjSD/HOaj+M/le...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Dropper.Zusy-9876039-0, Win.Packed.Generi...	88	1	None
1	f5ce1abb61275e3402f49f48e8094bd2aa038f03845c41...	cedb0010f5eed344afdd71e43a65201dbf66b881934daf...	9a14d82d40df41a76b2bbc7e6666a6356f847ca4	f955a4e61c68b3468602f18ab469c46e	2021-07-31 04:15:39	None	f955a4e61c68b3468602f18ab469c46e.exe	539136	application/x-dosexec	exe	...	T135B4F160FAB0C872C0E4053188E5C5A5262DBC257960...	None	None	6144:zMlg7xejJLjVFT87j9ycfUgso52VnSAUiix0PelGO...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Malware.Filerepmetagen-9881079-0, Win.Mal...	552	1	None
2	5b74ce1d96a51a2083e32854851ac5152bca49293c4a59...	5c268e08a5be03dab7edb452c4ef32b664cbf174dd1147...	ab710e4811d11d68ca5505a0408ebed17760a5b8	d5e720a7076622dfbd3609642cac5c03	2021-07-25 20:55:55	None	ab710e4811d11d68ca5505a0408ebed17760a5b8.exe	311808	application/x-dosexec	exe	...	T12564E011FEB1C832D4550A7148E6C664672DB821FB70...	None	None	6144:EG0NJtV7zMcepWlFYr4TXFQ3Rl41XwcVBPAn:h0NJ...	48b9b2b0e8c18c90	[exe, RedLineStealer]	[Win.Packed.Raccoon-9881206-0]	160	1	None
3	bf53b4b404f09c51fc30b4e683f5258b8172e0698ec618...	b578616eceac5f11bb16752b2fbecadd037e2898ee69e2...	4d6304391e16baa517f219ee644b4227fe2b2a65	f4ad2cb7d4d6b02b1debf1d41849b71e	2021-07-25 16:41:16	None	f4ad2cb7d4d6b02b1debf1d41849b71e.exe	504320	application/x-dosexec	exe	...	T1C4B41239B2A0C471D81104315CE7CB95AEAE7C3B6A7C...	None	None	6144:Ek9mTKSLL6cUQalEKi4WMhx+/YhZCOc7BlYh8wOES...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Malware.Generic-9880784-0, Win.Malware.Ge...	163	1	None
4	6b01154004b3baac2cc7701d8319f4cc7a7ef361e02937...	3b2441005a98b394e393db6bb6c869fb1e61e9af0afe88...	ad5f75c5f9471a80a42ddd517af33eac080694e6	ae428d94143f5ccba46a5f839074eca9	2021-07-25 11:41:14	None	ae428d94143f5ccba46a5f839074eca9.exe	504320	application/x-dosexec	exe	...	T1A2B40213B680D473C25119310CE3CA79677DA96E1D38...	None	None	12288:aj0qGutOATlQtEo35BFVrfkpZCq//GVn/5c1ypYJ...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Malware.Generic-9880784-0, Win.Malware.Ge...	171	1	None
5	4acbafb8a79411abf461bc4ebe4ad1efe4abe663adcd79...	d81df14267a306a36649d233e3d07b2166f0345ba26c26...	ca764bbc548407d20f0a465aad48879b405658f1	200f4423e9f93a1b71a5ef368ba5919f	2021-07-25 05:51:35	2021-07-25 07:03:21	200f4423e9f93a1b71a5ef368ba5919f.exe	525824	application/x-dosexec	exe	...	T1B1B40154FA71EC32C094087444F5E6A1763CA826B955...	None	None	12288:OlahFbdTbwPjfEmNYYsVWQMkFmqiBPAi:OlahFb1...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[SecuriteInfo.com.W32.AIDetect.malware1.2062.2...	141	2	None
6	a6b60d3eaf83eb41ef1a22617ce085d5560f0768728a47...	4e94ecf58933955276e1a273d03534d3ce9b8c06649f9b...	fceff8fecbbe296d2b1fc4ed0dd4cd435704d259	4b6f1e1c7508808132fa6da57ba4f703	2021-07-24 17:00:56	None	4b6f1e1c7508808132fa6da57ba4f703.exe	504832	application/x-dosexec	exe	...	T14AB40264B190C472E0915A315CE3C752AABEBC75AD7D...	None	None	6144:/s1URJ/dBZ9f9pVpu6TPS57m8+/p/228pv17ZtCmK...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Malware.Generic-9880784-0, Win.Malware.Ge...	127	1	None
7	b1e70a6920b93d6df9e7bf189d43378b5e449beedcf65f...	4fa22011a026a385024eafeb277110072482c205c2b1fa...	a522645953d3992521b8ce13d5136ff8199de7bd	1ef23731d98d4f68020f8266876a8746	2021-07-24 17:00:53	None	1ef23731d98d4f68020f8266876a8746.exe	504832	application/x-dosexec	exe	...	T113B41220F261C873D5A416315CE3C7D5AEAFEC3149A8...	None	None	12288:YOC33JJPtpjz8u6dQDyushZ4H2D5ZyEqL:JC33vP...	48b9b2b0e8c18c90	[exe, RaccoonStealer]	[Win.Malware.Generic-9880784-0, Win.Malware.Ge...	128	1	None
8	4bf2dace8a23551a3cd374a14b68cef6185aa18f9148da...	15e9c270e925de997a7a8bccd0267f902130801e954d87...	fdc030df123e6e6a712cbc960a2e7c63266bf040	0b862b9c889d4bdc6f0bac7d702d8753	2021-07-24 10:59:30	2021-07-24 11:49:58	0b862b9c889d4bdc6f0bac7d702d8753	805888	application/x-dosexec	exe	...	T1F1051260FAB0CC32C4840A7859F6C6A5262DFC667B70...	None	None	24576:reKt4RjnJ+wWEr55fRue+cfxiskJM0BPA:rORdGA...	48b9b2b0e8c18c90	[32, exe, TeamBot]	[SecuriteInfo.com.W32.AIDetect.malware2.23336....	145	2	None
9	3ad13fd7968f9574d2c822e579291c77a0c525991cfb78...	f6ccb0d1c911bea5cd76f893fd9ed9b15a5e651d9f2268...	4412581e1e3e21494b2e8311e9a3690f684a743c	4ef58d8885410f6befd97f5536756ef4	2021-07-24 07:05:56	2021-07-24 07:55:34	4ef58d8885410f6befd97f5536756ef4.exe	4625448	application/x-dosexec	exe	...	T1FF26338CFAB2C9B3C84504B186DD8328636FE8523C78...	None	None	98304:I+tu+wI9bpk/h60fb5FX6oWhkwQVNN0cMVNr9wu:...	48b9b2b0e8c18c90	[exe, Glupteba]	[SecuriteInfo.com.Trojan.GenericKD.46673241.17...	292	2	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	2bca2ddb0d37c48969f9ca795248774bc84b2408240e8a...	f924724c6186e5f07bc77327ef1a7321b980b32a723c97...	c6915d02b759be4a2feb2cfe79bd861dd98d2486	b239afc5e3fec697142676c5de84a52a	2022-08-10 19:53:02	None	csQDaSnx.exe	126976	application/x-dosexec	exe	...	None	None	3072:mFh1qaSs6IF9OK4b80S2Van4Va1cpcQjed5OzqhUk...	d4a22b2e0792f0f0	[exe, remcos, RemcosRAT]	[]	[SecuriteInfo.com.Trojan.Siggen8.46567.11590.2...	189	1	None
