{
  "IOCs": {
    "Hashes": {
      "MD5": "6f8351ff0adfd7b724bf34cab7c6052b",
      "SHA1": "a803fa85b84e363604975a5682b279a69739a78e",
      "SHA256": "6fbaa2637e7c8773695dcf07a85dc830112da3d8dab5dbe277dfa96111470920"
    },
    "File": {
      "Name": "houselet.exe",
      "Path": "%TEMP%\\houselet.exe"
    },
    "Network": {
      "IP": "45.155.69.25",
      "Port": "80",
      "URL": "http://45.155.69.25/b8380e89dabaee4a.php"
    },
    "Registry": [
      "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
      "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Proxy"
    ],
    "Mutex_Thread": [
      "Go sync.Mutex locks observed in runtime execution"
    ],
    "SourceArtifacts": [
      "sunless/anesthetist/niellated.go",
      "sunless/anesthetist/swinehull.go",
      "sunless/anesthetist/trunkless.go",
      "sunless/anesthetist/zwitterionic.go",
      "sunless/main.go"
    ],
    "Certificates": [
      "Untrusted / self-signed"
    ],
    "BehavioralSignatures": [
      "Masquerades as Sony PlayStation Remote Play installer",
      "HTTP POST to PHP endpoint without User-Agent",
      "Runs from Temp directory"
    ]
  }
}