{ "Event": { "published": true, "date": "2023-03-22", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-03-22", "timestamp": 1679529781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "047516b6-9508-49ec-ac42-8bbd50f5f72f", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27434ddd-c8a1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679482999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482999, "uuid": "daf4597e-54c0-4614-a5c8-067fe9511748", "comment": "Malware payload (Gozi)", "value": "be4e2a2324e6aa30b51fea2fb4e6bc78", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482999, "uuid": "879f1d44-496c-4c30-9c16-4b288de665f4", "comment": "Malware payload (Gozi)", "value": "00564cada64d7d055eb8b5c5b6d4c86ae4517352c41ee3d49abe0d3c75fe3ef3", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482999, "uuid": "2549a385-5906-4715-b7e6-254843737411", "comment": "Malware payload (Gozi)", "value": "ef7ce2271f6d3600551511c22a3945bbb4ba9fb8", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482999, "uuid": "1a62281d-3e2c-4f63-ac40-e6cc9ff8a9dc", "comment": "Malware payload (Gozi)", "value": "a7c200043c9ba21e346e988d8792925881423a7807dacaad915013fabfae5b28d533209455924ab13612d4dc3075f044", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482999, "uuid": "02d3073f-59c6-44b3-a161-2cd3736a8100", "value": "T1C4339E0E36E483B3C6F2F6790B35BBE8B3D9D22051369140D750598A5F56867E63B307", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482999, "uuid": "2d7da6a3-37ff-4e92-b0fe-0cd1f546dab8", "value": "768:QqkeqVT05kGF8/E4wOefb+HhW4gIJq+YZKR8YkgeTJdMRhK3D1Gc0B:QDeqo8/Ehz4w4gIT9kgwJdMuD1GcM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679482999, "uuid": "4009c7ec-9f7c-4e9f-b1b6-0ad6bed4a8e1", "value": 53248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679482999, "uuid": "bdd2f8d6-8804-482e-9397-f845a3bdf59b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482999, "uuid": "9b72d6e7-2cb3-4ca0-8642-3f0053a104dc", "value": "modified_binary_file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c54391d-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500563, "uuid": "3160e4d3-7e50-4fa8-a3f1-ac1e1b5459ef", "comment": "Malware payload (SnakeKeylogger)", "value": "87ca07e743d3730635842f25ec99398d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500563, "uuid": "d609a135-9db6-4e6b-a9ee-7dcf315a5883", "comment": "Malware payload (SnakeKeylogger)", "value": "008a18d1c20cb7b7bf26846bafe486b277c90bbb0cc7d1380645513818f5041c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500563, "uuid": "b4e10bf6-2083-425e-a6cb-0529ac803c70", "comment": "Malware payload (SnakeKeylogger)", "value": "98332ba6ff6b3a8b1eb96f5e7cae4d545b24c3af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500563, "uuid": "e235c2ad-519d-4f7c-b45f-43b793088168", "comment": "Malware payload (SnakeKeylogger)", "value": "ac096346b9e0a5ddcc2f60fdc1dcecd8861c8139124d108dc82e9ae926c77e49c0374a95163c01f3e5bd9a9b7a4eb5e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500563, "uuid": "7ca16350-bfcd-4945-955a-3ba02b5f3a29", "value": "T1B194E0509A7E5A63E2C5737EAF42C3B003728E4C2202D79525E87D2F3EBFB5394452A5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500563, "uuid": "03e2df96-8d36-420c-a165-db4c814934fd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500563, "uuid": "1d9daef1-1fad-44c2-a868-3f60ad247608", "value": "6144:tvc59sL+VFWtlEtxbdzeialHVVslOo/YGRJp0FCmbCQYLtgCAwM2:t0lW/EtxbdzeialHVOl/9oFCVQYSCA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500563, "uuid": "b1f2c8f8-2069-419c-80a3-5fb2747170c7", "value": 412160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500563, "uuid": "441ac256-0d2c-42e2-b59b-45b18b674c78", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500563, "uuid": "c7661d01-fa33-4ef6-8d1e-e44079e888a9", "value": "New.Purchase-Order2023.