This report was processed and collated by the Elemendar CTI team and includes Mitre ATT&CK TTPS and IOCs collated from using one of our products; READ., an AI-driven Cybersecurity tool.
For further information or a demonstration of our products please visit our website: elemendar.ai If you want to get your PDF version please email us cti@elemendar.com
Contents
Executive Summary
VEEAM exploit seen used again with a new ransomware: “Frag”
Threat actors are exploiting Veeam Backup & Replication vulnerability CVE-2024-40711, enabling remote code execution to deploy the Frag ransomware. Using LOLBins and compromised VPN credentials.
Frag ransomware exploits backup software vulnerabilities, targeting Veeam systems. Despite recent patches, delayed updates likely enabled compromises, and attacks on unpatched systems are expected to continue.
New Phishing Campaign Delivers Advanced Remcos RAT Variant
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
VEEAM exploit seen used again with a new ransomware: “Frag”
A critical vulnerability, CVE-2024-40711, in Veeam Backup & Replication (VBR) software has been exploited by threat actors to deploy a new ransomware strain named Frag. This vulnerability, discovered by researchers at cybersecurity company Code White, allows unauthenticated remote code execution (RCE) on Veeam VBR servers. With a CVSS score of 9.8, the flaw is highly severe, as it enables threat actors to gain control of systems running Veeam’s widely used backup solution.
Elemendar CTI Analyst comment: Veeam reports that over 550,000 customers globally use its products, including approximately 74% of companies in the Global 2000. The exploitation of CVE-2024-40711 was first observed in attacks linked to previously documented ransomware strains, Akira and Fog, but recent cases have involved Frag ransomware. Sophos X-Ops observed that the threat actors exploited CVE-2024-40711 within weeks of the vulnerability’s disclosure. These attacks are part of a threat cluster identified as STAC 5881 by researchers at Cybersecurity company Sophos, who have tracked this group’s activity and identified overlapping tactics, techniques, and procedures (TTPs) between Frag, Akira, and Fog operators. In each case, attackers first gain access through compromised VPN credentials (often lacking multi-factor authentication) and use the Veeam vulnerability to create rogue administrator accounts named "point" and "point2.". Comment Ends.
To exploit the flaw, threat actors use the vulnerable Veeam URI endpoint on port 8000 to execute remote commands. Through this endpoint, attackers can initiate the net.exe command to create new administrator accounts and expand their control over the network. Once inside, they execute the Frag ransomware payload via command line, specifying file encryption parameters and appending a “.frag” extension to encrypted files.
Frag ransomware is executed with a customisable encryption percentage, allowing attackers to adjust the impact of encryption on the targeted files and directories. This ransomware variant uses Living Off the Land Binaries (LOLBins), leveraging trusted software already present on compromised systems, which makes it challenging for traditional endpoint security systems to detect. Similar to Akira and Fog, Frag uses LOLBins to blend into normal network activities and evade detection.
Researchers at Agger Labs noted that Frag’s stealthy behaviour closely mirrors that of Akira and Fog, suggesting that it may be developed by the same group or a closely related entity. By using LOLBins, Frag operates covertly within a target’s environment, making it particularly effective at bypassing security controls that rely on identifying new, unfamiliar binaries.
Fig.1: Frag ransom note (Source: Sophos).
Elemendar Intelligence Assessment: The rapid deployment of Frag highlights an ongoing trend of ransomware operators exploiting backup software vulnerabilities to hinder data recovery efforts.
Given Veeam's widespread adoption, especially among large enterprises, backup systems have become prime targets, this trend is highly likely to continue. Though Veeam released a security update in early September 2024, the patching delay among users is highly likely to have given threat actors the opportunity to compromise unpatched systems.
Little is known of the threat actors behind STAC 5881, it is highly likely that further details will be released as further attacks are observed within Veeam users systems. The impact of these attacks is yet to be fully understood, however given the potential number of verticals that use Veeam, it is likely to be significant. Assessment Ends.
