Archive for February, 2019

Rewterz Threat Advisory – CVE-2019-6465 – F5 Multiple Products Bind Security Bypass Vulnerability

Severity

Low

Analysis Summary
A vulnerability has been reported in multiple F5 products, which can be exploited by malicious people to bypass certain security restrictions.

An attacker can exploit this vulnerability to request and receive a zone transfer of a DLZ that bypasses the allow-transfer access control list.

Impact


Security Bypass

Affected Products

  • F5 BIG-IP Local Traffic Manager (LTM) 11.x
  • F5 BIG-IP Application Security Manager (ASM) 11.x
  • F5 BIG-IP Local Traffic Manager (LTM) 12.x
  • F5 BIG-IP Application Security Manager (ASM) 12.x
  • F5 BIG-IP Local Traffic Manager (LTM) 13.x
  • F5 BIG-IP Application Security Manager (ASM) 13.x
  • F5 BIG-IQ Centralized Management 5.x
  • F5 BIG-IP Local Traffic Manager (LTM) 14.x
  • F5 TMOS 11.x
  • F5 BIG-IP Global Traffic Manager (GTM) 11.x
  • F5 BIG-IP Access Policy Manager (APM) 11.x
  • F5 BIG-IP Application Acceleration Manager (AAM) 11.x
  • F5 BIG-IP Advanced Firewall Manager (AFM) 11.x
  • F5 BIG-IP Analytics (AVR) 11.x
  • F5 BIG-IP Link Controller 11.x
  • F5 BIG-IP Policy Enforcement Manager (PEM) 11.x
  • F5 BIG-IP Access Policy Manager (APM) 12.x
  • F5 BIG-IP Access Policy Manager (APM) 13.x
  • F5 BIG-IP Advanced Firewall Manager (AFM) 12.x
  • F5 BIG-IP Advanced Firewall Manager (AFM) 13.x
  • F5 TMOS 12.x
  • F5 BIG-IP DNS (formerly Global Traffic Manager (GTM)) 12.x

Remediation

No official solution is currently available. We will update as soon as a patch is available.


Rewterz Threat Alert – Malspam Campaign Dropping Ursnif Banking Trojan and GandCrab Ransomware

Severity: Medium

Analysis Summary


A recent campaign has been observed distributing Ursnif banking Trojan and the GandCrab ransomware through fileless infection means. The main infection vector of both campaigns are malicious macro embedded Word documents sent to potential victims via phishing emails. Ursnif, also known as Gozi, has been leveraged by threat actors in the financial sector since 2007 to steal credentials and other sensitive information. Whereas GandCrab is one of the more recently discovered ransomware that has been used to steal millions of dollars.


Impact

  • Files Encryption
  • Malware Infection
  • Exposure of sensitive information
  • Credential Theft

Indicators of Compromise


URLs

levocumbut[.]com

rapworeepa[.]com

wegatamata[.]com

roevinguef[.]com

pivactubmi[.]com

biesbetiop[.]com

navectrece[.]com

yancommato[.]com

dewirasute[.]com

ptyptossen[.]com

mochigokat[.]com

tubpariang[.]com

zardinglog[.]com

abregeousn[.]com

aplatmesse[.]com

abeelepach[.]com

teomengura[.]com

allooalel[.]club

nublatoste[.]com

ledibermen[.]com

lootototic[.]com

acnessempo[.]com

usteouraph[.]com

izzlebutas[.]com

sfernacrif[.]com

isatawatag[.]com

duenexacch[.]com

kyllborena[.]com

bawknogeni[.]com

kicensinfa[.]com

uvuladitur[.]com

hxxps://zosmogroel[.]com/images/bqOIi0Qqmbsku/iC2ceSPq/qditqiLXeKOtyo58Iga/KtJBIuhqsLzYH1Zz7LP/Oma_2BqMvNi 39Jf/cBCvfx.bmp

hxxp://176.32.33[.]145/rez-senqo/o402ek2m.php

hxxp://bevendbrec[.]com/rez-senqo/o402ek2m.php?l=sixino4.dds

Hash (MD5/SHA1/SH256)

