{
	"id": "3854cffd-4ef4-45ef-9610-eea5cf2d9eed",
	"created_at": "2026-04-06T00:17:43.410443Z",
	"updated_at": "2026-04-10T03:20:44.926237Z",
	"deleted_at": null,
	"sha1_hash": "1e877de764fe8678e308786897e7fcb601a5feb9",
	"title": "Threat Roundup for Feb. 22 to March 1",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1090025,
	"plain_text": "Threat Roundup for Feb. 22 to March 1\r\nBy Joe Marshall\r\nPublished: 2019-03-01 · Archived: 2026-04-05 19:22:57 UTC\r\nFriday, March 1, 2019 12:16\r\nToday, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 22 and March\r\n01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize\r\nthe threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and\r\ndiscussing how our customers are automatically protected from these threats.\r\nAs a reminder, the information provided for the following threats in this post is non-exhaustive and current as of\r\nthe date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting.\r\nSpotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following\r\nthreats is subject to updates, pending additional threat or vulnerability analysis. For the most current information,\r\nplease refer to your Firepower Management Center, Snort.org, or ClamAV.net.\r\nFor each threat described below, this blog post only lists 25 of the associated file hashes. An accompanying JSON\r\nfile can be found here that includes the complete list of file hashes, as well as all other IOCs from this post. As\r\nalways, please remember that all IOCs contained in this document are indicators, and one single IOC does not\r\nindicated maliciousness.\r\nThe most prevalent threats highlighted in this roundup are:\r\nWin.Malware.Bladabindi-6872031-8\r\nMalware\r\nnjRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute\r\ncommands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone.\r\nnjRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date\r\nback to 2014.\r\nWin.Malware.Vbtrojan-6871444-0\r\nMalware\r\nThis is a malicious tool used to exploit Visual Basic 5.\r\nWin.Malware.Ekstak-6871246-0\r\nMalware\r\nThis malware persists with SYSTEM privileges by installing itself as a new service called\r\n\"localNETService.\"\r\nWin.Trojan.Zbot-6871232-0\r\nTrojan\r\nZbot, also known as Zeus, is trojan that steals information such as banking credentials using a variety of\r\nmethods, including key-logging and form-grabbing.\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 1 of 17\n\nWin.Trojan.Bifrost-6871028-0\r\nTrojan\r\nBifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client\r\nbackdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code\r\non the compromised machine. Bifrost contains standard RAT features including a file manager, screen\r\ncapture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. In\r\norder to mark its presence in the system, Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot.\"\r\nDoc.Malware.Emotet-6866090-1\r\nMalware\r\nEmotet is one of the most widely distributed and active malware families today. It is a highly modular\r\nthreat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office\r\ndocuments with macros, sent as attachments on malicious emails.\r\nThreats\r\nWin.Malware.Bladabindi-6872031-8\r\nIndicators of Compromise\r\nRegistry Keys\r\n\u003cHKCU\u003e\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\r\nValue Name: internat.exe\r\n\u003cHKLM\u003e\\System\\CurrentControlSet\\Services\\NapAgent\\Shas\r\n\u003cHKLM\u003e\\System\\CurrentControlSet\\Services\\NapAgent\\Qecs\r\n\u003cHKCU\u003e\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\r\n\u003cHKLM\u003e\\System\\CurrentControlSet\\Services\\NapAgent\\LocalConfig\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\NAPAGENT\\LOCALCONFIG\\Enroll\\HcsGroups\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\NAPAGENT\\LOCALCONFIG\\UI\r\n\u003cHKCU\u003e\\Software\\76cbed672042da4827cdb3dabad9650b\r\n\u003cHKCU\u003e\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\r\nValue Name: 76cbed672042da4827cdb3dabad9650b\r\n\u003cHKLM\u003e\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\r\nValue Name: 76cbed672042da4827cdb3dabad9650b Mutexes\r\nN/A IP Addresses contacted by malware. Does not indicate maliciousness\r\n75[.]115[.]14[.]18 Domain Names contacted by malware. Does not indicate maliciousness\r\naaasssddd[.]ddns[.]net Files and or directories created\r\n%AppData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\5489098719807719809090807918.exe\r\n%LocalAppData%\\Temp\\rat.exe\r\n%AppData%\\Microsoft\\Windows\\Start\r\nMenu\\Programs\\Startup\\76cbed672042da4827cdb3dabad9650b.exe\r\n%SystemDrive%\\Documents and Settings\\Administrator\\Start\r\nMenu\\Programs\\Startup\\5489098719807719809090807918.exe File Hashes\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 2 of 17\n\n00c1545a8341307c8fbfbe10315ddd6742ff0a7471e959a25569456e901e3b64\r\n0c828e0e7c690afcf42c619562baf06eb2054fb2a76528c6e3d6374e6deee1b7\r\n17dc39add1ec5e7823521ef2b19f5a38525a20fd8af022f3f984b9b2c52fabcd\r\n23be58294c82887a32eddf964f9aa636092ab0199bbeebbc01027dac24ac741d\r\n2ee7564a6f0efbeb49e5e18a9bc922c9dee4b6a9825b442eab6c24b1e5c178d8\r\n36ac1e4bdb49d9a8e344daedded3f7135e5529b9170448ac640ad9887ec7cc3c\r\n3c49af04461bcf44feff0a1476d4c2aa0e8727589c5bcdd94ff61801dc606cd2\r\n3e6dc73e416087dff822e7b1155dacd150f8f55e522a0ea2c669ffb070b7349b\r\n4011bacd5f28a2ea3d6f5cb8aa6f903a11d724de952efb43fec2c4dc6290b1c0\r\n56f7759b5a937d04cc3b52b4776002621b1cbb4cca2a8c03e9a663dd0685bddc\r\n5710aca5b05ba6e9936dbbb64f09f634bd0d7aabafa805bc1e898af204bc842e\r\n5a8894812ad5ffb8786ece426c56316907d57cf690991eaf1f36ba31abcd8f1d\r\n5ef1459ea87c9092b343f92cae360bdde926b0d160e46fa0202bb2575d4bb16b\r\n6440a66af66551ca6997993e14acca0c00cf7d608b189e62ce9621cf66db371f\r\n64dba074080613d0d1950f4edda64830a5aa5c94dc4170de00b90470b925fcdc\r\n673f48756e3692c5bb50c1e4b73973eace36e1b4e1f23925864d570508efd1ab\r\naa491525b45991154405aa5382b354494d69d24130bc61c96f02b2b13598d2e7\r\nb44fa6d7da5bc0dccd76440f17ed79b0accd7229f7f380ebfad498ef4bab71de\r\ne0bec776e2059e85dbae9ccead0ad5404f7ff1be4e44fec99fc1905ea9d82dd5\r\nfbe3e1d761cc96909caa72abc3443dd15236adb17091abdac00fde2044554496  \r\nCoverage\r\nScreenshots of Detection AMP\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 3 of 17\n\nThreatGrid\r\nWin.Malware.Vbtrojan-6871444-0\r\nIndicators of Compromise\r\nRegistry Keys\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 4 of 17\n\nN/A Mutexes\r\nN/A IP Addresses contacted by malware. Does not indicate maliciousness\r\nN/A Domain Names contacted by malware. Does not indicate maliciousness\r\nN/A Files and or directories created\r\n%LocalAppData%\\Temp\\Ahk2Exe.tmp\r\n%LocalAppData%\\Temp\\AutoHotkeySC.bin\r\n%LocalAppData%\\Temp\\dnfahk.tmp\r\n%LocalAppData%\\Temp\\upx.exe\r\n%SystemDrive%\\ReadMe.txt\r\n%SystemDrive%\\SetInterval.bat\r\n%SystemDrive%\\keyboard.reg File Hashes\r\n050f57560e1691e7b09ccd86e92ec1c2c4ac361ba09862697ad908d6dfa93090\r\n2d2358fa90431448800c75dce6080b7c6132fcb574a3a0ef7eff8d6d90808ec7\r\n38eb2684819f7ae15b5b66bfabf0a123ff7af22dca1f014d52e8de8f88011cc6\r\n39ef144fefb739ea1ff1582e9c3da0f42566855c6769f9ed4c2d7f9427edf717\r\n4113c20eefdb7e002a631e2216e26b80c654f3e77f80908049176ccc7c105db3\r\n707c28b3f66d708609d8f31b506dade16aad80b157582abbcb90aa1352513160\r\n78bb2e2c086a0252e83307667178ed3e5d64a73dfcef3b82b05f4c64e4496009\r\n7b670e0cfa7367552b892ff42a79c2a79f80d91511f6a34f01dc1250ffe2a538\r\n7da38b9e6dbe8e58d688fe1488505275d54749bf063cf35cba4b151f0bfab0c7\r\n9ea4fceafec0c30c58c33314c97a17084681cfc0caeeec45eead64d3a94f2ba7\r\na82ae00d8c84291c08a8edf86a8ca60bdca351ad94dd06135414636312b64809\r\ncfdea8ab0d2f4b82bf9d103b053b8a10eb456bd7e7896f29bed3d1f3649d2001\r\ndae4d4b71a86a15defa8f63fe3ef28e11436069d6869092b3b23fd0f95f465dd\r\ne3bd392d634b990676115698db9344201480c0cf6fd27bfaa6247f0728d41625\r\ne698f2b3d4b2d0b9544592ae05270bedfdedbdd01d356cb6bab740791f5b0263\r\nf0c556af8fab1d03cdd7592d0dfd999233555a0e7622b54c5f2cab6fae2d95da\r\nCoverage\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 5 of 17\n\nScreenshots of Detection AMP\r\nThreatGrid\r\nMalware\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 6 of 17\n\nWin.Malware.Ekstak-6871246-0\r\nIndicators of Compromise\r\nRegistry Keys\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\localNETService\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCALNETSERVICE\r\nValue Name: Start\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\LOCALNETSERVICE\r\nValue Name: ImagePath\r\n\u003cHKLM\u003e\\SOFTWARE\\WOW6432NODE\\LOCALNETSERVICE\r\nValue Name: Value_42632 Mutexes\r\nN/A IP Addresses contacted by malware. Does not indicate maliciousness\r\n216[.]218[.]206[.]69 Domain Names contacted by malware. Does not indicate maliciousness\r\nN/A Files and or directories created\r\n%AllUsersProfile%\\localNETService\\localNETService.exe\r\n%LocalAppData%\\Temp\\tsc131118.dat File