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1226ffa5-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679467501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467501, "uuid": "5aefd17f-1a4a-414b-9197-0004e5b903f5", "comment": "Malware payload (AgentTesla)", "value": "aab0efeffaee8ccddd956b602002217d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467501, "uuid": "fd1ac273-8656-4fd1-9487-624d95b8f79d", "comment": "Malware payload (AgentTesla)", "value": "00d8ac72e19602b0978ccc378c7e2cca282573db5bbf63d792438bee8d98cb49", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467501, "uuid": "519d2b03-13f2-44af-bfd0-25e124970da5", "comment": "Malware payload (AgentTesla)", "value": "7e926e8ffc86deb65dfacd5c698134ca42dc78ac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467501, "uuid": "094c8f67-871c-415b-bc9f-11c76e13c298", "comment": "Malware payload (AgentTesla)", "value": "6f60587689431c81cdca58041ba2b7ee02bcca303fed375f19a229309ff3f46c273d059f73118952f70d5d9e3040f64b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467501, "uuid": "2efd4850-1144-4bdd-bf19-c724c5064125", "value": "T1AAA423A27D9C6336DABE53F10132943557B2272F3431E68F0C8932CC6A96B902E54E77", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467501, "uuid": "1b4a4ba6-a918-4a73-85d7-743368951a7f", "value": "12288:LS9gOrY+/Vtrc3x8yLcJOzgMZbYZ0OY+zVGziaAUPrC:LS95TdIKyI8zgM+0gVsPAUP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467501, "uuid": "f330cb93-ec74-4a71-8afb-4e21b2cf5803", "value": 468480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467501, "uuid": "6ba545b7-5d76-42f0-a046-e06d2a9f882e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467501, "uuid": "724aeac2-e756-4740-9a1c-0fec293f7459", "value": "SOA 9206174.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be059a05-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679469508, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469508, "uuid": "80cdb5be-f263-458c-b425-a4e6d1c65ebf", "comment": "Malware payload (Gozi)", "value": "0b02eb8c341484e612cb8b2872f51c0b", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469508, "uuid": "a19efdaf-6135-4a0e-97b0-1871d86db65f", "comment": "Malware payload (Gozi)", "value": "0181387ef95cd10f20b504d56163c841ef5b710ca9c7b93f01bb7c8cfa0eb1a3", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469508, "uuid": "4174f6fa-6f7a-448e-b3f4-de3229ee64af", "comment": "Malware payload (Gozi)", "value": "24fad48b18ee0392d683f7e68565b345f1e6ccf9", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469508, "uuid": "40313e35-a49d-4cfd-bb53-8338a4eeeb95", "comment": "Malware payload (Gozi)", "value": "32b9c44bed9a3fe77f336d3f73fa16c0f6024cf3527b707d17a0674cbd892e317cf2c149a618b67eb484bea50d48017b", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469508, "uuid": "2cd98602-f57d-412a-8d91-b986460e5ad2", "value": "T118F0550009AF2992C10B073AF6F26125EA3876CAF4847102681C21C52899EDA2B02BEF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469508, "uuid": "cca7c588-d87e-4eaf-bd1a-171a9901a4d1", "value": "12:5jEiogz2Mpesp7Wq+tWWkASiXBwUMs0lFD7I2xP:9vo498Vq+tWWkSiUMjXgw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469508, "uuid": "6f4738db-7b9c-4991-82a9-a0403aae03f4", "value": 491, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469508, "uuid": "17aae1ad-e989-4afb-ac10-5dfb17c9dd4d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469508, "uuid": "0f4db2ca-c5cf-4057-8cd1-09fea6a7af64", "value": "Documenti722.