  • cc5a14ff026ee593d7d25f213715b73833e6b9cf71091317121a009d5ad7fc36
  • 28a8d6b8a0cdcb25d098e403cc8b6dcb855cb591f0b54c2e3363b5c580d92b28
  • facbc2cb089668197ca3968a3433b6f4826430c13f7d1c75b44667307c67dfe3
  • e714a5147335245c386b105bb7494a8b190b6a737ba28f029561efe48105cd11
  • 56c46ef3d5bd544fa35f6e336d3be93cf36e72d0273fa1dbc915979f2d883e9d
  • 8f6573c58eeecb8cc417a20ee9eb7fabcf55ef4dd96c5220c87806153d016619
  • 66652210842d53275136893c19ff51978902057d9f67b933132adc95949338c9
  • f15bfeadc99aa64b1cb9b643433e60f588244d610c64c74288dc2200f8df6ee7
  • e0792d8fb12be3d9b100a8997b20d00584643ef3330146e4f00759688780b72e
  • 9e4c0405675c0eb632b5c47f1db2b28fe42b68e667c880eaaf56f57976c635fb
  • ce9c72b3348f4f9287dfe6f6a8388c913a503b28129aafdb753cbca27d740c46
  • 28ae60da78e097de193c71b1bba5bb4bde75dd9c8c357976c6a44bce1d2d3799
  • 5172985158410e4888058ce991680f8281489606fbd6eda31e5ca51bd058a69d
  • 0a178c213499d3b6256546f515b548017eab52b8df72d0933fa18b42e2b99cb3
  • c8b8c3242aa6a558ee1237ab50861d63372ddcc910721925094d4a2bd908bc12
  • aa2d5568001c555715e7265018b921fed881f1ff1fb5d90ee4409e59971f9c8d
  • 86b3e9b065f67c0e492ee18dfd4088ea681b071f7c7d19de12759cd01798d1b3
  • 51efeb613b31aa4523a3cd4e3a1f2dc78deaa8f6259cb69e80307f19825d4b7b
  • 9734ee8d9a23f0385ec99fd5f9a91b01916a4a4604fc23103cb376375c893e1b
  • a611ccc5c964cbf6a9347c1e8ed3e4fcd5845ab70b61e888144c31a599c507ce
  • 85d9b957f2892a9b2a9e3bff922857fabcd8f7cc0471871af42d0299e5fcd1b4
  • 83f24fa4456860750147b92013840e612c9e0db4b5cf0676fbe2ab86d928d7e9
  • 3070cc1f6a5fa9278b3866e8e964bcce209788ff628ed45f5698f1d684d38af1
  • 3650ef2e0d48b2bf4d1b22dfccef70870b683d6f68098be1239b9eb43be265e1
  • d9442f97b93e30eda70d26f1e8664bd6ab12360d9daaec64eb975356cb4f3371
  • 18cfbae517b4c469014d753e3fe169408f40b70ba6f6ca8ef47106d3ac001577
  • 3e4efa728f170f50d53028e1440ca819c4b27f20c45d87f920c377b8f02ed32b
  • 2d17eecb9591a489a85c473573bd30b61bc7f77eba43ee7da8b9a1289e325180
  • 2ff92874437b2f48b39a426e364b27bf24a6aa519b44f9128e624bd727173cb8
  • ae147e750d0f4415f1285727301627b71e0e1c11ea048fdd0e7d5e0355f4ece6
  • 230c04fac8798b3f48d9ea8f4b1cba2896201887d0f9a1ad4836cf8e8e6027ce
  • fdbdb71a3049161ea5c070922305bb97a437db0b54002a87672f121d4ad8b01d
  • 691de01cf755a509eb92aa759634719279b641b7710d0f91a49823a42947583c
  • f2fd2beaebaa7f2a6f00c2118ce653fe0f853a6a643ab804f5b8bf7695c9c72b
  • b0595609193e4c200960dcda6e13ccd9f51d34702342f8eb8ab95737ba28c2c0
  • 0aee74d7daf5918f0d6c46ba8d0f116459a744c09a2eba43755489aa2594af2f
  • b1adc3b49f3f75c3d0b7b9ee080dc7ba40872e601e2ad87a3f25f40abfb8c658
  • b20cf39284f185a31f81640c7bdc29fe73385b54f5a5d3cdcbb93b8f949c631c
  • 995309d4cdd9bdf79cbd207f6f5056bb9c8ba6e4ae8eab3d337fcecc049fadce
  • 00a66bdce043d6d0c8117990999fafe0d5e65f67b08d1d676816248092cf5798
  • b8681a43b70dca967e8b82be5dcba7e68f72f00c98f20aa2b4d74fa86f1ed4bd
  • 27509bb585ef43cd9cb3a7894ade26e4240f187d9c979d21a0025c83fd86edfa
  • a0141a44c805d9378d94a157a440a2fb9b1f56f1bc49a8dab9ebc53359b6f3d9
  • 3a21802fb70556dba8955d61ce2af7b060aa5f4e89d04996168b402c752be7b0
  • 082b148fafe2f1f143c98536139b923be8e1cc3f8f5f25dd4635f51042284417
  • 9790efd4884010129ce18e459e655d07e0a985f0de377c125b2f8f796a15eb4a
  • cffbb27f76f67290eb483e62a97098c77d5aa01884dcf33b5a177924df3a96f8
  • fd09b105f61c52dcf668176a417e3d0b4b1323cb43d7891c296deb41735916d4
  • 52a56e43eea9b680fc9e047b4cd1edaadb51e58868bc2466f8cb60274797844f
  • b65676c32f888e6256932983e89d2bb8694ce6977cd6feacec0879820e010a1d
  • 2fe0eac1aaf4b02f8902bad62346e2a50ec5a322f6d7656007011c0df70b011f
  • 4d34def9f0d5b3faf09e506c1e59ad5eb9ab2b8f5199bc7a67e6b111e756f2a3
  • 7ae29c70af5c4e46de3b1218ede8cded4023c1e699a04a137396270ea0ce270e
  • 09503fc6344386583bce1385438cb1a5443d3e08dc28d1c2f2c77fce8d75ce78
  • 8ba53dc3ecdf79f12bb47c986bd4b70dfe2e8ec3842ed632ad6cf228a360d2fa
  • d1a9571cfb9e0de046f54aa283a70a55312cae21c7a5bb583485c4dbf4328c90
  • 77f8c205a29555be6abcdc911674ff2dee4c10306f0c23d0c63e81e9cd1184bd
  • 036bc6823b46dbe852bb791d466cb7e232484b676bd73bb83109a8137752cf92
  • 8666e78ea827f43f1ddd2a64ea7d8daf2c33c33b6b6febc6ec38344f0ce7ae3f
  • 6e8b7f45bb771856fe3dbc4669d7c67793ecb88ae90f2b1b08392a6bdda08764
  • f60f96341ba5b01852b60a29e8b1f72091ef64a92327e0fabbf9ad74d16328df
  • fbc4d59566cdeecb853bb6d2303856e6b7d19deee7b37347f1719a29b1c317b4
  • c888033d292c67977363217f78fb89fe0ee32765f0c2c7c6e11e8c792c51c678
  • 44399a077e94059749f000c6dd11feaa7ba1b34d6f63a01b5d70116a790c12ce
  • 605a0508e07a3dc1f1ecd4430d4da082d9b60e778fa2bc58eac09a3f3782fa54
  • 286a167d3e86cec46e49847f1f75c268f1f61b15613ee21c841a2257b52d897a
  • 44d3be0c5b637d625a0c8cd4957c271d6a88b4ef4736d8a3d64f6727fcbcca2e
  • 5c79e8a2df1c18a03730419f83fb04c5906c75166680e31d2e7424882e0b8db9
  • a4365ea85c2a5435c3659a9070f87549df5bcc241c57d43ebd270d6c45cd1334
  • 526720a4a526870d799dba25e3d3c81d186484a93bedb053ea89b9b6d4af4085
  • 0a3f915dd071e862046949885043b3ba61100b946cbc0d84ef7c44d77a50f080
  • 1800822b3e467eba73278f94f26291942497c31267fe8111bc55e845d17454e2
