{ "Event": { "published": true, "date": "2023-09-25", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-09-25", "timestamp": 1695686581, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "01c0ba9c-2187-4115-87b6-d2424daf1544", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91c76ee0-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695644710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644710, "uuid": "3fe3ca6f-83bd-4170-95dd-2ec5c2af10fa", "comment": "Malware payload (GuLoader)", "value": "31cd2e85ac85417e1e903ac4e0205d14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644710, "uuid": "0299a320-b858-4c15-89e7-c4ae5bf0fd6d", "comment": "Malware payload (GuLoader)", "value": "020b15dd44f5307a1c6391ac9e3a8e22bc396e0135358d5f14b2215de412bb0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644710, "uuid": "36822325-b61c-4f71-894b-55ed49d8772b", "comment": "Malware payload (GuLoader)", "value": "24eafb8de3bdeae8ed39bc0d3b3cb50ef01b4993", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644710, "uuid": "db7c5429-a7ac-4849-b13e-af232036867a", "comment": "Malware payload (GuLoader)", "value": "bf04fc20df049e9d06670409fec98fbf84ff6e450bb3eac4a74bfcea9ffa336b6a2330c48b7c9947dbe71e20f2fe2108", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644710, "uuid": "d8f42d6c-9d41-42b5-8de3-894aaa5500f5", "value": "T11145021AB929D15AE9BE6E76DC1DC0F1A6B8BC6BD910130B3191FF2E75F2301140BA5C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644710, "uuid": "263aba23-92be-4ad5-8c64-9872893e85fb", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644710, "uuid": "58f07ddb-7d27-45e7-901e-930a08c2d5aa", "value": "24576:bgGmHho+ehKSlKk95ACjKC4onl8Q3wlRjMPybTJmUB:sVH210qKIACjKCxl13ojMPyblP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644710, "uuid": "a44316f0-c083-48ec-ac38-3bd1e6ed6d9b", "value": 1250664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644710, "uuid": "3da35fc7-53b1-4a4d-9c97-1f170f364c95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644710, "uuid": "a33460d8-076c-463c-956d-89d481e4c09a", "value": "Magnetotelegraph.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5390b22-5bbe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695658540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658540, "uuid": "6c991216-9c68-4f87-a818-df9611e38aff", "comment": "Malware payload (Mirai)", "value": "0ec0f636b54267accd253111f768eb0c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658540, "uuid": "36e4b9db-7429-4749-a760-f2d78cec045c", "comment": "Malware payload (Mirai)", "value": "028ebc958543ee64099a42e9bb86517cebf8cc5508adceec7e66d47c5b38236e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658540, "uuid": "18000333-b3d0-4e79-b472-8fe646303329", "comment": "Malware payload (Mirai)", "value": "d35bdb7aee7980ca9ce99a1e3616cabe04f5dcb4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658540, "uuid": "d13a10e0-0ad8-4bad-b34c-e9f815b74246", "comment": "Malware payload (Mirai)", "value": "1782816ec6a8489f524b32c56a35bdd8ba0a6c4db654ab6f5a81e72bf23b14e0a5ace903d4da4b327de16764a124760e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658540, "uuid": "c33010e4-0dc5-4ee1-ab8f-2a71e5f4acc0", "value": "T1D03339C8ED97D9F8DC5125712027EB328672F13B1019EA8BE7DDAA23BC52B41D40729D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658540, "uuid": "54b3410f-a5a8-4b70-9a39-93276645c2e0", "value": "1536:gAmkKnnAvjccy7ZeDm4ECd+67ZwC2BjWxr2dJKQDf6:nRKnAvjcV7ZIECdxZwC2tirS3b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695658540, "uuid": "4769ea97-a00e-4b40-99a1-ae75a1d00728", "value": 54800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695658540, "uuid": "11934883-9dc7-4cd8-b350-0ed971da30ac", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658540, "uuid": "0a6d07b8-4945-4407-ac5a-3814371b48d2", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a600fe36-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695653334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653334, "uuid": "3f0426ef-d8b6-4ced-a54a-792ff5471098", "comment": "Malware payload (DarkGate)", "value": "5d1218b97ae88e093951b73f8211dd0c", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653334, "uuid": "9d9c57c5-cc6b-40fd-8e86-e84682e0c72d", "comment": "Malware payload (DarkGate)", "value": "049678cfcf03f4908e7dc5b5a8e12d89fa9eb576c7b508ee1f553c1e08fee7d8", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653334, "uuid": "1da3ff51-0b85-4294-b8aa-688ca2bce009", "comment": "Malware payload (DarkGate)", "value": "d9c2b229d47cfa5c3b4744b6cd79982f6db9c364", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653334, "uuid": "6c1253f3-e819-486a-8d1d-68b6e995a250", "comment": "Malware payload (DarkGate)", "value": "ce6c1a4c6058ef55c0b6ec1d7c769d35b325301679e7959857433e1474000796ad3530b1eeef0cf256fb2182f8a1f936", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653334, "uuid": "baa49741-e5b4-42bf-9913-49d8c63b2c7e", "value": "T10285129137D8C635CA8A073645BAC7753666BCB01F30D0CFA3A57E689B326D3A935312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653334, "uuid": "16fd1dfa-4607-4cca-a9c0-70962063fd5c", "value": "49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653334, "uuid": "71d8b61e-66ef-4bba-a4a4-fc8c496c85f2", "value": 1852124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653334, "uuid": "05be35b7-cc17-4c2e-b394-9c20d8975f6f", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653334, "uuid": "a795f65c-f92a-485b-95c2-01f14e307412", "value": "1.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd97c737-5b65-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620356, "uuid": "508e2083-b4dc-4ff9-9deb-84a6cb856b75", "comment": "Malware payload (AgentTesla)", "value": "0985ff4890c6cd95c1e445ebb1671073", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620356, "uuid": "63897f2c-7826-4c42-a7b5-e8b5bfe46e91", "comment": "Malware payload (AgentTesla)", "value": "04adb0f369df981e4464a5ae275f7a1311750904e1ad65948d26d78933a61f23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620356, "uuid": "bcae5063-a079-4bc6-a1d9-bc943ebef2fd", "comment": "Malware payload (AgentTesla)", "value": "e9cf919ba2789bbab7955429feef59b051600cec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620356, "uuid": "6fbdfc9e-46ef-4b62-8bb4-dc408050c11b", "comment": "Malware payload (AgentTesla)", "value": "5052574032fc05181515def41e77267ba83ae4b6de116cd754c8291deb32c198cd87b5fac3efd2e25001cc926f766236", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620356, "uuid": "e57b6fc9-7986-41be-ac10-043e189d7032", "value": "T1D2D4239F30E2F6F6353FA316646F74272A3897F2B4901AD4550509D5A23F6CBC38863A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620356, "uuid": "28c1a05b-f544-447e-8cbd-7ee08cbfd067", "value": "12288:Q+7SM0x4kXzRG5P3ucy0xuQfNCM5QFtmTgGz13msX/gq+JkTexi9l:QsSM84kDk5Py0xuQfNCM5qtmE81msXIs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620356, "uuid": "d2d50384-abbc-4965-87b7-c47444d36dae", "value": 614771, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620356, "uuid": "d120083c-3c19-4467-b439-969c3b0a02bb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620356, "uuid": "03cfd72b-5fef-4523-9097-072369d2cb55", "value": "EURO SWIFT.pdf_____________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f43a1b0-5b4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695609272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609272, "uuid": "b4382bdd-22d4-42d8-99cc-a848a88eb560", "comment": "Malware payload (RedLineStealer)", "value": "3f2286a920df19d4da014beba805d541", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609272, "uuid": "57c2f82b-0169-4da4-afa8-f24ca230ac0c", "comment": "Malware payload (RedLineStealer)", "value": "04e7496a49d95613f528d9c7858c4176de858ace783414b6d03a9595835373ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609272, "uuid": "bf9570b9-54f4-4465-a2c5-9fbf0bf0d5df", "comment": "Malware payload (RedLineStealer)", "value": "e54f10784eca0cdfcd1072df94f08b5156e0bedd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609272, "uuid": "f6665127-c0fa-4ad8-a9a1-086eb180788c", "comment": "Malware payload (RedLineStealer)", "value": "ca50f677d7d786dc21d5b5b7ec35616ceef1c7dea0555db91494a9897b7fc37e3881e8be94a6a3c5bce84e811ffced92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609272, "uuid": "2d4a6894-f49b-467d-9473-e92691d6d7d3", "value": "T19D44AE01B4D18472F472153209E4DBB69A7EB9300B555AEF77940E3E8F206C1A73E7AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609272, "uuid": "9f36dc0c-3572-4936-a09a-66cb651d961e", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609272, "uuid": "50478f62-d5bb-4628-a9d6-82f123fc5132", "value": "6144:WRbcMQ+j+5j68KsT6h/OCy5UKuAO5gLXd+B5Fw6:WRg7+j+5+RsqGhu0LXdYHw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695609272, "uuid": "48551af5-76b8-444f-9afe-ab411768c0a5", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695609272, "uuid": "162ba827-c1cc-4484-9aad-231a7708249e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609272, "uuid": "004d0eac-bee5-4f71-a55d-eaf96e4f8fea", "value": "SecuriteInfo.com.Win32.Evo-gen.32720.30046", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3afa7522-5b76-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695627384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627384, "uuid": "fd2166eb-0c5c-4d49-990d-f6ca637fd896", "comment": "Malware payload (IRATA)", "value": "420b20a7ad0d39394894200b0e5dce12", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627384, "uuid": "17fcd5e4-99ec-4872-b48b-ee1349827b3c", "comment": "Malware payload (IRATA)", "value": "059f40ff1b6e32a0d570af86ca466c7a05fd333274a6e04e81e2de0f5e655cbb", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627384, "uuid": "1cb51655-6fda-4eef-8f68-256f691addb6", "comment": "Malware payload (IRATA)", "value": "e56e2340064dca8187575c9818dc82260a6adf97", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627384, "uuid": "97a36762-fb9c-464d-a5af-1355162dc5c0", "comment": "Malware payload (IRATA)", "value": "a1608ae68a9ffd6fbb5aa7e2ec4abc2df86043a98d39c56428596b347fc21f6421809d33ed614ec65fd8bffcb19a40b4", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627384, "uuid": "9fcd1292-e465-4e31-9ce0-ca579620f093", "value": "T14D16BE87F799983FC8B765B1895E137262275C0587539BC369007B2C39B76E88F29BC0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627384, "uuid": "85f297e7-bea6-4039-b91c-f00603430a76", "value": "98304:8p2h/fYBtcOFLjRa5y0MOzTvHi+sgLCrOgHeO:j98VF4I0MOzjCP7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627384, "uuid": "e477d34c-f014-49a8-a53b-d8716c3fda33", "value": 4297832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627384, "uuid": "526a98b1-19d1-4fbc-b424-07f72cee7250", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627384, "uuid": "a3891836-6beb-4d52-934b-95c4ea8ecf7c", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e79fe123-5b8f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1695638411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638411, "uuid": "3e0037c8-7be0-434d-b025-d13a0faf09f6", "comment": "Malware payload (AveMariaRAT)", "value": "b292d5c8e351b695193879d797df757c", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638411, "uuid": "b0715a3e-348f-4ff9-8d55-c6998c38f8b7", "comment": "Malware payload (AveMariaRAT)", "value": "07ba6076edec4dc2c031f7c6d001b71d86ab1b1b12c5ae729f39777ed8a7b79d", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638411, "uuid": "b33914cc-2c84-40c3-9fc4-95bf1bcfde7e", "comment": "Malware payload (AveMariaRAT)", "value": "278eadf3a9d7fe479c82870aceb7bcd6afd1bfa2", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638411, "uuid": "4631300e-7a60-4c9b-a732-df6a035724ef", "comment": "Malware payload (AveMariaRAT)", "value": "82365429c311a53d2d7636eb56b15bd6b18adb6202ff69d8bfd855524737fa29a37b5bdc8f71dd174906bcbbb5e41209", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638411, "uuid": "92abccc0-dd70-4797-b975-cc80ccebb8c2", "value": "T1DFB4D06069A72474FCA05B34501CB8F07B15AD6E5C64A41F3D0D77ABBA72A6C08B3F6C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638411, "uuid": "ba855ae1-9264-4354-a91a-4efec885facd", "value": "61ffda917f95a45b18ceade50369ec18", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638411, "uuid": "fa03e89d-941d-4833-af02-d16a4f7f4c9a", "value": "3072:1R3WDKbH72KYT+2a6BBNHxoCOcmrdsKJhPTTkcsYQJjrOuWgQq4RpKvhHYgpqyPr:jmDKr7/6BBNP3mGKJi7Xja/qrpqa46", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695638411, "uuid": "4f59ab72-cfd3-4721-af22-3d1d2f56e8b9", "value": 521216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695638411, "uuid": "15e66b6c-d190-43b7-900f-c556bc47335a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638411, "uuid": "dcba54e0-ee7b-4cd8-afca-ff97df992ea1", "value": "b292d5c8e351b695193879d797df757c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca208de0-5bc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695661125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661125, "uuid": "2c23b04a-c4eb-4b8d-906f-a0b4f71afdc7", "comment": "Malware payload", "value": "d402f30e4f9bc2f6d470384591bf9b34", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661125, "uuid": "eff04acd-b674-4596-8fb6-f0004fb69b80", "comment": "Malware payload", "value": "08c31ed8f0574544769c024a57bc57daa9e444f57845ebd41b2a5213901d4667", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661125, "uuid": "973d43ac-0acb-4db9-83e8-21b8a85796a3", "comment": "Malware payload", "value": "37f73ff4f0bb88ddd5605cf696e8947d63a79c97", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661125, "uuid": "d836b6dd-e8ba-4278-9809-ba2c1f89af53", "comment": "Malware payload", "value": "cb2ed05a0fd50386b48fec00895f57b1cc21cefc64afccfc4b0dd49c3424e24c321a28be5f7c3cc2a8c588c6a99907d8", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661125, "uuid": "daa67094-0d4c-4758-8777-586e6c90b2cb", "value": "T13685129137D8C635CA8A073645BAC7753666BCB01F30D0CFA3A57E689B326D3A935312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661125, "uuid": "a8a97d92-e865-4875-99ec-ab7a1c7d87aa", "value": "49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661125, "uuid": "700e1e0e-2b8e-49cc-a1a0-506247719e11", "value": 1845388, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661125, "uuid": "846af91b-152f-401a-825a-671d7d00e5cf", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661125, "uuid": "b2521484-ca08-497b-aed5-08e711d58a1d", "value": "1.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "916cdfed-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695653299, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653299, "uuid": "e57313ef-6856-4009-95d9-5a54c625ac6e", "comment": "Malware payload (DarkGate)", "value": "27f381bfd3aed106d215e8d5f0e14ae4", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653299, "uuid": "137ddcc8-e92d-4426-a0a3-af03052e88ac", "comment": "Malware payload (DarkGate)", "value": "0aa13c3c38ad272391b879e4c0adac1e3bc9b54dee325d141daff44c665d4244", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653299, "uuid": "ed8c816b-072c-4e9d-8ded-67055fc05b24", "comment": "Malware payload (DarkGate)", "value": "87e645bb854728545dffa9b963d8b716e9d6f776", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653299, "uuid": "60a1ec7e-c958-4d04-9a86-a190f329cf32", "comment": "Malware payload (DarkGate)", "value": "f37629a77aef24fad99951402dcdf86aad15b602c090f6c94f84239e9884f50dbb1d3c3cedfd9edb9211c909adca86e1", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653299, "uuid": "76288418-c310-43a5-bcf7-5d3301184854", "value": "T16042D60E729348BEC916C176C2FB8371B5FAB4120623972D0AA0D7376EB2975772DD05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653299, "uuid": "30d0d3b4-d26f-4e67-b6e3-8bb0d855988a", "value": "fd410436ce0407a0a8f79bfce8af0bc3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653299, "uuid": "c97c33d8-4700-48f6-a6fd-26d9533cfeb4", "value": "192:uU5z9iLjq2pJk+/qcJklyJOEdFLsWGQwrgAh:3z9AbJH/IwJOs+/QwrgC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653299, "uuid": "edc417e8-61c8-4587-9206-e71d771913f0", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653299, "uuid": "6d2bd8bb-b6dd-40b6-8763-8d7da99f1c71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653299, "uuid": "c29da054-8a3e-4224-a15c-1238ad1bcaa2", "value": "Wun.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4cd8877-5bea-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695677491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677491, "uuid": "9811e937-818e-4dff-b2a0-0ce19d755cfa", "comment": "Malware payload", "value": "e8b2f80220b898cd34eb60600163a209", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677491, "uuid": "ce1092fd-15d5-4edb-9db6-a5635ffa0afb", "comment": "Malware payload", "value": "0b962ad02e8eef3c717ce6fcfda9587f92ebe9e7ed6ee93be6bc1103daa4e8bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677491, "uuid": "56f8f9f9-4ac9-46f4-84bc-42b98295f6eb", "comment": "Malware payload", "value": "b9ea189e2420a29978e4dc73d8d2fd801f6a0db2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677491, "uuid": "939df611-b2a7-43f0-8e67-533c54d47194", "comment": "Malware payload", "value": "190d1d3b79a3f588dd595fdd0c7df310a9c06d1c30c1625b77528f9b21917bcc31c3631292c765c84512b3e0c1137ac7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677491, "uuid": "1ba87fc8-d31e-4d33-aaa7-1df02c7593bc", "value": "T1392512B730DA44BFD61291788C5744429BE3F81183D45BAB83B8A50E4E4B79C2CBE5E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677491, "uuid": "c569f1cc-7d95-45f7-9bb3-2042197f4cd4", "value": "f74fb72beb0ce78f09fd36d2da805815", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677491, "uuid": "ce4e5a65-e714-4e1c-86cf-b2f3492873ce", "value": "24576:ZeU1w7xey62le2pgD5UAirLfone9QIJlYjb4D:AU1ax6Fn6AwLfbQgq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677491, "uuid": "6ac4f114-c6ad-4ec1-bedb-75b512f6f3d1", "value": 1017856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677491, "uuid": "a257817f-edd1-49da-94c3-2375d0308f1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677491, "uuid": "5f143f0a-fe28-4858-a034-c206ea234c11", "value": "b9ea189e2420a29978e4dc73d8d2fd801f6a0db2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5af13f46-5be5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695675112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675112, "uuid": "dd3d8a67-8e63-470c-87f8-c4e678f009f3", "comment": "Malware payload", "value": "9e68197c78db202118d8f8abb832110d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675112, "uuid": "4e4a323d-eab2-4168-9cce-534a99a1863b", "comment": "Malware payload", "value": "0baa2d4181de6ef73fefab4d83926e92e20bea4ea2401f79b9bb0014a63d559f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675112, "uuid": "484e2459-843e-4ca3-bc35-2434d2eecdc7", "comment": "Malware payload", "value": "63968ed3950c1ba45ef56a0526b74c2668a4850f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675112, "uuid": "5eebf0ba-f7d3-43bf-89b3-d6bd11c545af", "comment": "Malware payload", "value": "8bcd3383d6bc963d555fd91d252906684ce2fc5891dd53c80a2d70b52ad90f2cf3b9fc563439e9087b9aff44dcda7646", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675112, "uuid": "afcf51bb-6e17-4197-8592-0116f7c43e0f", "value": "T1DE2518D0B7B4D152C504F3B242D7872E23288159ADA3F70B69FA68FC5CEB1DE4909D92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675112, "uuid": "9ecac3cf-8b8e-4e59-b8e2-18adb5f8c0e5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675112, "uuid": "c39c389c-f391-415e-821d-cd0c0806e219", "value": "24576:TzmaN8/Lal4E8sC8B1yPR2qb0ekgLzT4QfjHpBo3MU0WxjuQ3DJZPSJmprB:TXcbLzT4QfjHpBo3MU0iJSJArB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695675112, "uuid": "496781fb-3514-4567-8ece-3121e81d54c6", "value": 1031168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695675112, "uuid": "26b37470-4977-42fc-9bd5-fc4b933aa941", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675112, "uuid": "f22802c8-6ab4-45c3-a8ff-fe91eeb51f13", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e06d024-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644704, "uuid": "597fbc6e-60d1-42da-a9d8-1fc17b62fbf8", "comment": "Malware payload (DarkGate)", "value": "929cd9747f7428c7c19685f37de11e53", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644704, "uuid": "ede6f217-5439-4076-9ce6-17281762b437", "comment": "Malware payload (DarkGate)", "value": "0cd158900fe34f41e89d06f73259fc8ab24e2eaefb63c915236bf590788d89da", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644704, "uuid": "125be32e-b1ae-40e6-b189-ca4a4cc6d5aa", "comment": "Malware payload (DarkGate)", "value": "0a1aa867dfa11e41d48b8e5c3208e9a81311fab9", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644704, "uuid": "243ae6f1-3598-4c78-a682-233704d3373b", "comment": "Malware payload (DarkGate)", "value": "7f2e0fe6acce90ce5e88fdeecd0c9095dd1176e79c8392e0983ac7e6f08db1a2339285d9f00ee4f3bbdb4425bd8dd7f1", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644704, "uuid": "dedcd960-03ad-4802-b6b0-5e1fa8d352b7", "value": "T165424413A1AC0391C1E25338B5C5915EADE94234EB35C972AE29D05D0FA601991E52F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644704, "uuid": "3a72606b-6ced-4f3a-b62f-2abeeee33cc4", "value": "24:cUi/AEwu12cEW8VYzDHCWkqalW9LTK9dPE40Fjd0krr1UQPxwnx:cJnw3W8VYzDHVxaM9iPP0wk31u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644704, "uuid": "c7261d7c-0d47-400a-a604-a721c795d220", "value": 12683, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644704, "uuid": "ddce5401-fdef-4cef-af8d-20788e0b2107", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644704, "uuid": "750af5ae-dc7c-4a54-b48d-06dec21e8394", "value": "L8T.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fe94a75-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695627071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627071, "uuid": "d39b8c5d-40fe-4b99-86c5-cd12f923bf21", "comment": "Malware payload (RedLineStealer)", "value": "4b226c5a1e90a0d542a14df7a1627d1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627071, "uuid": "fb205127-6d32-4674-ac28-a23ea3f84844", "comment": "Malware payload (RedLineStealer)", "value": "0d8c4cfe4ce016aee96975447b66763f4297a212ca3a6627c79f28cbcd5752e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627071, "uuid": "0647c2d5-b9ae-4d30-b453-cc073ea34840", "comment": "Malware payload (RedLineStealer)", "value": "cbaa4021897d2ad8eac2f588ae822487fa4aa6c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627071, "uuid": "edefb293-042b-47ce-bfef-eb4c0356471e", "comment": "Malware payload (RedLineStealer)", "value": "c01ca1921fb1315b269ab70cf28be7e2db63eaaf0c295c716ce3b2dbd9baa9be9cb4d92a69dc89c8eb9c8752db632da7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627071, "uuid": "9a805586-c7d6-4b6a-87b8-77f5967daf87", "value": "T16F949D10FC92CC7AD46256B23DD07BE01D7FB1A0C2342ABFDBD5DD4EA9982925132399", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627071, "uuid": "c641f78d-9935-48dd-b7be-f8442d28f3b8", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627071, "uuid": "e630c0e2-b2a8-48d2-85f6-7104d0412b65", "value": "12288:q9cpIcPy+a6uudIZggrG+lf+idTlCMxX4IASDYNRcwq:q9cpP7m2gaO9XteXq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627071, "uuid": "7786acfe-6358-4333-b438-09557e128d8b", "value": 422856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627071, "uuid": "c42f0e21-cfdc-4fd2-ab21-8bf5c9e3dade", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627071, "uuid": "68ac0844-4591-4ef1-9d24-af2c12ec6094", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a8864e3-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695620431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620431, "uuid": "220af4f0-1e59-4edc-9f0a-87bf2e8ba838", "comment": "Malware payload", "value": "6ac58eb8d7a13619f25da86ceb9bd3f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620431, "uuid": "2ac1c006-eb5e-4977-8a37-1feeafaf2658", "comment": "Malware payload", "value": "11e793894718ace16fe64581c06a158677a96c5c9eee21f06baf3b6b69ff4911", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620431, "uuid": "15b4e985-592e-41a8-90b9-b8d0c00d491e", "comment": "Malware payload", "value": "436af556ba58f102b405af162db79f89028161ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620431, "uuid": "427c57a4-6b20-405f-b7f8-eb65902e499e", "comment": "Malware payload", "value": "a0c924e355bdfe551a8f8eca6b5f15462dfe656c6a4d575575b9ff44003976399dc777d1f8297748e5fa60b076aad28b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620431, "uuid": "616b9273-0905-47c1-84dc-bb43225429a7", "value": "T1AC632900E9828876D1090EBC5D0BD435E43977252FBCB1C7B79F4F9C89B939B5A1827A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620431, "uuid": "4bb9707f-b3f6-43d0-9b14-a2b211103b8a", "value": "768:qKSmX3MVD4GXZEyuhhq5Db3QqDOZvDm2o92y7PwW/PpGfhECljVYnyz76:jBAp5XQ1ZyVdpGfhECljVo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620431, "uuid": "f68e9f29-be37-4276-a7c0-632b4f3ff044", "value": 69962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620431, "uuid": "2709fc9c-f9ac-4a99-95a9-0f84512889f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620431, "uuid": "40c1fa60-1588-4a81-aaca-887088294fcc", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.25323.27299", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03164656-5bc0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695659073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659073, "uuid": "a8e27f26-1d51-411a-b3c1-7dccd4b84cf7", "comment": "Malware payload", "value": "7174f13e93b24e5479461154fe63800a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659073, "uuid": "ed57d16b-1bc0-4906-8b89-2edb1dde3b43", "comment": "Malware payload", "value": "122aede8eb8156db610c8611c358b7a2a996b4f127dd074bbc0da10efd3fd6a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659073, "uuid": "adf257ec-3729-4f54-a142-59ddda310a5c", "comment": "Malware payload", "value": "9bc421430ca6f9d9fd3bd6ad3fc2d1e6a2a0a087", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659073, "uuid": "4045db10-fc5c-48fc-a76b-7de28a495d45", "comment": "Malware payload", "value": "4318d8191e58b902fad9f2d023d28769157e28c9f557f3f39fbf1fc6ed171ee28aa7e0426855ce65513106ad7674379c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659073, "uuid": "cfc1a67b-4d89-4a0a-8161-b4f49ea14a7b", "value": "T16D442290A990CCE7C0E32171AD3B9A595BE67B3700DE274E43117B5734939C3AE1EB92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659073, "uuid": "12700e8e-188f-45eb-a7d9-d9f000558851", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659073, "uuid": "fa8da87a-871e-43b9-9443-48bf2a41eddc", "value": "6144:LnPdudwDJvkQba7HEzXD4tZL+OWNzcGG9Lg+uAH:LnPdVvDzaZvRdW+uAH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659073, "uuid": "11fb1a44-c1b9-4cf1-ab3b-a32f3ca703d1", "value": 276923, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659073, "uuid": "02f88da1-49c8-48ca-a376-cfedb52f462d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659073, "uuid": "e9a2f441-40cc-4aad-9352-30bfba40e6ce", "value": "rFACTURA013013184.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b2b1ce1-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644296, "uuid": "14e5fc52-d483-4cf8-8c54-a5431b81f167", "comment": "Malware payload (DarkGate)", "value": "cd602fd6680a711446758b1526131fe9", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644296, "uuid": "1aeecbdf-8cd5-450b-97ac-be9b9e98df40", "comment": "Malware payload (DarkGate)", "value": "129113303c708f4671f9c542824178e1d18d1910f4abf71f45dc76a24072925e", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644296, "uuid": "d46630e1-4323-4ee0-b8ab-c1d1475416d8", "comment": "Malware payload (DarkGate)", "value": "b8050194944d66c54996f47c22ae710afaf9f468", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644296, "uuid": "2797a8de-70c6-49d1-ac73-4b99ffff167f", "comment": "Malware payload (DarkGate)", "value": "f857476f58e786fe08f188cc6c1d776314674f14cf0a13955a47864cacf2801698cfb7a897380c505e75d2ddab7141eb", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644296, "uuid": "5e5d2584-21c2-4d5c-9cc4-1a8fae5f5b69", "value": "T1C91163C5438DD93ED84686F2A388164A9332C1043668B15F2B53F707ACC2A274A39B0B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644296, "uuid": "f47f790a-51e3-478c-b9fc-af307424a5e3", "value": "24:9DAOKRpoUIMke67RtxhTJB8+P8bzhAQudVqhFcngsl:9DAOSRIBBhTjz6hckF0gE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644296, "uuid": "c4048cad-6193-4e45-a59b-5b4856acbcb0", "value": 894, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644296, "uuid": "e25f8f25-7378-402a-b356-f6a536c66e50", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644296, "uuid": "5e9fd9d7-79c2-4213-affd-6c48d54326b3", "value": "Yu.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c93a3bfb-5b9b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1695643514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695643514, "uuid": "7cd3fecf-0ec2-484b-aa20-daef65e9a4ad", "comment": "Malware payload (NanoCore)", "value": "2916c6e4cefea97681e5f7d39afe1baa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695643514, "uuid": "ae1b05f3-4db6-4e35-9afc-a9e34d1a22fa", "comment": "Malware payload (NanoCore)", "value": "12a39d099a6744863a5349b84e91fc582e4956a5060d61597de43cdcbba8df7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695643514, "uuid": "2fcf6ae4-e7f3-4c1c-8d89-b852fcd5a0b8", "comment": "Malware payload (NanoCore)", "value": "8d5204e5661d704522b6f18864bd6c1b8299eba7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695643514, "uuid": "b1100a73-e626-4878-9454-08c1dd23d3c3", "comment": "Malware payload (NanoCore)", "value": "5c746b5c6f1a8aed59d3b33bf49f95742aca0fd0afc5c3e673beed2c9cbc8301e050ac2dfe4a503fa9a04e6d7fe66838", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695643514, "uuid": "25575a27-bb4b-4c37-800c-27c9abc04f96", "value": "T16DC422A87AA94B33D599137E5E9D1276C3B0A360E401E73CCD9F20EB0E357A45671B12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695643514, "uuid": "5bc25204-40ad-4ffd-8950-231bd5be155a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695643514, "uuid": "9f8d9367-cded-4130-8ac3-27833c8258e3", "value": "12288:c725kpw/OOjPmp68Nd92Gklr0fSuqjarukE96fGJK/koUY:PSpwRmp5NdHklZdd6u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695643514, "uuid": "f1110a32-0c78-4b13-a252-e89aebdc11fb", "value": 585728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695643514, "uuid": "cf070b88-aa85-451f-9d33-e881876ec445", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695643514, "uuid": "2ddba944-a259-44f8-979a-b155bbd86f7a", "value": "P-023748591.xls.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba95f1b1-5b65-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620297, "uuid": "bae0289d-0ff6-4d22-b812-e6b9b4a4b9e1", "comment": "Malware payload (AgentTesla)", "value": "77cf68625154aa665882b12f39fdd1d8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620297, "uuid": "967fe1ad-22a1-49cc-b115-efe3851da728", "comment": "Malware payload (AgentTesla)", "value": "13b93e8c98451404ea35623ebc7027217cfc5e6570d05a5a8b65a35283a7be9d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620297, "uuid": "ffdc7b2d-3230-4de5-8efe-22a69cf5315d", "comment": "Malware payload (AgentTesla)", "value": "624ad85478f8350d52ebf351fcfe9d4193b5a404", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620297, "uuid": "473852e8-bd23-4952-aef7-a8bb215bd3b9", "comment": "Malware payload (AgentTesla)", "value": "ffe37eb73ba375a00c8daad9b9c2fc441cf5dea8bbc94b5f9b8b98a3f8216cdc841ec5c98531d8d228665d3809095bcd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620297, "uuid": "22f77130-cf51-40ee-8734-abee29c47b8c", "value": "T19FD4239F30E2F6F6393B6316646FB4272A3897F2B4901AD4550509D5923F6CBC38863A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620297, "uuid": "05db2034-3d5b-451e-8b2f-becaffa3639b", "value": "12288:q+7SM0x4kXzRG5P3ucy0xuQfNCM5QFtmTgGz13msX/gq+JkTexi9L:qsSM84kDk5Py0xuQfNCM5qtmE81msXIw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620297, "uuid": "4842f391-6c4e-4ede-bc97-67f178852f7a", "value": 614817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620297, "uuid": "6ce1fcca-7aec-4b77-8df8-8d37233acb94", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620297, "uuid": "800a4ef9-0169-4fae-af82-06803af763c9", "value": "Statement Of Account Due.pdf______________________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07064c37-5bea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1695677119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677119, "uuid": "8c3dba2c-2d28-4cb8-bf77-b8bbc13e1caf", "comment": "Malware payload (RecordBreaker)", "value": "24bdb92d93d301d2e58b84f4e5161909", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677119, "uuid": "a53ef8a8-7e6c-4d8e-a320-444fc422412f", "comment": "Malware payload (RecordBreaker)", "value": "1406293eef687c73d84fff0be7d1a47bc973b79fb4b208dc4a31f311684e2bf8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677119, "uuid": "63476a3c-7a30-4241-b819-c8a7f513c872", "comment": "Malware payload (RecordBreaker)", "value": "c0c2336f4ed7622f4fa1a4ee0b220bbbb37c73f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677119, "uuid": "297fd50f-31b3-46e6-964c-c24fb8163717", "comment": "Malware payload (RecordBreaker)", "value": "22438fbb3a69bfeae3cf65a9557ab4184b0361f7776b088f8b5b07c0a9cfa05188d799950f3b3ffa699786d9480609bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677119, "uuid": "d3d0d964-7ac1-48e8-b065-974747d5fa06", "value": "T18DA3C5D342789302EB84287312D3ED736A59DC3E1D65BED3AE52CA5381FE45009DA6E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677119, "uuid": "cab88be3-20a7-4ec9-bcaa-7aab68984fd8", "value": "0fcb7632c48018563e5af2f63681ece5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677119, "uuid": "1a478d6b-2fff-4aae-9f12-2f9a76570a47", "value": "3072:WANfQKMuflyKX9FBFya6mob2lNL6RJ//5O69:J0O9FBn6pb+4RJ/99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677119, "uuid": "09c1887f-eaff-406a-a015-4d0b35d6042e", "value": 104960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677119, "uuid": "f51ac5c2-6058-437f-b4c1-1920014ba511", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677119, "uuid": "ea755313-ba16-4951-8357-790aa6ca39f7", "value": "24bdb92d93d301d2e58b84f4e5161909.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9807537b-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695653310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653310, "uuid": "20dc0964-9039-4ad9-9450-79d6c3bce5e6", "comment": "Malware payload (DarkGate)", "value": "f95e7acb637e9e2c082d2e8473bdbe36", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653310, "uuid": "4520909a-89c1-44bf-a170-4cdc22209bb2", "comment": "Malware payload (DarkGate)", "value": "141d2a8f40a7d9f0788e2426cac1f4cdbe8f236698077c8a82d92f4e3b94a0fe", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653310, "uuid": "2fc6b468-68e9-403d-88a4-6bd5f5dc306f", "comment": "Malware payload (DarkGate)", "value": "aba71c0590cdbf74340b88812d33022bd28ebbfa", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653310, "uuid": "cec85e6c-26c6-4500-be33-12227832d731", "comment": "Malware payload (DarkGate)", "value": "ff37884074ee6c21c6bfd25f45bf73bd60c8959546e3fa10f269ac34b66ad51a874b38e0e277512ecd3842df13fc6869", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653310, "uuid": "5f3cb845-c5e7-4662-9dd1-99fa229153f9", "value": "T15D42D50E72934CBEC916C176C2FB8771B5FAB4120223972D0AA0D7376EB29A5772DD05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653310, "uuid": "c3f6aa3a-e0c5-43af-bfad-938b58ae85ca", "value": "fd410436ce0407a0a8f79bfce8af0bc3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653310, "uuid": "7bd7702f-8812-47e9-a871-c55657da4d84", "value": "192:uU5z9iLjq2pJk+/qcJklyJOEdRmLsWGQwrgAh:3z9AbJH/IwJOsRh/QwrgC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653310, "uuid": "09a4212e-b6a6-4877-b3ef-d01155f07022", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653310, "uuid": "a646aa6e-8009-46b8-9ac9-96946bb5bc6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653310, "uuid": "186ce212-9667-4393-8994-23652322ff57", "value": "X.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d857492-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695653293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653293, "uuid": "ef1ea643-3638-4265-9c05-0659622a9c48", "comment": "Malware payload", "value": "05a9b068ac23b7716413732a5a0e51cc", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653293, "uuid": "224543fe-9451-4cc0-ad4a-aecdbbbd9582", "comment": "Malware payload", "value": "14bd97568b3667d3d1c52cd29a16f794af71662694bb8902890815eb0e3d36dd", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653293, "uuid": "290ad476-08b6-4a19-b1b2-5fb554018066", "comment": "Malware payload", "value": "f253c09570443401889db822da66fbcc9132ac12", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653293, "uuid": "5e1dcf81-bdfa-400d-aecb-b7e18a85f2c0", "comment": "Malware payload", "value": "85336fbef84bb04de16240e09f337a2ce9945f09e8db24113fede3aff77e4cf8aa58591827bb1e2fafbbfbc2663e589f", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653293, "uuid": "5337de96-8b23-47ea-8618-002cf5b34131", "value": "T1821196884CDE702AD0E61733042159AF89D1E3D270621ADC2E2DD2492F8B357CF94ACF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653293, "uuid": "3e9754b9-28e5-4ffc-b33f-6c54e0495c60", "value": "24:91mU9oYs3WIZ9NXv0abUtYr4zoSJx5BNt7RNFk0OoOMpBGftn:91mDxHPFv0ZYEzPvBNt7RGoOuGftn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653293, "uuid": "e24fba00-6403-4266-9ec4-5cbd92796345", "value": 897, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653293, "uuid": "19c53517-747a-4e70-8169-f7998c4facdb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653293, "uuid": "b9a0a134-8d23-481e-93d9-a4a6e0b224e0", "value": "ZP.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "596b59d3-5b8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695637743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637743, "uuid": "373eb107-b42f-4400-bcb0-3a4470db43f9", "comment": "Malware payload (AgentTesla)", "value": "b5eda468bb93c37515813b0da60c224b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637743, "uuid": "c453d1d3-5bad-43a6-9701-d34f5110262d", "comment": "Malware payload (AgentTesla)", "value": "15a4c64ec2cdc0f9b77763c7ad7b0181e5852ed5e74d1090e6112a9f05d34e8a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637743, "uuid": "3f3a0475-60cc-4da7-8912-6394e74d03fa", "comment": "Malware payload (AgentTesla)", "value": "b04276fc7f881147a4c18deb25f8538144819517", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637743, "uuid": "259629f5-d787-4944-ab98-f4db45b5a004", "comment": "Malware payload (AgentTesla)", "value": "f59668653c32aee4234f2d84a1d9e118c08f0537bd2dc2c81f9315b69d0ca927591de99537989e6668733f849ff8f4af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637743, "uuid": "86b5a575-e6c2-443f-a4c8-6c7f001e7f16", "value": "T185C4225CBAE28B7DD58813B676ED92268370F610D902E758C5DFA1DF0A72B0015A2F37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637743, "uuid": "ad295052-1aca-4a0c-93c0-19245ba7d709", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637743, "uuid": "b02ef2c9-cb4b-4133-85bf-23e4ea17d7eb", "value": "12288:o7253FqFdIQydVzUblkLpn+CC4STNn/fPS:jCMVzUblkLpng/fP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637743, "uuid": "08c6c29f-d721-4303-b4f2-50547e96f7de", "value": 545280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637743, "uuid": "6bc1a179-2d2f-44d7-90b2-886a76c493d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637743, "uuid": "8b4e4d94-efc6-4cc8-893f-6b7d731723de", "value": "SecuriteInfo.com.Win32.PWSX-gen.16450.7009", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a71187ba-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644316, "uuid": "3e495d54-ebb6-4255-a265-92aa35d41d36", "comment": "Malware payload (DarkGate)", "value": "2f1db2a6d03869c93c75865ff1bb1cf2", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644316, "uuid": "f02f2d61-64ac-41ec-a200-d43a79ce6ddd", "comment": "Malware payload (DarkGate)", "value": "15eb5ae9ca4a46dd94618a1e0680d540c46d14624abc787002981a1ac27a0465", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644316, "uuid": "666ab5ed-088f-4cf7-b8cc-0f43a976957d", "comment": "Malware payload (DarkGate)", "value": "786cf4182149ce06540430619922584410e9b16b", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644316, "uuid": "799ee691-779e-4f58-a9b4-4d0065007b38", "comment": "Malware payload (DarkGate)", "value": "eb2117d2fc224805e58cee86d08183fc4801ef87dd0fda65b57c613f3ec792a3fbae2a32b32087a71522f52749aa5702", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644316, "uuid": "fd6fc3ba-9c22-4a0d-97e3-61850879416e", "value": "T13911440134B25D40C5123530D492C686EB81FAA91620724A15ABCD85CA17EDA4E158CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644316, "uuid": "dcae2e79-77d6-423a-aa05-370bc9173cbb", "value": "12:5j9IO6VBplSOUp0ue7KSMRhKiykzJlRk33Vseei+YeutLXNApzpHDwL4CeDH/WLe:9JWBj93ue7KSsKJklGYi+49dW6Mo/lIN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644316, "uuid": "397cceb9-52ca-4960-86cc-a5f1d5429ce9", "value": 905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644316, "uuid": "d74a7c0d-da74-405c-9cbd-a9bb30122b1b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644316, "uuid": "dc7f81f8-7ae5-4364-aee8-e638c1de917e", "value": "Fw.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc72bbd4-5ba3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695646983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646983, "uuid": "705eedaa-65e0-448f-b711-d07b06e6d250", "comment": "Malware payload (AgentTesla)", "value": "67f40b3ee5517e545ce0cbcdcb1495fb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646983, "uuid": "8cd2b847-c2a9-4ed2-81f3-3ad26ddd3623", "comment": "Malware payload (AgentTesla)", "value": "1a98f91be8bd6e6dd0cc1914e1bd866cce2a077b5fe610bd833b46d8bbccf807", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646983, "uuid": "4b609802-4f8e-4f2b-a82f-5d8a20fa37aa", "comment": "Malware payload (AgentTesla)", "value": "073b079d686488c0ba064e7ec0d948d91cc7b2dc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646983, "uuid": "e76c648b-1958-48fd-8bd3-0c5258cac0ff", "comment": "Malware payload (AgentTesla)", "value": "11b48cce9a96d6f81b4bc92c12bdcbd61b73b4a9bf09ceed94fac8319adc62c26aaa75bac3da89d1b15da230b31a701b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646983, "uuid": "cd04c9f0-436b-41b4-bcfc-4efbc4826088", "value": "T17DC423A7DC2636347E19870CAD3A2E73B5B4666FC78F33A0361270D1025B6F649194AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646983, "uuid": "9c535cbb-d076-4688-9391-5c2a5553ae78", "value": "12288:4uC541RGtqz32abX1yDkzeSBXdvA+JfZShT6HMggBf:4uC+1YClUkzXBl7JAggBf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646983, "uuid": "9d0a6f54-9c18-41ce-bf54-c2c8a2685c92", "value": 595443, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646983, "uuid": "41bdee5e-02a6-431f-bcd3-48bc32878df0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646983, "uuid": "78f956c1-6018-47a7-981d-98827f8cc909", "value": "Justificante_Pago_Certificado_Corriente_Pago_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b86be871-5b5c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695616428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616428, "uuid": "40e5d95e-a56e-479a-8b29-3188cbfd0851", "comment": "Malware payload (MysticStealer)", "value": "0cf15a89f9f6e02ab9aaeafc7816a79e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616428, "uuid": "e642dcd0-ae24-44f1-a661-6bd8646028f0", "comment": "Malware payload (MysticStealer)", "value": "1cf94f3a5941709a35527aaf5f1d731e4fcfecd9ad578e59a1439517b3215da1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616428, "uuid": "6975ae55-d54c-40c4-9638-7ad2013d70e1", "comment": "Malware payload (MysticStealer)", "value": "5c1d39b5e8675823ed307134e657111e52db70ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616428, "uuid": "35388dc3-84ce-4fe5-8cd4-e9c80f3da56d", "comment": "Malware payload (MysticStealer)", "value": "5a0195cea9115401a9fefe990c83db3c1070a07b72bbb4c93d5e0f6b04fad0e20be5eaeb2b66fb1b158026875ade6f03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616428, "uuid": "f50fdb4b-6ac3-4d59-9c72-6e174ba2beb7", "value": "T147849F40F5DC803EE372E13504A6D67A5F7AB92397A1ADDB3B11097F4B202C25A31DE6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616428, "uuid": "4f36ded3-258f-4253-a1a1-bad6d0ff416b", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616428, "uuid": "4e125910-a539-4a23-b940-ce66fb0dccdd", "value": "6144:olPYhHX110KwTVSf3pOCq5b6uAOsUQSiGBs60GIyzQICQDL0S7qwm:olP+3110dVaUcuWPjGtzPCpwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616428, "uuid": "0fbf29fb-68c0-4875-89ff-a7a78d8c1b2c", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616428, "uuid": "ccea95f1-b17d-4aa7-9518-4f22553facf5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616428, "uuid": "eff147fd-5d30-4e40-80db-9b362ceb6d7c", "value": "SecuriteInfo.com.Win32.Evo-gen.15699.14489", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc4e03a5-5bbf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695659062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659062, "uuid": "775bfa0d-2b68-42d7-834f-e5a3bb6d7161", "comment": "Malware payload", "value": "cfafbc2402fdd5a26d5b432ecafde621", "object_relation": "md5", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659062, "uuid": "b5ce2fdc-11be-4be0-aa16-6f055ef9a07e", "comment": "Malware payload", "value": "1d2a7fc78ab4a76e2b4d912f62fc8ed6275028994cc7f9416363721a27252ccc", "object_relation": "sha256", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659062, "uuid": "92643daf-37dd-4284-9e18-44328df9a8ea", "comment": "Malware payload", "value": "af5e59663f115a8799174c684eb4887de5485468", "object_relation": "sha1", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659062, "uuid": "b661c7a5-8338-4535-a84b-80f18cc0b600", "comment": "Malware payload", "value": "36bc1ab2168900795ab976b97f2f422d3488d8d31f9649e6498829667de9ef741a0e87c22a1d107bd3dc3508286ed8c2", "object_relation": "sha3-384", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659062, "uuid": "9d85a3fa-4edd-4187-bf4a-a3bc1fe949b8", "value": "T1C64423B3395ED609D96114197063F59F1A52C7CA2D3CFB8AB7CF1E9820BB309A574A0C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659062, "uuid": "0794f9cd-8def-44c0-83ed-b50142baadde", "value": "6144:fwlZkbiISmIo6ntkK7CV83hTB3i0J+JFkUxzdEEFl:fRSjo8x/2FyED", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659062, "uuid": "b75adee8-d3f0-41d3-99d7-4028be2ebf4f", "value": 261054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659062, "uuid": "b6c419b1-928c-40e4-b721-9ddefd5b1dd3", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659062, "uuid": "914e3f5e-aa2a-4434-bc07-3f8c3f2a62cb", "value": "nFACTURA 013013184.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be9250a6-5ba1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695646074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646074, "uuid": "39db18ef-8d97-4030-9a28-4d5a2b2f463c", "comment": "Malware payload", "value": "811e3a12a730de3cb11adb212fb1ca48", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "autoit config", "colour": "#D1FB41", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646074, "uuid": "53dd1bcb-14b3-473f-a2e9-7898c68d55a0", "comment": "Malware payload", "value": "1e02e674196885d692c0dbb6e80cffd83e6d54bf244761d051d6b579ac83db40", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "autoit config", "colour": "#D1FB41", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646074, "uuid": "db402926-1c80-49b8-b64b-dca087eef6d8", "comment": "Malware payload", "value": "0bbd69103a91c5ae8fd42197e499d112e133d75c", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "autoit config", "colour": "#D1FB41", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646074, "uuid": "4400426d-2233-4c20-8c61-01abf68a0dbb", "comment": "Malware payload", "value": "2bba4974286f24a7599440d5f19f2cb96e82eb5934523c3e598b6a26bd85d8c19f0f17003910a138a51836c407e84924", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "au3", "colour": "#BF8C9E", "exportable": true, "hide_tag": false }, { "name": "autoit config", "colour": "#D1FB41", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646074, "uuid": "bac05e49-3415-4a48-ac7c-b6a23d288a08", "value": "T17A157C5FDBE999D26429A019AA5F2F981263F455C8B0039193DAFC7F03DBC5324EBC81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646074, "uuid": "c62a02be-93a5-42af-8089-0dcd216182c1", "value": "24576:fJb89DMQifmAXxvktLPKn7D/hBCNhdNZc:a3KzCNZZc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646074, "uuid": "2d4b27f5-c44b-4516-b502-ac882ff8e0dc", "value": 926504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646074, "uuid": "f5397e65-d64b-49b5-a014-a684b0412d7b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646074, "uuid": "0e3d23b7-8ee8-44c3-a2ba-07141cc9ad66", "value": "rugaiq.au3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d49a956-5ba5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695647655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647655, "uuid": "16380b7c-35fc-4b7b-90e6-ee3eeb2a03eb", "comment": "Malware payload (AgentTesla)", "value": "6281c6036312d97154024e12f8b99ae3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647655, "uuid": "3f707195-8923-403e-96f6-08f2db9cad72", "comment": "Malware payload (AgentTesla)", "value": "1e58093d8f9fbd98920435ef868b14e507c33b137b2f9d415f250334db8c2d65", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647655, "uuid": "0819e884-260c-4f42-9486-f17e6152464b", "comment": "Malware payload (AgentTesla)", "value": "f8a03d09d40ebc5cc4a1e962fc3af809d6a51883", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647655, "uuid": "a60d9c12-a91c-4d83-b497-bd7ef6bc304d", "comment": "Malware payload (AgentTesla)", "value": "9baf4cf16f277b055a8a1397fefa32e701ea85b119c00ed92831dc0971936ec640db5641a308b4e655d54634617efdaf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647655, "uuid": "014f2742-465f-4770-b965-775f65919ce5", "value": "T17005E79D721072EFC857C872CA681C64EBA1747B930B9207A06726EDEE5D997CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647655, "uuid": "c6468e95-f262-4e1c-935d-3be13ad371c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647655, "uuid": "74e67faa-8563-4a8c-963e-944cca49aa71", "value": "12288:rOTN65b3VJN8vESN1FFkF4TFWAN+DY4sPlyDNZuD5j+A1q7JfdEQfQDRw4fi3eye:rOTN65b3VJZv40AN+s4s9DcJVE1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695647655, "uuid": "8179fb61-364f-414f-aaf1-eae5c2bc36db", "value": 842240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695647655, "uuid": "3c1d3759-1c28-46d9-9525-a937027cf42a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647655, "uuid": "a3b1bab1-3186-4998-ba4c-c03920fba42d", "value": "PI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d66f07df-5beb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1695677896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677896, "uuid": "32e6568d-3f19-4225-9edf-669ffbd157f5", "comment": "Malware payload (Cobalt Strike)", "value": "83d2d38054392486a19df8e956ba7c53", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677896, "uuid": "0bbc0c89-d179-4e0a-ac32-b2478c70ce35", "comment": "Malware payload (Cobalt Strike)", "value": "1e9e313fbfbcb2c391c8bb8732790396ece81587944ffd829b3fc1d7733b39cc", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677896, "uuid": "a948cc42-fa8d-4b9b-96a0-594dfb7c131c", "comment": "Malware payload (Cobalt Strike)", "value": "210fbf137c03615cc33b34bf6a1943ad1201b280", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677896, "uuid": "74ec9aea-8646-4159-b2c8-a6f1b1e0a71e", "comment": "Malware payload (Cobalt Strike)", "value": "8b8c3106231c04fb204ad1081fba6b6a692b61c630663ae587dfebacd5639722cb37acfd14fb12b682c32bac6c10575c", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677896, "uuid": "ffebdea5-39f4-44e1-84b5-2bc4a27ec3c0", "value": "T1F6B36C0763A904BBF4778639C8930E49D372B8150760AFAF07A087961F637A19D3EF65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677896, "uuid": "9d08afb0-44e1-4184-ae7a-de062e3b37f8", "value": "b80f9a3caeabbd97ef3418216ac93c69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677896, "uuid": "adec6acf-25ad-4f21-a460-88b8456e1573", "value": "1536:oNmwHfH0SqhYouQSVzlflSPJaSACePVLzZwcFEzsWTdw9dlHSORcb:oNmw/RRNvluJZAz9LzWiEbAoORc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677896, "uuid": "7c4655d1-7e6e-405a-b27f-7d0658dd74a5", "value": 113152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677896, "uuid": "c939d221-844a-45d1-b2c0-49f8b5063f21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677896, "uuid": "3f93b6b9-654e-4154-ae55-32766bd3d995", "value": "1e9e313fbfbcb2c391c8bb8732790396ece81587944ffd829b3fc1d7733b39cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3e15420-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695624608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624608, "uuid": "0b547319-879e-47fd-9de1-c3700a1a9b34", "comment": "Malware payload", "value": "d8919538426d062f252cdc0fe540b172", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624608, "uuid": "0f0030f4-8959-475d-b4e1-521deba2e9e5", "comment": "Malware payload", "value": "1f3d4a141c441211c8bbfa33e2108365a109b490c3f648538a5dd96cafd23425", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624608, "uuid": "8d26032f-6f26-4127-9977-995af19c2f97", "comment": "Malware payload", "value": "a2238a76ca4bc0a35210892ccfcf2494c036102d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624608, "uuid": "0bd2445f-2e89-4fde-a726-3dded25a483d", "comment": "Malware payload", "value": "42dbda48e548c30aae48501591d05dd89c2b41ab741edeea2f0e118d233363ebfe25e3a2cf2bd98b11750f4c22dc77dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624608, "uuid": "71b213c5-ca2f-4f49-bffd-be6e726cba15", "value": "T1EA135B0CBBDD7911C7BC297988F7491433B8A5E27A02EE07EF84625C1957BE6A512B03", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624608, "uuid": "48cb9315-d357-4a49-a15e-2f5730ac23b6", "value": "768:XojCabjvWKUDimEpsER1cbSLTJkO7ebGmPOYMDjODLycyrsR2vZQ:XojbLWXFEpsw6KTJh7e6DAEvva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624608, "uuid": "e8215f3b-3aa0-4f7d-bee3-538942bad48d", "value": 41472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624608, "uuid": "ea4e1431-18b6-47b7-b4ad-71aa63201011", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624608, "uuid": "76b3fa11-566f-4585-bfeb-b17fda854911", "value": "General view drawings.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d8de508-5b3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OnlyLogger)", "timestamp": 1695602022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602022, "uuid": "89f8e631-3f1c-46c7-8788-14ed8ce205f9", "comment": "Malware payload (OnlyLogger)", "value": "9103d5d5d8ecaec5b6cb5eb72770d326", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602022, "uuid": "16f5826b-2a43-4d50-9c1a-f1d38c9f6c3e", "comment": "Malware payload (OnlyLogger)", "value": "1fe1a5626aa4064b521aa8b2e9830b6b325d21ec6405b4e294a1a943cba15947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602022, "uuid": "2282c978-bb56-4fdc-80e8-883a2f8ea825", "comment": "Malware payload (OnlyLogger)", "value": "89fdb3645fa5973fa79d81ba63d8acb3ee6d3677", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602022, "uuid": "66b77acf-bb43-4cd3-885c-4cc68b2907e7", "comment": "Malware payload (OnlyLogger)", "value": "2095972b9c6e95d7795ecc8fe4653b1bd13ffdff0cc54899e13dbf91f85d12aeb0459fe6c44c62b7f9b7cc3d51fcace7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602022, "uuid": "8fd88187-fed4-417d-89bf-7945a8be0d5e", "value": "T1E3849E1393E1BC50E5368B72CE2EC7E87B2EF5604E5977AA62185E2B08B11F1D273711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602022, "uuid": "52830017-8f21-44ed-84b3-5a1b75c50543", "value": "e13fa0e2b70fdd8fc0feb3b3998b6551", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602022, "uuid": "5d9d4ecc-9a8b-42ca-bede-a630c0403435", "value": "6144:k/W003T6LV3OnWyPHLhCx39szVsXvLoRgz2VSEIlZS:kxsTi+HPHLy3+0OgzKU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695602022, "uuid": "5de3b7ad-17ee-4587-b6b2-4db8cf518a46", "value": 386048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695602022, "uuid": "74ab5aa4-406b-4706-9baa-e6532d9082b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602022, "uuid": "90fce3a0-5d2c-492a-81e7-93c29f6dafde", "value": "SecuriteInfo.com.Win32.TrojanX-gen.26114.4862", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b83d80fa-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644345, "uuid": "a72a40c7-7399-4367-b07f-6eea8d19398b", "comment": "Malware payload (DarkGate)", "value": "86b6cf70293cde65ebf86dce611acd51", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644345, "uuid": "d7abab7c-3920-44c8-bc0f-398303c17a52", "comment": "Malware payload (DarkGate)", "value": "2032c7c9fe74334d76bebd34dc9183eef730d942344c1845c9dc509742897c28", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644345, "uuid": "8ef1de75-0c79-41db-b19a-39ce7e65d4b2", "comment": "Malware payload (DarkGate)", "value": "1ba71b997a655a7a0f592e18b52980177a8d4ddc", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644345, "uuid": "7ab69e0d-ba9b-4857-b8f4-68c1d2a39ded", "comment": "Malware payload (DarkGate)", "value": "ffb5d11b0fd0d3858bc7cdca297ab90681e11d3aeb6fafaa34c20dee4933d7c687747cd71f8d5f7c2b911c82969b7050", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644345, "uuid": "5c7baafc-0462-42ba-ae5f-0438b2a61043", "value": "T105412E1122E9177CF7720C3AD9A66324CD73F586D972834D0190DD8EA860500FC79F2A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644345, "uuid": "c63cd476-0616-48b9-8900-cb0635b16d8d", "value": "24:8ahWJCnecYZA8vlV+/JlGqcFBx/i850MOZtm:8aXJ0lqlGTFXyr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644345, "uuid": "215a0bd1-ac45-4959-9a75-cacd9fc3c399", "value": 2116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644345, "uuid": "642af0e6-cdd3-4a31-9da3-47be2553a36b", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644345, "uuid": "876f751c-f8f5-41b4-9c04-b31da0e2f47f", "value": "MU-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "767a42c8-5be1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695673440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673440, "uuid": "92d6d6c8-4b93-406b-ae76-be140c870548", "comment": "Malware payload", "value": "db2547ab1307e6c9cdc1e3d32e342ebc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673440, "uuid": "83c5101c-8246-4e95-a1ff-f5c53fbb39ef", "comment": "Malware payload", "value": "20afd54c9aeb0763cf13bfafe4ec5d0eb94267a52a6797f464dce6b8cc941a03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673440, "uuid": "7271a5ea-1512-4a92-8d93-13d75c3089e3", "comment": "Malware payload", "value": "20a00da3321e433b9fdb0deeaa81002fb286d3e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673440, "uuid": "cd6f1197-6f21-48dc-baef-806767b52a6b", "comment": "Malware payload", "value": "f7af0543167b9f09fe48f47cc1d6f3142e24d8c0347d8c699be27c1c2550648330cd411a1c4178f4f5dc151975327203", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673440, "uuid": "a9c27fb6-0dd3-4187-b7b4-3529fbd3ffd5", "value": "T13C84F11132E0C0B1E4AB81358426C6D06A7EB8736AF45D5B3B943FFE6D302D1BA5771A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673440, "uuid": "80609a6f-75b3-4de5-81fd-7bb6b921bc0b", "value": "8a8b4a2b07716ec988e9b99557ecabc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673440, "uuid": "7bc9f37e-89c5-46f5-a75d-2733e0dd7ba9", "value": "6144:Epu2PFaDpT7qEq4hPXmm8x1/zValK5VGaCMDBAI/1SnQcjTvM4NmenT7:EMguirEPAwNahiIwnVjTvM47T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695673440, "uuid": "665a47a2-fb33-438b-a52e-3acdee78c72f", "value": 385536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695673440, "uuid": "afd952c5-ba1f-41a8-b45a-78d34eaa2f54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673440, "uuid": "08347464-ef36-40e2-b0ec-28dd0487f498", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14e473a2-5b96-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695641064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641064, "uuid": "73f1b198-d427-4390-a112-ae1136599f60", "comment": "Malware payload (RedLineStealer)", "value": "bd6ed31aad02918dc9cc88b168e1b9d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641064, "uuid": "4e79cf6a-991f-451f-8223-8970df1cb140", "comment": "Malware payload (RedLineStealer)", "value": "21af47b60bf88124650097f3ccc91ce31df5d23ce452d5458ecf0acaff4bf6df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641064, "uuid": "ba219bff-8397-41e6-81cb-c84b22b56467", "comment": "Malware payload (RedLineStealer)", "value": "cfac29b99494ba249c8dcbdaf5d45bdc25faa862", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641064, "uuid": "c4e656f6-a47c-446c-9541-f8fa18c73c9a", "comment": "Malware payload (RedLineStealer)", "value": "efababaa5e74891665d29f8f8a5ab8a16b20f99065f898291bcf22405980017c0266931bac7b5ded84f27ee1f277a514", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641064, "uuid": "858dd959-940b-48a5-9ca1-d9bc1ff972c8", "value": "T1F87402A17992C072DDAB4074B93CC6A0E67FBCA367A5448773543B5F6C31381AB6B342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641064, "uuid": "7f8e333c-d9fd-4f0a-b50b-740d72ca65f1", "value": "4ea361ab120c57b8b80c2f6f90919695", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641064, "uuid": "fa3031fa-0514-4e85-a514-cc234c7d18be", "value": "6144:RSSnSWnP9Mf9EkVtnhjWUwALMaL5x4IPhRiQ12SyUxTYCf2ze5+0ws:sSnrP9gOMhpwu9x42RiniYLze", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695641064, "uuid": "02e2571d-84a3-493c-b503-c0182bbbfd26", "value": 359936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695641064, "uuid": "d6560642-70b2-44a5-b169-8ec8a27e8845", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641064, "uuid": "a3ab586c-9c39-4f91-9929-139e0d9ec965", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dcca1c8-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629537, "uuid": "1697e16f-2163-4658-ae43-cdde79b888d6", "comment": "Malware payload (AgentTesla)", "value": "4af2a202daf61ed9d215c31bd71d6feb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629537, "uuid": "81eb089d-09fd-4e50-bbf3-820ce288dd60", "comment": "Malware payload (AgentTesla)", "value": "22ffd092b8937ae2de6c9f5e8792b476fcd39c582a401cbcc01f2ec30dfe8c7b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629537, "uuid": "76e3e24b-409b-498a-a564-944d57961642", "comment": "Malware payload (AgentTesla)", "value": "5560a6b34892fed4e34ec3ff7873d6d4a01736ee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629537, "uuid": "61fc088a-5932-4ed0-9ee2-3143f18f7d37", "comment": "Malware payload (AgentTesla)", "value": "d3fdd6b9e89a87acc7e7a752e436617572108639dd2d5efbaab3da8d215da6ab8a8a6cf1188a0182f1dc9bb722ea4357", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629537, "uuid": "3def6e92-c0f3-4f1b-98c3-85dcfcc83e95", "value": "T1FE942A077908EB60D5CB6A3285DF581417A2BDC71E76820F6F48BA522DB13567C3E3AC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629537, "uuid": "bb0be201-e022-4d62-99b9-4c81e0268854", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629537, "uuid": "13b46eb7-23fe-4bd4-8612-754f27f402bb", "value": "6144:oOLz4qRD2xYmgCXR/GTu+Fv2+T7Jw1954xIAi/:/Lz/RlmgCh/J+Fv2+T7Jw1954xI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629537, "uuid": "63e0dd26-2412-420d-afc4-268489a5fe83", "value": 418304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629537, "uuid": "431595c2-d69b-4761-b245-d806ed4249e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629537, "uuid": "372c7d2d-2472-4666-8a5c-5d5376237bae", "value": "22ffd092b8937ae2de6c9f5e8792b476fcd39c582a401cbcc01f2ec30dfe8c7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95dbce4f-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695667910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667910, "uuid": "750816ec-a25a-4e12-bf5e-7e1f27a1e3b0", "comment": "Malware payload (AgentTesla)", "value": "e32f860c73ba6aa5f63561461bf47dcc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667910, "uuid": "3765564d-282d-408a-8fe4-964370398648", "comment": "Malware payload (AgentTesla)", "value": "233761dbbb34df3ef5d1e0e6507d8e1b21a6715e5f1d00c17aad6321ff5a0121", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667910, "uuid": "c1af182f-1602-4282-b05d-ac668784bcf9", "comment": "Malware payload (AgentTesla)", "value": "7d33b4e64d48c5dcf58858d325973ae836abc374", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667910, "uuid": "9dbb2c59-e067-4435-940c-a02eeb589535", "comment": "Malware payload (AgentTesla)", "value": "c38fc11165ef18d85e6dff1ca3a4b4c5cf6eaad5f26021f271cdcd1f94c90edfc88b1e8be8996d86a0cea2cbcc0a4ff4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667910, "uuid": "0f855c99-f6a0-4ce9-a82e-96f9e340c0e1", "value": "T14E558D283A7C8A27C5CDC6B192D3052D8EF38D0666D6AB1A1444F1FE19B337D4B4B1A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667910, "uuid": "2fa92841-e6e4-4549-9a30-5523d84fc447", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667910, "uuid": "00834df9-1cae-4b4f-b988-70d607d3f2b5", "value": "24576:c7suOETkCp8MgOAsVw1HxqSqVCXjkNFTCmUQ/B8v+hp62K:AOo82xcRqSq64nCmT/B6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667910, "uuid": "b3ee3cf0-bfcc-46a0-bb06-b3bf3068c645", "value": 1294288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667910, "uuid": "d35a66a6-29cd-4a85-882e-4fb8f8ce631b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667910, "uuid": "7ecd7492-d49c-4669-841f-90326a5ad984", "value": "ORDER LIST_SEPT7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41dd8912-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695629543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629543, "uuid": "c78354ba-8b11-449b-af41-cf40a7de27f1", "comment": "Malware payload (GuLoader)", "value": "67550518a3434e0bc380ca85ec053295", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629543, "uuid": "abcddaef-f4ea-48e7-a81a-5aeb79f4c965", "comment": "Malware payload (GuLoader)", "value": "2340f884236aaa127f58da3f0cd257a6ee2aabd974bb409ec4f07ea01d5f045b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629543, "uuid": "1e5077d6-bf7c-464f-9ded-82a6e7976e2b", "comment": "Malware payload (GuLoader)", "value": "88bde13bf178d6e84f0ea16cf84006574c2e1ab9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629543, "uuid": "6e901887-e294-4189-a0e1-4b96029d6aca", "comment": "Malware payload (GuLoader)", "value": "a59db0d9da102d8d39744a421243c003fed3fc0dcf6331e7a925555dd09229529dae8c02d6800a33433c5e42b8429c19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629543, "uuid": "fd8d9dea-6064-44ad-9dbf-0394e1bbab6d", "value": "T1E394F2503B90C81FE7D1857098B4EB9D9D69ED2D2D6BC602BA6B37AC35783A0CC6D311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629543, "uuid": "5c91e1ce-d26e-4ccd-905f-fc3ce695571a", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629543, "uuid": "f585eaae-a899-4038-af53-85215760f8eb", "value": "6144:xB+pgUvsgje7ILcuqHy74ZhR0NmnK/2+Rc/gDHbJ75E0ME9p5FU8:xgnN+4cPSOhR0snK7RGkb/fME9jFU8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629543, "uuid": "f9ebae0d-2226-4f2b-b4b7-6adf561d26d3", "value": 433834, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629543, "uuid": "4ba263cb-32fe-43ad-a333-c2b458ab3f0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629543, "uuid": "14260d39-727a-4436-ab04-ee4b0734bd66", "value": "Begraensningen.