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "084b2cc5-c893-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679476934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476934, "uuid": "2fcbeac3-079c-48a2-a62b-24c3a1ffac03", "comment": "Malware payload (RedLineStealer)", "value": "7182a1901ece1603c626ac4688a91dbe", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-7204", "colour": "#8190D0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476934, "uuid": "88d2708b-e1a3-467c-9bd3-feb25af361bd", "comment": "Malware payload (RedLineStealer)", "value": "01894350fc508a3145ac9b78d912cc070ce91750bda3eda67bdbae066628dd56", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-7204", "colour": "#8190D0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476934, "uuid": "98f6c87f-d909-4c2e-8520-01e6b1bbcaf4", "comment": "Malware payload (RedLineStealer)", "value": "deb0656e5dafeda2477ba3c260fcdfa556a63a65", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-7204", "colour": "#8190D0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476934, "uuid": "2e7762d0-9b32-4d5c-ac35-551d22ed20ce", "comment": "Malware payload (RedLineStealer)", "value": "d19cda764da240be85d23bafa35a13a312486bb1f717669a9b20181ea8e5246ebb8712842910858684f69a233309bb97", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-7204", "colour": "#8190D0", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476934, "uuid": "f42acae3-d0b5-4eae-bb70-e9f8c1d9cda9", "value": "T1FD37335B65A517A8AEED23A40E57E08CF314B6CC72B12CE690834225F1F9BFC4C6B45D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476934, "uuid": "2e3de8ce-0cc2-4e43-b39e-f0006987fa76", "value": "393216:hdIRt4x3C+A2QlUgF+Ii8oH3az1eLw4Af9ADtWGdZDdKxxu14X6MvPeYrzb:4kxCznUqi5MceKtLdZDQNX6CeYfb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679476934, "uuid": "249823e3-0821-4a8e-a201-bce1311a0ac6", "value": 22524462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679476934, "uuid": "87c6de98-03ef-4f3e-846f-b08f58de920b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476934, "uuid": "8c9f95e3-23d5-46a7-8183-377106dd3fb6", "value": "Kiddions_Mod_Menu.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c2e9060-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471974, "uuid": "8563f7d5-ffde-46ea-b2ba-68e9463b07d1", "comment": "Malware payload (Mirai)", "value": "4ea3e5f069ff5a4fd9db65302e415eff", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471974, "uuid": "da3e8f33-ef18-414a-ae3d-d742344dc8f8", "comment": "Malware payload (Mirai)", "value": "01df5a9434d9411959d0feb6479f1d95be7b03d15752b1aa0bc4c6c22b7136ea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471974, "uuid": "a2d00c13-8ae7-4432-b44c-a4db6e36b0a3", "comment": "Malware payload (Mirai)", "value": "b4bb3133286b37fe1058d2eced439e032ea5a659", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471974, "uuid": "a83e1b3d-e4a0-47fe-b952-1201e21b7c6e", "comment": "Malware payload (Mirai)", "value": "7d0b446b81439036cb9c5e642931c45e9ccc20ed1ab8b91d6431e92e8dd5c4fa27626bddbaa6632791a1fd46d99ba368", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471974, "uuid": "9678bb6c-fec6-4dcb-9ba0-9bab95bf42b9", "value": "T10B733B99B4019FBCF98BDAFA41150E09F92063009F930F27B267FE937D620A59D47D86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471974, "uuid": "5df5c46f-2d56-49fb-a9be-13acd8871d06", "value": "1536:S2ESfSK657LcTZhtXiPZOpOJqSRKWWXfSyOth9Z288R:qK6BYhiPUp0qCfJhbq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471974, "uuid": "a3bcfba3-423c-4cf8-9d0b-f9393a9b94ec", "value": 74096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471974, "uuid": "27b29e8a-7f25-4044-a7ed-5d84a340e4ed", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471974, "uuid": "35d4402b-29c6-44a5-987e-07429de5840f", "value": "4ea3e5f069ff5a4fd9db65302e415eff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9bfb6c4-c8da-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679507806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507806, "uuid": "16d390a7-18a7-41ad-b191-96b9852de15f", "comment": "Malware payload (Gozi)", "value": "84e09cad8b6920a20d04bc92283c035f", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507806, "uuid": "740d145d-0932-4f8f-b95b-402f31d261a2", "comment": "Malware payload (Gozi)", "value": "026c052e20f87a3b6f757184c8739611bf721bc746a94d2afe2814225d0a8a81", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507806, "uuid": "cc128c41-ae4e-4c5d-a3e2-c4247181ea68", "comment": "Malware