Hashes\r\n02aebb6edf1d2ae7df3d9adca31b397c9032b6e0844a2796e0028b17c19cf345\r\n055f622eae00bf5cbe062b706bbf55ff4b4d9ac0ae4ac91b0552d2b32f4ccb05\r\n220a6e183611bd6730eeb2cfdd4536eca6829283566e2c0d5c410adc6552a058\r\n387a3f8e33297a952ab2b93dd4f6c0a97fe797e18ead0c9cf050f0918758d1dc\r\n3bd06213aae4214b81d1dd83d8d456a593122584708b86980e02f3f2e0472710\r\n3bd551b75a97dda9d0aa66d9ae24fbee3e0d4dcae0b4a4aa98be994a4ec59d9f\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 7 of 17\n\n5d6ce39c286eca1777a5e5bd93bd52e76ce042d0249db6ca32648611d30a5b2d\r\n6073475e3a8bd7eba6a13f771a51245c929e49e40afe97c0eccf3887df18826d\r\n63806671769e485496408fd6c1c4e845ef35087c74b02fb104dc06a52b90d636\r\n6f0702d5a7a8a07c0f27da9850c0953634577bbfef272016d26795c40b1e95c7\r\n7372e040d1d26c864f261ac7df8c7a509594c3efce26e03c3e14389e55c526bf\r\n81376a8e386940982bd552e0be5fd0cbfffb9ae39bbb97280e7f6096fc4a7af1\r\n81cc82b599e1cc44fd7dde9366315886f5a1c40e7cae7f4edbbcb2dd104a69e9\r\n825b8e7b877bacf8d24afe1e1082eff72e43633b3a411104d624d0b66e3f8dce\r\n9fbe12ce5275b09a48bd1efdd6208b7ffae37878febf82fd1805db49212578e1\r\na24a1a691d04ff091d2b99970d40108726c188224dc4503b1e3a7f9a22df4ebb\r\na295919ff4794ccccaf3750a5540476e6868766512d13db1a859bb64b4af59db\r\nb4ac2fb4da484e90e08e20db2270de2f15d6684e614d239abe2586896076a7f1\r\nb52449f5249e1937b6130149f59e6771605a0e64635d151ce8e2f5819c99d93c\r\nb5cb0d3df17907248b6d84a57279b26fa39c123c4a240b1507ae7b8233f2ec0d\r\nb9b0fea1d1dbc027dd27c1b4d07d5411a35cc60d43ed137d00a958a34292f4bb\r\nc48fbacb48492d59dac5fd7d2e9d8474e7282ca84d2605b23794e49f15229693\r\nc7974f414e32a93836f9e3a710251a23c4163a89cb2967bc99010c080034d9e3\r\ncc4bd522847f7673dcfdc37b7e330b470eacf5e9a47bd0f6d466267f5b152e3e\r\nd98eb303771aed9508601074db1e05dedeb028d1c09aa7313b0b15eff40f7eb7\r\nCoverage\r\nScreenshots of Detection AMP\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 8 of 17\n\nThreatGrid\r\nWin.Trojan.Zbot-6871232-0\r\nIndicators of Compromise\r\nRegistry Keys\r\n\u003cHKCU\u003e\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\r\nValue Name: internat.exe\r\n\u003cHKU\u003e\\Software\\Microsoft\\Internet Explorer\\PhishingFilter\r\n\u003cHKCU\u003e\\SOFTWARE\\MICROSOFT\\Qaygra\r\n\u003cHKU\u003e\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\r\n\u003cHKU\u003e\\Software\\Microsoft\\Nabu  Mutexes\r\nN/A IP Addresses contacted by malware. Does not indicate maliciousness\r\n23[.]253[.]126[.]58\r\n104[.]239[.]157[.]210\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 9 of 17\n\n104[.]239[.]157[.]210 Domain Names contacted by malware. Does not indicate maliciousness\r\nmacrshops[.]eu Files and or directories created\r\n%LocalAppData%\\Temp\\tmpa9735385.bat\r\n%AppData%\\Icda\r\n%AppData%\\Icda\\ehday.exe\r\n%AppData%\\Vyarqe\\erezu.loe\r\n%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tmp2ad79550.bat\r\n%AppData%\\Kyba\\ryisl.ubo\r\n%AppData%\\Leve\\yhqy.exe File