SOC Incident Toolkit
Back to Campaigns
RE TURGENCE: Turkish Hackers' New Target - MSSQL Servers

RE TURGENCE: Turkish Hackers' New Target - MSSQL Servers

https://platform.socradar.com/app/threat/malware/win.mimic

RE TURGENCE campaign by Turkish hackers using Mimic ransomware to target weak Microsoft SQL servers in the US, EU and Latin America. This campaign, uncovered by Securonix, aims to exploit vulnerabilities for financial gain by selling access or installing ransomware on compromised hosts.

Indicators of Compromise

Hashes (46)

84f8459d96860abfc96aa6f959576b262d27f57b4f193a563443acc7fe0cbf611f4ff0f1171fcbdf16c3ecef8f9dbedbf9f6c453da12c8ff16415c9b696c2e7df95a46e9b07455cd129ce586b954870dcc54096fb8867ff6a4f5a5c7bb8cc795881375031eed2c93e815ec49db6f4bff68ed5f4b4eabd66190ae39b45fff0856fba4b3918b44a6d831a5b9120b48a1e94c83e46a29106afbaf5279029d102b489d958781764289b61ab5b618a43074050a2cfffb353b1f14dd696f8e86ea453c49fa3eb35f16e87ff13ecdf8752068979f3ad476eda128752a690bd26d7f9a67a8a4855a187619e74422cc08121ad3d3a222ba1fd77a7915a61c8c7a0241222b4ad48dd1c243f3548caef23fe985e9c2cd5a2ec1a95d754ee5189bfee6e1f61c76a0a5ee8173da273e02f24a62faccfa75975b0c890f804dab19f68d7072f8c04c5fe5162d2a4199448fc0e1ad03690bc44487ce1827ce26ac4699432d15b42a80bf2731a81c113432f061b397d70cac72d907c39102513abe0f2bae079373e4e93f3c72a0d605ef0d81e2421cca19534147dba0dded2ee29048b7c2eb11b20a42396ce27e22be8c2f0620ee61611d7f86dfe9543d2f2e2af3ef5e85613cee32bd1c3303d13cadf8bbd6200597e9d365ec3c05f1f48052cd47dcd69e77c94378fbc9ba3ba7387c38eb9832213b2d87cf5f9fc2ba557e6fdf23556665ca3ef44a5e6df45bdc8d4a5f711988672cc43643fb35a8769d576cd022301e7b0c07f8640bdeb55e76fa2eb38f23e4b9e49e2cdba5f8422d569e3b6eac58c4e694a000eb534b1f33508a8b5de8a7ad3749c24727cc878f4d+26 more

IPv4 (3)

45.148.122.6345.148.121.8788.214.26.3

Notes

<span id="docs-internal-guid-21ac4750-7fff-0018-9482-bf764e6eb8c1"><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSIONS</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">At SOCRadar, we are closely monitoring the impact of MIMIC Ransomware on the cyber security landscape. MIMIC is a type of ransomware that exploits vulnerabilities in MSSQL servers to infiltrate corporate systems, encrypts valuable data, and demands a ransom. This threat can lead to significant operational disruptions and financial losses for businesses.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">SOCRadar’s Solutions Against MIMIC Ransomware:</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><a href="https://socradar.io/suites/cyber-threat-intelligence/"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Cyber Threat Intelligence</span></a><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: We provide in-depth intelligence against threats like MIMIC. Offering insights into threat behaviors, propagation methods, and associated Indicators of Compromise (IoCs), TTPs of group(s) behind the campaign, we enhance our clients' abilities for early detection and prevention.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><a href="https://socradar.io/category/digital-risk-protection/"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Digital Risk Protection:</span></a><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> We offer comprehensive protection for digital assets and online presence. This is particularly vital against phishing and other social engineering attacks.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><a href="https://socradar.io/solutions/dark-and-deep-web-monitoring/"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Dark Web Monitoring: </span></a><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">We monitor dark web activities related to MIMIC, informing our clients about relevant data breaches and discussions in hacker forums.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><a href="https://socradar.io/step-by-step-threat-hunting/"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Incident Response and Threat Hunting</span></a><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">: In the event of a MIMIC infection, we support with threat hunting and incident response services. Tracking IoCs within systems, we trace the spread and develop an effective response strategy.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Future Outlook:</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ransomware threats are constantly evolving, necessitating ongoing vigilance and regular updates to our cybersecurity strategies. An effective defense and response strategy against threats like MIMIC Ransomware requires a comprehensive approach that encompasses technology, business processes, and people.</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Call to Action:</span></p><p style="line-height:2.1;margin-top:15pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">We recommend utilizing </span><a href="https://socradar.io/labs/soc-tools/ip-reputation"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">SOCRadar’s comprehensive suite of tools and services</span></a><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"> for a multi-layered defense strategy against cyber threats like MIMIC. Our integrated threat intelligence, risk management, and incident response capabilities will significantly enhance your resilience against cyber threats.</span></p><div><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div></span>