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "494498a8-5b72-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695625690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625690, "uuid": "fd392253-3ba1-409b-b111-994ccec201d3", "comment": "Malware payload (IRATA)", "value": "66b23d1f0c1f45d440ebe3e54d700f17", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625690, "uuid": "185a4985-1b3e-489e-abdd-b0a20d96fb2e", "comment": "Malware payload (IRATA)", "value": "2762e34feff43dd42f1ec70f01f5a97f64cd8454a3a5c9275e97609f2cbd24c3", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625690, "uuid": "63c9fc67-8c4a-4126-9207-5d8d8ca0ea5c", "comment": "Malware payload (IRATA)", "value": "b6d615f42e7862db7fa43732153b47388739abe4", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625690, "uuid": "ab2c7bc3-acb8-42b3-8f1e-084e6509b5eb", "comment": "Malware payload (IRATA)", "value": "71feba007a884fc065cbf74bc9ed225a01b94abd1a160f4ec1e59ad7dee5570811dd15a439c3a2d77407320fa0fa37df", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625690, "uuid": "8610e215-d4ed-411d-be29-13eb2b997320", "value": "T1CBD52257F2696807C832C13229412A3921160E58C642FB4E395D77FE3FBBDE84F856E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625690, "uuid": "1312fa0c-4932-447d-ae81-4012aa04eae9", "value": "49152:Js/ikkp7XQoExcVCpr8GeRVktQGbya+UpH7U0hP2MTZuxx4Lpk/3+NJUxM6xOmdI:GikkpXgxc8prsKzb+6VY8ZdKv+HUxMYo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695625690, "uuid": "734c6012-cd5e-47f7-b05f-0ddcda6a1d86", "value": 2764927, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695625690, "uuid": "a9d4e90e-dd48-4e11-98e1-3081f6bff15a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625690, "uuid": "3e5ccc8a-58fe-42e7-9898-ac5ac08fcc47", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d8663e2-5bbf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695658876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658876, "uuid": "c3552066-2352-424d-916c-fe953105676a", "comment": "Malware payload (AgentTesla)", "value": "9af8b3b770cb6fe9a6041ca1726c7caf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658876, "uuid": "ddaeb5ce-47f4-4185-9045-ce101aaa1120", "comment": "Malware payload (AgentTesla)", "value": "28accd12f705c60eedcd43c660831eea4319520cd4616f069f05f8e4c22f8e0f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658876, "uuid": "ede13d9a-26ba-4e08-81ea-5069c06bf26b", "comment": "Malware payload (AgentTesla)", "value": "ced5fbe495a27ee26e17ed39186cc240991291dd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658876, "uuid": "b2fbef48-20ea-42e5-bc48-3fd8c4b937c0", "comment": "Malware payload (AgentTesla)", "value": "44dc77679f6db52245777a7dcd2177334ad71a295621ba8fbc0855df7b27599a11df3f6c9f69bd9a28322fc2073c1d17", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658876, "uuid": "6326971a-d8d2-4d31-86d2-ca2c60add01e", "value": "T130D4017C2D440237C2B9C378C5DD2903F360665B7232EE4AD8D71B8A562B69379C672E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658876, "uuid": "01c47bd6-73bf-4e0b-bdbb-9b09b6fd73b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658876, "uuid": "d57178d5-c6a0-410c-a004-e4cb0125e30c", "value": "12288:oRCB15725mD8OazhHLx3acBa/bqP4N5qi0joCXXuL5wGw/at+u/7VErE:oRn68Oua/bqi58VXulwHalBL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695658876, "uuid": "6e11c588-bd3c-4140-9626-748f4b22117c", "value": 625664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695658876, "uuid": "bc0b66f8-1533-4723-96ce-616c1e4dfa08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658876, "uuid": "1ef474cb-912c-40c5-bd4d-6e76fc09f174", "value": "Curriculum Vitae..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36ed4717-5b93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1695639833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695639833, "uuid": "e77e6a9d-9f81-423f-8b61-f0b3d228881c", "comment": "Malware payload (Stealc)", "value": "7d8f813ca4681dd17aec22a2cfdd5858", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695639833, "uuid": "6879db19-9576-40d6-a057-63a24a16de42", "comment": "Malware payload (Stealc)", "value": "2970f93fdff86b1cfdce4bee35650f58bb2c8face78c7e9228ad6c697d3d5b40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695639833, "uuid": "3b7db168-5e04-441d-a36a-66e21f6aca09", "comment": "Malware payload (Stealc)", "value": "dc5409b772f67a7d31a2b8f0c11ad867229c54af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695639833, "uuid": "df73ac92-0a4d-498b-9a1b-74228a55287b", "comment": "Malware payload (Stealc)", "value": "5f9253e0e81b22d79d3ec0cb9c061748f10bf6020b681377d208aeba60e5b2c87826b1f0b32badf77c052991c5903097", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695639833, "uuid": "e2c289a7-3164-4f72-b415-49da4057ba9f", "value": "T11B14D0107AE0C032D77B4C745932D6D0AA3BBC92AB75899FB344375F2E3179157AA312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695639833, "uuid": "5fc8a6b2-f5b9-4b40-a280-ae902bb889e6", "value": "4ea361ab120c57b8b80c2f6f90919695", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695639833, "uuid": "329d8ef3-8719-42df-9222-55dfb0f8532f", "value": "3072:g6UEth9wVHT9u1dMsZzqCcKJ/ofabM7vk+dQ5CnYT:ggth9wfu1lZzqhYofEA1l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695639833, "uuid": "d399513f-2651-4188-bee6-35bdecdc29f2", "value": 203776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695639833, "uuid": "fe24dbad-7b45-4f9a-ac0e-18b0e77b03f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695639833, "uuid": "c56396f8-3630-404d-b828-020827c1becb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c19ea9b-5b3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695602019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602019, "uuid": "3ec8ec1b-68ec-46e3-b58f-68373e1eb053", "comment": "Malware payload (MysticStealer)", "value": "16657af7f1a7b83b45fcc3ad2b007a1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602019, "uuid": "1efe0f4f-9102-4f82-9ff5-af7bbc74374e", "comment": "Malware payload (MysticStealer)", "value": "29bb9454b7cbb86e061b012d9bdc6ed6759811cae8f1ea2f4ac8ffddbbbaaedc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602019, "uuid": "361dba5f-c6b0-4070-83a6-0c5d72182ad5", "comment": "Malware payload (MysticStealer)", "value": "c0f15311b739b47754d9f4075b5a580646576f28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602019, "uuid": "8841f3a4-bea0-44a1-8037-fd75d7083da2", "comment": "Malware payload (MysticStealer)", "value": "d8f62b7cd062e6ac84c06e00733ad67153bb3ba22ae42bdffac0309557763a12aa97722827d7cf435460fd685675a0f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602019, "uuid": "95d3670f-c0c9-4b73-a9ea-b0547b5ff72d", "value": "T1B484BFC1FCF2827CE467903606D5D7744FBEF42003504ADBA79DCA294ED07C2AA71AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602019, "uuid": "3738c437-f223-44a0-a8c2-4c91c958a871", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602019, "uuid": "93cf5837-754e-4e8b-b384-2d84d2269287", "value": "12288:VNIdqW5sEe2uuezbtTgRPUO23U+ppC58ipK2pGcCOhG5Coe0Lem9/LpyGbHAED0S:VNIt5vU6Krlh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695602019, "uuid": "ff5f88f5-7c95-466f-904a-c512f0b091f6", "value": 405880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695602019, "uuid": "82d0b125-eb71-4470-838f-944163c3ebe1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602019, "uuid": "b13b23b3-61c4-4c79-b6b5-34370cd745f0", "value": "SecuriteInfo.com.Win32.Evo-gen.21685.15362", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43080c82-5bb0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695652309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652309, "uuid": "142281cc-6df3-4b91-bdf4-df492303d3b8", "comment": "Malware payload (MysticStealer)", "value": "f8308e5f788b1a3c15dd074701afd38d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652309, "uuid": "8432818c-bb5d-41b4-bf43-34a6a45777ea", "comment": "Malware payload (MysticStealer)", "value": "2af4ea45dd4470da2228add550f5ef2dcb4a8c4bc5808d15e6c09e4c7c140e10", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652309, "uuid": "4223ee72-fa2e-4045-91c7-fd6382eb7618", "comment": "Malware payload (MysticStealer)", "value": "f5b88a757fb18c2f1c982832374bd43c147d7f8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652309, "uuid": "2370cbbc-24d6-4566-b980-38abc591c0e4", "comment": "Malware payload (MysticStealer)", "value": "5e47f7c0506cbf7677423570b63caa6e6493cd14b3ed2455ba8fecde1e63b6e98ddce8696b14828e8d58919c9ab0427e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652309, "uuid": "9565adbb-554e-4fa4-ab4b-3cb930f64b05", "value": "T19C84BE21BDA0F731C4B3603109B4D77AAE7DBA108B5569E76FAC4F690F70381A63198D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652309, "uuid": "4e159671-36be-42fe-a912-842f47a39a36", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652309, "uuid": "c3da05e8-9157-45b2-9859-f096748c19c6", "value": "6144:QmXAxlt3fuPgyxhV5dAOPI4MT0diye9znjO13lPGCH:QHxltWTVI4gkwQGCH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695652309, "uuid": "f9de959b-932e-4dae-b8bc-8ba0ad6444dd", "value": 373112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695652309, "uuid": "cc39b7e2-7239-49de-b8cf-7d80df58c69a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652309, "uuid": "2fec976d-fe86-410d-8128-e8ce68bdeefc", "value": "SecuriteInfo.com.Win32.PWSX-gen.11647.2372", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "755c890d-5bc1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1695659695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659695, "uuid": "8f18c253-c1ba-4595-bf03-e1cba5082b7b", "comment": "Malware payload (AveMariaRAT)", "value": "3d16843f8ca3d944f38e4b5cb7b3251c", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659695, "uuid": "c52c1adb-7efa-473f-b3c8-5c2d03317576", "comment": "Malware payload (AveMariaRAT)", "value": "2da628e0bff0b81c2de3c81dc60be0084e23981c3130aea70902784a2874a7a5", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659695, "uuid": "a88095dd-1a4e-40fb-9fdc-6a373ad2c476", "comment": "Malware payload (AveMariaRAT)", "value": "ba041d5f1207885d8ac8498c14e910451f7d7d8d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659695, "uuid": "206c284d-55b4-4543-a433-60e25a3ec0a1", "comment": "Malware payload (AveMariaRAT)", "value": "af6a63194f49ef5d6bb378390bf7bb110950e41bdb335048196725d1b08599fd0d859e94e750e1988f83b75ec35d3f49", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659695, "uuid": "c0b3446c-fa28-47c3-bd42-1d116301ccf4", "value": "T180849E0075C18032D47252768DE4DBB15A7FBF6107234AFB5BB43E9E4B653C2E97222A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659695, "uuid": "d2cc0c30-932c-400b-a2ed-a25327216ad8", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659695, "uuid": "5b686c7e-408f-4e6a-b843-3b47f047520e", "value": "6144:jRLhTWbImfo6Sc1Y4OCF5atuAOKp8cI5dP9yrd03F7LprCriqwE:jR16bImpS55bukpfI5dFyrd0MPwE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659695, "uuid": "e14dd695-4f48-47f1-86a3-719de1064f39", "value": 400840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659695, "uuid": "f5abebe2-bf6e-4bda-adf7-0e55d38e00c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659695, "uuid": "a5ad8a7b-bca4-4b36-b486-da1f82733a73", "value": "0374_PRICE OFFER_MF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94e53b8c-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695667908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667908, "uuid": "267d8749-dc55-4289-8c9c-77f790ef76ee", "comment": "Malware payload (AgentTesla)", "value": "c17a702d13da16d40d60d624866e5662", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667908, "uuid": "f08264e5-9c06-41d6-9d27-6be004ccba55", "comment": "Malware payload (AgentTesla)", "value": "3366e7cf0549781bef6c2690dd392ad34cfd7c3355e99f3d042256d6df2b4281", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667908, "uuid": "3eeec37f-f622-46c5-ba82-faba18f266c0", "comment": "Malware payload (AgentTesla)", "value": "21222a8d1c645ecccc07090558a93cc28844fd80", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667908, "uuid": "13bc6b9e-f736-4d85-ab25-78193e0e24d5", "comment": "Malware payload (AgentTesla)", "value": "cde473bd0ec5fef2dd9060b197e0b36347d6f404514da7beafa00051eafd1048bf5652b5284f096384bf716645a2f7e0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667908, "uuid": "ac3536a9-c956-4346-9a13-87ddae045139", "value": "T16FB25A91CFC21534494717FAAF8A4430C5B849BA8225407DAD5EBB395403B5CAF7FA8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667908, "uuid": "6192318d-6c28-46bd-bab7-c17932299ac4", "value": "384:tDH9kcbBojN2IDLDpNXI+icmCPYoM5IZJuX7PvZDKZFdjiHf1Q4nBT:tDOcbBQ2IDLscmCPYoMX7PRKo3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667908, "uuid": "3ab50954-9773-4c72-8b82-ba7c3a45394c", "value": 24387, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667908, "uuid": "446d1560-1cbb-4d9d-8c11-f02663528999", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667908, "uuid": "920212b2-0989-4ee9-9401-72eff89fb33e", "value": "justificante transferencia.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5a5f701-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644341, "uuid": "7eaf6ca6-5b37-402a-a2c3-4e60b7385e35", "comment": "Malware payload (DarkGate)", "value": "d7fc8b7e6b838900c35a6c1386e80ae9", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644341, "uuid": "454b24dd-0512-4756-8fd2-0358645ba081", "comment": "Malware payload (DarkGate)", "value": "349bdd8b76677aae443590247467ed4cb99532c5e52fa58e64db61c968f97201", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644341, "uuid": "97f175e6-e9be-4abd-bf14-811caf5ea785", "comment": "Malware payload (DarkGate)", "value": "e2bfee71a4f084ad6695f74a3905def6c3ff8d2d", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644341, "uuid": "3ef40eb1-22b8-4efb-850a-1c02d5a0cdc3", "comment": "Malware payload (DarkGate)", "value": "a1662933a7c56baa8cee0906b62aa4ade031b397c16108872b20bdb7153ae0109f97a8cef8b02e442f5c9f8cfabd207b", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644341, "uuid": "5707f245-0207-4cd9-9634-f6a1bd1f3238", "value": "T16A41142512D95729D3F2093F85B67331CE6BBA45E577870900C48E8CA554A00ED29F3A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644341, "uuid": "236e0f01-51c3-4d5f-a32d-2a1407145d9a", "value": "24:8aK5WJCnecYZA8JLp+/s2e37i85u7Qyt7f:8aK/JSL3xEp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644341, "uuid": "47b22623-f820-45a1-9bab-2a44a339a709", "value": 2111, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644341, "uuid": "ce85cf47-860c-4b94-bd93-46149b62fd4f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644341, "uuid": "b1f40006-fdc3-4148-a913-72bd8bb56517", "value": "JPSA-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "968abbc7-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695667911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667911, "uuid": "2ba694d7-e7da-454a-89ad-7734c36b919c", "comment": "Malware payload (AgentTesla)", "value": "8f4dddd29edaf99fbf82ae6825299306", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667911, "uuid": "b145c894-8773-4cf4-b7e3-14bccc53026e", "comment": "Malware payload (AgentTesla)", "value": "34bff6ef48b779645725d36d5367124f950fdc61c290c214457cf66508ec5a00", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667911, "uuid": "2bdc154c-742b-45df-9093-9f4041c2d4a1", "comment": "Malware payload (AgentTesla)", "value": "016c3674e822dff69292571340c28ffc92ec7531", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667911, "uuid": "45d572ad-3fe2-4b86-af48-a47f2d242510", "comment": "Malware payload (AgentTesla)", "value": "4d0b9212d2ef57d49a517565d1a738b7a67a5fba1147c2114c4d5d0de3308757080918db88a13250b5f63a448d88296e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667911, "uuid": "582b9ded-b3a0-4a2f-a2f7-d5bb0ee4bedf", "value": "T19CC42336AC8A4F7FC8742AFFC6924033C57476CBE30B8B785ED6A978295419F0451E29", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667911, "uuid": "cfdb0b1a-836e-4999-b5ae-1592f2564526", "value": "12288:CWUNvQdBy17k70q3osgL0ZarOOb9cjLjGaq04Af6tlwxg0g+1E5mk/DDryFUhOI+:CWUdQde7kb3oshZayOb9cjLjGzFl0f1H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667911, "uuid": "54196671-bcc5-4076-86aa-b4e36f60378d", "value": 584571, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667911, "uuid": "db9751bd-d0ab-41c5-ba50-fe52648290fe", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667911, "uuid": "8c3b4b89-7278-4175-9a76-3ebf4b7210dc", "value": "ORDER LIST_SEPT7FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b04b5403-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644332, "uuid": "4037005b-5f2b-4115-bf35-bccdbd534a1c", "comment": "Malware payload (DarkGate)", "value": "0e23045c884447134eca93c546627106", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644332, "uuid": "014010fe-af31-4083-ac3c-497d366aedc4", "comment": "Malware payload (DarkGate)", "value": "35093a9f9212927ec5afa777d1acbe8626da0ddce678f3c1c64a7c26ebe03bfb", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644332, "uuid": "1768463c-b7fb-463e-8208-7042c07836d5", "comment": "Malware payload (DarkGate)", "value": "fa33f28e37e859b0e715000046cc7f8affbe4189", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644332, "uuid": "af0dff54-7d2d-483b-a636-684ebd688325", "comment": "Malware payload (DarkGate)", "value": "6af34a902a9615213c89e0ab419ab0ba13b8cb51dbb1a1c4746352e38c053967c525ab364098e80986c14a3626ebe325", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644332, "uuid": "39edabc8-f882-45fc-8002-72f2a710b7ef", "value": "T13A11968616EE3556D02AECB8250A83C543B4BBCE50160C6B5DD52CF2359B9130E6AAF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644332, "uuid": "09729158-711d-4237-9811-4970faf44ece", "value": "24:9QrY6fl8iFWB09uIodKgzRYOjN5LhBMERh0l:950eisB0FgFbBMA0l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644332, "uuid": "134da1a5-cdab-4f35-97a1-ec6ea6de9a18", "value": 898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644332, "uuid": "6f0ef107-7720-4e65-9133-6d905b9714b5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644332, "uuid": "ab3c5bc2-e926-42e0-96e1-32016e833366", "value": "Qyo.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "838cd1f9-5be4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695674751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674751, "uuid": "8972e369-6755-4446-9a6d-e484af8fd950", "comment": "Malware payload (RedLineStealer)", "value": "d6faa8bd2bf21639e1dc9bafddab6e0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674751, "uuid": "d48e71b7-a9b7-4c48-b9e5-2af04b2caa55", "comment": "Malware payload (RedLineStealer)", "value": "354da50b3f098bac3aca61bb4e12dd7f14a6e430a0ed48cfe53cc7f0fbce99aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674751, "uuid": "7cdebac4-a34a-4e8a-9f20-ddaac0ff0ac0", "comment": "Malware payload (RedLineStealer)", "value": "fe54d70c14d8e0e7f0e109baff534d700a9d7b84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674751, "uuid": "fbe83cbe-043f-4833-bcef-c83bea7e13ba", "comment": "Malware payload (RedLineStealer)", "value": "1757e5aeea65caaa092618eb2c7eef1d679eb466cd0f40575204c51eb1c81e5bf93839f00f143a6a786835777a26ad8a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674751, "uuid": "1a9cab9d-cadc-418d-b3af-5d78811b3873", "value": "T1D4C47C012488C46EF6DA943781E6CCB55E657822D3A445DB23F815FCCEEC7E2B62720E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674751, "uuid": "da34e5c1-79a6-4416-9785-eb47f26bc610", "value": "0595dd53e66a162e5b3ad1cb7983da34", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674751, "uuid": "3128ac04-4845-48d9-abd1-c1f582e793ae", "value": "12288:g7zMPrF22w6WRnxjB3BRnzwA7nOZ7GXRs:gfK22w3nxjRjnEAa7GXy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695674751, "uuid": "eff3823a-78ae-4608-997a-c0b24428b866", "value": 572416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695674751, "uuid": "e8c64766-b857-4621-812d-6ee153c975dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674751, "uuid": "84126d31-41da-4533-a5c4-c8b66aeed096", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ced6446-5b3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695602021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602021, "uuid": "a9d98448-ffd0-4fa7-9f19-817b062c3614", "comment": "Malware payload (RedLineStealer)", "value": "ddffc2d90d856636988bf603f0383d9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602021, "uuid": "f18954ec-5950-46e2-9627-d5e756df8d60", "comment": "Malware payload (RedLineStealer)", "value": "37162a151d67a271fa53fe8a32805ba3bcafeada5687e25ec55cf1d81840b2fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602021, "uuid": "d56928ff-a108-48bf-b1bf-6a55ca65f989", "comment": "Malware payload (RedLineStealer)", "value": "6e8b4f96401a697b94a75b704b3a3dfc089ed625", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602021, "uuid": "da3af44a-cc0d-4eb6-8bb6-c2f27f0a8558", "comment": "Malware payload (RedLineStealer)", "value": "e83d1f0f6e76a68146c9a4a3d5a9239c4a86941e8c61bddd428ea92d608b885af06e0a6450749e0e35f8d775d3e22352", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602021, "uuid": "69419b3a-05de-4aa8-a2a3-c52f27170c43", "value": "T1C5A48D05FB9448E9D077C4348A178642D932789A0F75EADF1398927D2F3B6E85F39B20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602021, "uuid": "86fca900-e5f9-46d2-a3e1-8b618d8ebf0c", "value": "ad93bccd3325bb814d5a573c3780f75f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602021, "uuid": "9bfb1b3c-b367-4757-b559-24fad2d8055c", "value": "6144:b2vYg/KfSIBMDgW0L4FWa1yYMOgWQOb+071y6rpz0V:VgGSIu8OshYMUQOe6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695602021, "uuid": "7191d6cf-5e6c-4fde-ad47-13215a78921d", "value": 449024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695602021, "uuid": "51a58d68-00e0-4984-959d-ea5bf90a7c6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602021, "uuid": "8107f7fd-94a6-4687-8ab6-04ff7ff69f86", "value": "SecuriteInfo.com.FileRepMalware.9552.32075", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94bd4191-5bc3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695660606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660606, "uuid": "12c46779-cfed-4754-8994-8a4838612bdf", "comment": "Malware payload (Mirai)", "value": "96c6454a789e540d4bb4c8e8f95ed955", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660606, "uuid": "3cffaab8-0a4f-427a-9c53-cc1f8a7168fc", "comment": "Malware payload (Mirai)", "value": "384fe0433106000b19eec0178d22cf95a3961228435183939c678c2cf52bb997", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660606, "uuid": "310bc8f9-f223-4054-af74-343e2cdda2ac", "comment": "Malware payload (Mirai)", "value": "ece0a90d061979d3d624f4d9534049f3187fb904", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660606, "uuid": "b6d4ddba-8d69-4c28-baa3-8e3da084326b", "comment": "Malware payload (Mirai)", "value": "15034656d6fa5d820a05eb01c9d9d790f5aaf6e8eff27bbfb261da6a6d8ab372a011f2837c1894e99ca3651f417978a8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660606, "uuid": "de79850f-efac-40f5-be66-83d4a0348c8c", "value": "T13463D644F954932FC2D267FBF759028D373A1A58B7DB33215A382DB43BC5BA85E29120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660606, "uuid": "82a1f471-060e-458f-be2b-2c46477afcc7", "value": "1536:P3+w3r1TRPjI+tg6Z0EdFFvSwFtT+jWtefakJucva:J1TxI+j08FFbT+jepncC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695660606, "uuid": "a538036c-2fff-4bbd-8ed3-b1f0cca48543", "value": 72586, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695660606, "uuid": "9da1465a-1a0c-4898-b08b-a81a023f7d3a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660606, "uuid": "a0a07f77-c4f6-4033-974d-0c6e4fc7ee14", "value": "arm-20230925-1650", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac98899d-5bb1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695652915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652915, "uuid": "74f29afa-a694-4bde-85e2-6745b3d6394f", "comment": "Malware payload (IRATA)", "value": "52fcd774e288976961f5a845afb67e49", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652915, "uuid": "c551bcb0-c9bb-49c5-9b5e-2cfc33df7efb", "comment": "Malware payload (IRATA)", "value": "39649b0fc7239ab065f5ff778d877c28e32a4417b3417d0a59d70fa8c74ccbd8", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652915, "uuid": "207527ff-011a-41b4-9bd6-9dd501ea053f", "comment": "Malware payload (IRATA)", "value": "0b3aadac96e14dfe08031aeae2d19f5ee4c13b26", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652915, "uuid": "36788de2-7aa2-47f5-9cb2-e0f079b11e48", "comment": "Malware payload (IRATA)", "value": "f7fd781136db7f2f0cef9124601758e12e85b7502cca32516804989cb8527e5009e43203e22541f42f4bdb5d0fcd0bdf", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652915, "uuid": "518077b3-df7a-4dc1-9962-6e10527945ce", "value": "T192A533E7F2B98052DFDBBAB22966A7C15F722C110E034C8BB84673BD46B6EF54724540", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652915, "uuid": "a663ffcc-615d-4a77-9ecb-125629b2f020", "value": "49152:AEpUPk/CxqJMfk3GtbO1ME2Jq0nfaNp+fI/2w/KJCrSRA0NKgQP:AEUPk/XMfk3qsAQQiNpcg2w/clRAJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695652915, "uuid": "ac8ab05d-03ac-409a-9f74-214b7f534293", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695652915, "uuid": "4bc00c4f-f443-4320-bd98-a7e1bee930cf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652915, "uuid": "d24cf6e0-9ef3-4355-9ee3-cd2e465000b6", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85380942-5bed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1695678619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695678619, "uuid": "311361cf-8aeb-48fb-8764-d4291ba1b53c", "comment": "Malware payload (RecordBreaker)", "value": "0ed436133ed1bfd2605db98ce90e332e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695678619, "uuid": "a62d9306-53d5-4cee-8a1a-36ddb501bef1", "comment": "Malware payload (RecordBreaker)", "value": "39c1944344d6709fd7caa9539c0f02577c260ef9cd67ae3ec6551c81d97eb2a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695678619, "uuid": "654295fd-acda-42bd-8ef5-a77ea316f0a0", "comment": "Malware payload (RecordBreaker)", "value": "cd0cf30d71c585d3afcb582f04fd703663d7d3d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695678619, "uuid": "22e9d685-019b-4497-bada-0d8a1fe0d26e", "comment": "Malware payload (RecordBreaker)", "value": "ab38fcaa8fafe0f437a7e313489ff1f5ea85da005ad80a4be0fde8eaa498d6dfad544ff79f0b44f84ba6aab363df0b91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695678619, "uuid": "c0e5e783-2a44-4af1-b667-fe95fbc43dad", "value": "T1A2267D4AE2A200A9C51EC8B0CF2E952197293C5F57F592FB25D5B5E42672BC43F39F20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695678619, "uuid": "193cada7-df24-445c-adea-d11ec5cf77f6", "value": "a38a2bcf303e93cfe1f863580d3eb2b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695678619, "uuid": "ef604ac7-438f-44bf-b78b-1b09041d8a6f", "value": "49152:TpqSP0/IPen5qohXF6d+W3fQvqqqqzKAl8VpHQPNLRX/ZTSZD77jVCGEM63:RPSFtXF6d+WPbMKAl8V+PFBZTSZdCV53", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695678619, "uuid": "7a436ba1-6751-4d79-a88c-7fa2848b60d8", "value": 4488448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695678619, "uuid": "764dad27-5cc2-4d33-af0d-babc54a864bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695678619, "uuid": "1aa9409f-7190-4601-938b-a3c5299397cc", "value": "0ed436133ed1bfd2605db98ce90e332e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88dfb3c1-5ba8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695648990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648990, "uuid": "d2dbfd56-6c73-40a8-80e5-0fade9f902d5", "comment": "Malware payload (AgentTesla)", "value": "d4b33ee5696def7f3de504baec39af34", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648990, "uuid": "616fc1c3-dd0e-4325-b0fc-5fdbd2571ba6", "comment": "Malware payload (AgentTesla)", "value": "3aa409bc939bc8f42a7cd90af7fbd01c3e3c0b943a2988224b439df18ec3d3b5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648990, "uuid": "4a532eb0-da08-406c-840d-3cd38f779fd3", "comment": "Malware payload (AgentTesla)", "value": "43b71eafc2ce5ecb6c7236c0635bc00dd142bdb8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648990, "uuid": "f28f25a5-6f15-4495-b417-fdfae0c6f90a", "comment": "Malware payload (AgentTesla)", "value": "7e2d4b02f83b4eae13846b544798f439ac291143ce1542878e719fab28dbcdf66021a5ab2993e6dab8f79a62d402fdea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648990, "uuid": "c722017d-bf58-4b68-a4ee-2100d77a3c45", "value": "T12405D69D721072EFC857C972CAA81C64FB6174BB830B9207A06725ADEE5D897DF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648990, "uuid": "95635816-10de-40dc-8362-e756bb0e1854", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648990, "uuid": "e6979a86-da25-4546-85d0-80672cd90173", "value": "12288:8xLJI2VrsJXYAFF1ZxJbMjqP20xjK7F4q6W6er9hnx8ailHVCkhJoOp7nS3gjFMD:rzJXYcvwjYBKZ443r9hx8PS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648990, "uuid": "0309f77f-8455-4411-80e4-e95b3a35722c", "value": 850432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648990, "uuid": "ae63d65e-9b7f-479c-9b5d-e7c194749af3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648990, "uuid": "977e759d-a3de-49b7-a0ca-9ffa6c1af5f4", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f79660a-5b7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695629110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629110, "uuid": "34c9a0c8-bdbc-43de-b7e5-762c3aa36b21", "comment": "Malware payload (Loki)", "value": "ad1df3b36d00a52e3d388ac7872b5e4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629110, "uuid": "6d082901-b4f6-46b3-a426-99143ce67cde", "comment": "Malware payload (Loki)", "value": "3cfc212a0ab3632bcac97e2116a17a135b9541ca9aef50f778d366f9d978f702", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629110, "uuid": "a7516a90-a9bb-4c3c-a9d3-acaa178f9a1c", "comment": "Malware payload (Loki)", "value": "80e9ec2a0edf682d847bdf74b21ff80e42d65304", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629110, "uuid": "4a1b0c2c-7ea4-4ca1-8e97-d6f840a18da6", "comment": "Malware payload (Loki)", "value": "e319bcecc3ee02421758263cf25d6955e95a2c366a7d218d369f1b644f6ebf0395f838b26b798a18b070a9707ead23bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629110, "uuid": "cfaf3775-d004-4e15-88b7-10aff69b4b32", "value": "T1FFB401933239472AE37A06F818702B150671E3465B12F6885DB075DE9BEEBC4C3A17E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629110, "uuid": "4fd2f1b8-8283-4ba6-9176-c215b8cd7dd0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629110, "uuid": "01645ac1-2351-48a3-9a95-a4bc799a7797", "value": "12288:nYJAfDuHOXiAch/Qgbb1xICyV/MMtsLN3mIz03Wc/R4ctW:nYJgvcxRb4fWbAGc/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629110, "uuid": "9a9ab56e-ef55-41e5-9fc4-4326ce1415ad", "value": 540672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629110, "uuid": "14e62ccc-6abe-4ef9-8482-97744b2923aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629110, "uuid": "be3e87dd-21b0-4fdf-9dec-a677fcef0440", "value": "ad1df3b36d00a52e3d388ac7872b5e4a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ed0c8ba-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629538, "uuid": "5356f723-c745-477a-b169-56c85edbe856", "comment": "Malware payload (AgentTesla)", "value": "4eee9f3de8f15c0de7109bec3d035b2d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629538, "uuid": "fc95e14d-628a-464a-a277-b9d39b863569", "comment": "Malware payload (AgentTesla)", "value": "3dbc68ad8ed61358bd1d7d2c59d72a42b23f793e7fe1535cabdfee4c88ba8f4c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629538, "uuid": "253b1407-6eea-4258-982f-dfd842fb3939", "comment": "Malware payload (AgentTesla)", "value": "9b0a0f5a76b44c2e81da789c67fe1bbd49aac478", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629538, "uuid": "c12a1a5f-798f-4d95-a0b8-18bbba50fd8d", "comment": "Malware payload (AgentTesla)", "value": "730ccc07da1daf87c591fbdb3b7693d59a581a2e999450505c116daebad9a435e5efd0b19af71c647286d3785b02f7cd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629538, "uuid": "aee9b778-613d-4eea-b2c7-8c61f34aa829", "value": "T16544ED037E48EB11E698393782EF7C2813F1A0C71673D20BAF49EEA525456436D6E36D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629538, "uuid": "a60f68d6-f084-4bc6-941b-97f70d61e2ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629538, "uuid": "1a4fd8d0-2cad-490b-861c-48a93a8909af", "value": "1536:upDcMlGXCDQ/W/zEuB+Kmx/IApkpbbASB90VzSNq6ML3EOim1hC6q0ioWfHV7x7h:uRnlGSDms4uoK+rCiapxMG/Fd10fSFz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629538, "uuid": "641757ad-1622-4c7c-aada-16f756eac183", "value": 253440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629538, "uuid": "cfb7e8fe-e3ad-46b3-8747-6c680185e169", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629538, "uuid": "37fb8a56-03fe-4e1f-ab56-19b905817ae6", "value": "3dbc68ad8ed61358bd1d7d2c59d72a42b23f793e7fe1535cabdfee4c88ba8f4c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86db377c-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695624505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624505, "uuid": "7f8a4bc5-1c8d-4377-8c64-e45deace3e50", "comment": "Malware payload (AgentTesla)", "value": "845812652ad22154e63ec734154c53a1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-38831", "colour": "#FF3A96", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624505, "uuid": "0ce8e614-bf86-43f8-9767-e6539ff37a80", "comment": "Malware payload (AgentTesla)", "value": "3e92abb85fe234dd55668fc71346164ef3a65051ddeff8b4d871837300b03878", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-38831", "colour": "#FF3A96", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624505, "uuid": "b3c0993d-bd8d-44cd-afe5-4fe131cad05c", "comment": "Malware payload (AgentTesla)", "value": "53333437972ed2c23d2ac2d78ca90b93d1854d4c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-38831", "colour": "#FF3A96", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624505, "uuid": "b905915b-e469-4551-80e0-8b6b26b3083c", "comment": "Malware payload (AgentTesla)", "value": "69e60e351261f45b23c962adc3a546329c2b98e7c59667fd07dfd21a7f95f79e5320a117bebf01219005a4fd9162abf9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-38831", "colour": "#FF3A96", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624505, "uuid": "c5e2070f-c56e-4c2d-a792-9c6b8d9fd254", "value": "T16FD4230B80DA8CDE9CD08897E5F197FDA2C4C5198E431F08ADD159FCE8B29815896DFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624505, "uuid": "12015053-1dc6-4b7f-9e0a-21a809ee972c", "value": "12288:XjsYEu0Evv1RSKKTFqPdqQy7Hd+Fl6JsCQ41P64Ir7c7JkEvcU:XjsYpFvGHd+Fl6v1ic7uA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624505, "uuid": "0c9ceb9b-9a1b-4659-9c9a-5918e093bf89", "value": 625325, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624505, "uuid": "db31ae9d-a627-4986-97a8-3e13079445ce", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624505, "uuid": "8aebd11c-b9b4-4931-bcb1-28913c8359f6", "value": "RFQ23-301892.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c571d30-5ba0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695645452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645452, "uuid": "069eb8cf-b927-49cc-8651-63afbd99ef4c", "comment": "Malware payload", "value": "9d2f7af23e3798fd7d0769f6379d8eca", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645452, "uuid": "ca41422e-239d-4b53-8b1f-b254cacc9455", "comment": "Malware payload", "value": "3ecca31878c01eccb11f6b479f8390017fa5fc3a378179167f3097be906d48cc", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645452, "uuid": "13a9b492-2f1a-4e89-9410-dca3a1a1e3f1", "comment": "Malware payload", "value": "8dba814ab85dbe6f637853e310ab62251002558a", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645452, "uuid": "cb9e196b-32cd-4462-9b62-48cdf4cfc4d3", "comment": "Malware payload", "value": "71c59cc24ae9e70fee40baffe548826244911019a7027e53523e22217ca98dd5278fc3831f28e666a63b55e5360b3a51", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645452, "uuid": "7bddd47a-8376-4a0e-9a54-036ddede2df4", "value": "T10B965C6FB1A48129C1AEC17AC4DBCF84D43378BE1776C1EB529013690F669D05EBEB24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645452, "uuid": "06b9058d-0ea1-46a8-b1ef-9d225868d9bf", "value": "49152:VEf9/Y9qB3LLu//n/yRkH790vvSUvamxqNp35etrdOJsqSdpjMnG0iTayKYXLyl9:f9qRuXj3SqpxyJA0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645452, "uuid": "1052f430-f9ed-438a-8341-4cdf4c954d61", "value": 8837632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645452, "uuid": "eabb187b-39c6-425b-bf3e-9ea90e40f5da", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645452, "uuid": "99607ec3-1a88-4a4a-b9cf-a9fb9afdceac", "value": "doc20003902800300801.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b9d574e-5beb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695677771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677771, "uuid": "c54a3a80-72f6-4137-a638-61708fb28d44", "comment": "Malware payload", "value": "9ebe79e3eafcc84bf8831287e21409d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "golang", "colour": "#7C2D0F", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677771, "uuid": "7563cf3e-e5d9-4df6-a09b-0a4eb3205d1c", "comment": "Malware payload", "value": "3edfebdf7492e8fdda25e4f8d92e7bbc3d5d5a32bb5c6fa116d914ddeea68442", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "golang", "colour": "#7C2D0F", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677771, "uuid": "89b93c28-9e21-4c87-825f-16615df54697", "comment": "Malware payload", "value": "2884c031fc6e8e529d01914d9c4e10c186f2cd70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "golang", "colour": "#7C2D0F", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677771, "uuid": "c00c06c7-e415-4a0d-97a6-e8b8be11bb36", "comment": "Malware payload", "value": "a73cd19a938130490f84b88da943547c7d26433412806e371521e49ebea113a5b6f020857f09662dee7400b3fe333225", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "golang", "colour": "#7C2D0F", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677771, "uuid": "e05fee50-2109-4c2c-b56a-7098636e26b4", "value": "T11E767C960E70D4BDCFA6A03C8B064FE69761F445133C7AE702905EDA3F9A5D04A7B368", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677771, "uuid": "b21a0dc4-179f-45cc-bb11-c77c49313349", "value": "c275f4d833c6070d028204a1df4f5f54", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677771, "uuid": "b12410da-07bb-40ab-a01b-801a9da2375b", "value": "98304:EKX4PppMS6ewg3fOC4lnOOJkj1JjZH/rn2oKensvFfjlrfOPW+9:E84Ppp16B4SnlJoJjZH/729ensfbG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677771, "uuid": "74acac83-ad81-462f-9816-d86a78e95ca6", "value": 7557120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677771, "uuid": "6ae63e88-039a-40ef-9efe-b85ecee0243f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677771, "uuid": "bf728ea6-e5a0-43e1-9e21-a47fe2da79ee", "value": "DAHBxY52qX1C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bddcb8be-5b4a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695608706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695608706, "uuid": "77f20d82-0b82-47b2-a217-c28d8458a0bf", "comment": "Malware payload (Loki)", "value": "35cbdad2c3b7057f546448c7c74f8934", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695608706, "uuid": "9d0cea45-9222-4660-a652-24819cf789c3", "comment": "Malware payload (Loki)", "value": "3f204c56a26385e98a22ad026e41fe7009266e0f50b6668485db0ef6346ab783", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695608706, "uuid": "3333f582-64e3-4253-a816-c4fc2d1a7caf", "comment": "Malware payload (Loki)", "value": "96de55fb6a042cbaeb0a0c57648348df7fa65ec4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695608706, "uuid": "66a1b14d-a7ee-42a9-87c4-4fda82e8bbc8", "comment": "Malware payload (Loki)", "value": "f9a8004fa23c829768f75c3d129b392fc5840a8c9c4f8c298ac8f24bd77816502d1b098dcf303ff23f70e3547bf370f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695608706, "uuid": "4b9388f5-5e54-439b-83e0-1c30bd701811", "value": "T1B6A412DD75E24624EA4E43768BBE105B83B0F295D401E719C9DF29CB0AB73948A24F37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695608706, "uuid": "dd3226f4-8bb2-445c-bfeb-75d2941259e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695608706, "uuid": "37309960-25cb-4375-98ad-dc0dff5152e3", "value": "12288:D725douGdYOmAp89LFZICje6BfYqy5bqiVPQ02BGrAs2:2YdYnD9LziYM5GkQ02BYZ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695608706, "uuid": "1c15c1ce-a96e-4af6-a081-c1ea66055919", "value": 471040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695608706, "uuid": "70f1d964-ddf5-4c04-ba58-d243df92f23c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695608706, "uuid": "125614c8-de9a-4e5d-a22b-8eaab34a4853", "value": "Purchase Order - R40003152.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad06ff64-5bc1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695659788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659788, "uuid": "15c31759-e6dc-44c1-9c8f-af09f36fee6c", "comment": "Malware payload (AgentTesla)", "value": "b7f7489e2c1c270552c1755c558d580a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659788, "uuid": "e241c20c-f60a-467e-88b8-af8f35c75229", "comment": "Malware payload (AgentTesla)", "value": "3f68d49b10b78abebff4fe1624c64e2f9108a7a776d945ac71a046c23f85740c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659788, "uuid": "10bc3f11-1f65-4884-8779-b8e276c09745", "comment": "Malware payload (AgentTesla)", "value": "a1cda85f1fbfab2d7869fbdee564ce74df80c529", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659788, "uuid": "b6bb8ad1-a42c-4e90-8b05-f5d45de9acd4", "comment": "Malware payload (AgentTesla)", "value": "24d96d63459a3e6279188d828e806ff29b2c5c1a1668ee65e99c65056ef031e5a93ad874e1ab1849053f37a2c76d9de8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659788, "uuid": "5982d4f8-a691-46b7-92c7-d69cec196a2a", "value": "T139E423C423F41B60CCFD6BFB4239A3916B7CA1155E46F30D2CD450B62AA73718AAAD53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659788, "uuid": "3d9f2b53-8287-4c73-924f-9e8ed4121891", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659788, "uuid": "2da73d8c-f156-4998-a6b6-eda631145762", "value": "12288:PtHRarD61/Fq4ulX5oTfOtk+Y/BuIiGys/zNhUKvRTwHOhQ9+WByP:L4Dk/g4MhXY/BUsZhBwHGQ93UP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659788, "uuid": "c3285656-82b4-44c3-b738-301aa99db8e8", "value": 673280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659788, "uuid": "6e958b20-b51d-4be3-ab3f-5be13f09d485", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659788, "uuid": "45670792-08c6-4a7f-a178-8f554ce6d212", "value": "rquoterequestSTS3780.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7651ebad-5b6d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695623618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623618, "uuid": "92c3534c-7f81-48eb-b035-715dbfc43221", "comment": "Malware payload (IRATA)", "value": "b3eeb84551d85f3794b871b36d45e98f", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623618, "uuid": "0da8369b-6eb5-4df5-9af5-d954e8471ed9", "comment": "Malware payload (IRATA)", "value": "40a3d933f7f77158ecc16c11e0d16f670122bfc2e4ecfb2913485a64287ae66a", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623618, "uuid": "9319533f-ef1b-4712-98c4-83b7a0fc5f64", "comment": "Malware payload (IRATA)", "value": "7c17e2a34a164ca6df9115efd4c0dbf315c24d4f", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623618, "uuid": "f191476c-76e7-4539-8eb8-e6851b75e946", "comment": "Malware payload (IRATA)", "value": "e15967c78ab66060e1de64f6e351ce1436a85edf6e231501b0c993cf0edd43d1bf627fc2f3c42419b1c1d022081615ac", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623618, "uuid": "cd9cc4e1-f35d-4314-ac4d-f2466948f776", "value": "T130E533B5EAF2E8B1ED6B907DC057D0B32F4FA75A6600C5C56E80884C47E7C68B702E64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623618, "uuid": "9f28c944-b598-4f62-a9ba-e688dbf44691", "value": "49152:GIiKk4d67D7wQlWDhWEchZAEGKm5AqBjdT7HeKWIG9UHFOJvMmjySyADNV2bg1ch:GIi34QDQhjSZAEBqBjpaJfOOJROdEMbR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695623618, "uuid": "a0e8ddb7-efee-4852-bccf-564654d44ca0", "value": 3110535, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695623618, "uuid": "fb608a2d-4c37-420e-9e88-ba60db0268eb", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623618, "uuid": "065e6c57-d689-4aff-ae9b-47f4d73fdad6", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0712db17-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695620425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620425, "uuid": "de72a668-2a81-44ef-8b29-b64b9eb86a30", "comment": "Malware payload (MysticStealer)", "value": "5d1cbdccc53bd46cbae10a93e31fddc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620425, "uuid": "a6e6e6ef-6c06-4489-b1d6-e92e09a42d75", "comment": "Malware payload (MysticStealer)", "value": "434880cab227c20e6d38726b12ce826dc8b499d25d2c8396f572b63f758afac8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620425, "uuid": "23a550e0-f46b-45dd-93e2-e47575c97ade", "comment": "Malware payload (MysticStealer)", "value": "fa6ab1ec9ce0b4a3136631a1c6d2dca21934c9fd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620425, "uuid": "ee6018f4-5d0e-48bd-b703-8250bf8863b8", "comment": "Malware payload (MysticStealer)", "value": "39a55dd605a3910b330dff812d8fd62b547ddb07cde861f7cf68f876bbbe40b1138d57c238d16d13948207853d74c3b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620425, "uuid": "7eb84a8e-7e45-4832-b2a0-692bf7456adb", "value": "T1F084AF0371D0C072D9B2653205F09AA9C6FDBD6187D1CDEBB7E9095E4F20AC2A23676D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620425, "uuid": "e9da8db0-a994-4b4c-a86b-e42d206ab03b", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620425, "uuid": "0ede7d45-9f2f-4f21-af69-17920d01acfe", "value": "6144:BlPchHX110KwTVSf3pOCq5b6uAOlH1scR5Hpj55p5naWTWqwm:BlPi3110dVaUcuHH1xR5Hd5nNTbwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620425, "uuid": "128807a5-3eac-479f-9023-4ed25e9062a9", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620425, "uuid": "6e20ee0d-dcdf-4bee-9908-9f4f8b2f9894", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620425, "uuid": "2c1348da-f90e-4fe7-ab43-288b1453dc03", "value": "SecuriteInfo.com.Win32.Evo-gen.13208.9600", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f90e727-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1695629540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629540, "uuid": "e5f62377-a2ac-44c3-b7a4-a7f06e1ca2d3", "comment": "Malware payload (AveMariaRAT)", "value": "9bf3061ea037b732a9b4a86c7e5b7172", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629540, "uuid": "5d1c394e-015d-4d25-8989-a95c966e2eda", "comment": "Malware payload (AveMariaRAT)", "value": "45666c8cb9a8b446db365c8b958c0ea1dd971a7332724f1f049b099f4fc9bdd7", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629540, "uuid": "f63b7c61-d78f-41ed-9aec-ce8b3c891cc3", "comment": "Malware payload (AveMariaRAT)", "value": "f5ce864af8bcc09d06feb7a40511babcf69b01d4", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629540, "uuid": "f54105ff-bb5e-4fca-bb6f-93873aee3193", "comment": "Malware payload (AveMariaRAT)", "value": "f2d0b69f188c33ad3c822f6fb348c9af16a58157b1aee37082f463b2cd9a0f2a3fb59a75276f28a7afb74b442b625ee3", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629540, "uuid": "bf3189a9-4074-4255-bf15-bd1972d1070e", "value": "T100E37D227BE54039F7B7057019F93E25D7ACBE310E31CA4B5BD8488B58B1589E9363A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629540, "uuid": "377e8861-47c7-4ee5-a897-29fffdd831f1", "value": "0145d2c473bdbcd7b46a054bd6893ec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629540, "uuid": "dcfc8d1e-4d6b-4467-9f12-d4c97b6e0cd4", "value": "3072:2k4aHUBOO36YplMqBB3ZcPxlG+bBsDHqYzHKG0qIwj:2dx3wqz3ZcDeDKYzqG01wj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629540, "uuid": "77a26675-bab1-4695-bc54-34d5d17fa9e3", "value": 144384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629540, "uuid": "6fd64ff1-d307-41bf-a965-61712608e26f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629540, "uuid": "f1a02042-0c6d-4683-a091-2633b485b880", "value": "45666c8cb9a8b446db365c8b958c0ea1dd971a7332724f1f049b099f4fc9bdd7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efd3417c-5ba2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695646586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646586, "uuid": "cb5dfff3-bc66-41d4-931e-288922f6f866", "comment": "Malware payload (Smoke Loader)", "value": "8228a85c00085832575bacde729123bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646586, "uuid": "2676cc99-77f3-4a4c-b26f-a8831089df1f", "comment": "Malware payload (Smoke Loader)", "value": "46ab939c8a747eb5e24012593cd89c0744940834dcf4ef028f5d908a98e073b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646586, "uuid": "71d0fb3e-d32b-4213-93d3-0ee80e969a6c", "comment": "Malware payload (Smoke Loader)", "value": "5af96a927474be57f3be88dd0b563c3d2538adbe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646586, "uuid": "1a3a9756-b499-461d-9c20-44b557f1c820", "comment": "Malware payload (Smoke Loader)", "value": "c74af7f778a4164dbd35175ed38fea552d5f912844ee65fdd3019e923b2373cce91612adb3b62edb17dd67ca5cf43dc7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646586, "uuid": "848657fa-ee3f-4949-a10d-408ed080df79", "value": "T12314CF107AB2C076D17B86B45831C6906E7F7C33BB68D45FF24417AE6E3239296E6312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646586, "uuid": "8b73f35f-09d4-4d63-a8ab-927af58d5f74", "value": "4ea361ab120c57b8b80c2f6f90919695", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646586, "uuid": "33df1cc9-590d-4051-af7d-e46e18d3ee68", "value": "3072:AGEG2Uy8bzRAgVwA/cP881CUGPgo8aW0SQ5CQz5It+T:cG2UyOz1V5/cP880/gZarea5It", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646586, "uuid": "e33dfa2e-9656-4eef-a482-2a5f6abd7751", "value": 196096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646586, "uuid": "858ac1fd-d4c7-415c-ae59-3d42b0b7630a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646586, "uuid": "6d9a5db2-c18c-4e5f-862f-2e5a1de78fda", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bacef1e3-5b5c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695616432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616432, "uuid": "7bac7c94-d302-4f0b-8fba-3174ab456996", "comment": "Malware payload (RedLineStealer)", "value": "c5e478eec410f273b71b66891382d22a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616432, "uuid": "fa1240df-1fb5-4a19-bc33-f2029a7e4d86", "comment": "Malware payload (RedLineStealer)", "value": "4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616432, "uuid": "ab823bff-4b29-4038-8941-c84f0bb7a317", "comment": "Malware payload (RedLineStealer)", "value": "980bd6d85b793b708da5be58a1c61192200628a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616432, "uuid": "453fc056-4887-4bae-8faf-eb414902db82", "comment": "Malware payload (RedLineStealer)", "value": "ed93eefe5f3176c9a7c296fc46e6b1d4bb22b2d406a1e3624d3ad88e3ec10e4fc359311dc812c6be1f3edd314f08efb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616432, "uuid": "f5c60ac0-1088-4f90-91d5-1280ae75fbdb", "value": "T19A44AF01B4D18472D472213209E4EBB69A7EB9200B555AEF77A40E7FCF707C1A73276A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616432, "uuid": "c0e7a53f-e983-4a87-8990-cd09a5ec2f7d", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616432, "uuid": "43fa3663-f20e-4323-b265-bebdf1f6452d", "value": "6144:sR/hrJ+j+5j68KsT6h/OCy5U9uAO7APOQO7qw6:sR5N+j+5+RsqGGuChOGw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616432, "uuid": "c5a89589-a57c-431f-a2fe-d3bc223ec63a", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616432, "uuid": "e143f959-d9b3-458f-92a5-fc1c3d94b028", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616432, "uuid": "c3c7505c-9e1f-4587-ab37-2c8dc9863050", "value": "SecuriteInfo.com.Win32.Evo-gen.18916.5943", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de2a33a9-5b98-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695642261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642261, "uuid": "551dad3a-292c-448b-9e9c-15642b9d0809", "comment": "Malware payload", "value": "ee9b27216a71418e04117dfe53869af3", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642261, "uuid": "3d2167fd-da30-4b97-8274-2ea62f842869", "comment": "Malware payload", "value": "492f51ba8c36f2a4c8c455b857442efc7c14dd210d1e3b665c11066d7a2379a4", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642261, "uuid": "3f87aa2f-755a-4566-8a42-a7920c2a6d3c", "comment": "Malware payload", "value": "759661ec3b940fef5d645089587c6aeea2e7ce0e", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642261, "uuid": "dde1d095-55f2-4c7e-835e-5d0fd5c5467e", "comment": "Malware payload", "value": "cefc5214618427523496cf2d331fe440a032426e2e0ee1eadbeb99cfa11d94351d6b3fcee00e6cc1b2c21d0cc04aff21", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642261, "uuid": "721d3bc5-43e0-43bd-95ee-64776377359e", "value": "T1B9C4BE57CC189B53A42883F8FE030E7D2B0E2A0CA88677FF05625DDF2E606155D9E56E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642261, "uuid": "b4038808-9dc3-46d4-afb5-91900d100cb2", "value": "12288:G0jjj8n7Tx9Fjd+eXMFX4QtifSY31izJQ8kHWJhujrCiIhUfQNd6X:GX7TxV+eXMZ4Qtcv31izJw6Ni", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695642261, "uuid": "14b3c8a3-ceb3-4e0e-80e2-74b35ca80a3c", "value": 574498, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695642261, "uuid": "da32c491-a7f4-4bc9-b2bf-b3a354d4f079", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642261, "uuid": "65ebe2e9-b2df-43ff-8d9f-2b29afa598ca", "value": "492f51ba8c36f2a4c8c455b857442efc7c14dd210d1e3b665c11066d7a2379a4.bin.sample", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16d9c402-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644933, "uuid": "c59b7ec5-737d-43dc-8e7b-97e14220ae2a", "comment": "Malware payload (DarkGate)", "value": "9a05feac5e2c59fb49a71b4dabee0581", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644933, "uuid": "160354fe-b09a-4730-8b4e-2b184e61e4ef", "comment": "Malware payload (DarkGate)", "value": "498db459576685d4f297b2d39cf6b8b17f1e8a950524763dbab5f7b12bb83d1b", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644933, "uuid": "057c7167-ecee-4c73-8280-d5a2c9648d7b", "comment": "Malware payload (DarkGate)", "value": "ace6d943f0dc8d02385db2d1384c4b0942943f86", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644933, "uuid": "2cbfa752-9d95-4f78-8707-e94989e2d4e2", "comment": "Malware payload (DarkGate)", "value": "807bc0ec03fb89e792aaab537d790b0da4160145b988f137ad0072d8d74c27d21205cc96a89554cbec60cf9528135ede", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644933, "uuid": "cd07443c-63de-4eba-9eb4-c0ae3f37a02c", "value": "T1DBD0A74A226B63FBC8059B08227503CB920F208A8F628CE8970D8985680E54FE4E9555", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644933, "uuid": "ecb09a9f-c4ec-4826-b110-a29bc9b70538", "value": "6:4I5T65OaOKfQ/mIHYcPs3iLIHGHYcPsK+3TiJULIn:4I5DD+sYoMiLISYorQTlLIn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644933, "uuid": "9919566b-c621-4f8c-806a-d019e7fd7c7f", "value": 233, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644933, "uuid": "db5359ce-1be8-4e58-8c77-0bb33e22dfdc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644933, "uuid": "91fbd2d4-c3b4-40d3-ae19-ebc2ee979975", "value": "vjikfjxb.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3ac1524-5b96-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695641411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641411, "uuid": "1bee57e6-363a-4f11-8bf2-641dcb6916a7", "comment": "Malware payload (RedLineStealer)", "value": "c45c1b3ec4f9be0ea0eae9635ec95c38", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641411, "uuid": "9764d090-4664-41c8-996c-415c322bc41c", "comment": "Malware payload (RedLineStealer)", "value": "49dd38c8ad176cb5d26a742ee0feda3a00fa36c1348219a6573da215cd6ddff4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641411, "uuid": "8d1b1c3c-5225-44cf-ab16-d45c712499a8", "comment": "Malware payload (RedLineStealer)", "value": "56a8c477ab9d89a295f1d92e077d4769b55c478c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641411, "uuid": "1f21020a-2069-417d-a4ce-6e360a566c16", "comment": "Malware payload (RedLineStealer)", "value": "0c2358dfd826b947bef69da520c149a09882c958b765894dcaa1e755f2b96926d68f040696afb479540763f9dd3e9660", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641411, "uuid": "6fec17f2-1d4b-4f91-b0d8-de26fbeb91a4", "value": "T19E356BA1F9818232FCA639F9719FB4BDF25DB4A407E545C7F1CB4AEAC2102E16E35181", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641411, "uuid": "51657ac0-e9c3-4a54-abce-2e04e7aff3e1", "value": "a82d39a6c56158e4ea461428d86a9329", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641411, "uuid": "ec9cb802-828d-4ee6-8cf4-85f08a875113", "value": "24576:kgXXnSa1ezkPLyUgINbUk+4KnqdD0v53wNb90:k3a1ezkPvfdMO4vdw99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695641411, "uuid": "1345c065-e985-45b5-bf14-16cf8060817e", "value": 1097528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695641411, "uuid": "cded4bd7-4f72-46a5-8d90-7e60ce9a1f24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641411, "uuid": "166aa0e7-3809-42b6-b8f5-1d90472e76ac", "value": "c45c1b3ec4f9be0ea0eae9635ec95c38.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60e60cd2-5bcd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemoteManipulator)", "timestamp": 1695664814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695664814, "uuid": "9040dbda-051f-4d6a-a39a-d717677e6ff1", "comment": "Malware payload (RemoteManipulator)", "value": "e61f1ee63f169bf4b6d5b3ff4269adff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemoteManipulator", "colour": "#F73CCE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695664814, "uuid": "c539ac81-ccde-4f2c-8f44-8f18f5de1ee8", "comment": "Malware payload (RemoteManipulator)", "value": "4bbddf37cf7ccf85920abfb4eb86bfb37b558616db11bad35ff92c151f907c1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemoteManipulator", "colour": "#F73CCE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695664814, "uuid": "26451fa2-b942-4b99-938f-b8c682c3146d", "comment": "Malware payload (RemoteManipulator)", "value": "970cbd795246c3bd245db7c5322dcefe08b3586c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemoteManipulator", "colour": "#F73CCE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695664814, "uuid": "2c5e0dff-3803-40c2-91f1-7d892899e756", "comment": "Malware payload (RemoteManipulator)", "value": "94604b3ee6531959edeaa703a055ff125fd88c16bbd39cbf5c7b9af08e1911d3a0a28cbe1bf280c7ca68aff421080801", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemoteManipulator", "colour": "#F73CCE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695664814, "uuid": "1dff5d6b-b61e-4232-b9f2-92ee1893e2fe", "value": "T14F854502D980B427FB9600FD23CAC93EF169DF461B851CC64297B915FB3C7A926B2D46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695664814, "uuid": "599156ba-e422-47b9-8946-845568905424", "value": "066417e17a8df05a418e9e35493e2cfc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695664814, "uuid": "f76cd097-0ce5-4efc-a465-2f26d724c37c", "value": "24576:io2JVedYmkqGFHLiPkUPxvdkIOCAyEnfXOl778eD5ZjJydsGviwSHfwjWiwSHfw6:CISSI2CoUCSL2CoUCS1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695664814, "uuid": "28a4832c-9510-4e8a-ab83-4c84bee0b8a7", "value": 1809824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695664814, "uuid": "a900ff07-4e1a-45a9-80a3-77cf9e675270", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695664814, "uuid": "a2126cf0-230c-4045-bddf-733fb10e7261", "value": "E61F1EE63F169BF4B6D5B3FF4269ADFF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf741b96-5be0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695673133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673133, "uuid": "a9be0f3d-6b00-4537-a988-1a02e4b80d07", "comment": "Malware payload (RedLineStealer)", "value": "2737f150b71b42b99797cfa7a43e7c5a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673133, "uuid": "77685724-86bd-4e3d-8202-825f63277387", "comment": "Malware payload (RedLineStealer)", "value": "4d92ca37eb8f53ced9c9a871df34bfa7fa207ef57989eaa4acbe053ac37decdb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673133, "uuid": "43bf2ab7-4b7e-4bcf-bb61-837a4c7aca2e", "comment": "Malware payload (RedLineStealer)", "value": "638a72a3594288066b0eb13bfc290c14aed90d67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673133, "uuid": "86b967e1-07ab-44a0-86da-7c44b2eda5b8", "comment": "Malware payload (RedLineStealer)", "value": "a3a6eac768c0a0f70f01bd26c72a9ab6bd6a748396702b0869142c8a49dcbfaaeb91dd2ca183dfb094e72ce2cb4a0166", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673133, "uuid": "24df3255-23d4-464b-8f25-4c08036832dc", "value": "T195849E207563CC73D4FA2931C555A2698369E2D00371C7ABBB4A1FE64E332A392375B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673133, "uuid": "dd129ac6-ef84-418a-83e1-15d9fcbba7b3", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673133, "uuid": "77eca50d-0746-40b4-bce5-38a92b94849c", "value": "6144:oLyrViSWAs3WHexAVklAOfQ52Z4LeboPGCc:oLeiSWLTpRZ4iuGCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695673133, "uuid": "10dae2ab-44dd-436b-91f0-31914af055e8", "value": 405960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695673133, "uuid": "05020939-5059-4b8e-a73d-9f3bbbe1b163", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673133, "uuid": "155ac8e9-d527-494f-82c2-652f8b1fcb43", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48ff5bf2-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1695629555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629555, "uuid": "cb648489-9598-413e-9d65-22c2dd17ae62", "comment": "Malware payload (RemcosRAT)", "value": "92bb76cb7c432d244b9ae55875a8a72b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629555, "uuid": "f3ec68db-8f31-4a1d-b282-7ba231b288c5", "comment": "Malware payload (RemcosRAT)", "value": "4dd39cd7e19df27e79b7aecf317eb2ff409a3d15c2abd470a055e11c3aeefb6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629555, "uuid": "47a68b7b-6627-4229-a2c1-6a3059e14980", "comment": "Malware payload (RemcosRAT)", "value": "2e74b484a20f039731617612da2a1db3bbb1aa2b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629555, "uuid": "f765ef7f-e710-4530-8390-d5f19f89876b", "comment": "Malware payload (RemcosRAT)", "value": "3d8619a4f4ee40fe8737c2c70701a77c8940fbe505de1eabdc9cbcad2a45ce9ca65a2a591a9b1941642e73fc12f3e28f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629555, "uuid": "43254226-9ab6-4a74-9086-242d866370f0", "value": "T1262512213B6C9FA2D23E63F182D8D94513F6645A603EE7090DC370DF6AA1F508B51BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629555, "uuid": "a0f91dac-93db-49e2-b46d-342c2561858f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629555, "uuid": "37a49a5a-e6e5-447c-9526-f8c519d28aaf", "value": "12288:HdmwUG2iNt+FfsPFnntHDoo3qlzZOQFBm+Usb6d2RZqJh7kTrWVLUuOF8BV05FQa:MwUG1SF2nnCLfm+UpGEboWVLhObm1o9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629555, "uuid": "fc0148ba-357c-4989-b3e4-e1b6171bd636", "value": 999936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629555, "uuid": "6490c7fb-83c6-422e-8315-2758204d0bed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629555, "uuid": "cbdd33bf-994e-4364-a6a7-843fe818ecc5", "value": "PO160.