New Phishing Campaign Delivers Advanced Remcos RAT Variant
Fortinet’s FortiGuard Labs recently identified a sophisticated phishing campaign spreading a new variant of the Remcos Remote Access Trojan (RAT). This campaign begins with a phishing email containing a malicious Excel document disguised as an order confirmation. When opened, the document exploits a known vulnerability in Microsoft Office, CVE-2017-0199, allowing the installation of Remcos onto the target system.
Elemendar CTI Analyst comment: Remcos is a commercial remote administration tool intended for legitimate use but often abused by threat actors. Once installed, it enables threat actors to control the victim’s device, steal sensitive data, and execute further malicious actions. Comment Ends.
The phishing email entices recipients to open the attached Excel file, which activates the CVE-2017-0199 vulnerability. This vulnerability enables the download and execution of an HTML Application (HTA) file, which then launches the infection chain. The HTA file leverages multiple scripting languages, including JavaScript, VBScript, and PowerShell, in layers to bypass security checks. It also downloads additional malicious components that run directly in memory, making detection by conventional security solutions challenging.
Fig.2: Workflow of the entire phishing campaign (source: Fortinet)
The Remcos variant deployed in this campaign employs extensive anti-analysis techniques. Obfuscated scripts and dynamically retrieved APIs make it hard to analyse and detect. The malware also performs in-memory, fileless execution, injecting itself into a process named “Vaccinerende.exe.” This process enables it to download and decrypt additional components directly into memory, maintaining a low footprint.
To ensure persistence, Remcos modifies the system registry to remain active even after a reboot. The malware’s stealth is further enhanced by dynamically hiding its processes, calling undocumented APIs, and detecting debugging tools. These techniques allow Remcos to evade detection and stay hidden within the target system’s PowerShell environment.
Elemendar Intelligence Assessment: This campaign highlights the serious risks posed by commercial remote access tooling when abused by threat actors.
The anti-analysis techniques demonstrated and availability of Remcos, make it attractive to diverse threat actors, from APT groups to cybercriminals, who can leverage its widespread distribution potential for gaining initial access.
The phishing capabilities of the Remcos campaign highlight the increasing sophistication of modern phishing attacks. By using social engineering, multi-stage infection chains, and advanced obfuscation, the campaign is designed to bypass security defences effectively. The campaign’s reliance on a well-known vulnerability and fileless execution further enhances its stealth, and is highly likely to pose a persistent threat to all verticals. Assessment Ends.
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Since July 2024, Cybersecurity company Check Point, has been monitoring an extensive phishing campaign, dubbed CopyR(ight)hadamantys, which deploys the Rhadamanthys info stealer.
Elemendar CTI Analyst comment: This campaign leverages a copyright infringement theme to lure victims into downloading malicious files, with emails impersonating companies across multiple verticals such as media, entertainment, and technology. The campaign has a broad geographic reach, targeting regions including the US, Europe, Southeast Asia, and South America. Comment Ends.
Each phishing email appears to be from a legal representative of a company, falsely claiming that the recipient has posted copyright-infringing content on social media. The email encourages the recipient to remove specific images or videos, directing them to a password-protected file containing supposed removal instructions. However, the file link redirects users to Dropbox or Discord, where they can download a malicious archive containing the Rhadamanthys stealer. This archive typically includes a decoy document, a legitimate executable, and a malicious DLL. The executable uses DLL sideloading to execute the malware, which then gains persistence through a registry key.
Notably, each email originates from a unique Gmail account and is personalised to appear credible to specific targets. Around 70% of the impersonated companies are from the entertainment, media, and technology sectors, likely because these industries frequently deal with copyright issues, making the phishing tactic more believable. The widespread use of automated tools, possibly AI-powered, enables the attackers to generate and distribute emails efficiently. However, occasional errors, such as sending emails in the wrong language, hint at automation limitations.
Fig.3: Copyright campaign infection chain. (source: Check Point)
Rhadamanthys is a well-known and sophisticated info stealer, highly valued in the cybercriminal marketplace. The latest version (0.7) includes enhancements such as an optical character recognition (OCR) module for reading text from static documents like PDFs and images. While the OCR claims to use AI, Check Point found that it employs classic machine learning, typical of older OCR technology. This module includes a dictionary of 2,048 words associated with Bitcoin wallet protection phrases.