Hashes\r\n21a58e23e14143301c847d9f6151d024a8f38db8922e2797b2548a9b1e6b9b47\r\n2531e7bbc454b8b643c5f21fbd7ed88c71aed73dc3a4fcf20815092eefeefbe7\r\n2c8c8e0b5b378425b6a5d2ccff3e2274230734ffe419970a49c87c26d8d41047\r\n399dad77516c27f0b2f5a36605a5fa25aff0e6a0ec66feae6854838336ee8b0d\r\n3f32cdf15d079fe250d8b42a5abd58d1ff3012599f8478b074dd096bb25b537f\r\n48d0fd82b8625c9c789284fc23cd0ee9cb9bb3ef96728c61de4a25ce7d6fc21c\r\n5827e6c1a8a5ca100482c127b7c0402788ca4d870057eed2af089bc9d858bfb2\r\n5c46b61ca41c03433e5ab3f156116e312cda1b50079189af82f1df8721e3a73b\r\n739b9fec48a683f39fd924a24eaa0dcde0207cac1bcad4463223ff731f007ad3\r\n9f3129449f2ece4a84ddef0b071d9721945db8fa93bb06ac6bdb3b7f0388c35c\r\nabc68f3b8db8e6a50c56605c2f7fb153717a7c7f96a905b527059182fbdb8688\r\nbde83f62cdf8f9565146e44b2796c35368f81b9a38fed73670879cff44bc2956\r\nCoverage\r\nScreenshots of Detection ThreatGrid\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 10 of 17\n\nUmbrella\r\nWin.Trojan.Bifrost-6871028-0\r\nIndicators of Compromise\r\nRegistry Keys\r\n\u003cHKLM\u003e\\SOFTWARE\\Bifrost\r\n\u003cHKU\u003e\\Software\\Bifrost  Mutexes\r\n\\BaseNamedObjects\\Bif1234 IP Addresses contacted by malware. Does not indicate maliciousness\r\n148[.]81[.]111[.]121\r\n204[.]95[.]99[.]100 Domain Names contacted by malware. Does not indicate maliciousness\r\nxyinyb[.]com\r\nrfyeoc[.]com\r\nowiueu[.]com\r\nparedx[.]com\r\nqlotay[.]com\r\nvlocie[.]com\r\nwbrthv[.]com\r\npozswe[.]com\r\nkucqey[.]com\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 11 of 17\n\ntnsamu[.]com\r\npydquj[.]com\r\nlbeewo[.]com\r\npkoitz[.]com\r\nufhspo[.]com\r\nqyevsy[.]com\r\nqsayev[.]com\r\nyvmoie[.]com\r\nlybcri[.]com\r\nypauhr[.]com\r\nqdhoas[.]com Files and or directories created\r\n%System32%\\drivers\\etc\\hosts\r\n%ProgramFiles%\\Bifrost\\server.exe File Hashes\r\n0040b9166f09670f4c3b16d247f4fbfae7aa5e989407dcf5237f05594c4c150e\r\n0082f04583eabadaa51f3f4a91c82d363eef5f553973765aacc58462c9b83525\r\n0ea44f69cdee613bd907dc2e4c97fc942d2f4807f28f69914514d1737709f223\r\n1eb3fb26576b32630aaf3f1ae2b81140e083639608a5ff4b695ee7805a70a87a\r\n2225b77359e3ad87306d38a22713167c33846488d0b091fe1a6890b3b6560979\r\n230afd73943ecb538ed51a50fda07b4ba0e37ee805dab7e263e2623a2dbb4dd9\r\n27d6fd04978ac887712c25756e03b14152bcc3a0649307c4d0e6fe491b68a41e\r\n2bbd0c136832d5e091ecae568a017e04ab6f3757e5e1a376c4700a4117e1b94e\r\n31ff3f68aa25f1200040f390297a044ab8d313ff9b1f377e23d016267d092fca\r\n4cf558585a8bef563e37238f9459092c627538e2fadb99ac1dbe9f22b63eb346\r\n4cfa43c370fc0a19826f19f48f60a3abba75ee4811c6df4d0313d0f0c3274f58\r\n50eba44b2ee65fc0c95539b3197a10ccafca91df34717b0f48f60553f6d694ee\r\n59c8baa550d491782d9b3899c2252fc8d71971b2c399a807f81b1917a4e31c65\r\n5e62499136f6391316d72edb7924744f2bc289776308c89a4b3a1a0d3ae081c1\r\n64ddbc85e24f4acf10ca1945110b16e2b7f0d53f68be8ca711b025ae4561dade\r\n6e5a78dc6bc5435005e4b5134d41d2469d76101e561e84dc23ce8bbf80e937d5\r\n778d3552da4d5b5d5586962b6f0d092c2f0b5c029ed514c13ad4f39847f771cb\r\n77b9574204c60ee0eb588ae3afbdf14912634fce0aefca81ffd0822c48f3468d\r\n82858882f23741cd930cff314994761b135b06d8d04cc8be09fa54567dcb94f8\r\n837301f97cdc69d729ab753bf6f284a988c0ff6793fe89924e3f360f467d0fba\r\n872f04d1d11643a224e8535e71139b3074aa4f98c157ade42da7c74dda4208f2\r\n875b76f081746c6299421dad1963ff5f212b43b0bb6217fe6681465e06a5d2b8\r\n8d72e7115a4564541d30649d2f3203306cccab27c543d58ba6267b4752c4528f\r\n914a3fb08cce05e93bfd8b2e41a8202341d8b7857f73b692190477a2bd0a1797\r\n9917d5deaa1b02d329454f1e08e548f750d3f0b09a0f38d55e6c94f84243ab4d\r\nCoverage\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 