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c90a5f5b-5b85-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695634065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634065, "uuid": "e5b87056-cec9-4c89-84b5-1838556f64e4", "comment": "Malware payload (AgentTesla)", "value": "a495ba45d8eed54c7005af90f94d6eb2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634065, "uuid": "ff0892b4-534a-41b2-9532-c60813d88b45", "comment": "Malware payload (AgentTesla)", "value": "4fca2d0f404957982464f69b813c6970f4ca4a3f8f6c855a36f5a8cead5874b5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634065, "uuid": "d4c7055c-4ce0-4081-8840-29e9e13e6573", "comment": "Malware payload (AgentTesla)", "value": "b8d6053db78942704dbc9ed240bdbeb4319df64e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634065, "uuid": "466f1814-7854-48ce-9694-c733d89e029a", "comment": "Malware payload (AgentTesla)", "value": "39392b42bdfc5c2844eca9710596f8f1daffdca159a474747b0c0aee491102643d8ef06f4757c358b16d40271ef41423", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634065, "uuid": "98b07eb0-0318-49f6-9fe4-b5ab35865e78", "value": "T18BC46C2913ECDE05E18F827BE3144A798BF5C112A3DAEB566D58EDF71C83F1468019A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634065, "uuid": "ab96dc42-bb32-4282-a33a-29499d04006a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634065, "uuid": "e704ac6e-b5dd-4202-ad9e-cc5593405ff4", "value": "12288:Q1kJhvZ0+o56VfP//5j4yWwXrixM7RsQxqhJE+4pBfFr0xYi:TAY//9M67aQxqhC+oBfFr0+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695634065, "uuid": "4757bc77-4c82-4fe6-a083-29bcbf059e57", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695634065, "uuid": "fc38ec34-75b9-4800-b48d-dfb3552fea61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634065, "uuid": "4c0cc1a9-8ca2-4c95-9cd3-02906d06b111", "value": "Turkiye September Order 2023 pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db66a8c9-5bda-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1695670603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670603, "uuid": "3ae09a41-095f-4c5b-9d66-21fcb0c38ac0", "comment": "Malware payload (RemcosRAT)", "value": "62304ab9ea09befcc17d78857c685533", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670603, "uuid": "b7eb9767-8d4d-4479-8a13-2910c5d9f524", "comment": "Malware payload (RemcosRAT)", "value": "4ff54bc771dc97403996794c50ded1a97b000c3f6eeff64afe3d049735e6bcdc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670603, "uuid": "4e670a03-e50f-42df-b01b-67d967f90c50", "comment": "Malware payload (RemcosRAT)", "value": "989d919493942e6da3809bf8c8c95945627797fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670603, "uuid": "c4fa3e86-f03b-42ee-b96b-3db8bffab7b9", "comment": "Malware payload (RemcosRAT)", "value": "6986407efbdcd24ffcaa70dc28c1ba770ba6abe3f81481f6f8c8338fa1b32cd4325b8d19f32f9433b3f5f38ccec17cbe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670603, "uuid": "b7f645a0-9432-4e01-8926-80188a7a3259", "value": "T10E15127D6C44417BC2F9C378C4E91A03F254656BB332EE56CAD71B8A1627A0379C272E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670603, "uuid": "8e3fddd6-183a-4ce0-a52c-d5905ccd1f11", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670603, "uuid": "993d77ce-2932-4c10-a9c4-1da244136b4f", "value": "12288:RUgkR5725KtZs1L1fG+fzdX3mJwQlC6sDwhyxLU1KUT55/swI2J7Z3nFxecfSNcg:RUanF1e+bdXK1IegUbEwIoXmcB+yi1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695670603, "uuid": "2524c309-7072-4d86-8311-bb1bb451986c", "value": 883712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695670603, "uuid": "94df9881-f0c1-4035-8b3b-c637fac38d9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670603, "uuid": "e224f7d5-9984-4fc1-af0f-6ddcf502e41f", "value": "SecuriteInfo.com.Win32.PWSX-gen.17695.8177", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1ce17af-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695624631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624631, "uuid": "2a1be915-c7c2-4d1d-86e0-6f44f954eabe", "comment": "Malware payload (Formbook)", "value": "12108fac93761b4a6c612f7d739b145d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624631, "uuid": "2ff127d1-a190-4d64-884b-7bb8a1cfd42b", "comment": "Malware payload (Formbook)", "value": "50413921860a4f9db3c3ab95c68154e9ffd12726c64a4a46d141499fcf448288", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624631, "uuid": "83828f24-7986-49f9-97f7-ca7c103ae6c4", "comment": "Malware payload (Formbook)", "value": "943b4c611e8ef096e425d06823189917e08bf75d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624631, "uuid": "070bb239-e0ea-4490-ad27-7fe8513383b4", "comment": "Malware payload (Formbook)", "value": "98329c965dd67e6ad5a479d711d394c95db091ab582721d058200a33fd5f055233ed75ac46638aa4887a4f99e8d9c7b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624631, "uuid": "334ca790-3d28-4c97-9b3a-476aa8b4cc95", "value": "T187C422987EC24322F89D27798B8D621783B1B458D106FF39CF892D574E393496922F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624631, "uuid": "454719c9-2aaa-40ea-8b2b-4541cd8a7559", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624631, "uuid": "297d7761-a797-4512-ad03-635030c1bb7f", "value": "12288:jK725RMwweP/Cvmf9TEF2hqp6DCQlRNoTrpWPxpRe74fsjmlJpB1TPd:9ZTPayBy2YpCCQlRNEF74kCl7B1TPd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624631, "uuid": "ef9a144c-39db-499d-bc25-4776ffa02d63", "value": 591360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624631, "uuid": "7f7b2964-44af-4846-8027-55696e07d3a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624631, "uuid": "5dec3875-b1b0-42b9-8e69-2eaa71b4a4f0", "value": "mJHuwH7pCuqGrJU.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7cc526e-5b93-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695640103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640103, "uuid": "32855d30-132c-4e57-b5cf-568eb5033817", "comment": "Malware payload", "value": "a7bd2b3c5d8ba504be0fba0e59edb70e", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640103, "uuid": "1f211055-ed19-4230-9026-47667885fcae", "comment": "Malware payload", "value": "5105ca1f00e3a64fc50060e5603f05551184562e806ad37609727931fcb27951", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640103, "uuid": "0d7cb370-7ef5-4152-81aa-3c4df962eaf9", "comment": "Malware payload", "value": "50c5145ea1d4149e486c4426560010599971221c", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640103, "uuid": "b37cb056-b852-4970-95e0-094cc0e79ee6", "comment": "Malware payload", "value": "a176c080e86c91ac18f2ba7b0b772c98329b5aa67fb127cd602da45f5368f39ad00f00c08f9ee7c66b307186f9b4bd6f", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640103, "uuid": "065abe0a-488e-4cd1-be9c-e03eea2fcfae", "value": "T1629633C65047ED4BF80ECC33D1BF29D1A51690E2E056E834B798F754662BAA080676FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640103, "uuid": "948115d4-4aed-4d8d-a255-b1672eecad5b", "value": "196608:wU/h7Ss9AMClekEtu3nMf3HOlyihhSc+dthSHTLW3B:JB7xKEtMU3Oly/uC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695640103, "uuid": "a6d5e2ce-01a5-404c-81bc-5d99ece2a9a5", "value": 9052199, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695640103, "uuid": "5dbfcce4-b232-40ed-96c4-e4b532fb4aeb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640103, "uuid": "985f91d0-ebab-486f-bf17-37f62a0df9ed", "value": "Chr\u043em\u0435S\u0435tu\u0440.msix", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c82ff16-5b7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1695629024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629024, "uuid": "2e631cb6-48ae-482d-b9de-f5c985e36d7e", "comment": "Malware payload (Adware.Neoreklami)", "value": "60e5b9b3dcd1de66db01ef3179af271e", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629024, "uuid": "1007465d-f5ba-4232-ae19-913408c0226b", "comment": "Malware payload (Adware.Neoreklami)", "value": "5115c388d9ee15a982553ee9f821b2c51a70e6a84b9245ab0bd6906c00738f68", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629024, "uuid": "3029a959-f848-4975-813f-3f50b14eb624", "comment": "Malware payload (Adware.Neoreklami)", "value": "6676f3212585038970b98f48f92b25085426590f", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629024, "uuid": "95549f3d-448f-468b-9e90-f8ad7a85bc11", "comment": "Malware payload (Adware.Neoreklami)", "value": "149598dd944afeedc982e1d05e9564c4068f8315b7cee6045fa11a0364381837cfd546db3f6481d89c04b043cfd2b842", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629024, "uuid": "aedb3730-277a-4cf1-96a9-3455579ce471", "value": "T16976333332DD5D72C2D758338EB0FFA1A5E2E9545D078423370D886F6EF96992A24B90", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629024, "uuid": "d2553056-64e9-4805-bd31-2f4ee89f6960", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629024, "uuid": "3df4fed7-df0d-4f35-a79b-5529684d29db", "value": "196608:91OkKXM/5QWWQBuVIljVZeHP3TR777fbk/DHvHBhvvSRFj:3OkxRQlF8VZeHPDh3IPI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629024, "uuid": "efe90df6-891e-4aba-830e-256d7b6d36a5", "value": 7629747, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629024, "uuid": "9446c008-09b9-4d15-9276-5be4852aecf6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629024, "uuid": "f535eda3-5dd6-426a-b102-0bed7550ff40", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a95203d9-5b76-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695627570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627570, "uuid": "6dccc7da-2095-49c1-93e6-d4bdead9d4f4", "comment": "Malware payload (AgentTesla)", "value": "1074a625d6897ffc3776404e964530ae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627570, "uuid": "87012d09-0071-44bd-9349-a6efa6f7dc08", "comment": "Malware payload (AgentTesla)", "value": "523b7eee7d8dc641bf2a9675621b82b3934f222a5ad73746416d333bea7132fa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627570, "uuid": "a6036013-0902-4236-afc4-ade898082061", "comment": "Malware payload (AgentTesla)", "value": "a08400c7e727823abfbf5c98c20daccfad67b682", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627570, "uuid": "4cb40de9-8554-4593-84f8-64a7542590a8", "comment": "Malware payload (AgentTesla)", "value": "9f23f8a6b3cdef26d11a9e4bdfe92c5a9b7209172aa11a25e2162c9b52bd33b88b8aa7814e2757d92ed0b39e24376ac0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627570, "uuid": "19a1fc77-c4df-444c-abfb-b5d10aa6c7c6", "value": "T182A4071035DEB10DB2B63F937BED769A4FABBAB26A56015E710513034A62D80CF50B73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627570, "uuid": "83ecc4bd-c9c4-48c6-8735-1782b21a9809", "value": "12288:HiZZZZ7iZZZZ7iZZZZ7iZZZZdiZZZZ7iZZZZ7iZZZZ7iZZZZ7iZZZZ7iZZZZ7iZ7:i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627570, "uuid": "4fa5fe54-0370-4e18-84c7-52574c5a2520", "value": 473584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627570, "uuid": "bd5dadf8-e9bd-4d25-a4b7-7a9c698d6c70", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627570, "uuid": "b96303f7-8080-4934-81a1-0d5df04b59d8", "value": "Req_for_quote.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68ba14e1-5b54-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695612858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612858, "uuid": "4656ee56-b3ff-4bc7-8c87-95f5a4f3752e", "comment": "Malware payload (AgentTesla)", "value": "ace4fe25d9a311eb76341e8852a27471", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612858, "uuid": "145f921c-ed57-472c-83c8-8868d08aa675", "comment": "Malware payload (AgentTesla)", "value": "528aceae347b69455dfb59afd54770e03a3ff27a7c3b38f0cbe79ffb4b317ffa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612858, "uuid": "e212ddb6-16af-4a46-84bc-4c2fe8e0f960", "comment": "Malware payload (AgentTesla)", "value": "5b1218f378fee6fd959f78b11849fb081204bce6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612858, "uuid": "5284c3db-ef0f-4abb-9ed9-40a01af04bae", "comment": "Malware payload (AgentTesla)", "value": "e3633680855970a7e2c3122dc0e515ce3b90e51abcbc62b79d11d673c20e93f7d7b4a86fc6985cc2b000b22d07be1f6d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612858, "uuid": "c9440639-278b-4355-8528-56d1153a8732", "value": "T1D1D423D439A68F30D18D137AAF4C255F4370B6109847E37EC95A29AF06363485E61FB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612858, "uuid": "11e22fa6-2559-410c-b0bb-5c2a020c41db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612858, "uuid": "bd274d38-08ae-4e39-b97c-5c694e36d265", "value": "12288:HT725l3XhcHyUZvKD+BHhE1bVhW2UZlre/TYWh/gOw:GD3RcpZQ+ByLhWJxsTYOY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695612858, "uuid": "b6df9b46-5e0f-482f-b182-75b9158e7d0c", "value": 629760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695612858, "uuid": "b572140a-3e78-4bef-9dd3-0b18fddd5031", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612858, "uuid": "b462fc8d-39df-49c2-acd3-f9f2b35ed6b9", "value": "SecuriteInfo.com.Win32.PWSX-gen.13899.19534", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e3f0a61-5b4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695609270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609270, "uuid": "b7979421-1457-4df2-bb66-3372234102ac", "comment": "Malware payload (AgentTesla)", "value": "1f4d93ff027903262a81ac74e3365456", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609270, "uuid": "cd17763a-b062-4baf-b385-04e904add9bb", "comment": "Malware payload (AgentTesla)", "value": "551041e145d0651f4c6779f98aede3aaca21dff3f0b6458e5faea34c33a6cd76", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609270, "uuid": "1bb1c53c-2a43-4341-9793-31ed23a67fd5", "comment": "Malware payload (AgentTesla)", "value": "fbe9bf42a573530911b42ce4cf30dbf1bb7918d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609270, "uuid": "30316ebd-1a27-4617-b85c-015b50d058fa", "comment": "Malware payload (AgentTesla)", "value": "11abc846d7b40c94e8b8908ef71062eff89ca543b3099ef13c90fed8d9e099ae999e2753d6505dd68a2f42fb441be7b8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609270, "uuid": "ceeeab7b-2d8e-4b2a-a9b4-8eab47da3c79", "value": "T1110502D231984E9AFC5D2372557A0DEE03226E39C6B0691D54AFB1674B733473222E2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609270, "uuid": "13c27a82-a892-4fb6-a6c9-eef3425ae9a4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609270, "uuid": "e21056cc-e7d9-47db-9467-48cd9b47d5e2", "value": "12288:25725XKkES1QzWgks67YGccu9zKO6IE6qwRvq7r8glwguT3S:jFrldgkl7gcGztk7rbwfb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695609270, "uuid": "ab99435c-957d-4918-b947-06cacd23b75a", "value": 825856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695609270, "uuid": "a943b15b-0d77-4a7b-b483-92c080317018", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609270, "uuid": "f6f6ba4c-8142-402d-9651-5f8a062894d7", "value": "SecuriteInfo.com.W32.MSIL_Troj.CVA.gen.Eldorado.13618.30179", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2522229c-5b67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620905, "uuid": "97329864-eb82-4371-b83c-517d101e62fc", "comment": "Malware payload (AgentTesla)", "value": "3141966fd357dead927c356128a4b9c6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620905, "uuid": "fbaf86c8-f615-49bc-933e-8bb0c604617e", "comment": "Malware payload (AgentTesla)", "value": "559923ebc649d70c7342c93287c13fa33c0da6b8cde4281c547cbe2cc3a584b2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620905, "uuid": "be222695-5ab9-4d8c-8906-a87dc58bc12f", "comment": "Malware payload (AgentTesla)", "value": "5dc0a22356f6177b2fd7752b9a7b2e8c35e7e11b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620905, "uuid": "9b76aa8c-e0ef-4d30-b81b-3471d4cc774c", "comment": "Malware payload (AgentTesla)", "value": "30cd13bfa186222524019fe93ad3899e1413835a000c6b3d3a3811f1c281d55384bbbd7d955814ecec88df6de8a4b61d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620905, "uuid": "63103c55-c63a-4ac4-b8ee-f18a34934509", "value": "T149D433A7A9E71F73B3B6D59866BAE40E3F1EB0F24A471D5E0C2636E40833251D09D325", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620905, "uuid": "aef7bb97-7a8f-4f45-9061-db36edbca711", "value": "12288:buo03G6WXDBgw35RxxlusOQ3k0JhxHt2enf6sHHZtF0qa:wWzBge5RTlusOjqN2ef6sHd0qa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620905, "uuid": "fc29ba2d-2b49-40d6-8c5b-582342d35747", "value": 631212, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620905, "uuid": "226216c5-d038-4f04-aa88-93d5a30b294c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620905, "uuid": "6c23c9bd-1289-4f9f-9615-4aef915627f6", "value": "Approved Purchase Order Nr.227.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4437c815-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1695629547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629547, "uuid": "ec5b7a69-25b2-4644-9207-5f156f30a8b5", "comment": "Malware payload (SnakeKeylogger)", "value": "4b6ba75e0680e1761dabf95c43e777cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629547, "uuid": "5e03f64b-0696-4fe2-bf1b-3ca54600d12f", "comment": "Malware payload (SnakeKeylogger)", "value": "55ddf189656363ac355a799830fa17a7097a80e850bd9434e33fe2e76aacd9e5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629547, "uuid": "f98d1b22-11ed-42df-9384-cb6b0c2465e9", "comment": "Malware payload (SnakeKeylogger)", "value": "ac9a769d7355ea3eab0389deb2e11337cb277d48", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629547, "uuid": "e2da6039-2891-4f35-991c-6a89fd92f6bf", "comment": "Malware payload (SnakeKeylogger)", "value": "13c787533e7418f4c58f16c59059f6f37ce139c44e166f4a3fc5a4f96398e580c4474dab99e5a12321991bed80f6dd34", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629547, "uuid": "de20cd5d-59f8-47b9-9ac4-f42e510f9439", "value": "T115B40194779007B9C55D227AD248E335C361A5188C13DF38C19A26C73AE238B6C6FFDA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629547, "uuid": "373aae80-2304-482d-ad54-51deaadc2e1a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629547, "uuid": "c464477b-e576-42c1-8812-1dbef3a5deee", "value": "12288:FE725SZXXjQKQX46Hp+erzNnIyDuiNdYjJAEzq9F/+LQ:BAZN6Hp+erzNnIcKJAv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629547, "uuid": "820734d2-e14f-42c0-a5b8-20aec94cc5e1", "value": 509440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629547, "uuid": "e83a6967-d9e3-4b44-86c8-a56298eca5d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629547, "uuid": "5bd72604-2872-4f39-b555-066d8c1df0fa", "value": "doc 202309909910101010.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7840229c-5ba8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695648962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648962, "uuid": "842ffe60-74b0-4918-9dea-7521a9a7463c", "comment": "Malware payload (Loki)", "value": "309b57d23d6ee3e74eaf0504a5326966", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648962, "uuid": "b1f81724-fc30-45d7-aa5b-b5b9cacf2824", "comment": "Malware payload (Loki)", "value": "55e90517e648293862e209451265dabb3bc859b0eef09b90fd621e2b157e6aef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648962, "uuid": "906c0b76-b550-4be6-94e6-322e70b8201b", "comment": "Malware payload (Loki)", "value": "f5fbf4de44dc5e4b19534826e0d4fe649038353d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648962, "uuid": "609fd461-fa17-4270-b133-ef31aaf5cc62", "comment": "Malware payload (Loki)", "value": "8f02383b24812803324c5aaac7abd12fe70e1f6b4afcbbfa3766262b6256f3e29cb8a1d794447b0c69f127c6a4ec76be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648962, "uuid": "8900da5a-bcbe-47c5-92ac-30f227447d45", "value": "T13FD4F1553081C276C5A636F044F5DAA69A393CB10735C2C3B6F93BA56E312D3DEA22CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648962, "uuid": "bb10bf43-f868-4725-ae31-deb2fcb6d5fa", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648962, "uuid": "abf27041-684b-4abf-b4f7-0f29ca34d027", "value": "12288:Mh1Lk70TnvjcSAtjiwMEUnZw3U8+hu8zqiKFZgP9eN:4k70TrcS+PMfw3U/zzqXzgPY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648962, "uuid": "9dbdcdc8-1f94-4216-a79b-ad0d78363c08", "value": 614912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648962, "uuid": "c449f2ab-9839-468a-a86c-565733857ff6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648962, "uuid": "270d7fef-2e77-4613-a914-58187dadaaa6", "value": "Purchase Order (P.O.) No.4036041334.doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "051fed29-5b74-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695626435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626435, "uuid": "ad45878c-748e-4d90-b382-51e5e691b208", "comment": "Malware payload (IRATA)", "value": "a7a6196c295a65dd87893c95d7b6e3bd", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626435, "uuid": "efc69c10-e02e-410d-8e9e-8c47c70a19dd", "comment": "Malware payload (IRATA)", "value": "57eea25086acef927ac427906ce9b59a88db3df4c624abb5804c3670af41d747", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626435, "uuid": "9cd40cc2-9c5d-4708-9d17-9db936c1ddc5", "comment": "Malware payload (IRATA)", "value": "2d30efe04f0fec83135f0b9bba99a38b265267d4", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626435, "uuid": "aab5d6f6-1679-4c60-87be-0fb4a86acf8e", "comment": "Malware payload (IRATA)", "value": "a88773870a3a3bc1276124d8743a0d6eaf9b69b67e3fa273c7af40bb43a35065747aed84f52b7e11dfca0805f42abeb7", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626435, "uuid": "fbbd890a-c7de-4e71-946e-8a7e68d45e2b", "value": "T1CFA53353F3419112DAAFD7B61B436686113B6E219F479B8B3CA1336922B6FFC6724700", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626435, "uuid": "438ed3d8-9e36-4eac-a142-07024d71c6b1", "value": "49152:AEch7XBuMs31WtcbjADG/8RnQB3WTSymE2FCO/bS3ZAYoC4CeS:AhZHs3ZbjADG/8R5SyiFhbSFn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626435, "uuid": "cf7ca150-c35d-4867-b129-3f915bd76ab4", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626435, "uuid": "e29b8acf-1f26-4da9-9c06-f40cf7fbe309", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626435, "uuid": "9cc92227-1309-4545-adb9-805fd1a4e160", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1afafa36-5be5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695675005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675005, "uuid": "6488dbec-39bb-49d6-a164-8a422cfbf01a", "comment": "Malware payload (Mirai)", "value": "4a18ffe3927ef3a84e33ab33076f74a9", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675005, "uuid": "6a811312-ade9-42e3-9e1d-39633fa5f47b", "comment": "Malware payload (Mirai)", "value": "59474cd7b6da5ab5a1c5c1089ca34284b85c0dcf699a47ec94892005a8dbc360", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675005, "uuid": "3c8e9d2c-ff86-4d4c-915c-b4ed4fed081b", "comment": "Malware payload (Mirai)", "value": "28b267c1436d41b46dacc67e1f78225c310e69fd", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675005, "uuid": "49459984-3066-41fc-b7df-97267a357b24", "comment": "Malware payload (Mirai)", "value": "808890f1f7523850ebb1fd3612bbeadaf719b1c7e63b988458cced46fb70bd1dac150c9423bcdc8d70c1aa9a0cd91ff7", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675005, "uuid": "e7c33591-f780-43c0-8e52-b89048e24c65", "value": "T157B2D03C1B111B58DA1EC1BE839D0B603DB41B359182AD4B6207FDD79F9A8B47453BE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675005, "uuid": "74342127-2f85-4599-b390-ddb225f12255", "value": "384:YeD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuihiWmdtJgGlzDpH7uNj1JW:YeD8ZSWvZHZbs1row697qohQvg9hitJf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695675005, "uuid": "26d4f82d-7633-4d6d-b63c-9e6af6ea26c7", "value": 23784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695675005, "uuid": "9ffdfee0-5097-4770-bca6-b5f4d15c6948", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675005, "uuid": "8d5f9d19-a6ae-4546-8f27-a361d9455595", "value": "boatnet.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1dd3b25-5bee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695679204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679204, "uuid": "0aeb3df7-c0fe-4c09-8fce-1b4ee2e24c4e", "comment": "Malware payload", "value": "8eb229da3246cf5e1033cfc54c81ba1f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679204, "uuid": "e331c616-2b98-4482-93b7-78c40e91869e", "comment": "Malware payload", "value": "5ae9fe9208999d8923215b885b708c763203ead199f082e9212ba01ceb3a8012", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679204, "uuid": "cc315050-91b4-42e7-9f71-d45a16bda9ce", "comment": "Malware payload", "value": "bb6380720ad03dfc8e5566f862ccfe23a0146e37", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679204, "uuid": "1e9a85cd-2269-4d2b-b023-80c5db7359c4", "comment": "Malware payload", "value": "a3abd1661f074c2b4cc8f866509ea4c565194727c61c509e15992250a163d11ac2832272bdac40d8a0107b8639b6e86a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679204, "uuid": "56567ad7-c63e-46a5-881d-cc0523f93f46", "value": "T117143A46EA418F13C4D72BBAF69F02453333A7A4D3E773069524ABB43F8679E4E22505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679204, "uuid": "0d43d2af-998d-460f-9fd9-f3808bff2d63", "value": "6144:7gOWTn8aOopYmoawvqlb/IgReAOGi4M/Reeio:7gJrYmoawvqlb/w6it/Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695679204, "uuid": "a134e382-0524-42e9-8bff-c988ca467825", "value": 203252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695679204, "uuid": "d01428f5-f680-40f4-92f2-537e43eee742", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679204, "uuid": "0da6469a-d2ac-42d5-bc7a-24df51184d6a", "value": "polar.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec7b5553-5b96-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695641426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641426, "uuid": "40156afb-7375-4adf-b144-397de575d476", "comment": "Malware payload (RedLineStealer)", "value": "b80a0a347965135f0f10aa5d08a60ff6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641426, "uuid": "8ac0dfc4-4063-49f2-8a57-bd4e151653ea", "comment": "Malware payload (RedLineStealer)", "value": "5b1b28098751cd28e5bb3f50757a25e613e58a9b390c64aba2dac8248b1cec8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641426, "uuid": "f948bd42-2e28-484f-ba3c-c9e7d2c1aa4f", "comment": "Malware payload (RedLineStealer)", "value": "dedd61edc6406c8245250b75d34ae584ea0ac8b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695641426, "uuid": "a03b5e03-df3c-4072-85dc-d8ce00515639", "comment": "Malware payload (RedLineStealer)", "value": "9c73b9db98c6a3e94771c5dec1580fdc5bd37e81dac16274e2a4523501607e02fbaf640974010437be02f0c0eb2fee1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641426, "uuid": "e5c888d7-820a-4097-b6bf-a5e5ce575dc2", "value": "T19E552382BEE80476C9A62B705DFB06C31E377DB248788B677745BC1E1D32484967137A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641426, "uuid": "74f04df1-eae9-431f-b9bd-d33d5d083bc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641426, "uuid": "4641ab32-ac86-4938-97ab-94425c0a1ee7", "value": "24576:yy5FZoBpINlINTFpa6eojV34RK7bhhuYCRT174lr5Tg0FB00rR:Z5FZoBpIN6ZZ3J1hvNM0FOC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695641426, "uuid": "076fd575-d804-4387-aa23-2dd5f8715007", "value": 1311232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695641426, "uuid": "2a43ca66-b57a-442f-aeaa-1588395cca7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695641426, "uuid": "7838a212-0480-4e32-8e8f-9cadfe5028f6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "513b7f4f-5ba1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1695645890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645890, "uuid": "a45d254e-1be1-4465-910e-25b0522f8997", "comment": "Malware payload (Rhadamanthys)", "value": "f90525e9b5a4174c10b14a4803bef713", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645890, "uuid": "ab831a26-e6bf-4219-bf46-5d2be2961cb7", "comment": "Malware payload (Rhadamanthys)", "value": "5e970a1859278469998502475f091315590b66f3a3f101caa25b7fd52b3214ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645890, "uuid": "9beb4db7-b5a2-4603-855f-220e486f61f7", "comment": "Malware payload (Rhadamanthys)", "value": "9f29291300bf82574e4907b86537a2e557c3d8f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645890, "uuid": "688b11a9-b663-46e1-8c78-103ce5a0a86c", "comment": "Malware payload (Rhadamanthys)", "value": "e63a5792536c1ddccf72f4be09b54f720ba526b488ed69f2679fbe519262e42aaf4681728bb4d1af2d8241f6bfca31f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645890, "uuid": "52b7f6df-b1a3-4dd8-b439-ef37c8a6d469", "value": "T1CAA48D05FB9448E9D077C0348A178652D932789A0F75EADF1398927D2F3B6E85F39B20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645890, "uuid": "c097c3e4-59c3-4298-a0d1-4f231566be2a", "value": "ad93bccd3325bb814d5a573c3780f75f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645890, "uuid": "18065ecb-7914-4dc0-831a-186df9467319", "value": "6144:u2vYg/KfSIBMDgW0L4FWa1yYMOgWQOq+071y6rpz0V:KgGSIu8OshYMUQOX6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645890, "uuid": "556984df-2300-4b5a-9ee8-7b9e18f7e2a8", "value": 449024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645890, "uuid": "11a5c2b5-0cc0-4c18-b95d-3814051f625b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645890, "uuid": "c2bced70-eebc-45aa-aac2-69f80f912b48", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9ea59cc-5b5c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695616430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616430, "uuid": "31df12b7-380f-429c-aea5-451dd96bd619", "comment": "Malware payload (AgentTesla)", "value": "283d6b652f5a3492e61b4ce7530b7065", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616430, "uuid": "97bb58fe-b483-48ff-bca6-f54c6a38cd20", "comment": "Malware payload (AgentTesla)", "value": "5ea704d5050d0451c278d0a8728b251f71114e042f4bed6d2180509bc2955aad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616430, "uuid": "8b5383c9-85ec-4a54-b948-bef78ec74148", "comment": "Malware payload (AgentTesla)", "value": "c0b0a0f4a1f52bb17d04ce78dc7f1977732ce913", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616430, "uuid": "bfa33ebf-84a7-4dfa-85b5-3e8fd497cf0e", "comment": "Malware payload (AgentTesla)", "value": "4c802a93cbfb8a152a15349c1949cd01c05d1e58d916b0428673039f61046755422eadf58f768a52f6cea6cdd5c3504a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616430, "uuid": "1f18bda4-b9fc-4e00-936e-ad296a061203", "value": "T126D42388BE8D4677C86C067A17BA222343B199565B02FBE5CDCF59670E623CD0534BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616430, "uuid": "bff636d5-2cc8-45f3-9e29-4e0a36bc40de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616430, "uuid": "3a2023c3-b134-45fd-b9a0-4e373e922aee", "value": "12288:U9725FXu/74tZ/hHCgu1zZ2tUymmArfNbsQtaL7O1ROXuVVEw04K9r2xf41Run:7E74n/hHCfVZ2WymmUbeL7O1ROXuv30I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616430, "uuid": "3a622ec9-2278-4be2-a90d-3280ad456e5f", "value": 622592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616430, "uuid": "aa611f5d-7b8d-4348-81c5-a332f99a6018", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616430, "uuid": "0db4e563-f8b2-470a-bfe6-c4dc7aa510b8", "value": "SecuriteInfo.com.Trojan.MulDropNET.68.21577.7665", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e64abca-5bd1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695666447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666447, "uuid": "e6eeb237-49db-4da0-9a74-3fa4f80e5d85", "comment": "Malware payload", "value": "73c418bb6227ad322bdbc0838267c621", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666447, "uuid": "c7a8fdd5-622a-40d9-b725-d6a7f883a960", "comment": "Malware payload", "value": "5ed7b290734ce298cd9610e2158354eb15ef8ed7794cbfaf9943c5e55d08a3cf", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666447, "uuid": "dfb6a0a5-258f-4963-a296-00be8267b131", "comment": "Malware payload", "value": "bd1d8a084821eeec5b04b0107a3534b3a266452b", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666447, "uuid": "5f98fbb6-9f38-46d5-852c-927e5e8869f6", "comment": "Malware payload", "value": "346ce951a1666676bc0a71a482a5b9e08a7b8537f4378feb2bd08ec1251435f481864b524457e5413c6a51ad4a8816cc", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666447, "uuid": "3a14567b-2b8a-4e08-912f-6058bb60eb25", "value": "T126132AC4A943DDF8EC1502B02236F736DBB6F07B211DE997C39D9527A882A40D9472AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666447, "uuid": "8a626800-9cb3-4627-ae7c-9b525603882f", "value": "768:AdjgKRk+hJeQby4WIY/WXoKmY3Mgi+1UBU/ObPqgFD+EeoV:Ad0KRk+hJeQby4WIY/+o1Y3MgiK6/7qN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695666447, "uuid": "67c6d0b8-1fac-4f49-9e99-22d980a20239", "value": 43356, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695666447, "uuid": "9693f9d8-da60-4247-9f31-b7d4159b8715", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666447, "uuid": "650af892-5b3e-4938-88be-a5f93f94d87f", "value": "TRC.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e330373-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695667897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667897, "uuid": "64b68bf7-4faa-46ca-b70e-72daf7978e0d", "comment": "Malware payload (AgentTesla)", "value": "57c44d7d9bb279a072a09e699e1b099a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667897, "uuid": "38431f1f-875d-41a7-9b37-160714baffcf", "comment": "Malware payload (AgentTesla)", "value": "600dc96e1ab08056cacac0a94158b609a565bbd1a682be71eea704405949c80f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667897, "uuid": "ff1016bf-6d83-4659-b584-2014ca93a5b7", "comment": "Malware payload (AgentTesla)", "value": "5ce513d4f441ef281614c5d131f1b8fe55973357", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667897, "uuid": "8d1db91a-24d9-40e7-a2cd-ad05110950f7", "comment": "Malware payload (AgentTesla)", "value": "54a5f5d1ddebe64c29d47264bdc2d53c4d652d546e31184889008ff3f3f988685488497b7eb717750326e6aba2bf16e3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667897, "uuid": "8ff7b5ed-8a2d-41b0-aaf2-a3a16bf6910a", "value": "T17252C02A80CADD35F1C5EF757E230455A56DC2E07DAC0CAF06041386701AAB49A8EECB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667897, "uuid": "074bec8f-f1ce-4676-a9b9-a8ca3c8cb2f8", "value": "384:T5vAJwDwrKJFHWwQMdwYxspsXJ7p5zsfO:T5IJwD4QBLDxGq1p9qO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667897, "uuid": "13d04a7f-320d-4bde-bbee-f4785202b7c8", "value": 14299, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667897, "uuid": "f503c1ef-a0cd-4f80-91b3-3c778e4e8d3b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667897, "uuid": "635dbafd-1733-4efe-a680-4634c312f08f", "value": "Justificante_10.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2cf3e7d-5b86-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695634511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634511, "uuid": "98f0aaea-0717-4f64-8155-8ab90e4fd7a7", "comment": "Malware payload (RedLineStealer)", "value": "bf5ccd3002499f0ba50bd1fe31eea97b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634511, "uuid": "c8b98901-df6f-46dc-8b54-ec4f21e100b4", "comment": "Malware payload (RedLineStealer)", "value": "60654f277dee97fba63685cde51b03cf797e67333b3257b17f07961d33602947", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634511, "uuid": "5ed06c49-e8d4-420f-ad87-0b28200949f4", "comment": "Malware payload (RedLineStealer)", "value": "0109f6b1233cefc63acd27490a4a48b807c4a9e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634511, "uuid": "f7d8eae1-3901-4995-baff-86293a6d7927", "comment": "Malware payload (RedLineStealer)", "value": "4d0535ac634c88dbbf5c1154eae7b9457d0802b01f900e26e10c2d5ccd0c90aba4a6434eb7874ec3a9fc6314f1ef57cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634511, "uuid": "c1c035b7-bc47-4baa-aa0d-c2be83e1d91e", "value": "T185357C2D79BE812DDDD220BB01DCF726415CD4B38F1A46D776FC26EA96D03D12A32682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634511, "uuid": "baa2b260-6eb9-48c8-81ce-ccdc6e892f4d", "value": "a82d39a6c56158e4ea461428d86a9329", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634511, "uuid": "333f374a-ac9f-419d-89b3-a04bf7f3f7fc", "value": "24576:T5XXnSa1ezkPLyUgINbUk+4KnqdvFab90:TMa1ezkPvfdMONO9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695634511, "uuid": "bd99ce23-2094-4eb1-a0fb-c444c0302765", "value": 1097528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695634511, "uuid": "1a40434b-0e01-4dc4-9f67-6598ed05f963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634511, "uuid": "aad4f181-c6e9-4972-b3cf-135f7e7bc478", "value": "bf5ccd3002499f0ba50bd1fe31eea97b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52119d7a-5b6a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695622269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622269, "uuid": "a4ab7ac9-34ec-4fd0-a5ed-f045db843367", "comment": "Malware payload (IRATA)", "value": "ec39111f60fb5de68e7efeefdada41ee", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622269, "uuid": "88a62f74-02c6-4e76-9c28-e6fccbc589e6", "comment": "Malware payload (IRATA)", "value": "60db5d7cb8db0d94400ed62d305aaff06912b56957cfc51c061cf1ee3845ec03", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622269, "uuid": "5a29cdbc-f37b-4d87-952a-3c294d7a159d", "comment": "Malware payload (IRATA)", "value": "ace0946d3a556858ead89d01e67d973b8e8cbdba", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622269, "uuid": "009f6360-37e7-4692-989a-4a1fe56cafcc", "comment": "Malware payload (IRATA)", "value": "4ffcbd1e348717f92ef82b1ddb2077282f8719b6f1e6e07182a0aa8fb829a1fc384468e1c5f0deb8394ac880a143ac2c", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622269, "uuid": "a683dc2e-5968-4325-96eb-7075fb96d7e3", "value": "T15D06BE46F3569D6BC8F7833349F51A32515B4C668F8396872924B23C58BB9E40F89BCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622269, "uuid": "f96c809d-a7d4-4209-9674-3fa794a39262", "value": "49152:6snD/JS2/Ek989SDlZiD+nIIjykQWGFum9d2ofrHVbotmdYAZafiR9Kk8ci4//l6:VLw2l8JJpd2ofrHVbot16WkM4//yLB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695622269, "uuid": "b9e6d9f2-8134-4495-ab8e-bfd21f5fa5c5", "value": 3805966, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695622269, "uuid": "06013f4b-ceb1-4676-9560-8909bac6a864", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622269, "uuid": "d6b084ea-474a-463a-83d9-fc7ed9987930", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dee284f4-5ba3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695646987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646987, "uuid": "16f2b8f8-2a53-49f9-a0ff-90dd817101c3", "comment": "Malware payload (Formbook)", "value": "2b68e5d464030eb75cf019b4a2c56b19", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646987, "uuid": "6cce4ac5-764f-4cf4-8f30-f8b8d25fe06b", "comment": "Malware payload (Formbook)", "value": "6153872c1610031f5242968a5b2818fb307f800886262a0e932e9bcaeb980859", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646987, "uuid": "f1c5efce-98c1-4f40-b5b2-d2a4c67789f8", "comment": "Malware payload (Formbook)", "value": "fa02c98a2fc185210bccc0abb2c49452a5d68eaf", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646987, "uuid": "5ec020a4-4cda-4f88-ba01-7259b37fd0b0", "comment": "Malware payload (Formbook)", "value": "40883f2313e0e69fae349ecc05720f27c6e612bfa2ac199dda6507563ea67bd8ed5722072845a9689ae56d6c644265eb", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646987, "uuid": "5167e72d-bff5-4343-ad36-0f5350f50e3c", "value": "T157B42396FBF6AAA32283260BE823744A4E44F5D31108FB9F88F50B7F114DA8F4D71056", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646987, "uuid": "2f59a1ea-123c-4efc-bfcc-f2fa919d6a80", "value": "6144:YhE2wHBifFEjZLNOjEFaOS10m5B18O2sBdE84REyntjCrGRyGfqjyPIrUzMjtY0l:8wHxyHHoAy95MnVOPloO075vP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646987, "uuid": "b1f617d1-5908-43f4-9f5d-f4f7646610b5", "value": 541624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646987, "uuid": "fad899dc-5b34-4411-8a73-2215e8ff1daf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646987, "uuid": "25a829a9-2b02-4b4c-a164-570779a549e8", "value": "#PO 4500515595 ULTRA TEC_1.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1141e88-5ba5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695647849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647849, "uuid": "2c44090f-4d70-4858-9287-89072e76fa49", "comment": "Malware payload (AgentTesla)", "value": "a8e1a7def919d8b28273855f1453b810", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647849, "uuid": "a67d1521-3b90-43b1-974f-e603b713a5b0", "comment": "Malware payload (AgentTesla)", "value": "61f4eee705342f7e875adc36c259693ec40a7682db74ab040b79dd189fffdf5a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647849, "uuid": "d52783ad-a356-4a65-a4ef-ed4b1c6bda98", "comment": "Malware payload (AgentTesla)", "value": "b32f88e353427d321ca32e749363be34c156c478", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647849, "uuid": "fdc59968-b062-4a21-ab12-1bc0ba5d58ba", "comment": "Malware payload (AgentTesla)", "value": "307ef9a3cb222d3801ad14c0a1c94a31242b734735e71caa4699f9b4cb3cdfe64164ca46980afce593d888b6a7a126ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647849, "uuid": "9c24382d-f1f1-4acd-b19f-b383df9be791", "value": "T1C6E4E08C7640B2EFC85BCA369B982D64E71075B7930BD203941726DE8E1D99BCF116F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647849, "uuid": "bbccad11-d334-45aa-adaf-5cf77a849fe1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647849, "uuid": "d86923da-53e2-4857-b6f8-d3ead806a35a", "value": "12288:tBjz7258yHGACwLfDEsrP/A0garkRCwfrfAp0vnGtGLhTxB/bCqzgTa3u:zjGwwLFrHAFpD7vnaGL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695647849, "uuid": "79296105-2119-4683-a8e5-6e55d2b5518b", "value": 688640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695647849, "uuid": "a28b8c9a-9034-4e8c-9cbd-7f862b97b984", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647849, "uuid": "439823bb-4240-4ed1-bf86-3b52f07855ec", "value": "SWIFT MT 103 097436278.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b03fa14-5b5a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (TeamBot)", "timestamp": 1695615305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695615305, "uuid": "fc1a5297-2dfc-4096-a78d-f9eaa09036d6", "comment": "Malware payload (TeamBot)", "value": "7b64e9ace4648345019944de09f7a13c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695615305, "uuid": "7a7fa877-3a26-4453-bcf9-122d8812fd53", "comment": "Malware payload (TeamBot)", "value": "6206829f1443cd8b2e266237bfce6c6e584233a0ae064e2d7732bd3573931b02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695615305, "uuid": "2c028505-70b4-44c7-98b1-46a9339604a7", "comment": "Malware payload (TeamBot)", "value": "2f301450a4ea8258101960312f3864731567541f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695615305, "uuid": "cd52bcdc-30df-4ca2-b9da-fb5798110a59", "comment": "Malware payload (TeamBot)", "value": "dc90834c2f859b2bcde6f72961d97454717fabacd6792ced7df597386159e71bc62f45985ad11190c9f0294f5e8732b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695615305, "uuid": "75b3549c-d2fa-4825-a387-ca7430619010", "value": "T195647D1393D17C50E57A8B72DE2EC6E8B71EB5608E6D776A22185F2B09B01F2D273341", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695615305, "uuid": "c269774b-bd16-4bcf-849b-79a59dbdd812", "value": "e13fa0e2b70fdd8fc0feb3b3998b6551", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695615305, "uuid": "9cc2e119-77d6-47c1-9c3a-9e5980cb8797", "value": "3072:rTlNN0i4Aa/6OVAa9GOfIXQ93480oFdi5dVsY8xbdGCDAr/aaJX:Xlr0hAa/+CIg93BBF+dVsY8VdGCA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695615305, "uuid": "1c1d39a9-5085-4bf2-9d14-26b937dd5ad9", "value": 313344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695615305, "uuid": "302e7c58-f787-43ab-8a8b-4e29a3779420", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695615305, "uuid": "b607e533-51be-42d3-8aed-371cce9d9998", "value": "7b64e9ace4648345019944de09f7a13c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba587fae-5b87-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695634900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634900, "uuid": "24a0a4ac-ccce-4a5b-8b7c-cc8637e45edf", "comment": "Malware payload (AgentTesla)", "value": "5a22f326ad3d7c08ce91f2b76ca3b89c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634900, "uuid": "7ca8d1e4-cf70-43d6-a67e-ee5f85a64a34", "comment": "Malware payload (AgentTesla)", "value": "656e4187491de09beaedb58fdb7d84b87b0a17d119c9721ad13b020bf9465e94", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634900, "uuid": "e3e5daee-1eef-49ce-a67c-501926fd15ef", "comment": "Malware payload (AgentTesla)", "value": "382d927d0cbd7f7d6d5184a7e5693f6b07dfc8b7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634900, "uuid": "c7812fcd-447e-439e-8342-111939118cc3", "comment": "Malware payload (AgentTesla)", "value": "151b945dfb124b5f25a80839bb3f875324f2901934e990f3ce92da9bdec8b34c920fd6f39a5e8d1584a908875ff94106", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634900, "uuid": "808ac09a-d7dd-4db3-b730-c1fa205b2f3c", "value": "T180036C0877DC6621C3EC227998F2551463F8B1E37A42E34BEF84A16C6D97BE1A701B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634900, "uuid": "78495ce0-de28-4653-b27c-a37243767951", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634900, "uuid": "f671b2af-cefb-4022-bd03-2c670628d393", "value": "768:vR4XP/MW/Hqxt4m2OBNHW1ibFL6T/Km1ajC/jF:vR+MW/Kf2OBFWoB6TCua+/5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695634900, "uuid": "306223b5-083c-4365-8e8b-ec7c46075a1e", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695634900, "uuid": "42088761-2dcd-44d1-acc1-2453a03accf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634900, "uuid": "d345e0bd-5b85-4d44-9822-2358bda620e3", "value": "Pagamento UniCredit _Swift_copy.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93c16c3a-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695667906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667906, "uuid": "e204685e-36d6-4c96-ad3b-f151b1da7cac", "comment": "Malware payload", "value": "7a7d2b2af45e4554e9331018cabd985b", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667906, "uuid": "e61f450c-356c-4b11-8437-c6532bfc7810", "comment": "Malware payload", "value": "661fda0b7efdcc6972a1c4241e583bc42822ba3b2067da89c2442b827bb9ff79", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667906, "uuid": "2db92e01-1145-4cb5-8e50-a703aeb27784", "comment": "Malware payload", "value": "cf86e97d708f7060256dd699f13c430d421212d3", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667906, "uuid": "a12ffe55-c41c-46e5-9edc-12b0517034db", "comment": "Malware payload", "value": "b9072e92cc1a1efaca2f8eaf1b6e26fc82c729c6b97a71b08a5c1b0209e19c11bbc285385639b50f27f47a15ac022143", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667906, "uuid": "8137954b-0864-4d39-bacf-1d33b9971cec", "value": "T17E52D0AE7C52B98DC2876D6E637410D07348AD05BD6F1475BA88E0DC392868D48B63A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667906, "uuid": "cb298dea-085c-47b0-90a7-ff5f50880940", "value": "384:ErkOZZtO16dB57R/TFMArnFT7aNBkncl343Y0LVYawPlr:dOBO1+d/TKCnJawclCfwNr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667906, "uuid": "2f91ce3d-c64a-4eeb-8764-0e355743f15f", "value": 14440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667906, "uuid": "1262a701-66b8-438f-ad45-13d864c4849a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667906, "uuid": "547f77ee-7f80-4e4b-9a3c-1d986d4126de", "value": "justificante transferencia_2.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25f15287-5b70-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695624772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624772, "uuid": "39790bc5-d664-46d0-90dd-38be7bb35f7f", "comment": "Malware payload (Formbook)", "value": "c0b46cedeaa848b7b367d75c6ec91071", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624772, "uuid": "fef7c7ea-0a5b-4d2a-83d9-85d7bbba4a82", "comment": "Malware payload (Formbook)", "value": "6707d757c1b71b9b9259b8c9b425b7fc1c44b6bc878177e3cb3cc694d2b30534", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624772, "uuid": "d8e479f2-c5aa-4ad2-8015-807745548ade", "comment": "Malware payload (Formbook)", "value": "41c7ed4370adc099bf95d26dedd020543bbb1ea1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624772, "uuid": "8fc6e9d9-68c8-4804-9f94-d489ffc81e7f", "comment": "Malware payload (Formbook)", "value": "d41c97d0306a12aeb5af777e9c756b1207872e2272d8a190cc780a1d2009ad18fe29565fba2abd75925f32096ce6b400", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624772, "uuid": "6d7d90d7-d29d-4f90-8674-a40d0d478e0c", "value": "T19B64131DB2A0CEDBE6D102701E35AA26F6F1A6224DF15B4B0311FB193AB1741DA4F357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624772, "uuid": "984029b1-c696-48a0-a305-436cf74f13be", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624772, "uuid": "a7ddeeec-4daf-4969-84a4-a65bdd9d6b76", "value": "6144:FYa6OZN1gDcfNgE08+T5H49cOdKLTdQvfwYVg0+2yXXnMXRWXKBU4G2Z3EGJJ+5f:FYQZfscfNgf5HiqTwIYt+tXMXR0KuL2i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624772, "uuid": "7574e23a-a944-4cf2-9924-3d3e17a8d64e", "value": 335702, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624772, "uuid": "c3eadb4e-818e-41d2-abb2-60d550056be0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624772, "uuid": "0f2a3bde-1cba-4cd0-a5fb-dc54eed9f376", "value": "INQ-3001 & 3002,AG PIPE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5acd727c-5b6e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695624002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624002, "uuid": "ffa2dd99-f445-44f5-9c99-680c092671a3", "comment": "Malware payload (AgentTesla)", "value": "2fd112b9c28557c911b88f73eff6ce38", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624002, "uuid": "d06658ec-d0c7-432a-b837-fed90efbbdc7", "comment": "Malware payload (AgentTesla)", "value": "6878ad47c529ba85671d32887c963e41daf6d4e2dc4172c3b21195a0a4e1c639", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624002, "uuid": "3849cd10-7dd0-47fd-98e5-1e9ac74ad97b", "comment": "Malware payload (AgentTesla)", "value": "ef3c1580c3913e0f6772bd2d5900d3cb9f33db8b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624002, "uuid": "87f5f4c1-3706-458c-b1a4-2e8e7a543e8c", "comment": "Malware payload (AgentTesla)", "value": "56196f4884cf464b1cf79bd23e7a69e3ad8202e899682be9b97199dc091baea6c7caa8630bc5266ea17ed7da05f050e7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624002, "uuid": "12b8fbf8-5576-44a3-8bbe-b04bfb36b908", "value": "T1C4D423C4BA945F36D5CD537A6E1922718B71FA31E200E2BD864FA8CB0A7538C1861F77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624002, "uuid": "0367ca01-e1e6-4a4b-9a93-c7f0803bd085", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624002, "uuid": "d202bed7-41a1-4ff5-9cea-e66167770a39", "value": "12288:WF725Ae4uQLoOzdaGIXf3XLKUIIlcpTVWG933Y7Rq2AxC2J:v14uQk0kLKhIlcpTVX93ZRxC2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624002, "uuid": "2ecf5510-b3ec-448f-89e6-4bf7fbeede2b", "value": 623104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624002, "uuid": "e77a53a2-c974-47d2-a90e-61fa18ee0a6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624002, "uuid": "2891e12c-cec8-4fd4-af9b-3713cf1e7fcd", "value": "SecuriteInfo.com.Win32.PWSX-gen.30004.28308", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66ec408c-5b54-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695612855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612855, "uuid": "0baa5f0c-56ab-4b3d-9e4f-01c27064c7ba", "comment": "Malware payload (AgentTesla)", "value": "23cafb7bb62ae6f6f5b64a6bd811ab88", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612855, "uuid": "8d7b89a6-3472-4d05-92ef-84cbfea0cad4", "comment": "Malware payload (AgentTesla)", "value": "68be47662747cc082d2d1df710e743ac1e2c59a4b77ab2779a0bd80127ea733e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612855, "uuid": "276f6fa6-515d-4dd6-90d5-03a99eaf75e2", "comment": "Malware payload (AgentTesla)", "value": "ae03f75e7f486c2ccd6bbfb2b6a87e0603fde365", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612855, "uuid": "1f37826f-b807-4acb-a6c5-0253381615cb", "comment": "Malware payload (AgentTesla)", "value": "c7203da8f949f88be453a92bcfe2e2d7451b849818b9852e535e18339f57670e02a49ade3d6462d4c617b0ffcda3a515", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612855, "uuid": "96161374-4fd3-460f-852f-370b2f3c1f8d", "value": "T19A05D59D725072EFC857C972CAA81C64EB61747B830B8247A06726EDEE5D897CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612855, "uuid": "f48d29eb-b6f1-40f6-81e9-b435e65cba54", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612855, "uuid": "679f4ef3-2009-469a-b110-eea2993519bb", "value": "12288:tVilEUhySQPFFJM+sDwExuEJeTWVpf7kq7Vv9MVZgrmSjTdM0IvvAgYsDAaCOc4c:tYLhUev7yWHfx9MVZgv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695612855, "uuid": "6156275c-4f85-437a-8a93-cb87a9f394bc", "value": 847872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695612855, "uuid": "3ef48714-26f3-4097-807b-308cab28b777", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612855, "uuid": "eca8ad2f-854f-4e45-a667-d6d193e827f5", "value": "SecuriteInfo.com.Win32.PWSX-gen.12210.13052", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95cfe991-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695644717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644717, "uuid": "e2bf8a58-1f29-4467-aef4-28e802856983", "comment": "Malware payload (Formbook)", "value": "b63b2d26e2431c7a5f5d4a34a7f3cc7f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644717, "uuid": "1bd31b91-678a-47cb-b588-32e13fbcb5a9", "comment": "Malware payload (Formbook)", "value": "6c0a36219f289719a133e1611ce5361db5a5081250b4cb08b909c6025ae77362", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644717, "uuid": "fc51789e-d415-4733-b55d-9abb27347f25", "comment": "Malware payload (Formbook)", "value": "c1e6da501b08743c1b67d425dd519a3978dc70db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644717, "uuid": "fe9f50a1-4ede-4b1a-a778-6b0123039202", "comment": "Malware payload (Formbook)", "value": "0f9e5c5737efd62e074a67e17afbabb98ce6f413f766152e205cfc63d46e7f0e0bda78fb8be07bd37e2f59d5be938f19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644717, "uuid": "0e7d4b59-5cdd-440d-963e-059726a0dcca", "value": "T148D423E8BDEC4BA4C59D477B1B8D21124370BA52D404C36DEACE7A8B0E332516671FA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644717, "uuid": "1ea701c7-8c8b-4fae-b164-5960fcf153c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644717, "uuid": "28641d77-197a-47f9-b569-ebbacc475121", "value": "12288:272522QNpRr5cgAjzWKv+8O4RU20TXbgKr4SnOaGVPdhfltFxM:V9QNTr5cVzWVcRgThQTBlt7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644717, "uuid": "ff88b290-d1a7-412f-b131-25c446f3f47c", "value": 613376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644717, "uuid": "0b599c22-0b6d-4237-9bd0-40585c36a894", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644717, "uuid": "254824f1-441d-458b-b7d7-3628b844e499", "value": "1.8.23.OFFER.VAZGP.25077.GLOBAL HARMONY.GH.247.23.doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c650e88f-5b68-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1695621605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621605, "uuid": "d7efa83d-3070-4a86-a04b-48f7fc957fa7", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "d267eafbcbedbbd2f85b32d3d2dd07b9", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621605, "uuid": "d6ac1141-9004-42f5-b619-c278c9f0de69", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "6ec416bd7af72ad97dd67f1dae24f2cf93b5df5eca5ca875db07bdfaa2bac87b", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621605, "uuid": "86af62af-1865-4b25-bf97-d1ad75f7f787", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "d1dbda3ed2297072fdaa39d937eca7c151780825", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621605, "uuid": "7c9c136a-fbbf-43a1-bad0-f17e2c36c404", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "12f994ec832ed3a0c0f0862de998427f19703667bdbddd569006a5ffb55e4726b7fbe3357dd235a1cbb2564a16cf05f5", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621605, "uuid": "fcdaf8aa-76f7-4b83-aab2-17df4068446c", "value": "T14F14D09075D1D033E66B86345835D6B0793BBC63ABA1C95B32143BAF2D337C19B66312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621605, "uuid": "41cfac30-685a-454f-a530-14544e00b7b4", "value": "1f916dac39f3ba277c6d2264fad89501", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621605, "uuid": "55f13f9b-077b-464e-9172-0a012ea26670", "value": "3072:0rB9gQ4k+Ifi0HYyrs1G5WH+33iOYGeLDoggZZG5K1zVtkbT:0gXk+IfXYyri4yhcL1Tk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621605, "uuid": "0f50b2fb-f74b-46d2-81cd-83d83473ae65", "value": 192512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621605, "uuid": "fce350be-e510-46a3-9366-7a3b24e01457", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621605, "uuid": "686b960a-3c84-49fd-9408-4ff49eb5eaf2", "value": "d267eafbcbedbbd2f85b32d3d2dd07b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43709015-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629546, "uuid": "5dd8f4b5-1dda-4075-9491-3f913de83f80", "comment": "Malware payload (AgentTesla)", "value": "bf2f2192a50d8bfacf38ec94b77957f0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629546, "uuid": "dfb1226e-6011-441b-8a8d-0bc2308ccc5a", "comment": "Malware payload (AgentTesla)", "value": "6ecddfda84f61c1cc57d2da7239b543ef1613832ddeb223e341e8b57fc614ac2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629546, "uuid": "1d281b9f-bfed-4a85-af4a-2b51331fd822", "comment": "Malware payload (AgentTesla)", "value": "1f03cf801e0ec482922f53d0374bf7e265cec56a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629546, "uuid": "e2e01ad0-d248-46cb-b7aa-c12960b4c428", "comment": "Malware payload (AgentTesla)", "value": "6d7891687c8c2b52869018eee38a850ef8d479c57a29580be4fe4054a1b3fdd739a340036063392a6060f658d8e6c644", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629546, "uuid": "d77b9ebc-2c63-4b56-821d-d35d60ed30e5", "value": "T1FAF4F1493BA58407D0B82AF64866762227B17E1F19B1E6DC1CD93A9ED0F0BC351437EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629546, "uuid": "e57fc246-2769-450f-bccc-cadc8488fd7c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629546, "uuid": "c356c25a-8411-49c5-9aad-0b30b521ab14", "value": "12288:CA5WIPr4zwhD/fK/NyoQC9QRz05xY2WQDi7SnSqTI7n6Y6wK+k71KoGr3woy:BCNRv5DA+Q6BI3oGjRy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629546, "uuid": "a54ba32c-b3c0-4195-9b12-39b82a57dc51", "value": 787456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629546, "uuid": "de566087-0a09-4945-822b-e173e127c9c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629546, "uuid": "2d56c518-943c-4244-8131-97c21b140337", "value": "DAYUN GROUP PO #75840_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7359eaa-5b4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1695609608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609608, "uuid": "3ddc9e63-af37-403c-8c3b-51b2a9cc03d0", "comment": "Malware payload (AsyncRAT)", "value": "ace0ae47b40a59d74f7e732f8876ea26", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609608, "uuid": "81e8c069-f883-40e9-ba72-3fa21d278963", "comment": "Malware payload (AsyncRAT)", "value": "6f19aa119dfc5810c965da8be9a34141a8197fc487f1f968c06c640fd8f8dc9d", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609608, "uuid": "6570c98f-ffad-44ec-9a66-e070a3d1f63e", "comment": "Malware payload (AsyncRAT)", "value": "3b90f3cf60d93f41b04fda442da94aab1a6b5d34", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609608, "uuid": "c2771f91-042b-4b04-803d-cf60bee3aafb", "comment": "Malware payload (AsyncRAT)", "value": "9c4b74956040914cf58f0c4a9d93ade1cfca70d3b45932e2940ed6b31ebc67195171938c452a251820f221c8511204c8", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609608, "uuid": "31ed60fa-55a1-43ae-ab64-69968c194089", "value": "T186E49D2AB70ADD11C2990136D1C354244BB3DE866B27EB0B7EC9235A1E037EDDD4E6C9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609608, "uuid": "50aab9e9-3171-4b5f-a6ed-af4df91c6c29", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609608, "uuid": "4bfef1fb-0ee1-4f60-a875-067ce515e091", "value": "12288:bj47yjB5+t46arH3L7BzlkmpUlEkeqiHG9nfBK6hEuZYtr/m/2AU:AURb7BxKlXefG5fBKaLIU2AU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695609608, "uuid": "7b8bdcf7-2d26-4ad3-82be-bc25eac96052", "value": 700376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695609608, "uuid": "3165b1f9-10eb-4a4e-88b8-d0a08a648415", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609608, "uuid": "9305f55c-d98b-4f92-81ee-79b6d760e186", "value": "SPECIFICATION DESIGNS SPAL VA14-BP7C-34S.