  • 309045e56c28d8b4e360c45796f446891846183aafa311151fb0947fa2ab137b
  • a7cddba1c01e958f659bdf45cff1a8464446c648f1ec9edaab1731d2675c03b9
  • ffe0b27c6c7ba8c9e3a4d2458b9564e16dc416546a5a26b2611d015552e7e7cd
  • fbb11503c81ccfe94987f67b6a43fc41d22390a79429093da3eeaa500320c84c
  • 0ad69721bd07fe17aefdcf7699070e13adb5bd79daceb75a3ceed830aa029215
  • bf0a3dd6bae273025173b67f6cb02bcf14f8db61476530c001b7ee24f6552bc0
  • 3afa12190d272dd716d4e98f445871e8553a92cb9ff507daa668876e26570d06
  • bfad4c433bbd631d2a13d1eb8069260426e9b8b76eb47207e577b6c4564e5d43
  • 5d977cf30827477666d25344a0cb0e08edc5a78e2bf459e0dca85a41dbafdb78
  • 9ad0dc594b97a29577bb6ca931531949f4e99a3ce3f527a859759fbc18de4706
  • 82585bc182f173d7c46d93cbf94f19158dda78a23608afacdad7b211a5b431ad
  • 7d493261c2f53cc64998864e6415140d4f29cb31d2897a8a0697e0e73e7700eb
  • af321d60b2d3077b79432f50938f5fc6883cee8cb0fb9aaeb77dcddeae8c661a
  • 40532b5e33aa483c2a847ce1135186b74023cf1121bc3602ad63a544a69aed64
  • 8ad4b2e6f5998a1277879c6f05655c1c0479341c00a85f76430accdd5f10b3c8
  • fc91a55a6f64285004007e71073ed2a1f79f5344112d2f292a1ccf42e19b007b
  • 7cdb4ba109c4dcb3d2dbb407eefcf790c3bbf7a03bb58b3364aa16b277496910
  • eca9b633d0fe17afc94d3a94a75e72123d51c88320eb15bf58aa6b91fd4d0e18
  • f5bf0f5130ff8e349f3a857079e518404a488d396efa6d89cd57be79ec355924
  • 9c1387a4e174067e6aba72a067381092963a5d7fffca23ecd3bca4f93adbd36e
  • a07cff666494a48667eb3de83f80f906ce3e453afd20d3a563328f941e3fa001
  • cfa51ab714e38eeddf7ed4c68aeae59b6f7a4a5cb24cefe6eb9d178b3b8746da
  • bbe250d9fef5304070d9148ef7840fa519001c5dc2c2f01b077368eecf8ccec5
  • be99e7ecd9c896dd99c3b933c60db7ac7265949a2d002c1760c509fbc372a527
  • 12dff9d1c2aa0c065e7cca414169d728f80a4ba714b1a841548b8935bb14220b
  • a5b7c1a28f2f43328223672c39e586f0dd79a68cdeafd15c26fa70898fb87977
  • 1cf024eabbe072bfbf95b27e2579be40e9aba458dacbb70b0e6434d5a4ae3765
  • d7a2b983981c8077b1cf87e648136c47c547626b7aa21b7eaff48d6360ff375f
  • efa42b76c35ac574c1b4b9770b5aefef2a6315e235f1e05f8b330d41ab76fcc0
  • a06f00bf7c0d200d49f302c3cebb5e0234c224a009efda7b52b927ab90a78e9c
  • a35966e3fd0e0cb449bce237188130b367df3baffc609e79528d09195708da26
  • 6e7f3560280f50e01bf2de58c06453b0158466d743a07d16d21b0e7c11670207
  • ba0e0d50e5dba45abee851b5f2aada5d2ab089fcc95ed364cfd6bfe4898f8f07
  • 79d1ebd0d06b08817bb831349b05f77d82cc606b66dfb83e4fc62620aed26c0c
  • 5bc101061c27a166b1df590917e6755c7192c61c17b110b53bb6a789a9769373
  • 2c5914f349059d9976be45c8379fc79f973b2f37f479b92e09b7f5656ec22ed3
  • abfc6c0d551fc650b2e685d3f82bbe2506783db4d6864fd570b411e00c852a18
  • d7c3e13e7497b0060dddb23e40fbf31f731d8bb07ea60455bbc2329ccca21fe2
  • 9df9b04f0282e2207f284ee85dbebb2d662294ffdf7cf061625ab6714134d6b9
  • 0c87500107553c3dc61241a2a6712d89e4c7a38304611e41121db739a70bed84
  • 003b2ca34d837139efe4cc6854d7296ed91f3f5188320a427acfe95780c3b23b
  • 77053b29a15e4b3baa26b0d0885967a55bf8ff864cd9f48cabd34f144d595ea6
  • f00585d1133d8d21a32161b1087d853faf6e8f9302903142fa8700517297d0ce
  • f669ada5789b3b4387bb838ffd6b11af5dc1be5f132de38a979c208fb728eed3
  • 5826b25007e8dca25b04d247172984f98c0a3f4380aadd8d5f8484f3005ad205
  • 4828a450881b8b5753559559c7f89d1b2ef9257431cc321cba063e21cb7ee1e7
  • 27f18297d73463dfc07d65d40b95894bcce966175a823a44f3b3697adffcc9eb
  • c15be300e7c45319b70cc019542ab6e968e1c34843ff7ec46b3258c7a2521683
  • 382c0e26f75d70337b5db12f68d361f49da7a52abf4a6a905d9714f69e187f09
  • 88383d787c5d9c117362e892114ec4c09a68c41432ba1ee41b0f4685f819cd45
  • 47cabe69e7fc40004e5dcc3b6f61b7a0c165b6e505f2ba92e147072157af4d9e
  • 21f728da2f01dddd30b9a2653ff0e06063a818e4d10f0c0c0842954718322568
  • 5123f3ab0f233722e18a4e99a356831d187e6f4d2225199fefd83ed1510d1668
  • 6b7a75e1095a731deebb7681eea7dc2a83ad3848ab28626d5f1a90fd9a0070bc
  • 0af52255c982b2dd61af36af0953412fa2202989d6a586e7fd7f41abaa466e07
  • 29d6f1c40c1f4226444457a8b20dc65c6d8ce98406fa100560bf578adafc89e7
  • b963598c88889858e7d267297b6aacd932e85e6ccacde968ebaf18818e054f25
  • bd492e2cd0f18bf045ae272d00e3043275c5df7745d3441c1680ceba44a9b68a
  • d496e10f73254ed648e715bdb6bb09d433dd500faf8fb618040e86872931a312
  • f24ba050815dcf19deacdb5bcbef11daf1022766c39e3548dbc5941e8f7810ab
  • 0208c34a80d98149ca58137a9f5653c83630af979fc39bd9b7e536cb02c17ad1
  • 48937edec31e15b4eb8f096aab4a0001a603d73f86c282b8c112ff0b8f84b07c
  • c919ca7168a18c56cef00c3a4a0dc6d3719b3d153a4e57cd70f4c01fb5cee298
  • 6ae0f3ee3c4f63450b05a54bad0b6cf0a04d549a91ed9d9da133f68251e9459b
  • 6f93af833230353b9a6229578884c561415c65d7b1d7cca75d08d0a7929d5df8
  • a4879c5d25e12059f940640aaeb00416de72510f7b1687edf65f51d5d2becee1
  • 454c7ff06c91e1f620cebed740882e2df86aa135dd19167eb76c7e3b985633cc
  • ae24886089f5398069afb62c38561abb784bd64c0636c27d0220b6ee58d36815
  • c92832de0e6cb89d87734dc668342d192d33c27f05cb6ee62ae05c7981465d0c
  • f4a29cd7142fca3fea01137ac88ac32b01b0418c992123140454cd157df55769
  • 271f2e2e9028873579c1138a78cfa59fbe4c1b5bdbc6c61960b1718d4a162420
  • 95d87fee253eef4d2bd387b31bdb8622f5860a21bf733494341941413a5cd5f1