payload (Gozi)", "value": "b9e2546c210a803e638dbcc04da0f793362a6a6f", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507806, "uuid": "0908c08f-3670-4ad2-9ab2-25f0f560fb38", "comment": "Malware payload (Gozi)", "value": "850eb8bf8c166b12545a94053df69751872ba1aabaffaba5720784adc4b10d8064120ed2cfb89bc52bc149627d9ea8ff", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507806, "uuid": "897c4185-7f2c-4fb5-b62a-bc6e5dcfc5ad", "value": "T1EBF0A735C148D1B1C69D5A7520F6157265B88BDA96C06097CD19A011399A78A0716EC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507806, "uuid": "f63db30a-cb7e-4a95-810d-b60549251739", "value": "12:5jieEwXEkEpZV6csBZhgyVFEkxE3gdVEkEIyo+o+miR/:9i9w0z0ccZq5oizHo+o+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507806, "uuid": "aae06bb0-80f4-4443-9c4f-60b064abba39", "value": 509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507806, "uuid": "c3a6d857-8afc-41e5-8887-71f77dc559b8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507806, "uuid": "0455d068-6d38-4b55-9cf5-e12ee2546aa4", "value": "Informazioni772.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cc78ceb-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512375, "uuid": "71a27124-53b0-48c8-ad79-3ccd6ae73eb7", "comment": "Malware payload", "value": "98b40cdfadd0127e19434257c009ab54", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512375, "uuid": "dce4bcf4-cdfb-4ec8-8666-6f4b005edf0c", "comment": "Malware payload", "value": "02d06fe41be6335f3a8bf9d5dbbd4c2c7ff1b6779085bd2207bed28e7ee206ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512375, "uuid": "a4de2fbb-c60e-4348-9c36-580109e399d5", "comment": "Malware payload", "value": "f2e807df6e60d28ad95d9fdd4de462f57767caba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512375, "uuid": "82216169-96c8-412f-a1d9-91da175b64fa", "comment": "Malware payload", "value": "2b82bc4382d3cddea137b84dfef033d28114818b728f24766f38ed99be480e6a40f7f338d660886ef112838cc6e340d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512375, "uuid": "3915fec4-796e-4884-8411-bc2b2c71d6c0", "value": "T1C01633024692ECA0EF2386738F2BC7B0156FBD60DD46BB59268EE93F5DB41B2D512311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512375, "uuid": "112dc524-b6a3-4b5a-b62c-78c473e1a30e", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512375, "uuid": "b05f7039-c734-4f20-b384-81d919015ea8", "value": "98304:idom8DPorqDZpR6bbV9CvF2oeR4KWRvdrVm7:eo/wrqDPR6HnV4KSv3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512375, "uuid": "f936a5e6-9029-4bf0-b3bd-84cba1c435b5", "value": 4068352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512375, "uuid": "7f5caa43-2013-48a0-85f7-cacf6cc66542", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512375, "uuid": "2a7de475-8c4f-4064-b31d-09e4d1100bd9", "value": "98b40cdfadd0127e19434257c009ab54.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "729e2ec5-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679511472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511472, "uuid": "52d6fe9b-b801-49c1-801b-7b72fcddb907", "comment": "Malware payload (AZORult)", "value": "cf47c2b7b611c50fa3cd5f8c8f3e58de", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511472, "uuid": "b1c4c241-9bdc-4cfc-8370-767af6891140", "comment": "Malware payload (AZORult)", "value": "04ba3baec724f334ca46c373f3035a2e2aa98e62a64adca36ef014807dab22bc", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511472, "uuid": "6a8df738-aee2-4387-a987-dacda575e6f1", "comment": "Malware payload (AZORult)", "value": "4d980c2a0737f786e1af27b3209ee43a85ecda35", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511472, "uuid": "6bd21d70-b4d0-4a62-a118-2083bc8ca32c", "comment": "Malware payload (AZORult)", "value": "8a5bccb101913778166661b8793cc077917d4c973f6aa16cf7464598d7796a6081a64c53b586dc354df2a00594ef5c51", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511472, "uuid": "cff9232d-43fc-4972-b20c-78461c8669d0", "value": "T16A6412189E95A82BEA774AF29EB663458E59F3094C68261B53C24F4C3B276C1D70F303", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511472, "uuid": "7822a041-a467-4809-8634-ad0cbfe4b883", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511472, "uuid": "cde705c9-ea2d-4b4c-b078-799a4bdf3791", "value": "6144:hT5UzmxUKhkmb9KWHEWnZytz9PEcC13UachPcGb+dEpTadRWVZMlNb:hT55DrbMBiFG9+SpmRWVZC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511472, "uuid": "d2f4d940-d9f4-442b-a9d8-357fee7f9f87", "value": 313482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511472, "uuid": "41eece41-a572-4edd-8da3-4ea534fba5c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511472, "uuid": "2bbab972-44d0-4956-aa28-747f976ed60d", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1dd3c02-c8ae-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679488842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488842, "uuid": "d582acbb-405b-4bf7-ad37-220c036b88e5", "comment": "Malware payload (RedLineStealer)", "value": "8efdbfffb4d0b01425abfa674833c75c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488842, "uuid": "832e1f9f-8f9b-4ac7-83b2-9b304cf357e0", "comment": "Malware payload (RedLineStealer)", "value": "05b25ac07c4c73ceaf06facc1c2b21fc237fc7838bb1003605a670f3c51522db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488842, "uuid": "bd26a9df-6f0d-44a3-aed7-00cfc554d937", "comment": "Malware payload (RedLineStealer)", "value": "611c7d4e73dfbd6c1926bda3e4bee73faa6dcbf4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488842, "uuid": "3aaed33d-979f-4592-872d-8154a284fadd", "comment": "Malware payload (RedLineStealer)", "value": "851be3c120a4158e5b03c3ce577c9263864b38545bd5c729ee1c964619db6c09828488fa5008c6730d5efd1437b7ee6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488842, "uuid": "c0c199f1-b194-4e5d-b22b-30ccb52c7ad4", "value": "T15EC41252BBE84072DCB5377068F602C30A36BDA59E74435A279AB91F0C73A90693537F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488842, "uuid": "303f0f2a-4d14-4f52-ac62-2f2efa84cebd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488842, "uuid": "42e95b9d-4639-4f68-b083-8faddd94c974", "value": "12288:fMrsy902o5ywK0iR7/ip6Tm8AYCZ3rkF61pB9ymJNZw:ny6yje0AYCZ3AApzymJXw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488842, "uuid": "0a3eaa19-77b1-4ac2-a74a-5adcf5b152cc", "value": 548864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488842, "uuid": "03a03136-034b-4337-a810-a8b5f66e12b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488842, "uuid": "8ac00d60-a32b-4f72-ab2b-5c97c58b3be2", "value": "8efdbfffb4d0b01425abfa674833c75c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe1733d1-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679494956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494956, "uuid": "e7d431f4-9dfd-48cf-b2d6-17829b73b23a", "comment": "Malware payload (Quakbot)", "value": "1490d58c9f61ff2bd73c77259cfe0480", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494956, "uuid": "5b12c511-1b9b-46d3-a523-410b7d359c01", "comment": "Malware payload (Quakbot)", "value": "06047c3d6874bfddc1b0efd003775f1dfc1d5285fb27482c77ac96aa04b2f653", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494956, "uuid": "8ba0bb4f-07d3-4d14-83e9-0216155aaf63", "comment": "Malware payload (Quakbot)", "value": "7fd7ce66de06ead34217be6d14217bdeb46f6c47", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494956, "uuid": "daec2564-75a5-4af6-ab27-1de49a2333f9", "comment": "Malware payload (Quakbot)", "value": "f10fa4822bcbc0f899cf1ffdb4d698bb45f0e780e0d6482dcc6562873379d189836e7536f1c9d062658e3a3649f6a7f4", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494956, "uuid": "08b2da5f-7fba-446d-b6e0-8594ae038418", "value": "T1582394108D529826673BB9AF5B985C10F65D03530791A607B83DB141BFAFECCC1A8DFA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494956, "uuid": "515c85d6-e8c6-4ba6-b9e0-c561727b13e8", "value": "768:lVrZDPJ//J0EXCfRlTOpb62WFQSa2FflGiaq19ay8wtGl:ldZl/yfRZOzWFQTiaq11t4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494956, "uuid": "a79bde2b-ae44-45a1-8304-eb7e14e49ac3", "value": 48870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494956, "uuid": "9704e1c9-0df5-4b3d-b617-5976bfc17076", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494956, "uuid": "0f31c674-01f6-4992-9d69-23fbdc21ee7d", "value": "cFV.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4c875ce-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446326, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446326, "uuid": "88d5ba09-9b2b-4c3c-b329-e6cfd3cea4c0", "comment": "Malware payload (Smoke Loader)", "value": "ab2bc1ca6eedc2b7a263194ca90e1da6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446326, "uuid": "a5714f6c-af61-4d10-b63a-484d17bee35c", "comment": "Malware payload (Smoke Loader)", "value": "060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446326, "uuid": "a12f1740-4bfd-470d-b46a-f3ed173ad138", "comment": "Malware payload (Smoke Loader)", "value": "4dcb9841a804b03462d4b0a8d6061e4e63c5a614", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446326, "uuid": "028abea2-b3be-4403-b67f-dcc725601ef9", "comment": "Malware payload (Smoke Loader)", "value": "210b627e634ccf1fb5a2b2af7bc11c1b260c3d0fbc970d2c774462f56bf684c7778f889413ac7075208d12043950f0c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446326, "uuid": "b7ada016-81ec-46f0-bf26-748aa8b78482", "value": "T1AF74D80383A27C55EA158B739E1FC6F8B60DB6709F497BA632199E6B14B02B3C173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446326, "uuid": "2b5c3374-78a8-462f-a869-3d25c92180f8", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446326, "uuid": "a1a4082a-355b-49da-822f-d9de77d0d2db", "value": "3072:H+5Uc9MeVTCIgLucjL9QO6AAzTxjH42zcqxUFuUkmaeL5DnfWO4RDhGFpy10wZ2r:NPIgLuw7azTxL4ocqkFvtnfWXVv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446326, "uuid": "601caf89-9b72-46a1-b634-44e1c268fb88", "value": 364544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446326, "uuid": "ab51282b-66cb-4551-89c0-6e789cd55e10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446326, "uuid": "02a521fe-2295-4f01-be4f-823ccb1f6e8d", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a797189-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511727, "uuid": "e885cb5d-13eb-4edf-a7fb-86ec69c59db8", "comment": "Malware payload (Formbook)", "value": "17e860b41dc286806e477310a4cbef79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511727, "uuid": "70c5df57-9771-434b-aa87-421a6a9d13c8", "comment": "Malware payload (Formbook)", "value": "06243274174960778e1adac528d0c2641cf742fa2ba0759c9fe762f7a0692aff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511727, "uuid": "3e731235-74d7-454b-ad28-8340641fc0c5", "comment": "Malware payload (Formbook)", "value": "221996f82df76554d7e7dc5e3f0426a2c768020d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511727, "uuid": "6bf033af-829d-4e11-b249-650420ac85a8", "comment": "Malware payload (Formbook)", "value": "86a26a100b818260804c1b1492575ab41a0c9eabc930f8817d587e9c7d629947324c76d49e37f298e30b113baf52b085", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511727, "uuid": "2f80177e-3562-4777-bf78-0cf841880a94", "value": "T1906423C7F2E8F92BED671B310A57265AEEFA7016024D132F03836B527E73291D94D291", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511727, "uuid": "9aea5830-b763-4cca-9b41-667ac5becff8", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511727, "uuid": "fdd32960-9d3f-4376-b769-3f1cbe4cda62", "value": "6144:hT5UzmTaDizyCSx6atVIt9lN9CaYf6XJ/tzklftBL7mCsVesYY4+NJTRK:hT55TwIlShVkN9U4VITl7mvYY4WJE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511727, "uuid": "6acc0ba9-eb34-42e3-9488-306d9cec29a4", "value": 