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1052ac71-5b4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695609274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609274, "uuid": "f0469408-3f04-4951-9991-c4043d3f9c71", "comment": "Malware payload (MysticStealer)", "value": "f4a032b70f073051e3a57905025490ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609274, "uuid": "ffe4870f-137d-41f2-a408-0e9dcec0e76c", "comment": "Malware payload (MysticStealer)", "value": "6f2b77f58f937a596f42f65bb7bde2b9d310c9a6b15316ef6c0573ffa2e25bbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609274, "uuid": "b8166cab-6405-423e-be6b-6790e33fe7d2", "comment": "Malware payload (MysticStealer)", "value": "f397bb82382c468cf1a3507b1a2613313bcd0274", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695609274, "uuid": "fda2ca9b-68ca-4433-be0a-2744ded7c87b", "comment": "Malware payload (MysticStealer)", "value": "23af6502e85a691cf1f2e823ae48ce2e0243569c8dd4a40b424476a47b4f59304f59934fc34d2e10a3f347c3d8ee7a2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609274, "uuid": "b61fc53f-c71d-452e-ad8b-89dfd6d73160", "value": "T1D284CF00FC8C8471E121653506E0DAF69A3DBA213759BADB67B40F2FDFA07C0926A757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609274, "uuid": "1096fbe0-850d-43d4-becb-ac0e89b36c64", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609274, "uuid": "adbc7f6b-c7d6-49c7-b398-f16592c4a443", "value": "6144:8lPjhHX110KwTVSf3pOCq5b6uAOQR14fq8HhbhtXUHAbjERPwJNX7SpsM/fUqwm:8lPN3110dVaUcuKfSq8Hhbx/SFwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695609274, "uuid": "af164bd4-b004-4c50-b4d1-5ed939110f3f", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695609274, "uuid": "c51b5654-b5f0-4fb7-a9b4-a2fd3939f1a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695609274, "uuid": "5f864191-08bb-47c7-a8fb-52f44cf842b7", "value": "SecuriteInfo.com.Win32.Evo-gen.16298.25169", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e78c878-5bde-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695672192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672192, "uuid": "3122ee83-f5dc-4582-9f88-af1853940da4", "comment": "Malware payload", "value": "fa15aa45d6e71de5927a75d60bd70f7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672192, "uuid": "f8ce3d7d-7dc6-4f9d-88a4-c10eda2296a4", "comment": "Malware payload", "value": "706224d01959812281290adc2f43521e5d38d0c3a556b381b8cbac2c2aa90e82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672192, "uuid": "76567ee9-256f-4d9b-8783-92ab7d3b2fdc", "comment": "Malware payload", "value": "e8bafb47eb22cc18d7695625da0937ac3c2d9036", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672192, "uuid": "80d8cc7f-15ed-4b1e-ac16-a9822dbd253a", "comment": "Malware payload", "value": "199104d1f1c271005dac6dff984d0b7e27e829b4cbf29622c265b9d5a3af3648f7eb619cacac1be687315fc814441a1f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672192, "uuid": "e700b6b0-a013-4537-9aa4-dd698f03ac13", "value": "T157846C1068B4F87DF43E1131CDE0D6A94929A52C37D11D9B57772F9A0F3C982EAA0F26", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672192, "uuid": "6e6ec840-0f31-4d1c-9f31-017746b99a4c", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672192, "uuid": "e0a7050d-9f12-441e-af8b-4c8f236e5e9f", "value": "6144:BLErViSWAs3WHexAVklAOaF2VaAg6U6J7k8edK/EGoPGCc:BL0iSWLT0+K6U60dK/EXGCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695672192, "uuid": "0b9aec55-472e-4ce4-b40e-68c297d097e3", "value": 405960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695672192, "uuid": "177d1f38-8820-45b0-ad25-b338ac5a5c2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672192, "uuid": "74272ed9-54f4-4927-97f3-581303511ca6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4758f0d2-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629553, "uuid": "76a9faa4-0b59-42b8-9383-8584d836e300", "comment": "Malware payload (Formbook)", "value": "df8e2a46bd0e173e75dadd497cbc623f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629553, "uuid": "896818a5-0f4c-4418-b68d-401a0635038e", "comment": "Malware payload (Formbook)", "value": "713fd650404a8c21c99095e65ec570dd73646d43481cb04d4445af289643a6b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629553, "uuid": "94a6545c-ab13-4ba1-ab4a-31ded8a6eaf5", "comment": "Malware payload (Formbook)", "value": "c03cd96f21960a3879fec9e9b329fa8f964e7eba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629553, "uuid": "01430a99-2a8d-4c23-862d-113f246ff1f5", "comment": "Malware payload (Formbook)", "value": "af166fb6a9cffa9a03aec65dfb764270916af4c956dd72660bb83e7c427b41e6180ee1c6a896660d1088b746190b913d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629553, "uuid": "4261370d-d4c6-4dc3-89a3-4f7cf3442cd6", "value": "T12FF4010A37B8944BD1B826F50422B71617727E1A28A8E6EC4CDB75CE45F1FC182937DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629553, "uuid": "4bd2a1df-f97a-4f08-9dc8-828ae166111a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629553, "uuid": "8b13cef1-2c55-4373-842c-312df090fdb2", "value": "12288:vA5WIPr4zvD/FFkg76U1jy/eNWnF/MhtzsqV3ra9BTmVP1qiio1uoh:XXR+GYeN8/stzF32OOiJuo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629553, "uuid": "183ab437-5025-488b-94ab-439bfc7db375", "value": 725504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629553, "uuid": "a969f2fe-2fcb-480a-89ee-0bf6e0adcf53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629553, "uuid": "822440bd-2657-4345-91e1-80dd6fe6d2be", "value": "New order 3110070274 H0006H-S B09.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d20e2b5e-5bc5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695661568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661568, "uuid": "2b1abc34-aa2f-4cf1-9b53-4554869819e3", "comment": "Malware payload (Formbook)", "value": "aa79e4458fd7f7be6b044281984dc3cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661568, "uuid": "78f26d03-bb5d-4bb5-b3b3-6e537848bbb0", "comment": "Malware payload (Formbook)", "value": "716cc459f4685123823a8e5fc94768b3526c0900c98a0e51c5ce4b794b6b9f8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661568, "uuid": "d526c312-3fa6-426b-baaf-6cbdc75796c6", "comment": "Malware payload (Formbook)", "value": "4fa6041b430c958e4c403c3f140783cf1ad05c79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661568, "uuid": "60e655bc-65c9-4dc9-bf9c-df0d6fc58960", "comment": "Malware payload (Formbook)", "value": "a81836ee5ce936a66c1f4e6522f4c4fc2b2a1b2cb7c2ffea91cf905a5af619be5336652f3c2f60e7d0b114a3ecb6e4be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661568, "uuid": "6bb803f9-f58a-49f1-bf43-cdb11f40f2f4", "value": "T145056AAC725075EFC857CD76DAA82C64EA2074BA830BD203A01705ED9E1DA9BDF145F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661568, "uuid": "85bf4591-d68c-4deb-9e3d-c8b2bf996f70", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661568, "uuid": "21ca6f85-493c-4e82-ac0d-d675f9f50342", "value": "24576:IyFdolEMsxb+zqFPoBmjvZIKiUnmOU5uQn:IGYEMsxb+zqJemjvFmOk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661568, "uuid": "c348ff28-6e67-4fe6-82f3-e9c9bf587922", "value": 825344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661568, "uuid": "9c710848-ab03-4a64-b8b0-112dda235d23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661568, "uuid": "66df505f-5068-49a3-af15-5469d70b2c53", "value": "rOrderRequirements-Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bdbd383-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1695644995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644995, "uuid": "e22aafe5-16ab-4245-ab6f-c656d4f74121", "comment": "Malware payload (XWorm)", "value": "9420c67ef63ec9e038c00ebfba98ffa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644995, "uuid": "e3b1960f-f585-44d5-84a9-3a0b2060a94c", "comment": "Malware payload (XWorm)", "value": "7308689b87994a4cb87a7bd91e1711447cc3853fe8ef36c6707ad2f5c2ef2127", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644995, "uuid": "60d098e5-3d20-4076-a610-913ac6987a5e", "comment": "Malware payload (XWorm)", "value": "c2e946b9478f7f3568dcabbebc0f8fb252773fa3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644995, "uuid": "d54aa047-5173-462e-a513-02a27c837a56", "comment": "Malware payload (XWorm)", "value": "fb41c6223f69af0c74a9a29a1c68ab394d8300105d2977f04c200553bed092bb9cb81afb73b80f8dc75c359385f94539", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644995, "uuid": "bccccb5a-eb07-47c3-bb4e-eeba229466d9", "value": "T1BAC48E74039C9E06E98F43F6E220EAB98FF5C06663DA9FCAA944EDF01D97704D901857", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644995, "uuid": "c01ff3e7-d202-4c38-acc4-a6001916e740", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644995, "uuid": "1dcfc2d2-5186-4235-8bb2-954e3ffcb5b7", "value": "12288:iuoY5EC3AZ+j9yqGbPbY7FMYijyhz1O7qFQUA7:icE62S+1yhz1O7qFQp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644995, "uuid": "901e0753-81aa-4d30-9f69-f5cc13bfdd51", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644995, "uuid": "56a4151c-5265-4a53-8ffb-7c4f004fb201", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644995, "uuid": "94b7559c-a29b-481f-b0db-40fbda5de111", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.6339.24340", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94fd8d79-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695653305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653305, "uuid": "8e499fd0-2ba7-4887-9b03-74c336f9183a", "comment": "Malware payload (DarkGate)", "value": "b3f5ca6cf49545229672a4d59678a4bc", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653305, "uuid": "5ab216be-132e-4872-a07a-8c408d78df74", "comment": "Malware payload (DarkGate)", "value": "7444ff37c2e725491977044c105fc5d2d1263b698ac435a716ad6a9ea7e57875", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653305, "uuid": "3981f646-de35-4e8c-8587-b8ce998b9467", "comment": "Malware payload (DarkGate)", "value": "2e8f9004cd44d3214912494ebb59b56f38db88e5", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653305, "uuid": "28ea392e-36bc-4e35-b730-45778ad52467", "comment": "Malware payload (DarkGate)", "value": "dd44bee0c325bba1d8db9a62d4765534dc01dbebe2845c5f0c083b971380dad2c20582ac9e3210e29100ca74f68b272a", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653305, "uuid": "c8a9ac36-b5f5-4845-a5f4-c0a56ed1b636", "value": "T1CD42D50E729348AEC915C176C2FB8371B5FAB4120223972D0AA0D7376EB19B5772DD05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653305, "uuid": "2939f60c-22a3-45be-be7e-d17ff51018d7", "value": "fd410436ce0407a0a8f79bfce8af0bc3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653305, "uuid": "9214dd51-9fcd-47a2-9836-ef1d831b9260", "value": "192:uU5z9iLjq2pJk+/qcJklyJOEdsLsWGQwrgAh:3z9AbJH/IwJOsn/QwrgC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653305, "uuid": "81e28c52-eea4-41a1-b653-b9b203e7fda8", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653305, "uuid": "beec70b5-9c5d-42c8-b4fc-cf736c891b2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653305, "uuid": "3ade3a82-39f8-4e20-9bd1-0287e56c6add", "value": "O.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90082d1f-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695645136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645136, "uuid": "1a09d098-b100-4822-82d6-3473b220069d", "comment": "Malware payload (DarkGate)", "value": "be9c0eb366e8d875a9641ecf2a7333da", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645136, "uuid": "92b4da12-06d5-46b9-95c6-69c3b54ef06b", "comment": "Malware payload (DarkGate)", "value": "7489261cd6b25d6544d0380bd8446748bc6769d2135e286cfeadf995704c2a70", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645136, "uuid": "a288ff1a-c0c9-4ee6-846f-1f3025e0ff32", "comment": "Malware payload (DarkGate)", "value": "45f6ca6a1f78e147da8b236a2dfb72e29b90f695", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645136, "uuid": "3ef8c795-cd15-4229-bd54-ea4c1a4ca23a", "comment": "Malware payload (DarkGate)", "value": "31fd02b19372c7026c417e8b28fbdf3df5baca4cd4fce12ddb72af6a7067d37809d0505cbc91fb4c144a4197a643e5dc", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645136, "uuid": "b12b7dfb-2bf2-4934-ae45-ed0b105c126d", "value": "T1C23254074AC88142C0F58732628A619FEAC581756736C579396ED43CAB90CA995B12E7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645136, "uuid": "129c154f-56c9-4ef9-bc56-2464c7d0289c", "value": "48:8Uw2oMnZ78UT+iDuYwUBWDHVxaMnyc2pU:8MZ78Wrut3arca", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645136, "uuid": "6d25f7b4-c8af-47c5-afba-63e350a373c4", "value": 11961, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645136, "uuid": "4b836234-e4c3-4c46-9f5d-f689148fe64d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645136, "uuid": "77d52edf-77dc-472f-9fd5-e27022d9236a", "value": "L10T.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd2b49c8-5b98-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695642259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642259, "uuid": "f279dbdc-023d-4c18-bfcb-257214f4e2a9", "comment": "Malware payload (AgentTesla)", "value": "8dfb70c7303e256069777352980280c9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642259, "uuid": "0fb08536-7087-4597-a85f-3a963e324d9d", "comment": "Malware payload (AgentTesla)", "value": "74f6d7ec2dc949c022763519c1f4cadeb0e9072246f710e70e4c2e6c3f5b5e77", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642259, "uuid": "f288a17b-5a99-4fea-86e4-a89d9f932ff4", "comment": "Malware payload (AgentTesla)", "value": "fab200317e6cdc71a5ae00134c7f9a2f6cfd86c7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642259, "uuid": "0835faad-76a0-4b31-9a7a-c7680de73cf1", "comment": "Malware payload (AgentTesla)", "value": "2882da85d12c9ca1555fa894b96d5f93f9ca53f74c426b5b7122b19381d50d0eb7469016fef75ef18172f389db5ed2df", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642259, "uuid": "f63e550d-53b8-4864-a516-f25b3d720bad", "value": "T1CAE4015437A91FAAE9BD27FA5264310507F2A8269032FB488DD324DF0975F089F21F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642259, "uuid": "6cb090d1-ada0-4e9f-a16f-dafbce5bbd33", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642259, "uuid": "9249cb0a-7e26-4266-b14a-db9c9077da32", "value": "12288:MVj3hLQvfdxOo7gpXtrj7F725nyCKRSZQJNKhoS/hAlO5FyD5EbJl9pqCDrUb:w7Ms6ThocXyD2JlzjDrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695642259, "uuid": "95c6a16c-a61b-425a-8e27-4185f9a5876a", "value": 678400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695642259, "uuid": "cff1c44b-603e-4d4a-89ab-fd0988f553a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642259, "uuid": "b5f886d4-6c11-4285-891b-c3ab089750d9", "value": "Faktura_Proforma2_2023-07-28-19-PRO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de22046b-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695624652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624652, "uuid": "66785997-29fa-46f8-809d-07b64433d2cd", "comment": "Malware payload (AgentTesla)", "value": "4649f9a0a86c4cd85493e581676597ed", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624652, "uuid": "8584baea-bc6c-45e9-a750-f95bdab95275", "comment": "Malware payload (AgentTesla)", "value": "751dbee7818c202e60ffa8d060cc3c7c05e4ccda824569381c01a948364a8a96", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624652, "uuid": "50b8d85e-af04-4382-acf3-0f55f995b1c8", "comment": "Malware payload (AgentTesla)", "value": "03b06aa5a25bb6db5b18d5a31f0f2d26d4909f06", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624652, "uuid": "82bd5804-1c7e-4f73-a2d1-164e353ac864", "comment": "Malware payload (AgentTesla)", "value": "ce94d19ec248a2af593f9fffa9c204a3cadfddcb3c8787fb83f28b91a616beac7fc200d4f17161d3588543e093271a21", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624652, "uuid": "6278f479-c622-4122-a7b0-863718c317fd", "value": "T17ED1C40167E89736E5734336ACB393911778FB81D997EB6F28C4210BAC577200A72BB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624652, "uuid": "fd5ccb7a-3f73-4059-801c-4d0ba66a15df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624652, "uuid": "331522f4-4fff-4cd3-80f0-9d3557a87c1b", "value": "96:p7zyYkgSn3yKbGCjtCzJmk6/C42DficUuW0tT64zLywge1WzNt:UhvnraitCgkGC4DZC201i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624652, "uuid": "a22a1608-f825-40f4-9336-e6d6a8ed4571", "value": 6656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624652, "uuid": "6d284903-457f-4afa-a65e-5d1b52f591f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624652, "uuid": "9d82dda8-a147-4801-94b7-97c35e024592", "value": "Turkiye 2023 order hitado pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99340287-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695627113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627113, "uuid": "28d95c32-ce52-44bf-a375-636d98a03912", "comment": "Malware payload (Smoke Loader)", "value": "88ac8075678e5b729203b7b3bb5c3121", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627113, "uuid": "4a782164-af22-4087-bad4-5bf7742be8f1", "comment": "Malware payload (Smoke Loader)", "value": "75da61b3e9dee861137ba25a9cff4f1b0c165eae9b0e3b3343eaabd7b0d7d84a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627113, "uuid": "348c0ece-0f55-467b-ab32-d6f73e84253b", "comment": "Malware payload (Smoke Loader)", "value": "43835256ddce8ba64f162489bebab6a8a75544f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627113, "uuid": "bf444312-c662-4f9e-a621-eaa57e55c78e", "comment": "Malware payload (Smoke Loader)", "value": "cb188726baf0d972d6a8d27365d74684b79cef4fd0b9b87e8ab66391fbdad50c80822f69da2de1c48dee67f75a3551bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627113, "uuid": "b6127b15-0b3b-4781-8884-a20150438978", "value": "T14744AE01B4D18072D472313209E4EBBA5A7EB9204B557AEF67D40E7E8F707C197327AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627113, "uuid": "6f64bfc1-b1df-4a74-b20c-c7b144f2e72a", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627113, "uuid": "b565f09c-62e4-41aa-8a4a-8037b9faf0a7", "value": "6144:JR2hrJ+j+5j68KsT6h/OCy5U9uAOgAWTqw6:JRgN+j+5+RsqGGuzrw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627113, "uuid": "0e6309a1-0d20-4a13-a82e-cb59a0615e37", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627113, "uuid": "8855949f-15e1-4421-ac24-7ac7f59a6165", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627113, "uuid": "371f5215-4e44-4315-bd0e-15ab8e3cc599", "value": "SecuriteInfo.com.Win32.Evo-gen.20879.1972", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d4f0281-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695645132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645132, "uuid": "95ed1124-142a-4ff0-a625-01dd59acf57c", "comment": "Malware payload (DarkGate)", "value": "12c77004fdfc248c46c68b60c517afcf", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645132, "uuid": "10c5413e-85c3-4116-baf0-140a51e1dd39", "comment": "Malware payload (DarkGate)", "value": "76c05700db7e88ee5ecd5bf33ea27e0a78b42760253463727d955a41cb9d3fad", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645132, "uuid": "577dbc01-2d5f-479c-9562-11cbd5d7f943", "comment": "Malware payload (DarkGate)", "value": "f9242846efa95efc0c2951b5d4ec0040e09cdcd4", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645132, "uuid": "1eaac138-3983-4926-a23f-41f813aa9f65", "comment": "Malware payload (DarkGate)", "value": "ad87b7221809e912d93cf4e23061b482dbf7c64fd516ea49bba8c7bfca42af2893b30a14655950faaab19e16f34b3b29", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645132, "uuid": "3c6dd274-0008-41cf-8290-2f2f7a282314", "value": "T1A1D154074AC88142C0F58732628A619FEAC581756736C579396ED43CAB90CA995B12E7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645132, "uuid": "7fbbe0cb-46da-48da-97bf-272e5793a8e2", "value": "48:8Uw2oMnZ78UT+iDuYwUBWDHVxaMnyc2pU:8MZ78Wrut3arca", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645132, "uuid": "4f9107a5-47cf-47f7-a0e7-1c3f0860c84e", "value": 6597, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645132, "uuid": "53a49c54-2864-4bf1-9258-dc41ee5c1c1e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645132, "uuid": "53767909-fd1e-4f28-8937-855766075270", "value": "L11T.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb210613-5be3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695674441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674441, "uuid": "1b05b556-4b6e-442e-96af-bbd31f7d4652", "comment": "Malware payload (Smoke Loader)", "value": "d796c717cfcec58b9863f97e33156879", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674441, "uuid": "bea09dee-f969-4dd5-967b-529c1259c889", "comment": "Malware payload (Smoke Loader)", "value": "7827ebf2c67e413ba80e41ec6d7d331a43d99e4107e20e9dc2850bccb9f33c1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674441, "uuid": "b45ac37e-82ef-4f42-a88d-7e866645f981", "comment": "Malware payload (Smoke Loader)", "value": "cd6bc9bb3683256e904ea51be0001fc3b36c4210", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674441, "uuid": "3afde231-d5f9-45e4-afea-23d4216a3824", "comment": "Malware payload (Smoke Loader)", "value": "1f4115a1563a9bd524e765c77bf4889944850b493b0e118461b9dbd7f656833c9526a4ef1229b2515ce13ed308478623", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674441, "uuid": "0cf1f190-955c-4063-89b0-17135b2891fd", "value": "T13F24CF1139F0D072D06B45F48878DAE4BA7FB863ABA5895B33542FAF7D303816766312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674441, "uuid": "cd802b64-9c2e-44ad-bcde-345cb14ab307", "value": "8a8b4a2b07716ec988e9b99557ecabc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674441, "uuid": "77536c27-2773-494a-8a43-5456d511851d", "value": "3072:6VlFH49ECih9JRVr4kVMYo7vaHLIQ0J5+5+xkvT5Rk:uFHZCY9Jr32YKRUAqvTf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695674441, "uuid": "9b6ea5ab-939a-4166-99a0-2cb273e37f28", "value": 228352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695674441, "uuid": "2cd20be9-1a66-4960-b30d-e9324d96495b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674441, "uuid": "fd7027fd-94e9-46c8-a9dd-c21851483ad7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba40fa73-5bc5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695661528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661528, "uuid": "c97a6e3d-8719-4b8d-8c5a-ea43cf7933e9", "comment": "Malware payload", "value": "a2c0d779c9d0318f12d6cd7ffb4ff38d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661528, "uuid": "1a89be83-afa4-47da-8fab-cdab091726fb", "comment": "Malware payload", "value": "7a60541acfe55640d7b996ca858b9631023bb98dde8e242b294903a9826870a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661528, "uuid": "1c457f39-6878-4918-9bea-0beeaff10bb8", "comment": "Malware payload", "value": "e2175551806064fd5ecdca1ebd5e7fa3af98f95a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661528, "uuid": "844ea802-25ad-4e7f-a899-f9751f2c9a4f", "comment": "Malware payload", "value": "63091e1d23750b44cb8eed7395fdc94faa68a715b88dd9750ab427a15f1252f52ec9015ec9bd3846abeac4515130c78b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661528, "uuid": "53532fd5-501c-4f1f-90cf-2468e1717a86", "value": "T19894238D32A09A98E9BE8A3E36B552D0B3F794054961CF3C6CD332D56E93301FB5185B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661528, "uuid": "453a2025-bb55-4c62-8ceb-cefffb40e6b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661528, "uuid": "04feb610-8f12-4129-a6bf-0e4339123b88", "value": "6144:cTr6MqD1G0igu9MCEw/5CUsgPTKBPGRot53qRpoS4lYUzBbeLh8czQ6pYi+NKuX/:/rD6NB6uRwqRpV4lYUzBbbn6pf6ww0K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661528, "uuid": "29a8a47c-295f-457c-ad19-d35cbe8bc4eb", "value": 431104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661528, "uuid": "913f25e4-050a-4986-a1d9-84435069a342", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661528, "uuid": "eb169dfc-16f3-45a9-8de8-6df8d5e5a2c6", "value": "rPurchaseOrder.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90ae6d50-5b8d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Glupteba)", "timestamp": 1695637407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637407, "uuid": "b6ecf111-3d7d-44e7-946a-65ff55e2954c", "comment": "Malware payload (Glupteba)", "value": "97436c741eddd9af54aafb15a62e3129", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637407, "uuid": "19d55e48-dc54-406a-9674-ce1569295e5b", "comment": "Malware payload (Glupteba)", "value": "7b243fdb0e70c99ea3801a57b9916d61441ce66197d763246d9ef0f432c6812b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637407, "uuid": "89344974-2eb6-41bb-9f26-6d9aec97a5d3", "comment": "Malware payload (Glupteba)", "value": "73e97cbdb33acdb6b957bd8e6549d62be0d7b559", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637407, "uuid": "cf087b5a-e7d0-451f-abd6-a885741db5b1", "comment": "Malware payload (Glupteba)", "value": "3b2f4d7ef5a462e6b06048e256d94f682f90a5879f0b18416f09b4e973bd39c08efb8222a1677a5e92364daad984a5f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637407, "uuid": "0129e4fc-ec73-4009-a63e-7aef421c2ae8", "value": "T1BFB6DE237FF2A5B38366743F81225DD8097F327226A7F91C023BB70D05A25459A66F93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637407, "uuid": "7a731d6e-ac6d-463b-98f6-a427263a5cda", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637407, "uuid": "d77b022f-762c-4ff6-b7f0-5276db0f84e1", "value": "196608:MCQmGCXM5YPyZf/d4PQqKCQmGCXM5YPyZf/d4PQqP3228zP4bgkECeT:kvCcKy/d8IvCcKy/d8N+74sMe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637407, "uuid": "51f68a24-db96-4b7c-8bf7-452c7956c196", "value": 11273728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637407, "uuid": "f5c1a2a3-4a24-4a35-b8ef-26f0da5938c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637407, "uuid": "f7ba1d56-4ed3-4865-9259-04f794cb787b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b39161a-5bad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1695650953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650953, "uuid": "7ec5a2df-6121-4921-af93-715290147b6d", "comment": "Malware payload (RecordBreaker)", "value": "d38314bf112cd237d51399e22834b104", "object_relation": "md5", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650953, "uuid": "eac135e0-105d-4f1f-b3cd-600cd53a291b", "comment": "Malware payload (RecordBreaker)", "value": "7b8d9015a962f2a5f628308758632533ce46411a1122d2cf89b44cba9d6db87f", "object_relation": "sha256", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650953, "uuid": "c696c976-2a82-4de6-97cd-45efa0e506e2", "comment": "Malware payload (RecordBreaker)", "value": "07fd85237180fbdce20169e0a135403006b7edc0", "object_relation": "sha1", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650953, "uuid": "3faae891-f938-45eb-b399-5bdc7600b991", "comment": "Malware payload (RecordBreaker)", "value": "f4222e9fe5059658541e0d79654b22e97f6aca9cf40ced19a16300b0d65341e71456d9b5396f0858920c7247757a0af9", "object_relation": "sha3-384", "Tag": [ { "name": "ClearFake", "colour": "#6536C9", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650953, "uuid": "6edc0b8e-f437-4fa5-b884-1fbcff99b3b4", "value": "T1709633C66147FC9AF80E8C33D0BF2991D62650B1B156E830FBC9F714652AAB0C1576BB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650953, "uuid": "3b2dd250-0557-49ef-93e0-753e115ebd50", "value": "196608:YSST7Ss9AMClxTLWfkft1uihSkznhSjf3HOlyY7+dp:YSS37x6xl1b03Olyx/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695650953, "uuid": "48288af9-9511-44a5-8331-22c311b334f9", "value": 8872994, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695650953, "uuid": "24e1b62b-12f0-43aa-8599-27a0c97ae544", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650953, "uuid": "e190d3be-c6b1-489a-82fc-18107dc75daf", "value": "Chr\u043em\u0435S\u0435tu\u0440.msix", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fea210c7-5bc9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695663361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695663361, "uuid": "abf56aa1-c090-4c83-b8a2-0ab77687195f", "comment": "Malware payload", "value": "0d998bbf72066582438c5558f355b0c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695663361, "uuid": "3b69dfa6-d235-4637-a279-f5ca222cb95b", "comment": "Malware payload", "value": "7b8de53f96ac0dafb7095d9daa99d7e0662707816347094f7f6ff3fe870c099d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695663361, "uuid": "e3df1600-2f42-4765-975a-7ca97ff0d275", "comment": "Malware payload", "value": "d5a5520b559c4286d53c6c40c222f49da2117b9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695663361, "uuid": "1dc8977a-b320-43c1-bd59-1d1f6e6433a4", "comment": "Malware payload", "value": "807d57b4c815cd318ac868f6b8db12e0c0c38d2fdba03ffda56b03eb81cf33666fc05beaf360ee7cad2e024ba4584683", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695663361, "uuid": "1ae4c86e-ac45-45cc-8fc0-3f1aef6bcbb3", "value": "T1F7D4AE5531EA5646F436FBB30BABF94587FEF2F5922EFA297C87028680E1D40DA01135", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695663361, "uuid": "9799d6dc-42ff-42f9-9b54-e0a4e537595e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695663361, "uuid": "5142295d-0437-46be-9611-dbe9c6c7965d", "value": "12288:IGQJcWwDCU32YgcNF8DHyw2olddT9YMKAdu3blnuu91Km3q:XCqgcQDkolTKuu3xP91ha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695663361, "uuid": "bf090372-1091-4046-8901-1b127f89006b", "value": 601088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695663361, "uuid": "b4442be8-0a96-4181-a6f0-d1b046ff7c3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695663361, "uuid": "4a2c61c6-cf86-4d39-9546-3c9cf71ddae5", "value": "SecuriteInfo.com.Trojan.Olock.1.29023.11723", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eea14b55-5b93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695640141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640141, "uuid": "117b1681-d01e-40eb-8af9-c4211dddb08e", "comment": "Malware payload (RedLineStealer)", "value": "c98fba753137c3f36eb816e6a31065d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640141, "uuid": "b2d2c582-aae0-43f6-8fea-a61be55958b6", "comment": "Malware payload (RedLineStealer)", "value": "7cbe1968e050a99fac6876e6497937895ad91e29873af401b290b11575a40b31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640141, "uuid": "6a85a902-c78a-4fe2-bf41-bd3f2c4d2504", "comment": "Malware payload (RedLineStealer)", "value": "0bf712ec9349c0cd90518a40c01a4544ef712cac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640141, "uuid": "9262c5b2-f4d1-4e19-8876-e8d51f92a3a6", "comment": "Malware payload (RedLineStealer)", "value": "9baebfc5827b037aefa06a577a2e36b2dbe4bbc957557f4269f09e745d88b3f685e2cc855f522ad4732f0d70ef88be44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640141, "uuid": "1c9f4566-1bf7-47f5-bfaa-025eb274f821", "value": "T14414C01076F1C033D67B48745934D6E07A3BBCA26A75C79B32583B6F3D323919A96312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640141, "uuid": "df2094b3-bd0f-4ff2-914e-9de30de332b1", "value": "4ea361ab120c57b8b80c2f6f90919695", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640141, "uuid": "d32bf786-e7e5-4285-8d5e-e0090b46a919", "value": "3072:SsErbaZ+y4zWJuwFT6MZn7BmbG7LplBs2dvYYei0R8Q5C2UT:grbaZ0K7YG7LplBs2dvleDK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695640141, "uuid": "fcd61dc1-32fe-4608-9d93-94131d1df6df", "value": 204288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695640141, "uuid": "880e65ad-b369-4280-ba74-85a48c79dc35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640141, "uuid": "99e4f4aa-9a38-4a24-a307-05cca4de5057", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3495317-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1695644793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644793, "uuid": "1cede97a-c957-4096-89a0-f1bcf7df2dda", "comment": "Malware payload (DBatLoader)", "value": "bd26661f88b0ea96cbab760644eb76bd", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644793, "uuid": "ecbf8be5-1a69-47d4-a46d-02ef4155f571", "comment": "Malware payload (DBatLoader)", "value": "7d42baf12969f24e3f68e53b146b4f049c1f772396c2e68c1a18bf75e26992ad", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644793, "uuid": "32999f43-efe5-4bde-b08d-9bd66dd99db6", "comment": "Malware payload (DBatLoader)", "value": "134b0dde0f9dfca361244080c78b5f95fc6004b0", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644793, "uuid": "dd130688-41b1-4c69-8a85-04d17aa82ced", "comment": "Malware payload (DBatLoader)", "value": "31dd8867f6c89a98ec3ee8a107dbaf246eafa83d27ead5b6aee463b1af16f8f158c6085f812b649aa34683d2cb79588a", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644793, "uuid": "bbbc6f0c-823b-432f-b348-f793033f0859", "value": "T11E559EE073620C71D4A625BDCC4BB3A40AFB3DE4691519CE82E1B90B6DB6391FD6406F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644793, "uuid": "5ad1cf78-78b8-4ee2-891b-4750854711c8", "value": "a0e9dc9591e2488a1f74a4ff8bdd1c55", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644793, "uuid": "b74b6ff0-bc8f-4868-8c96-ca4180a2b7aa", "value": "12288:dN7i6PeBQ9p1nU+Ji+/F1u1mlNHbsgyAvBvvc+X2B+d4ELSQZBLLKbIt383739Db:d5i6lnUr+fuMpNDJ2UxtkRN0D9i1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644793, "uuid": "3f06b975-9168-4e0b-819f-89904f7fb06a", "value": 1281024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644793, "uuid": "2c588192-d237-482f-9beb-f3aa4a783018", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644793, "uuid": "32b928d8-34cd-4394-b7a3-9e33fe0f1983", "value": "deposit n.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ab403c8-5b8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695637746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637746, "uuid": "59c83c17-c5ff-4988-96e1-3d3a1842c431", "comment": "Malware payload (MysticStealer)", "value": "8a7a8c48210b648337ce5e3e50a93247", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637746, "uuid": "0c49d1c2-770a-4248-886d-fbf99ff93988", "comment": "Malware payload (MysticStealer)", "value": "7d79a1df738e4cbfb2579a0641a2dd0221c064851e444cd941507b3d19d92d9d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637746, "uuid": "2e0a1adb-158b-4825-ba09-19c4683c8267", "comment": "Malware payload (MysticStealer)", "value": "e374fcece4b1d531e2a93d85d514d4ab3db72cbb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637746, "uuid": "e050da59-6a52-48f2-ac28-93a0de7eb045", "comment": "Malware payload (MysticStealer)", "value": "2259e44a80974aa83c172dfd1ce20fae05e3cfa645671f3b6b287f6e6fb5dafeb8ed66992da1808a6210805c9aa2a919", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637746, "uuid": "20a8dc93-b814-40ce-804b-c680c42a836f", "value": "T14F84AD12B4D14072C021E7330591DBB6867DA462172D8FEF2BA15F2ECB746C29B7C96B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637746, "uuid": "51e69d05-98ce-4eee-8b6e-d8ab5acef551", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637746, "uuid": "9b6c15a3-7f67-475d-9770-7f04645afef4", "value": "6144:1lP4hHX110KwTVSf3pOCq5b6uAOdL1pPHRl1Tm7k2ekXdqwm:1lPe3110dVaUcubL7pl1Tm7swm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637746, "uuid": "ac24b0df-3ddd-4aa8-b125-a778fbac1e52", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637746, "uuid": "3894da7d-f6be-4e0f-9318-aa72e7a7c403", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637746, "uuid": "2d9776a7-bb31-4acf-913a-dab29c3714f4", "value": "SecuriteInfo.com.Win32.Evo-gen.15945.1775", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a0e2005-5b8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695637744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637744, "uuid": "7a692478-6f20-4e30-9c76-f6db7371229c", "comment": "Malware payload (RedLineStealer)", "value": "88c475d6ebf6d1ce9dce9881681ee187", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637744, "uuid": "b24ba0ba-a278-4ff8-81ca-f13750377925", "comment": "Malware payload (RedLineStealer)", "value": "7e125512e333333c07a27e408ce6d143afff960aec73ece55c575c69f995b3c2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637744, "uuid": "8ed7e792-8be8-4bc9-a3ad-ea2a698aa1c0", "comment": "Malware payload (RedLineStealer)", "value": "fd9681902fd4675ab69d8ef8c80f404936e3134b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637744, "uuid": "2865838e-a03d-422e-b496-0cb849e5b02e", "comment": "Malware payload (RedLineStealer)", "value": "550866fd6923cbba5abde4675b7cca93f2cf4f598f05f4abda226aa91c351e92d92c3f57d30185ac6f23b7f6139328e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637744, "uuid": "973031af-151a-4836-8f34-291cf0097234", "value": "T1CF44AE01B4D18472F472213205E4EBB65A3EB9E34B515AEF67940E3E8F707C1D7326AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637744, "uuid": "d864949d-25a5-4b39-b340-6c72e82e6027", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637744, "uuid": "cf0b0fa6-a4a8-466f-8967-6a6f354098df", "value": "6144:kRIhrJ+j+5j68KsT6h/OCy5U9uAOTAMXqw6:kRuN+j+5+RsqGGumM6w6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637744, "uuid": "65575188-818f-48ff-b173-fd0b15a42d39", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637744, "uuid": "a27fc517-bdb8-4ac7-9c9c-a97aa6226f26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637744, "uuid": "235764b9-a3d8-45f9-82eb-27e12fc65891", "value": "SecuriteInfo.com.Win32.Evo-gen.31686.767", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43a6f4f0-5bb0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695652310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652310, "uuid": "84488bea-1334-4889-9a15-afb54696c090", "comment": "Malware payload (RedLineStealer)", "value": "3316c6bafcfdf4e7ac5b831c0c37ae55", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652310, "uuid": "88b62b54-92d5-49f1-888e-48bfcf37e810", "comment": "Malware payload (RedLineStealer)", "value": "7ee6104f07480d05cec25ec7e995ffefee5ff0c12c430e6060213bb050e0da93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652310, "uuid": "1718d3fb-8564-4dd0-b1c6-13ebd35f3b3e", "comment": "Malware payload (RedLineStealer)", "value": "6156d2cc01861ed6460b5320fd4fefdff71142d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695652310, "uuid": "11405e86-ce90-4739-8565-188cf06c9e0d", "comment": "Malware payload (RedLineStealer)", "value": "2cae54f94997659b072bd8aef2e5d50435627000c075435f622a939e9101c7f0c707cf356e7e0c43950c4ed05fcf2d98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652310, "uuid": "588ca579-20e5-4cc1-b417-0cc8998b2fbe", "value": "T16544AE11B5E08432D47A153209E4D7BA5A3DB9600B9159FBA7E44F7E8F303C1AE31A6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652310, "uuid": "2c6767ee-4890-4e76-9dfc-3029c4282542", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652310, "uuid": "1ef5452f-0bb9-497e-a76c-d6fa326b81f5", "value": "6144:g0D2Lr/V90d2WxjV/hAOImTck+PloPGCV:gDLr/E7em9+PUGCV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695652310, "uuid": "7890387a-8300-44b5-9aae-829a223b5d7e", "value": 260472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695652310, "uuid": "bd24d374-7d72-415d-aa08-919812ce230f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695652310, "uuid": "c6a4694e-269c-47c1-bc48-43fe13f894a4", "value": "SecuriteInfo.com.Win32.PWSX-gen.7943.32559", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5e88efc-5b94-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1695640449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640449, "uuid": "77383984-fe70-4432-804f-156921acce4b", "comment": "Malware payload (Fabookie)", "value": "8e3140570d5ccb6a70485e337ab2c70e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640449, "uuid": "ff60d59b-def4-4d6c-9b9f-da0e81b80167", "comment": "Malware payload (Fabookie)", "value": "8017cea05873a48457494fe1010b91772aa5f402837b4d09d639f51c77f48e0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640449, "uuid": "9630ecc2-0e24-4e8f-8538-3385c87fe517", "comment": "Malware payload (Fabookie)", "value": "0fec0c2fb8561ea222520ee7b9dfcf4ebd2b75db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640449, "uuid": "dd02cf42-b8d7-48ae-9687-0984a9c640f6", "comment": "Malware payload (Fabookie)", "value": "622df016d5bd009de97d334b3869dd52027be3d660fbc39dc864a2153090897185590f756c62cb02ae3c9eb880f5e0ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640449, "uuid": "57524b82-51ea-432b-9fe9-cc821af37868", "value": "T19A949ED2E34040E5D477C2B982774B62E7F27C285B214ADF4659B6392F337D28936A0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640449, "uuid": "4f54a38b-8dcc-47ca-bfab-e51c2a6090d8", "value": "d1884757532ce7b0014241f40262c929", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640449, "uuid": "7afa06e8-cee0-42fd-b382-5278ba4e302c", "value": "6144:ulX73J3gYx1K4iIfO9rDDWy4t0+eoJAbB3T+cbJp:a3JwYHKGq/Q0+5cCIJp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695640449, "uuid": "19dff192-b624-4c8a-bdf1-8e5c8a711df7", "value": 430080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695640449, "uuid": "c46e32b0-9aa5-49c7-897e-d4b7fc652fb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640449, "uuid": "6b450fb8-a668-469e-bca8-6ed8930ae813", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "089b2320-5bba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695656506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695656506, "uuid": "00da9e4f-ee4f-481a-9d3d-740d06dae051", "comment": "Malware payload (GuLoader)", "value": "0d3177129b36b3adb1d12acd38a5f5bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695656506, "uuid": "4b53c7d7-4170-4bee-9d89-fb04bf89ffe7", "comment": "Malware payload (GuLoader)", "value": "8139c59480a81ced0318dce23dde7d6e013b215b715ffc755fe05cb6feee6478", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695656506, "uuid": "ad9e7c6f-86e3-4bcb-ab76-a7a6980fb6f1", "comment": "Malware payload (GuLoader)", "value": "e32dc5280e34bc6cbf403846bdf64f639962d88a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695656506, "uuid": "7485189d-a251-4d75-9e83-fd7ad119a32f", "comment": "Malware payload (GuLoader)", "value": "c76243abe33ce4a6de2c76a01d022cd05a1de5bccb5633eff9d74affd4df82e947568f6d9cc80319fecb885e38ffee2e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695656506, "uuid": "d105e524-e075-4d22-a72c-c1b12d9fc79a", "value": "T16945125ABA28D156E9BE6E76DC1EC4F1A6B8BC6AD810130F3191FF2E75F2301040B95D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695656506, "uuid": "473aeae6-6c90-4365-8d57-e70d58898dd3", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695656506, "uuid": "e34a81b2-49f3-4816-9f1c-284ac31346a2", "value": "24576:ZrQ0QpEazeo52k95ACjKC4onl8Q3wlRjMPybTJmUO:SjioAIACjKCxl13ojMPybls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695656506, "uuid": "3c49d133-33cf-474d-bdda-ce3795cdd3c9", "value": 1236000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695656506, "uuid": "3d2bb656-2738-4a6c-a82e-f4356cbc98b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695656506, "uuid": "56ba5cbc-d8a5-4514-9aee-cf8793ba8e26", "value": "Pivoting.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "483065e5-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629554, "uuid": "f4f6117a-8aee-4bf5-b8c1-cab92614b5a2", "comment": "Malware payload (Formbook)", "value": "38638fca807b576662456043e90da26e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629554, "uuid": "d0e1caed-db70-4c8f-90df-c1e4a846fb63", "comment": "Malware payload (Formbook)", "value": "8431d632b1a6c295b8747bb4bf54c74a4882f16800c264c8c71dce0d0f4e1d30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629554, "uuid": "0a344115-d152-430a-a66b-4e556f61f18a", "comment": "Malware payload (Formbook)", "value": "d2c77bf272b886fc3b12e9be07dee02a5707196e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629554, "uuid": "46b928be-4b92-4239-8e0e-ab7235d6fe4f", "comment": "Malware payload (Formbook)", "value": "eed860d48fd4dca5bce160c6b37b112b5103b16754d4a41aee4117003757d337a3e2851544717c6cfa77fb9fbc9cd2cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629554, "uuid": "5959a622-18f9-4f68-85df-61866dc5540a", "value": "T13495F707B68789B2CD4C9737C9DB140C03A6DBA17323D61A398F336A19437BA5B49727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629554, "uuid": "d1eb4283-5087-4573-a0f1-68fc24fd990f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629554, "uuid": "3a68459e-0384-4813-8641-b2b263de5965", "value": "24576:8IVFLp7J6yx3fxD16lORcOQ+/9Z5C38D3Tvrn47rme5rEKXHi8aqw:8cfx75R/9Z5C38DzjkmArE18a7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629554, "uuid": "a260288f-cc2a-4d5e-b421-4779087318f8", "value": 2028032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629554, "uuid": "8a01f22d-699e-433b-bb1b-f3dbd9f1e8d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629554, "uuid": "5a0e1a42-3ad2-4810-86b9-a843bdee6b8f", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66ba55bb-5ba8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1695648933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648933, "uuid": "41236afd-90a3-4756-a928-ceb52bef2d88", "comment": "Malware payload (RemcosRAT)", "value": "6e37654ce873171dbdfa7f5a87deaada", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648933, "uuid": "6d42fada-a903-439b-8bcb-722dcecc7841", "comment": "Malware payload (RemcosRAT)", "value": "84602e03565b814fac56bbc74eb914dc52dab891658b99cb209aae46ae4d972b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648933, "uuid": "ab9d5da6-21fe-4118-b24c-6be22ebdbb63", "comment": "Malware payload (RemcosRAT)", "value": "4fb5f0fc53851b609addc84bcb1d51a6b98a62c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648933, "uuid": "d855197a-e6b7-4113-a177-7353dea1445b", "comment": "Malware payload (RemcosRAT)", "value": "f51abe8c0ffe6c6b36f691e13705d2a0146f9628a13fc81dae2f2865d77231abca40cde47e61fae7a49d05c61f1c232a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648933, "uuid": "8b6e68bc-5b06-4d1c-bf18-a2817e614aaf", "value": "T12C64AE927095C432E4EB623249A0D7BB9A393D1116159DDB23EC1B6F0F733D2AB31726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648933, "uuid": "20c0ce6b-ddba-451a-a738-9b6ead4cacb0", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648933, "uuid": "f75c45b6-9bc4-49dd-b112-a632b55106b4", "value": "6144:+1HDMwA+6d89ixSV6ZAOvEl4V1N5NKOR17QZHrxFoPGCe:+JMwAZjZEw5NaZyGCe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648933, "uuid": "d8161672-1bbd-42a4-ae8f-0092f1cdbf08", "value": 321992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648933, "uuid": "9acbc94a-3112-4c21-a615-9afc50ec8699", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648933, "uuid": "3117e8df-8eb0-40db-99d7-ec622777f5d6", "value": "PEDIDO-25-09-23-63329020.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e47027e-5bdc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695671199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695671199, "uuid": "b272a693-fe19-4491-a6f9-9a0d4bde3874", "comment": "Malware payload", "value": "e8663d7b3eec9509ed49d5a85d0c39d1", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695671199, "uuid": "172cafde-bf97-499c-adca-d36900827989", "comment": "Malware payload", "value": "846a04a5a04dad7129abe56d82b0578d4e2af6d6f73cfdf9de364c001d00c24d", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695671199, "uuid": "3b8439ee-8400-40dc-af99-461822c72c42", "comment": "Malware payload", "value": "af654776384ece12c2274ae39acfebb6cc39f639", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695671199, "uuid": "db9a04ad-d3bf-437c-9989-0f620c09fcdf", "comment": "Malware payload", "value": "1178cd9cdff9d5b0e2e2c638840a0397deb2540a8dab4eb2d14e46aa27372e819203807df7a338406c17043f13a13580", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695671199, "uuid": "56264bfe-2f06-4266-a25e-aa11d372a0aa", "value": "T1AC6533B05F9A4D9CCEB52DB9D43E085B360F44886DCEFB9F39390A607D748C4B099869", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695671199, "uuid": "5e829d78-67c8-4702-b9c3-b173287acace", "value": "24576:I+ldHt80bCRpsURse2h2q6oFU9Leazuoq/7t7gD09gFnCHzS+cNfS0:IYdH2aURQ2ZoALeAu1REw9fHO+cr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695671199, "uuid": "646216f8-fb49-4786-b469-3ef4a6259200", "value": 1489290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695671199, "uuid": "ac09f724-fe57-4ade-8800-1585ac542e2b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695671199, "uuid": "6727c54e-202b-4b00-ad2e-080defa7842a", "value": "ChromeUpdate.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d54687cc-5bac-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695650836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650836, "uuid": "a7c90778-9060-4e7c-83e6-be5728a999e2", "comment": "Malware payload (Formbook)", "value": "06640d6fef7486b59f195b6f68bfa4aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650836, "uuid": "d2cdbb31-a3f2-45e7-918e-24e8a27bcb5c", "comment": "Malware payload (Formbook)", "value": "853fe8e34e777301e1a3f1f11a9d3f5207c891d1e29ebe7d2b9d6a5230a795ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650836, "uuid": "f956c44b-eaf6-4240-a6a7-75e90df8a55a", "comment": "Malware payload (Formbook)", "value": "3e8fd212c96f5c0917163692c6b24336075720a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650836, "uuid": "cea2542d-6efd-439e-8ee7-1616d00a8a28", "comment": "Malware payload (Formbook)", "value": "7914ed0ce81eb39920b22c585c282def089ff8068b356e1f8fb213303cc402d2890ac8abaf0e32483200894d3a45a4b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650836, "uuid": "dfceb4bb-802a-4e5a-88e5-b1ab730dd58a", "value": "T12B45015AB528D15AE9BD6E76DC1EC4F1AAB8BCA7D810130B3194FF2E75F2300140BA5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650836, "uuid": "2476a3ea-bc67-4665-8a2c-9c1eec09d051", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650836, "uuid": "56d82e83-a401-4720-89eb-86a0ef8f816a", "value": "24576:KeVA8wj/3Ur/RUpL+k95ACjKC4onl8Q3wlRjMPybTJmU+:R6j3Ur/mpL+IACjKCxl13ojMPyblo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695650836, "uuid": "630d2f25-2d01-43b6-a823-e921adc75a7e", "value": 1221376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695650836, "uuid": "b19cdf85-55a9-4fb0-8652-4eed850ccafa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650836, "uuid": "b5fb0bfa-e232-4722-b39e-24e1bb96f399", "value": "Kammeradvokat16.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23b2b6a4-5b78-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695628204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628204, "uuid": "3e17aac4-79c1-4701-8c5d-c6b3555e5f58", "comment": "Malware payload (Mirai)", "value": "2da155742b2195bdb887ffe4cfe714e5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628204, "uuid": "05a89705-bd03-4d75-af96-94432979c23e", "comment": "Malware payload (Mirai)", "value": "85c453a01a87fde30d3ee161195a33999725992f9079860d53d265d16cb9f377", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628204, "uuid": "8b0b9f67-890d-4993-baf7-c1ad553b6be2", "comment": "Malware payload (Mirai)", "value": "1452bcee3cd1edebd1df9b0d24f61b7c524cfcfb", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628204, "uuid": "9f169796-228c-4428-a59e-2522e6d3bd05", "comment": "Malware payload (Mirai)", "value": "f0d2eb6870cf9fb7714531a24fb057c74a8be4e73f9fe9278b47d29813a88f213315a0425b7957e9f926df49723fc44d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628204, "uuid": "6a2b32a7-083e-4e9f-92b1-d27ce9b43ffe", "value": "T168D2F16993AE5BACC754537C91AD0C752460FCC5A74DDF20239BCFEA276B2491238C9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628204, "uuid": "77e77c01-bf56-47a4-b1d3-64e594c2f5e9", "value": "384:MpHySecXppaIhldKlsQzYWiD1GYhcTvgsni6A16gfp+ljNFdaZOA5RaiQ7KB60pS:7s3hldqrz2MfiVcljTdaZPiKIXGeyK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695628204, "uuid": "1e7c7caf-2aff-457e-9fae-ab600966e93e", "value": 28492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695628204, "uuid": "166d4ecb-d90b-44f4-b591-52c378a67f69", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628204, "uuid": "cb47baf7-e534-491e-ac22-a43de9d420b1", "value": "maCx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c36ecd0c-5b6a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695622459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622459, "uuid": "b1ab545e-0155-4212-bcd2-2a1245b8212b", "comment": "Malware payload (IRATA)", "value": "43b20600f1ad85d8c2e1e348f1b7e71f", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622459, "uuid": "7572a0ab-20c6-44d8-9a57-a202847fabfa", "comment": "Malware payload (IRATA)", "value": "8610f9d818e8f7fab8f361dc89dff0d9c68496bc7dd5f3f5b68637f4cb5be942", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622459, "uuid": "338a813a-36de-43b1-991e-cb80395d7cce", "comment": "Malware payload (IRATA)", "value": "4c902b844cc6d64f8625f6b13ad8111e386d39de", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622459, "uuid": "74f4bdbf-e07c-44e8-bdb6-ea6e93c0a7d4", "comment": "Malware payload (IRATA)", "value": "20d7ca7dd280818c1f98c6f422f47639a84e4bd6bc47a7eee679300647ceabe01ad19068ff28b62ff97bf73c53c0e5a5", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622459, "uuid": "f68e78ad-27ab-4999-b3bf-6a2468f6adcc", "value": "T1C5A533B3F36AE121CBABAD754809A2431DB71E760E17CE8B7864331819B3BF8574C585", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622459, "uuid": "b52b0781-22ec-4703-95f4-658d68b23b18", "value": "49152:AE6YlaOhLCdEHcpt6rZOq7moILJy5Atj2GxJuKIycWbeK8jV/A:ALwVRMNz6rr7moIlQAtxkzd2eFpY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695622459, "uuid": "b2763c3e-4264-487b-bc08-642468165f01", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695622459, "uuid": "093156b9-25cb-4d41-929f-822de7dcbf64", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622459, "uuid": "b1afae02-2e46-465f-9ab5-3294907a9e37", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8a6f4f1-5bc5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695661552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661552, "uuid": "0d90f050-3d2d-4ac6-ab45-f36524fcc1a1", "comment": "Malware payload", "value": "b6320d22e755af491f52808b8da9d783", "object_relation": "md5", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661552, "uuid": "2823586c-8c37-4854-acbb-75c605e15932", "comment": "Malware payload", "value": "86baaeb71216aeb8c4f50ff4d979c866e4d29fe09984a82ef153d447f70e9614", "object_relation": "sha256", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661552, "uuid": "d46ebade-8a28-4cfa-90e6-0cba48457c03", "comment": "Malware payload", "value": "68ceea6b74b0f8768d884c1b149732355244628e", "object_relation": "sha1", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661552, "uuid": "e873475f-3131-4ffa-848d-f27dedbf3dd2", "comment": "Malware payload", "value": "1e08b839e08ada271c3e9017b876cf8bb18b9c1ecfa0e79ea541a4a67ca5b17477ce1afd6025d8149b7cfa69282e9b64", "object_relation": "sha3-384", "Tag": [ { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661552, "uuid": "c9d87f6d-537e-4ec4-997b-5a4f652419ef", "value": "T1B9C423DA6F6875C3F19427FF8B181CC636F5881DDC1439BB2FD2D092B409948A99E983", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661552, "uuid": "de72a1ab-4737-4d3d-bc0d-67f5176b6846", "value": "12288:Joq9GIJqUmiGtyxtQ2ATDSbjXCKWEWfXHVtSkaW:Oq9GGnmjyxtQxDS/XCvnXV4kv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661552, "uuid": "ce76a963-428e-4128-a94d-d6400b043abb", "value": 583112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661552, "uuid": "3ad1665c-2a7e-4b77-81f8-133dada8148b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661552, "uuid": "8fc6d514-afe0-4db6-b1c6-b2af761492e8", "value": "nQUOTATION_SEPT9FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eba133b-5ba5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695647496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647496, "uuid": "b125edc1-4cf5-45f1-a9b1-f948450d086b", "comment": "Malware payload (AgentTesla)", "value": "9ac9a745e98c77f945e655ce80161af6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647496, "uuid": "d27bf401-d35b-451e-a141-bd30c24d81b0", "comment": "Malware payload (AgentTesla)", "value": "8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647496, "uuid": "89be0324-dba0-4713-a98f-9a17a6026735", "comment": "Malware payload (AgentTesla)", "value": "56b3bf4cdc71b07dd357908eeafe64c7f92bce3e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647496, "uuid": "e0b9935d-1154-422c-9058-24d9ebd49cc9", "comment": "Malware payload (AgentTesla)", "value": "7edddcd753c7394849fe2a8f2089d59d69fd8693ee02519a2dafde9cf30a5f993a798266aa5b6c9cbedb7d0f672b43e2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647496, "uuid": "0b5ab68b-5a64-4a3d-bd76-1910f6738ee8", "value": "T1EE2533436C25ACFE8A7CF6644A2F6D0EAB209F610144F0A8BAF7A8C3566D5D4444FC5F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647496, "uuid": "b6c404a9-7696-49e6-a940-b000765538fd", "value": "24576:7HqbMp1JN/BHckc9qbbf3OdmxSy0X76fmknTuDfMZlWZEVq3PH:lDN9bGgozX7uNI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695647496, "uuid": "1b92373a-a8ca-488c-8c57-4bebfcb41d09", "value": 1041050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695647496, "uuid": "81172128-4154-4a83-89be-792b8ca8616d", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647496, "uuid": "c48721d0-44cc-42b2-b7a8-cd895c21f7f6", "value": "Description for your reference.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea122ddc-5b85-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695634121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634121, "uuid": "571386b3-26e0-40ee-88b0-bddad412e449", "comment": "Malware payload", "value": "7f955c54264edd22b3a3dcd5026f79d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phonzy", "colour": "#0F697A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634121, "uuid": "530a9af4-7cec-404e-84ce-2c88d4bb26f0", "comment": "Malware payload", "value": "8721a216942198e27e76859d4be40f5bdd239c8af6db0589903e409173b68cd0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phonzy", "colour": "#0F697A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634121, "uuid": "aa58868f-e9d0-4711-b4f9-6ecf454e4ddd", "comment": "Malware payload", "value": "017238127af8c657340fd6934d062d2223a6a5fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phonzy", "colour": "#0F697A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695634121, "uuid": "60dd4908-342a-47b2-a4e7-203d81d21971", "comment": "Malware payload", "value": "8c913544d9af2aa82dd45d6e2a9fe91901b3e7b650a6686f7e8413b45ae7d8a69ff386914666960a0dee44a676d2be9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "phonzy", "colour": "#0F697A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634121, "uuid": "e59a2558-566d-4ac2-82be-bea93993fd07", "value": "T19C07339D9F373DB1E7ADB57733242A185F02926B46FBD2E931073D8E0D06A198B8E111", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634121, "uuid": "e3d0c7c7-703e-4510-869c-25339f2f2f64", "value": "2e08576bb948c85a9a22e6393bcb27a5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634121, "uuid": "2d350a03-af5e-4642-a502-e3ae172db5d2", "value": "393216:gLaemqNf5hUd01HJDSKIlR2Bbp+kHfJHsPdXHdT:gLdZRhUd01HJmzCp+2fZsV1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695634121, "uuid": "922f47b2-7246-48e5-8ce6-9aa0cbba7d87", "value": 18142224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695634121, "uuid": "72bda7f1-b851-46ab-b94a-4a3638172b98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695634121, "uuid": "3e1dba67-e7cd-4a6b-bdf1-a9bc99267afa", "value": "69ad59eb283ce634c330f68ed6fe204c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c03f3475-5b7d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695630614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630614, "uuid": "7b8d1f67-96a2-4e73-8183-8a00883954af", "comment": "Malware payload (MysticStealer)", "value": "5980b6cc717434ee79701405524c96f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630614, "uuid": "ab973972-c800-49b3-9a30-b0221779b63f", "comment": "Malware payload (MysticStealer)", "value": "87a9ac10ca877903a85db8ee2667af0e46ee98bbe47fc596102c672e93979939", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630614, "uuid": "232aacfd-0fb9-4ddb-b3af-45873b7f6c56", "comment": "Malware payload (MysticStealer)", "value": "d0686f507d3e6c916e81a91fa4e43a9f496f6807", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630614, "uuid": "1658b4f4-b80f-44e8-80e7-dd7b1ee1272c", "comment": "Malware payload (MysticStealer)", "value": "dd750f9bb58323848e632c25dccc44e1cc433764254277bbccb9e98eeda80c27ef98dfb082df0aace15d66b32c535f3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630614, "uuid": "29e0b24c-af1b-4227-8383-1789d46c8ba7", "value": "T19684AEA9B4C0C072F6A661300E64AAADC53EB8E8C35057AF63D04D7D4BB43D197F35A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630614, "uuid": "2cef4311-f64c-43d1-b927-cd93c993cc21", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630614, "uuid": "273c0c6b-76b6-405b-af10-1de3670b7106", "value": "6144:7lPxhHX110KwTVSf3pOCq5b6uAOXgpKqUI8LVHasV3AlQ+952G1+wxM5MGXUlqwm:7lPn3110dVaUcuFMkrHhlAT952G1+wxk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695630614, "uuid": "f078703f-65de-4483-bc32-cfa51a588a94", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695630614, "uuid": "11619604-dff1-4fdb-8f10-4898d1b1f991", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630614, "uuid": "93bd43ac-4cbc-462c-bddc-b1be15105bc5", "value": "SecuriteInfo.com.Win32.Evo-gen.6281.24897", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a511d17-5be3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (N-W0rm)", "timestamp": 1695674118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674118, "uuid": "540b06cb-26ed-496b-a09f-7186f7b32b8b", "comment": "Malware payload (N-W0rm)", "value": "3cc17ed3aee48daf1550b90092243453", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674118, "uuid": "5e277b4d-f46b-487b-804b-925aa8129e03", "comment": "Malware payload (N-W0rm)", "value": "898a9004303b0a20ba875ef64b7f65e63ee902dc3dd9f5b64cf71f25ee5c6cd3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674118, "uuid": "b1d27b6c-8b8f-4346-be7b-1642dc4f0df0", "comment": "Malware payload (N-W0rm)", "value": "2ae6e74d3c86a6a357e3b10899416d8add1c924c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674118, "uuid": "550e9826-83ad-483b-b674-4bf82e79a3d5", "comment": "Malware payload (N-W0rm)", "value": "35a618991755666e966aee03a67d0ead3fe48b0e154f24e58f87786d7e8428ef9503081e2ef8a7e3ffa6acac8c14345a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "N-W0rm", "colour": "#152A57", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674118, "uuid": "6eb5fd5f-bc48-4066-80c0-cf73cce4ecf7", "value": "T1B8F5F13FB268653EC5AA0B3245B3D270597B7E50681A8C1E17F43D0EEF364601E3BA56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674118, "uuid": "59ca8a8e-4c50-42cb-baec-ffbe91642445", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674118, "uuid": "deeee13f-8135-4172-8193-fac0132c3f91", "value": "98304:1kL8xUkySHWOMsxKkMx41rwIYSM0BaA4h:WJlIPqkMAkSlBaAC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695674118, "uuid": "020c3578-6312-455f-85c4-97980943df8a", "value": 3502560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695674118, "uuid": "29c96c94-5de7-440b-b676-0105d7e9eca8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674118, "uuid": "f2136b3f-0561-402f-9bab-a4f3a055789f", "value": "898a9004303b0a20ba875ef64b7f65e63ee902dc3dd9f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67ba251a-5b54-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1695612857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612857, "uuid": "5f3e85cc-35db-4bcf-bd0f-e90f68b2f6d4", "comment": "Malware payload (SnakeKeylogger)", "value": "5cf6c45026f270a5749bbcbd46a0a2ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612857, "uuid": "d86d8d76-c7d9-4c28-b20d-51cb53e2e0f4", "comment": "Malware payload (SnakeKeylogger)", "value": "8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612857, "uuid": "497bd3d4-c1c3-4ae9-8494-cf66395c1cd4", "comment": "Malware payload (SnakeKeylogger)", "value": "cf1e937bf137b833280087b7d2d7fe4f9af13314", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612857, "uuid": "5b557149-44ca-442d-8df9-17f5575cff08", "comment": "Malware payload (SnakeKeylogger)", "value": "ebfc746e7cad30a06258fe2e4154b5fb388f4c1d171f13c74b7c728eaa63f28020a7fe305d1f2cf4dd314edf59a54d19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612857, "uuid": "69fb5d6a-8fe1-4265-8eff-905d6a48df4a", "value": "T125F4C69D725072EFC857C972CA681D64EB61787B830BD203A06726ADEE1D897DF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612857, "uuid": "959cf63d-f57f-49c1-bdc9-4ebecb639453", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612857, "uuid": "5b80eb49-7332-4194-9cbf-f910a4cbb170", "value": "12288:wU3VTFFT2rWGxEykWNj/VDBQXMj4Yq4z6SL2DltPB/bNNcx0HgRqf9Jic0251JdS:fArxcCQu4Yq/S9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695612857, "uuid": "e2b37464-77a5-4e38-8eef-e6bdd2045669", "value": 775168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695612857, "uuid": "76502cbb-dad4-4585-851f-392a61bf94fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612857, "uuid": "e26c28be-0326-4fca-b80a-ac05637f1b31", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.13117.25969", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c99cbf0-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629561, "uuid": "00bd00ce-8a3d-48ac-958a-da93216279a4", "comment": "Malware payload (AgentTesla)", "value": "e8e0d1619fdef87e72d6430ccfce1364", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629561, "uuid": "9dcf39b4-44f9-4317-8b41-dadc0bd206ea", "comment": "Malware payload (AgentTesla)", "value": "8b6a0095db17c78fae380baf4c9519dcb715569125ff2db30306b4ed05a07d62", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629561, "uuid": "8fd3ba3a-8a3b-4c84-954a-a0083a79fad9", "comment": "Malware payload (AgentTesla)", "value": "e8f71e2ff3d53fcb512a893d2886ea80895dbf8c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629561, "uuid": "e290d1aa-0cd1-4197-ba36-649d670c5ed4", "comment": "Malware payload (AgentTesla)", "value": "4fe35d64fa191ae381bf1eef23c40d3a2871ee67bddf675ecf1cd38355cdf299d6013235f7e6bdba589b7c577a160251", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629561, "uuid": "5757daa6-ad81-4c2d-9afc-a42d416bb580", "value": "T15CA42351B4C4ADB3FA523A71BA3651FB67F850121BB0804B17912FAE7A613207D2F732", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629561, "uuid": "cc5e9571-b1a9-421b-add6-bb1b06d9e5b7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629561, "uuid": "4a0307d1-1a2d-47c3-a01d-182eb1ada96f", "value": "12288:vY4eP3F84ploicFP4hDatIEaYNoP2KaIN:vY4m84plLcFP4hDONoRv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629561, "uuid": "665eaa67-b2bf-4855-adeb-32093eb36fc5", "value": 458495, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629561, "uuid": "488a2a81-b5b5-4ffb-afa0-762853a75321", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629561, "uuid": "dbe15062-eb93-4992-adfc-c19b7a398d65", "value": "T-61506-Unscrewing-Core-Thread-Insert.SLDPRT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b3751da-5b84-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695633532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633532, "uuid": "1cb9c1e0-c26a-4d96-8a07-ff408d65bbfb", "comment": "Malware payload", "value": "dbc3fa2816ac0f92d1e5ff6027fd5b65", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633532, "uuid": "095a6e8f-2e3f-49e5-970c-47f63ea0f2ab", "comment": "Malware payload", "value": "8dfcd9750eec6dd98797767ee14a952d3797c67f4f1a67d7cff140281fd94397", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633532, "uuid": "a3fee5d9-66f7-434f-ae47-0e8cbe3c7736", "comment": "Malware payload", "value": "f9886c7a5e5d777b325b01a42391d8d141751480", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633532, "uuid": "bee4d294-793d-41db-aff7-72658985f8b8", "comment": "Malware payload", "value": "fe78c3f04a1a2dfd93cfdebd37a842cb92e7962ee6035206284d89d14d3fed28ceca6c1a1c8444cea7183589a12370d5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633532, "uuid": "16871afb-bf67-43d6-be99-1d14c4750726", "value": "T1EE325B6BFE814DB2D7EC03B82572BA1B46A8B7140FA59593F39251090907AC5F13A4EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633532, "uuid": "8760ace0-1927-4e28-9d98-af471b3ff70e", "value": "eb7603b2ff3bc677ede04e03d0dce85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633532, "uuid": "31bc1fd0-c486-4b20-8a05-583d16cd9822", "value": "192:C3hBNpNYTLxn2i+nWJjFjOtYD6D1m0cckHV1PrxYIGiBT6xKAMuReC:e+LxGWJJjqYAm0cckHV1PrxYIGiBT6MC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695633532, "uuid": "3f31bfce-4afc-480f-8e39-2c7869abfbf4", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695633532, "uuid": "f8208a3f-513d-43bb-b58b-f0585cd92227", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633532, "uuid": "ee53e0a7-17e1-42df-a92f-8b6f5c0def91", "value": "version.