  • 9aba5cf3a30b369c073cb6abea476d54744183b2a3adac9febb928225896ebf1
  • d3e1aac2d41c65a7168fa78e01f2fb5e15ccd9cedb8a085b2d750290dc5f566a
  • f491b4e0aad11f8a5817c765916a1231181e1285286b0e84180a0b344f21f131
  • 7210e5f156edc64c7c58322a51ef2664ab686b7c320b6141b2cc8ea2333ae212
  • 1ea6823ceedcc1ad6fd656b9e251e9614f0844a9220621f398bec4cf50cabcca
  • edf73e0590039bfab1cdd8c7fd8c2494b9a5d09af4b853c60bb14214631bc6f4
  • 4306b6edf5d394e454f1af6d80ee7e169f3e1fe7a4f6448329b935dab95c79fe
  • 21725d3cd342f58b47e1c1c4882407c5947e93113d988bfe593df750cbbb8093
  • 667767cef62514ad5ce392dfecaff91cb304beea787efb2dd1ee325ac642d400
  • 71ee1e65947c77dd18eeb155c8b846314e7126fa34b36012245bcab7b15516c0
  • 536bb05102b988372a3f91af77937a015453c657e690d44b0d6739b8c86cafec
  • efe66c37e6b10b989987dcb0355a1e2b563c96ab47b61c81ad307f62ad4057df
  • a66e820a3ec7ba671e9a6e527197bca71584cf80b0f1da5513d6dafbbed0f762
  • 89d508cd5753c991cfdff9093bf06940156676ae2128ad964486bf041273375f
  • 77fc858e441c40bfe484c6ea1cc8f25da0ae9029d745b137c1f5f14358ff6b71
  • 3e52194058d46542e41ac0e2077eb7ef4be86562c10213c459fe8b6b01d36e6b
  • 1ff349e6deff8ffdaac29b027c3a5d2d31fc75cf6bf6084db0d73e630a4cd424
  • 66ad65fa6ebe292a692dbfd174d3d1fe969cdad80cbf26ef1f27fa56cb567a85
  • 7c1080f38d2b765c477fe2e72a48d550f611b09b8bfe7d3643a9ab4960b273d3
  • 7b18df3143185debb5ff4e90e78348cd0267e246322e3faa661795a96a7609c6
  • 92b0373668ad04712e8ea6126f9a870939dee798ef87f06842fd39e3d325a134
  • 860e1a7d142e2e9c44d471203171b02bb1c4db91101d27da1bdcdcb596b60f33
  • b5ae05eb03b89a50910ec286c54ba5c1cf4f79018ad2864756ab0661e3036669
  • 9579f7c472c81b41c922539749c4ab0ff621d0320c80c3627ee437d38305e587
  • b2cbbc949cc71058b5322053182dbafe0535120bc287f1012b60d536d81ed4d0
  • d9c1b588ac4369446cfa75b532974a459cb5a6c38a76c9ab0a8147758c2ec7f2
  • 3c480ac17ab00a2acd78a5cf4e2af9bab6a99c676660026ee9f051917c99550c
  • 4405d6be835eb1639464eb9fecf547bae81be5c4639b7b17f18e354eedf34e2f
  • ecc628dcb1ae5a5a7dfeea9881bcbf2f5bd493ad61bcdf8aa032ba6c048ed216
  • da20c78b225bd08c9485c8799650424f42a6a3001c56f035b8db869709f66045
  • 7ebc5d6bcfe5cd647efdd8dc3741780d397aed798c958c75c707bc07ca95a5f6
  • 0112c486cda0ac6c01ef1ed1bf8f0062c7ff37dd1b5eff4a060c374377be497f
  • e3c6cbd617a7d5210e69ef9292300e6de1f9445ec3a7c2cc42a18cd664427bcc
  • 5bead81f2731dde548f7402232618b06f1d2ac423aacdea20396fa8a15a0c123
  • dfaafddc80d481df239a64b25db3ca5409b75d0db11e27af2b49471a4c45154d
  • 685ab9a1688a4da7d65283ade9202a4686e628a303fac5f07fc80ddc1efa7850
  • b7eca83a096983dc761d83f94f00b6b5b35c2b865556efc9944cee3c54db2035
  • 446ffd272c79554a19b5f4299327fb74b8ff457681d10571caa6eea51ec406b0
  • 42636f3185c9e398958aad272d983c8b8b1409df4ce93f1f8f608e190290f56d
  • 24b2141c1134ef14f33a38c58342b6573940c5460d03a2945fafac36e32e6889
  • e53b0a60c238c45019089bdf7f16d5f47b7ba15ca2c918e385c41f0c2076eb52
  • 4c8de1713f830819e8354b653fd19a5cafd0bc8fa3145eedf555f24261c874de
  • 9ea3a726cabb7a8743e4c2f248767d39ae38e6e903202614a098969ad13fabd6
  • 255d07a01501adbee32dd3a414ddf624dfbc6a1adaa7fa27e049e22965d71269
  • ad7216db1667fa4d4d723f9ebaf863b6a68ebda265b42d8ad4f45bb49ef876b2
  • 5b59018d2e762b290d46e2a6c42934812a7af6e4b4592eea7e1ebbed3a582d1d
  • 52d81570332b7a4d437fa8853ea742444a327fc17dd5afa97cd5d5df53604d49
  • f9583fd88e3ccec6b45c00d5799b5a2aaf1cd374ea8af5edf19561787ddfca2d
  • b459b94f3332241a18e242a1b288ba1f7578c7853b2e2d3b941cc6d8daca9553
  • 15d8ef1545e7abb85e6ff644490157850039a20415203f8b5115c7398ed92143
  • e0fb9ad32f0306b285b5c274a13c48637dd523a37ede3eb7c9150351a3a76cec
  • 5993e5aad6e841331c4e595623bd30b6f6c147e014124c29c1f080ec487cca8d
  • 57053a0aaefaf07652678cf4e5130542ddc76c522d76b4cab9b668bc3cb47c33
  • b46a9968abe1d12141335d41bc8d573723b551eb48a5e14469e134bc5919f526
  • cf6416e7beffa462753029555abbc2654aba2ee924414c12be769b4c706e7567
  • 36ce547286ebe2dca45e6c89f7880fb30f7f4e71c2b2b5674f059b48063fcf9d
  • eab3e8ad9473d1834beab98946e6ffdc9fa0256620b1e8b118f52a6518fba4f3
  • 4b5c55c41987b15be6989011854ae7fedcb3aa9008b17b71d7f17ba1eb3be211
  • 041a35113b4fe09add33e26cf0c4358d5f6cc43a63032fca4a078e1f433d2f23
  • ee491174790ccb31304750bda869cc27c3215df26b7edfbb4a0172236d87b04b
  • 2b1f966302490f0d71bef16033fac247e2b19345ae2efd053a309ae851a62fb5
  • b43f273624b7cbe373cea8466f078896c32bcc81cbba01a302ec0101413b2bd8
  • deb2d4eb3080298e30d0e63d22237b7ab4490ef30d44fe3c42b1430690a04b4d
  • 61f17746460fee9cc2574e51e119606bb4fb80abfc15e050263ed712d3b8903f
  • 4a93010d93f878cc4fa19923bdcc5a3d142d18a425bbbbd2e0c47871e5c7d62e
  • d3a599afc2d9d25fcd790c2a5a512bd0a10df5c0523da341b73026e1bfce58e0
  • ec23873186856213da6f41f4b7dfd4fe1f3c539e2c84771f4d95c89e109bd9eb
  • 10dccb933c67304adbd4aca3d9d04919c7801539c7bd701b8b3940bb02d3cbc9
  • e4a6b575232cac61b04e12737b0a16c58a7713980f366902fb46ad2b5bff64b2
  • 8b6a8ac696118c7e91da4f57dfa6fea916366a95005f840c9b9a4e2b3e591f42
  • b25f08c16f8f936e5d513261e4b767c1ebc3d00aae078eaf1708bcfe4962a276