Elemendar CTI Analyst comment: In 2024, Check Point tracked threat actors using the Rhadamanthys stealer, including Void Manticore, an Iranian state-linked threat actor active in Israel and Albania. In one campaign associated with Handala, a persona linked to Void Manticore, the Rhadamanthys stealer was distributed under the pretence of an F5 update. This marked their initial use of the stealer, which they subsequently deployed in further campaigns, impersonating both Israeli and international companies. Comment Ends.
Elemendar Intelligence Assessment: CopyR(ight)hadamantys represents a well planned and calculated phishing campaign that relies on psychological triggers to ensure the victim is deceived into downloading the malware.
Though previously associated with nation-state actors, the current Rhadamanthys campaign likely originates from financially motivated cybercriminals. Unlike targeted espionage efforts, this campaign indiscriminately targets diverse organisations, lacking focus on strategic assets. Threat actors are likely to have used automated tools, possibly AI-powered, to generate unique Gmail accounts for each phishing attempt, suggesting a broad, scalable approach aimed at maximising financial gain.
Rhadamanthys is a sophisticated malware, featuring an OCR module that reads static text, potentially to target cryptocurrency wallet data. Additionally, the malware employs advanced evasion techniques, such as generating larger versions of malicious files to evade antivirus detection. The use of spear-phishing tactics, automation, DLL sideloading, and advanced evasion techniques make it a continued threat to the enterprises currently affected and it is likely that variants in the phishing tactics will be seen, presenting further threats to all verticals. Assessment Ends.
Annex A: References
VEEAM exploit seen used again with a new ransomware: “Frag”
New Phishing Campaign Delivers Advanced Remcos RAT Variant
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Annex B: STIX Entities
VEEAM exploit seen used again with a new ransomware: “Frag”
Mitre ATT&CK TTPs
ChatGPT-4o Can be used for Autonomous Voice Based Scam
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1203 | Exploitation for Client Execution | Execution | Exploiting vulnerabilities to execute malicious code on a client machine. |
T1211 | Exploitation for Defence Evasion | Defence Evasion | Using vulnerabilities to bypass security controls and avoid detection. |
T1584.008 | Network Devices | Resource Development | Targeting network devices to gain access or persist on a network. |
T1587.001 | Malware | Resource Development | Developing or acquiring malware to use in operations. |
T1562.011 | Spoof Security Alerting | Impair Defences | Falsifying security alerts to mislead defenders. |
T1588.006 | Vulnerabilities | Resource Development | Gathering information on vulnerabilities to exploit. |
New Phishing Campaign Delivers Advanced Remcos RAT Variant