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e21b632-5bb8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695655871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655871, "uuid": "9f3bbf4b-d4e7-4602-9b8b-6c9a31581be1", "comment": "Malware payload (IRATA)", "value": "5a579969f1b9de3a028409412cda104f", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655871, "uuid": "c257f152-372e-4f1a-8249-681ebf3d4c0f", "comment": "Malware payload (IRATA)", "value": "92584a6157e429ed7bf38bc0c80ed510e69d02e7f5000d902fd3904711a584e8", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655871, "uuid": "88acc13f-a343-474f-8789-223c5b538d56", "comment": "Malware payload (IRATA)", "value": "3192c2ad152a3ca3f0b766d0b6adc5e56e226d99", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655871, "uuid": "04348baf-a0ba-4585-95e4-fd64887c1ea5", "comment": "Malware payload (IRATA)", "value": "ed461006e1f8d1ee1fe279ab7e3eae052be8d726e21205150fe43479d639c85464ef16c847b9c15937cdee5aed8ead7e", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655871, "uuid": "e8d5847e-73a9-411a-96dd-069defa517ab", "value": "T17026DFD7F395A96BC4F39372817613A5414B4C268F839BC76D28763C28BB5C42E49BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655871, "uuid": "6fecc330-b231-4e08-b70e-202c5625e18f", "value": "98304:UivugUk9eWeuVgLCrgPYSuTjA6uxfZiXm0E9:UiGEeI6YSQjA/xhZZ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695655871, "uuid": "05a09cff-441c-4c33-ac5a-861be997f9e5", "value": 4434832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695655871, "uuid": "5e24c92c-d947-437f-84b9-48dc2cae7c6d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655871, "uuid": "9ce4db6d-d237-4ccc-8a24-9ea78797a15c", "value": "KissLand.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd90db1e-5b3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1695603605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695603605, "uuid": "b96388fd-f14d-4875-8787-4fb08c6103fa", "comment": "Malware payload (LummaStealer)", "value": "568a33b9e4350e090245563726abd601", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695603605, "uuid": "9bce9d80-b271-404b-858f-c1b51bc1c969", "comment": "Malware payload (LummaStealer)", "value": "9469de22339cb061f83ad060ea6f2110c5f0c3c4a08017db2a5cf457691a83ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695603605, "uuid": "11ee2923-3488-4891-b689-e65b9fca5374", "comment": "Malware payload (LummaStealer)", "value": "0de9160e33fa221dd0e17682733bbdb4bd2a1488", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695603605, "uuid": "7baa0e34-e8c2-40c0-aafa-886afecdd3da", "comment": "Malware payload (LummaStealer)", "value": "3d0407636af7db933bd9edc5d9894ca88233bca2640227c42262aa1bc9ae76fdfddd6abe1a3a4f2babea11985e939f61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695603605, "uuid": "42475bde-52ed-4991-ab84-f389fefc4d44", "value": "T118D5E302A5D50499D34D8134FE0A893D9B217C494BF1EDEF32A076DB2A37FD83A39691", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695603605, "uuid": "2abf8467-b175-4be9-b480-fe5949b5430e", "value": "eaf6851db0c0db93b335fd0dd26e09e8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695603605, "uuid": "c232535b-31e5-4167-a9aa-4c64d0f72efe", "value": "49152:t0TS4DeqoFJNonA+2Tpcj6wTAz/IqXH5sr7IeVDEnourA01UNTn56w:t3drH8W27Ie96w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695603605, "uuid": "867d0b30-b135-4c24-8d27-fa21715d7002", "value": 2942264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695603605, "uuid": "a0d9f746-fd7d-4419-a3d3-1adcb6c1feec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695603605, "uuid": "bb0d2302-a42e-48d4-bc67-485339eee3f3", "value": "ChromeSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45c33e69-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629550, "uuid": "c757a8e8-5570-4601-b986-5f4daf21f6cc", "comment": "Malware payload (AgentTesla)", "value": "ed4c5a8eb6222043b0d3fd096282991d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629550, "uuid": "ed0642e9-229a-42df-b4cc-efedbe82ddbf", "comment": "Malware payload (AgentTesla)", "value": "97c5378697d6d7c1ca7666266f13a6328590c35021c553dce46b64936c9edcb7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629550, "uuid": "d666eadc-a620-4b4a-aeca-092bf200ed57", "comment": "Malware payload (AgentTesla)", "value": "26b12645c96ac22feb55327d46642717a100eb1a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629550, "uuid": "d352cb21-734e-4294-bb68-6031eee79857", "comment": "Malware payload (AgentTesla)", "value": "d7965cfbde5a3f1eefce9d7e26ef84d9a5654015de8d8f871849f3f5eecfed2187723446734a2f7d61a65f4d37545c72", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629550, "uuid": "552d6a5c-0657-401a-b8e5-f4d556931c8a", "value": "T178354A5927598E32F1BD46F4804E06381BB5CC67A6E7AB46E84CF4D81BB232E04FD15B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629550, "uuid": "ac716622-a17a-453b-8ca2-f2874b40cc52", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629550, "uuid": "9fe001a8-7c50-439f-ba3d-af0b15fcad2c", "value": "24576:Fp0qo+k549XLACUhugmmXtvRSIJ/VBF3MBz:LmGAdhYmdvRXdBF3MBz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629550, "uuid": "67e18eec-a81e-4ba7-b056-4f72656c1148", "value": 1100792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629550, "uuid": "0b706a29-cbb1-4ed8-8702-b0f107239bf2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629550, "uuid": "59b1ac48-626b-4e47-a1db-7418c59b6080", "value": "IMG_10657782pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "405628a2-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629541, "uuid": "e060a4c2-d3fe-49d8-b390-c5c14525aa3c", "comment": "Malware payload (Formbook)", "value": "1f7d6f4d4b13564e8bbb1c0cba6a80e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629541, "uuid": "deb381dd-94db-453f-a701-8b1b24148dc8", "comment": "Malware payload (Formbook)", "value": "997544439e136179eab10cc700f45ce748ac7500dcd093c7e8848966a452c31e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629541, "uuid": "060ce17e-e888-44e4-9671-175d923c865e", "comment": "Malware payload (Formbook)", "value": "4ea339d544079ffd61d1dd0f087486265e6d3909", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629541, "uuid": "3a454b37-4da0-4987-9071-bc9a174766ca", "comment": "Malware payload (Formbook)", "value": "97201ffc4505b269acfe6e3e03a2dc64ae8f8a63dacaabc495363597cf4ddb0c49f203f2ad4fda2947fe2d4cb02b40d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629541, "uuid": "a4d1dad7-4928-4f25-a2be-0cacbad24e2c", "value": "T10834131C4A65E09FC94FC0F23797235201DE233AAE406B54BDDDE669F368458362C6AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629541, "uuid": "87983834-57b3-4a5d-9c92-fde5ce4f4c12", "value": "6144:rXyGT5uGlf5WXQRFGM/v6m9pFo5yDKP0/:GGduGlBWXaGM3lpFlDK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629541, "uuid": "cae7b17e-ab65-4d7f-9fbe-fb336f7d45d2", "value": 231424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629541, "uuid": "a95ec8e1-ead8-42d6-99e2-c03ebb3aa57d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629541, "uuid": "7167e919-03b9-4042-83eb-74b11110ef32", "value": "997544439e136179eab10cc700f45ce748ac7500dcd093c7e8848966a452c31e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2fa5daa-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644336, "uuid": "8c2260e5-917e-44db-a8d8-baa2dbc17161", "comment": "Malware payload (DarkGate)", "value": "7726e0d4ce453fc9542d1356e9c18e0e", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644336, "uuid": "3cbd969c-4cb4-47d1-b960-43b171615270", "comment": "Malware payload (DarkGate)", "value": "9ad5bb0943d324d197caafe209dff379d5882caafe1628cf8779e5c58f8bb87b", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644336, "uuid": "db7547c1-ce23-45a0-8e3e-da780312de4a", "comment": "Malware payload (DarkGate)", "value": "13b8393a434d1f6dfe3224644dadd7be9bdf1a1e", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644336, "uuid": "efcb9f15-3522-487d-a046-9c3d97c46125", "comment": "Malware payload (DarkGate)", "value": "731e7794545a19c3b18776f391e14a5f8c5b8d498eec49fe8f80ef44c197d065682350b9190093836b8109be5bb5ea32", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644336, "uuid": "6278dd87-0184-422a-9e73-d0c95c753444", "value": "T14341D2152BCA87B5F2F2093A9576F720CE67F99BE571870D01909C8DA464600BDB5F22", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644336, "uuid": "10ff6e9c-4afe-43f7-88ad-d6bdfb78a1c0", "value": "24:8aryWJCnecYZA8Z1le/C+/9HUKzeU5BAlvi85qZnQ2nf:8aMJAle/HPSUF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644336, "uuid": "4f11584a-d0a1-40da-8d49-2f0b7a9e925d", "value": 2163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644336, "uuid": "323793bb-15e1-4005-9087-de0d6de63114", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644336, "uuid": "417cc8c4-f6a5-4fd9-a2df-4adfe329c9bc", "value": "FG-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb6c8fb2-5bea-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695677529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677529, "uuid": "0543cb59-45ce-4863-bb47-3429d39c93f0", "comment": "Malware payload", "value": "67a4b9c37341974ab1272f9510142564", "object_relation": "md5", "Tag": [ { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677529, "uuid": "c2392ea7-c9a9-4b2f-bac2-d1c5ee1252d6", "comment": "Malware payload", "value": "9bb5e7a76e66d105fa5a65728517b8d8f9465525465f92eb68a89705476b1d26", "object_relation": "sha256", "Tag": [ { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677529, "uuid": "d5110dfe-cd55-4b1a-91b8-aa7ae055aaf1", "comment": "Malware payload", "value": "fb1c6a23e8e0693194a365619b388b09155c2183", "object_relation": "sha1", "Tag": [ { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677529, "uuid": "ef7cadd6-a89f-479a-9908-3c60f3fa6be3", "comment": "Malware payload", "value": "a68b7cc87aa638aa608eb266f1918c84fa8433faac255007828f919ba9dea20954d2ec508d603af23fc1ef81d1bfc3a2", "object_relation": "sha3-384", "Tag": [ { "name": "Sandman", "colour": "#A05B28", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677529, "uuid": "f164c242-8b03-4cfe-8571-e4f60f735a5e", "value": "T17C8302A0C0B297249AB01E7D96DF17A0157D9AEFC84F3C4A21D5F69F3B1C08B64A64F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677529, "uuid": "583fe67c-6c04-469c-b8a5-e3721488ad7e", "value": "1536:kOKkK8slBzEYNYZsbLqQ4rc6yW/34IGE2JnPE0iIv7yrTCJMPFdTugYeKF2L2Z1y:kfkKJTuKLqI6n/34I12hPdv7yrNP7TXh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677529, "uuid": "9c163dcd-d2b5-4266-a035-8497d3fc3316", "value": 85716, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677529, "uuid": "bbe33384-88dc-4fb4-affe-7b565a4d61f5", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677529, "uuid": "af0e3f51-7342-4fea-9c26-f30900dd550a", "value": "fb1c6a23e8e0693194a365619b388b09155c2183", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48351fc9-5bf8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695683241, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695683241, "uuid": "4fc3cd26-4430-4bc9-8f44-4359abf72372", "comment": "Malware payload", "value": "6e883bbb4501d4f4fa1d2c0cdeadea81", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695683241, "uuid": "59fa805d-0cad-4069-ad5e-eb9c1aa37186", "comment": "Malware payload", "value": "9c775cb02c4555ea5d706a762885aee1bddee17488224841ebaef51efac8ca68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695683241, "uuid": "e55c3688-b6de-4cd8-b071-78b5f91a93f6", "comment": "Malware payload", "value": "2a52641f0468cb4f2644ee07b1786ae995c2201c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695683241, "uuid": "f149a070-c7fb-40e1-872d-1ecd9c3963cc", "comment": "Malware payload", "value": "640645b8ef985c9155f297c37b20398fa1ad6e5bfd956d24f875da53da734a36e4bd24ece392ea90c16760b3cd3f9cac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695683241, "uuid": "3bad4ac7-6afc-439f-bc69-ea5da3c630c2", "value": "T10EE209467BE58225D6BC1AF88CB313110772E3478432EB6F5CDC88DA4B676D04295EEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695683241, "uuid": "6e4f9159-34fc-4ba1-aecd-64f43871b4bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695683241, "uuid": "539d22ee-2140-4fed-a298-f0f4dd854e6f", "value": "384:O0bUe5XB4e0XtgONOSjgkM9WT7tTUFQqz9CObbL:fT9BuRcSjeSsbL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695683241, "uuid": "baf7f71d-c2e2-4602-b0a7-9758e88cac27", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695683241, "uuid": "1c93175d-9b8f-4b57-b3f5-26136e486574", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695683241, "uuid": "54442d82-820e-4d38-911d-621a4081a53c", "value": "bQhl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "586761c1-5ba8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695648909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648909, "uuid": "3ab4256c-6e56-4d75-b2ee-494849e88ea6", "comment": "Malware payload (Formbook)", "value": "ce83b3087374de33232e140f530b7834", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648909, "uuid": "c27b339d-711e-4043-9916-b09d4ba1a894", "comment": "Malware payload (Formbook)", "value": "9cbc043b211f653116dc64d489a79918a215577985d473c56ce9ca3e4b12c2da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648909, "uuid": "6efe692a-f732-42dc-aca4-3049e554837e", "comment": "Malware payload (Formbook)", "value": "09ede80fd6e9eb3c1d4bb8f02b9f099edb926128", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648909, "uuid": "6b93e78b-d1a3-49fe-a665-88ea02feaa5a", "comment": "Malware payload (Formbook)", "value": "6102c03278411b0c7117531b010afea0401c9f7e79f6f8aef2575de99b88e1f780400d8eabf4974b39da45f70593acd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648909, "uuid": "3e941a71-b399-4ca6-bc3c-f169c0757a90", "value": "T13715BF14476C5F02E25F53F6F19549798BF1C232A3AAA74B7E6EEEF018C7B584802853", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648909, "uuid": "0baa0922-235c-4fcf-b9a0-ae295877a1ad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648909, "uuid": "d5e6264f-fb64-493f-bc6e-1ab381daf35d", "value": "24576:vVwRLePgybukh7gMo2ImPhPGjVufE6gaa1:vnAMPKYfNa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648909, "uuid": "750f54b4-bfb1-4dc6-9fdd-0261088aac1e", "value": 957440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648909, "uuid": "d7e90941-f329-4ce1-b0b4-40798abc1953", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648909, "uuid": "43f6e31f-ce1e-4b6c-8c7a-1d3fa6839ee2", "value": "Lhlqoeaowd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e97552-5bee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695679206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679206, "uuid": "7463fb96-c3c2-4995-a4f5-ffd603dd60a4", "comment": "Malware payload", "value": "165f71ee188fe63a1c24fc51b6181221", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679206, "uuid": "7374d68c-d4c7-4909-95b8-f8a23dab3742", "comment": "Malware payload", "value": "9d59325913104d1e20b500b2ae4084f8e1966199c4b4faa515deb27f0a78bf3b", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679206, "uuid": "ec4aa9c4-d084-4705-bfe9-7c09ab703b21", "comment": "Malware payload", "value": "8e15ead169330905c441619c6dce62e9122e5003", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679206, "uuid": "b95890cf-72f1-4cb2-94ba-98927935c9c5", "comment": "Malware payload", "value": "f0ce38d15051c2918ec384d6423557a6ad7673f46911cfd91bdb605f83631b6427266ca24fca3e7e4619f3c1637c355e", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679206, "uuid": "0bc8bc75-a0e7-47a5-ae13-c015a2720773", "value": "T123B35CC4E683E4F5D88614712137AF369B33E079102AEB83E76C9A32ECA1515E717B5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679206, "uuid": "047e39bd-a17e-407a-86aa-1696ca73f659", "value": "1536:zuKGgxkdYbIkIcj7V+EBP2n6o/GI9axvJiIin2UnqgRHYMEdBSJiA2AAYg:itgxkOb2cjRBy99axvJ9inRHLsIga", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695679206, "uuid": "7213200f-e1ce-47e8-878d-c5c209dbde05", "value": 109832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695679206, "uuid": "2b741626-9fa2-440d-8aa6-60a85a6cec37", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679206, "uuid": "31bd33ca-df72-4124-8705-d527569a3ad0", "value": "polar.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ca12fac-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695644997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644997, "uuid": "f86fdac7-27ae-4ad0-a2db-c93aebbe2ba5", "comment": "Malware payload (Smoke Loader)", "value": "2db0947bc8c328701d4a9b425a942127", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644997, "uuid": "9229e832-d71f-41e0-80a2-7ed7f529a28f", "comment": "Malware payload (Smoke Loader)", "value": "9e0496fdc12023f5d4187523ded3cf3698577451d5b03f766d20b3ab3597ab56", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644997, "uuid": "41e668ca-d462-46ae-8fa2-75c1c1052560", "comment": "Malware payload (Smoke Loader)", "value": "08c7b2e016c82eab4ea69d8656607576c23009e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644997, "uuid": "043534c3-cea2-4a91-8985-513627680c73", "comment": "Malware payload (Smoke Loader)", "value": "ac7b1d2ee647e542fc942e3e5c37bad0c2662adb736bf35e8eeaae31be18d5d81965e67236e70797b1aa22aaad1a8b4a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644997, "uuid": "471c05f0-1e91-42f9-8070-8a077b6c647e", "value": "T14844AE00B4D18472D472113209F4EBB65A3EF9304B655AEF67E40E7E8F60FC197726AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644997, "uuid": "13c94d71-c322-4712-ac1e-b86a08982cd0", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644997, "uuid": "83230fe5-6508-41cc-bdee-9ddb0ce13fe6", "value": "6144:NRDhrJ+j+5j68KsT6h/OCy5U9uAOwAt6XtCduqw6:NRtN+j+5+RsqGGuHtogjw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644997, "uuid": "aedd9459-ae6f-4389-b09e-72eceef30955", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644997, "uuid": "07315259-e6f8-45f7-ab62-77d7bc62ade6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644997, "uuid": "941e3921-df6e-4f1d-beac-9c47bcb6e6a4", "value": "SecuriteInfo.com.Trojan.Siggen21.31970.28718.6537", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ae58b64-5b5d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695616808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616808, "uuid": "3f5163f5-a8c1-44e9-8600-cf8081a8e54a", "comment": "Malware payload (Loki)", "value": "f4a8963cf2060807f32ac56290a84435", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616808, "uuid": "46463e87-8b11-45ef-861b-2f851fe70359", "comment": "Malware payload (Loki)", "value": "9e257acbd8180ed78fa998c2b6f3e69cc563d6f70066c8dbf1165d9a8b95f715", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616808, "uuid": "7f5f593d-afc6-4e94-89aa-297e6b2c0447", "comment": "Malware payload (Loki)", "value": "260b45771e600f0bea1dd4ebae211a5700adb983", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616808, "uuid": "4ae5c030-e8b1-4d26-a6c6-c69b7a236431", "comment": "Malware payload (Loki)", "value": "522c057a8ab1fd7964772a6b4ce0e5596a76ea4069da4bc8ca30a315955177187485297c36e7c7da8e116d642677c5b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616808, "uuid": "3620ff09-bf04-4c69-9ff2-c74a2fa64ac6", "value": "T1E3A412D87AF08316C5CA533566AC012A0330F901DD06E7ADCE9B64CB5EB678D6912FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616808, "uuid": "c059d34a-95db-4946-97a5-f1f2facef80b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616808, "uuid": "ce5df041-3756-4127-85ee-5ade47df0f14", "value": "12288:B0725MiRyqUdiMt8GBDC/hDPfiPrmWXUVX:Ne/pdJC/lPaEVX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616808, "uuid": "1d699d80-0cb7-404d-bb5b-9afe344042d9", "value": 470016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616808, "uuid": "a495ecb2-b333-4c00-8f25-eb4e99d7650f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616808, "uuid": "c24387ba-2301-4f85-bbcc-ca057011532b", "value": "PO09764 List.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5dfb371b-5b95-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695640758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640758, "uuid": "dfaa775b-04e8-4a97-8089-32042677444d", "comment": "Malware payload (RedLineStealer)", "value": "a691920060d7dddea107c0965701568d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640758, "uuid": "d50bbeee-6633-4cb7-a640-53ce3edd4634", "comment": "Malware payload (RedLineStealer)", "value": "9ee4476b2f86ad59a74e4fb093e70dad5165369865f52cac816b5dbb57dac6b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640758, "uuid": "90064929-afe1-4ade-99c1-0b942be09c3f", "comment": "Malware payload (RedLineStealer)", "value": "37dd0d6824db67debd0084936a7761c279be1152", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640758, "uuid": "c56bc358-bfca-4b67-b8fe-335c01e88a29", "comment": "Malware payload (RedLineStealer)", "value": "587d1e8c352bf8ad3f608263e4652d3f5912d1317c30963302ffb6b3df7637d9257382003b455441a5a36fb59b340076", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640758, "uuid": "afca16b2-a217-4d8d-968a-3b58d8335178", "value": "T107846D08795F8C62D06F94FDAFE6877A766BF9D11E5006CB0742072A4E14292EE3533E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640758, "uuid": "2efec451-d169-4484-be2b-a69747a1ae3c", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640758, "uuid": "34465225-b932-4378-a9cb-3ec83dc429c6", "value": "6144:yLGrViSWAs3WHexAVklAOZ5i5oDgX+hh0DRcGCPv8zWy+ZEgNcJLiloPGCc:yLqiSWLTfg5o8Xa6KG7GCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695640758, "uuid": "aabf2e99-ffee-43a3-9d5f-e64d7c3d87ee", "value": 405960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695640758, "uuid": "9fa89253-f6c7-43a0-b9d2-3eade7b3b8b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640758, "uuid": "c9f7d405-872b-4a75-9066-408d8e28a032", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c8ef1e5-5bc2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695659948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659948, "uuid": "f64ce99d-0d75-4aac-8b31-d76b76986b0b", "comment": "Malware payload (DarkGate)", "value": "ad86b0520d48a0b530915850244f196b", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659948, "uuid": "a943134d-5888-4a4b-9d46-4f654a630106", "comment": "Malware payload (DarkGate)", "value": "a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659948, "uuid": "120dca2c-63d2-4042-bf81-a281fa12c053", "comment": "Malware payload (DarkGate)", "value": "2d28250d44de5ce82ded47bfb29a8ae6353a3fa4", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659948, "uuid": "d85ddabe-f75c-4b01-a249-6276ed23f9e8", "comment": "Malware payload (DarkGate)", "value": "c784f7a5b62033a644017959a1db4db4a201899b2de770060191ab0c02bd1e5315fc8acc178fbc4f7828f2ee979b609b", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659948, "uuid": "3a488827-f276-4124-9c68-a475c389c9ed", "value": "T1A242C50E729348BEC916C176C2FB8771B5FAB41202239B2D0AA0D7376EB2975772DD05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659948, "uuid": "2b28f740-e8e7-47c0-b3a6-f6e498f3fd2a", "value": "fd410436ce0407a0a8f79bfce8af0bc3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659948, "uuid": "ce8ad5d4-7b1c-46ae-bac0-b9f5e39a3b1e", "value": "192:uU5z9iLjq2pJk+/qcJklyJOEd8LsWGQwrgAh:3z9AbJH/IwJOs3/QwrgC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659948, "uuid": "46361d3f-1cf5-4dbd-b25e-0e971419078b", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659948, "uuid": "7837b086-db63-42b2-87b6-c35012af8f02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659948, "uuid": "e9ee9355-386a-4a67-85e6-423ece7f2f0b", "value": "a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb746e22-5b72-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695625962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625962, "uuid": "25c34626-ac21-474b-b84a-4f7f14ac9a63", "comment": "Malware payload", "value": "ebbbb5a5175561400926637a7c21cc3e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625962, "uuid": "e5ec714b-46fb-4ef1-b7e5-d8e57efec7ed", "comment": "Malware payload", "value": "a1881b33460bb0c102031ce4bbffadd908e9308d26c8b1252fdd09c70df2a7ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625962, "uuid": "f93c705d-beef-4632-bc9f-4e9c01e86faf", "comment": "Malware payload", "value": "51b9ce06858fc61205240b6bb7f102aa23e96d3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625962, "uuid": "f15b5da2-05c5-40fb-b3cd-68d5965ce6cd", "comment": "Malware payload", "value": "8be9b5f1b16cf016e3ac1b632d1cc0bffbb2862bb0a87bb5ac9bf5247f9af8bda555b16bee0632230f4c037ddde46dfd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625962, "uuid": "b6fca34b-c75f-44d1-92ba-5b6b4c33823e", "value": "T1CDE6333B80886123C2946E345B247D2FBD69FDE468D621BE7852CB9F37C2A8194C35D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625962, "uuid": "0bca9d32-75f8-4235-91ca-1a315d5a0d1a", "value": "524dfff337117085f4c8f9096673581f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625962, "uuid": "67207780-9339-4b2d-a284-1ea3a7ee89f9", "value": "393216:MK62A1vuixUJdPwg2f6DwLTIbWbNU/13F74oa8+ar:/6hmicwg2fxLTI6bNUt36oF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695625962, "uuid": "9857609a-1ec9-4f69-90fe-952843e7aa6e", "value": 14543872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695625962, "uuid": "0519d52c-6bfa-4911-b00b-d290d5737188", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625962, "uuid": "41d1b8e9-4f50-47b3-8624-5c9ba5f1b9ed", "value": "ebbbb5a5175561400926637a7c21cc3e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fb4df9a-5b8f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695638049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638049, "uuid": "6ab99a37-b737-47f0-a544-54b8849abe0f", "comment": "Malware payload (AgentTesla)", "value": "6980d8f596904aed56e2d41fbbcba6dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638049, "uuid": "3760b152-38e1-499c-938d-2401516e96c1", "comment": "Malware payload (AgentTesla)", "value": "a2b8e4a75f50f9a7ed71f12432bd3d39b98f132dfbd37cb3d4d4d8f75b3c7ecc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638049, "uuid": "5a7c6709-95c7-4488-95be-831456509052", "comment": "Malware payload (AgentTesla)", "value": "624ccf55595dacfa97dae2c9d36ae14acc135403", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695638049, "uuid": "6a7f74a4-29ea-483c-8cf7-3886d7042ae1", "comment": "Malware payload (AgentTesla)", "value": "21c55d3b9bd2b2f7d92c7ee56554d6f9fad2f86a0c4b9201a490e8c93db7cdb7c9b37b066129d49b975d645f77b85b21", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638049, "uuid": "b6e3e0e3-8abd-4a9e-8310-e5e10de8cde0", "value": "T108D423D0638BB6D89B8CCD67E80A0DAAF515CC0D46FADA7829D97CB7065F5301869CF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638049, "uuid": "4182f2ad-5bd4-4c96-9770-183c9ae1d585", "value": "12288:ROqXjV3St2nwU7PjyCwFkiL/HP8dkZaXx5xZ6jb38iW8x+4:ROqRCtoyC3izHUi+rX28j4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695638049, "uuid": "51f3775e-acd5-4ed8-8af5-c7b694723d13", "value": 617841, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695638049, "uuid": "1f398e7c-3e9e-425e-84eb-9d59c79cbb7b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695638049, "uuid": "5c06fa67-4b0e-4d05-a7c0-25897d84e02f", "value": "Faktura.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "071f1e38-5b84-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1695633310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633310, "uuid": "91f0bee0-c9eb-4ad2-9b1d-fe7d77d991c2", "comment": "Malware payload (SnakeKeylogger)", "value": "5dbd5cee5eedd8dc875b970739681add", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633310, "uuid": "6a7ab019-cd29-4aa9-88a4-f1ede384c051", "comment": "Malware payload (SnakeKeylogger)", "value": "a3ba5851c9d979b726e0c0e28e3dc4e7fb896b9198c592af71791c20a6c8d081", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633310, "uuid": "b25fbdc7-9338-4530-8f19-d46da342a7a5", "comment": "Malware payload (SnakeKeylogger)", "value": "8d89b74390d68afaf6a3f7008d1573d7e85db73c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633310, "uuid": "0645af6a-19aa-473a-8447-ce4905eb0b84", "comment": "Malware payload (SnakeKeylogger)", "value": "336412608b6375d87586693d8468f1043660a808ed27be85f61b9452bd2e7c8b81a4af0ac4d4fea30966e23a7acb856d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633310, "uuid": "2af29a91-ae97-4c17-a26c-ed58271c92b2", "value": "T1FFC4014432B86FAAD47963FA50A8300543B9AA799033F7598CD370DB1E76B484F12F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633310, "uuid": "39194c4f-cb6a-475e-9ab6-9346a7a02a81", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633310, "uuid": "50c5a319-6155-410b-8915-77f177740e0c", "value": "12288:ZVj3hLQvfdxOo7gpXtrwNF725sE5pLkIeeoIIBwiWWPXDWmRqlBBYvNG/:6NMWDeVI0I+rKvU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695633310, "uuid": "17f58965-ba72-45cc-980e-bca43c204149", "value": 556544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695633310, "uuid": "c2cdb85b-910a-4b97-936f-568a4ee1f561", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633310, "uuid": "51640b44-d904-4ac7-8dd6-bd30c065cd6f", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "791e7e53-5bcf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1695665714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695665714, "uuid": "0d9e3414-a3f8-46db-a4e6-0db5b91c9ea2", "comment": "Malware payload (Stealc)", "value": "97b7f3f28f4c48788287af75ea2535d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695665714, "uuid": "d96ab068-cb99-4518-8d8d-e71363cb0efa", "comment": "Malware payload (Stealc)", "value": "a46eba12d0ffabdc234da0cea17ed7f0c606268104e8e6208d078f698343b044", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695665714, "uuid": "608dd335-4a52-4e08-aea1-3a70f169e328", "comment": "Malware payload (Stealc)", "value": "71f468282739ad5970bf9accf6358dee90dd8151", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695665714, "uuid": "43ee0340-1c14-4ae2-ac77-0e12727b438a", "comment": "Malware payload (Stealc)", "value": "a6aece8759c39e7530da3210c6e97c5ed3b7d6e5def92f6fad23354ac5ec6eb55d604cbaeae0eb1c9445d1c21eb2e199", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695665714, "uuid": "f822ad1e-1a34-4750-8b34-3cb67e7af024", "value": "T130649CC2B5D8A532C339123BCBD49EF5596DB4F0037028DB9BA8AF7EDF606C05A25161", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695665714, "uuid": "596e5307-e7f8-4388-848c-c2401171ea47", "value": "01c26bcc410a354b7e163d69fdaaef61", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695665714, "uuid": "4acd619c-fd3e-4019-9bf0-44a7a5540f05", "value": "6144:5v2MdBr9nUU+thTmIFH4A+WQ1AO0OzbECp/lO6QeMpc98VR2whLlkNc:5uorhUU+amYTzbEMdZQeMu8ZRkNc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695665714, "uuid": "ad5d864f-7037-466a-bc7e-65f3a215aee7", "value": 317896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695665714, "uuid": "6521089c-a12e-42a1-9d5f-f1a8697f51e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695665714, "uuid": "6dee4016-1dc0-4441-9e1d-46b95cb1a14b", "value": "97b7f3f28f4c48788287af75ea2535d2.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13c2ee08-5b99-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695642351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642351, "uuid": "01f640bf-9c47-4825-be05-525a633c2774", "comment": "Malware payload (Smoke Loader)", "value": "450a1da8b6678a3e8bb5265ac805cc37", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642351, "uuid": "56eba695-e518-4df6-81fa-60eabbc93e0c", "comment": "Malware payload (Smoke Loader)", "value": "a6c5f2f669e038e6af76ae2341f0c61a290d163823404e7ef71ef5214076a9d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642351, "uuid": "599cb5f9-68f2-47b3-8e52-ba355c44189f", "comment": "Malware payload (Smoke Loader)", "value": "e1a6577e1d2e1f6ac11c081ba4eb6fdd8e4fe06e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642351, "uuid": "af07cdc2-9727-49ce-960b-9360df79e2f2", "comment": "Malware payload (Smoke Loader)", "value": "3be1436c04c741b53f7b62df1c89d9eb89562b60e35cbaf1ec77b26fa5d260acf4a44481f2b65f5d480c044ac45299f3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642351, "uuid": "7d9b9f44-aec3-4ea3-958b-b55a3a9b8dbb", "value": "T19C44AF00B5D18472D4721D3209E4EBB65A3EB9300B559AEF67B48E3F8F706C1A7316B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642351, "uuid": "fa423a40-f1e9-4bcf-9c07-cf43ec6ab4e4", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642351, "uuid": "3f36321b-e61b-48e4-8327-29a512e84b89", "value": "6144:sRrhrJ+j+5j68KsT6h/OCy5U9uAOfAfzgJOmFqw6:sRVN+j+5+RsqGGu+rw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695642351, "uuid": "79815e39-e763-406f-ae0a-716fd626c445", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695642351, "uuid": "05e6b890-29f9-4921-a31f-33614fdb5187", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642351, "uuid": "f390e4c2-1cfc-42da-8261-50a78ea9e12b", "value": "SecuriteInfo.com.Trojan.Siggen21.31970.13679.16530", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92de1ee5-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695645141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645141, "uuid": "b20fd014-1c95-41cb-aceb-af17678adef6", "comment": "Malware payload (DarkGate)", "value": "9120c82b0920b9db39894107b5494ccd", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645141, "uuid": "7ba595ad-41ef-4865-9b37-6182035e22d3", "comment": "Malware payload (DarkGate)", "value": "a7312f01db21efd84be0a4e596fefb6ebbc388655ab19a642bf44360f1409382", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645141, "uuid": "00d292f0-58a6-474e-a2aa-df8c82c1d868", "comment": "Malware payload (DarkGate)", "value": "878ecd062105626c480471cb53ab2a310f4d5dce", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645141, "uuid": "31ba37bb-48bd-4fab-bcd6-ea600fda1495", "comment": "Malware payload (DarkGate)", "value": "69686a79dc4b064ffad3e1be58820c1536c90feaab63a3c72cd84e3c9d4c381b27ecc944b74dd8671f676fb1126dd531", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645141, "uuid": "38c0786e-9a4c-4b65-8fdb-7aa420df9f00", "value": "T1945254074AC88142C0F58732628A619FEAC581756736C579396ED43CAB90CA995B12E7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645141, "uuid": "31839a55-6632-4abe-980d-103e8da55c93", "value": "48:8Uw2oMnZ78UT+iDuYwUBWDHVxaMnyc2pU:8MZ78Wrut3arca", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645141, "uuid": "60c51638-7b5c-4283-ac6a-98f551d52ec0", "value": 13727, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645141, "uuid": "21b0ad04-d4ce-471c-8fe7-3117c68837af", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645141, "uuid": "ed1622c5-031b-4b87-83b0-9fbcd174c3d4", "value": "L9T.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c79f93e5-5b43-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695605716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605716, "uuid": "f7b139c4-a5ff-45eb-8be6-2f6cb43879c5", "comment": "Malware payload (MysticStealer)", "value": "13d60409fcdd454f3d7e51969d718cb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605716, "uuid": "1fc9a841-b29e-4696-9025-b926b54eaa77", "comment": "Malware payload (MysticStealer)", "value": "a7fe12ba9177d269eb1db5c0b55b3be01345e35e3e8d5ad0bc106c4aa268d6a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605716, "uuid": "2dc74c07-469e-4284-9349-d77c846fa4ca", "comment": "Malware payload (MysticStealer)", "value": "9664d3cd0f5aae8e4bbddc438ce2104b0a14497c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605716, "uuid": "a8eabe74-ce3d-45d6-8c94-a7e367ba4b6b", "comment": "Malware payload (MysticStealer)", "value": "26bff5301b54c982d42e336f396453ab610003016bd55ed8577b2aa57fd389f3dbfa7981544d1472eb7bae8a900e1499", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605716, "uuid": "844a568c-b4a6-4468-8257-97c9a1beb122", "value": "T15884BF40B8908036E573203145ECDAEAB63EB7357B725EDF1B940A7A4F207C2663567B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605716, "uuid": "a72d247e-180a-4c4a-a8de-e9e42b799922", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605716, "uuid": "cc026604-e057-4168-b61e-6c7c01424ca0", "value": "6144:HlPMhHX110KwTVSf3pOCq5b6uAOfKGrkt/nH04D9D0iewVmIqwm:HlPS3110dVaUcutKMK/H04xDjewVmBwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695605716, "uuid": "27e260ce-1ce9-44b0-9b81-b774d52aeb8c", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695605716, "uuid": "09cb19d3-582f-455d-844a-0dac08182828", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605716, "uuid": "541abee1-9c88-4ed5-8ae0-53820f1ec343", "value": "SecuriteInfo.com.Win32.Evo-gen.19393.32010", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0befc7c-5ba1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695646077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646077, "uuid": "d892bf9d-0910-4ffc-b18b-f7cf7fdd4c75", "comment": "Malware payload (Mirai)", "value": "c8128b5b458a4af5a3119a7c184df1fd", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646077, "uuid": "cb9809dd-b658-45a7-897f-a6174964c883", "comment": "Malware payload (Mirai)", "value": "a804381f1c4917bf08a400e79ece8a1cea90c9da99f8ca158e84a5f20087e965", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646077, "uuid": "481ac0f3-f025-4fde-9ed8-4e0e3ed8a11b", "comment": "Malware payload (Mirai)", "value": "27720493dec60bdde5c0a8ec8b2a74a66ba347e8", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646077, "uuid": "5a2bc2c3-9766-4033-9388-166a8d2e7c86", "comment": "Malware payload (Mirai)", "value": "cc80239659b54711407f1f0faa42e3b1ffd06c671e46e4c96d8bd2660e3ba2eaced17387ee15d1c704d0a6fc7b86d653", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646077, "uuid": "8ee7f2b6-c0ca-417a-97f3-6cce3059d729", "value": "T19873C77AF561D63CD0D2D2349E9BC2A0A2B470783B30531FB79116772D2258CCFA6B96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646077, "uuid": "680aaef3-49a0-4174-bd4e-e4d32299fbef", "value": "1536:Rb8awm+Ygv7kWvrkkOcJoLsmwIqCyLwSHtSWm:Rb8awm+Ygv7kWvYLsmwIqCyLH4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646077, "uuid": "9b6b233c-e567-47e3-8c18-e28d9fb74886", "value": 74384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646077, "uuid": "72535f09-a6ce-405b-b03d-b5dc183cda11", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646077, "uuid": "5c23df69-f1ae-434c-9841-21eb918a5f61", "value": "test", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d5224eb-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695644998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644998, "uuid": "654385a7-f505-44cc-9e32-91b878559e25", "comment": "Malware payload (MysticStealer)", "value": "d65a5cfe2bb146354d6db0eb9c08a603", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644998, "uuid": "4f3d85e9-b277-434c-b8b7-d21162d37572", "comment": "Malware payload (MysticStealer)", "value": "a84259469525b43aa247abb1db8c85e7340d219a23c4cfce4bec1083f5aa8a1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644998, "uuid": "ed02ec5c-7c64-403f-bcaa-8793d4307cd2", "comment": "Malware payload (MysticStealer)", "value": "4ad573b02ad75f2a358e91479e07780fbc659a8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644998, "uuid": "0cc57ddf-028e-45b0-9eba-a89fa7754295", "comment": "Malware payload (MysticStealer)", "value": "7840dbbf56e17f4b4b794ad3d44fbac247e0a6f18ab80aff9f3a8480b4a264cf1bd9095c7bf1d4b5f01a3f394a0d65e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644998, "uuid": "66144a6a-1556-476e-90cc-f46e2f9088cf", "value": "T11E84AE137481C072E4721132CCA4DABA5F7EB4345F71AAD7BF694D7DDB206C983A2292", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644998, "uuid": "e8d20501-98d0-4dd2-a3e6-38fb4e7216cd", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644998, "uuid": "a4b4bc8e-2a2e-42de-8c90-96ceec85d80f", "value": "6144:SlP0hHX110KwTVSf3pOCq5b6uAO6mRCBo45CSGi9pToi2FoOz6ZETRz7qwm:SlPa3110dVaUcukKYo45CSz22Oz6ZETk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644998, "uuid": "36cdf07c-03ca-495e-9168-1fa6e4dc0e08", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644998, "uuid": "476a8b2e-6c9a-4d3f-b670-eb454674dd5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644998, "uuid": "bfa0d8bc-371e-4fc2-bac7-f2b1e21dfc2e", "value": "SecuriteInfo.com.Trojan.Siggen21.31970.21754.7806", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65797cc4-5b54-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695612853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612853, "uuid": "db39cd3f-8ebe-42d3-aab9-fb78b8a1f74e", "comment": "Malware payload (Smoke Loader)", "value": "f5069afe7999ee5912d7b40b39c25a6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612853, "uuid": "ebfeaf41-8c8e-4b7f-9b6c-e32f71e2babf", "comment": "Malware payload (Smoke Loader)", "value": "a8b83f442e659ac875961bf6a08c9df49f86b4a1a74434f5013e44c498f47877", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612853, "uuid": "6c3cca0a-ddea-4147-b086-364813c8384a", "comment": "Malware payload (Smoke Loader)", "value": "95f6d84bdc09859c0d7cb14eeac3e0b9d3ca099f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612853, "uuid": "8c19bba5-b5cb-4fd8-9bc3-9751dad94ad5", "comment": "Malware payload (Smoke Loader)", "value": "3031cb997bd90586561a4c834b316cd7320a963e564a7d101b6b87bb4c7f9a1b474be12facb4bc899b045f188d3cd477", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612853, "uuid": "2d83c538-ddbb-42b3-aff3-eb7b729627e3", "value": "T1B544AE31B4D18472D472113209E4EBB65A3FB8314B155AEF67940E7F8F307C1A772AAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612853, "uuid": "4e58aebc-6e72-4154-b18b-e4d012b36f52", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612853, "uuid": "0f62d59e-a6c0-4e42-af06-c3e5bab94418", "value": "6144:uRdhrJ+j+5j68KsT6h/OCy5U9uAONAMvFLwjpTuCgqw6:uRzN+j+5+RsqGGus02FyCpw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695612853, "uuid": "b58c78ae-2bd1-46f6-97e0-87631360d2e4", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695612853, "uuid": "28efc0ad-b61d-4519-ab29-094950bd4e66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612853, "uuid": "599aecef-4dd3-456e-ad75-f3ea0dccee0a", "value": "SecuriteInfo.com.Win32.Evo-gen.8101.17023", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ea7e5aa-5b84-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1695633457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633457, "uuid": "3124b7b9-8cb8-45aa-84ca-4208234bf795", "comment": "Malware payload (DBatLoader)", "value": "52581c43f813e5cafc4ae9d0e381fb3a", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633457, "uuid": "6afc7b57-5ec6-47a7-85c2-921c69be6fb1", "comment": "Malware payload (DBatLoader)", "value": "a8e594699704169027208fdfc49bcdfed3c53aaea5c7d73140db21d97ab447ad", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633457, "uuid": "def69aa0-eb1d-4762-bd51-05cc22c4510a", "comment": "Malware payload (DBatLoader)", "value": "33abf6eac0c99c4dc6ac894e76cebde35d471a68", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633457, "uuid": "4db553a1-fa22-47ab-aed2-08c87cc32c8c", "comment": "Malware payload (DBatLoader)", "value": "c4f44c29a957c4eeae518eaffd1fc203717ce289f49a0735b14f917e45679d9382d0935c7d83e8b1bc60395497f0945e", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633457, "uuid": "67195d48-b4d5-449f-9bbd-5771e012c079", "value": "T11B358D92E1D3D4BFC0510A755956E6746827BFB03E7ABC11EAA63C4CCB7EA90780C253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633457, "uuid": "abc55e38-b3d4-4e12-86e9-cd642a95f917", "value": "e11b15f15fc6d84032488531d835725a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633457, "uuid": "cc2ce45f-43e8-4d1f-9f79-cab0ec69a48d", "value": "24576:jxOMuj4ijVB/NzhVtfN1TPjdJrFj5GOb:jxOxDNzhVljvFgO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695633457, "uuid": "246f1fbc-1c0e-4dbe-834c-b7bf28bb9099", "value": 1159680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695633457, "uuid": "0ec6d7f4-957e-4eea-870e-0f87e51f7c6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633457, "uuid": "77eda71b-7c98-48bc-961f-6fb528ce7125", "value": "ORDER_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf9bf7f8-5b65-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620305, "uuid": "225de2e9-ef7a-4740-a5b6-f7b8613d3199", "comment": "Malware payload (AgentTesla)", "value": "390f382ef3a2d76e22e1a9481bcf1f64", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620305, "uuid": "6e2ec5c7-2a74-4ebf-a0cb-1819a7385bb5", "comment": "Malware payload (AgentTesla)", "value": "a92454653447052d1a4d2342adeae2ae74a0499868a6fbd7834773b47b368cb7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620305, "uuid": "9014254c-5701-4a84-8708-60d02f9b4f9f", "comment": "Malware payload (AgentTesla)", "value": "5e6f4341178f0871ed2b5520422cfb51d3eb9819", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620305, "uuid": "85628538-1b6b-4ab1-a224-0be26d22939e", "comment": "Malware payload (AgentTesla)", "value": "e159401f30dc504f7ceb64d3eb102f3ddddd7f5ca0dfb6c3f9b1503f5738c26c638beb9205a588f2e45ef2334f59bf82", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620305, "uuid": "5296c236-7ce6-4192-a6f6-b29cc95a2a9e", "value": "T153F4CF2BB1DB5EE0C7B947B7C18B513057749A8A21DAE30B978D11E1A002BC7F54A7CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620305, "uuid": "8b8c64c8-7e12-4711-a8a0-717d2fe46d9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620305, "uuid": "b8039014-09ed-4c8e-a782-10478cfa3765", "value": "12288:Izo+r8HbbwArD6L4qb+TfdMxHKmnPmcdtpf5HYUx2dv+HXqwHiDyody3mEq:u8HVDCDb+TfmlKcPm4HYe2dtvE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620305, "uuid": "c1ab1e0f-e19e-4451-9270-7dc4441bee32", "value": 772096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620305, "uuid": "cd3a2389-45e6-4649-a8f8-63379514892c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620305, "uuid": "c31f407c-43fa-4682-ae84-fea9152f9ddf", "value": "Statement Of Account Due.pdf______________________________________________.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9422eb0e-5bc2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695660176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660176, "uuid": "f5f2fce6-4c2a-42fe-9f39-83657fdf4229", "comment": "Malware payload (AgentTesla)", "value": "45e80a6c3f8b7d7dba9d4fdded2340d2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660176, "uuid": "a7471c33-a897-4245-b357-0fa2020cb9d6", "comment": "Malware payload (AgentTesla)", "value": "a931fbbe503c7f526fb26b7d37c098afc5bd8ee3da2fbcf774cef80917f204e9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660176, "uuid": "5a43be05-90c0-4857-a4fa-41d5336c85cd", "comment": "Malware payload (AgentTesla)", "value": "b18cc77407b2d6f06e455c88cfd6245176991d44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695660176, "uuid": "68b23b50-28f0-419b-b4b1-35ff034afd74", "comment": "Malware payload (AgentTesla)", "value": "08195aa7b37cf619ce436912ad8cdf821c24b86a63a2fabd0e60ae8912a6cd6e9e16a150355691f268d481ab5f77a97d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660176, "uuid": "c8b7ca2f-be14-4622-b131-9172f81da00c", "value": "T1FFE4018472B91FA7D1B967FB2668200507B6E9669032F7098ED320DB1E71F485F42F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660176, "uuid": "f9e71862-0a5b-4128-ba99-96150618933e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660176, "uuid": "e1268190-82b6-4357-b23c-821a8374d63d", "value": "12288:5Vj3hLQvfdxOo7gpXtrjmF725M502yaEeTGmVfk2c4sOwcHeAJFn7XIVl9n0iCZy:BmMwpREbz4W4eAJhIVbZCZ09", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695660176, "uuid": "54a1fe9b-8867-435c-bad4-80def5366bb8", "value": 687104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695660176, "uuid": "3ead1dca-1f40-4587-b8c0-d72218a8941e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695660176, "uuid": "761e1a65-59f3-4996-92ee-29dd11a6b738", "value": "nSOLICITUD DE OFERTA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b914ce42-5b5c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695616429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616429, "uuid": "6ca1ea08-24c2-41d6-9665-4de77cb30cfb", "comment": "Malware payload (AgentTesla)", "value": "f2ee3c4a515af205b9a7aa1b25fce443", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616429, "uuid": "d4ce9549-5780-4187-b44f-2538b7dba8f4", "comment": "Malware payload (AgentTesla)", "value": "a951a5aa494aaadf661e560d2e8c2a5f677ea5736009479a44731c971ede3b9e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616429, "uuid": "782b0c10-aee1-4557-acf8-ae201f496b0f", "comment": "Malware payload (AgentTesla)", "value": "9d26598ee429f036f53ee57c4b6a8547761cef4d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616429, "uuid": "85290cbe-c74f-4670-8b2b-dbfe3383685d", "comment": "Malware payload (AgentTesla)", "value": "60f70529568880372ef317addb2d62d9891d4ceba8bb780c9885c41e8b432158012313ddf425d47eedefffaa785486b5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616429, "uuid": "296f3ce6-daa1-43d3-b1ad-4add279c2aa5", "value": "T14AE4E098366172DFC84BC9368A982C74A720747B970BD317D01716DEAA0D6DBCF246F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616429, "uuid": "279e32e3-9e25-440a-88bf-d17d63bed5f7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616429, "uuid": "cfc46909-6336-432c-8731-9fd2934c4e89", "value": "12288:U6Jo725xkOx0F6Xp5Utw+NnvrLZYNoNbUMOJwagyOB9BQaNnYGbAjUMeja2FtNM:U69oOx0F6XYdrtUSaCQkn24", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616429, "uuid": "b82637bf-b989-4d5e-8019-6b30500e7f25", "value": 687616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616429, "uuid": "5a9cacee-cfd7-47f7-9c4e-8eeadc271587", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616429, "uuid": "14e0c400-47bd-4d52-b478-d06e24802563", "value": "SecuriteInfo.com.Trojan.MSIL.Crypt.10705.27858", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a55b23f5-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1695644743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644743, "uuid": "300bcc14-586a-4d87-8b66-25805f8a86e7", "comment": "Malware payload (Adware.Neoreklami)", "value": "c5d41d92dac11a02d31cc73c5f450fa5", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644743, "uuid": "050b9155-44be-418b-b3bf-cd075adc662c", "comment": "Malware payload (Adware.Neoreklami)", "value": "a96b67d92b927feb54f4b3d37de9af76d4ce3b7dd20df4bb71567b69e2001368", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644743, "uuid": "62457289-8f68-43a4-924e-aad1ae960a4b", "comment": "Malware payload (Adware.Neoreklami)", "value": "1ccfbcfed98a69236315a81ade528010f239aacd", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644743, "uuid": "8ed5b434-e604-46be-af92-c0d96001fff5", "comment": "Malware payload (Adware.Neoreklami)", "value": "909dafb4db00f3766753a1620978a3f1202349af6c5429a440e2a6ba2992b76385b4afb9f1cb2488c24c7f403fd9971b", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644743, "uuid": "c71308b8-adf2-4724-8ac3-b4582a90d56e", "value": "T13276335534F8C1F3F76B1071B214A6E8F0E5A69E0B770673131E8B186E289DED056A8F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644743, "uuid": "be7e2dd1-035d-435f-8619-9322494472b6", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644743, "uuid": "85110ff6-28be-47dc-a1c4-15f337e6ae61", "value": "196608:91OZQLfJmGyixZoq44KHssGn4EhL+HBYLb6Ggq:3OZQLjswWGn4KLOeWq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644743, "uuid": "c6599a71-907f-4ad5-af6a-93e3ff684ab6", "value": 7487391, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644743, "uuid": "ce1a0023-004f-44bc-b89f-638a9530a51f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644743, "uuid": "c4b5c928-f46c-4cc0-bfdb-5e17cd4c20b5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25e3d7ba-5b6d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695623484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623484, "uuid": "3b0b222f-5f44-4619-9c08-a055e38412b6", "comment": "Malware payload (Formbook)", "value": "8f119fe586ccb8f0dc5ffa7a631d2ef2", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623484, "uuid": "2c271a2d-d5d2-464f-8820-3436bc1eec71", "comment": "Malware payload (Formbook)", "value": "a9e9be1bbbc551ffd8be20434fa646e472d5325636db2c300930ff453531a634", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623484, "uuid": "e5c54150-40ed-4418-837a-846dade6d8cc", "comment": "Malware payload (Formbook)", "value": "70dd9d9ced444b8fde40bd82a9a9f18ef7f57734", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623484, "uuid": "456eea8e-c1e2-4233-9ce2-9761bb77a898", "comment": "Malware payload (Formbook)", "value": "262b566375dff5c25b71a3a09e6703bae2855eed6c172f469b4d61785f215e7b9409afe03e82e28e249439f1c0f7e3dc", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623484, "uuid": "af51320b-b64d-467f-b444-0d5a6691ddc4", "value": "T16DC433384DCBCD659BE6D45951227A6D32B7B8B7CB30E4A61957FA00F0B4E096007DE3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623484, "uuid": "8ffe1324-40ef-42d6-a280-11370d58ca11", "value": "12288:EcQ95zbti5zpHAIL+xd1yodLDMlTN7A+q6YmejDpFR:hQ9txizH4goZeG+vuHpj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695623484, "uuid": "b55540f0-8697-4137-a877-c38c47bb2a31", "value": 570899, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695623484, "uuid": "0beda063-51dc-4cbc-a25f-3be91eb4ce0c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623484, "uuid": "e405f617-eeed-435d-bd9d-1d1d014f5538", "value": "CH2023-EGR012-60_61_62_63_64.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c02610a-5be5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695675007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675007, "uuid": "06babdc8-b4d7-4a74-91a2-3beaf0b5456b", "comment": "Malware payload (Mirai)", "value": "8cfdba6b115ce9815409bbe8b0b347e3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675007, "uuid": "e1c12199-ea3a-4cdf-aa21-5d6bc9dfe4a3", "comment": "Malware payload (Mirai)", "value": "aa2b95220c612a6a3db308e2a4ecff368f9e1f01f352cbb2b86c3d08649409c5", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675007, "uuid": "85e148b8-0990-4632-9190-dbd636764c64", "comment": "Malware payload (Mirai)", "value": "998505c0c385b8e301b5264d1e924008bb55c400", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695675007, "uuid": "cf6a76e5-e931-42c6-89f6-e15c1e731fb5", "comment": "Malware payload (Mirai)", "value": "f36233af6b704189dccf95ca5100a48280e8ccafc4e5f3d8c5f183a49875cde7e6e6b7ece58ac2bba8fe8b5961ee31d2", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675007, "uuid": "e8bf848a-eff4-4b74-9cb2-996469407a13", "value": "T12882C030619B74E4DBE14431EEAECEC6971A0BF8D1FC369217586B78C94210661F92DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675007, "uuid": "124c527e-ee8b-4bce-8065-0d85f66ba082", "value": "384:MnfzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMaGhymdGUop5h5lX:2dV0P6+kom0tVAoNvm+to1Gs3UoznlX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695675007, "uuid": "41a50c5b-c610-4f60-a126-ba5aacc34cd2", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695675007, "uuid": "1d0b1821-718c-4eb1-bf0c-094fdea6ac1f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695675007, "uuid": "2d3d3e2e-872f-42fd-ba9a-29f4d984ab7f", "value": "boatnet.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71476522-5be4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1695674720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674720, "uuid": "717e3964-6201-4541-ae2e-d29ac074c31c", "comment": "Malware payload (DCRat)", "value": "0561b770b407786fd573dba9fe0f92fc", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674720, "uuid": "f6d6b0db-2618-4b1f-9f1a-193e805c9cc7", "comment": "Malware payload (DCRat)", "value": "ab4f8a0df38c09efb9b9db694511d4d6e615cc3c35bfc14b55ddaa3828e13864", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674720, "uuid": "56685f45-ad0d-44a0-8dee-139c9ad22864", "comment": "Malware payload (DCRat)", "value": "490afe245b0a0278573cc17089e8a81111c458e7", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674720, "uuid": "2c2e8ab8-54cc-4c84-993e-979785ddbdd2", "comment": "Malware payload (DCRat)", "value": "632cea7ec23ea80741ba5ff41e8baefb43656689dad9c679f2d9a08a07747d56a7047a2bc2958721621930617d472e1a", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674720, "uuid": "e906b9a3-a452-43ff-9b0d-719da773b308", "value": "T1B5B5BE027E458A22F1085633C2FF854847B499516AE6E32B7DBB376E19523E33D0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674720, "uuid": "e366a89c-0a12-4e11-b960-7413fe7a4693", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674720, "uuid": "d9f9d3dd-973a-41bc-a378-0d6a80562608", "value": "49152:fZYEv/IyidaQ8t2J3s4SUMxsZQWUrBIG4:6Ev/IfdaQ3c40+ZwrBf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695674720, "uuid": "9d4b1b51-2d42-4ac3-ac61-2981c3c672a4", "value": 2403328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695674720, "uuid": "4dc6fe05-5094-4131-a0fc-56ccaf77c2ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674720, "uuid": "8f760a1f-07e5-4a50-a950-cf495d22e8a4", "value": "0561b770b407786fd573dba9fe0f92fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5206827b-5bf0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1695679822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679822, "uuid": "c6c316f1-5915-4c53-910c-fd409949fac9", "comment": "Malware payload (RecordBreaker)", "value": "008a1399da9a0c5eae4e07d824aebbf5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679822, "uuid": "e11c5043-e999-4ecc-8f05-c4321e9ce47c", "comment": "Malware payload (RecordBreaker)", "value": "abcbbdb2a2eb219a82c3f446f74ac6ef93a3deb11e4c277dee8c106792d7b783", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679822, "uuid": "01950d58-7dc9-4977-abaa-6b082b6c736c", "comment": "Malware payload (RecordBreaker)", "value": "226b71e8ac41b6b23da79ab029b8b2b7f658dd81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679822, "uuid": "59c4f004-c06c-4533-b7a6-1275b55c2c23", "comment": "Malware payload (RecordBreaker)", "value": "5e750720372b42ce4bd1f63ae6bee983e2864fe80cbdfa1225554993e4ca5fc1cf0c80c78c04600309cb27194befc977", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679822, "uuid": "feb3fe67-fc5e-4433-8b78-af6d4e7b7820", "value": "T14E14D0107991C332D56785708C30D5E0BA3FBCA2BFA1C94736547B2F6D32382AB6A316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679822, "uuid": "1bf0ebc3-7640-4c01-888e-733ec0a6e00c", "value": "9aba604e2d3c1b6b86e00b69bd9bbfab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679822, "uuid": "a2534ecd-764c-434f-9fe5-ad6f3fc674b0", "value": "3072:3AT14yQjetvX95X2mPtsvO++d77zE5ObRP5l1v:QT14y/f95Tmu77zw83", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695679822, "uuid": "76d942ed-9c33-4ebe-a6d5-a240e91c19c4", "value": 191488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695679822, "uuid": "0c64119a-44d7-4a87-b202-3d695b1f6f23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679822, "uuid": "cca259a7-8072-4b25-a0da-128663319fc9", "value": "008a1399da9a0c5eae4e07d824aebbf5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c2b304e-5bdf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1695672618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672618, "uuid": "c2cc4a5c-b3b7-49b3-a480-7c17e6939aa9", "comment": "Malware payload (DCRat)", "value": "40c500a3b5442fa218bdcde8a69936ae", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672618, "uuid": "5b8f3fc2-19da-462c-8d50-79f316495cad", "comment": "Malware payload (DCRat)", "value": "ac0fc303f893f17ebe04ea11090b5c6787357a3a6f4d4d2e12fe14e84f10b340", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672618, "uuid": "6c6d305b-abc0-4175-8260-9f697779fab9", "comment": "Malware payload (DCRat)", "value": "affd0f80123168345268bf172b19ad8cfad34abd", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672618, "uuid": "010ceb90-05db-4ab5-a0ee-b48dcb24943c", "comment": "Malware payload (DCRat)", "value": "7cf66d9a2b44c6fb62ef61841510ca5ff7d2f4710391af8ac96280feaa43e6c15412c221c92a547d1f87370561ea39cc", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672618, "uuid": "4dba3aaa-1e0f-4120-a89d-bf02d6ef5aaa", "value": "T1280585342EEA1029F177AF7D9AE07596EA6EB6A33707994D00B103C60723B42DDD153E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672618, "uuid": "d27ed103-4368-455e-b108-3ecf579b27ab", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672618, "uuid": "f02276b7-2a3d-4674-b3fb-967feafc94ea", "value": "12288:FFNE5vIoBPyOigq6Ldz05SbLjKjszuHxl+RcKZx9LcGSskNdlcWFTU841AtQx:FFNAHvvLdggeqLa8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695672618, "uuid": "f379c7c0-9c15-4cd5-900a-89be1457bb71", "value": 817152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695672618, "uuid": "c28fae05-4d05-4155-a8db-76c401628f30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672618, "uuid": "97c8bdc0-2c0e-41ae-9ae6-9165deb96ef0", "value": "AC0FC303F893F17EBE04EA11090B5C6787357A3A6F4D4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "461c1d95-5ba8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1695648878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648878, "uuid": "3004d0f0-dcba-4b9d-bd00-5bdc93820ec1", "comment": "Malware payload (AZORult)", "value": "148f3f728ddb77e886b731135cff3c04", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648878, "uuid": "7c1d1527-23fe-4aea-b566-fe9173867155", "comment": "Malware payload (AZORult)", "value": "ad36de8f71acf27e4123e9e752d97b1ccdba16c6e5d453a5e74bc6dbcf0269cf", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648878, "uuid": "4b84203a-ed59-4257-915e-d8a9e2687b51", "comment": "Malware payload (AZORult)", "value": "595ff7ae88309acf40906a241ec55011129db12a", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648878, "uuid": "b09c6197-277c-4d0a-97d3-0bfd1740c4b9", "comment": "Malware payload (AZORult)", "value": "342d73fa9f8909d8096825a9902642b40a27b62f5a730c94a5a5b2b69b920fd8aa8e27c8820913db97f1711a650395ba", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648878, "uuid": "9a67ac23-1ee0-4c32-8f6f-d754a98d845b", "value": "T193B423BB29C0995BFA03437014F44F39E579FE42AB328E47B7A12B152F1399A0757227", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648878, "uuid": "bfe5acfa-3538-4bb2-9084-72d62c83db96", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648878, "uuid": "3291764e-df72-4744-b347-b6aea30ae145", "value": "6144:1z2yP2JZE/MFtyCDUasgljxNba3mS0JDPBP0qWxNnXsUrk2fUJaZqicB3oWN2gJo:YZ5Fo0jLb4mS0JzOpQvJEw2gj0UQP3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648878, "uuid": "527c1015-52b3-447b-92c7-8eb9e8cdbc53", "value": 525071, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648878, "uuid": "d54934b1-7505-4abe-997d-7f9f43efddbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648878, "uuid": "ef2f6d71-7233-4c64-aa84-4887bf93b595", "value": "E-dekont_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51986056-5bdf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695672519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672519, "uuid": "13b49ba1-f52a-409c-9a6c-cb23ad69f74f", "comment": "Malware payload", "value": "1906a07687a43088349ef516d4d81c45", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672519, "uuid": "3b62d614-ab6f-406d-b1fb-f81cfc566cd2", "comment": "Malware payload", "value": "ad3d0baaaf1aecbff668d96f6b33d13547cdce3f3ac67e438fd91966194128e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672519, "uuid": "8fdedda7-05ea-4db7-ab02-a9c135d78b72", "comment": "Malware payload", "value": "493f03bc4865828de009f02b58364f4bade3df24", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672519, "uuid": "21c70f71-dd20-4068-b263-6164ce89663d", "comment": "Malware payload", "value": "2f44b411a79066a463f8fd5ba5a84d9722f4e53a226d8411eb80e55c784e0877bedf2970bf1675454b4d9cec3807aaea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672519, "uuid": "6ba8735a-794a-4661-ba86-59c48b8d985b", "value": "T14224D02135E0C072C19785744835CAE06B7AF823ABB1B95B37543BBF7E302E16B66752", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672519, "uuid": "1ff7942f-4d28-4df4-a971-8b627982a19f", "value": "8a8b4a2b07716ec988e9b99557ecabc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672519, "uuid": "8fd7d008-03e7-4619-b0eb-4ebf83968aa5", "value": "3072:lmRfGm9EIn86x8Vb4BP/d9IjNUBDMWeZtWJ5+xD21T5:mfG/ISVGP/d+Zt/ZR521T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695672519, "uuid": "4ef3aade-5c88-420f-ae47-4c2be58f1114", "value": 228864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695672519, "uuid": "a9be96f7-44fe-4ffc-8614-b624fc3988db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672519, "uuid": "b492b322-b01b-4905-a8bd-0b42059b300b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4001050-5bee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695679208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679208, "uuid": "944b6b2f-1ee4-42e7-9715-4fa3fce49ae8", "comment": "Malware payload", "value": "1983b12b61270d8726a027cfcb1e2bc2", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679208, "uuid": "16aeb54e-b333-41c1-b2b7-f9369cb7cf99", "comment": "Malware payload", "value": "ad6678b59f632ef0215cbfd49303a3719c6650c26ae5c16d4e14bade8ed1c115", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679208, "uuid": "98dd5e71-9d3d-4311-bdd0-20765449b837", "comment": "Malware payload", "value": "02d14cf6244c2ce38ece1cb432f5cc3d13233dcb", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695679208, "uuid": "74ded3db-f00d-43a4-8927-509857a0f605", "comment": "Malware payload", "value": "c2e0f22f8c4f6f5a6602089efb8e73dca0d1bdcfbeb942a15d6ed0e7ac715667af9f0c41a2f209c55994c0fc5d3cbd43", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679208, "uuid": "3d80d753-b004-4ae2-8845-5e5ee3536052", "value": "T1ECE3F745F8918F23C6C212BBFB5E428D3B2A17E8D3EA72079D255F20378655B0E77642", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679208, "uuid": "6ac03874-085f-409f-b559-afa933d7b6b2", "value": "3072:l1Ggh1mJ14NWkpzHQTiFz7V4CftIpDZW+9C7PzIRdT:l1G1QHQ2tp4CSpDZW7PzIn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695679208, "uuid": "61975106-62e0-4eeb-9e9c-7cd9c6716d22", "value": 154336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695679208, "uuid": "241a2aaa-1bcf-49d0-8712-7afd1bbdbebf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695679208, "uuid": "5c555873-20a3-4c20-a845-384834e5c7d3", "value": "polar.