319438, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511727, "uuid": "3e6a86d2-ef7f-4132-929c-394542c9f3e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511727, "uuid": "af220fcb-90b9-492b-bee1-8df2807b945a", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afe41199-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472920, "uuid": "7420bc34-356f-4880-9320-df13ea672acc", "comment": "Malware payload (Mirai)", "value": "4644d6df11596f415925ab4e6060346c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472920, "uuid": "34cf0405-1648-4251-9ba7-58015a985ce6", "comment": "Malware payload (Mirai)", "value": "06635cb913065eeed1afe19974bf18ca492df7bfadac5c3ffa6f813d16c0c551", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472920, "uuid": "35dff52a-e21b-421d-b07e-02e9613d4049", "comment": "Malware payload (Mirai)", "value": "56a95bd33d06c3e8ad745b577de3a00f0c911e5c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472920, "uuid": "9897b99e-a671-48f9-b888-3bbaa0de8004", "comment": "Malware payload (Mirai)", "value": "d92766f05fde93836c85092c64f735bbea6b40ffb85d410319bf8a85f14cca0a296f62f3aace8890d64c2621f69c9570", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472920, "uuid": "d3ab9f5f-abdc-499e-a32a-606f4856c271", "value": "T1B67318782545F26CDAE680B4F4436AE519120A083FDC91E36887143BFF70B9CB56DE5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472920, "uuid": "5ccc0111-2108-4b36-b85f-bbdd0ab538a5", "value": "1536:hSn3iK0zJDUuvsCuanJhgQbSYJnSVBIVCCfy0K9q4:hgiK0LXJ+TuZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472920, "uuid": "070b3bea-dbf5-4e30-a8c8-8d3e7592fc68", "value": 75136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472920, "uuid": "23a8c9e8-9906-4102-94bf-e1befefa3d5d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472920, "uuid": "0b54549d-9e93-4d17-860a-ef718f2d8d9a", "value": "4644d6df11596f415925ab4e6060346c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42eb19d7-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679475314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475314, "uuid": "0d383c31-1c0f-4787-a013-ad9d845685a7", "comment": "Malware payload (Loki)", "value": "a3b89eca04b6166f33ce76f3b56e213b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475314, "uuid": "e99b338b-c93f-4a7f-9cda-7e3b9726e2f4", "comment": "Malware payload (Loki)", "value": "06fbd1900a9a993402efb677573777a39f6f691d72816b47d7431ac2d50ad71a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475314, "uuid": "0d933004-9425-4881-93dd-8ff0dee984f9", "comment": "Malware payload (Loki)", "value": "bf4621c8b83b8e6f522391049a0d5db78b64b59a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475314, "uuid": "5b408c4f-1382-4f0b-a641-6609a48d06ec", "comment": "Malware payload (Loki)", "value": "def36043203039309ae5dc482ac07b1dcfd9a84400e7f285c65ab7dd758523b9b8a0d796a32d06dbb51d769ec9a0bd29", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475314, "uuid": "57c2c9be-2194-4d86-93ec-c55936ad3bfb", "value": "T1E7E30150B7E4D4E3E8A71BB00F7656628FF8A4202995632B33809F597C32993961F773", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475314, "uuid": "f0390eb0-3f2e-4b08-b4bf-4829578171a1", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475314, "uuid": "69148be1-8cb2-4c5a-80f4-e8ecc92ccd31", "value": "3072:HfY/TU9fE9PEtuWbTsgPlH8ChXPeXiMO+LOYK9R4MV6COAfjQZHsOfAuCGbkE:/Ya6WAgtH8ChTMhHKn4O6COAf8ZHLdCC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475314, "uuid": "a5fbea27-fbf7-4aa2-aec2-9cf670e57ff3", "value": 150879, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475314, "uuid": "16bf332d-f5c3-4c07-999f-37e65c7c9b88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475314, "uuid": "88a99304-f03b-4666-8555-2229ab77d9b9", "value": "a3b89eca04b6166f33ce76f3b56e213b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b85290f8-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512448, "uuid": "eee08df1-bd61-45ad-8a1c-1bf215c4c88e", "comment": "Malware