1	81cccbe0fe96183f9a3612910a02f5e85479d687b55ac7...	5f98b68c5216d0a71e55d472e2b795ffbb04fd8c92c02c...	db3095e714bc1de4ee07a8ed41f3a8c5211ce7e3	64c7bfc9069bbad2837a9fadcc2b5543	2022-08-10 19:52:37	None	F5AjC83U.exe	126976	application/x-dosexec	exe	...	None	None	3072:mFh1qaSs6IF9OK4b80S2Van4Va1cpcQjed5OzqhUX...	d4a22b2e0792f0f0	[exe, remcos, RemcosRAT]	[]	[SecuriteInfo.com.Trojan.Siggen8.46567.11590.2...	184	1	None
2	a0911f69ebcbc93540e63bf007fcab0bbece1a9f55c780...	677dc1d42d01e91314fe205639a73edf083e38553bb540...	f35faaa0884f2124d15172e22e889f306a6ab4dc	909b5860cad8562a6908b2e043e89da8	2022-08-10 19:51:51	None	rrXcTwCT.exe	126976	application/x-dosexec	exe	...	None	None	3072:mpgk9sZwnSD9Pb0CR36oWdHZ8xyicFtsnal5OzqhP...	d4a22b2e0792f0f0	[exe, remcos, RemcosRAT]	[]	[Win.Malware.Rescoms-6598304-0, Win.Trojan.Rem...	177	1	None
3	e0b6bc3a80979c9698dc1a45ec43f00b0a35841706e141...	15d04e1a1b58d63896d5e7a8424a058a9a3d28c74a4174...	efaefb940f47210dd0a3e9483aede0d9d5ce8a52	648e9dc18a8bd5dda03ca12f4f2768e7	2022-08-10 19:51:08	None	RtJT2FrE.exe	131072	application/x-dosexec	exe	...	None	None	3072:mhh1qaSs6IF9OK4b80S2Van4Va1cpcQjed5OzqhUn...	d4a22b2e0792f0f0	[exe, NetWire, remcos]	[]	[SecuriteInfo.com.Trojan.Siggen8.46567.11590.2...	177	1	None
4	766ab97dc545207fe08d285356fa47298904585e8f2690...	90ffec08c7fa6921c635e5489a83528246956c2afcded5...	0073c8b602efaca3c2f676079abc771ad8abaed6	ba540e864f3f4afdd2512c6bb91c0b8d	2022-08-10 19:48:12	2022-08-10 19:53:51	g6yLQx19.exe	131072	application/x-dosexec	exe	...	None	None	3072:nbD9fB6vOkQo7pXTu7i0xHj39kzLQx5/rbyxKyMjO...	d4a22b2e0792f0f0	[exe, Remcos RAT 3.x, RemcosRAT]	[]	[Win.Trojan.Remcos-9752328-1, Win.Trojan.Remco...	180	4	None
5	98bd9ce6256c71da1189ff7552bc318b6e9e2e89561224...	a08db4ff8a043048e33d36a32b5e958ab4b2e27210205e...	067bd2264d1fe4a61fa7abd46ba4eb104987e2bb	bfa2f087b22e9e188bdb4654ddf17f0a	2022-08-10 19:47:49	None	E1Rj5TTL.exe	126976	application/x-dosexec	exe	...	None	None	3072:BSUtqGqBzWgp7q8zZYqCxarWjPHDoGnMAFI+zIcoS...	d4a22b2e0792f0f0	[exe, Remcos RAT 3.x, RemcosRAT]	[]	[Win.Malware.Rescoms-6598304-0, Win.Trojan.Rem...	174	1	None
6	56b9e1a9f0704305007504a26661905930387fc49d0fb0...	38e6187ed866f6abe9e3fa98995691d765498718817412...	d972b5f0d29ebd6db596c607434bf930ab822d48	da88c3cc6dbd042b0971b5951d6fb5f4	2022-08-10 19:47:26	2022-08-10 19:49:18	f6x8LJCP.exe	131072	application/x-dosexec	exe	...	None	None	3072:3bD9fB6vOkQo7pXTu7i0xHj39kzLQx5/rbyxKyMjO...	d4a22b2e0792f0f0	[exe, Remcos RAT 3.x, RemcosRAT]	[]	[Win.Trojan.Remcos-9752328-1, Win.Trojan.Remco...	179	4	None
7	629dd4f1db7eec3c7a084575676b48ac035fcc0a3ae9df...	8520e6655999cfd773163f19a1a6b4d0eb46097064843c...	326d6ffa21b340ee5dd54f11baa4c1fe24c1e6d7	e0a8f2f5a09a63b2b5f9411028c86d4c	2022-08-09 06:05:17	None	Urgent RFQ_AP65425652_032421,pdf.exe	760832	application/x-dosexec	exe	...	None	None	12288:8y5/OnuA02iN2NAoeZBaiGLKb8A1HuNwlSD9Y62s...	00071a1b52522920	[exe, RemcosRAT]	[]	[SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL]	263	1	None
8	bc6f494da47a6a0d914d0accb1e3297610a32feae69271...	4490f159f125e64ccf23eb09fa51109a335ec5917e0e4f...	895d1f61c833447a0db9769679e05594b766fa1a	f61c74deae0ce023bf2231e030edb7ab	2022-08-03 17:44:57	None	f61c74deae0ce023bf2231e030edb7ab	466944	application/x-dosexec	exe	...	None	None	6144:Mc53ezqVrhiBZ84M/k22nZcrTEfCNV0cjd2shWR5d...	c4d48eaa8ad4d4f8	[32, exe, RemcosRAT]	[]	[Win.Trojan.Remcos-9841897-0]	330	1	None
9	548a6de77d41a75d8463e4aa3d596caf294b6d5bfbc486...	0fd1b5613e91115f9ce75685bc5c74402f0a63f6020ca6...	dc09e242d4a334a70717421a767e2fd76e9f5dec	a35383f9431d405cd1164a1ba5c93a2a	2022-08-03 12:38:58	None	a35383f9431d405cd1164a1ba5c93a2a	466944	application/x-dosexec	exe	...	None	None	6144:Mc53ezqVrhiBZ84M/k22nZcrTEfCNV0cjd2shWR5d...	c4d48eaa8ad4d4f8	[32, exe, RemcosRAT]	[]	[Win.Trojan.Remcos-9841897-0]	278	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	52fce8f05b7bcad7c37912d8408be264e25301464474c4...	f7af2c9164495b59c212fe63a822ba96e87fae7c91ad87...	f4683e2471507c46d615e2139b25507e3406de7f	ba061b60e72e81ef174c6f38ecbe40a5	2020-06-17 00:09:41	None	pops.works_manahet__913ab4nu59ok.exe.malw	496037	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	68	1	None