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1e60ef6-5b7d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695630617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630617, "uuid": "57ee5e08-9ba7-4f7b-a01d-b8453c89ead3", "comment": "Malware payload", "value": "a92a908cae30b9b020244bedf61a1dd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630617, "uuid": "c64dc90a-d2e8-4b8a-ba09-ba3d2467f02f", "comment": "Malware payload", "value": "ae14b287be4c2cb072802d65693beeb9efecefd6e6de5994abe49546b8ca0308", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630617, "uuid": "1b6beb1b-bdcf-49b2-85c6-57b86a9c79d8", "comment": "Malware payload", "value": "a45bf660ae267b2c8027327b2b97c61faa88d9ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630617, "uuid": "9744389a-4aa7-40d8-ba46-6ebec4fa31f1", "comment": "Malware payload", "value": "ac1e5ee733edf9c9f20cfa9ead624ad12209f320ca944ec7585f3db2e18462bc55e47fecafb309f1f3c6e1baf57d8d14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630617, "uuid": "2b31b8f8-f4a1-4461-9ece-3af7e9d764ae", "value": "T12F4633D250B1828AEEB9D13B6A20532CF183B52EF3807F453D84356F59D6A031BF599E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630617, "uuid": "cfb7869b-92bb-47d7-bf87-97c4ddea2a98", "value": "0b5d568e46e0fc5a58bcdffbeb155d0c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630617, "uuid": "aa1731ff-d091-4f03-9875-b1b42cf9ba0d", "value": "98304:pHrMX3ZbN6mocwdMpXYI6A2XwY0o7r5QBa2lAo3WTsKVnd/9lSD/WFIxUBzqHy:1MnZZPocwGpoRRXwY9rb2moBKVd/9lEJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695630617, "uuid": "3753085b-c207-4891-83b6-ee9ba5327361", "value": 5803008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695630617, "uuid": "1407894b-4fbb-4f69-9efc-31ba54cd9126", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630617, "uuid": "0554b92f-b9fe-445c-8b68-63ad4d64c213", "value": "SecuriteInfo.com.Trojan.MulDrop23.44422.1747.19643", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a575a23-5b9f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695645127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645127, "uuid": "2e4b44c0-693f-4f04-bb60-4bee6ed72079", "comment": "Malware payload (DarkGate)", "value": "0639a5fe04b2e560d2efbb770c7d11dc", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645127, "uuid": "09c8a8bf-a6c3-41e5-94a9-d64e4db13a43", "comment": "Malware payload (DarkGate)", "value": "ae5992df220a719fca79f2322b6f40b43c61ff6e4e55b01183fb088953661537", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645127, "uuid": "0039fcf0-5d60-4250-b73d-b83c659a7fc3", "comment": "Malware payload (DarkGate)", "value": "558584fa7d79cc989a9313113026ffb7f35b2a32", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695645127, "uuid": "623a3e04-ab79-455e-bbc1-8de21591a907", "comment": "Malware payload (DarkGate)", "value": "db4fda1bd3c8b59be897d34622ecdee65f8ac6a633efeba12df7e2a5f4f9ffa877c432212200d1715fa9e96259a0d717", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645127, "uuid": "ea893ada-a874-49f5-94f7-8ff4a08cf5cb", "value": "T125526353555C0394C1D9133029C4106FDA84C3387BF6D6777958D18527B8858F5E51B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645127, "uuid": "d563f466-aa75-458f-9a48-cc966f49b2ec", "value": "24:GZi/AEXz2kNJRQDHCWkqalW9NfnGRXlf9DtkR7z5FWybxJ6fF49+c:bnXzcDHVxaMXU1nkRf3vVc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695645127, "uuid": "1ffa9605-d393-467e-b1db-df64885ad5e2", "value": 13739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695645127, "uuid": "043777fc-f32d-487e-a41a-88a0056381f4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695645127, "uuid": "fd2787e1-88b4-49ea-9951-3cd56c067dad", "value": "L12T.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cd8fe95-5b6d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695623495, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623495, "uuid": "122ed389-017b-4a20-bd6c-98468776106b", "comment": "Malware payload (Formbook)", "value": "1ec809fe6df06e1671dae8ef802ed39d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623495, "uuid": "c265f9ef-6d2a-4eff-bc17-3837645ec23e", "comment": "Malware payload (Formbook)", "value": "ae5f1fa9855fd6e4511a674f0a0465df7960a757409a0d176f50b10fd14925ad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623495, "uuid": "33aefb6e-8aa8-4c70-8c6d-edc59c29f02b", "comment": "Malware payload (Formbook)", "value": "d331dc602ddb702e5e9835408f54dcd70f2884e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623495, "uuid": "65bcfb86-efe8-4e5e-bda9-e6b2babf1444", "comment": "Malware payload (Formbook)", "value": "9689ca8819e0b55bee0a77ee1509095027fc8c992cdba8d8a7cfc8b4ee11b561a78ee5859083b1a766f0644aa26f60b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623495, "uuid": "619ac9ad-918d-421c-9f81-600a7f3d5bb3", "value": "T1FE05F89D721072EFC857C972CAA81C64EB61747B830B9207A06B25EDEE1D997DF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623495, "uuid": "44178d5b-848b-47a1-b198-fe606cfdf4ff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623495, "uuid": "91f1ca7a-a6f9-452e-9ff7-4927855fb53e", "value": "24576:+YJor/5F/UgF8nH3oJz9E7Q3g5yMiDlyfsLCD5E:fJor/5F/UqcoJz6E3Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695623495, "uuid": "83cb1111-634b-463c-b4db-385ab1970d18", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695623495, "uuid": "b3a408a8-9de5-4269-be0a-b9bca285fc4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623495, "uuid": "a160632c-cb3d-402d-aa9a-80d84383c2fc", "value": "CH2023-EGR012-60_61_62_63_64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c841a3f1-5b43-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695605717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605717, "uuid": "fb5418c9-c5e9-4da7-83af-8b59a409fe5f", "comment": "Malware payload (Smoke Loader)", "value": "87f4fff84b2e3964850733cf5aad6106", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605717, "uuid": "35c802f3-c92d-4602-b829-23d096e41a6c", "comment": "Malware payload (Smoke Loader)", "value": "ae761e0a80d71135d8b438ec91763773dcca950e0f5d33413f1b90a72173d9a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605717, "uuid": "0502b6cc-0abc-4a30-a6c5-55986ff1972b", "comment": "Malware payload (Smoke Loader)", "value": "8dfe82e0bdab082d44f05f716f9f1e371003564e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695605717, "uuid": "85ba9bda-a330-4672-ab02-f5c0ab2bc1f8", "comment": "Malware payload (Smoke Loader)", "value": "63037fffadbea8b69899acf24aa8b5e6cdedfecd86ea2618689e9b6dc5195608ed7200e290163b3ffb2dc4ea14d9393c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605717, "uuid": "f36e16c3-baa8-4c12-8d1d-669ae64e2918", "value": "T11844BF81B4D18073D472113209F4EB765B3EF9204B559AEFE7940E3E8F687C19731AAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605717, "uuid": "cf4a23bb-d55c-4c06-8458-e3a3e4daa594", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605717, "uuid": "cc6c9cf4-a22d-4a10-a352-03581f395fc4", "value": "6144:fRdcMQ+j+5j68KsT6h/OCy5UKuAOCgHXJl+qB+xVmwK:fRG7+j+5+RsqGhuVj+rx0wK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695605717, "uuid": "6ca992bf-ebe2-4fdf-95b5-b8722b3e01d5", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695605717, "uuid": "fbe522e1-6161-475a-bbe5-8d872b11317d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695605717, "uuid": "d7c76c5d-1c48-40fb-9619-85169ea364eb", "value": "SecuriteInfo.com.Win32.Evo-gen.4092.28863", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24b810f3-5b78-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695628206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628206, "uuid": "655efe35-8644-4cbf-9c29-37c0885c266b", "comment": "Malware payload (Mirai)", "value": "ece134661822c3b2b9e6996aef10d5f4", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628206, "uuid": "177788e8-52fc-44c2-b486-9b16508590ec", "comment": "Malware payload (Mirai)", "value": "af97d121098bc16100e2a70efe26dfc9d01c7d9d0dfea429417f73abe41d1772", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628206, "uuid": "303fcc24-f710-45c0-8478-e6a41fa4de3a", "comment": "Malware payload (Mirai)", "value": "88591d63309610b055a3b3da85a75ff5747096f1", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628206, "uuid": "5176a0af-0acf-45a4-8d4e-5591be6a8265", "comment": "Malware payload (Mirai)", "value": "073fb88f73fb5441273fe89927949be4f79da5fc59e5d65596d24347083ff068cfb027def42ac82d181bb695095fd113", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628206, "uuid": "ba7452ee-5341-4beb-a79c-1e15354c0f20", "value": "T1DA3301A2A0A7DF6CCB209D3018AD8F9476AFCBF4F8943751616062FD6C958D06ED80D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628206, "uuid": "5b3ce8ad-55b8-481c-9e94-5aaf86d81d35", "value": "1536:lRk3JaQXcCZrQAmhv9Rjycd+sLLJc8rhNJ:nk375rQ0c1LJVrhNJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695628206, "uuid": "9203f2a6-280c-46ad-99e2-30cb78c979b4", "value": 53452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695628206, "uuid": "bdb717ee-7b84-4ad6-be5d-0a84d5e795ee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628206, "uuid": "a92657f8-23ae-45e2-9176-aa90ae40cd47", "value": "maCarm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1993dec0-5ba7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695648374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648374, "uuid": "fb4df2d9-0095-4712-b7e6-ac2bfea2d588", "comment": "Malware payload (AgentTesla)", "value": "21e01ceece1228eff21b1d02ab62fa3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648374, "uuid": "40b47964-83ae-4e32-9eb2-3ad1c0c84dd7", "comment": "Malware payload (AgentTesla)", "value": "b03290a58e076aeff5df1b1724931df5962ed9ff9ecb7d0d0b1e141072a44346", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648374, "uuid": "186c7df8-a5fd-43ab-b40e-1836e71457cf", "comment": "Malware payload (AgentTesla)", "value": "499b0188e2c7b6a14c06e5634b57d979633f5ac2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648374, "uuid": "56d759e3-3357-46e1-a122-883370b5ad7a", "comment": "Malware payload (AgentTesla)", "value": "81eaea69f14410af58a9b0d867e591ca3ec925845e3b17f0eab03313336623f4db8a2c568e13ddd4005ec20e71d4d095", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648374, "uuid": "8cc541ba-1cb4-4e36-930c-6b1d47969947", "value": "T150F24B0DB7CC2E21C3FC24B98AE3555413F4B1E62602E65BEF8465682D97BF1B901B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648374, "uuid": "544b3ead-ff15-49bf-8d64-c4a99da0aa42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648374, "uuid": "3abcab4a-b2da-4397-a16d-cbf7dcab53cb", "value": "768:bIiYr95Q3bWRyGDHqxt4m2OBBU1ibFLjxZ0KAT+H+GSj7Pa:ciQJRyGDKf2OBBUoBNKK7S3Pa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648374, "uuid": "5608c1e8-ee5e-4d36-b2bb-e794e752d3b9", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648374, "uuid": "63716530-d241-47fc-9638-a3d7848e053b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648374, "uuid": "d168f62c-3ae2-4e00-89a3-adaabddccaf4", "value": "Ldegwikhzs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188fa0b8-5b94-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695640212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640212, "uuid": "0b9a2c89-e7d2-4646-b4f6-de076b651b80", "comment": "Malware payload (Loki)", "value": "b292810afd1bde3817317084e28ebd2d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640212, "uuid": "cb044923-60bf-4469-b070-12047ee92610", "comment": "Malware payload (Loki)", "value": "b06c31ca5664c7f9142039d5a2e4f5201404d08e4d233b594e6e69cb4e1219a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640212, "uuid": "bc8e1e72-0211-4888-8cb1-a639c195c0f7", "comment": "Malware payload (Loki)", "value": "18152b496b729ccd3dd51e3af1d9e093a8ab9b36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695640212, "uuid": "9e250e2f-9db6-4713-8076-5e0c0d74f003", "comment": "Malware payload (Loki)", "value": "79892fb6e7e63e3621b8efae5dd88655a66fa72f74741baaed939c115b12ac2027ec2f7b576bb60751d1ca54d2d56b35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640212, "uuid": "d897d816-eb74-4212-9cd8-ce40712c1dc5", "value": "T193D4B91A38AA110DF261AD3CABBCB176915EF7F216364CB70DF7094A11129F0CB9D627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640212, "uuid": "caae4cbe-215b-4742-a56f-598e8872cd5d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640212, "uuid": "e8e7dd84-89b5-4e36-b453-e91e0f64e45e", "value": "6144:Yusyguu9D05BjkbNNhNHG+96+BMfw+N/Zsl42sWZxc:Yusyf5BjkbNNbmGFj4zWnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695640212, "uuid": "b7d0b66d-c770-4743-8fd3-32904a365576", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695640212, "uuid": "7bae937b-6896-4186-a0d6-f27ed01648f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695640212, "uuid": "c8570b83-e683-4653-973d-287dce22b0e5", "value": "b292810afd1bde3817317084e28ebd2d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41185338-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629542, "uuid": "58b37974-e64f-4461-becd-af2463fce45a", "comment": "Malware payload (Formbook)", "value": "197927a454d1b6f23accd1bc72fb0697", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629542, "uuid": "4f3c9e9b-8fb0-4702-b217-2cd746848980", "comment": "Malware payload (Formbook)", "value": "b280b8e77999e1b90c38f33d2430000487d83f96cdf5ad21bf5bab4fdfce4cf0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629542, "uuid": "ffefd958-da2b-4e38-8cb7-8ed24a5c8a0a", "comment": "Malware payload (Formbook)", "value": "247dda0b4cda96f13560fb36bc92bc0c18f4e250", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629542, "uuid": "0271ae65-7eca-488f-984c-6070c86cc02e", "comment": "Malware payload (Formbook)", "value": "db4bcd1e519e1091cb66f3637ae93d4517f406e17fff17ae4e17372301ac60af6a75c953c89ec4db2c86af34d265cdaf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629542, "uuid": "40bd88ae-07ad-4afe-b62d-5c11b7d8068b", "value": "T17C2412EC4E8D540DD0F4A276592A43D3A7EBC79E97C29EE2C561484BF8A0CB8C8155CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629542, "uuid": "b318e0fc-7723-459d-be2b-a1b7a49f3572", "value": "3072:AO9swD7YOiKi69SnYHvy/M19bD07xI6+wS9dZ9wIilp/uP1+0FnTjM8N7Z2irLbK:LoOiK1vyhxF+r/mIiz21fYg2iW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629542, "uuid": "785d1ad6-b8fc-4fe8-b81f-9e8d4abcf642", "value": 211968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629542, "uuid": "4601c888-9d0a-493e-a0dd-154b497aec80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629542, "uuid": "ae13d67b-72d4-489a-b57d-09e20ba72d8e", "value": "b280b8e77999e1b90c38f33d2430000487d83f96cdf5ad21bf5bab4fdfce4cf0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41b23c7b-5bd9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1695669916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695669916, "uuid": "c3969db4-4e43-4b10-aa27-827d7ed52c77", "comment": "Malware payload (njrat)", "value": "f187dc908dbe5718d33bc8f966a947d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695669916, "uuid": "570d3cac-4116-46da-b107-29838179dfa2", "comment": "Malware payload (njrat)", "value": "b36df944b495ce1289b7a181be61d4cf78e212c60d56eafdcb24fecd99f014b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695669916, "uuid": "9a6d0a8f-a96f-419a-a3df-2d7557f31cfc", "comment": "Malware payload (njrat)", "value": "541d6ebc088e60dddca74c8bde20c08e2a54804f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695669916, "uuid": "54728830-51b9-45b3-a412-5c652b59bbe0", "comment": "Malware payload (njrat)", "value": "4e8e98c27f150bddf804c70660f433088aa7f3a3b367a8b119af98261b026aba23bd27b1d3385991c7d9a113fa4a2103", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695669916, "uuid": "c4afa335-b2d6-479a-a9fd-1e4a4f53a66a", "value": "T1C9B2194E3FAD8856D5BC177086A5965003B4A1870423EE2FCCC560CBAFB3AD91D4CAF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695669916, "uuid": "764f354f-afdb-4d00-8f3a-0c540cf12b20", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695669916, "uuid": "be1a6d02-745e-48e6-bcda-9546398f00ef", "value": "384:i0jeCIYTNQZUuQnJXJeCXlwhPQ6VgDOwBHhdmRvR6JZlbw8hqIusZzZXzo:d3jNAU/ZVX6Rpcnucc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695669916, "uuid": "cf361c2f-6142-4f1b-9913-b42ccb2186d2", "value": 24576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695669916, "uuid": "ee47dbd4-546f-4a98-8fd5-92ebe3c43d1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695669916, "uuid": "762dda09-cf53-4b13-af42-3e513a2c5cb5", "value": "B36DF944B495CE1289B7A181BE61D4CF78E212C60D56E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8561e2e-5bc5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695661579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661579, "uuid": "49da8ced-0326-4615-a6b6-94ec4dea57ea", "comment": "Malware payload", "value": "6d0a3b0b9537250e483fb8f17eff24e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661579, "uuid": "5bfd6116-28db-4d78-979b-ac7a2acd7c08", "comment": "Malware payload", "value": "b47a7ae52b4d92dd366b84284903cf8a7f3738201d04bc5dff0fc3fe8024a403", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661579, "uuid": "18335aff-89bc-433b-aa60-942dc1aeb956", "comment": "Malware payload", "value": "0c6e3ff4604632c4305127fdca70b806a0226a68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661579, "uuid": "64d47e7c-c7f1-4669-b93d-ba10d38203e9", "comment": "Malware payload", "value": "e6b856bdcd6e8407c325fa30c23e7ae8ed3ce138ac18152fdeacd2b350d3bfc84df12faeab28e52c90205ab7e84202b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661579, "uuid": "92f925e6-b520-4197-b4ef-b9cfa8b43724", "value": "T1CE656B017BF8CA17E49EDB7194F00A1463B7EC49A6E2E74B518872A91C3676C4F4339B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661579, "uuid": "7d43e8e9-d6d4-47b8-9949-98f855268c3c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661579, "uuid": "aeeaa429-3652-46c2-92ec-5be3648b2aaa", "value": "24576:HvN4ihK7CM6aaZvFzuHWatoYd0jS8jwM+jWpo4bK:PNzK7gp1gtoYd0jdPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661579, "uuid": "722da94a-e727-4364-9d08-a5f494001feb", "value": 1474000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661579, "uuid": "04f7f9a9-027d-4468-803f-99a36c4d2f9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661579, "uuid": "af8b41ff-142d-4cf8-a68d-61a18c3783e3", "value": "rQUOTATION_SEPT9FIBA00541__PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da50106f-5bac-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695650845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650845, "uuid": "b347b94b-42c1-4241-9294-9890dcb8bcef", "comment": "Malware payload (GuLoader)", "value": "40437f4bc8980c7b1aeb9aebc64de972", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650845, "uuid": "d7bbeeb6-2bef-41a7-a55d-59df6ebbab92", "comment": "Malware payload (GuLoader)", "value": "b4e586ae4fe78a41c0da390b0b7d9e054e93cf62e5f06f9fd62ed946aae0930c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650845, "uuid": "0ab83b0f-e634-4bc4-aaef-5fbc41460590", "comment": "Malware payload (GuLoader)", "value": "54ec92ddbfdc8ed68591e1563745eedb651c7f29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695650845, "uuid": "daccbfbb-e418-4219-b2aa-8cfc1b8da951", "comment": "Malware payload (GuLoader)", "value": "b1a57a498cdfff05ba668a78419f7e46e48725754d5fea7a005105fb1226cb259495f1b8c17e286b22802d905086718b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650845, "uuid": "55f9d440-d2e5-4b6d-938f-4a8e01666a53", "value": "T16C45025AB629C056E8BD6E76DC1EC4F1A6B8BCA6D810130B3295FF2E75F2301140BE5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650845, "uuid": "1db2e45a-be94-4ece-b1f0-4e0dd9903592", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650845, "uuid": "eea6d9a6-3746-4801-be49-df60a2266a71", "value": "24576:gqG+Vm6IaJe7vTz8Nk95ACjKC4onl8Q3wlRjMPybTJmU8:LGP6IaJe7nSIACjKCxl13ojMPybl6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695650845, "uuid": "b53e8ed4-333f-4a2c-8885-f3cc57bc7ad8", "value": 1263400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695650845, "uuid": "2136393f-5948-4ace-97b4-f9d8d240f841", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695650845, "uuid": "667dfc71-5992-4eb0-a091-77777dabad58", "value": "Connectible.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25999e18-5b78-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695628208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628208, "uuid": "f2b7ae21-9603-47f4-be6b-0407f07ed191", "comment": "Malware payload (Mirai)", "value": "210072c2d8f77366cc24eb80848e8b30", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628208, "uuid": "b8fa630a-11ee-49cc-bbb7-5a066b72b9a0", "comment": "Malware payload (Mirai)", "value": "b6f51ce14ba12fd254da8fa40e7fef20b76e9df57660b66121e5f16718797320", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628208, "uuid": "b5570921-98e0-4083-93c1-deb90ac33713", "comment": "Malware payload (Mirai)", "value": "9d565c5c5b89f39dd6f066f8722ace82532f6132", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628208, "uuid": "83bf5789-ee4d-43b2-a380-80dabfc1ca1a", "comment": "Malware payload (Mirai)", "value": "b83cb9c32ea1bbdc8e36547fefb98bd76a6fb3fab2c0e795f048ee5f9ec6bee263a9d75844569029f71711f67b8fa984", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628208, "uuid": "5f6649cb-202c-4184-b281-df388f7b6212", "value": "T1E8D2E1316D963EA1C5B00933E61A894212FA439CD07B71F625344BF6B2C7F05A8F5E57", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628208, "uuid": "bbc687fa-936b-4c7b-b87d-0684bf86dac4", "value": "768:kOPzHhE0UjAiPE+3M6bPCKZi65VGoWlKqs3Uozs:kOPtE0dis0M6bqKZiEVHnzs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695628208, "uuid": "97067685-daa8-4ad5-afba-def29e24a0ab", "value": 29376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695628208, "uuid": "1309e2b4-6f77-4f94-8f7a-1b2d6aca24fa", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628208, "uuid": "1e5c1b09-664c-41bb-948c-4e03a33ee306", "value": "maCarm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "857ecc05-5b78-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695628368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628368, "uuid": "be1a10e0-526b-4b7c-9b2f-cc9fcfd1d844", "comment": "Malware payload (RedLineStealer)", "value": "85057f71f124c4fa20ffd1b742d6c481", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628368, "uuid": "1f909d1e-0cfd-410f-b675-afd15877bc3c", "comment": "Malware payload (RedLineStealer)", "value": "b7427f848185edeb52b5de80debd103ac201709afd64e3bd854c86969b821a2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628368, "uuid": "2724ae21-d5c9-45ab-9439-5fcc6562f789", "comment": "Malware payload (RedLineStealer)", "value": "e3859027bfe7ed1d596673b44100a9fc7bddaf06", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628368, "uuid": "e44fc14c-0c9e-4915-9a69-2bd514e446c6", "comment": "Malware payload (RedLineStealer)", "value": "140756313ef771768d78588463bdf6cd360c603ae86ee9c4c00c2ad2a4c4788a2935e429e6f39a31304f00c3eda20bb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628368, "uuid": "ca112e0b-1645-4614-aa3d-a615f588a3bf", "value": "T1F7159E653FA58A12D17AB67AD9E540084376F4C32621F21F3FDE12D80B52BCE4ED1E1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628368, "uuid": "826a483a-0832-4654-9b57-59d9f7767ce5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628368, "uuid": "b403d2f5-5c28-44b3-a4d9-c49cb2f61c82", "value": "12288:OcqMck/x+2D9jWaGvxhmrsP1EYcOC5HTnH314v8kxEqhSivqxK0mAfRmtjJ5V66l:WMFc4itlSivOK045VSsyQ/yF8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695628368, "uuid": "ad30d54c-543d-4239-91f1-d75c791b7f51", "value": 946176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695628368, "uuid": "246c75ed-e4c3-481d-b319-2e029f603468", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628368, "uuid": "c0f2b85b-11b9-47ba-a32f-83f23bb9fc3f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba8205b9-5ba6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695648214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648214, "uuid": "e1f8f4b5-46b4-4ca5-8697-3a1c55b60a5f", "comment": "Malware payload (AgentTesla)", "value": "e4e1075b03f102d9d07619194b7e5fbb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648214, "uuid": "d665679f-2b7d-442e-9d2b-9d8acdbdc792", "comment": "Malware payload (AgentTesla)", "value": "b78cf80d94f017c5f389590f2f3b312f1694d93e5e6aebf296e46b5b9dbca2da", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648214, "uuid": "d43d1fc1-5442-4aa9-84c3-3f9361927216", "comment": "Malware payload (AgentTesla)", "value": "ef833d4052c3efff9315c8f2845c2d5e20f7165f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648214, "uuid": "46f0497c-53c8-4ee7-9f94-8d4ebf501691", "comment": "Malware payload (AgentTesla)", "value": "f59bec590f795f20954b015c4f8c5569cd6ffa00121409cc749c2599fb78b78e6c2cbbb55a20d47366a012f333f700ee", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648214, "uuid": "2fc3e337-41b0-4259-83bf-48560a717389", "value": "T1F42533502F976E584D2882155B1F6F0C994D89E2B278F1EB2776708AB70FD4373229BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648214, "uuid": "9b6f914f-ba0d-4cbd-9a89-abc8e16f8758", "value": "24576:/qfa722mM+vmWw3/MzxW2LhbOTx61lx6ULpzF:ku+HxVbOVyT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648214, "uuid": "dd4f0ed2-8345-4ec4-8b11-25798d3031c7", "value": 1042496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648214, "uuid": "104f4880-d116-4b4e-856e-e3805e5c9f83", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648214, "uuid": "f4174375-9b20-4fec-85f5-80a76ef3f3af", "value": "P.O 2023-69415002.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f1d92a1-5b73-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PureCrypter)", "timestamp": 1695626076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626076, "uuid": "47e715ae-b69b-4068-8239-c02bdfd1cee9", "comment": "Malware payload (PureCrypter)", "value": "f225abcf668d51d37f78b44ed51600c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626076, "uuid": "7b3d1930-ac21-48de-bf07-461991f8c8da", "comment": "Malware payload (PureCrypter)", "value": "b7a91f80d17f82d43fe31deca3229d614fc29ab7f7e55c043f572235048305a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626076, "uuid": "606458cf-dda3-4bef-9999-c15e011a0378", "comment": "Malware payload (PureCrypter)", "value": "723b4f1e3891bc27658a807d31fa49ca18e48f5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626076, "uuid": "be55e820-6ac2-43c1-9f1b-6949298c7cf9", "comment": "Malware payload (PureCrypter)", "value": "e4c3424222619c025262cd32bb74706f9b0e22f8d317a47ed42f1df99598d7443ce72255b1d77f10eb47b32db2f73e94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626076, "uuid": "e76503f5-c75e-4135-a5fe-8e8f8a9e9da2", "value": "T10F73D511110AF92AF8BED1763493F05237463F2558B14EAAA7077E3D46B2148AAFFC35", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626076, "uuid": "afc36cd8-8dea-4bff-b484-d56b4174e46e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626076, "uuid": "2b04c545-20ac-4e22-a562-218f3ca19b96", "value": "384:9OeO3zisyy5hoJEkZTg9K3XkXkXiNNNNNNNNNNNVefs:9ZO8J04XkXkX7s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626076, "uuid": "20dbe2f8-8eb2-4b17-9ac9-090ba01b8933", "value": 77312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626076, "uuid": "69813093-b5d3-4f04-8fcf-a351135c0843", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626076, "uuid": "a71a78c5-c0bd-4379-a0e4-f2fd0859a952", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb6141dc-5b76-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695627707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627707, "uuid": "c408080f-08aa-4c72-abb0-4a824eee28c0", "comment": "Malware payload (RedLineStealer)", "value": "7fc25c65e3a0fdd365209b76f37a0942", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627707, "uuid": "1cfedbee-6abc-47ac-a9df-3b5834a8b55b", "comment": "Malware payload (RedLineStealer)", "value": "b7bae8c3d2721f387a3e6316f8fb83bcc08e4b46767f86fa46d018b6cfc6f161", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627707, "uuid": "9f817ed1-b922-4b48-bc97-ccec35e8e847", "comment": "Malware payload (RedLineStealer)", "value": "a0548ee35ca75821e8eb0630d85366c94e7adac5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627707, "uuid": "c132f3fc-c7c9-4e0d-b09e-a059de53bc66", "comment": "Malware payload (RedLineStealer)", "value": "d354d50348f61e216ff6f513e9329ee32a63941e989e154f5c026e02078ac7ef4acefac2a08c38a2b78a93651a8f7a19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627707, "uuid": "dbc1fe3e-5cc4-4dc9-8977-f0e8e7876d69", "value": "T1C2945A47A3D09471DC6034B309A39369C2F970A3CA9195CFABDF793ECD50A908BE1A57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627707, "uuid": "9c7c23d8-edba-4efb-8514-2c1769d43174", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627707, "uuid": "972e9d1d-ce32-4a63-ae24-0f5ce03dd215", "value": "6144:O9IhvxIcPJL8+5oprOCu5yzuAO3D69YLzmHsTVI1oQpjqwq:O9upIcPy+a6uu9DNPVUewq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627707, "uuid": "b5b96423-4c59-432d-9793-da7e08325a53", "value": 422856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627707, "uuid": "e367ee06-6d4e-4463-b355-a0d6dce12c7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627707, "uuid": "e946938e-4502-4b1a-97e2-ef67653251ce", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "931863f6-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695667905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667905, "uuid": "062fda86-2092-4463-a616-ff2e199d2726", "comment": "Malware payload (AgentTesla)", "value": "e9bf99401843f46601bc1337a7de4379", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667905, "uuid": "ce7a9a3b-316e-4175-b59f-e55ac89d9245", "comment": "Malware payload (AgentTesla)", "value": "b8104a21d4a884118c14b967c6a415344f636ad515778626ca058e36bb46e8dd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667905, "uuid": "5d813ab0-35a1-4914-b521-63cfc5d5554d", "comment": "Malware payload (AgentTesla)", "value": "139772b2de833f7f14abf1ea53e72d8fab0939c6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667905, "uuid": "762583ea-b731-4e8b-b279-36df351a01f6", "comment": "Malware payload (AgentTesla)", "value": "95b9cadf0b1cf07a400b1d4a2c561e47eeba7b0eebc170b9bab28982f670163d7dedf1b372f79f4f4319e73f081faa38", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667905, "uuid": "786c6da7-42d7-4297-ab4b-6f239ee7b25f", "value": "T1AA52E1BE7CC94D14F051DC4F8483CED52F09D6385ABA5A558BA9C0B0324BDB36B87146", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667905, "uuid": "a5822a01-2fec-44dc-8167-413821f43d63", "value": "384:Hy/oklJ+9wWaXim0bXgLoM79TZXcI+vt3AsE:SAPwWaX0QLF9pcHvt3S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667905, "uuid": "3dcef2ea-4024-4c90-9bad-fd7924c61a57", "value": 14330, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667905, "uuid": "277bc53f-630e-4fae-95be-1252cb18d472", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667905, "uuid": "43c54929-fe8c-4c9b-86e4-33fa5493a85a", "value": "justificante transferencia_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8da3242e-5b9e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695644703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644703, "uuid": "f2c1d64b-e700-467e-a8bb-263c59a4e957", "comment": "Malware payload (AgentTesla)", "value": "7fccb0197c8d6888ab6a5f9713fba9f6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644703, "uuid": "24f7e9e5-e02e-498d-a455-b088578817f8", "comment": "Malware payload (AgentTesla)", "value": "b89fe3a178283fbd51ed71bd488e079a81dff40fc7124f57540e98540dce28a1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644703, "uuid": "4876a330-7c08-42ad-ae93-da97af2c6c71", "comment": "Malware payload (AgentTesla)", "value": "ae8ea47dbb7c8bc40df063ea2e05823e2458cced", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644703, "uuid": "009c7a73-3641-400f-b81b-249b710e38b9", "comment": "Malware payload (AgentTesla)", "value": "cf6bdd1e44c1350420fcd9c692444946f30a144811603cedc96f5ef2324a3eb4efecefcf1960df6629c4f1e6e8306417", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644703, "uuid": "f1ab58e6-4968-48a0-8538-fed48a726c63", "value": "T1C5E4018833ACAFA3D53D33FA9A68214507B1A5A6A432F7489CC364DF0971B484F52F57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644703, "uuid": "60f34f32-3c51-4e53-93bf-0b995e20b4d7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644703, "uuid": "7e85d819-8f61-4095-866f-d7728626cfa3", "value": "12288:UVj3hLQvfdxOo7gpXtrFF725cxd9dvmVV38eIlCwWTIghwhKfwlucbh1ejqaRiv6:sMOfx4twKyxluc90JRk6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644703, "uuid": "5d4d0ac5-b700-4e83-afbf-eb27de8dfd0f", "value": 688128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644703, "uuid": "c83c8e5b-c4d1-4bad-97c1-21084a168bcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644703, "uuid": "45a0b925-0199-4871-ba05-151013a1f9e4", "value": "Purchase-Order.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd545060-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644353, "uuid": "c9ec18b3-81e6-4f07-8925-982e57323dae", "comment": "Malware payload (DarkGate)", "value": "7cc87b7466670e31f3bca4a525eda025", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644353, "uuid": "7c052179-b189-4cb1-b937-062ff8d02c88", "comment": "Malware payload (DarkGate)", "value": "b95bdb19ddab089d56de8477191425780353e69b6a5143380b455fe5e132e441", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644353, "uuid": "04f6f4b2-c668-48d9-ae75-482f4a94bc2a", "comment": "Malware payload (DarkGate)", "value": "1fe47ce022bd68e5d77876d5ae6f5ecf990261c8", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644353, "uuid": "e54c9aa2-37ba-4ed7-ae6d-ad1bad20df5e", "comment": "Malware payload (DarkGate)", "value": "20aa0fedbd8cd18df06fd52bdf2f0fd3bf3542f91f31ade4cad3f6540805fffe4a37987361f462b636b77e7ac592f8b1", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644353, "uuid": "0ce64441-53e1-4b53-9ac9-7d37dcc318d3", "value": "T1C541CD1523CD9B5AE2F14A3A85B67351CD3BB85BF936870D01909C8C5424600FD7AF35", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644353, "uuid": "f6e06c3b-f37b-4cf5-ac79-5fd1f02ab9c7", "value": "24:8ahWJCnecYZA8J1+/JDkkQO6kkmLi85oCoSyJMCoSy3V:8aXJSWkkQO6kL9oaCo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644353, "uuid": "ddd14d86-51ca-41a0-aac2-f2f6bae37725", "value": 2140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644353, "uuid": "8babc01a-c83f-4eb5-9aa8-5e45b08a76a0", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644353, "uuid": "f5d621a7-3993-40c0-a890-c1c5cbd1e097", "value": "WC-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd276a8b-5bc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695661130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661130, "uuid": "2057bd55-05e6-46c5-98a5-cc752f2e4898", "comment": "Malware payload", "value": "691cb50fb8459ffacfcb82cfacb6feb6", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661130, "uuid": "cb42fca2-98a1-42f6-823d-f3c3dbe8a53f", "comment": "Malware payload", "value": "b9aeb7f233ebc00cfe8be8832a8eb48d2c1e5bfa69cfdba4ecc9ee054e55b59f", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661130, "uuid": "5b3eb319-d806-473e-bdce-0af4242ae72e", "comment": "Malware payload", "value": "e43e20c942ad06433ffee8ec7b04bb384973d5d7", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695661130, "uuid": "bb194223-aff4-4473-846e-2230087b8798", "comment": "Malware payload", "value": "8db92866632dc7c02bb3ff54c23930b82d0f6071c2cdc03a0d75e12805da98967cb90f55801083b46705b932e07fbe24", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661130, "uuid": "063b0cef-ea29-4b06-9ab0-889f667ddab1", "value": "T1E185129137D8C635CA8A073645BAC7753666BCB01F30D0CFA3A57E689B326D3A935312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661130, "uuid": "97424d12-fd88-4e5a-a1e7-f4021f42fe41", "value": "49152:epUPfjpSNeHaHGYayNId4pWL56Hq05vHjYL57CBN4/6sT:epeeHGKId+W1n6/01kN4ysT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695661130, "uuid": "ec7e620c-697e-4053-974c-ac36a06a433c", "value": 1839925, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695661130, "uuid": "ee7b90e2-5bd1-42a6-ae13-a9f7b767f131", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695661130, "uuid": "ea0a25c6-eb6c-4b05-94bc-65b437dc8b95", "value": "1.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "443b7de3-5b67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620957, "uuid": "68d72373-190f-4f24-9067-80cb1f33ae58", "comment": "Malware payload (AgentTesla)", "value": "3dd31f3596a3ca6ee720c205935c638f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620957, "uuid": "21dfdc7c-427c-468b-8e12-73d9ef63cfe2", "comment": "Malware payload (AgentTesla)", "value": "ba5e5413b9cea2326321004b3932da9fcf12f58fd2d9f5b2b111c846bc22e4eb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620957, "uuid": "1bf02310-743a-42e3-bf47-f5b49b7f0c01", "comment": "Malware payload (AgentTesla)", "value": "e4e24c76b3db21f45a24be0b4373daa538ab8bd4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620957, "uuid": "777d4214-259b-453e-8bfd-632d61319c7f", "comment": "Malware payload (AgentTesla)", "value": "31919b99bee4ea48b483377bd64cdf6f1471bc3b38d310a2f697adad704424783bd22ce2addfbd740aecec9d235f2927", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620957, "uuid": "02cf3fe6-0ed8-4b09-b5a0-80bb29b26b2c", "value": "T1C005E79D721072EFC85BC972DEA81C64EB61747B930B8607A06725ADEE0D997CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620957, "uuid": "9f745f12-59a7-4d98-9508-15d1a8419f9c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620957, "uuid": "f5276219-6264-47ac-91af-501a439fa942", "value": "12288:U+h25AuaE0AVEX8i2LaFFbn3tJASO+ZSSXT8Ns9DKsQZXigIvQ4/tj6ayQIjy66M:U+h25AuaE0AVnsSowUDKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620957, "uuid": "3e017e97-adde-4f12-8c89-931cfd9b25f9", "value": 853504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620957, "uuid": "71a11f74-17dc-4675-8a80-735d340bb74a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620957, "uuid": "a90327ad-a75c-4b4e-a02f-60afd994712a", "value": "Remittance copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b6b1f8c-5b68-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695621399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621399, "uuid": "a32ffb26-78f3-44de-b2ad-78012322a61e", "comment": "Malware payload", "value": "a808432ce4b3211c986e1c3b9b7ea488", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TA558", "colour": "#589E21", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621399, "uuid": "bfc69c39-2d5a-4ced-8ca2-1740507c02f7", "comment": "Malware payload", "value": "bb543077d79873ae0ebad6d2f140699b6ce3f6e8a7000f08a5748ff5bde0d630", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TA558", "colour": "#589E21", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621399, "uuid": "94d39504-11ef-4227-8fe3-9fd082ef8c06", "comment": "Malware payload", "value": "5fae5974a203ac58095a8e5327d9d0f010e3c0f4", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TA558", "colour": "#589E21", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621399, "uuid": "f01f520d-e024-4e7a-9814-aca190d976e6", "comment": "Malware payload", "value": "d73ec40b88f501a850c699fb3038f2d7aae25b626e8cb7cf964a89fa9fa48fd61d483b426cddda315e122f078dae1023", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "TA558", "colour": "#589E21", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621399, "uuid": "f126f957-51ca-4b3a-838b-c4d4b5a0e48a", "value": "T1C1A4291425EBB04CB2B22FA727ED36ED4FABF5A21F2A511E3054130B4792D54CF91A72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621399, "uuid": "16bcf22a-ae6c-45ef-a954-3b540ff4afb4", "value": "12288:cNZuuuuSZuuuuSZuuuuSZuuuucZuuuuSZuuuuSZuuuuSZuuuuSZuuuuSZuuuuSZI:cK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621399, "uuid": "3e9b4f4c-c07a-4efd-a69b-007703fea0b6", "value": 473646, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621399, "uuid": "e366204d-9d94-4417-b3aa-2aba53dc2b03", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621399, "uuid": "fe84a9cf-0bb5-4261-be76-eea019789131", "value": "ta558.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59df74bc-5b6e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695624000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624000, "uuid": "76b6169a-a3eb-4c00-bd86-e5234af11de3", "comment": "Malware payload (MysticStealer)", "value": "1a85d0ecede11c6fb7744e2030314b8d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624000, "uuid": "0e043688-f914-41ea-bb8c-ef7277cec463", "comment": "Malware payload (MysticStealer)", "value": "bbc8642ba9d88438607fcce1e6122e81340365270a6e99a481df12188386ce99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624000, "uuid": "216b922d-e86c-462b-8baa-279d01fa0ba6", "comment": "Malware payload (MysticStealer)", "value": "37535a646f2a144a5e105c9fd6ba9f51e2ae55a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624000, "uuid": "8f168943-7865-48ed-8b99-2823f1361d94", "comment": "Malware payload (MysticStealer)", "value": "76be83a7611de276e6440a4a33eba80cb0ad4fd6f12308ebd7b82fa4e1ee6cc956198aa94a29444021a7b72721f42ef9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624000, "uuid": "de2e0a2f-d2fc-4de4-b54b-34f25611d5a4", "value": "T1E884CF107CD184B9C4A1D13109B2D76ADF7DBA240B360AEBAB900E7F4F506C1D7BD66A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624000, "uuid": "1e9cfadc-2d09-4888-b367-6ac72385b73e", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624000, "uuid": "435513e4-819e-4297-a50f-12023eefbebf", "value": "6144:7lPRhHX110KwTVSf3pOCq5b6uAOfw93ocvoxD2YfkPUgqwm:7lPH3110dVaUcuxw1ocvoB2YfwMwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624000, "uuid": "ff8f06c8-2a9d-40aa-ac87-3c006bc1c94b", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624000, "uuid": "5db00eaf-0456-448c-a7ae-214e048e283c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624000, "uuid": "6dd307c2-4f24-40b5-8fd5-6d0ca209f07f", "value": "SecuriteInfo.com.Win32.Evo-gen.14756.6941", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e8b0d25-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629565, "uuid": "4512e2a0-810a-4667-b31e-7940eb68d80c", "comment": "Malware payload (Formbook)", "value": "3f0053e812982289deba00f83a2a6ac5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629565, "uuid": "4db072fd-9301-479a-8247-b280d0dcf25f", "comment": "Malware payload (Formbook)", "value": "bc9c635afe69eb896bb4baeafe61129b8a9dc07741fcc771cc67ed21ae49d9ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629565, "uuid": "d3599e58-0bb0-4fb4-bc89-09af2bb59cc8", "comment": "Malware payload (Formbook)", "value": "1866509de7f423231d13106155dbb89cb8423b8f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629565, "uuid": "72f62834-1ac0-4311-9f05-42a747be1596", "comment": "Malware payload (Formbook)", "value": "f4fe26beb21e5ee61caa9ad29dbd8477a27d197a067451e781239f719b87e379520f0972d01f4173f5a380d1197c1913", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629565, "uuid": "23a345ab-3e91-46c3-81a4-aaebfe73fc8d", "value": "T10AD401313676524AC86A8BB50D7B50C423B27A5A7109CF2D28D966CD5F237234B21F7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629565, "uuid": "512e2219-0756-4459-aa73-e03cb2c6bdd9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629565, "uuid": "b4a29516-dba7-41bc-a174-893e42c2f27e", "value": "12288:sH21QtNMQoAJGz2LGsaOvDdI5AjnCzU0UAJcEX/Sc:5oo+I2LGbGDSAjnCzp/Sc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629565, "uuid": "0830f635-828b-4c74-8c79-f18aad7dcb97", "value": 647168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629565, "uuid": "6a2b13b4-a7c1-421b-b2e9-3e23bb66ec9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629565, "uuid": "b4c3e9f4-097f-4c40-836e-ba4c6c90a3a1", "value": "Vessel Particulars.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b509b2d-5b6b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695622714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622714, "uuid": "a76b6892-31f9-4ade-b2fe-a55798d84234", "comment": "Malware payload (IRATA)", "value": "2678ce7e43d9ef7dd7e06d5feeea532e", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622714, "uuid": "f6d40cfe-e7ac-49a2-acd1-72e8c3de8e44", "comment": "Malware payload (IRATA)", "value": "bcd49d63689ab0e80767eed27efe57665a8136605a275b81384a6411c5b60da6", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622714, "uuid": "602f3726-097a-4e59-b3e0-3d19d934d2d2", "comment": "Malware payload (IRATA)", "value": "75b6d9ae80c9b8a32cd34430afe2b2e31f7a845a", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695622714, "uuid": "c2fca200-79b3-48e4-8965-beb7f6ba3583", "comment": "Malware payload (IRATA)", "value": "fe139da68fe2ca2cb18c9ec129a6e4808689ac3ba2eb1823293cb62eb42b6d47e8c6f06026f91638be037fd9fe18527d", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622714, "uuid": "bf4595d3-c6e2-4146-9cc4-92eaeb3fae43", "value": "T132A53343DB1A4095C9FB92351E2DA3921ABB6C364E1794CB7895777C1BF3BF8A310248", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622714, "uuid": "8593ee50-2c43-4c7e-b998-5d302a24a30b", "value": "49152:AEccxoysCybmQ/g/bfFVh1DUYu/YWaCZCycnRiqC:ARcmrVt/Q5UYu/YW3Cdne", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695622714, "uuid": "7db25645-635d-4292-914d-9f6b37adebe0", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695622714, "uuid": "629a9441-d722-4525-96bb-675d5e32af05", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695622714, "uuid": "9566328c-eac3-49c6-be82-36d3511a9224", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09edf4ba-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695620430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620430, "uuid": "ff09bca5-4f57-49fa-8699-952f1a30e7b1", "comment": "Malware payload", "value": "bd17b16eaa5096100ff77849e6283020", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620430, "uuid": "35913346-179b-4ec2-a743-2dd8d0484378", "comment": "Malware payload", "value": "bcd6488842c8d8a1a310284a9cefd0b831693275428a1cd646bde4bcff4b2ef0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620430, "uuid": "f99006fb-5891-4196-af0d-ea4df9021fc5", "comment": "Malware payload", "value": "d69128785952165d9c7dae3a8ac50934e1a6f58d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620430, "uuid": "70c8e243-9958-4528-9b1a-8044b14babb0", "comment": "Malware payload", "value": "5a381660c98590bd9e94ec40b229786955e975df3221f20d3b73c44d13944498d867ee64a5d9d37b0bf085a908829ad5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620430, "uuid": "d6601150-ddb9-41e1-a0bc-ceac8f7c61ef", "value": "T18AF12B93EDA288B6C15DC9BD5D498934E5322A3176E2E2D36FAF580DCC251804BFC712", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620430, "uuid": "1d05b40a-007b-44b6-a916-5e75f009affe", "value": "192:n5xfRq8HebguuREnZXbzNbotbFtZKN8lryIlc:13HqsREnZX3Qt02g2c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620430, "uuid": "1929057c-9327-4471-85c1-47c4afbf9572", "value": 7780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620430, "uuid": "13859cfb-e637-4ac6-8278-3d4f122e94d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620430, "uuid": "b22200a8-1fbd-4692-8230-97eb6208ef98", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.30937.32577", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41941b69-5ba9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695649300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695649300, "uuid": "2a825e42-6e0f-4ad7-927d-bfb800281c8e", "comment": "Malware payload (AgentTesla)", "value": "26650cebbc741f0a4373864ce28a0cd4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695649300, "uuid": "29a94b7c-ffb5-4172-966c-40fd996c878c", "comment": "Malware payload (AgentTesla)", "value": "be53b6f5ff15575799a0a929be641c79c173fa0b6de9c95f0ac524c10c1b9c5d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695649300, "uuid": "1aac5792-9e1e-4c52-94c2-5e6a5f686b5a", "comment": "Malware payload (AgentTesla)", "value": "6c9c64d8b9c66b391a683a495b318f250e02d022", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695649300, "uuid": "747d8918-4162-498c-a3fc-90e87504f961", "comment": "Malware payload (AgentTesla)", "value": "a4f8a0ffc0060b446419700dc4634d3547efafd36c41f79f81bcbe6c09a4122168ba8a63f86487918c7738064177556e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695649300, "uuid": "a0e14b30-7021-4cf7-a754-cb046bf44b87", "value": "T16405E69D721072EFC857C872CAA81D64EB61747B830B9607A06726EDEE1D997CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695649300, "uuid": "5eeb5b63-741a-4830-95e7-adb95aff2324", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695649300, "uuid": "da9f15d4-1eb2-4b72-9db8-2348848ee64c", "value": "12288:eEmiva1BMFFJ5fdYrFFQrINRwWvMqP8GMyZFZkhEJqzNGCbD9g1NHM1a21cS9OGP:aiva1WFFJ5GjNRKqkGlGJzNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695649300, "uuid": "ce44760e-d577-4243-940a-b9189ccec198", "value": 851968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695649300, "uuid": "2cb2e425-9750-43d5-88b4-6473c010ff56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695649300, "uuid": "ce16085c-9e9c-45b6-8615-e53531819313", "value": "ark.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6dd2a47-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1695624586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624586, "uuid": "a262a598-bb0d-414a-a3cd-e50891a9532a", "comment": "Malware payload (DarkCloud)", "value": "9aca0eb0b77ac2ff0ba618098a8c0b93", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624586, "uuid": "1478570b-d126-4437-a55b-50807db06f56", "comment": "Malware payload (DarkCloud)", "value": "bef15b205d774fcc4c50fac15a61ffdd9560990b0451065ac444c3e52271d048", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624586, "uuid": "62a4c293-61d1-4c6b-81ca-d8fc527ba0a4", "comment": "Malware payload (DarkCloud)", "value": "5ef823371c0a01c8752ddffa4657790dae2060a9", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624586, "uuid": "227ec1db-3c9b-4e9e-ab08-e50f63c43f45", "comment": "Malware payload (DarkCloud)", "value": "c79f1591003281452c44bc4444fdf59ad76b4abf624db70eea9ddd7963eb115ad37d389e45c6d7428c7439831da03d39", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624586, "uuid": "d0d9d7f0-a28e-4cd1-8f3a-1919fa449e4e", "value": "T17625299D721072EFC857C972CAA81D64EB61787B830B9243A06725EDEE1D997CF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624586, "uuid": "44ceaa96-2571-44f8-8593-d3e996a8941c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624586, "uuid": "532fbe41-c792-4116-91df-79f2bb4c04ad", "value": "24576:y7YEEi9JfAnsS0TVJB/nwSia8jlYSZ9v094YJb:y7YEEi9JfAsrJlnwSAj6SZ9v0WY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624586, "uuid": "775922f0-a347-4922-b857-aff4f7e88912", "value": 1049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624586, "uuid": "f0b706db-5de7-4b1d-9b1f-5e0591deda48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624586, "uuid": "67a9c610-37f8-42a9-83b2-0052657105a9", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "baf43935-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644349, "uuid": "b255c56a-548d-4aa8-aa04-7020b41721c1", "comment": "Malware payload (DarkGate)", "value": "1f75fbe07b3ae2f6337049fbf6359e46", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644349, "uuid": "3f60a083-7337-42cb-bc81-744642113bc2", "comment": "Malware payload (DarkGate)", "value": "bf3d542f7aba2d4c00f627d9e0f48bf82acf725a2c6a188a5b2eceea2592c6a5", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644349, "uuid": "3c166aff-9367-4de5-920b-c5f86df4effa", "comment": "Malware payload (DarkGate)", "value": "bf1619da25781e5c2210f1649cd8a5e611196795", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644349, "uuid": "330debe0-eb2c-4c27-b66a-0f1b1e3dd6c4", "comment": "Malware payload (DarkGate)", "value": "968a6fd4b65433bbdc5e9278854a4e6fe472df5b5d9f5d59da56a009f51dfdbd42b98b1c891bc1f24787ddd0f8a47619", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644349, "uuid": "2d64af85-4abd-446d-a25e-eb38f4771422", "value": "T1D541141536CA7B24D6F1093AC9667324C62AF896D4B2CB0D01D49C8D5855202FD79F39", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644349, "uuid": "59aee180-49ec-47f0-965f-93a1492ec914", "value": "24:8adWJCnecYZA8Z1leH+/CxAF7FA1i85+Q64wyIV:8a7JAlebxAzg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644349, "uuid": "7c6c78de-b5f5-4b2a-8a88-e85c6eda8d1f", "value": 2099, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644349, "uuid": "282a4a2f-0ca3-4b17-99aa-595746dc6ae9", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644349, "uuid": "78c81776-ee4b-423e-b752-12f744e30f7b", "value": "SIPO-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "593e3d93-5b6e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OnlyLogger)", "timestamp": 1695623999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623999, "uuid": "8b17fa30-2502-4868-aa6b-3d4fc64009d3", "comment": "Malware payload (OnlyLogger)", "value": "60dcb33b64c81ec97eac0d70be7a4d86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623999, "uuid": "d9e498c7-51a5-4ccc-8b10-260e8bacc625", "comment": "Malware payload (OnlyLogger)", "value": "bf8ccdff1770b99af8f1ece555f0fe70b28bed5cb4d84ba39ad09eb3f54b16d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623999, "uuid": "61df7d75-3b94-4cdd-9cef-4facf0665f87", "comment": "Malware payload (OnlyLogger)", "value": "77f23cb184bd31e6dd06d84913b9093068444e36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623999, "uuid": "0c5b74cf-44d6-4074-8269-84c73481d4a0", "comment": "Malware payload (OnlyLogger)", "value": "6aa529e83dd6501ee67d3f6313dd78ce42791c8eb65d55658bb94aaefc12dd4ee4d73786d9a84f5df32dbab3e23bc110", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OnlyLogger", "colour": "#4D83D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623999, "uuid": "ec7c3d99-46a0-48e2-84e7-fe275a9a9457", "value": "T1B184AF1393E17C50E5368B719E2EC6F8B72DF6608EA97B6A23185E2F08701B1E573351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623999, "uuid": "933ccf6d-7e4b-42a0-8fb9-d512373b3cce", "value": "e13fa0e2b70fdd8fc0feb3b3998b6551", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623999, "uuid": "4dd1005a-bad3-4f44-a2a4-d57921ff40e8", "value": "6144:SKC08VTTLVTNs/P94eiAjtC/0+BmRQRr7pBO9:SEWTtO/WeiStQcOpVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695623999, "uuid": "10908455-9bae-40a6-887e-860bd99178b5", "value": 386048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695623999, "uuid": "ca597b4e-33e0-4b4c-ad13-3c2dd9eadd3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623999, "uuid": "9d4c7fca-c5e1-4ac0-8265-5b2dcc579fec", "value": "SecuriteInfo.com.Win32.TrojanX-gen.604.29726", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40e4fd8c-5bb3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695653594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653594, "uuid": "adaa8275-6c46-4089-bf08-6e3be7a107a8", "comment": "Malware payload (IRATA)", "value": "bf24fe7680868cf7443beea880b04e9e", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653594, "uuid": "fab9c7c3-5107-4bbd-b964-0daca8eb2b5c", "comment": "Malware payload (IRATA)", "value": "c0541c3f6bbba5bf7dc24ba55b9bcad559ee28a93f8ac3ccfa2b320049d29bf3", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653594, "uuid": "ab2421da-da1b-407d-a306-02efcc833068", "comment": "Malware payload (IRATA)", "value": "7d4543dd6f53e3460fca4f4f8b158ee9d7ea6239", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653594, "uuid": "68967533-6796-4d9a-9112-20246b9d84cc", "comment": "Malware payload (IRATA)", "value": "a2c7620bf8d702f9b11bfbf8fa6a638fc9dc232d544e7125edc1c844f8c8335ccb36ede46bcb2edab78d18630902fb18", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653594, "uuid": "e2a69f79-4503-42f4-895b-147b461ec45e", "value": "T1E216BE87F789983FC8B765B5895E137262271C0587539BC769007B2C39B76E84F29BC0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653594, "uuid": "a7ab9ac3-ff9c-4112-b07c-8ac6a2b7bd4c", "value": "98304:VHFozAZD50GnvGmrWZOzbGPeMy0MOzTvHi8swpUgLCrOgHu:VGzE50yOfgz9Z0MOzjCRm2O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653594, "uuid": "e6cf5005-414b-44af-b44d-0f63b3da6259", "value": 4314216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653594, "uuid": "d70c6246-0f51-47ed-bf12-aac4f3ce8e1a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653594, "uuid": "d4cfca8d-d32a-4f99-9f74-e9ebcae2a8d0", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1320ff21-5b99-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695642350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642350, "uuid": "a2baf0fe-82b8-4207-b3df-c3017c42c7df", "comment": "Malware payload (MysticStealer)", "value": "ea2c9e346a3ab10355450ee70534e3b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642350, "uuid": "5cead9b7-e63d-45f8-bbf3-a9a7e2a513f8", "comment": "Malware payload (MysticStealer)", "value": "c0ccbd34c765542416cb061431850cbce701bf826aa4108fbe0a0d936c050f70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642350, "uuid": "358df0d1-1fef-4882-877c-e418fc1d26e3", "comment": "Malware payload (MysticStealer)", "value": "c008e909e4ff4e38a6a58ace2356030fec05dceb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642350, "uuid": "4d2fca3f-7f7e-462f-8c27-eacdd26f87b0", "comment": "Malware payload (MysticStealer)", "value": "06c5730b7fd47545b4c018c6184b8e4f46b11b31ba039ae95d2479db229a204cec2ac5a72c3c3ee0d087f26d339a1f44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642350, "uuid": "f4c95934-843c-41eb-a779-7cd0dceba9b1", "value": "T1EC84BE107591C071D87223314DA7A67A963EB4621FC04EEF37944AEE8F603C1A77E7A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642350, "uuid": "c47f07e5-b6c9-40d2-a630-648722016f18", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642350, "uuid": "d14248e5-e479-48dc-b73b-736431525bbb", "value": "6144:JlP2hHX110KwTVSf3pOCq5b6uAOd/XLETu0JtzFiZQPUwleTdUqwm:JlPg3110dVaUcuH/XLEy0bRiOBUwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695642350, "uuid": "e0a4b28d-4c3a-409f-970a-235d5526be78", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695642350, "uuid": "ee3e3b84-9611-4c85-9de9-9155056db16d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642350, "uuid": "0307e9b8-3c28-4f83-90a7-09a37d7bb8b5", "value": "SecuriteInfo.com.Trojan.Siggen21.31970.21980.28232", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "079c03e4-5be0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695672825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672825, "uuid": "7ae923b2-31cc-4a46-af1e-c906474221e6", "comment": "Malware payload (Smoke Loader)", "value": "e00d940074426874a881b3528d394208", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672825, "uuid": "6ebdaae6-0578-438e-87a6-c10127f630c0", "comment": "Malware payload (Smoke Loader)", "value": "c2fb2940935ea5f3ce7817171c7bf160d7ca4b6388e0dcc71dd32e39e0220a39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672825, "uuid": "e4ecee8f-0afd-4b9f-aa75-571ec4664671", "comment": "Malware payload (Smoke Loader)", "value": "f29a6145c9bb434eca1fdec198b28529ab80bb0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695672825, "uuid": "c2f7868c-ee7a-4829-b5f6-2691da1592de", "comment": "Malware payload (Smoke Loader)", "value": "6e8dbfd9a0c040b3039652704406ef7d58d2583903c9bb8504d6ae494f153ddb785e0e7dc809012a1c6f6f883267d5e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672825, "uuid": "47660bb8-c922-4c02-9c9e-4c5f7d2fa8ba", "value": "T15324CF3135F0D072E55744744821C6E07E7BB8239765898B33372BAF6E306E2677A356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672825, "uuid": "a97e671d-31e0-4250-9fd7-eef4db581426", "value": "8a8b4a2b07716ec988e9b99557ecabc7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672825, "uuid": "ca59d18a-faba-4f01-946c-e2b5a7bc6b37", "value": "3072:y/AIgR3R9bJFkrZp2YqU/Ql8t3NPmxlIvbJ5+vT5lk:6gRB9bErr2YqUol8t30xlguvT7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695672825, "uuid": "237da7f5-b242-4e8c-829b-b65b128042a4", "value": 229376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695672825, "uuid": "e5f531cf-59e8-45f0-88c5-69d9ee9723f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695672825, "uuid": "59c44a6b-6e29-49a0-9e7e-0639ae4859c9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a41ee6f-5b73-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PureCrypter)", "timestamp": 1695626068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626068, "uuid": "79daa57c-54a9-4b46-8cdf-0bea0750a08a", "comment": "Malware payload (PureCrypter)", "value": "5fc9c4626e8c7e79f65519fddfbdc841", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626068, "uuid": "f470b17d-e0d0-4be9-add8-602e657db17b", "comment": "Malware payload (PureCrypter)", "value": "c5f6b6fe067421954d2bc91572ec3eab1375d6e7efd84895239c3252a93da2f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626068, "uuid": "c7ac0484-cdc0-4bb5-b95e-314fe7a099bf", "comment": "Malware payload (PureCrypter)", "value": "7b0b4b5906d884dda8ad6ec5c1b59aac4fd8213c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626068, "uuid": "5e34dd81-e844-486c-8b5f-53b0aa0e4154", "comment": "Malware payload (PureCrypter)", "value": "42ec07ee09355c690881f37424c04553f7b5d622aca6588ce003475cd757fe74652e096177039f1dd63ff5fdf349dbe9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626068, "uuid": "167b3b6a-6f4d-461e-9a1f-952ebebdd326", "value": "T15773D410150AF92AF8BAD1763493F05236463F255CB14EAAA3077E3D46B2148AEFFD35", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626068, "uuid": "9d7cf525-260d-4d3b-9a13-59910af51c75", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626068, "uuid": "437cb509-8f70-4225-a647-fb5b8747e546", "value": "384:1Gyxh0YY6da1l4LrZTg9K3XkXkXiNNNNNNNNNNNVefCWdwtVWe:1RxKl204XkXkX7y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626068, "uuid": "a872cda9-99d8-4818-925d-a032c8b45c40", "value": 77312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626068, "uuid": "276e3687-4050-4553-9427-babd907811dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626068, "uuid": "f87ffea6-b0ba-487e-b1b2-69aa6c982ff6", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49c2773d-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629557, "uuid": "11407e50-628f-468b-b706-bf51bea8277e", "comment": "Malware payload (Formbook)", "value": "39d7d490c18d1a8b5a02a08e9947c452", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629557, "uuid": "de2c5762-c6df-43ac-914c-da5f98802e06", "comment": "Malware payload (Formbook)", "value": "c6674b038c3dd0485deb322f781a4148dee4e942ef41bececba162867dbcea44", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629557, "uuid": "572e1cd3-ee96-4a1c-b9ba-802b70c44253", "comment": "Malware payload (Formbook)", "value": "2d643d0279944d6c0e1c7d563de2272745e226f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629557, "uuid": "0037ef2c-423e-4bb3-b524-4ddf50ecc71c", "comment": "Malware payload (Formbook)", "value": "3b0a081cad003b97af9a2b2fff845e8a90a444f9f454374a0dcd65ff262781ab2ebd125f1f96873336bfcbabab231568", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629557, "uuid": "b304af05-1118-403a-965d-edba740d0da5", "value": "T15674224469B8C1F7E8B38B31297D2613BBFEF9417568531A6384178E7A3F341884E762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629557, "uuid": "f1d48c8c-4261-4527-acdf-6947deab720f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629557, "uuid": "9e7e3ad9-422c-4c0a-bebc-e1a29eb3b57d", "value": "6144:vYa6W9pNWihNRNoIkGNRlKg0xT9bXuP0KOWumAhWzrjJp+IQ01dU:vYEBWMNtLlKgAT9besKO8HjDQ01a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629557, "uuid": "a0776439-151f-4619-98bd-19612c4fc0ca", "value": 343115, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629557, "uuid": "f31bc33f-b760-4238-8f6d-0aa306435c93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629557, "uuid": "173dab15-844c-4126-9f5d-20817cd58fff", "value": "PO203-09024.