12 of 17\n\nScreenshots of Detection ThreatGrid\r\n  Umbrella\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 13 of 17\n\nDoc.Malware.Emotet-6866090-1\r\nIndicators of Compromise\r\nRegistry Keys\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\startedturned\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\STARTEDTURNED\r\nValue Name: Start\r\n\u003cHKLM\u003e\\SYSTEM\\CONTROLSET001\\SERVICES\\STARTEDTURNED\r\nValue Name: ImagePath Mutexes\r\nN/A IP Addresses contacted by malware. Does not indicate maliciousness\r\n212[.]83[.]51[.]248\r\n159[.]65[.]186[.]223\r\n74[.]59[.]106[.]11 Domain Names contacted by malware. Does not indicate maliciousness\r\nlenkinabasta[.]com Files and or directories created\r\n%UserProfile%\\880.exe\r\n%WinDir%\\SysWOW64\\d1Ltzcv.exe\r\n%LocalAppData%\\Temp\\CVR3F73.tmp\r\n%LocalAppData%\\Temp\\ysrbsuxx.yb3.ps1\r\n%LocalAppData%\\Temp\\zh5htpos.q5s.psm1 File Hashes\r\n26bda8a7e04a3b4ba47ff57f776cb65b0ed11870bc5fa65b33353c53ab718566\r\n363371e71bfd3a0f6e8e0ffe1017918d65d5afe7ce1c6d7ea26f5604b26144ce\r\n3a162a09d1f8a4ee0248d72a60ff0ddbc2cef8084c3d2aed1cfb73192f628d42\r\n3d48920206c69924bd3c388e2d7a48845e48ba6a525f06ae466db235deaa6832\r\n415eda47173d571207d420861a66ea7419cea30d59a901f716354c8167c8373b\r\n4c70e7e49082dc78f27ac863bfaf671ce823ed43575d608e309cb6e839f093ce\r\n6055cf5b67690819f88a3a96685386afd8819377dd31454fab559809fc9ef6eb\r\n949bd24349829221977de531f8a1dc80d401bf5e0a8fc69a1b386261b474ee43\r\n9fa9d852c7f7a94a022347e7bf2325d41032163fb7ec61d362bfeb94a0ed9ee8\r\nba0b908255f68bff48e58cc7d2ac0caa55e369b7a282fce5b9d58ae1df34b681\r\nbd1f913c5ceaf2042070666fba37fa0a8108f1e82ac19e516a7f74e9d5da5ea8\r\ncb83759cf47a4b6e44e5afcf6f85f64b475a6f4bbcd0bff82b31b45f048a64c9\r\nd523914940ef79338eeba96e8befae59574d1552f13ddff5c41500bf43d9192d\r\ndb0478556a516ed5d8508f165251efd10fd3e68c84fda7d720730f6409af61b8\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 14 of 17\n\ne881930c362396744a2338740d28ac26377cf19c33b460cdac987fcb1255f804\r\nCoverage\r\nScreenshots of DetectionAMP\r\nThreatGrid\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 15 of 17\n\nUmbrella\r\nMalware\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 16 of 17\n\nSource: https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nhttps://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html\r\nPage 17 of 17",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html"
	],
	"report_names": [
		"threat-roundup-for-feb-22-to-march-1.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434663,
	"ts_updated_at": 1775791244,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1e877de764fe8678e308786897e7fcb601a5feb9.pdf",
		"text": "https://archive.orkl.eu/1e877de764fe8678e308786897e7fcb601a5feb9.txt",
		"img": "https://archive.orkl.eu/1e877de764fe8678e308786897e7fcb601a5feb9.jpg"
	}
}