1	e549369801506cbbef9a872289ac450273a6f1673e2c9b...	2483b4b9e4c0a25d57a6bd628b9c59e6040d37c7760873...	f96464d8c8b3a4591a4bc34452a59df7052aabd9	991b6d39966597c12b0ea799a056d49e	2020-06-17 00:09:34	None	pops.works_manahet__910ab4nu59ok.exe.malw	496127	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	67	1	None
2	69b47b24ade5077dd694765b73e1fb2c16c69d03e39f42...	93739fdca08dff670f91b4af8b8633809a76173ce97d6f...	b21075a21bd7473620a5d67746185ed0efe17c1b	8f914d42f69b6408cfcb12922ee39699	2020-06-16 23:35:00	None	pops.works_manahet__2988ab4nu59ok.exe.malw	495990	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	59	1	None
3	cfb9760bf161f34f1f6922babe8c09dd9477b34b832de1...	1d888d5c5c303b6e5871bc70c8672cced0891700e348f4...	64b56fa3c3fc6542632d0d5d1d819e4c35cd34ad	1b9453d1193a14db559150f40d953987	2020-06-16 23:18:36	None	pops.works_manahet__2711ab4nu59ok.exe.malw	496085	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	61	1	None
4	c7d996fed3fac2ff6add0ba741a61176f20dadcf25cfce...	31c27c607d7691a98a816028cc9804f2427cdf3853cab2...	9587b2eff81736f4bb98a33782665907bcc98ca5	efdd28e398a9cadc5a97877a90122913	2020-06-16 22:42:20	None	pops.works_manahet__198ab4nu59ok.exe.malw	496164	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	60	1	None
5	f2757682119b5daf632e40b37586d55850ef46cd510f18...	31aff8cd78201e74db323bb3315e6adb954e5358926179...	3f8db2d73670b655fbe3375dbb07a5ef676fb082	354f67d77cbf9d5ccd211673205c3dc3	2020-06-16 22:38:15	None	pops.works_manahet__1941ab4nu59ok.exe.malw	496078	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	54	1	None
6	eba4014f86d3d6ff53b40db04fe41a62ab3bbea61761d9...	2c7f98f4de25b2c679b08df288eeff364c53f24fda68b1...	c92d4b2698e653d37de5f7bf4bd3387e00624523	89e958619bc685ce85b52950f52c022e	2020-06-16 22:37:40	None	pops.works_manahet__1928ab4nu59ok.exe.malw	496390	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	53	1	None
7	2d9e273e556e79c1a712a7b8044be998d681cc7953b1f8...	127294be489448bd6d1f55f399271510e85381a66b2a80...	2e387fc861253bd637ba24425030c3be65085bfb	438f2357cf0916af3b6e495c140456b8	2020-06-16 22:18:19	None	pops.works_manahet__1623ab4nu59ok.exe.malw	496056	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	61	1	None
8	2c3723ae043796895afb2aa8e6d465e65e1fc0b22dac84...	601223ce7eeb84a0545ed9e455b6f0865ca64bbb05b2d9...	c7d18c164f41faf9337a4d2ee7e25fa32d6cc7cb	a1efd37441a618a2b4a4a38ebc768051	2020-06-16 22:15:46	None	pops.works_manahet__158ab4nu59ok.exe.malw	496289	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	57	1	None
9	6560ba1a1c5046ef58b32c96871949ea41a50f94397721...	71a8f2cce38c299324bb98d685bfcd56efa1fec1be4892...	3dfc79aa0876d075e5917e4f3798e351b75b04d4	fa57f5d615aabe519d250deae48ecdf3	2020-06-16 22:08:50	None	pops.works_manahet__1498ab4nu59ok.exe.malw	496017	application/x-dosexec	exe	...	4FB44AC6A19643BBEE8766FF358AC55DBC13D91C1B4DB4...	None	None	6144:uXKJlnagpOWod1+3Ea6dDeCR7yaEnC+lbUGhclavU...	None	[malw, TrickBot]	[SecuriteInfo.com.BScope.Backdoor.Emotet.14181...	58	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	2a57fa24db780dbd1f69f8e5a1b9b706b8c194c191caab...	a0a788306dea0da357ebf2a9eb8e33b5a49cff4e834d79...	51b84deed7b2241107fc2466ee35515c8bbf7c3f	9cd79b3a9da869b9b763620691ecc044	2021-06-22 15:22:38	None	9cd79b3a9da869b9b763620691ecc044	68176	application/x-executable	elf	...	88635AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...	None	[32, elf, intel, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	118	1	None
1	9367a86cc5573afc8c34963ac610baaa59fc279c2f38d1...	c3c8157eb7b395eb7bc3560af8efd89c1283b46358d682...	2cebe480f78bb005ec20a1b35f4d7701b6fb6021	cb8d0427ff2256bca6d0f668b66dc803	2021-02-23 19:16:02	None	cb8d0427ff2256bca6d0f668b66dc803	68176	application/x-executable	elf	...	E3634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	132	1	None
2	89b34c5b07f27d0d28a497525340fa17a623d53544dd59...	8e356f3cdfa5bb04e25cc11496768b649b62af0d57812a...	a9ad5e11e59037ebc178eac0f4708f590a6d7e0a	c8998a85f4c9f1d79ef360cf10ce01e3	2021-02-23 19:16:00	None	c8998a85f4c9f1d79ef360cf10ce01e3	68176	application/x-executable	elf	...	81634BC4B643D9F2ED0602B524B7EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcu/JOas6vYUZ...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	135	1	None
3	0ca882a6b9eac11e951bdb8dbf44dccf66c63818c68846...	b04d983571c634862a94710c75fefe5b3cb61286e8f26b...	cfadb6f29ef5fe8c2a05304002d446843a074e25	3208d52296dc5bd0d016b0869c3cc4c7	2021-02-23 19:13:38	None	3208d52296dc5bd0d016b0869c3cc4c7	68144	application/x-executable	elf	...	5C634AC8BA43D9F2EC0602B52077EF338E76F5B6215AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	91	1	None