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42a86ff3-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629545, "uuid": "9663d8b2-4de2-465e-8066-6e0db5b682e0", "comment": "Malware payload (AgentTesla)", "value": "7c4ef09a05cdeca9614c650c135231d1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629545, "uuid": "cb9b4d5d-7a81-48c1-8593-d6fecc4317d1", "comment": "Malware payload (AgentTesla)", "value": "c67eaf3680501fe3d618cdd5890904fe062ca9ae08ce684849f524454e2f3214", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629545, "uuid": "18a70a79-ae26-4839-810a-cd2283b60ba0", "comment": "Malware payload (AgentTesla)", "value": "10cd93f11c1d80479375784eeec54f9be923581b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629545, "uuid": "6888a667-df33-4632-9896-34f849afff76", "comment": "Malware payload (AgentTesla)", "value": "fe00edb4ede78a3fde97a920fb07c4c6b53ee2c4f3728c71e185033cf731418e4110c0fc5c45278abf8a0885cd1a3d5f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629545, "uuid": "4524d087-df4c-4996-a6b8-f4da6b9380d1", "value": "T17A94B4077D48E769F6043B3781EF191A27B5A0C76673890F5F1AEE6216216032DEB72C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629545, "uuid": "a925bd92-cc32-47dd-aae0-c27c3711da7b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629545, "uuid": "4a3d1d35-fcc3-486b-a65e-d9eff9db6891", "value": "3072:Wf3BzrxunQCAlGn6ouvSFf00hV4zyWjmClVWPQaY+WIgs6k3Njz/wwCIzpYGJKN:WvZtBlGn6o100k/mMW/LH/nz+G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629545, "uuid": "4a70b49d-ee2e-4d96-a467-ff4c06ed8255", "value": 441856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629545, "uuid": "906f1513-8811-493a-aa14-86379e1bb173", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629545, "uuid": "69a341d4-2d31-4424-990c-05ab9bc5c70b", "value": "c67eaf3680501fe3d618cdd5890904fe062ca9ae08ce684849f524454e2f3214", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ab8d570-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695627116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627116, "uuid": "569f228f-e31a-472a-afae-b0ae7a903825", "comment": "Malware payload (MysticStealer)", "value": "6a34764d4ac5183ea51a94483852723f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627116, "uuid": "51db6c0b-a4d7-478b-9ef0-1c3a01bf2669", "comment": "Malware payload (MysticStealer)", "value": "c6fddaaf4faa838847944367e898c2c4c6c85c5cf3896bdf9b13b0967b364311", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627116, "uuid": "313adc09-3f64-4641-9ae7-bbcc8c604ccf", "comment": "Malware payload (MysticStealer)", "value": "876f5ddfffcff29b42d421dcd52fec709207c4ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627116, "uuid": "e20e3642-5b73-4be2-b3fc-23ee952c7065", "comment": "Malware payload (MysticStealer)", "value": "20f0497fd250a7efe2827820f82a1c3d17cfb3ec161c2abbb28ad2e16b756b8c148a80e1eddd666fc77a20f61facfa16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627116, "uuid": "8cd5fffc-55c4-4d8f-8a09-ad93c90dc83b", "value": "T15F84BF2170D0C076C672173105E5F27AEEBEFA6117D465DB7BD00E298AB07C2AB609B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627116, "uuid": "ee3939ad-6679-45d7-9994-089d5f83a490", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627116, "uuid": "274b25e2-f9e6-441d-b423-2a683223542c", "value": "6144:0lPFhHX110KwTVSf3pOCq5b6uAO09qaX0BOVUCXg2l9sGj2hTjtXIAqwm:0lP73110dVaUcuKEc8E/t0vtXIJwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627116, "uuid": "dadb4817-eab7-40bb-b687-ef36c0297049", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627116, "uuid": "58803f5e-90bf-4b14-a46b-ad4a00f664f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627116, "uuid": "218487d7-7a96-47c1-8b0c-89eec09e9196", "value": "SecuriteInfo.com.Win32.Evo-gen.27547.21884", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07fc184b-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695620427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620427, "uuid": "2b4a55db-9c8e-44d1-b408-d789fd1cca47", "comment": "Malware payload (Smoke Loader)", "value": "a840385d59103520429f9b7ba33a5e13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620427, "uuid": "e0724f24-79d0-469d-b492-b218469b12ab", "comment": "Malware payload (Smoke Loader)", "value": "c8b5c95a7ec5e603444c77db441c486d2477d93703b69d793285f2c1eb37b581", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620427, "uuid": "2fb674e8-80f1-4a2c-bc62-784b0d68d9ed", "comment": "Malware payload (Smoke Loader)", "value": "ea9fc074650e1089bc824ad97130898d3beb854b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620427, "uuid": "59afd5bd-e1dc-41a5-9ee4-9fbf8011f688", "comment": "Malware payload (Smoke Loader)", "value": "ad98127107c113adf52414ad86ad2c88cdca45a04d4ea210d9639f71349e5d0ca6eabac448aafc53b35c227cc70b2987", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620427, "uuid": "8373a6e1-c22c-4eff-940e-095ee4b3ab06", "value": "T1BC44AF00B4D18472D4F2113205E4EBB65A3FB82047555AEB67A40E7FAF706C1A73E7AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620427, "uuid": "0c495494-01f2-4672-bd46-b20bed66fe91", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620427, "uuid": "e608fbf5-4ff9-4448-931f-9a0288ec3cff", "value": "6144:6RdcMQ+j+5j68KsT6h/OCy5UKuAOBgjrYPNwK:6RG7+j+5+RsqGhusjrY1wK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620427, "uuid": "6a4bdab7-7d0d-497c-8aa9-335c51fc26a6", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620427, "uuid": "417fc02e-7846-487c-922e-d53dba20158f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620427, "uuid": "5edc59ec-03a7-4b20-aeb8-94258581737d", "value": "SecuriteInfo.com.Win32.Evo-gen.23302.29216", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f89f92e9-5b72-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1695625985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625985, "uuid": "8e5d0f02-12d7-4035-9799-3733308c0cee", "comment": "Malware payload (CoinMiner)", "value": "91b9eba5f16065b7a50543d4bc3c5165", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625985, "uuid": "7aaaa63e-da5c-4ba7-a1b2-87c3f00deb77", "comment": "Malware payload (CoinMiner)", "value": "c9d3040999d108b0f59ed8a26c72d93b4a697d529538bca8a1b7750a614f0c9b", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625985, "uuid": "695884f1-16dc-4656-bfb0-4a63ced6dbc6", "comment": "Malware payload (CoinMiner)", "value": "79e2eddc6dc441319257491b796f8a943d0c1bea", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695625985, "uuid": "a16e00ac-f504-4293-bd3d-cf29d60cb912", "comment": "Malware payload (CoinMiner)", "value": "6c020ce581e4eb7663db1faeb5f774105fc6045c1c66abb08c1b1be365b815893e42f04c99ef79a84d406c1e522ec0dd", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625985, "uuid": "fe199dcf-8e58-400a-b144-9f23144c06b2", "value": "T1136633516099F030D9A9403596D77212758A7B3017304B87BB277AFA26128D3EBFBE73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625985, "uuid": "b528af4d-c3fe-4038-9939-6747acd81867", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625985, "uuid": "ee54a094-fb14-4982-8f4c-de9a20c74c5f", "value": "196608:DcTWbv4CV7InXfPKOnRlBdBD5L6wRdRJlWG1EJE+/zN:pv4CZoHKORlBLxdRdlNyE+/zN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695625985, "uuid": "c29012d9-649c-43b9-9f40-1dad50e25b69", "value": 7075387, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695625985, "uuid": "272dff91-2a59-4be4-a74d-b3bca6e39ea6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695625985, "uuid": "245488e2-79a5-4115-98d1-497ee871040b", "value": "91b9eba5f16065b7a50543d4bc3c5165.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "661df5ae-5b54-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695612854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612854, "uuid": "b8d2fe45-34ff-49c9-9bcd-b98e2fa5b567", "comment": "Malware payload (MysticStealer)", "value": "9a0e64738e1b56153284c0df5f38a738", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612854, "uuid": "07647a39-8c77-4a51-af1e-9250591fe26a", "comment": "Malware payload (MysticStealer)", "value": "ca7855a15ecd5a45c37059cb40b89364d072af976707175b24250b7fab411523", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612854, "uuid": "dc9cd310-8140-42f3-b750-4dfdf888206b", "comment": "Malware payload (MysticStealer)", "value": "2bb20e0d9b68cf981548f964f1f269192a559df6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695612854, "uuid": "ea910273-72e3-412f-bb0d-8ae505d4df4a", "comment": "Malware payload (MysticStealer)", "value": "c0563ea8a2bfad369e0ffec3cd9bbc9a784de5a768c2dcd19620953c421b5d4748f85b642f94909aaaccaa2c35798085", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612854, "uuid": "b916995b-849c-4dbf-9b2b-736e697c9b7f", "value": "T15384B03274A088B2C3B6343107D49F694A7DF6211719D6EB6BD91D2ECF202F1BA712E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612854, "uuid": "2ef63749-3c57-4981-aa6a-d6bf78f21b79", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612854, "uuid": "88090452-2017-4621-a4dc-6a88e3d51199", "value": "6144:tlPFhHX110KwTVSf3pOCq5b6uAOhDB3M2OUa3ImPAg1P9qwm:tlP73110dVaUcuT1SlImogawm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695612854, "uuid": "565a0a4c-97af-46c0-8fb3-f62ef74395d5", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695612854, "uuid": "77368339-b543-40ca-9c12-6a14e873ddef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695612854, "uuid": "65f4b07a-d927-43dd-a060-9f6e0a3c8b1e", "value": "SecuriteInfo.com.Win32.Evo-gen.32307.28778", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d37b484-5b73-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695626073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626073, "uuid": "469eb23b-ef34-43cb-9245-4ff9ae6ab962", "comment": "Malware payload", "value": "ef7a1d1d5590000df310cab3096e3380", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626073, "uuid": "040711ba-6670-4035-a712-ac5d103add4a", "comment": "Malware payload", "value": "cb7dd57456c0999dc83460017de47aafffce216e4bbd93b70bea747fba1324aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626073, "uuid": "e46380c4-c540-4c29-8249-b7c8a73b9090", "comment": "Malware payload", "value": "db8ddb946f00e710cf5b881ba66445cd8d38075e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626073, "uuid": "584dd515-b0ca-470a-8664-52abadb0ac04", "comment": "Malware payload", "value": "5d621cb3657b5dfba44cc3f5a3ec0ee797dcb5827283d69ea28c47da2e1213226c64bc3242c126005992c4d6d531946e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626073, "uuid": "a39a6f18-3445-487b-8158-6e39d93762ca", "value": "T172258B443343FDBEF4929632A8477C44B760BB1942CBD227A20732BC555D2968EF6E72", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626073, "uuid": "bd63fd06-339e-4728-899f-30ab1b646d08", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626073, "uuid": "cb7015ae-541d-4e6a-825c-a7d6532dfa90", "value": "24576:RDPg613vdSKyd0bhI65vMeoiKRlik4gtl483m:R06hnydqhhhMJikikg8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626073, "uuid": "7fc64c1a-a003-42bc-bbac-a7a98f6c4ed4", "value": 991744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626073, "uuid": "12533eb8-1f2b-4d08-82a9-1b17e5f8a134", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626073, "uuid": "6a506c53-755b-4a3e-bbfe-ae57fef3b6e6", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08ab4386-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695620428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620428, "uuid": "ce54f2e0-4feb-42f7-b4eb-7a394bbf8d37", "comment": "Malware payload", "value": "af529aa3d9b19ca038cc469a472a4567", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620428, "uuid": "ba123ec0-d550-4677-a0d4-272494e2cda4", "comment": "Malware payload", "value": "cb9b9ec3b46a885c47f5f3ee7eb023ab614771bb1ba1f33577bfe4f422879869", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620428, "uuid": "f976066e-d875-4a7e-9a61-391914471340", "comment": "Malware payload", "value": "9dda46b715d61fe0e6731709a2ad97424df0167a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620428, "uuid": "486a3bae-d678-4b65-a72b-7d64ae891edb", "comment": "Malware payload", "value": "af7f0c465cb7847ce2c42a3fc4ba1bc9798cbb5645c6c48cb2915abd466f400a4666882e92fb9fd9746d56e4d0e2b4aa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620428, "uuid": "6adb8f95-5eef-4456-9196-775c8874b62b", "value": "T184459E22B692C1B7C11D1632485BBB7AAA75BE094F10CB83A7D4FF6E6C331809D77215", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620428, "uuid": "68df4320-4a89-43e4-b770-8202efbb50e0", "value": "eb9045a16a5e35852caa375d914ed5be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620428, "uuid": "44d3b010-4f3a-46be-b98a-1b87e8b75840", "value": "24576:ZgMEyTTW0GL1PaJkOERo0ZZnnBWiwb3MmuJQe:ZgfyTKE5ENnBWtcmcQe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620428, "uuid": "44860b4e-ff84-46c0-b9f0-d1de2ed618b8", "value": 1224614, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620428, "uuid": "ffacff15-bc1e-47af-b211-b1df3648c64b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620428, "uuid": "e6660654-f3ab-4c65-a66d-7f8386210566", "value": "SecuriteInfo.com.Win32.Evo-gen.1053.16766", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d40e34cf-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695627212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627212, "uuid": "e25e272d-d139-428f-9422-7c589bcae38b", "comment": "Malware payload (IRATA)", "value": "fc0412ea141012536d3d16a35035d6bc", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627212, "uuid": "d3ef4d30-a534-4067-b5d8-42b8c7a8d70b", "comment": "Malware payload (IRATA)", "value": "cbe97b320afe4430d356f07759f7e352a105c72a03cbbce1cc2ede5aeb436f74", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627212, "uuid": "ffc6f81c-8b67-4def-8c31-a5f68ab236a0", "comment": "Malware payload (IRATA)", "value": "9d8b3d6ef6d15e730efc1c3fdb32c900483256e7", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627212, "uuid": "587d36e3-d81f-4b2e-b715-5de1d85b5d8c", "comment": "Malware payload (IRATA)", "value": "414d7c4871f1c8a8db6531dda5a6cb99776cb866b3e75fcc57bf27e51eb0da1ed724d7378c5f44e9ca63de3b6b8439f6", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627212, "uuid": "e6071b95-c5b6-4603-9eba-190fd9e727c0", "value": "T1E3A533E3F625D405C5AB9A342067A7921C74BF102E93DA077A66B73DAF78BF8D308105", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627212, "uuid": "cb0ced9b-ada0-40ca-ad08-8f2a5fa9c6a0", "value": "49152:AEzPGVXVCpB5B0CTELnAbCtvE10qBdf1e35CCZWyc790oXKNzC:AiUFU/3Hb/LM5vWdZ072", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627212, "uuid": "8862f960-848d-4e75-94e2-476bf2551859", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627212, "uuid": "8ab6c02b-5181-44d4-aaf5-3099c4d87eb3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627212, "uuid": "13b54651-63a0-4f06-8390-a8bc812ad150", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bff03c2e-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644358, "uuid": "a26f258a-4930-4707-b9fb-0dbf503a6d58", "comment": "Malware payload (DarkGate)", "value": "d3e725504ae96e359e325818ef252b2f", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644358, "uuid": "5db08034-54ab-4f29-82f8-8059f0f8b1ce", "comment": "Malware payload (DarkGate)", "value": "cc2f25d2caf6f4b844aee2c6c3c1747ec02ed68681b81a687948d69edfe00d24", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644358, "uuid": "e9877d55-4540-4579-9a97-8d5e3a0a998f", "comment": "Malware payload (DarkGate)", "value": "5571906438c14851e08f88e6b26526e89589f912", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644358, "uuid": "948c58de-206e-437b-89a0-db25a01f31a2", "comment": "Malware payload (DarkGate)", "value": "7041dfffa7c789458225475599c88c4d6baf42b798cceab5c65d5e8329868a39a225696e999cc1325beb5dab1951a9ee", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644358, "uuid": "06fc0597-5c0a-4818-9511-a978a7e868ef", "value": "T14E41240D16D95B25E3B08E36857B6761C93BFC66D535870E00D46C8D6420A01FC76F39", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644358, "uuid": "77332c4f-3d88-4aec-9cfc-727dd592d11f", "value": "24:8aSWJCnecYZA8JI+/Pikgihyi85uA+wXal+Q:8aoJSHzg6vwXb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644358, "uuid": "a12a71c4-dcfd-452e-837f-9cefed7d85ea", "value": 2132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644358, "uuid": "e7a9e69f-c891-4179-ad11-44568f0adcbc", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644358, "uuid": "cd4e2726-6357-4ec7-81d0-65fe1e95d4dd", "value": "XVH-lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b57e137-5b76-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1695627385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627385, "uuid": "4a176c08-f981-44b1-b72e-310955b8afce", "comment": "Malware payload (Stealc)", "value": "4c07870a1ce5f3588ff0c27995a54760", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627385, "uuid": "8d2b72c8-127d-4597-ac63-c0b03d878709", "comment": "Malware payload (Stealc)", "value": "cc51fcc9c41ebae65c0bdcd5e0b0c8558f395c02f43fb848eaa794b246dab004", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627385, "uuid": "5a30cbce-7a6f-4219-baad-95f99beed5ad", "comment": "Malware payload (Stealc)", "value": "a03cc4b9f13575f87d5a518f35b4145cec17a628", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627385, "uuid": "1ba60dd0-2523-45af-a98c-7648db120847", "comment": "Malware payload (Stealc)", "value": "54eda0997415e0f3c329c390b90d953d5fb72fe5eb9361577da63f425890a8b5e1a723e4062731f903eddda79a68212b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627385, "uuid": "de5a461c-a1c9-44e5-bf96-33b92102c12e", "value": "T11514C01075E2C072F1B784749C31D5A06B3BBC62AB76C94B33442B6F2D36693AA56733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627385, "uuid": "af245e9f-3371-4ed8-843e-cd1800e6310b", "value": "1f916dac39f3ba277c6d2264fad89501", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627385, "uuid": "f3b69777-0653-45fd-8d8b-db1c605f1fb0", "value": "3072:BrGetQD9K6hiy0psnW6pUQm12EnYNXioSh5G5KlqCXnkkT:B7E9K6hipsWOUQmJaShl3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627385, "uuid": "91bc1417-0581-4204-9d0d-b94f6b869ebf", "value": 193536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627385, "uuid": "694af4d6-e9b3-4519-a7e9-67eb8718944d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627385, "uuid": "a407e645-cf56-4e3a-9c24-d3b587e2c331", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f213b4c7-5be0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695673218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673218, "uuid": "e2e61955-8c07-4c1f-b99b-ea37459d157e", "comment": "Malware payload (RedLineStealer)", "value": "245f05a811719f72d919539986e1038e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673218, "uuid": "063bfe49-62ef-423d-91bb-2930fcc43e92", "comment": "Malware payload (RedLineStealer)", "value": "ce18d1eb13dc622b6a45d8326daab16c57334a64509f85979f3ec3f9058f57a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673218, "uuid": "d5c23b1a-6bd6-47a5-a6ae-f98ce81e0d45", "comment": "Malware payload (RedLineStealer)", "value": "8eae759162c791331ed193c560f41c9f0c9b2606", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673218, "uuid": "2a529128-5442-4258-901e-a841d63c4952", "comment": "Malware payload (RedLineStealer)", "value": "f1e6d85a041dede23f882287693bc5f34c432520340275f93e11ec756f95b425c84ea1107de45d3936700fc95e9b3a2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673218, "uuid": "531318ad-523c-4474-b841-4755d629e525", "value": "T1B9741AC03784A5CDCC9F8AF1656207748A70D482EA97BB53FC8BACF63859365AF051E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673218, "uuid": "740f7117-9550-4467-bc29-cfc45c6b4d07", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673218, "uuid": "a4a17bbe-40db-45bc-a4b0-8f1ef57c7a00", "value": "6144:nmJFEqndldA74+GHGP2MLwOw1vbeGYiFTmDN1arTi:jqZG4Dm2vbeGYiFTmr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695673218, "uuid": "933d7c32-99a0-4b52-8e93-8fae9c3430fd", "value": 349184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695673218, "uuid": "06337034-b447-4c08-9e2b-05dbb26f4846", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673218, "uuid": "6925c1a6-3ffe-426f-94c2-fafcc4466e83", "value": "CE18D1EB13DC622B6A45D8326DAAB16C57334A64509F8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead54ecd-5bda-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695670629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670629, "uuid": "e79d283a-49f9-42d5-9612-d5d7c3860752", "comment": "Malware payload", "value": "0994459f5943a0e1eb5a2348c98d6918", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670629, "uuid": "46a7f792-690d-4621-8e18-3950f8f41658", "comment": "Malware payload", "value": "ce2c5f37b85285e81a13b7daf1915e647ede5d59bbf646733e7e35e3f6a2022b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670629, "uuid": "f4ea1a8f-3ca0-4fd7-bb8f-cf0976bcbc67", "comment": "Malware payload", "value": "6e15f60d6593323b59fde12be461dd1fed149c5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695670629, "uuid": "0a8642ca-d226-4e88-bffc-74b52316dbc6", "comment": "Malware payload", "value": "aa0ad4ba9bee1942fb415fa514f5202ee0f159da079a7139576a8a48d42f03b76b116d44c75e6c9e4f9057678b519de3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670629, "uuid": "ea2fb340-d194-4094-a91e-b7cf019532ed", "value": "T18EB5335B66F56876C5E683F850E384A74532B8AA134902FF3569A0EB5E131C1F038F7D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670629, "uuid": "cdd37380-8722-4a1b-a73e-effe7d5f75ce", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670629, "uuid": "d83570ea-e8f2-4741-953f-8d40f4910aef", "value": "49152:FIikAQXU0EeWK9OM7GJg4GGRgWQaVaPfhNR8Kfb1V/NM4GC:FIrAQAKoeGWs2WVSfhNR91K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695670629, "uuid": "8df4826f-ff40-46e8-a51f-5936ba756cd8", "value": 2483712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695670629, "uuid": "77142a2f-edc6-4016-b391-7b5a63c7e525", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695670629, "uuid": "cdb6b774-5201-4c47-a9d7-336031c4061e", "value": "phoneoutsourcing.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "048474ca-5beb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695677544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677544, "uuid": "c2d746ae-9f40-466a-9aeb-b7e76d31052d", "comment": "Malware payload", "value": "680f1dfc326680600c8111659b4b4e26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677544, "uuid": "59c385e3-0bc8-4bd5-8a45-387a145026a0", "comment": "Malware payload", "value": "ceaec139a9370a4cd4eca876e7c4b3d51a013d3739b3f4d526fdfeab27cd2fc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677544, "uuid": "cb4ec642-0624-4d32-81ff-3e602909e3ad", "comment": "Malware payload", "value": "1babb010c78762ca8eeb1b8d41a0902dc485659c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677544, "uuid": "7670d587-f54a-4efa-86d9-a50b22308cc5", "comment": "Malware payload", "value": "989b922042ebb8cbf50b5f2ffe49cc429a1885566698393fc4b8799e99f7b0daa0b9d8c5096a27fd0ab9518453a537fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677544, "uuid": "769d8afe-ce53-44a1-9f7c-c62050e25bc5", "value": "T12F93595BB2F544ABE0324639C4A30E29D776F81106219F6F13A8066E1F673D28D3AF71", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677544, "uuid": "6ed658a2-0c4d-4049-9263-5d7c2614041b", "value": "8c0a142d2af030cfa60b7918d26369ed", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677544, "uuid": "2e77c7e8-28da-48b4-902c-d5583958f4dc", "value": "1536:32vMx2qCrMiZ+A8/OtS3Fa6MCQmd6C71SJCpQsWBhyd09dlZYBwV0pC:8MIqCrM7Ak6aFaGQU6C8Mp06MvmS0I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677544, "uuid": "28153d3f-93b3-4c8a-b90d-f99d78b3e252", "value": 94720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677544, "uuid": "33f28229-e659-4f1a-b65e-41ec68690d88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677544, "uuid": "17959656-1479-442d-ac89-eca3b1d4ad81", "value": "1babb010c78762ca8eeb1b8d41a0902dc485659c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0fef732-5b68-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695621623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621623, "uuid": "77152d43-73c1-4c84-a20b-2d58d41d61e9", "comment": "Malware payload (MysticStealer)", "value": "deb00d5604b57d3ecc002ad933797d65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621623, "uuid": "e49b62cf-f416-4865-a644-ab989b0ecb18", "comment": "Malware payload (MysticStealer)", "value": "cf09a17558905d397e58c039164d0b799c4e58a31219e05750ea12e463a6a125", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621623, "uuid": "dc4f31f9-5f2d-443a-a8dd-2fb8b560c736", "comment": "Malware payload (MysticStealer)", "value": "93230e5c30043faf9cdee3be2eb08b183422a1d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621623, "uuid": "787edd8c-8499-416c-b2e8-5f83134400f9", "comment": "Malware payload (MysticStealer)", "value": "7dcef65a940ae7d2005fe472aab1d05a585f3b9114b641683d5c2d1b1ab6d15fc4f8010576dfca6d906cc09029aaa689", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621623, "uuid": "453cc60f-a06d-4363-bebd-e29be42f6c74", "value": "T18B84BF11FEC18431E871253108A48F798EBD7D3287B159DB6FB90E2E8F60AD1D63527A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621623, "uuid": "90d82c40-01c4-4fe5-acdd-4b48f9b2046f", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621623, "uuid": "85b870e4-3805-4afa-a9e1-29f6511e95a6", "value": "6144:IlPphHX110KwTVSf3pOCq5b6uAOY6dWlEzKKmVz/U/T9Yc5LLPM8WEB9m/Eqwm:IlPf3110dVaUcu2Bkfmh/IFjMfEB9m/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621623, "uuid": "59d25fda-95e0-45ee-a27c-7101190c7c94", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621623, "uuid": "4303aacc-b3e6-40f9-8dac-b9f3c959f550", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621623, "uuid": "f08061b9-9ad3-4a00-8507-0b31a3596309", "value": "deb00d5604b57d3ecc002ad933797d65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f90e672-5ba2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695646236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646236, "uuid": "e2fe6e2f-fb64-4f43-81e8-c339204fda9b", "comment": "Malware payload (RedLineStealer)", "value": "c607b13b2deb7165acfefb4373c7f97a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646236, "uuid": "6ce29326-94d1-4a54-91f7-777d02331568", "comment": "Malware payload (RedLineStealer)", "value": "cf6ef50b611457d26b4f02e43cbe55909acb7d7d243cdcc92355d36ac8c0d8fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646236, "uuid": "f8ae4aeb-6dd8-4bec-9a3d-3ac9556fe23e", "comment": "Malware payload (RedLineStealer)", "value": "1e4d43162f7e282e71696a4fd9de7954f3eaffb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695646236, "uuid": "05ee4751-2721-4b05-8dbb-eb2da0f8f73b", "comment": "Malware payload (RedLineStealer)", "value": "20aaec85e79a478647ddee2e0c7191b60b7279ed6d189b6c329591e23547ac87fae42ba97139a3bd1777de3cf7e00a9a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646236, "uuid": "f8058876-a238-4cde-a062-ad22e8fe3d92", "value": "T11E552302AFD984BBEDB42BF04EF357C71A383C953834425A338964AB1DB35586535B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646236, "uuid": "16418f6a-e82c-413c-81ab-534727a4e7d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646236, "uuid": "4b195a46-b4f6-41c5-aed8-50325bd4a678", "value": "24576:LyRAeUcCJK5xuWgsMDLliI8nluLXigZCVAxa202twHzQF:+RAVK5us+kI8nlLnia202tCzQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695646236, "uuid": "b3640481-9640-4b13-b359-c929d3ff6a2f", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695646236, "uuid": "c189b510-9f24-44f8-afaa-705a4707dbe4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695646236, "uuid": "223c675a-97cf-4703-bed8-5405351a12a4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "996a0a58-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695624536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624536, "uuid": "004120a5-71cd-4847-aa24-4fbfc48de6a4", "comment": "Malware payload (Formbook)", "value": "622a52a8da7548f6949e6934455ff897", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624536, "uuid": "1c2b4ae9-f525-4a69-a057-b16205a39583", "comment": "Malware payload (Formbook)", "value": "cf8bdc7c63175c9125d2daf9bf291f3f87661a0147828f209984b5a2f5b29e2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624536, "uuid": "5a6d0ab9-a743-4bcb-bbc7-dae73bf09868", "comment": "Malware payload (Formbook)", "value": "42853f4f1ad3333d98c4f89101be973bde6088b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624536, "uuid": "e166e623-c554-4cb6-a1c9-490d1bfc1068", "comment": "Malware payload (Formbook)", "value": "45bb7b16bce3bbb0c52902f957470add6a7f02410266ec32a463552aa0a062f1e89844a57dccf0fa4b93cbd1721279a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624536, "uuid": "a814b00f-edb8-4c7f-832a-48ef8c03e07f", "value": "T12A84121102E0E467E5530BB068B59E67EEFBED160554A30F83A0BF9DFB36501DC2D2A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624536, "uuid": "3de11e01-727d-40bf-b62a-324e4675fe96", "value": "9dda1a1d1f8a1d13ae0297b47046b26e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624536, "uuid": "03227bc3-d614-4e2f-9fe5-995627559782", "value": "6144:NnPdudwD2DK+I9mjLYWFdayTQJ0daw9LGx7b1gtS/eKIShYV+QjbiaIAX3Ads4s/:NnPdC2+I0np/ddy1jHISyV+4AGr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624536, "uuid": "05106e58-72ab-4f9f-9754-9fd85180c14c", "value": 378503, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624536, "uuid": "94aecb8c-2b66-49b5-a0f9-a585da94ac07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624536, "uuid": "4858db90-4afe-44c5-8850-33cc0b71223d", "value": "SJH-A5-INQ 05 DD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b06138f-5b67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620915, "uuid": "36aa4dbb-a884-4d9b-8526-483387ad39b2", "comment": "Malware payload (AgentTesla)", "value": "563b0fcdde7369186ac38d0b09306aa7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620915, "uuid": "e4d82aac-fcb0-4327-841f-1c57ef4ab230", "comment": "Malware payload (AgentTesla)", "value": "d0bcfaba75056d8d1e308e4088122850eea75007f191b5c8d9aac67e8cd0dfe3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620915, "uuid": "aba536ae-2949-4e11-9572-8a8b3aaa517d", "comment": "Malware payload (AgentTesla)", "value": "df516393eb762506b627b6257b9d83ceb61d80f8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620915, "uuid": "16f513db-bbda-4652-b66b-fc37efb27dab", "comment": "Malware payload (AgentTesla)", "value": "4d34fad96210e2e0c3371234de214691f53a808e93bab339fffab1c2b836f71ed3b42890248f311fa3c6a15c87f6e845", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620915, "uuid": "5ed87cbb-d8a5-47d1-8e6f-beaa325ab585", "value": "T147F4AD85EAC04584DC3D6B74243E8D25521BBEFAE8B4E54D6F8E716237F32E3143264A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620915, "uuid": "811e9af0-8e75-49af-9f08-210ac32f5f20", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620915, "uuid": "28e97d26-b81a-4686-8abf-087f274dcb3f", "value": "12288:w7252w6Wl3ZgY3RBxx7a4OQDkAncT9HyWCk7cUxvReS+uhQM:rIDWtZgWRBT7a4O/d1Isbx1h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620915, "uuid": "e68f9cb6-7a36-478c-92f6-c55a60163270", "value": 783360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620915, "uuid": "7673b10e-fbae-4bbe-ab97-106a5c8ba973", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620915, "uuid": "daffab27-44ef-4743-9c83-3a8154159901", "value": "Approved Purchase Order Nr.227.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e809be9-5b67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620975, "uuid": "efeace41-5c10-46b1-bda7-12fe0a85eb1f", "comment": "Malware payload (AgentTesla)", "value": "accfe11c9fb2a16f528e5147afaee5ca", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620975, "uuid": "0eefac3c-6dd0-4c71-b952-e1f0ee64eaf4", "comment": "Malware payload (AgentTesla)", "value": "d0e87e3e00fcccf1709ca7ec50c8ff2521cfbbfcef0eee9559043748ed46a95f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620975, "uuid": "bdba3039-f643-493c-83a7-5a90621a900c", "comment": "Malware payload (AgentTesla)", "value": "cb5c5bd22d60538356c58efc5bc887ca3ada56f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620975, "uuid": "dd96a1ce-a080-45f6-bff4-79091b7be795", "comment": "Malware payload (AgentTesla)", "value": "736fca65e60271a104a9bf30926c4186330af2ceea64cb9c686e88ac4f591060b41d9a9478f7405a5b689cfdcd30cc44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620975, "uuid": "5da524db-2a4c-44ec-ad27-716ff691d28d", "value": "T1DBC423B2EEE3E8B79CD9CC046FA89084878214A136A7CD0F5751A70E561D66E7BDD033", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620975, "uuid": "875e0e7e-2adb-4dab-857d-23d60b12909f", "value": "12288:ZfRnk/x/WCwCHUtJySOeZOStJ8vsJlWKLlrJkh3:7QgCHHIOiyElWt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620975, "uuid": "45dd6756-6b3b-48fa-bc2f-f7364d9422ca", "value": 569122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620975, "uuid": "6d1319b4-533e-49e3-8865-17e83eed8f0a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620975, "uuid": "9dd71b1e-97c4-4ede-8da1-e5800b5383d4", "value": "PO # 16539.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb506b88-5b65-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620325, "uuid": "8982d6ce-024c-4efb-8067-60b7b14ea33e", "comment": "Malware payload (AgentTesla)", "value": "7c8a156bf668dcfe8b9dd1b72d81fc46", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620325, "uuid": "fb0bedfb-a3ad-4fca-8116-4cdbdec33558", "comment": "Malware payload (AgentTesla)", "value": "d16e1e1c65bc6dd45379445430fbb4314e25ad2a0931077f1240c9aab1cb825d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620325, "uuid": "fb808e00-254a-4873-aed6-83b5964d7cfd", "comment": "Malware payload (AgentTesla)", "value": "cd56ff7cc932094747b8251ad9e1cd1d923cca09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620325, "uuid": "f620d54f-537f-44c3-b596-e14308486ff1", "comment": "Malware payload (AgentTesla)", "value": "7b19a3bfce07dd3f97902463cfa27a6f3ece759bc4743a828e36fab224f42e531856181e31824e5ea085642a415472a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620325, "uuid": "6130fa6e-8cb5-43f9-a44b-0e27678f35e7", "value": "T129D4239F30E2F6F6353BA316546FB4272A3897F2B4901AD4550509D5A23F7CBC38863A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620325, "uuid": "afec95f7-ccca-487a-89c9-3346550b658b", "value": "12288:9+7SM0x4kXzRG5P3ucy0xuQfNCM5QFtmTgGz13msX/gq+JkTexi9R:9sSM84kDk5Py0xuQfNCM5qtmE81msXIs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620325, "uuid": "234bdb16-aed3-4046-9016-83ffd90de7ab", "value": 614763, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620325, "uuid": "2b9305b1-b418-4886-9a68-3fbf6e79da40", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620325, "uuid": "15bc7c81-12b8-4fbd-973f-1b6aaccb7204", "value": "BANK SWIFT.pdf_________________________________.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e4f2778-5b82-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1695632705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695632705, "uuid": "977418c5-17f5-48b2-b138-3370948ddae3", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "137738acaa65534389455145fa1b993b", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695632705, "uuid": "cc1df880-064f-45f3-a85f-33c4a0ca61d5", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "d2a471fca395ec5faa4dc9638d522da081c167dd742c125dcbccd16c52f37e76", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695632705, "uuid": "f86aaeef-8c46-42ff-8fa6-7041dcb31aa8", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "100fa20b76fd2d048bfa1989b3cd3c46ce3dc913", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695632705, "uuid": "2d5613a3-ffb8-43f4-b39a-1f51f95cc1e4", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "cee66c2a73299bece3e3599e98f006b1010819eabbd9083e9d4bef794b797e3247953c9034c36576e3c50e4664e98409", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695632705, "uuid": "a2a875f7-9d0a-40ca-aa05-4a46420beba0", "value": "T11D14CF1079E1D032E1B784305935D6E0AA3FBCD2F765C94B32543B7F2D322929B6635A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695632705, "uuid": "07f3d541-6264-4f10-ba95-76831eecf2a0", "value": "1f916dac39f3ba277c6d2264fad89501", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695632705, "uuid": "e9bfd360-0307-4827-870f-565f56c54678", "value": "3072:SorMkCQuLVZPd0ClVozwvatqcagi4G5KlY5+M3eT:So8pLVZPDlVozwIN+elYV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695632705, "uuid": "2612ee55-48e2-4afb-8581-af45e9802768", "value": 192512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695632705, "uuid": "a9243e20-8e79-4e79-a646-148c04a5b17c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695632705, "uuid": "7c9d29ea-ba0f-4529-b7a7-a4205499f79b", "value": "137738acaa65534389455145fa1b993b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c023030-5b8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695637748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637748, "uuid": "01612a0e-bfc4-4f32-8465-514c215e0fd3", "comment": "Malware payload (Smoke Loader)", "value": "579791ef354c6f8ebf3c535c07ef2be0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637748, "uuid": "c9f2aef4-27a4-4216-b0c2-b55e97d812fe", "comment": "Malware payload (Smoke Loader)", "value": "d2f8260f6c20bab0efc8093ffad73d2edb702a53313adb778788d68c3e0248b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637748, "uuid": "d63226c6-8a72-454e-848e-a7c95fbb85df", "comment": "Malware payload (Smoke Loader)", "value": "0cf3c7eabc241ee73d61c4eac275b3349c3f081b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637748, "uuid": "cf8df7b7-12ff-46e2-b1f9-3e8e58e4357e", "comment": "Malware payload (Smoke Loader)", "value": "ee54f19e11d0eb046fab2ce7e15e05a2816e89eb588faded4cf7f832f6dbf4fdd2b45ab8e027410f16f224dcc3413375", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637748, "uuid": "a8514b53-459d-4ced-8f11-a8317ae4d3cd", "value": "T15B44AE01B4D18072E472213209ECEBF67A7EB9310B759EEF67940E7E8F606C19731666", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637748, "uuid": "3c0df98d-667b-4253-a62b-2e7e4a45a153", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637748, "uuid": "552daa08-8fd1-4f4f-aff3-6604a66b6685", "value": "6144:1R7hrJ+j+5j68KsT6h/OCy5U9uAO8A8Xpdjqw6:1RlN+j+5+RsqGGuP8Dew6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637748, "uuid": "fec31eff-dbc0-4338-abb3-6a7cc7f63cef", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637748, "uuid": "efa0ecaa-24cb-47de-b82f-5cd578fa1764", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637748, "uuid": "7cafd127-37b8-486d-8d65-fa0e7893a0e2", "value": "SecuriteInfo.com.Win32.Evo-gen.30270.14029", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4391eff1-5be2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695673784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673784, "uuid": "afa51222-8fcc-455a-9c53-340787bf3ae6", "comment": "Malware payload", "value": "6c89f2c53ce6d2c4ccab398684098229", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673784, "uuid": "91b48b92-9508-4927-8636-3e53b28d1490", "comment": "Malware payload", "value": "d331612139ce264eb3770d828b8242a1e04e8a81af38fc3300647deb6a896060", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673784, "uuid": "51a0d53b-8a04-43d0-a70a-83a2d84a031b", "comment": "Malware payload", "value": "4efffa90d3bcc88162626aa2d4c414aa16993cc0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695673784, "uuid": "c2c8be3f-de7b-4ca3-ae3d-c737d5b9efe4", "comment": "Malware payload", "value": "e3dde9f9614050773d530ebe4fb58842f7b274d971c3dee8ed99d6b1d2ecbef915c27578c47766bd1d1c560266870c08", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673784, "uuid": "8774e4a3-0547-428a-8a85-a7dd823ad3d1", "value": "T16F5523029BE85463CDF56BB4ACFD53830F327EE44878922F27965C1A5933B90A13572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673784, "uuid": "cdaf5845-f76f-412d-a17c-781d4363891d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673784, "uuid": "abcf58d7-3d75-468b-b04e-06f7be4bd3c3", "value": "24576:Lyv4LBz7cSZPxUCvMI5pTUgMOXl30J+3vi0a/ecJWp1vYPMe5:+sBz7cSZPTUgM630J6i0Cec+vsZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695673784, "uuid": "f2f6ac1a-1fa4-4550-9a1f-13707e13fa52", "value": 1311744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695673784, "uuid": "2ea06534-4a25-442b-9663-7555f8a9576a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695673784, "uuid": "f538aac7-99d3-4cf3-994e-b39cf40b1677", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b14da933-5b77-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695628012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628012, "uuid": "ef40ca12-25de-4b33-9aa2-5142b46ea214", "comment": "Malware payload (RedLineStealer)", "value": "93d88bb136cbce2bada2f20851890b7c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628012, "uuid": "c43a0544-63ca-40bf-80f8-f96bcb848473", "comment": "Malware payload (RedLineStealer)", "value": "d34f40911e49c6b8c306a50852bd42a2864e719627c2310997dfaf6e5f327cac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628012, "uuid": "6f5fb77f-b721-4bad-995a-ff0ff477d039", "comment": "Malware payload (RedLineStealer)", "value": "ccc57b850c9f2526508ce7049dc5f62bc790a69c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695628012, "uuid": "e60d28c0-c401-4f1c-9160-12a8a4f13eba", "comment": "Malware payload (RedLineStealer)", "value": "a0cc60060838a8699efe4c7ccbaf2d93da6dc148c61116036e73e90aa1bed3fcc1e928620277860dfbe23515948a8bf3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628012, "uuid": "8d9d076b-769e-4427-a3f0-a733905cff6d", "value": "T1E274F14079F1C031D6A791347536D691AA7FB8F26F75C50B379C2F6E2C32682AB66302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628012, "uuid": "3f45eb09-2857-473f-804a-c76218283caf", "value": "1f916dac39f3ba277c6d2264fad89501", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628012, "uuid": "1b55cec7-fc92-4412-8abe-78000ac9c0d2", "value": "6144:At62CDyTylIJqU9N54duGIf4jTFrDPiVJUPZcCJ87rkzF4OJ21sB+:AthCDygiqUuduGNjpCOZcCJ87fOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695628012, "uuid": "1a7ffb06-bfcc-45b9-b9fc-38d92d27e00a", "value": 349184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695628012, "uuid": "27387d3a-1cda-45c5-9283-86a2278f7e51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695628012, "uuid": "9f1b22f1-71b0-4cde-b847-31aa8096f078", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b22438c-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695620432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620432, "uuid": "c1325b8d-7405-4d07-9a92-f24ce11c1136", "comment": "Malware payload", "value": "c3176182f451cee7140d7a54e764bbc5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620432, "uuid": "aa92f524-03f5-4938-90a4-53391b91f4de", "comment": "Malware payload", "value": "d376fb96ca6decfbf4eaef78da8fbf5238dd1747cc57f8571ef3086fab9cd15c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620432, "uuid": "ca910009-61be-452d-a211-1ebb5a4d2094", "comment": "Malware payload", "value": "86dc4a19fa79341f17ad61debfdd2ca1bae058e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620432, "uuid": "d1dae750-bc3b-4939-82bd-2f8670ced916", "comment": "Malware payload", "value": "c540e72b07858935e09de70034fa4e5e2b508b633adbd01380562c4e3834a54f99d8c44cb8101976d8f381fc3a0596eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620432, "uuid": "5207d41c-8a89-4965-aee1-b3b94946fabd", "value": "T1DBF11B93EDA288B6C55DC9BD5D498934E5322A317AE2E2D36FAF580DCC251804BFC712", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620432, "uuid": "ac6f6e95-cb6a-436d-ae06-8fc7f86de5da", "value": "192:nwxfRq8HebguuREnZXbzNbotbFtZKN8lryIlP:o3HqsREnZX3Qt02g2P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620432, "uuid": "198c7fd8-24ad-44f5-8a08-213d4d6ac603", "value": 7782, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620432, "uuid": "9598471a-4806-41dc-b86c-e1ae70c1e3db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620432, "uuid": "4767baaa-7c48-4955-b05c-373212e8b3ed", "value": "SecuriteInfo.com.W32.Qhost.0CCA.tr.18160.15377", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b5c3b02-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695627117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627117, "uuid": "40b9de3f-0fbe-4094-85fb-29474d23ba1d", "comment": "Malware payload (Formbook)", "value": "5adbfe3a05eb61b2d2620b6538dc5772", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627117, "uuid": "2841026a-daec-4cb0-a1f4-d5127b0bbfb4", "comment": "Malware payload (Formbook)", "value": "d404e5865cddbf47f6a494f9120130035b3ac5761810dc75e20bc28873327547", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627117, "uuid": "b1071cfb-1494-4e5c-a30a-752de8c174fb", "comment": "Malware payload (Formbook)", "value": "8bee7a099e2c1753a62be196915da3756758e75c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627117, "uuid": "86140462-2d85-41d0-ae57-cf52289683d0", "comment": "Malware payload (Formbook)", "value": "4620447876f8fb2520dbd695a1be080316ec858e2d1eac0d378497a30d8769d60bb3d6dfeedd41e605ed36af6107f45d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627117, "uuid": "83d0635b-de5e-426d-b6c8-53fa6cd51a09", "value": "T1B4C422D4FAD58B21D289237B665E325B4370B691A100F36ECD9B01CF0A3A75E3932B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627117, "uuid": "815402f2-a03a-4ed3-a5c7-a5d845684c8d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627117, "uuid": "6a9e0055-8444-423f-8652-40239298d015", "value": "12288:JZ725ZbHWLBajVyuexPgAHsP3o4roF6Btp3P:uCQSxPgAIogPBth", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627117, "uuid": "fac6481f-07f3-4571-9daf-3248342e32f2", "value": 563712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627117, "uuid": "63f9d61f-469a-4fb0-b0d2-39c92b81a4d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627117, "uuid": "3dc420f7-1bc8-436b-9142-e78b1945c0b3", "value": "SecuriteInfo.com.Win32.PWSX-gen.30247.2423", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f503a12c-5bc0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695659479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659479, "uuid": "5e4f6bc1-4d76-440f-8625-a8772c2f5166", "comment": "Malware payload", "value": "366ad44f307a2c88a230875848fd2d9e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "psotnic", "colour": "#0F6B8A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659479, "uuid": "500ea5b3-1e90-49eb-b88f-050963c95ea8", "comment": "Malware payload", "value": "d6f861971aee196fdb9f506d1887c34765a2af8e33b23d4495c7f34ad688fab8", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "psotnic", "colour": "#0F6B8A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659479, "uuid": "ca481711-8bff-4cd1-8592-ae2e7dd3c158", "comment": "Malware payload", "value": "ce22b76259ab878a4587c60b30b07c96923b0690", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "psotnic", "colour": "#0F6B8A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659479, "uuid": "3059a471-767a-44fb-a428-522315b23a12", "comment": "Malware payload", "value": "751b945086e9cfaef2d7367eef60d76dff98e226a79c34a685d47bcdf75dc127433a0ed6a54fa58a234e87c0f852ecac", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "psotnic", "colour": "#0F6B8A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659479, "uuid": "9b7d20ed-b85b-4bed-ae47-4238084d8c5b", "value": "T1B7050937F9E2D56CD086F27826DFC2E2D5B4B4F00124706F279E4A267F129E44B6A2D1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659479, "uuid": "04fb9ad5-a7a9-443e-8ff0-8ed279dcde55", "value": "12288:TedPbpeOORa7x/fVXIIClttaUUZaryT7mDTQUlogf1vH:TedT0aoIClttaFZaryT6DTQwogflH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659479, "uuid": "203871e7-0a45-4fb1-b948-7b7585a86f95", "value": 844576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659479, "uuid": "875d1d58-5c3f-4426-844a-509a703110ab", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659479, "uuid": "d982d63b-f351-463b-8037-2b33ac13d921", "value": "psotnic", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3658a406-5b73-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695626088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626088, "uuid": "dc2e8ae7-97a7-42f6-aef1-f87928dde33c", "comment": "Malware payload (IRATA)", "value": "73d4a798035063283d904af930e6b4ff", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626088, "uuid": "48c18773-ba0c-4004-9980-2e18febda27a", "comment": "Malware payload (IRATA)", "value": "d8a1baff9f3bedc268fc275990b1f726c2167c5eb7486a7fe9a9bbd083b314b9", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626088, "uuid": "61549afa-234a-409e-ab8d-81a11636ac3f", "comment": "Malware payload (IRATA)", "value": "a6fc6abaa35d595b430d3acc6c5e19019039e52f", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626088, "uuid": "3b1af234-107e-4bb6-81a4-fa6bc880e67f", "comment": "Malware payload (IRATA)", "value": "b8f926a2e9ec146697f3b0205a5ebb5d071c54306bfe832088016792c05b679956f2ccfc8f57a5db24a90ca29f028cf7", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626088, "uuid": "feab80e2-0707-45a6-a158-77c068278aea", "value": "T12116DF97F395A96BC4F39372817613A5414B4C228F83DBC76D28763C29BB5C42E49BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626088, "uuid": "7fa29bf6-ae87-4d8f-8cba-6208578917c9", "value": "98304:civCgpGk9exeuEgLCrgKTNNiWVK5QSJTvVlwG:ciqsejan8WGTvTp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626088, "uuid": "8b30d0d3-8639-43d8-bfa4-f79625c1b05b", "value": 4328336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626088, "uuid": "96dbd458-4fb7-429c-b969-49412d3dc34d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626088, "uuid": "e2a039bd-b256-4834-a90f-fc7f37ef67d8", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98a55b52-5b73-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695626253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626253, "uuid": "3eeb1c7e-689c-4cc9-93bd-ea4ec8ecfb1e", "comment": "Malware payload (IRATA)", "value": "9d96eb1eeb898ff2c037fda8c3f40098", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626253, "uuid": "9672ff7d-bc17-48ed-8395-af446098e83f", "comment": "Malware payload (IRATA)", "value": "d9a2b09130185745a2c33f06c60baa4370c9beedf7ef7bf48302ebdf6c7d3652", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626253, "uuid": "0b967309-3828-4b6b-bddd-8add880540b9", "comment": "Malware payload (IRATA)", "value": "4c770ece1c3e27552be91231c7fc34396b71bf86", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626253, "uuid": "182e45b0-d3ef-4317-afd6-f81bfbec91e0", "comment": "Malware payload (IRATA)", "value": "12365c14163ae41949bde8fa197166d5167e9e51d39356faae6525b00eb11951c2c4e9f78adce18a3c2c86f7835c0942", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626253, "uuid": "928c2309-46f4-4119-8278-c1aa6cc6777b", "value": "T1F2A53397E7548486C6DBB3704B14B25A45BB3C027F63058B3AA07FBC67BB3E85319606", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626253, "uuid": "37aa70ee-3707-47fc-a9df-9e8ce02161f6", "value": "49152:AEaCDdDXrYo6V6hB0iKgCTuAEHJDP8ZFh4kNZBv+iK5dnJ+8/lcQXeHenc1u:AVy5Eo6MIgW8k2kb0HVk8/WQXeWJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626253, "uuid": "b5395ca1-15cf-4397-b47c-81f25b718b05", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626253, "uuid": "c910a8ac-0fa8-4abf-80b3-9bd01e953b25", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626253, "uuid": "56db860c-796d-4b5c-9938-4346edb98b51", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b37eed7-5b3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695602018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602018, "uuid": "e8d83400-70c1-44cf-b8eb-a0262c7da12c", "comment": "Malware payload (RedLineStealer)", "value": "f9aa3d61b410ec59b8a1f5d9d287ccfc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602018, "uuid": "744d30c3-1c86-4d53-bae6-e943a83eacde", "comment": "Malware payload (RedLineStealer)", "value": "d9d93ecbdd4afca82d80c8e28f3e97e5cd0763ce59acaf2d1286ef85eca37a50", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602018, "uuid": "f444e133-9364-43ab-bfbd-ead67707aca7", "comment": "Malware payload (RedLineStealer)", "value": "081685d3b83c654730fc6a22525b47c082ffa65d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695602018, "uuid": "5769c9b6-e3df-45b2-906f-76fa850b6927", "comment": "Malware payload (RedLineStealer)", "value": "68943287e7592886fd75b45c3f54771e500550a5f5247bbd45fab695ba59b1997d892eb926518b44ba78d5acfbc35e7f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602018, "uuid": "250bfba1-4a28-4bba-9055-29c81e747e8f", "value": "T14B44AF01B4D38472D472A13209E4EB765A3EB82047555AEF67E40F7E8F707C39B316AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602018, "uuid": "084283fe-ec01-4fdf-bb69-d9fa9705119f", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602018, "uuid": "9f892fc3-f682-46ae-bc23-21d2d819f491", "value": "6144:vRlhrJ+j+5j68KsT6h/OCy5U9uAOSA82fqfqw6:vRbN+j+5+RsqGGuZ8ew6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695602018, "uuid": "9aaae828-ee4c-47a0-994e-03619547b908", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695602018, "uuid": "ace64ba4-6b8f-4c7c-bc99-8eb60a19bc38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695602018, "uuid": "c0764136-ce95-4655-a520-c77dbe67b1ba", "value": "SecuriteInfo.com.Win32.Evo-gen.17369.14688", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da928441-5beb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1695677903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677903, "uuid": "9d1941cd-07c8-466d-92ff-660915d954b9", "comment": "Malware payload (Cobalt Strike)", "value": "a771d34f0efa34761d3a18371bc9655b", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677903, "uuid": "a8fc1b63-f2b3-4555-b25c-71b431ad3ef1", "comment": "Malware payload (Cobalt Strike)", "value": "da299be7f0cc9d71cdea150c0951dd6e4b121b65882a5bf2826f59dd02ea0ab5", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677903, "uuid": "a4568c3e-7770-45dc-af1f-77ae40710af1", "comment": "Malware payload (Cobalt Strike)", "value": "05b6e192978b27ea1a7ee5ed4e3e1d24939d13e8", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695677903, "uuid": "e3d19c37-ff79-4349-9138-4a0a45d18b3a", "comment": "Malware payload (Cobalt Strike)", "value": "e01e59d1b9a27ef4eba84daaedfd1567d008014e0b1ca95e925fa392a187b9338a88b4658737cfdf56728a25aa43f5ad", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677903, "uuid": "27e2c09e-b9b4-4ec0-acab-3bcf50e55f0d", "value": "T1B9B36C4773A508BBF4779639C8930E49E37678110760AFAF07A087561F633A18D3EBA5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677903, "uuid": "46b432fe-c757-419f-959a-3874c2744515", "value": "b80f9a3caeabbd97ef3418216ac93c69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677903, "uuid": "ac3d4cd0-8d50-4a92-b9ff-0f4dc5ed9829", "value": "1536:pDet0y4S/xry1STK1HT5SnwerPJFwcINaocFEzsWTdg9dltEeKRUpQ:9et0Iy1DB5aw4PLfIN1iEbQXEeKRUp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695677903, "uuid": "24ac2b3a-e5bd-4dfa-b80f-55f7423377ca", "value": 113152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695677903, "uuid": "309c70ec-e8e7-422f-961d-900f4a95f04d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695677903, "uuid": "05d36211-f7b9-417e-8b66-de397da59a31", "value": "da299be7f0cc9d71cdea150c0951dd6e4b121b65882a5bf2826f59dd02ea0ab5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6775f51c-5bb8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1695655806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655806, "uuid": "b8d68461-398a-466c-80ac-196f3b4c3bc0", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "b601d81d4004f43c394a697140a9b626", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655806, "uuid": "82210a15-4a37-41d1-91c6-2f3088c593aa", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "dc8b62f26d484155e682b99547dc4861f2bf10fe7f2c2ff29ff948295022ab66", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655806, "uuid": "a326e1fb-0618-4dfe-93ce-878449d14110", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "c37b8c7e88d029960d156b9bb5fef32b3bef6dfc", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695655806, "uuid": "cfc4e489-216f-484b-84f4-30945c8c71cb", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "378768bfd464cf797a87a1805a0fb831f96c5ad1e6dfc76f10978ae64b15602f89d0763f0df8813896e3f540013eefff", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655806, "uuid": "c721c227-bc8e-4d7b-8145-12450b2ca100", "value": "T13D14CF117DF1D07BE16785341D31E280AA7BBC63A6A1C59B3700626F6E32781DBBA353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655806, "uuid": "c8673974-f0e8-48b0-aa61-5b78d03c2e1c", "value": "b1235249e30f2ba42aefe4b190d2545c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655806, "uuid": "21bb60dc-d3f3-4d94-8dac-53dec6731eb1", "value": "3072:1y+Y6jryfEpKAiGMipeNOJ5jjaJCz3zUPq56+bRT:8+Y6jWfRAswjt++b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695655806, "uuid": "2f255c2f-fe36-42b1-8f8a-35580496b420", "value": 205824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695655806, "uuid": "2b9e9012-3774-4dff-b2b0-b82b7d90a189", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695655806, "uuid": "3ff0ffcb-c138-41e9-b5d0-e7c83fb6f62e", "value": "b601d81d4004f43c394a697140a9b626.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f20e7f1-5b67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695620949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620949, "uuid": "1a7071d1-1301-4ead-85f2-cce482407797", "comment": "Malware payload (AgentTesla)", "value": "d87ef090cd40f7b2cfb3437f0b1fd1f7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620949, "uuid": "60ebfa86-ec76-42f1-979b-20708c2a232f", "comment": "Malware payload (AgentTesla)", "value": "dcb132e14cb4d50b8a53bd595d07f292448807d678570c21435ce35dc9ec5aa1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620949, "uuid": "3d4ff51e-3dfc-4c23-a03b-123320d7208b", "comment": "Malware payload (AgentTesla)", "value": "27ab78435e26b9e898004cb4954ebead212f48e0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620949, "uuid": "0e728eb9-9b2e-4056-80bf-44e0d89bb81e", "comment": "Malware payload (AgentTesla)", "value": "76ea6f5ea639e8c6808d64a206353070aa952848977146025edcc6f0d5655b86de7f125e27311e2647611251aa97f8d4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620949, "uuid": "5b3ed701-95ff-4b95-8e95-a8db4abae101", "value": "T135C4231AD6553CE0B4672E7F9A484E703C54BA305D876AD4C06FC3A309AB85384F58B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620949, "uuid": "1ed37853-1dea-4b26-ad3e-a77f070ff448", "value": "12288:PF+egAEm1majh628HcqCsTxQa22XkeYQh+wow3Gjs3U5/:tzTELeh6gp+bkyhl3vq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620949, "uuid": "d63e46de-cccd-47a9-86dd-509626350b06", "value": 552213, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620949, "uuid": "adf2c494-a0c3-4b0c-819a-4cf7ff99ff84", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620949, "uuid": "3fc23334-5e16-4dc0-a0d9-86a69fba2323", "value": "Remittance copy.