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1027.010 | Command Obfuscation | Defence Evasion | Obfuscating command execution to make analysis and detection more difficult. |
T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Exfiltration | Exfiltrating data using encrypted, non-C2 communication channels to evade detection. |
T1055.012 | Process Hollowing | Defence Evasion | Injecting malicious code into another process to disguise its execution. |
T1059.001 | PowerShell | Execution | Using PowerShell scripts for command execution and automation. |
T1132 | Data Encoding | Defence Evasion | Encoding data to evade detection or hinder analysis. |
T1547.001 | Registry Run Keys / Startup Folder | Persistence | Adding malicious programs to startup locations for persistence after reboots. |
IOC’s
Type | Value |
URL | hxxps://og1[.]in/2Rxzb3 |
URL | hxxp://192[.]3[.]220[.]22/xampp/en/cookienetbookinetcahce.hta |
URL | hxxp://192[.]3[.]220[.]22/hFXELFSwRHRwqbE214.bin |
URL | hxxp://192[.]3[.]220[.]22/430/dllhost.exe |
C2 Server | 107[.]173[.]4[.]16:2404 |
SHA-256 [PO-9987689987.xls] | 4A670E3D4B8481CED88C74458FEC448A0FE40064AB2B1B00A289AB504015E944 |
SHA-256 [cookienetbookinetcahce.hta] | F99757C98007DA241258AE12EC0FD5083F0475A993CA6309811263AAD17D4661 |
SHA-256 [dllhost.exe / Vaccinerende.exe] | 9124D7696D2B94E7959933C3F7A8F68E61A5CE29CD5934A4D0379C2193B126BE |
SHA-256 [Aerognosy.Res] | D4D98FDBE306D61986BED62340744554E0A288C5A804ED5C924F66885CBF3514 |
SHA-256 [Valvulate.Cru] | F9B744D0223EFE3C01C94D526881A95523C2F5E457F03774DD1D661944E60852 |
SHA-256 [Remcos / Decrypted hFXELFSwRHRwqbE214.bin] | 24A4EBF1DE71F332F38DE69BAF2DA3019A87D45129411AD4F7D3EA48F506119D |
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Mitre ATT&CK TTPs
ID | Name | Tactic | Description |
T1027.001 | Binary Padding | Defence Evasion | Adding padding to binaries to change their hash, evading hash-based detection mechanisms. |
T1027.003 | Steganography | Defence Evasion | Defence Evasion |
T1055 | Process Injection | Defence Evasion | Injecting code into legitimate processes to hide malicious activity and evade detection. |
T1055.001 | Dynamic-link Library Injection | Defence Evasion | Injecting malicious DLLs into legitimate processes to execute code stealthily. |
T1218.002 | Control Panel | Defence Evasion | Using the Windows Control Panel to execute code or scripts to evade security measures. |
T1547.001 | Registry Run Keys / Startup Folder | Persistence | Adding malicious programs to startup locations for persistence after system reboot. |
T1574.002 | DLL Side-Loading | Defence Evasion | Loading malicious DLLs by hijacking legitimate applications to execute code. |
T1586.002 | Email Accounts | Resource Development | Creating or compromising email accounts for use in operations, often to impersonate others. |
T1598 | Phishing for Information | Collection | Using phishing techniques to collect information from the target, such as credentials. |
T1656 | Impersonation | Initial Access | Masquerading as a trusted entity to gain access to target systems or information. |
IOCs
C2 Server | 198[.]135[.]48[.]191 |
C2 Server | 139[.]99[.]17[.]158 |
C2 Server | 103[.]68[.]109[.]208 |
C2 Server | 95[.]169[.]204[.]214 |
C2 Server | 15[.]235[.]138[.]155 |
C2 Server | 15[.]235[.]176[.]166 |
SHA-256 hash | d285677cba6acf848aa4869df74af959f60ef1bc1271b4032000fcdd44f407f2 |
SHA-256 hash | 2be6ad454fa9e87f78dea80d2855f1c14df81a881093a1a0d57f348377f477a8 |
SHA-256 hash | 9ef9c88cef51ee0fb77ea9a78dbe60651603ef807ddb6c44d5bda95cc9026527 |
SHA-256 hash | e8aa9a061c6ea803faaf4c8d7a80c6886b4ee73d9a89a9dc6e87e3fecf7a6851 |
SHA-256 hash | b1ac4ad92045e935c132214015188d27ec4382f930d0152dfb303695b708b38d |
SHA-256 hash | 00086cf4f35b6fb7f897cfa2f0d5ad9876aa9819cdc87416c798005ce901d3a1 |
SHA-256 hash | 05e02f0f9b8625fe3959ae1219f31b0167d787fefc0a9d152edf6524d6859590 |
SHA-256 hash | 0a3dfe260dd7b038ddb8911689c899541391c188aff966261e7bd9d0280d153d |
SHA-256 hash | 0b9bd95d815af9ea4a59840ef6fcdc7ccfd0e239c40974334cb4cfb41df530db |
SHA-256 hash | 0de8d2d3217cebd37a2fe488713d1c288ae5a63d3d3b2a3495e2e636ba6a1f89 |
SHA-256 hash | 10eafd75429ffadee2384acd37b0d4e7ca26b83666e6786f2acaf1b1c29c3f17 |
SHA-256 hash | 12b7390835f30c1bcdeddd258e49684c98133cee4a6a2ccab869785567deae4f |
SHA-256 hash | 2a276ca5b2e095cdac7b24e58b3f7a67cee7db2fb5c1568e4775909265c7e914 |
SHA-256 hash | 2aa58fa8d71bd2b4fd1ffac16a6461191bbf6f4b2c97455ae52800cce929a0f2 |
SHA-256 hash | 2e0c99758432a3759b5af6f190ec5cb72a5a84c977d8883dcf041c4de003f3d3 |
SHA-256 hash | 324dfc7bb75f27e6fba8d67dea67a63525efbe947bf8e29ef39980c6efc1c3f6 |
SHA-256 hash | 3448005600ccb0ae52443a4c227a657de9cd767b389e9a1ed75ef074709981bd |
SHA-256 hash | 3de252c9023bc8920d77570acdfe21813532727af3f91d59af35fa8abcd3700f |
SHA-256 hash | 3ecf2838b2e07e6d329d45cde7d0162ba47fea4b94bacb24838358314daed756 |
SHA-256 hash | 415ee9b12002f17ca4f36bef794fdb19884e22980e21bf8a15043258624c439b |
SHA-256 hash | 416f3fa48b75ab168e3373dae77cab7f4702de5158835d23a02629e8c1d20156 |
SHA-256 hash | 41a3edb3a8e8d5cf093cbd02791911f6ee26df39a377fceb6b101d66a7b7aff2 |
SHA-256 hash | 4b33219c5cadb4d741044874f6f0184d45f43891d28ad5b489716d4da21310fd |
SHA-256 hash | 4bbe0f6b5488a51295b15d8144d0a1c9b41bb86384299b88ea48e88c76704f52 |
SHA-256 hash | 4cbcfa2a8d56976eff1e8ac0ef4d7703d0b802f227975a0cc36f3dcd3a90e73e |
SHA-256 hash | 5cec33e8f47855da3c4ce1f3953d750275864714b16e08a94605bc3889867caf |
SHA-256 hash | 6044e08402d1abd52991f5c6a4749ba6aa29a0587ff196edf60b38862392e855 |
SHA-256 hash | 623bb3f1f476c37afc309d6c0ab89e216aaedc03b8a7ec1aaec5fb5085d78a97 |
SHA-256 hash | 741dfdae8948f3e430a5b7b66c8fb4b8a750695b67a84a12abc0b6089e8fba31 |
SHA-256 hash | 7990765022c4400a45f996046971b9e6b69cca5b06f8d2adb61bc267fd362197 |
SHA-256 hash | 7d7a3e254b7968400a301d83fcd44a69f655386b9b95998a36113cfb2e542720 |
SHA-256 hash | 7dc07b8aa268485e40ab78bfbb03a367d80ebd7b2c6c74961dc6842cae7086e1 |
SHA-256 hash | 7e270a80cd0f04f245309e8c75cfc2cb46dc075ba01a00b30f66cb8b5deaaf3f |
SHA-256 hash | 865a4f2583679f7a40357b61301d75567cf516a5b8295dc8155e6d4aa2ce244a |
SHA-256 hash | 878917b6a8d241031fc330eff771f416a9fffaecab42c39d57e58ac2d8f38f11 |
SHA-256 hash | 970e199e40511e90d6dd5d6f3c9f3701215fd881b1273fe2617bd44444b0bee9 |
SHA-256 hash | 9a249dfdc2c16700bc5add2455f2ed00e47a2610b7779cc33e40aac576a2a74d |
SHA-256 hash | 9abf9fb94e2529d8819a3873f2025bdd90d14e75fe4af81e489f6d0560809f9c |
SHA-256 hash | 9d10835f7717c89d17886b7e59cc2dfc9133bfaa044bad5f070e1c8e1212e257 |
SHA-256 hash | a03d2956ff8d0ae4d96c9e6cced79b335b70eef10feb0f7202609cb8652179f6 |
SHA-256 hash | a064bbc4b58642ab4d7118abc55fb81db6584cbc633800ad14048e8370a95ef2 |
SHA-256 hash | a15d0aedc8b4e54a170b6ecc3d9a06835cc499f07b05c6ca261081ace505debf |
SHA-256 hash | a72083974e886856b7d985bdc79888234c8cd9012ed39b2566851fb0d86cca50 |
SHA-256 hash | a8729621ca4310e8e1a7ad3e1426708f1e1954a16af420cd3ce46c501e9692ab |
SHA-256 hash | a9896a8f96407a5eedda08a63dd40967f0fe0b3926e7002b6e1abc11f6ab81cc |
SHA-256 hash | aa04c9307a9087455d21dfac02d7f322ab337cd5978f9161285a9c79379efecc |
SHA-256 hash | b36205464ead176a473ab43ea7b5e0c2b8749b3eb9549d65609be2337dce25db |
SHA-256 hash | b529c6df6164ff8badf30f942220a3126f99e3fc2c2ea1494aa3e305b3b53c1f |
SHA-256 hash | b9c4c8343ba75081954b2db54940585c6c0c9bb47e053ac1b9229b4fa8fc9293 |
SHA-256 hash | be9c3feed5f6e81ccd375902c8c92616f77694b6cd14f69896d44dd4b1ea4990 |
SHA-256 hash | c5bb808a88f9e729484c05a1bc3097157bbfbd28469e502f2ebc4c6e6135df42 |
SHA-256 hash | c622c0f67eb5d9a90008e5e120065cd5a1a6e25c6e758e8205d377596059b8fe |
SHA-256 hash | ccb539bf17d479d9707ee717d0afb03cd57e9b6f023becf1abf9cdbd88e1b06c |
SHA-256 hash | cd3040c88a6fd71ed1ce8c2a5d0b13ed8e25e49835932a39891c514ef946dd29 |
SHA-256 hash | ce2f00f1d0e71287e746d5a3507547f355297a3e45a7c2cc0322015916a0137c |
SHA-256 hash | d00d3adf81bf95ff4994dcbd2ae1305a6ee6b0edfad6eb55b87217f85645651a |
SHA-256 hash | d0e3f547e3efcc9d9794774a765b9c3950955e7ad752f3e630ebd5ab9425bcdc |
SHA-256 hash | d452461f3527d674de3e9b680026ceb2b02c56d6d3f7c94da3aab65c05f52c03 |
SHA-256 hash | d57f45096e646837dec51129222fcbe79981c595721164009aec68be09bf5dcf |
SHA-256 hash | dbb4f7e6354621c316fbba7e7a15f59cf229684e16ab6d21027f310beecaf49b |
SHA-256 hash | dbdeede6f39936305c4c5bd8e4f7bfccb0b823c025130e7f8fa285e80383be0f |
SHA-256 hash | dc3d72f72247141efeba3c2ffd498025f68e0c4b34c9a4dc2686ffec09b6d401 |
SHA-256 hash | de933f7b47707f4bf8d5a4aaef8b31f5059d3b8f465bcaae3e22438466e8390b |
SHA-256 hash | e6315b24e0311758da1c25daa5f2724da4f534ed7ed644cbf43f3cc64c4676a7 |
SHA-256 hash | e9a18755312011e30081e7ce0fcc1db3e3aec3b9f3ed3a776dd38498830a2738 |
SHA-256 hash | eb4e39d44ad016b8d6d1dc8dc25a9ea3d3e18df87516922fdbd995de15b68f54 |
SHA-256 hash | ebd167ca477af620065548a9e55567682b0750625b3e078fc4498dd5adeabdc6 |
SHA-256 hash | f2536e520d37512d868a418797974a5c11e67742824a5477100b7e3f5b2efbc3 |
SHA-256 hash | f4fcba1c9d7f4ae8e3868f901035ea1e0e9e1122a362a83afd3d111c17a97d7a |
SHA-256 hash | f7eef906c7dc1ce2ffe586d4b7f316a5f5c6761b5cdbf22d892fbc87a5ee2f6f |
SHA-256 hash | fe55c1d263e0ea356d86afd8b2b1cedff570568e45b8a3810e05ea482b8a9329 |
SHA-256 hash | fefba5ce20c71a71cfe35dd8ff06c514bf6ffde60356babf4f4bba66dd904b78 |
SHA-256 hash | cf9d93951e558ed22815b34446cfa2bd2cf3d1582d8bd97912612f4d4128a64e |
SHA-256 hash | 48aaa2dec95537cdf9fc471dbcbb4ff726be4a0647dbdf6300fa61858c2b0099 |
SHA-256 hash | 00fc4b8a4c65c06766608f3ef3f92385c8e147f5991dabe290e33dd14b39ad44 |
SHA-256 hash | 0ad65fd0897a6547f6febf398708ab2d423a8f8834b53136219cb490ec3ebd13 |
SHA-256 hash | 11ba24d023b544e28c37b6cb8afe27d06638175d7f56c2e4d4ff97bf7bd813b6 |
SHA-256 hash | 1a2399ecc38f3288206c75b55762d125d3d75254062a2c0d85c86e7f896736ac |
SHA-256 hash | 258ffcc13dbe110bcce21b91f7f075995719791fdd3c9f55ea5934984fa4373d |
SHA-256 hash | 2cbc1e8a4cb5d18a867666adbd3417bc88d48a74ae6500593959aec1a1c92d2d |
SHA-256 hash | 342a5c7df2bdd040570f4b83c74366d4c96a90d6418149d432cb5e8577f2f6b1 |
SHA-256 hash | 3648e89e7449ea433a8b3ef0e5b605b5dc4157048c03b20dedc5e3b920fa8552 |
SHA-256 hash | 5418e42706bca4712ff2a3db67853eb42a2310660c51cff2f9020586cffedeb3 |
SHA-256 hash | 69573694d16b7ccadfa208ff976bfe1b3e36837aba3e5dc4dfc80e66341ef61e |
SHA-256 hash | 6de4f65b1d738d84f8e825613092bbd360194195fe8a1c986e12a9bb704217c1 |
SHA-256 hash | 751f149665f87dd20cc8dff743f28e5da1ff2a5f04874d4b8569b9afceeedfec |
SHA-256 hash | 78200cd816acbd39b6664c6582e06500f6d46085b62b49d2f914bea5a004197a |
SHA-256 hash | 783c7f4bf23072343f6247ee14e54e4af0b147553ad1ef42b4e7fb44386d667c |
SHA-256 hash | 7f99e506c17676b98dcc08e6a19f100ef933cde3e0423c6d4072f6802a9196bb |
SHA-256 hash | 8d0b1174cbda6b102bb98c91ba123e9f404b9fad23b49a4e29f3cfd8d20a577a |
SHA-256 hash | 90c7688e0dc23ba4530bac1d567bad920c4ef1c06cbf4b2d867eeb363271eefe |
SHA-256 hash | 9102e564c3262b2c291e8ca3d67f8a55c06650aa86f617c919916f6053c03c9b |
SHA-256 hash | 9327aa03760431b6d86eeb2f1a3efc36aa443b842b5116fbbe0f2a7794c4e70e |
SHA-256 hash | 97286b6f3a6535ff1172ef65172e6967e3670c6b14a3313c3bf0d6c171b1fc85 |
SHA-256 hash | 98e28d3423f5d414effe3c0ed6fd0f1c8154942e5e127ecee5f051e1196ffc75 |
SHA-256 hash | 99c0bebdc8cb7b0948000a601f510fc70487f9da532be199b8641512a2db9839 |
SHA-256 hash | 9bdf49b27fd4d80ef087f63e0bfa0a0822686814863eca09ac506404ad76dfda |
SHA-256 hash | b2588061ba5ee9948bbccd320b40c6d7b8d6a693d181f3bce61e5e267f53aa7e |
SHA-256 hash | b936853a0c50a0cd0bc8b33103b55bd88e19c6c28768d990b954c11d714286ca |
SHA-256 hash | f2429f4bd09897653d0ffa41206a14cafa55356d5edc04dc0915c116867f8c27 |
Probability Language
This document uses probability language based on assessment. Further information can be found in the image below:
Feedback
We welcome your feedback, this ensures we meet your needs.
Please contact our CTI Director at : CTI@elemendar.ai
Acknowledgements
Authored by Paul Montgomery, CTI Director Elemendar
Comments