4	f72ef232f04ae1ea49281e8e1d8a3d0b39ffd6622f8e8a...	2565e69468bc93b44a7d2e7b871c21dca89b00584a4863...	ff94b4e679a2af8da8a158ad47d73c45bb900213	59eb4dba2597fcf07f1953c8d7df8226	2021-02-23 19:13:13	None	59eb4dba2597fcf07f1953c8d7df8226	68144	application/x-executable	elf	...	C3634AC8BA43D9F2EC1602B52077EF338E76F5B6215AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	58	1	None
5	3386838e10e6f0235e26615bc5ca8fa43139eb0cf58453...	ae605253a5c8860b33e6528e2a518a517429628996e392...	ef59eb366924c376a377e6ef072f276aea26e0fb	6407985c60bd18bee0339e8e949dfe43	2021-02-23 19:13:06	None	6407985c60bd18bee0339e8e949dfe43	68176	application/x-executable	elf	...	65634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcMl2fas6vYUR...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	58	1	None
6	398c0b834906624f41aad7609c6a1d65a684f173a62fb6...	ba9d52b4a7b604eb063a92ba0bfa4b6dcab88e137601a4...	5fec0097093243d3d69f1c473eb4a2a992b58dcf	b1abf91fe2460339de5ab1d2da23b2a5	2021-02-23 19:12:31	None	b1abf91fe2460339de5ab1d2da23b2a5	68176	application/x-executable	elf	...	0D634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcMol2eas6vYU...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	56	1	None
7	e3065b89a497edde2a814cf88204aa09a6ab6f181d8893...	7cc24dc2189d4502dc5f773826fecc43d05074bd6fb867...	7627d5f44dfbdcb332fc824693aee63004bef180	7b1ac2b9ff3e06aecca478466be683d8	2021-02-23 19:10:19	None	7b1ac2b9ff3e06aecca478466be683d8	68176	application/x-executable	elf	...	B7634AC4B643D9F2ED0602B52477EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcrol2fas6vYU...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	51	1	None
8	15ff59c63e25fee8ab22639ee034600557090bb2789d0e...	a640ad190054466151b16ea18dc6ae262ec3b240beda28...	405096c641c1af1417fe239be43611a184fc48bd	de61ac7b487c95db132070e6add18c7c	2021-02-23 19:10:16	None	de61ac7b487c95db132070e6add18c7c	68176	application/x-executable	elf	...	99634BC4B643D9F2ED0602B524B7EF338E76F5B6216AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:5g80fNaLw64nUcBTicXg5PcS/DLhtcu/JOas6vYUR...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	54	1	None
9	84b5aa70e56ee461234480fd887a2b08c5e717b62b3020...	643287d5665d73b3bfdd40bca2895d57d98f121747431a...	17bdf61c4fa9fa9d6717f595b44207861287c26d	e495a650899a09ff1b1bbb22e5c1b42c	2021-02-23 19:10:04	None	e495a650899a09ff1b1bbb22e5c1b42c	68144	application/x-executable	elf	...	85634AC8BA43D9F2EC0602B52077EF338E76F5B6215AF9...	ea2106f51e7e58d9b7e4a400c29b5f623d5df13b299037...	None	1536:Dc0fNarwa4HU8Bzi83gZP8SfjLBoCYFehRbz3xZGH...	None	[botnet, mirai]	[SecuriteInfo.com.Linux.Mirai-29.UNOFFICIAL, S...	51	1	None

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	anonymous	signature	imphash	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign
0	bbb3c68240e69552a21b9fc649cf9a2686d26ad9297d87...	None	fece4c968c28f10849f7708346842a4c844aa5d3	4a4d26599ba12e48de5310d2b789ef90	2022-07-15 14:43:52	None	virussign.com_4a4d26599ba12e48de5310d2b789ef90	3393656	application/x-dosexec	exe	...	0	None	00be6e6c4f9e287672c8301b72bdabf3	T19EF512C1EDA042B9E6A10F3149A5F6351B6D3FF0FE24...	None	None	98304:C5zgfx9C7H5O1Wy8GgZ5samBLz2aj352a0GV027Z...	78e4cad0e6a6b8d8	[exe, signed]	[{'subject_cn': 'Audials AG', 'issuer_cn': 'Se...
1	cf5da5a9b8b16d91c32b99d0379ff6729b42606ff38fee...	None	b575cf708602d0285e97071dc7bee8daef415832	99fdd1d682a0c2999731ad61b2c0cc2e	2022-07-14 18:20:50	2022-07-14 22:04:43	99fdd1d682a0c2999731ad61b2c0cc2e.exe	17269872	application/x-dosexec	exe	...	0	RemoteManipulator	38be718d163809a15e0c7a672311fe41	T19407336BE7E68825D4FB47BA09BD8B20177ABCC91813...	None	None	393216:YfdYUDnIXid6KrMleGADjXUlQuEPrDLQCLs6JAY...	c4dacabacac0c244	[exe, RemoteManipulator, signed]	[{'subject_cn': 'Remote Utilities LLC', 'issue...
2	68fff33757fe2d5f3453319c42c4f2fa0e566db3e9e192...	None	7feb1ad024ba549905c3e112982db2ff6d7a066b	84786123b44e1c871a458403c82519ae	2022-07-12 10:45:18	None	68fff33757fe2d5f3453319c42c4f2fa0e566db3e9e192...	1795832	application/x-dosexec	exe	...	0	None	117f9d7a56c3cbec9a67cd881171e7ec	T184855D21A3D58437D0732E7A5C2A96946D2A7E202E78...	None	None	49152:1gE01Su+FT8wSa3C3+6Oo9grFiw5fT+XOnUg:1gV...	cc94b2a6a2a2a0f0	[exe, signed]	[{'subject_cn': 'IObit CO., LTD', 'issuer_cn':...
3	8d50514a50c7f6c76a47524a40aba6d7b25de685c5558b...	None	9e7af942ca6147a9517c16f018d61f6a025044c3	9ba470b8527aa227810d0c7316ab0a5a	2022-07-11 09:47:25	None	8d50514a50c7f6c76a47524a40aba6d7b25de685c5558b...	1222592	application/x-dosexec	dll	...	0	None	31b08bc72f8daf46c9fc08479f4bb223	T10F45CFB31914679AF370743E475C238164EB9C894BC9...	None	None	12288:vf9ROHAu+fkh6oxqCiZk2r/mPoQrHJRM0dN+WMNx...	None	[dll, OmniContact, signed]	[{'subject_cn': 'OmniContact', 'issuer_cn': 'S...