  • 479c3bd3a3a3d3ffd760c4eb82013e52fddbd969e0ea04c73f2cde4d3c620a64
  • 7f66b1c5f30bd5cdf674d60841abd1c00a445b17c51fd4d02b1209f9b6e31247
  • 7a6e89ea837aaa9eaf078b57781b6ab367e8cb988d21b32edec1a6314d54ac05
  • 410c22e43f97b8efe946765365db34e3485af80c1b394121da95e0f2bb4302a7
  • 325b79f22e1917b513bf90c436a8aa1606f6cb733f73e3c3f9d6c077deef1425
  • 5131f07906cde97cc638d34c8879cfc9298761bd04a80fe94dc33cac86d16011
  • 746c01bae1a410c505795f3d579ad7d12179de7d8d4392090fdc22ebb4b7454b
  • 86480edcc886188aa29079e71165b2b91feeb9aa16787b324ec7cab650be928b
  • 69165c9361b537120111371cb77cd2282c48889c5c57f6e5c8cd7948ee9e9f75
  • 7d8a91edbbb1f38e78b97a8314076ef6c4061006afce4136e75a6e254b135c7a
  • 30d4c0348b0cdff63ba2ddc5b7891bf91da0a3907ac30241eb699fbfdd97e78c
  • 47f6730bd6546b75cf0e9ed47defc5df68da9d089b8f2acd7723a85cc44f9405
  • 7384e608a14203985f9a2392f70cd8822cac1fd2688ee3efd6e4ac55b5c9bf64
  • d7ad498b434ad59d2d940cf3ec59237afbc2051a52fe2dffda3e61c739d9b87d
  • 2b07b9359a49744393487b7349cbcff88dc018cd32e1bc92241f85682fb7c1c1
  • 154548cebfd6cf327efeb6d17c14a05c000e00d341459b52ed12246f532319fc
  • c9faa1635ec5577b6f220f892d1e046955717c486f58a364dde98e916cb23548
  • aa94f950a4ec6529ffe4aac38553168655d4a6fa2b4ee174e0243518c6f15ed5
  • c8aea25f763e308877701a6488e6b0c0d089bd52cfbc351f693246a493a574c2
  • fa00bfbefef6820343b128e4b31d9509813ffba9835871876d7c5f8d18a3a102
  • 24afc24b77671b4426c30c6ef58a77cd533945dfc2749e8e297a81d2b1d95f94
  • d1a1ed682b045fb85e37d051c5ae14ed38b4ccf85116178caf8a4157670aaff1
  • 7ceb6eade1df9035a327c93af4286bde58496486023123b26161bee65a5e237b
  • 6e46ab33869bf745574e871b3f118e4c208ba39e0b4e5912a8704b5bd43d5825
  • fb6d3d338904bc824c91b981c147b3e287b69986ca080c1224bfd3e528533a77
  • 117c9a20a49f6c28ac9c18d8eb4f5e8bb8c8a09e895e8a38549e15b0c38c4769
  • 3193db7e33e1570a2776d80457d9fa20a33a30072690cddf9358bf314ce8da4d
  • 4140bf6968c3a39274645130e37bf0cb1b550c08c9ed08990bac32b4ad33f172
  • dd20ea6713196abfe3e0d36679d71d39e5f469b2ecf28a1584f15f20746d9de3
  • 0a9a5863863cad2d9a24c01e787278d656f307afdd8bf0e9bbe083e2425e0722
  • d17f98ba86ff96b5dc84e5a4ff800791c2a88d36f3ef8827e8ee089790080968
  • fc6e3b3f23619d290016e1aec48c18513a6dcffc771eb02ce2be729db86b0fcc
  • 918b13d80deed3187481528af2a150796fd4b42fbe41b41aff2f62589f3f5870
  • 1d21abefd84cbc607015f06769fc9550337f5d200348ff21fb5be183f90222b3
  • 8efa4ef59e81806a5c34fee1ad6d6339feb01011a8748057782255b64df0cf5f
  • 2593d2f65feead439497173c78a10d57b573269d0ca628c2fc5668d641a04684
  • 1d0923f9bf58a357fdadf974b8088203e596ab4baa684de5013aadfc5e906b49
  • 9ee80117345e20be3a482b3f680569cfd84f07c72958657906eacc0dd42cc611
  • a46bdcf1e4e5244023a54f12c91de56112e6ffc809ae31bf34e95e54a1cea851
  • 0c085fadd8063fcddbf4d9f6be50af69b08b3bde7566f68749f88055c6331a1c
  • 4c860b1af02834256edfa7db1126fb1490e3787c07a93508d174be7b1fe01175
  • c85142c57f14a2e45e3f600ceab36e1731a0dc4caed235d63447cb1d48d8a6f5
  • 67082b36ca9dffcb48423dbf5c9bd41d94ec0156df01a15c6d87d16582ed7462
  • ef4794dacfce59b11e0b794892a0ba3606f083d3643df3f29120c61786dd18ea
  • f1d52cd34c0df61ffff7039a95cf70434de8162e057ddce98e9568edae1eae62
  • 4bc7fcda3035f4624c92c2f6b9ae1e4576b5f49e4e4475895de929ca436ddf20
  • 8fc83960b4e8e25e17080a63dc1793d4db13d178706f9576395e20df5ce1e78d
  • c8386c0d1ecba6c9edd57338fb2d8219a1d1c1a6ded2d89b26567b452e3a9373
  • daaf4ed5bfe5c7b618a9db321e6117e1b1597c338ae0e055d070d32dbd608838
  • a61b9e265c59407a10fbbf3a0de2f592ee781b6e2419fc0ecfee2aeb1fd4ca24
  • 65a3f90a6eeef600695a424e195a4b5076c114481c44641c9ebe56fb7db2ade0
  • 9b5992a4468fbf78d54ac91af29a6718da0f36a453a8c8f4dbb62c04425bcf31
  • a5bbfb42a1051ba4ccfd73ccd2fef7dbcf15b32c5f12b120fbfb7641c0e46708
  • 7bc2e7b91233c94115d3fb6cfaa3ad29d052ccdce70329ef6051da70b7674139
  • 73946f631d76d8a59be2648cc71dacc99d7549f0ab44a9c94bfd4fe32cf77f5a
  • cf24f90f234002a190b14d2741b8de583076bc3502245f694c1ddd4efd4cbeac
  • eaeefb654a6ea0087cbac9574f61a7bb55f29f96d99d2c623044b8da5478f502
  • 7b13d0149faf344e928cce62f24e90aed4913db98d25a6a96e4f802e0bf4e450
  • 2f50cd8d3256c041ee1b803b9e229f81004835fb9b1b25787346ccdefc62b153
  • a30573011030c4e9f12ae4be142c4ab70d268fc132346c24a947d8ca698fae2d
  • 98bafb19352075bb13bee3a2f4824868feb5b4db0776c3a7497013f5f6ea7dcf
  • 7846d33f6ec352546235818871ecaf5ba70811d4ebfda4d4fbbb7b5305a67a36
  • cf07efb532838e6877e88c40f4e69d7f77800248e91af8a553663ca0bd3ae7ef
  • 05e6c944a139a37a1a7abb5da5af5ddbb378a0949c3b9fbb1498d286623ef85a
  • 395ff5e5a0f149dd3eaf05f1330df70f4dfac14c60386642f25593292f109847
  • 08db0d760bcb1ca22f24dde4b06ae8978c832b47e5c86f3e903219278f519933
  • 21b1a6464178a651a748857f088473ae3154a83cf63540261ce84eb7fbf2a234
  • ab6af6765fb5c39f7823992f823c06ac725a2a540ce0122a58809d97731f4462
  • f466a75cb24e2c27c5bf7ef46f1cbc27bfd5d2f3a5055a0c41470b5495c9d74f
  • 61e668f79ade08a08124508c860099c842f5f70ce6a7151a3df17e7b613135b3
  • 7bc84737bab1f85a443ff4b77650b1722d1906022556876c609aa943d983e526
  • 97b69baede9bb0d3bc0bd5a21dd8a5eecd8448d0e2eb509a69ac2daf0a278f85
  • e963f86daba6d6f59946e0935da060eb2053d2fb26df619b4f8c966e3c25c934
  • 2887117b19363d209f9d47ee5b3b9d33a9357d7584dabd1e0cef3a33b43500f2
  • 303b59e0ce995e52d11c7243d8c6082f878436825b119adf47441b9adcd23b35
  • ee0f27a72967e8689b46f72bfe3295c63f036a27d3bcc6b3e07602340c70b3a9
  • 2df02d68b0f08cab1f6c5855b34599a610a51bd1f9d1df746aa72ac461d551b8
  • f43aae4c32e36056c507374396380f975a84fcb216d9eee92330af65db4741f7
  • d64ee497aee7a9bb569130b1602d9485cae425eee3c5bcfd015d8f4034ed1452
  • c190aaf1e91952bd85e280c91827920205e3a9ca54d74ee5c0295f0a7ffb11b2
  • a7dbeb1f4d48b2229bf2ad62213bc452df3919b4da403f85c9642cd0c16a7835
  • 90a57383b34251c2020e53eaa9eaad4d7bf37d7f62a3162657919027b6d12a07
  • 1aec7136dc18c9dcf4c5feebba60484ee2dc6f44eacbe5d1f67c6cff248b558e
  • 287a10fc8cd08f3ee721cef7977127a13c5dd93f2c6051f227c4731500c1b442
  • a348275b844432ec598d76496c8fccd6a9aa488be707709a64bdf3d3b8acb231
  • 0d31e3776e9a3b33ecec4f3eb1ebab1613dd5669e978f1db6d0430dc935a9f9e
  • db2c753948ffb71db865e84408435f9480fb9c631c9234be22c96a89db2c2c6b
  • e46a970bba107b5ba586db2eb133e2967cfc3e92f759042459d92eaea5de4e05
  • 2730daa49dbc70069432dfb5c21d993860e13778be3922d10fec9b19f2d641b6
  • c064f6f047a4e39014a29c8c95526c3fe90d7bcea5ef0b8f21ea306c27713d1f
  • d6c53d9341dda1252ada3861898840be4d669abae2b983ab9bf5259b84de7525
  • aca0b96126c813b0d29d6fbff9175f8ca62ff2ec6eed83bff76a73ae717cfcb8
  • 8cd45f8c8f2ed0109db6a64f9945f3dcb8a780f65c76aedded7b8af95e6dc7ec
  • 933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ff55bdd3b8dd0
  • e564e87958b3e76bc9bfeb5bed773b7a17f3a82f84872acdbb609aa43a9cd776
  • 8ee4dbbdcfbbe13669f0484b168d5d9fa7b3db7732b567c9ae507f3bdd39afd3
  • 2fce4ed2d23e687482f1fd165932dd3b292173d4e4f5991bc9329384699fb00f
  • 0a9b334682b8ffeafef0fa230f0821bf8e0e0193212de7e6c2c1e528008c237f
  • b24ec3bc9de1faa5a55c54835c2673e244e7b42e291f70cbdc2c23672abc7067
  • c5fe4b5d1803a096c1a4330512406595bb585846b4a691459de1a65b6b390409
  • ca1381e1e5a506e5fc69278c6989249c5571dc59df872af69bdd4720a3219e93
  • 0b28b28ab38a34c86501ac7eac77464ac77ce36f0cbde16b818dc8723032cd6b
  • 9cf10f8b2444eaa0c2fbbf199d5fe583923ed14cb92ddd5445b3e6ffcc86152a
  • c2464e1aa533ead8d2c2d27a388ae2617616cf17c2c4936b72991e33f0c2ccff
  • 04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
  • dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006
  • c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
  • c7f2cb7fb3ce23e7144c1ff6bffa3dc013d706be2d78ed7da3c07064c71aa08c
  • 67db8a1398d4a54f1d1e4ee4e3f729e3f48b1d60380e478d61656fa2ad119df2
  • 7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
  • de26d1c03bdcbc3059de02cda9a24e75dea077a40c51d5ef7e908dca33818883
  • ffe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
  • 7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ffde633
  • eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
  • e5c522e14a66c7ee82d5e68db74f8b44d1a8e43e4a674b17a8405b21a9845bb4
  • ca63965941add686c00e72a57c4af9c1d1861ecfe36639190efb56810d3cee57
  • 5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
  • 9d6ca2955d070b2b32fe4b034c8f622f44ba9c2c5b703312b010ec469432a984
  • 4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749
  • 43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
  • 007988b1ffdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286
  • da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
  • 02df57cb16dd7c4b42e45fcc77638e460001f8cc53b7436d4e2f978f528b8e0b
  • 658b2e2ff815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
  • e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
  • 4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
  • b13d138b8e2d9c9aefc787e6cf7bafc61826e1259ee8f512dbae58eb86db7b97
  • e40f4ece3574f58a121d4d69162c036d4f903354f77836e8ebd570db01defc87
  • 4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
  • 3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
  • 60d2a00005ccfeb478a073ac485a66ebdf8498284f7bc59213251f77932f7306
  • da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
  • b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
  • eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ff2f5dfe28fd5f3
  • 97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
  • 50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
  • 5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
  • f2a712b804c838abf68be44c14d58aab4aa7873c8812fd1f2a9cf0fb112bfc79
  • a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
  • fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
  • fe56fa9266ddd1f9a864eabac6174815fd5315e6978067a4592b8949ea321270
  • de4e50fa18bae7964ea77d1e015265e4c2232e5bc7d97d28e420c942ce65d6c0
  • 92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
  • 4bc87443c8b2440dbec1a1c5079b78f92e7758df236520787062a9a760c98459
  • add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb
  • 435a6b2421306dc072505c728ac7ce8afe99e0285b14730055942eec6081c5ab
  • e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
  • 79c6969732ac6151aae2e67867a1feff9e6740f9db08ce07187367379b0f5179
  • 23e59d431f392d39e141291938bbc8afcfcc15d821db85bd4facc8b8249e4717
  • 6810a249c8905564bc4b143d87ed539e922545a9bb7126ce9159ebcde9695aaf
  • 32ed7f3e60bb4b8d927ec548d3c95d9d6327f5b376e77165b3867f29f9ba4558
  • 72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
  • 45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
  • 53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
  • 6c3d5ab1ecfc9aaedd1722893d88af445029a19d3a0c67050bbc89da9240c31f
  • d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
  • 736ea4918754271584615622fca280fb272f613f83bdb2b867fe1131482b4c3d
  • 94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
  • e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
  • 366fa0bc8cd1ca93ae22e25734ab854a1188ad171c2b8bed0b8e910385f44911
  • 1b49a23f6ce95e63d52e263d60ab9da05ad6a423b5aea69360479a0965889014
  • 8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
  • 4aab275b3318ccc3432c065561a1911c7f7b9d3b5d7aa7ec1d8e5bffa6c7409f
  • e954f7f030aaa08ffa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
  • db2884a9012cf6e8ea5b3fabb0d02a9487eb412e75085b37188d5e8f4ada7ca9
  • 6d291c12fdb7ded66cb67088bb2fc84a28b2f36f22a599cb9a03b41b02fe0540
  • d1a9e47c59b13160bf062ac7d2b2552655e0aef751c1d92258f591114e1a48bf
  • edd381859129f4e84666944ca9373fb5da4fa0da7c25445bb302bad2d9c1db62
  • 012b97bac3f23e63bcf1399f49d559ecf7523bd9a8693f1c483f1f1db79b8c63
  • 0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0
  • 403857de4d8406fb162dd53e1bb5744a468b47d138a9555f836bebb3c728dd99
  • 3b59549507e0e3cfb4a363a306bf6eb4d26995066df643e1fc8e4e11eaffa7f9
  • debe4cb5645f10e6b6383838c25f26781a61acb536d2246cdf8dc33bbc1a2414
  • a611528272b535dc4d6a0da1d82f45dcf03044cf719bd0faa9c38380200e0256
  • d5340fec2aa3a89fd1c59c4e0fc1ac6d555cee377d7815f9dff8e17c3b9409e8
  • 6eef1f43012358b7585a243d79a070b716a13d77dd51ad89d903539283519721
  • 234ae126405324aae9d60bd011dc4ba0c462eb2e8f5608386f0d4b03a0b3e6b0
  • df4b3c1e20e0edd4c9cae6746e15651421cd53ecb386ba363712fa4d14ec4af1
  • 22ab5ea685e0702b7d6d51cc882f42fb53c993c107004bc1f5ddc71cfa8cc2af
  • db7f0dab70e1da8ef7a6a6d938531f2a6773c0c5f925f19874fd3e764aa45833
  • e58827967cba544cc1db3d751095878115f4247982fb514bbd7b98bced8de6c0
  • 3846fe442df0175461081dd63299144a233debbd2453deeeb405126042ef72d1
  • 982cf7af71d0fe54cbdfac74fd2985c48a011e6ffffe65012ee4496bb669b321
  • cbc10db9d7609e548e550e79f45940125895374b9a97e133020d5585bfd183ed
  • 2dbd942ac2f0b92d497fa6595f638cbddc24eab8beffb7cc648a91d65b45fa09
  • 38c459e56997e759ca680f88aae4428d9c76e9fae323b4d2238adf203036007c
  • 153c191ef4afd3eba9df89150ac728757efcba1293716c23f019e35270a388c4
  • 95f5f2ecdce872f5b96739f548e4b73bb8b7a2c11c46cfddf3e20fd04abfc091
  • 1cf5de71d51d2769079a8cb64e05f80e72e88846987602ad7302478c0d574caa
  • c9f42b866fc203b4cd9d09cfcb0f8fca41097548393c15adb0557652526d818a
  • ba332017cbf16842170788f5688e3b8a79c821ef1331e428d77af238c379be4f
  • b278b0e63acbbb92396da41bffb99b9ef09dff1b1b838f69e29245c6731269f7
  • b6837f46124a360ffff235824cc1decda2b97d6daf73e80f3615bce7781a86aa
  • 12e3140656d7df63a1c444b0ebdae75039a18799e2ebd03a80eeb26ce5dbb66c
  • d3383c7ee9704b51b302d7e611214a78050fcc7ad0969682355894af58f63cdf
  • 3eff10af3f2afbcf59d5cf77f470abe3cfafbe48255e7f6ea56a22608e332824
  • ad87dcc617e9914e28f76d071b586ac2cca9454078f3141c17e0102c9e2eebaa
  • 65f81148184a7ec71a43e9cd50e1267ab3fc64f3ef5f41f9da8bd74000baad30
  • f7cc1b8f93831f7170e5317b5b79aaa9ceb2bc6724f21bc4e2c6cccb71655624
  • d08e92af78cbf7049e8a9ca7b6ab61e8dc42729848e73b980b7cf5ac74d505af
  • 1b0b9cfaa78fac0875d10d087b8354d52bffb1f576eec7d49acab9d3394ccd9a
  • d48f2cb5cc595f5cea29b7fd2bd8463fdfaf980c48792294ebb4c798516a7eae
  • 5a739f018675094baf0b61ff8462b1c946410f4776be877719cb20f9a9c16dfd
  • d53ace589ad1a39487f36dd3e516ac2a5af0aec521f28c5b78b3a47636cfb068
  • 0778ef085fdebd39856ebfa4bf1203dcb7ee59fa4fc82a71a2ef3a949143c543
  • 4ffe626708fa6a2d76366a962359658e0d919544260aa2179727964c34e12080
  • 4dedf0b96b253b8fc15b007e4f61eb85d0345ef19f5a1fc6ea0772614375f606
  • f3c7d7c0e71d15dc03614964c887a2459bd0ae4a97a324018a97dff27608e4b2
  • 8b73b12aad16a58d07048a307a7a558755d0f5ca369dbee8b808a9d9c941a25d
  • a2ae329bf70c24e4380d6133a4c02127e09597111e4edfd7808aa471450d2332
  • 001f52a0fa8d4abe34bfff6c96b423435c0ad3e06d40ece228fe2db3bc0d1067
  • b4b56db2ce95d52b018edee05f996a1b5ae11a289979e984157a0efb7bbbc9b9
  • 617f1260e18929704c0ef45dae5eee7b9690b7a95f66e76ac00cf9dd2fca465b
  • c283c26a991fd3599e8fd91bf059c2dbb07d3d630caf699531c48737faedc325
  • 447f249e60df0324f74a40a4b35f432b2e19f801ce2d4d6efa126a6841836b11
  • d7aeacb2b12cef81315a64670a27575d84ac1af4541000d0093fdb3676afc515
  • d200cbc2b28811bf4762d664a4b3f9f58f6b20af03981910dc2317751f91027d
  • b409ee2691e7b2d2598cd01ac28a0914d4778da8d8b7a62d2f78492b14790917
  • e95af1012346ab3edbb365f3463bd060bfa7f194b7c68c8e680dfbde43c57eb7
  • 015e2b8de525789f551abb4af169ad914f218fb07df2496c6f23d51d6a711688

Remediation

  • Block the Threat Indicators at their respective controls.
  • Do not download files attached in emails unless very authentic and necessary.
  • Do not enable macros if a file is downloaded from the internet.
  • Keep all systems patched and up-to-dated.

Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators

Severity

Medium

Analysis Summary

In a SeedWorm malware campaign, variants of a backdoor program called LisfonService were seen in various stages of development. Some files were retrieved leveraging a PowerShell to download and run a program called ‘muddy’ on the system. Indicators of Compromise are attached.

Impact

Malware Infection

Indicators of Compromise

IP(s) / Hostname(s)

  • 31.171.154[.]67
  • 46.99.148[.]96
  • 78.129.139[.]148
  • 78.129.222[.]56
  • 79.106.224[.]203

Filename

  • svchosts.exe
  • TestService.exe
  • lisfon.exe
  • lisfonservice.exe
  • Win7LisfonService.exe
  • LisfonService.exe
  • Lisfon.exe

Extension

.exe

Malware Hash (MD5/SHA1/SH256)

  • 51ac160f7d60a9ce642080af0425a446fb25b7067e06b3a9a8ec2f777836efd3
  • 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a
  • 58972b27b7dc40494e715c2f39a1bcee4d8c18da6bcc3e22785496cca2cee1a0
  • 6f8226d890350943a9ef4cc81598e0e953d8ba9746694c0b7e3d99e418701b39
  • 9262bf6be648e1b15850a776fe4e393250d74afdf911e94ae07718f8ad4d1664
  • b6078804dfdc3219ac8ba0f74473ff7ada00228ea0141d0be8e7cf227ff09186
  • bf696397784b22f8e891dd0627dce731f288d14d4791ac5d0a906bc1cbe10de6
  • c514c3f293f0cb4c23662a5ab962b158cb97580b03a22b82e21fa3b26d64809c
  • f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e

Remediation

  • Block the threat indicators where possible.
  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users’ ability (permissions) to install and run unwanted software applications.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
  • Scan all software downloaded from the Internet prior to executing.


Rewterz Threat Alert – Threat Indicators – Malspam: Loki Bot Malware

Severity: Medium

Analysis Summary

Another malspam campaign is observed dropping lokibot malware through phishing campaign. Threat indicators are provided.

Indicators of Compromise

Email Address

  • awt[@]awtkorea[.]com
  • marketing[@]afriquesuiteshotel[.]pw

Malware Hash (MD5/SHA1/SH256)

  • d3af2a21b826279f39a50ff4efb6f45534135a7d
  • 755861ac1c47cb6caa816e98991984f9956ab4e5
  • 5480aabb36b3fa657c4ffe518916cb9d7ec1625b2ca2ab22bc9dc1daab137024
  • 8370ce17f0fe4a598d22563a9bdbc915be1dd41ba9ce94020fafcdfa4c362ee5
  • adb316d5aa07820d0d21a24ba6535738
  • d991887f2ddbbfd98d1a7bccf5b7f112

Remediation

  • Block the threat indicators at their respective controls
  • Always be suspicious of unsolicited email
  • Never click/ download any attachments sent from unrecognized senders

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings

Severity: Medium

Analysis Summary

The vulnerability is an OS Command Injection described it as a “bypass to avoid the new controls” put in place by Cisco after patching a previously found a DLL hijacking issue in the same application.

The vulnerability stems from the inability of the Cisco Webex Meetings Desktop App’s update service to properly validate version numbers of new files. So, an unprivileged local attacker could exploit this vulnerability by invoking the update service command with a crafted argument and folder.

A potential attacker could exploit this software flaw by replacing the Cisco Webex Meetings update binary with a “previous vulnerable version through a fake update (the service uses an XML to check which files can be installed) that will load a malicious DLL,” leading to privilege escalation and allowing the actor to run arbitrary commands with SYSTEM user privileges.

Impact

  • Run arbitrary commands
  • System user privileges

Affected Products

All versions of Cisco WebEx Meetings Desktop App releases between 33.6.4.15 and 33.8.2.7

Remediation

This vulnerability can be exploited remotely by leveraging the operating system and remote management tools, so the administrators should be aware of the active directory deployments.


Rewterz Threat Alert -WARZONE RAT ( aka Ave Maria RAT) Malware

Severity

Medium

Analysis Summary

Malspam WARZONE RAT (aka Ave_Maria Stealer aka Ave Maria RAT) malware has been spread through different phishing campaigns. Threat indicators are provided.

Indicators of Compromise

IP(s) / Hostname(s)

  • 5.206.225[.]104
  • 146.255.88[.]214

URLs

  • warzonedns[.]com
  • hxxp://5.206.225[.]104/dll/vcruntime140.dll
  • hxxp://5.206.225[.]104/dll/softokn3.dll
  • hxxp://5.206.225[.]104/dll/msvcp140.dll
  • hxxp://5.206.225[.]104/dll/mozglue.dll
  • hxxp://5.206.225[.]104/dll/freebl3.dll hxxp://5.206.225[.]104/dll/nss3.dll
  • hxxp://5.206.225[.]104/dll/upnp.exe

Email Address

  • manarnasr[@]madeinaudio[.]com
  • tou013[@]efx.net[.]nz

Email Subject

  • Important Process form Regarding fraud Adjustment Refund
  • TD Bank Secure Mail
  • Transaction receipt for eInvoice 4596
  • ACH Credit Transaction

Malware Hash (MD5/SHA1/SH256)

  • 4e56a44a29a1f6038f2f0c1909aa02846e61a3b9
  • 8662cce96988085e2e35f80c0d9a3e7bb9022b22
  • 708c6af4b82bd6913709fe6ed17c766e2585b3b4
  • 1f8080cd046576290f28e1e22c2daf7843d72642
  • b3892eef846c044a2b0785d54a432b3e93a968c8
  • ffcdc87572815d4801094dd7fa7df5f5868d0b3e
  • 153b601dd6780f1a532f68444f92aeed2c7971b58547aaf2b9d5165c0c14623d
  • 27a855a5b954c4a2415b5f49cd798872a5bc6a08878ba5eea010b0a27718a987
  • 49027f9a9bf07e48b40512aab3c06d5dcdf7a50bfd7019bf32182a1f2ffacf16
  • cfe14dc4f408f1d1cbabf5b05cde303a8c8ff6a600d98b3ef4b12ab1d2f73ba0
  • 798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
  • 0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9
  • a2681b18b9e0d0a449cc9fd018d503cc
  • 2cb663a749b8f07054e8ffc29564f78e
  • 469209838a2ae561997998debabac084
  • b74a28a008ea01c409392dbeb15a078a
  • 461ade40b800ae80a40985594e1ac236
  • ee03ca33712e4ee518cb7b046d0f64ec

Remediation

  • Block the threat indicators at their respective controls.
  • Always be suspicious of unsolicited email.
  • Never click/ download any attachments sent from unrecognized senders.


Copyright © Rewterz. All rights reserved.