Mitigation

<span id="docs-internal-guid-3e298ac1-7fff-2201-2709-a18e65b02be4"><div style="line-height: 2.21538; margin-top: 0pt; margin-bottom: 11pt;"><span style="font-size: 20.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><b>MITRE ATT&amp;CK matrix</b></span></div><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col></colgroup><tbody><tr style="height:24pt;"><td style="border-bottom:solid #dddddd 0.75pt;vertical-align:middle;background-color:#dabbf6;padding:4pt 8pt 4pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Tactic</span></p></td><td style="border-bottom:solid #dddddd 0.75pt;vertical-align:middle;background-color:#dabbf6;padding:4pt 8pt 4pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Technique</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Initial Access</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1110: Brute Force</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Discovery</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1046: Network Service Discovery</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Defense Evasion</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1112: Modify Registry</span></p></td></tr><tr style="height:80.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Persistence</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1098: Account Manipulation</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1505.001: Server Software Component: SQL Stored Procedures</span></p></td></tr><tr style="height:80.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Credential Access</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1003: OS Credential Dumping</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1110.001: Brute Force: Password Guessing</span></p></td></tr><tr style="height:152.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Command and Control</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1105: Ingress Tool Transfer</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1572: Protocol Tunneling</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1573.001:&nbsp; Encrypted Channel: Symmetric Cryptography</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:18pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1219: Remote Access Software</span></p></td></tr><tr style="height:26.25pt;"><td style="border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Impact</span></p></td><td style="border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1486: Data Encrypted for Impact</span></p></td></tr></tbody></table></div><br><h3 style="line-height: 2.21538; margin-top: 0pt; margin-bottom: 11pt;"><span style="font-size: 20.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><b>Analyzed file hashes</b></span></h3><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col></colgroup><tbody><tr style="height:39.75pt;"><td style="border-bottom:solid #dddddd 0.75pt;vertical-align:middle;background-color:#dabbf6;padding:4pt 8pt 4pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">File Name</span></p></td><td style="border-bottom:solid #dddddd 0.75pt;vertical-align:middle;background-color:#dabbf6;padding:4pt 8pt 4pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 13.5pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">SHA256 (IoC)</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ad.bat</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">9F3AD476EDA128752A690BD26D7F9A67A8A4855A187619E74422CC08121AD3D3</span></p></td></tr><tr style="height:44.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ps1.ps1</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">A222BA1FD77A7915A61C8C7A0241222B4AD48DD1C243F3548CAEF23FE985E9C2</span></p><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">1ED02979B3F312C4B2FD1B9CFDFB6BEDE03CD964BB52B3DE017128FE00E10D3C</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">start.bat</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">F328C143C24AFB2420964740789F409D2792413A5769A33741ED956FCE5ADD3E</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Ar3.exe</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">1C7B82B084DA8B57FFEEF7BDCA955C2AA4A209A96EC70E8D13E67283C10C12A5</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">gui40.exe</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">31FEFF32D23728B39ED813C1E7DC5FE6A87DCD4D10AA995446A8C5EB5DA58615</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">advport.exe</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">D0C1662CE239E4D288048C0E3324EC52962F6DDDA77DA0CB7AF9C1D9C2F1E2EB</span></p></td></tr><tr style="height:26.25pt;"><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">red25.exe</span></p></td><td style="border-bottom: 0.75pt solid rgb(221, 221, 221); border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">E9C63A5B466C286EA252F1B0AA7820396D00BE241FB554CF301C6CD7BA39C5E6</span></p></td></tr><tr style="height:26.25pt;"><td style="border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">red.exe</span></p></td><td style="border-top: 0.75pt solid rgb(221, 221, 221); vertical-align: top; padding: 4pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 12pt; font-family: Arial, sans-serif; color: rgb(51, 51, 51); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">D6CD0080D401BE8A91A55B006795701680073DF8CD7A0B5BC54E314370549DC4</span></p></td></tr></tbody></table></div><br><br><br><br></span>