4	57d6f2bef4bb6701f19f1009528cc716c8e220f3c86601...	None	d775b52aa8e1ca033572757b64f212b1701ce4ef	d0fca62ff23bf70ee6a3fc41cff8b2c1	2022-07-11 09:47:20	None	57d6f2bef4bb6701f19f1009528cc716c8e220f3c86601...	1222592	application/x-dosexec	dll	...	0	None	31b08bc72f8daf46c9fc08479f4bb223	T11845CFB31914679AF370743E475C238164EB9C894BC9...	None	None	12288:Vf9ROHAu+fkh6oxqCiZk2r/mPoQrHJRM0dN+WMNx...	None	[dll, OmniContact, signed]	[{'subject_cn': 'OmniContact', 'issuer_cn': 'S...
...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...
95	1bdc2af9d05938e370a3aa3bdca8cc58923e85461f15cd...	None	04750cdaa55f51c718b1dace954e52007dcfcb24	76e1ca1c6012b83e028f5c6b20247dd6	2021-12-15 10:59:36	2021-12-15 13:01:09	1bdc2af9d05938e370a3aa3bdca8cc58923e85461f15cd...	782256	application/x-dosexec	dll	...	0	Quakbot	c967abd8a4b2caed74d57814c5fadb12	T194F49F22B2F14477C1B32A3D9C7B52A594297E113E38...	None	None	12288:W03XYpmWl+zDTCWxLgXUlId1AMK++U4wvpAHXQDf...	399998ecd4d46c0e	[dll, MIDDRA INTERNATIONAL CORP., Quakbot, sig...	[{'subject_cn': 'MIDDRA INTERNATIONAL CORP.', ...
96	01c434536512a312098bcdf8a82dc3172153e15b7c033a...	None	5f91717901585e8de4993fd916703314bcac6715	ea93eb3704c67210a65f14cde3feb6d2	2021-12-15 10:59:29	2021-12-15 13:01:16	01c434536512a312098bcdf8a82dc3172153e15b7c033a...	524720	application/x-dosexec	dll	...	0	Quakbot	8e3a2e9f601b5312da264792515ac8a5	T199B4AF22F6D04437C2732A388C5F56A8A8357E502E29...	None	None	12288:iPjtak6OdAvsE1655WY9NceCizMz/NrKp+:Ujgeb...	399998ecd4d46c0e	[dll, MIDDRA INTERNATIONAL CORP., Quakbot, sig...	[{'subject_cn': 'MIDDRA INTERNATIONAL CORP.', ...
97	950008035d225dd5f4c3a229082f1206eb9bce8c4aa482...	None	549735f585590452985451faf8ab1e6f22903abf	518d125bb64a8f8dc8b94054daf5e6df	2021-12-14 20:14:05	2021-12-15 00:51:19	518d125bb64a8f8dc8b94054daf5e6df	375656	application/x-dosexec	exe	...	0	CobaltStrike	1e8a809e0505b426516db96be454b4f8	T1FB84F361B2D6AF33F5135633C479AFB21E0BDDA802CE...	None	None	6144:eum89DM6Wn26B/vLcTnR2PYbtw3nnhsW/WQkwy+qq...	c0d4ec80b0b4b4e4	[32, CobaltStrike, exe, signed, trojan]	[{'subject_cn': 'REI LUX UK LIMITED', 'issuer_...
98	8140ac01ec377af7788eddd79d665d5000b34e7d064499...	None	9db7b3f5c7cff58d8a06f2f4cc82d9f7339f49e1	67d5dfcde8225a0cdf760d833ca44387	2021-12-14 17:50:31	None	Yukoste3.ocx	535440	application/x-dosexec	dll	...	0	Matanbuchus	c87b0244d3ec3baa302e51fc063cf2a4	T1C4B47CB6B7DF8437D22315389C5B6F74A835FE502D28...	None	None	12288:OCoerqtL8cwg/dQA1pb6ENUvIq9YXItrhL+hMalf...	399998ecd4d46c0e	[dll, matanbuchus, ocx, Qakbot, signed]	[{'subject_cn': 'TLGM ApS', 'issuer_cn': 'Sect...
99	7c549b6db99a8422b4e3c5a4d291057832ac5a36b6368a...	None	575f6e0a006bc19d5dfb5e5001f0b2b1a69cc0e8	62f20e4565b40b78c9b0c1c7f77c1f64	2021-12-14 17:49:42	None	Yukoste1.ocx	782224	application/x-dosexec	dll	...	0	Quakbot	c967abd8a4b2caed74d57814c5fadb12	T1ECF49F22B1F18477C1B32A3D9C7B52A594297E113E38...	None	None	12288:B03XYpmWl+zDTCWxLgXUlId1AMK++U4wvpAHXQDf...	399998ecd4d46c0e	[dll, ocx, Qakbot, Quakbot, signed]	[{'subject_cn': 'TLGM ApS', 'issuer_cn': 'Sect...

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	signature	imphash	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign
0	c79957ca77f6355fb02b9a0d9d2a4c86bca3d6fd53afbf...	None	989847d98a42b5e38dec8da84273908773666fee	61f8e8680493350a1b3df43bde88030f	2020-08-26 11:43:22	2020-08-26 12:51:22	srt_join2.bin	280448	application/x-dosexec	exe	...	TA505	099a636c552cf9ca90b2cb789202a343	2A54C09ADB23D2E4E869D5F07574B6733E363D08E26447...	None	None	3072:5Zw1GCu5naotdOJb72+1zhgR0hbxVzTvtV3aLztDA...	None	[64bit, dll, TA505]	[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn...
1	257b0d37f34e05dc0ffb5e8c93f9a2eadf7d5ae3bcecb0...	None	0c95cc765cfa1b623e4a2e19479a8d9388dd57df	7212195ad8edbdc8d063fa7ae29e4e04	2020-08-26 11:43:05	2020-08-26 12:51:31	srt_join1.bin	348032	application/x-dosexec	dll	...	TA505	4b9b01fb6891e95cfb189a66c9ebc808	C574E102BBD2D5B9C8CB843458B55A7C07BBCD663F4028...	None	None	6144:bTbhpsgZ09JTYNirD6tlMFnYmkx2/511qZb2ithvs...	None	[32bit, dll, TA505]	[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn...
2	f7125019233ca9714d5b2b16ef66119c37bc9033597f0c...	None	9f34f0590d3c19153a800cdaea19b1ce4ba26cb6	36af9b047a76cd1e37a8188d8ad4119d	2020-08-25 12:41:01	2020-08-25 14:14:08	srt_join2.bin	274304	application/x-dosexec	exe	...	TA505	cdf5bfe175bda0bb60d50a48dd0ca746	D044CFA7DB57B1EEF952D630E5A47A337E353918A12C8E...	None	None	6144:zU0DDlOPbQ6+aKVelI7PuUMtgE6+KFlBNJXjq7fAb...	None	[64bit, dll, TA505]	[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn...
3	7ad188a87fed28bbb4570f32ad729c492d434b8d3efdc1...	None	dfed494c9e2afc0aa48cbee2ad7f27ac9cef8a91	f7020878397a7dcf7f661a166ae9fab5	2020-08-25 12:40:48	2020-08-25 14:17:52	srt_join1.bin	324480	application/x-dosexec	dll	...	TA505	57bbb25cc369c676e719c14c25249dd8	186402485AE24A3AF1E9023C51E60744A9652DB02F90A0...	None	None	6144:xXoWnIxqmbeF0x9QAd1HielOXYonTKF9YPbuHENCr...	None	[32bit, dll, TA505]	[{'subject_cn': 'Ekitai Data Inc.', 'issuer_cn...

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	signature	imphash	tlsh	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign
0	1a49d434e0a95bd312d3d0a6d4fd5335830970bef8009e...	None	d10b67e61fcce873ecac3ff3b5fca077106ff4d4	5d3727294622a3191a33b87049e4fbaa	2020-11-04 17:11:15	None	1247015.exe	277456	application/x-dosexec	exe	...	Quakbot	015974618e9105226f001019d35e62e5	D944F12329799033F4220BB64DE6D2724C7D78685A3209...	None	None	6144:QLfhdM/bXZswyIZkEuHrBuYFCAN8XkwDLPUf:ivKb...	None	[exe, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
1	e4053c912df782e2756904eaf7eb2fc4cd54ea0b59f2dd...	None	5bafc16caa8e8a8a7f3e963c581e7c389a72cc4b	09c3b79f25e4fb96636099e1c032e440	2020-11-01 10:12:01	2020-11-07 12:50:41	e4053c912df782e2756904eaf7eb2fc4cd54ea0b59f2dd...	261072	application/x-dosexec	exe	...	QuakBot		4844E04213E84445FC6B667A4CB2C32016527C95A72EAF...	None	None	6144:CawCRk4Z0Nhb4s6g1IILx4r37gCyljA6+:+Gk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
2	d394623d69c8cbac395b6197210ae622fb98293d2cfcd6...	None	e33121ab4e815bb22c000e5283037f054c5c28a5	62891560f0dd59eb551625ed6450712e	2020-11-01 10:11:58	2020-11-06 10:55:49	d394623d69c8cbac395b6197210ae622fb98293d2cfcd6...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	EC44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:adtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
3	d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa...	None	495247119b938027aa9b06be0453a7aab5715458	7234795ec5e1575c0fde8231830df585	2020-11-01 10:11:55	2020-11-07 12:48:51	d1bb3f027353c0a0714df4f1078d9cd0682c81e7bb27aa...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	6944E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:adtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
4	b722d1e333d3cabbc9399d799a05cbbf17b09f4bf48a4e...	None	466dd9671f9590f9d239bd2aa3f917c1a966d733	e93c2a807d6a6e8093b1e4d92976418f	2020-11-01 10:11:53	2020-11-06 11:28:35	b722d1e333d3cabbc9399d799a05cbbf17b09f4bf48a4e...	261072	application/x-dosexec	exe	...	QuakBot		6544E04213E84445F86B667A4CB2C32016527C95A72EAF...	None	None	6144:+awCRk4Z0Nhb4s6g1IILx4r37gCyljAri:qGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
5	b06e103b426a26533360cb1ab47055e3f8b3a75b7995f8...	None	6d3ac735ba3022c337cbb9a980ef29ce3879d234	076c9badb09bfadea92f797b8492039d	2020-11-01 10:11:50	2020-11-07 12:52:10	b06e103b426a26533360cb1ab47055e3f8b3a75b7995f8...	261072	application/x-dosexec	exe	...	QuakBot		1544E04213E84445FC6B667A4CB2C32016627C95A72EAF...	None	None	6144:UawCRk4Z0Nhb4s6g1IILx4r37gCyljAWX:kGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
6	b5e167293b5978ad7aa100c846e91e42cc1a8da04cb860...	None	c4c3c49ecb41e79cbb3e156dd531926b6248f8c8	b3ffeafc033067e6fa3b1233db3720b4	2020-11-01 10:11:48	2020-11-06 11:11:36	b5e167293b5978ad7aa100c846e91e42cc1a8da04cb860...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	9E44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:qdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
7	303121f6de8cf468ba8556e3da25d7b4ce3d326d97125a...	None	70ab3c4af274fc98f9388460352fb35c71c57b14	0c480dd3889b16c97e5279bd4780eda1	2020-11-01 10:11:46	2020-11-06 11:22:41	303121f6de8cf468ba8556e3da25d7b4ce3d326d97125a...	261072	application/x-dosexec	exe	...	QuakBot		2144E04213E84445FC6B627A4CB2C32016527C95A76EAF...	None	None	6144:pawCRk4Z0Nhb4s6g1IILx4r37gCyljA1A:vGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
8	67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270...	None	920c5e99cc170eb91df304a18517e9f19296dfef	ee0ebee0f94b643807db675d43fee80a	2020-11-01 10:11:44	2020-11-07 12:51:09	67506d9141b18c0878e73fe9bc13f6bdaf5415c31cd270...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	EB44E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:+dtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
9	2964eeb4bb8c0efe746244428f24422aa311b216238faf...	None	c47e5c9ce2c229ea155d141b0cbc2ff2b7fb4aab	c7fda8ee4fc40075ce80747c4688942b	2020-11-01 10:11:42	2020-11-06 10:58:14	2964eeb4bb8c0efe746244428f24422aa311b216238faf...	261072	application/x-dosexec	exe	...	QuakBot		FA44E04213E84445FC6B667A4CB2C32016627C95A72EAF...	None	None	6144:5awCRk4Z0Nhb4s6g1IILx4r37gCyljAyU:fGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