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0956d800-5b66-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695620429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620429, "uuid": "cd747512-d29a-404b-9f92-3202a0feb343", "comment": "Malware payload", "value": "204c88e13ecfa022cb2004f7a213c89c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620429, "uuid": "3f6dedbd-e3cc-4b0b-8913-a5148b2681d2", "comment": "Malware payload", "value": "de16a9b873beb407c3a3635283fe24846541045c9f5dfa1d496d6ef5828fccb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620429, "uuid": "834b2d44-58c9-4d66-bd88-3a6c6d74de11", "comment": "Malware payload", "value": "d03964eabda3854ef961463cc02ccd77210c2f8e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695620429, "uuid": "b1d6529e-9898-431f-a3a6-b0e80cee59f6", "comment": "Malware payload", "value": "782731343ccd56c63ae38297652df5fe4a9c22a8931eae79e5e45000d44a53435ce21ec94314f09b48dfa2d4681d1abe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620429, "uuid": "da1469a8-2c71-4a04-8eb9-71433a832f2f", "value": "T1042569DABAE184B7D16B2630BD170AA0B926FD103D34B64B6FE01D4C9F35251BA35387", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620429, "uuid": "efeb2558-f5ec-491c-a78b-10f33343c458", "value": "3b1eb048975ed86c05f7808617f05392", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620429, "uuid": "773ac044-0559-4e41-8e43-ce30d5ecb7b8", "value": "12288:OPAui3jyDvMj7KqZk8aNSsRu68QBSu9dAR71oQ64Hy/a1:OPNiOAj7KqZ6L7BSGAR7g4HyC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695620429, "uuid": "2d27c7aa-09c5-49b1-8904-919877d81525", "value": 1014086, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695620429, "uuid": "1a093fd6-ddc4-4143-a9c5-818bd361c3b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695620429, "uuid": "8918b6ac-1dff-4225-bf04-665e7429a132", "value": "SecuriteInfo.com.not-a-virus.RiskTool.Win32.IMEStartup.3643.10606", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99390d61-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695667915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667915, "uuid": "4be8b419-7f0c-4ae6-b5fd-a10e6443ec02", "comment": "Malware payload", "value": "9418752d145c7423054742d17c4dba69", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667915, "uuid": "b781796f-e90a-44c3-835b-9b90a54a9b67", "comment": "Malware payload", "value": "de8e15c8fef3fbf9357004b85aef7b938a742a9cf0f8727cb4100f002a664cd6", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667915, "uuid": "64e38139-9307-46da-a0fe-d055ce3268a5", "comment": "Malware payload", "value": "7c68fc276339a159c833d76a8d1c6d1a19a7947b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667915, "uuid": "b5db3fbb-15cf-43c3-b542-ba9c0719d6a0", "comment": "Malware payload", "value": "51cce76584f0d48130b4a8459e9969a547399152ad80ac6c38477f04caa78f4b22879dd1c43fd2a7aee623b09dd1e188", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667915, "uuid": "c3a79137-97e3-4088-b656-0778daffcdf0", "value": "T1CBE42341C64EC8BBCDAD0D7BE3C61970E78E999D430B38637D3974EC59A765C28B2460", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667915, "uuid": "d1ea6d22-d623-4e42-a675-28d506a71334", "value": "12288:ZLaB77+TsZxBdFCpht0OkIrhx37E5Z3ttbOYuF1g1cm34pRuy8hsBGcB:O/sQ/CpXFdxr+pOniMcsEcB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667915, "uuid": "13dde5ac-59b8-4fa8-9f0e-380201e793e5", "value": 691622, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667915, "uuid": "718374cb-71ae-441d-bcd3-d0d5ae9e2af7", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667915, "uuid": "c204968b-e8bb-47ff-a955-34ab39e838eb", "value": "ROCH-NUEVO PEDIDO _PO-674394.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa0a0892-5bbf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695658924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658924, "uuid": "5fa17012-4a02-4509-820a-2249f92e9676", "comment": "Malware payload (GuLoader)", "value": "f0c214ee9bf0ca839be9e61940a8eae8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658924, "uuid": "f2dddf45-e29f-413e-b7e6-6c4a18e03873", "comment": "Malware payload (GuLoader)", "value": "dea7f4f2ae732c281e832cd869ee82276fa396c08b7334761db10ca35dcd0172", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658924, "uuid": "87a3d1fa-c992-48c4-82b9-edb45cf8e27b", "comment": "Malware payload (GuLoader)", "value": "16228b4be874a436d28496086c7ae8215fc69830", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695658924, "uuid": "13c467cd-d56f-4b04-a0a5-9af3da3bb4ec", "comment": "Malware payload (GuLoader)", "value": "840f127cf837f538543e5556e29758b6b433f9ac8f471ef13c13da7c110d111b9d26f815e48b3bbb4af2595df916c90e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658924, "uuid": "fab9eac4-46fc-42fd-9d05-7f76884b9742", "value": "T10A45025AB629D15AE9FD6E76DC1EC4F1A678BDAAD810130B3180FF2E35F2301140BA5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658924, "uuid": "1b83cd82-b9d9-45f0-959d-872ad7fc0c4e", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658924, "uuid": "9bdafe65-71dd-44b7-b871-da22683b07a7", "value": "24576:3TYx/Q8Wk7a6k95ACjKC4onl8Q3wlRjMPybTJmUM:jIYBklIACjKCxl13ojMPybl6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695658924, "uuid": "d9b0f7ec-e630-49ae-abd4-758334d65628", "value": 1254800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695658924, "uuid": "92899308-a1db-41bd-b50f-427b3d59eb60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695658924, "uuid": "b1c5b419-b216-440d-8721-dca83479d826", "value": "pedido.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "341faacb-5bd0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1695666028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666028, "uuid": "f4e9d3f9-ba65-4f1b-8c62-b606ef7df334", "comment": "Malware payload (Mirai)", "value": "b8aa7ec91f3a10000193ebec78868571", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666028, "uuid": "2d418fb6-10e7-4d96-ab64-6d3625eb56e7", "comment": "Malware payload (Mirai)", "value": "def349934fd6a6cf325f11198575e289d8d6632baba8694ddad8207fc0edab66", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666028, "uuid": "64cdd139-a46a-4955-a727-8a142826557c", "comment": "Malware payload (Mirai)", "value": "199a6a76ca0e1c6537c3e7c439d3a23ed2987675", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666028, "uuid": "13eb1957-bd97-4bc3-8077-0ead7e9b1f05", "comment": "Malware payload (Mirai)", "value": "ccc1080ed57686ef937c8d65e837af91eb6165761ee7a28a7a325c54a56e0666f4bb417ea17dd7175740d3914bcb3eef", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666028, "uuid": "82958f73-16ac-4f3e-9b6e-64136b15ccfb", "value": "T10C535BC9E5C3E9F4EC150E71213BAF3386B6E63D2169CF97D3A86432AA51502E11639C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666028, "uuid": "f045bf9e-eab0-4f13-bc97-9c22dba2b2a2", "value": "1536:nThUDbgT1fAgRSrmzxwNrVIGP4JJC9jSA:2X+1fANrmzy5IsAM9z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695666028, "uuid": "a7f12955-a35b-4189-a704-bb02384d4c70", "value": 62864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695666028, "uuid": "97e7d1a9-72db-4478-99cd-e483002d1eb9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666028, "uuid": "f0509784-b1bd-4a1a-a770-65a4170213b0", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec2a5e15-5bf4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695681798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695681798, "uuid": "6dc7de8e-61b6-43c8-983d-6b549771a3c5", "comment": "Malware payload", "value": "ec63a5eb4e1037322348d056672e50c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695681798, "uuid": "67bd6dda-11eb-4f70-a9ab-31f246625237", "comment": "Malware payload", "value": "df14cd5015a1c9b83818e71e34ae93fac428a4b32957685853473a37e6a28cac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695681798, "uuid": "3b7c9df0-931e-4b55-b959-613c094a238c", "comment": "Malware payload", "value": "9b22a239668333bce0a225c60320badf4cd061b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695681798, "uuid": "ffb3845f-a85c-4773-96d7-2cfb25bc6ae7", "comment": "Malware payload", "value": "f5647be52f1e7bc5d1f63d952c9eb68c43cb3410b7a28abdb2ca3e21c58a63831938bfebc5ff315ec8b067a58f263955", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695681798, "uuid": "f4a6eeaf-9615-495b-8d5e-d0c3429e2abd", "value": "T18FA5DF13BB059AA3F392063004A6977B5735A8155B219BC3F14C5BFC6F712C18E3EA6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695681798, "uuid": "27a3501c-3dde-4c29-af77-cb1a67338f18", "value": "53f2a4f27fd57b1249da9577a07670f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695681798, "uuid": "f5198e2a-97a1-4931-899d-667daa59d124", "value": "24576:xowVvqguNIdjKP5hetCQYZmYmJ5D8fZTVK7KEzsl87Pe8KeB5DQrDbs+myrLon1x:SeKrzVxyjbfB50KDTvJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695681798, "uuid": "4b5a8073-be64-4933-8752-5a0e6f330b45", "value": 2248568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695681798, "uuid": "d9cf6f8d-e464-435a-b5b8-1bd0c4cf4b02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695681798, "uuid": "a7683f99-25bc-402f-9c02-638cf8340dc2", "value": "xx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71d78701-5b69-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1695621893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621893, "uuid": "4e694513-68f2-4383-8e58-bb137ec73261", "comment": "Malware payload (AsyncRAT)", "value": "366fd6100354fff6e415b80b49a6d26d", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621893, "uuid": "a432d635-e5d2-41d7-9b40-465af86414e2", "comment": "Malware payload (AsyncRAT)", "value": "df24a99d43a45215c406924222a939e04cbfcf3d187031c5b1ec0e9f1f7668b5", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621893, "uuid": "742a2e56-adfa-42d7-bf1a-9de30dcdece8", "comment": "Malware payload (AsyncRAT)", "value": "5ccd20138615fac9ba34a9eae81d6a9514bb5e7a", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621893, "uuid": "a7727106-24f0-4db8-b7f2-eb901e3b0a65", "comment": "Malware payload (AsyncRAT)", "value": "c581e090deca1807871c8e4366059bb731551d0a97e92aa0073e5df1cda020b69e4fe668c2d8a0088ffd8c652df9cf4f", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621893, "uuid": "23ad8099-31d5-4b4c-a638-090723b1fe41", "value": "T107E49D2AB70ADD11C2990136D1C354244BB3DE866B27EB0B7EC9235A1E037EDDD4E6C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621893, "uuid": "991d3a9d-8d57-471e-aae5-05272859d955", "value": "12288:Bj47yjB5+t46arH3L7BzlkmpUlEkeqiHG9nfBK6hEuZYtr/m/2Au:aURb7BxKlXefG5fBKaLIU2Au", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621893, "uuid": "7e24d818-1a6e-43e2-8449-f5b371bc17f2", "value": 700596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621893, "uuid": "f279fc67-b8a1-421f-b3cb-8b04cc2cdfa0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621893, "uuid": "6359f3f7-54ca-476c-b0ba-d5e270133347", "value": "SPECIFICATION DESIGNS SPAL VA14-BP7C-34S.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ca48165-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695624434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624434, "uuid": "bdf6b470-5a26-4294-a56d-2c05b9adbc16", "comment": "Malware payload (Formbook)", "value": "498c101321635e2a6f7c50478c8d56f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624434, "uuid": "c7ee1ceb-12fa-4755-a938-465c4682a43b", "comment": "Malware payload (Formbook)", "value": "df83d159ad49228a00b4beb9da11a79fada157238da4ba469a234fd11b4d1788", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624434, "uuid": "49b16d47-8356-49b7-9a86-de7bcab10516", "comment": "Malware payload (Formbook)", "value": "7cfd38fc187460a2daa3e6b2f463cd09e6c33c28", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624434, "uuid": "367f2a4f-6761-47a9-a5a2-b8ac286ae1c2", "comment": "Malware payload (Formbook)", "value": "f6d6a10c7263f08065570c3007d505197554bd187ad8c20e4185b9acd15b2888ee7b753f93523b54c6b8d69c43a9cb3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624434, "uuid": "703bbe1c-24aa-4b28-a477-6df8bef0a676", "value": "T1FAD4229CBEEA8B20C898133547AC021687B0F2169908F7A8CF4F54CB5DB67959937F53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624434, "uuid": "9261b9de-1937-476a-ba95-966a34cc9401", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624434, "uuid": "af1ace3c-cc9e-468b-98ef-a22aa5eb6adf", "value": "12288:6t725gZoGvqS43liA9xPkPgyeQkaZsge4pFT+lmHDjnfGaTNZt:7OZFvy4ASgyeQkw5fFSlmHdR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624434, "uuid": "a37a953b-1c90-43e8-9c7f-da77e57fce86", "value": 613376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624434, "uuid": "55706f4c-57f7-4967-abb5-d51bd24d10bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624434, "uuid": "39919f23-593e-4b96-8264-c93d55daeb76", "value": "S004212823122940,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaacc53d-5b6f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695624673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624673, "uuid": "38e33548-8d3c-43a8-ae88-40b7b93dabe1", "comment": "Malware payload (GuLoader)", "value": "3ab3ce030ebeae34e16b5b0b82284fe5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624673, "uuid": "e8308f17-cd39-4195-9d3f-9a13bca60f79", "comment": "Malware payload (GuLoader)", "value": "e111297292c0c04be52043c05b689b170d42049b087cf3fe338d38c2e2b7b567", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624673, "uuid": "03663a51-b73e-4009-a05c-0b187dec7f48", "comment": "Malware payload (GuLoader)", "value": "6974c2adae0edffd0d4c1c881047210b829ddd99", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695624673, "uuid": "9db1f9a7-0e89-47c9-aa04-4840520927e8", "comment": "Malware payload (GuLoader)", "value": "9c2efdb4798090cdbbaf5cca94c574cf74da0f20eac75b36d434f1961646ca2f0ab0c7eddfb396d44153f593cb6632b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624673, "uuid": "74769b7c-763a-4973-be34-1053dcc75d1a", "value": "T1E225F1E3BD289DA6F879B178A42E5523E7B51CF3CE93093ABCD6FE1A4431907051B106", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624673, "uuid": "43f7b3b4-6096-4bfe-abe1-bfc7b65e1f9a", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624673, "uuid": "13db22b8-d5e6-4517-9a93-3c7816408444", "value": "12288:M0X6E4xuyPwGyZIF0XOd9YFepukc10zPsyozhzoF871oQbvKVTv:EE4xEMeqYkLPsjhzJOQbvKVb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695624673, "uuid": "8b534d78-8876-4652-8254-a9662bd1aae9", "value": 1021752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695624673, "uuid": "a49f7c37-3c6f-4c12-8ee2-22772325fecd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695624673, "uuid": "0674e5b2-8f7f-432a-b4a6-c6a5b67878e8", "value": "PIC18LF4520-IPT5100pcs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f3341c4-5b69-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1695621915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621915, "uuid": "0d07e882-d1c8-47a2-a272-6f8a19764282", "comment": "Malware payload (IRATA)", "value": "65564178702f6954291f635fd80dfef5", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621915, "uuid": "4f20da66-6773-4467-b2c2-2642159014a9", "comment": "Malware payload (IRATA)", "value": "e13574c32fe93b854b94c0d5ca310c0a40a1c18aef61faa412bec5f2f10bf82a", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621915, "uuid": "8d368584-af96-4053-a1c2-6827f7414f13", "comment": "Malware payload (IRATA)", "value": "11822ceb0773507103d544b5b80e8d058d4b598a", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621915, "uuid": "b61382fc-3315-482e-97e6-c3cd7fdd2556", "comment": "Malware payload (IRATA)", "value": "d6c1fe569930492e268535e9d64bae42b98bed07508c83d9f0e0d0ff9371de77ca34aefd97b19070f75b2d019a997369", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621915, "uuid": "31e57669-a250-4b4e-bc27-7822ab64fc2a", "value": "T1ABD52243F3B6A1ABC936D13261400337504A4D69CE02FB4A6A9877F935F7EE88BC52D5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621915, "uuid": "042f7dd8-fec1-40a9-bd7c-ad5207e045e2", "value": "49152:3EyjNzPpluqRJZnGBFmm7ZzbjdoxXay+m9ByeNe4yPvhrA24EPBYSUXWdOFs5:31NzPPnJZHUZfmxq7m9AEexPVA2zGSUW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621915, "uuid": "06e6d185-7b86-4fdb-ba66-66a1c97035cb", "value": 2765074, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621915, "uuid": "093eb602-15b4-4aa6-ad71-15ff4189e14c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621915, "uuid": "2abde7fb-0b0c-421c-b918-0216899766d3", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab11fbba-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644323, "uuid": "d105ef10-87b6-43ef-84b2-34626f1c50a3", "comment": "Malware payload (DarkGate)", "value": "9fa0bffa36e80e1bf931125722e1adb5", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644323, "uuid": "5b648c53-cb6d-4e08-a44f-3ae90aa91b48", "comment": "Malware payload (DarkGate)", "value": "e212b43592567aa15dda0e9332dfe444fb142c546f3443ed83c80fed81361fe2", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644323, "uuid": "08499edf-b68c-4562-8329-ae502ec11a98", "comment": "Malware payload (DarkGate)", "value": "60d4b65e61fa12f616e2e1904b8af1527a161f1b", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644323, "uuid": "063fe14f-ca21-4370-b59a-c4afe67fce09", "comment": "Malware payload (DarkGate)", "value": "ca08a185ceeafb609921f3388cf1dc6f4a9006195b1033abb8968c1525da249868baba7a5116ba8e323632d897a77395", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644323, "uuid": "0f29eeaf-7bc9-459c-8533-a36016dcd7d0", "value": "T1BF11968A08653E11E51209714C8207ECEE06F09590317ADFCBDAF978D4CB2C34F45485", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644323, "uuid": "5aa240b9-18e6-4564-bc92-9dd9f17cf01e", "value": "24:9DU+TpNtWfy2r4rHYr8EmYHy4Xx8YZGtlKLQa:95tNcr4rHICAy4zYKMa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644323, "uuid": "b1867974-98fe-48e5-a36e-879971310eb1", "value": 896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644323, "uuid": "53f413b3-743d-435d-bf78-2e2d19d4b96f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644323, "uuid": "aefbcdbd-d600-4a10-bbf8-974c50dcbcfe", "value": "Id.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "499cdd7e-5b98-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695642012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642012, "uuid": "25159b89-b990-442a-92f5-63e593e66954", "comment": "Malware payload (Smoke Loader)", "value": "3eefe80592969a98f7240788e88af74c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642012, "uuid": "33e628fa-3136-4f3e-bce9-61cc39ba7a24", "comment": "Malware payload (Smoke Loader)", "value": "e3863e4304db2fadb48a0589ca8851c6d2186cb5e5ccd219b2bf3e5be18fa074", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642012, "uuid": "d4ddeb50-d0df-4eec-aa4f-9424d0f3cdca", "comment": "Malware payload (Smoke Loader)", "value": "cc13a6d33af9ad5cab34073fa9e7d5b3398da6f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695642012, "uuid": "0c95e871-4c89-4a61-92eb-3f2231701f8a", "comment": "Malware payload (Smoke Loader)", "value": "3217899988ea05f95a8dfecc005783f55aaf8ebcae9f1f7e4477f2589ed03325e3ad8360cf2dd06463a335a505460a52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642012, "uuid": "802a1de4-3e2c-4dee-b42b-bacd18f0ee2f", "value": "T15914C0107AA2F432D1E744745D31D5F4AA3FBC62AB64C55B321B3B6F2E31381AB66312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642012, "uuid": "28661ede-e3f3-4109-a349-e2bf93980d38", "value": "4ea361ab120c57b8b80c2f6f90919695", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642012, "uuid": "f917cfc1-1cbb-4591-90ab-8053542b560b", "value": "3072:BsEG2U08oOnc+1W9XhbpWlncmNpMVviA8a7X6Tg6kDri+8R3Q5C1uT:zG2U08F1eX1Y5HMdmTdkDri+8V1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695642012, "uuid": "75419865-0dad-4177-8ba0-3a0dc6aee079", "value": 203776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695642012, "uuid": "ffcdee68-f7b1-4d05-bf98-fb518ab9cd28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695642012, "uuid": "d728c0d5-a983-44fc-937f-0bd3f47f9583", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "270ca197-5bd1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1695666435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666435, "uuid": "beda8e41-dd4a-445b-842a-ff6aad758f37", "comment": "Malware payload (NetSupport)", "value": "d56a61dc58e673c59d5a8e85bcc82a0a", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666435, "uuid": "0e624f6e-dbfc-44ba-ae6d-d41137d6b8d2", "comment": "Malware payload (NetSupport)", "value": "e47f973b2e997059589fdcb011e2f6095a1251ee54daffef56e060046932f79b", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666435, "uuid": "f6be09c4-3d9f-40af-a127-3f797aae2a76", "comment": "Malware payload (NetSupport)", "value": "9706ad047b41d56827e9afb0f893f4c993c67b8e", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695666435, "uuid": "17af996d-c6cc-4c06-8a36-aadb8482a7c6", "comment": "Malware payload (NetSupport)", "value": "6b3724f6f3ab46fa6ab98627e189c2d76bb93536a25f78ce41a5de558935a19d4164d709c6516d5f60a5bd57e94082ee", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666435, "uuid": "112b3b76-791e-459b-9089-9788c68299f6", "value": "T1B6E5331626A2FBB6C1D1F577E4ACA8104A7DB4BDE4F77476492EA253FA3D031A81F100", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666435, "uuid": "27f6544e-3cf7-4e14-bf24-7ea376855ce5", "value": "98304:t14FXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZc:r4HxYoY59V0redpmQRiNfZc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695666435, "uuid": "a21efdad-e93f-47cb-b907-162417ed5e2c", "value": 3174986, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695666435, "uuid": "8ea9cb86-ff09-4480-84fd-ccc6b002b9d5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695666435, "uuid": "6477a844-ca1a-4fea-89a4-91ce8747781b", "value": "p.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0e72790-5b7d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695630616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630616, "uuid": "f12af655-854f-410a-a350-cba4faadae58", "comment": "Malware payload (Smoke Loader)", "value": "c3669fda3ea90719b27833ae8f91859b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630616, "uuid": "dfcf1cd3-cb83-4fe0-857f-918919b948a7", "comment": "Malware payload (Smoke Loader)", "value": "e4f27ff2d06030334d4ab26fc6acb76dfe874eb3901a11826d8f49884c5a47e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630616, "uuid": "ffadd3f9-fbfc-483c-9c22-85352612dd60", "comment": "Malware payload (Smoke Loader)", "value": "2f36677d0db2f0aa7a8b0e6d81cbcacfdc7c0bfa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695630616, "uuid": "f591009b-da26-449d-964d-8adad03900f9", "comment": "Malware payload (Smoke Loader)", "value": "33bd1458938ca877832bc624d24f9a34768508d8bfd4905c7dfd01526688b9c6cb752dd9dda3b51327754f02e48e58d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630616, "uuid": "2cb327f5-fa30-4db0-8890-311c16076d8a", "value": "T1D344AE00B4D18472D472113205E4EBB69A7EB9214B555AEF77AC0E3F8F707C1A732A7A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630616, "uuid": "ea8b3ce7-820c-49d4-be89-f3d4cdda7877", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630616, "uuid": "62008dcb-987f-45f0-8432-26c9e565a26f", "value": "6144:wR0hrJ+j+5j68KsT6h/OCy5U9uAOfABgTG3XFDybqw6:wRaN+j+5+RsqGGuSBgTI3w6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695630616, "uuid": "d52db9d6-45ab-4dce-b3ae-7178ed9cb27d", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695630616, "uuid": "d7fed1ef-339a-4959-a259-1e422597daf3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695630616, "uuid": "0559a19c-bb22-4a43-a8dc-7c467e926fb3", "value": "SecuriteInfo.com.Win32.Evo-gen.3920.8858", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b5d9d14-5b8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695637747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637747, "uuid": "c1220727-b41b-40f2-9720-f1d57e04924e", "comment": "Malware payload (MysticStealer)", "value": "a66b0c41083c3a24a872306af4b3e37e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637747, "uuid": "3199d99e-f398-44d5-8b90-cff29110badb", "comment": "Malware payload (MysticStealer)", "value": "e61135fdbe0b5b2642016b836277f9462e898854c3e58b812e0553ea70cd80c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637747, "uuid": "57886f1f-aebb-4898-8163-5df1d20d6887", "comment": "Malware payload (MysticStealer)", "value": "8c7f46e156f15c606c1f7162ff1f73040a05003e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695637747, "uuid": "3389252e-4eea-432b-9b40-eb4a53298e0d", "comment": "Malware payload (MysticStealer)", "value": "e936a5dd73124be9e9934a3dfd385f889588ed9e06781c10f135e768835f5ff147e92f275a9d470a272bccb6dedaa626", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637747, "uuid": "7ca7abf7-0eb4-49e0-89d0-b59496a68cdc", "value": "T1B784AF1074D1C073E572573109A4EBBDBB3DB8B0479059EB27B40EBE9B10BC2C9B56A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637747, "uuid": "d600beb0-c6fc-4f2f-9f3d-bec0f4629967", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637747, "uuid": "bde519a4-dab7-49c0-be6c-bc1197e27f84", "value": "6144:2lPhhHX110KwTVSf3pOCq5b6uAOa3DqocbbmlI9p3toHIO//ObK0qwm:2lPX3110dVaUcuU3DqocvmlWp9oHIOaQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695637747, "uuid": "bff1c401-2b8a-4fb0-baef-54f3db2cf4ce", "value": 390008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695637747, "uuid": "086d9beb-4d20-4547-8ca3-34b049b4ae99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695637747, "uuid": "3f55ab4c-d0b5-43b0-a7be-26ba05740f30", "value": "SecuriteInfo.com.Win32.Evo-gen.15245.3227", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3c255d1-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644311, "uuid": "518d08e6-6d78-4f4a-96d0-c16d3245257b", "comment": "Malware payload (DarkGate)", "value": "eb58467c6a8d515a82ca701195798c09", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644311, "uuid": "196b4ef5-7473-4f7a-bfe3-1f636cf2642e", "comment": "Malware payload (DarkGate)", "value": "e74ef46bda8b7ab06ae023ec1f5d6d080fd9af9b18332280de2435a6a5443247", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644311, "uuid": "1f64af19-ee0b-4854-9353-27359ccf2c80", "comment": "Malware payload (DarkGate)", "value": "cf1fd52b765673c2e278d65c1eb803e2268472df", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644311, "uuid": "4f303de8-cadc-4086-ad48-328813abe631", "comment": "Malware payload (DarkGate)", "value": "1c7a1833d3b094043e9ea812799e47bd6aadcbed97f01c3c17b57c4d933565f9769a9b80ff824f3b00730fbc4e7eab87", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644311, "uuid": "036297bd-fe99-4ce1-96df-f88263f816c8", "value": "T1181167274A4DCD1ED47E0DB12E9C1FFC75847B751B45F04A4B23E6706A4796319E106C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644311, "uuid": "405d9e7d-906d-4458-8b2d-ae6f06fadeaf", "value": "24:96oEDhhnE6TArzJ6sGyg8wFxGtnQ9AjVvfPvL8LVO7:96HPDIvGyMFwBlhvvE47", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644311, "uuid": "47c1ab4f-7113-4c0b-b0c3-1057dfebde65", "value": 903, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644311, "uuid": "f55d0465-163b-4b50-821a-7da32a4415a1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644311, "uuid": "f82a99ae-2798-41b7-a836-5fd4a3d612c1", "value": "Yo.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07fe15f2-5be3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Zyklon)", "timestamp": 1695674114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674114, "uuid": "aff29edb-9f35-495e-9252-9dffeb7166d2", "comment": "Malware payload (Zyklon)", "value": "0699af667fe97c6bea49453b85828337", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674114, "uuid": "1d6aae8e-ce54-48ef-bf6c-08a29e688fa9", "comment": "Malware payload (Zyklon)", "value": "ec6f9d90515c1f077c510efde297792a1dec4a5c3b1653baad3155a2df6be0b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674114, "uuid": "db8df5de-c6b0-43db-b2ff-ce9e7919dcb6", "comment": "Malware payload (Zyklon)", "value": "932c783a1043329e85fc394060d9fe2effaf115e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695674114, "uuid": "5364248c-4269-4f47-ab48-d15dc7e56463", "comment": "Malware payload (Zyklon)", "value": "01d949c3e1e6fddd8bd285bdd16f72c6f120300a3540eff408d28a14703e615b8ce628eae61c384b4be9587f23b753c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674114, "uuid": "3f5d106c-5db5-4f4e-bb5c-072dd4b8f712", "value": "T14BD51605790E8C66DC0D01F2CC1359CC29A4DD461E68B79B3AE6B5DA837D2D6F8CE18B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674114, "uuid": "e53acaf1-29ba-464a-b475-2618d1b6ea2c", "value": "49152:iqU9c4aoRRxsvG3hDObR2dsCTjHLcAdHTAygs/22MOZaE1jZUSJOEdKLiSsS+lTC:K9a0EwLE2tY1QHlY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695674114, "uuid": "44cc6046-9265-491d-a85d-04a2bfcb66e3", "value": 2895360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695674114, "uuid": "097a98fb-8338-435d-a6ee-c5f999b104e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695674114, "uuid": "894a1de8-ea40-49b0-ae61-77355828e172", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99ce875b-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1695627114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627114, "uuid": "8390d4d7-c749-4683-a5f6-6d362ae0073d", "comment": "Malware payload (Loki)", "value": "4380a72ccaca1a62fe9d3a2a6103dcdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627114, "uuid": "7cc169f2-ae52-48c7-8f22-c6c3b5c55eee", "comment": "Malware payload (Loki)", "value": "ee827af3614c78745ea2cea46a635cde8ef19382000bda972239ff762b205aea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627114, "uuid": "694bd6e6-c8f9-4ced-9dd4-aa3fcfcec15e", "comment": "Malware payload (Loki)", "value": "76a1a697bbbdd5cd81e38664b894747b650bde41", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695627114, "uuid": "4f6ee516-2365-4e50-b480-284b6efec4de", "comment": "Malware payload (Loki)", "value": "c3ec8078243e53ab154696482d258627010a3a6b5cf6de254e482938d344120f6e9f13688ccc893dddfc027ad4171286", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627114, "uuid": "e0d6ae3b-7e7a-46b7-91bd-22d33525d505", "value": "T134F25C0D77DC6611C3BC79FD85E3955063F4A2E27A42F74FEEC424A82987BD5A902B02", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627114, "uuid": "b2e34a18-9c87-4f0d-82d9-7de71aea54ff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627114, "uuid": "9cda90ab-2012-4c6c-944d-0c30ac7b0435", "value": "768:/tdvP2fxjR6aSSDimEpsAdPX1cbSLLY98mZlsk6oNjMjApK:P2Vsa5FEpsEPX6KU98aMUpK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695627114, "uuid": "695f16f1-0511-4e48-878c-3187ee529363", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695627114, "uuid": "e7e97263-a167-4273-baf6-998295c083db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695627114, "uuid": "f7ed4f4e-e725-4908-9417-bfde1bac363c", "value": "SecuriteInfo.com.Win32.DropperX-gen.18230.29748", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "039ea6c2-5ba4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695647048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647048, "uuid": "128bdec4-b09b-4f74-a400-995b5be75267", "comment": "Malware payload (GuLoader)", "value": "6a0f9d73793f626221873f5073e9fbe8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647048, "uuid": "b4341099-24fd-4b79-b195-79d062e8ff09", "comment": "Malware payload (GuLoader)", "value": "efa1c2b0ae0fcb78ca07904d999e339560ed0a639281ea2936656e183dd35203", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647048, "uuid": "60b4c2c9-1acc-4626-8e5a-4e6c66873ed0", "comment": "Malware payload (GuLoader)", "value": "5b1654db88fb5eaa866426054f8824f7c1c3eb5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695647048, "uuid": "c5ed5262-bf35-4eb5-af6e-ad566e2ad686", "comment": "Malware payload (GuLoader)", "value": "5dd99b44030faf84401f297744e2b0c7fc05adb4da887fd747b5b407ef1cff5b55cb78cfdb16bf77d40759def7840dca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647048, "uuid": "f776ba5d-dad3-48df-85ff-6e1846d33f69", "value": "T1FE45125AB629D15AE9BE6E76DC1EC0F1A6B8BC67D810130B7190FF2E75F2301140BA5C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647048, "uuid": "5c4bb11a-8303-41e0-9556-1360d28e9f83", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647048, "uuid": "c8e42d12-c058-4f67-8c5e-155a013f2364", "value": "24576:/8tZlXeWXulZQx2ut16umk95ACjKC4onl8Q3wlRjMPybTJmUm:UtreWel6Yuto9IACjKCxl13ojMPyblc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695647048, "uuid": "a84a0553-712c-4581-a288-d2d204b488b3", "value": 1260824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695647048, "uuid": "0bf4e068-1c30-4f50-8727-f4353a0b3e65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695647048, "uuid": "7a5c1f7a-6d16-4996-b557-eec3845bce75", "value": "Infantries.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "988a1994-5bd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695667914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667914, "uuid": "6aca2b25-a698-40df-aac6-8a720a3f5c2b", "comment": "Malware payload", "value": "4a5b8828c333d0747bbcf63811c835ba", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667914, "uuid": "a57f31e8-5ac4-4189-b294-1379422c211b", "comment": "Malware payload", "value": "f21641048c363841f9d62cca0c545acdb5c700ce9b11cbafba77bbba024f6e86", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667914, "uuid": "149f0579-d6ee-4702-a380-432f84896054", "comment": "Malware payload", "value": "7657e939e03d8d1c37d7e4073e1dbda352f4f66d", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695667914, "uuid": "5af27c54-de0e-4c2c-883b-51572db513d4", "comment": "Malware payload", "value": "2068661ca47d9da75d9fcdce972d39da7ff533c41ce81f4ae283c552c1870ea875791fdf23f6eaebd4e3cc5de0e8b9bb", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667914, "uuid": "60d37e9c-1cfb-4909-b0f8-e595052fb388", "value": "T1BDD423B0ED92B1FECB650DBA837456CE180323256C6B17D8DD21E909F92D243F27E592", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667914, "uuid": "6cc24468-ebe8-4fd6-9625-5b3bdcbd3de7", "value": "12288:NzWiwOcaU1JkVIXXqzWR1JDSsnirv/vC+Ltwm90TyAFznZtP:Nai41J2InPRXDS5/vC+6m2ZtP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695667914, "uuid": "897b68af-5319-4f72-9b3f-db611e17f33d", "value": 615686, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695667914, "uuid": "fa4b55cc-196c-4cef-8132-952ae3905741", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695667914, "uuid": "27e2977f-ae45-4a4f-8f85-13efa7b37ea7", "value": "PO CBV87654469.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4b194d9-5b7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695629333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629333, "uuid": "79d39ae5-3d8b-4488-a2e1-f58c4787150f", "comment": "Malware payload (Smoke Loader)", "value": "a4fb87ff09cdce39c910307fbd03559a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629333, "uuid": "2284bd9f-561f-438b-8cf0-b71160b685da", "comment": "Malware payload (Smoke Loader)", "value": "f21c6190f1b5ad0e9de92ac6d341f7e2143ac5b3ea62b481a79336afbe6444ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629333, "uuid": "1f7d4a22-0b44-42bc-b04b-1234e601f9b5", "comment": "Malware payload (Smoke Loader)", "value": "6f97915ffd4e4c0aaa9cd2c65e622f8125adb503", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629333, "uuid": "6917c0dc-6616-4052-a447-35dfcc8ce258", "comment": "Malware payload (Smoke Loader)", "value": "701b92b3006bf3bdda367259e698ccca3e00729967f6f31fd2a01d3389118d6c92c6e51ad212eb047074bff9f6945748", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629333, "uuid": "9be299d0-1afd-4eee-8971-346c95e9f524", "value": "T1A914D020B6E1C032D6BB847C5C31C6E06A3BBC62AB75C5CB72543B5F2DB22D25B65342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629333, "uuid": "6aab17a8-6852-4fdd-bb4d-15d2383baef3", "value": "1f916dac39f3ba277c6d2264fad89501", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629333, "uuid": "82f5b33f-a5c0-4ac2-b547-bc0823d964a7", "value": "3072:grCUCQuLVEfN70HMtKDykUG/6uMXpLdGIwu0zX2lpkG5KljLT:gWpLVEfNXA65LdGoqcil", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629333, "uuid": "f91b0b80-995d-4fae-98bc-1ef33a5bbe28", "value": 192512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629333, "uuid": "22435933-dbe8-45d7-936b-6fbc5f08d724", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629333, "uuid": "04d420ec-2ffd-485c-a13b-77ec79f90727", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7431a37-5ba7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695648611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648611, "uuid": "d173b76a-1b98-4a01-b01d-a86358bf1689", "comment": "Malware payload (Smoke Loader)", "value": "772b31095c7d802be7d4143da61a708e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648611, "uuid": "02b1b234-4b87-48d5-bf60-cd190552d3be", "comment": "Malware payload (Smoke Loader)", "value": "f2f444f2d6b0fa864da457731a5d47966a4ab0f47b684c8c5c652356179863c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648611, "uuid": "a2576da0-6a23-49eb-9481-7ea90d10448e", "comment": "Malware payload (Smoke Loader)", "value": "4614416a0d8e8a9d3644381d6e892ca8b13646d1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648611, "uuid": "5e76e52b-50ce-4676-91b1-454e8daac018", "comment": "Malware payload (Smoke Loader)", "value": "b4a9528ecb7657f34ca4a6b4d5322df2767021990388a4133e2b533f8dc196bcf9df5bd77dde0db34fc885e0eeffcc2b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648611, "uuid": "409a8948-557e-467f-a293-bb1107e132b0", "value": "T19744AE11BDE18432D472153209E4DBBA8A3EF9700B6159EF67E44F6E9F303C1A731A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648611, "uuid": "defd1d77-c77c-405a-bef0-d07c92c6033c", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648611, "uuid": "6ef7daca-f357-4a4f-90be-f42900e615b3", "value": "6144:HAD2Lr/V90d2WxjV/hAOPGEds9yxoPGCV:HfLr/E7FjQGCV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648611, "uuid": "dfc1e782-9c46-4919-9a1b-45c32fcc29d5", "value": 260472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648611, "uuid": "e693d699-515d-4526-bf51-2518547cebe2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648611, "uuid": "0a61ddba-eba9-4b53-8460-89f2785e4c13", "value": "SecuriteInfo.com.Trojan.Win32.Injector.9946.11881", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35fea18b-5b75-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GandCrab)", "timestamp": 1695626947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626947, "uuid": "1bddfa40-7401-46de-85b0-50fe63ec5856", "comment": "Malware payload (GandCrab)", "value": "bbc746075edb4edd975b3a117ae136b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626947, "uuid": "cd6abd27-75bb-4171-8797-7b8ad5063da8", "comment": "Malware payload (GandCrab)", "value": "f36d6537e689d31096888db7d3e0dce1709dd8ed429fc5d3d4d44785021ba04f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626947, "uuid": "a814f5b7-bcc5-47f9-bc2b-f2ae8879e0d3", "comment": "Malware payload (GandCrab)", "value": "2dfa71d7d3a3093fdeeba1d57e58f923b29707c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695626947, "uuid": "aba943cb-61ff-4ed3-9441-ebdd354f937e", "comment": "Malware payload (GandCrab)", "value": "a5d6a9a52bdc1ad7a665d02faaeb1d257d3350eac5ac857213da1a98938876b8bc2da0ed9c0354d3a17287d75ecbeb05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gandcrab", "colour": "#BA1E7E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626947, "uuid": "b84ec38e-bb62-4c0b-a5d8-8d311618043d", "value": "T141935B43B5E28871EAB35D351874CA615E3FB9121E208EAF6784176E5E381C09E32F77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626947, "uuid": "40574a01-310b-4998-bbdf-cf2fbccb9665", "value": "330877baf4d1ec8c0605c633b0e3747c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626947, "uuid": "4fd7f00b-6e8c-41bb-8785-5903a52def1e", "value": "1536:q375kopvsdWkMwkoYEpqZlOGbKpQJR9mcsW0cdXXBrN4xb98Zrwky7LIpU:1dWkMBTEcDxwwR9m4XRrN4p9+MkZK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695626947, "uuid": "328bf34e-adea-4e62-8798-c254aeec101e", "value": 95232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695626947, "uuid": "d4e30c22-26e1-42ae-be8b-5854be622879", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695626947, "uuid": "c2edbdb8-bb07-46ef-ab15-1c63d2d84064", "value": "DeviceManager.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f715e6a5-5bbf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695659053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659053, "uuid": "66b9c936-8fcd-4527-9a6b-2247d3246c19", "comment": "Malware payload", "value": "73903a21cfc9157eea7a9c4a2279ed22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659053, "uuid": "5511639e-15f2-43ea-b7ba-4c432eb69c95", "comment": "Malware payload", "value": "f483cd8ec805281238b7bb4c4cc1f408b9e6f38d2ecc635c7b8e06a3c6920be5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659053, "uuid": "94d4b01a-f75f-4b23-b417-5008925a02cf", "comment": "Malware payload", "value": "e2408bcd68bc574866a0eb1cfaa035c118d35f7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695659053, "uuid": "44f2a019-4e01-47ef-835d-20c7b11a9444", "comment": "Malware payload", "value": "4c532817304b5fe76618d75c0e93e9e3b22378c98379bb5f80324e170f51782ecfd60352ad79f90508f2a743346bc65f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659053, "uuid": "85233a40-145a-4106-8a30-37602a3ff235", "value": "T145D4017DAC10033BC6B9C339C6E91907F36051573232DD4986D39B8A4A2B697B9C1B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659053, "uuid": "379f65b2-666d-4eb9-b8de-86499fefa94e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659053, "uuid": "71545503-3a87-4926-b5f7-9780fa5af26e", "value": "12288:mLneY5725dvf+oLfW4JiNlgVnjBjwuGJ6GNj14omRjv:mLqKu3JiNCn1ov4j5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695659053, "uuid": "ebff8407-008f-471d-81ca-000f6238b9db", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695659053, "uuid": "9b51736a-4f35-4630-8f04-07c6bec415b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695659053, "uuid": "4ce6cdef-9dc1-4b4b-8ee8-a9d93607b8a5", "value": "nSOLICITUD DE OFERTA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26b9c624-5b84-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1695633363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633363, "uuid": "28e2a6a6-61fa-41a3-8e31-d1ad493077ad", "comment": "Malware payload (GuLoader)", "value": "2e03d50b283148876087d9421a811b51", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633363, "uuid": "4a5700e8-e763-4e04-b0d3-653ba78b236a", "comment": "Malware payload (GuLoader)", "value": "f4ffe43d7936af4865a21154ac447f7fe196dcb10b6c8d1968c4bf40afbfce54", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633363, "uuid": "69dac874-508d-454f-83d9-71d81a647c24", "comment": "Malware payload (GuLoader)", "value": "9bebb089a1c6a6379b0359569db6f88e19ebd146", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695633363, "uuid": "5b313c5f-e859-4c4e-8524-1f8a7599f0d5", "comment": "Malware payload (GuLoader)", "value": "e876d91753dcb75ee4df37d38cc4bc4fa744a5fe09f8eb1de733ae32561df02a976ae9e99709adf24113cc8972f3e563", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbe", "colour": "#90A20B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633363, "uuid": "b79be4f9-e728-4802-b3cd-1be1780d312c", "value": "T1AA0327A0C6C61A384A4717DEBF02A552C9FE843A8326806DE65C577E615386CCB3FF5C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633363, "uuid": "9a8c80f0-0157-420c-90d0-edb43714da08", "value": "768:corMtwTVlHPwlR5EQi/GobM9qgHQW4lmUwpL9WzAiPhASC0GCG8x:coQqPwN6Gow8OqmfZWki+r7Ox", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695633363, "uuid": "30a8f8dc-3120-41fa-ae55-4f9937134306", "value": 41229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695633363, "uuid": "94d1b057-867c-473d-b32a-f344c7e45b21", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695633363, "uuid": "7647a14c-871f-451f-ac7a-5b785b4020d3", "value": "ODC200000035_SCAN DOCS.vbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4dbe68ec-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695629563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629563, "uuid": "3788f565-eb44-4340-9169-e3657ef3669c", "comment": "Malware payload (AgentTesla)", "value": "7454bc2208e2ce68f4982b2077e0cd4e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629563, "uuid": "90686664-1ca3-4a3c-b809-d47a4089b8da", "comment": "Malware payload (AgentTesla)", "value": "f594785f5e53cbd721f6d848329765aaca8b3527c79d75eb5cfb013ed7cf7cb1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629563, "uuid": "834aa4c5-bc30-4778-adcc-bc3c32609f67", "comment": "Malware payload (AgentTesla)", "value": "486e9605e9f67239b784abf19788ff196219b992", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629563, "uuid": "3885177d-c646-4663-bdb5-47a99d594876", "comment": "Malware payload (AgentTesla)", "value": "e2d359489e44b9389fcc40260230b3e64b62baf2e5a80b3a78b5c0137b7f51fda34a1825d56d843b2b4d23c4667f76eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629563, "uuid": "adccaf77-2b5a-4e59-ae32-444cbaf9ab7a", "value": "T176E4F1213A6C9FE3D67E63F442949A0513F6651E603ED3464DC3B4CB29A1F908F52BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629563, "uuid": "e8a8a195-9a6b-4e05-90f4-cde20a8d93de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629563, "uuid": "d355901b-7494-4d29-84ef-d02acdd9fd64", "value": "12288:3djUU2iNtXfsubWZONLIdSXNV/6HJps8nTEW/gpOz3V:NUU1xiZOudSdV/cPTEW4pA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629563, "uuid": "eb39dea3-a406-41d1-8ce4-73430f6c0ed1", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629563, "uuid": "8442a385-9d81-4ac1-9ce6-f7dec3eb2210", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629563, "uuid": "2bc2fff4-ed17-4e82-8271-1b2cd49c61f2", "value": "ungziped_file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a52b691a-5bb5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1695654621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695654621, "uuid": "03cb191a-17ed-4806-9b3c-33665ed64da8", "comment": "Malware payload", "value": "63cf0c1f471c189fd3223708b73a78fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695654621, "uuid": "6474b013-112a-4230-b0c1-bf387aa98420", "comment": "Malware payload", "value": "f68cc9e29f1ecfff3aa27db553bb3cfb144db3a13b34e691cfc8cd0844c23d32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695654621, "uuid": "db11f329-b13e-48f2-9918-e971fa7f264a", "comment": "Malware payload", "value": "ecc767c00c03791a772f27527ac0c8ab6f26c590", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695654621, "uuid": "6605ff4d-c4cf-4d6d-88b2-f3c60ddb0856", "comment": "Malware payload", "value": "248c1b804aae589f3d167de95fa763117917c07f087d7387a2fb29d618b28b72f373b494b91047bfc9d5cd8a888944c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695654621, "uuid": "d131de0b-5392-44d0-ab45-7948690e81a4", "value": "T1B8054951BBEACA63D09F3772F8B10A1927F1E849F6A6F74F454916A81C977002D8036F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695654621, "uuid": "72a835fd-2d0f-4794-a950-3b5cc82c87fe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695654621, "uuid": "af77b9c8-3fcb-4e4f-941d-04e7425a9451", "value": "24576:zsMKc6EI7yf/5P7WfFeGk+XUS5G0Po6S4jJgZSOW:sfo6S4jnt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695654621, "uuid": "27c49666-90fd-4be2-8f19-10d0db3701cd", "value": 801792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695654621, "uuid": "5b8e88cb-ae21-4e55-b2d1-c7fc7e317908", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695654621, "uuid": "aa82e18f-8424-40a1-8fed-a25a777cc0fd", "value": "NEW ORDER 09-25-23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7eb45e7-5ba7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1695648612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648612, "uuid": "7e96b246-16a9-4a7b-88a4-b392aec18709", "comment": "Malware payload (MysticStealer)", "value": "8cb0cf4d594dbf49a263d7a5e5a97f66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648612, "uuid": "73373dfb-4fce-4b65-9034-2a06eae564d3", "comment": "Malware payload (MysticStealer)", "value": "f6f01d9bb11a8815d92f74da8ee5754a0dc789920e2f0674b3bc2d95a0f930b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648612, "uuid": "47b7f01b-d79c-44dc-820b-2baf6dc59769", "comment": "Malware payload (MysticStealer)", "value": "1e83a2c8aed3e2e7cccf50dcfbd12bdf2409b762", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695648612, "uuid": "5e27de41-6ebb-44b2-9694-124790092087", "comment": "Malware payload (MysticStealer)", "value": "753dba565fdb5a0e2882660e9889caf559b1d36d0e36fd49e395b6564e318bb7be3e23fb17d0a67fa0c9e2292d46b96d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648612, "uuid": "8994ef4d-3f74-414d-a4a7-9bf6a23ec4c6", "value": "T13A84AD91F9C1CC7ED072143109E4D6794B3EB8360E004ADFB3B51B6A1EA9383A676DD6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648612, "uuid": "b0212a8a-f661-411d-865e-766da5458331", "value": "25da225cc3303495dec08a79bb284954", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648612, "uuid": "76460111-18ac-45e9-ae67-f6ea8bad51d2", "value": "6144:YqXAxlt3fuPgyxhV5dAOP6xM4UWoYy0sRmZbTwkwASF0fZLLnLLB9BxwVoPGCH:YjxltWT9dLWoYy6ZbTwNafTRGCH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695648612, "uuid": "dfe04dc8-2c89-4da6-a6e0-1b300e407f15", "value": 373112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695648612, "uuid": "99f71a27-53f4-4258-8c0f-bbc7cd76a059", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695648612, "uuid": "c55a07bc-972c-4e51-bbb1-cb98d29e6801", "value": "SecuriteInfo.com.Trojan.Win32.Injector.5284.2370", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb94c4a6-5b5c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1695616433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616433, "uuid": "e528c17c-5bcd-4cbf-a931-55b2ae43ff92", "comment": "Malware payload (RemcosRAT)", "value": "5c33b291904e426eb16a59da9f6430f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616433, "uuid": "800341fd-a5cb-4f1e-adc2-b526d5c34583", "comment": "Malware payload (RemcosRAT)", "value": "f7838011d80f88b2b618bb27382f58ab8d96b9d6ead76c17ece8b19e2a7403a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616433, "uuid": "138ed0a0-fe84-48e9-bdad-03ee345db2b4", "comment": "Malware payload (RemcosRAT)", "value": "51ed2cbc8431882f11a12455de3700a486c7c351", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695616433, "uuid": "e9b97a44-89c3-4488-b715-5a33b97960a6", "comment": "Malware payload (RemcosRAT)", "value": "99cbb7ab17696e5c2b7aa04b16d67f4d465e55140812ec6be0e2ac4053752435ff48e9ddb723fe27c9cab202eb243d00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616433, "uuid": "fd971094-453d-4bac-a2e5-325757cb6225", "value": "T13B2502B4EAEBCCADC4B5113C1120955209B2EEC65702F7E8E45D7C3A9C34742B666B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616433, "uuid": "ec560d17-0e3d-49e0-8e7e-480b42e46e84", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616433, "uuid": "5e75355e-13ba-47da-84fe-4b779668c5a0", "value": "24576:J/NdGqnhWEIEwkRpStXdiMBESZzx39Y7eOJH8:JldG8IEwkRpMdZEWx39Y7eOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695616433, "uuid": "0428aae8-e6a1-4b5f-b153-399c4e8e6e1b", "value": 987648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695616433, "uuid": "37f4f41d-46a6-4244-8dff-ea0ce5a76a52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695616433, "uuid": "121160b3-09e8-4777-a386-96f359c3b9e9", "value": "SecuriteInfo.com.Win32.PWSX-gen.20680.28636", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d254ca59-5b68-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1695621625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621625, "uuid": "9b13b680-5acd-4f03-9f3c-d29aaf75beba", "comment": "Malware payload (Smoke Loader)", "value": "251579f447a8bc4fc146b12edba6751b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621625, "uuid": "3c6e3961-3ad0-43a2-ad77-66e434cf4eec", "comment": "Malware payload (Smoke Loader)", "value": "f8248a8cba20836e70d81d5f004018f32701a6c21a9c177cb83316955652a21d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621625, "uuid": "e4e70189-f12f-4b66-b11a-0baf2c34dd83", "comment": "Malware payload (Smoke Loader)", "value": "0f14f14f8f7b66db96e13b6984acbc4b326654cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621625, "uuid": "bd775a28-ac59-4100-a662-86a53f70813e", "comment": "Malware payload (Smoke Loader)", "value": "cedcbfb68c9866c956ef2c495c6f1d4b91c920b1b4ea77a59e35b1bab616c75c20f68aef9931a08a8e140b5cc466c71b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621625, "uuid": "c8d4f1b4-7b65-4bfe-85e2-70496bb9f755", "value": "T1E144AE01B4D18473D472113309E4EBB65A3EB92047555AEF6BF40F7E8F607C1A732AAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621625, "uuid": "fb5c11e3-897a-4fb4-943a-e0ab15523df0", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621625, "uuid": "8877a0ae-6ca7-4b2a-8de1-352f83230acb", "value": "6144:qRKacMQ+j+5j68KsT6h/OCy5UKuAORgaw4Qw6:qRKh7+j+5+RsqGhucJw6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621625, "uuid": "b3100fde-320a-401d-8696-43dbd6595d57", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621625, "uuid": "83eb9714-4382-4ac4-b86d-9bb37a9e2e18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621625, "uuid": "e40b1804-3321-4c78-8ebd-ae34f91b9f65", "value": "251579f447a8bc4fc146b12edba6751b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "242dbbf6-5bb2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1695653116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653116, "uuid": "e79295c8-78d8-4171-b258-9a71f2d43512", "comment": "Malware payload (RecordBreaker)", "value": "a68c75b2c8fb10543207ffd80c44f9e1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653116, "uuid": "c8c1ae5c-1976-4a01-9da0-4c60f77bc9e4", "comment": "Malware payload (RecordBreaker)", "value": "f8428d6c7d75839c0e9f922021ee2e08cb3091d2bbd700e40d63f69a0aa4ccca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653116, "uuid": "8014a072-f85f-4897-93db-10eff2594c4c", "comment": "Malware payload (RecordBreaker)", "value": "cbc7606ac79549705793a24ecdca329eb4caf368", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695653116, "uuid": "2792a3bd-08ae-4f0d-bbb4-dfb218f0438e", "comment": "Malware payload (RecordBreaker)", "value": "e3c04758ab3a4c2a632cc6f7a2065ff55352f091b47166fa3a87a6395a6adfb6faa92f9cdedbdab8c6c72ddf5ba989eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653116, "uuid": "82c4c836-0056-4e08-8c64-24c447d52d4c", "value": "T16965BE117AC5D033D27211324929B22A95EDB9710F3167CF63D8077E6FBC4C26A36A6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653116, "uuid": "fab3eb1d-d358-4bd1-8957-ad332adee644", "value": "4f6aca01cc66164ab8deb62e6362f1b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653116, "uuid": "81689161-ec4d-46b9-a9d9-d197337d1664", "value": "24576:FovgwKyJEvHf3NITM1f2sJ5wxmkOJdPPARoxV79uvBtGhG0xTavOH:FoowKyOv/3NITM1f2sJ5wxXOJZA+QZtM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695653116, "uuid": "5407b5c5-9759-4c51-a1cf-eb77aa48a7a5", "value": 1408928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695653116, "uuid": "978bbc00-f558-4a2e-8c76-010cb4fe2ad8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695653116, "uuid": "d2842ded-c81a-4c32-aac9-999d5ab42f4a", "value": "ChromeSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4689675e-5b7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1695629551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629551, "uuid": "2a78d880-85d7-4817-a476-d4e936104e0a", "comment": "Malware payload (Formbook)", "value": "d4bf115aa1488313dff7d2b0af4d1854", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629551, "uuid": "cc9d2f52-df99-4bd3-ae54-4bf114fe5799", "comment": "Malware payload (Formbook)", "value": "f93c2d5447563c24b8a60a7404a32155093ecf40afeb7345490bc8ba2e87cd14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629551, "uuid": "5e4105fe-3803-40f8-8436-20cb40f8ac0c", "comment": "Malware payload (Formbook)", "value": "0215dae293f61481fc511a4f7dc038b21302191f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695629551, "uuid": "0151dd88-1234-44c7-90fa-6cfe61d0a113", "comment": "Malware payload (Formbook)", "value": "7b65d4bd6cf0bc708d2bd9565f34a9abff487e9f036f44b97ab2284c0717ddb8929ba3846129d89dd35d19d5fbb131a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629551, "uuid": "47217f0f-4a1f-4e5f-a7f6-8678a643247e", "value": "T142D4231E1BE40A58CCBE1B7814E61450A3BA9CC16451DF8C7ED233757CE73E27264EAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629551, "uuid": "acb9d5d6-d177-4068-811c-3590f86dcb2a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629551, "uuid": "9b9f2806-f62e-4d37-a625-3705d9dd08ab", "value": "12288:QrD6nPCz35UKbhwTjSmbgbTyzEBWVcSqZCNptL8aPvaDCrj2qe+ip50KDO:iDD3RQjSm8bTyAUVcctb2Q0cKD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695629551, "uuid": "78110d98-e4d7-4b8b-bf50-c9e3084586b0", "value": 645632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695629551, "uuid": "e7dd1928-2463-4996-b5bd-524dd12d8e48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695629551, "uuid": "40328a49-3d63-4c5f-8f6e-b9fc968d755c", "value": "Longmark PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40caa864-5b69-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695621811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621811, "uuid": "583ef747-3bd5-4962-b63a-c70f7b4c16e5", "comment": "Malware payload (AgentTesla)", "value": "f4f17865d15852d7ca7acc8a3458e3ba", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621811, "uuid": "efb4bcaa-00c4-409e-a9e1-8906acd45834", "comment": "Malware payload (AgentTesla)", "value": "fa6cfed07797c6a3fc1962de2c17bc2065431f4fdfa209b77d8a7f28051ec2d8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621811, "uuid": "adad266c-bfee-4519-b479-93a0e1f78e84", "comment": "Malware payload (AgentTesla)", "value": "041a89729db626b52ccb6734a543d24775206edc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621811, "uuid": "ae721cc8-73fc-4d51-975f-a65bf7a677e7", "comment": "Malware payload (AgentTesla)", "value": "11831f13f2f1062eeaa620d988687aca4e833275539eec07905b32ddb2c004ede64a1a21d10e94848cfeae8e5896aa08", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621811, "uuid": "92f45e2c-9914-4a48-bd44-fb8c634786e8", "value": "T1A5D423DD79928B31C80D537B67DD066B4370F29CF912F3A88A8A254B0E7234C6661F5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621811, "uuid": "2f3cd857-480f-4360-8b9e-bb8ff39e81e7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621811, "uuid": "9c050bbf-d8c1-41a5-be21-ddef14c3f4a8", "value": "12288:0725B9c4klaJEJ/hbedok6Vl+zTE40UvuPyHn+9YVFa7WkERBgahOhB:Htc4klKE5hbSokmAQ4Dvu6+7cgrB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621811, "uuid": "030edce9-7761-4291-8513-0ade080b82cc", "value": 603136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621811, "uuid": "a5ffce3e-3da4-40ff-a41d-5ddf0972108c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621811, "uuid": "83924acb-71de-4250-a37e-fb3a6ade59dc", "value": "ORIGINAL.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b12e2db-5b69-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1695621801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621801, "uuid": "6a72337e-680e-467f-bf3e-1d994ca63df2", "comment": "Malware payload (AgentTesla)", "value": "ec922759c96dafc5937c322d95227e42", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621801, "uuid": "b55b1423-9381-41a3-a1eb-cea4e8d62133", "comment": "Malware payload (AgentTesla)", "value": "fbd1fe0180a3ca59c59e45a69395424da4dea9a83e75fcda3c73469676edf860", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621801, "uuid": "b4ab79ce-ca38-443b-9ff0-cd23a27fc8c8", "comment": "Malware payload (AgentTesla)", "value": "558dd9ce857093e1615000c5c70fa7e952a999d1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695621801, "uuid": "bf045d16-e420-49c4-96b8-a440893c56fd", "comment": "Malware payload (AgentTesla)", "value": "f44fae340237dee44c0f50027f14e5de8da517cbbd43d72eb0314c8d53c998e056125a93d57b35c3535da34ac1a27dc8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621801, "uuid": "cff87397-4943-4400-a356-560715250463", "value": "T13245239D7A918B31C40C537B67ED066B4370F298F912E3A8BA8E254B0F7234C5661F5B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621801, "uuid": "cc9b3dbd-d339-45fd-9fd6-c6db44944810", "value": "12288:1725B9c4klaJEJ/hbedok6Vl+zTE40UvuPyHn+9YVFa7WkERBgahOhB:ctc4klKE5hbSokmAQ4Dvu6+7cgrB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695621801, "uuid": "32f84fd7-2cc3-49fd-9370-b8804411a04f", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695621801, "uuid": "cdb35c8c-dec7-441d-976d-3f95f6588ca9", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695621801, "uuid": "da722016-1440-4af3-8169-a536bbea177f", "value": "Original Shipping Document.pdf.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57bf07fd-5b6e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1695623997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623997, "uuid": "4170e264-5c3b-42ff-9b2e-b0af31e8f388", "comment": "Malware payload (RedLineStealer)", "value": "14903b4a2bf915d7807054a7efdfa39b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623997, "uuid": "c70d3419-f824-48ab-ab30-f1f07ed1e363", "comment": "Malware payload (RedLineStealer)", "value": "fd36eff47ab8eefc9645f11b38a2a7c11ce9b36a76fd8f5f3c1aebe4d4c57c6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623997, "uuid": "28dccef2-6ebf-4baf-9844-d7555e0d4e6a", "comment": "Malware payload (RedLineStealer)", "value": "614733b0ca2635c6bcbaf592b6c917fc0fbc1891", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695623997, "uuid": "bdcb50e6-a914-452c-9d96-66287ec4a79f", "comment": "Malware payload (RedLineStealer)", "value": "b14f17d095fef526b160e15797c4682318a57724dd7479134cc7f54ced9ba1148bcf9b773ce79ef14784230f6e89d1c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623997, "uuid": "39f827ce-9fd0-4b53-aeef-b5f32d9aa6c7", "value": "T18F44AE00B4D1C472D47211320BE4EBF65A7EB9310B559AEF67940E7F8F607C1A7326AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623997, "uuid": "f340b9da-6725-4b70-a9fb-15526afce754", "value": "8ddc982ec86bc15061e6b2eab1424dec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623997, "uuid": "27fb6b57-ebf4-4649-b967-263f1ff34ee8", "value": "6144:tRAcMQ+j+5j68KsT6h/OCy5UKuAOYgea/vIFnTfYwK:tRT7+j+5+RsqGhuH//g5AwK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695623997, "uuid": "4e97636d-b3d6-4f54-842a-d9fa10308ce5", "value": 277368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695623997, "uuid": "121c8bf7-c3a4-47e8-8b63-f9ac3f69935b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695623997, "uuid": "fe5a4a86-28b2-4eaa-baa4-dabf1b4eca62", "value": "SecuriteInfo.com.Win32.Evo-gen.24613.8476", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adbeb44c-5b9d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1695644327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644327, "uuid": "06c5b10f-890a-47cc-b780-990560f89fec", "comment": "Malware payload (DarkGate)", "value": "64731b1f6f0c1788b63d2079e648b868", "object_relation": "md5", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644327, "uuid": "7a5adf39-736b-4708-883e-2274854400aa", "comment": "Malware payload (DarkGate)", "value": "fe9817d786a682e352bc63be94d76adea1c7b73c7fafa087003f05b7a6922ced", "object_relation": "sha256", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644327, "uuid": "69e9aac1-c9dd-4ba1-b577-33056c3b74e3", "comment": "Malware payload (DarkGate)", "value": "7f7e73b4425c56afe05ba32604327098bbaba10f", "object_relation": "sha1", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1695644327, "uuid": "5dc89c00-d9de-448e-9329-c5ce0202f0d9", "comment": "Malware payload (DarkGate)", "value": "cd5a54a7d226bdc7838b9f2147f2bde90523715741b37ee8ee2766893187636c65724950c87ee5884e4443ac26ea4810", "object_relation": "sha3-384", "Tag": [ { "name": "94-228-169-143--2351", "colour": "#39538F", "exportable": true, "hide_tag": false }, { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644327, "uuid": "8573f4b6-93d1-4c36-bc0a-ba4cef41040b", "value": "T12F1163C3664B5E2DD01656394C034656188704AF2918EA7D133317A7620F37249798EE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644327, "uuid": "77f9a1b3-7886-4859-9a40-58a1484bc759", "value": "24:9jiymj/psjW1yW1qJ/XNF+7JTTi3QqY4nKU11OXP:9k/pTIF97QF4nKU1kP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1695644327, "uuid": "70ed5249-58a6-4d97-a3c5-331d16287ad4", "value": 887, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1695644327, "uuid": "e00fb534-8fb5-4c66-bd9c-470fbaedc498", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1695644327, "uuid": "42772608-f309-40f9-9770-4bfbd9175099", "value": "Buj.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }