Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
======================================================================================================================================================
[SHA256] 								[Detection name]		[Details]
62cd46988f179edf8013515c44cbb7563fc216d4e703a2a2a249fe8634617700 	Trojan.MSIL.RAWLD.THBOFBD 	Stage1.exe 
ab7d8832e35bba30df50a7cca7cefd9351be4c5e8961be2d0b27db6cd22fc036 	Trojan.MSIL.RAWLD.THBOFBD 	Stage2.exe 
330730d65548d621d46ed9db939c434bc54cada516472ebef0a00422a5ed5819 	Trojan.MSIL.PHONZY.G 		Stage2 
9479a5dc61284ccc3f063ebb38da9f63400d8b25d8bca8d04b1832f02fac24de 	Ransom.Win32.BABUK.VSNW1BA24 	Stage3.exe 
feab413f86532812efc606c3b3224b7c7080ae4aa167836d7233c262985f888c 	Trojan.BAT.KILLAV.B 	SD.bat. Deletes Trend Micro folder 
a4dfa099e1f52256ad4a3b2db961e158832b739126b80677f82b0722b0ea5e59 	Ransom.Win32.RAWLD.YAEA1.note 	Data breach warning.txt 
07ab218d5c865cb4fe78353340ab923e24a1f2881ec7206520651c5246b1a492 	Ransom.Win32.RAWLD.A.note 	Data breach warning.txt 
dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f 	N/A				Finish.exe, Text file containing “Hello World!”