10	495dedc7acdd334f376eb57d8d87d5bcacbc0da799adc6...	None	41c6b58c5d6a930723462e438c4a9fda00ca4677	8819d42d87d41ef33804b444725453a1	2020-11-01 10:11:40	2020-11-06 11:37:21	495dedc7acdd334f376eb57d8d87d5bcacbc0da799adc6...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	3744E0C2A3EC4044FAA652BB4073C3153A217D5D983EAB...	None	None	6144:zdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
11	162a0d1651250cab75ba0219b85763bdaf5af3398b5dfe...	None	cf26b10796acb1a9ccc253090662a7b6c8833e8b	e491ece1e104ee96dd39a2349c1576a4	2020-11-01 10:11:38	2020-11-07 12:53:22	162a0d1651250cab75ba0219b85763bdaf5af3398b5dfe...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	D844E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:FdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
12	85aa8419001ffcc0dac6a29548dc0438c05261b842d625...	None	8824d0e2faf62218f05dfcf2bee3ec349018b386	8da737c1dc7d34d2c3b3157d29a156ad	2020-11-01 10:11:36	2020-11-06 11:09:45	85aa8419001ffcc0dac6a29548dc0438c05261b842d625...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	D144E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:rdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
13	46c407bc6a89726389f73de450a801d6d14a9fb97447f2...	None	a04121ab830393c7dd500f78e63e94c0d9603f5f	4c86351a2c1c889699ac9e3ebf831c72	2020-11-01 10:11:34	2020-11-07 12:52:49	46c407bc6a89726389f73de450a801d6d14a9fb97447f2...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	3F44E0C2A3E84044FAA652BB4073C3153A217D5D983EAB...	None	None	6144:rdtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
14	037d8b7946f740cc7d4f72b8e133766c3f5ca141369707...	None	353c5ae6b7f7e75933b6a1021f3ed2d7afe1ed49	07c57f584f3b67f6026730ead1bfcb46	2020-11-01 10:11:32	2020-11-07 12:51:58	037d8b7946f740cc7d4f72b8e133766c3f5ca141369707...	263632	application/x-dosexec	exe	...	QuakBot	303f89b8f429d52fa9a67ddad2dbfa52	7544E0C2A3EC4044FAA652BB4173C3153A217D5D983EAB...	None	None	6144:7dtJ9rtpMBa7FjRbRtwM/XNfNMzpLLpqUxLRbch5c...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
15	16f511f7fdc83981b31b85fe6c42591093db5397d7634b...	None	04a1650ec2c3e5b87865cf5ef36c7bfdc486d03d	15f3bcd8d6edacb9432e69ed7c218d63	2020-11-01 10:11:30	2020-11-06 11:35:27	16f511f7fdc83981b31b85fe6c42591093db5397d7634b...	261072	application/x-dosexec	exe	...	QuakBot		5A44D04213E84445FC6B667A4CB2C32016527C95A72EAF...	None	None	6144:lawCRk4Z0Nhb4s6g1IILx4r37gCyljAqT:bGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
16	9d8eb1fc299a3be657eb975c5c7bc69bff72f536c6c02a...	None	93f94d86e22ddcd9659b37263cb5c826db3b21e3	2652cb6dede0a322f2aaa727ba63bc91	2020-11-01 10:11:28	2020-11-06 11:33:28	9d8eb1fc299a3be657eb975c5c7bc69bff72f536c6c02a...	261072	application/x-dosexec	exe	...	QuakBot		C744E04213EC4445F86B667A4CB2C32016527C95A72EAF...	None	None	6144:SawCRk4Z0Nhb4s6g1IILx4r37gCyljAWx:uGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
17	3b948ca55076ceedc3e6915ff9db3ede5a24341b34ba55...	None	d5a6c35bbeb0990bb7d890abdaca1533f31305a2	288bc129d402228bb3cac14828d26ecf	2020-11-01 10:11:26	2020-11-07 12:50:21	3b948ca55076ceedc3e6915ff9db3ede5a24341b34ba55...	261072	application/x-dosexec	exe	...	QuakBot		3E44E04213E84445F86B667A4CB2C32016627C95972EAF...	None	None	6144:PawCRk4Z0Nhb4s6g1IILx4r37gCyljAEg:ZGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...
18	1f622642ed6ea23622fb1786f08270c81b635c29b00350...	None	4eada9d3ff43852dbe527d8558358506eba58b6f	c0e542a6270d57d5dc2c319a79e91c69	2020-11-01 10:11:16	2020-11-06 11:29:57	1f622642ed6ea23622fb1786f08270c81b635c29b00350...	261072	application/x-dosexec	exe	...	QuakBot		1E44E04213E84445F86B627A4CB2C32016627C95676EAF...	None	None	6144:tawCRk4Z0Nhb4s6g1IILx4r37gCyljAMl:zGk4Zkh...	None	[APPI CZ a.s, Qakbot, Quakbot, signed]	[{'subject_cn': 'APPI CZ a.s', 'issuer_cn': 'S...

	sha256_hash	sha3_384_hash	sha1_hash	md5_hash	first_seen	last_seen	file_name	file_size	file_type_mime	file_type	...	telfhash	gimphash	ssdeep	dhash_icon	tags	code_sign	intelligence.clamav	intelligence.downloads	intelligence.uploads	intelligence.mail
0	f9a6e8aed26a829f9af2ecf722dc09ed76a3144d6fe4bc...	054e57fe702fad8b75cefc8e91f071876b253b7cf48bf3...	b89f8a9d02dbb2139430a1a30314e4f2cff29f71	6444777ae59bee41428a9c3a53741c80	2022-08-11 09:29:03	None	91361.doc	9068	application/octet-stream	unknown	...	None	None	192:7jBthS94xAvK2s/XKIAJb5tOlptSX2kebp3gVkjOBu...	None	None	[]	None	16	1	None
1	ce1e8e57264e84d75ed4960855768418c7a73707d0855d...	2945d468176ca3766e5982574652025887cdce34028f4c...	7fd429ceb24c476a9b3796fe71961575e7637738	fea743ac96b30d64f914d491e802abc1	2022-08-11 09:22:06	None	Copia di pagamento-3400753232678_001-11.08.202...	625664	application/x-dosexec	exe	...	None	None	12288:3GVq6azddQyxvS8Fhyq+rq5IhAW3Lm1u9Cj0Vpzm...	d4e2c8b4ccc8f2cc	[agenttesla, exe]	[]	None	121	1	None
2	2582008cc5626a748f4926d0973f1b4ea0717e5167e1f7...	05d09b744be600daf03e2f67bcdc4b81ee317336ee7988...	e03a9f658327fc96d774ae19d714add257a10d88	2f4a3782d2ab90126ff927026dac5077	2022-08-11 09:19:47	None	2f4a3782d2ab90126ff927026dac5077	834560	application/x-dosexec	exe	...	None	None	12288:EoFor+A0cb27/9DAx35L4Zk9ykn72GU7VfsLjuGB...	None	[32, exe, RemcosRAT, trojan]	[]	None	111	1	None
3	6e294639b9e9dec345a4b9bdeb29bd5695ea2d84e0fa88...	7ba5d10ded17ef135d101e5caec3c8e8959b0beb25e6bd...	69bf7182f7cd72ca775be7736b843345efbbdc0e	ca25cc1a0351513cbb0bb70343b03862	2022-08-11 09:19:27	None	ca25cc1a0351513cbb0bb70343b03862	857600	application/x-dosexec	exe	...	None	None	12288:WEoKggb2iNdvpc++HRBTEdG6gAGYN/lXXE5fRPcX...	None	[32, exe, Formbook, trojan]	[]	None	101	1	None
4	9bc54f008c1a379e2a422b64b57339e7a3d8ee01745dd0...	513b59672d898a92ea8b79a2c015cc79867ed7cac5d271...	117b1e130cc2f2406b0f38d3b3677e4699f65214	57ecac082ee320cf94b2de1a0927a994	2022-08-11 09:19:13	None	57ecac082ee320cf94b2de1a0927a994	879616	application/x-dosexec	exe	...	None	None	24576:eoKgK1XpSN1RgXrhOquNb9cMQSKScGWgi:bKgKV7...	None	[32, AgentTesla, exe]	[]	None	107	1	None
5	f2a4cc133dfeca5432bf22c2817aeb8edb434057711727...	13ad83f7ec5e622b022a06b80f2afa90272cb6a5d7eb5f...	b1eedf6d0b197b0d743e60390864aa279f1f915a	b9694513a38e321b8cbfd807367b7e21	2022-08-11 09:15:26	None	Project sheets.pdf.exe	147736	application/x-dosexec	exe	...	None	None	3072:rTpc2Du8SknETVtyMl9Rrhr7jmSBe9BeZ/F8xB2dM...	d2e8ecb2b2a2b282	[exe, Loki]	[]	None	122	1	None
6	f53a803c52691f8506f33d2719028822db93ae1799d0ba...	32b0422e11faafaa49f39f0df7b093cddeb316f5087134...	9b2c6fddac6ea6c27a2c5c25d515d389429703c0	4e416bdf228c332a60a4fc0d8326373f	2022-08-11 09:00:33	None	4e416bdf228c332a60a4fc0d8326373f.exe	207360	application/x-dosexec	exe	...	None	None	3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIPs...	None	[exe, NanoCore, RAT]	[]	None	145	1	None
7	ba66c7a46a35c1b38aa76a199ae19a65674786771b153e...	5983e487146283ae8c880a5c21b7ef989307d0a0327d59...	b340afd00d6feb4da15b9b10446417e51d3f7082	e6ae2071837c90e79a7f4c6e8e778f0f	2022-08-11 09:00:31	None	e6ae2071837c90e79a7f4c6e8e778f0f.exe	923829	application/x-dosexec	exe	...	None	None	24576:pAT8QE+kEVNpJc7Y/sDZ0239GhjS9knREHXsW02E...	b298acbab2ca7a72	[exe, RecordBreaker]	[]	None	133	1	None
8	93b24291abe4b2c7d3eebd64168cf86e5b36571bd30645...	bc79bfe7cf79004f707014cae678bb19a55a91402cc143...	92b194b6c75c6c2e8e693fca7f0c660fbcd70be5	76755f4c31240a6247689c0ffdc6e627	2022-08-11 08:45:49	None	AST_928765425672-09876353B.exe	864256	application/x-dosexec	exe	...	None	None	12288:9N+7nP3i1XkYIgj7wPQdh0TLeb9hIv001mWfTd0:...	c496b2b8fcccacdc	[AgentTesla, exe]	[]	None	175	1	None
9	08375457359c0439dde333b220071987d355b3a2b0aa9f...	ca9ceb34ae3cd40cd0767a8d665a8346af419f56fd023b...	58133e441cebee95176aba75ef533a99af208758	bb2518245e5b20e35c7a22521be3b6fb	2022-08-11 08:45:38	None	MV TONIC_CTM REQUEST.exe	762368	application/x-dosexec	exe	...	None	None	12288:xqoKggb2iNdvpc++E4+xp985R+J0vuxrHeBCVLbC...	None	[exe, Loki]	[]	None	159	1	None
10	f3d62ca6b2dfd77bd362dc1f4ec6e99bb43302e82583e6...	936d638104e56fd4cdbf6f56c1ea63679a02e763eaef01...	cd8ddf4094ff130568ace0dfc578500213eb5be4	d3c1e94c64ce0e37e03af92f18067ea4	2022-08-11 08:40:28	None	d3c1e94c64ce0e37e03af92f18067ea4.exe	922983	application/x-dosexec	exe	...	None	None	24576:pAT8QE+kHVNpJc7Y/sDZ0239GhjS9knREHXsW02E...	b298acbab2ca7a72	[exe, RecordBreaker]	[]	None	158	1	None
11	cce110eed95c36bf618669b1a290ee90b5152ee9c660b6...	c5becc588aaf916b5e3410577e7da0c584580acb8b9133...	998f81830fedf6ed17772adbafb0e35f4db90921	50e4b08657bacf6cc461e5b804bf6327	2022-08-11 08:33:42	None	Cerere de oferta P.0- 202208100237RO.vbs	3279	text/plain	vbs	...	None	None	48:7VH5HxRyYdZGYG6QSdtBGJS8rSMB0sAZtBL0Bd1lzyo...	None	[RemcosRAT, vbs]	[]	None	92	1	None
12	6461adafdbd61960915775dea557e0e90befe75f1dd4e5...	22e9653bd814fd0e4c1f56f32531089bafcd274bb5a80e...	656b499793e15d10ff2f5c390fe68b0936747bf4	0981f372b79a6cb066b549f77222ed99	2022-08-11 08:33:22	None	Blocked_Mtcn_pdf.jar	762743	application/zip	jar	...	None	None	12288:pYLm8IIt9zaZOodSEq0MmKKpwF5RL+g581tQWyq2...	None	[jar, Vjw0rm]	[]	None	93	1	None
13	2d879a04feb390c4a7fcf0351a18ac23b203936dac3dcf...	6691d54452ae7f6edbbae5340a96021673d31cf1e82b43...	c77c349436d747a1509870d687221ada7528ecae	f8d8bd0c38f4c99a83a38856fa9b7e4e	2022-08-11 08:33:10	None	Dhl.exe	109568	application/x-dosexec	exe	...	None	None	192:Gy1HDYwzBbx3Z5FvmTAOeqfOZQNdDnHOiSa52nkwi6...	0000000000000000	[DHL, exe, Formbook]	[]	None	176	1	None
14	aa7436d336aa352db635976f19fe9f6fce9078608d3fdb...	f8e4f386d86829a3e01c46da571c694079c16a7bbec253...	6f091e5c2c085341e4b95b79b9d0f5738f3adb55	382b66f8a5dca1305cf1e5de83b7fdef	2022-08-11 08:32:53	None	TNT Original Invoice.exe	289824	application/x-dosexec	exe	...	None	None	6144:joq5HAUwC5UM1kSlTXmLAtBP8wGYmLReHgcaVkJvp...	d2e8ecb2b2a2b282	[exe, Formbook, TNT, VelvetSweatshop]	[]	None	166	1	None