payload", "value": "26666a7dacfeda550107fa81948e8505", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512448, "uuid": "838718e7-524f-4876-8ad4-10e35a2adf7f", "comment": "Malware payload", "value": "0783debdfb83fe7e1beba28cbbf85425c70322dceb6fb566a29e5a7e66385ccf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512448, "uuid": "d61fecc7-c8f7-4894-9a4c-f21b796d1ef9", "comment": "Malware payload", "value": "6e21dbe32b2bfe7319c33b049ef659ae55df87bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512448, "uuid": "be146888-916d-4864-a26f-aacbc9d800c3", "comment": "Malware payload", "value": "1f8aab44270a10475a01ec5b8e48429ceeb42600d5572fdab59ca61acef81e0f3a44261e3d1680742d73f40750db31cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512448, "uuid": "4c42f6ca-887b-471a-ba40-f7f6f17eaa97", "value": "T10B559D529CB9DD23E2ED77F9B42618EDEAF80117DF97BA4590026CD14E9D3C84A022D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512448, "uuid": "463d59cc-2539-4bdb-9305-9afe2dcd00e4", "value": "24576:oafQKgqtAyrUFdRZTbwcXE1Rw2qs9kpu2ny/v/LtGZsYjot0+iEzyLU/E5h8bV2A:oNwcXFoaU/E5h8bKli", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512448, "uuid": "d60aa090-49c3-44ac-ad92-3c8e7c864b8d", "value": 1361047, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512448, "uuid": "ddd27378-b441-4229-9a60-b72c9af02c10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512448, "uuid": "f917cb91-b936-479b-9ce9-e7c5fc32da16", "value": "26666a7dacfeda550107fa81948e8505.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7dd0dcf6-c88a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679473266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473266, "uuid": "4a937e76-828f-4446-b081-61ecbd2460ba", "comment": "Malware payload (Stealc)", "value": "9d3da595e33fb89dc625857f9aed8d08", "object_relation": "md5", "Tag": [ { "name": "9d3da595e33fb89dc625857f9aed8d08", "colour": "#00CF9B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473266, "uuid": "1af26fe0-1d82-4eae-880c-6bbff1fc5a43", "comment": "Malware payload (Stealc)", "value": "07a3bc87d6480a495505c6efe903bb1009c39f79fe7229631e1f1bd65c6ceebe", "object_relation": "sha256", "Tag": [ { "name": "9d3da595e33fb89dc625857f9aed8d08", "colour": "#00CF9B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473266, "uuid": "fd080e36-7505-43c1-893d-28f73b81dd79", "comment": "Malware payload (Stealc)", "value": "570c3dbf37b3abcb612d15c06d327f9cefbc345d", "object_relation": "sha1", "Tag": [ { "name": "9d3da595e33fb89dc625857f9aed8d08", "colour": "#00CF9B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473266, "uuid": "8eea1a2d-566b-4959-9eba-178b1a91edfb", "comment": "Malware payload (Stealc)", "value": "ebfa1e79b6b18e4cd2e166424f158e281f120ca94a0a08d9f5bef6621dc82bc037c3739b82adf7371560ef8e961ace98", "object_relation": "sha3-384", "Tag": [ { "name": "9d3da595e33fb89dc625857f9aed8d08", "colour": "#00CF9B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473266, "uuid": "57c57473-d508-4ca1-91b2-5ab4703740c9", "value": "T1D2746DC293E16C70E5124732BE1FC6F8261EFC619E597BAE2359AE3F09701A3D152709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473266, "uuid": "af8bc04d-ebf3-4339-92c6-27b1d369f3d5", "value": "cc53b13062b266a67f6f160bc15b424d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473266, "uuid": "93392350-b49d-4b7f-b2e1-db0c27fdd182", "value": "3072:oW5VlFAf2xP5juEkeRGXhvx0QHajox1eC7ZSIzkpAqDKPi0OpqVR6kMb6Ogwn0F:f7/kekA41eucIzcDmzOpqVkkMeO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473266, "uuid": "a4ca506c-4738-4a70-ad1d-5455d19deab1", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473266, "uuid": "6082eea3-8d3d-426f-a2b2-9cfb741b36b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473266, "uuid": "e33e211a-c34e-4f69-9651-6f25b5605b8d", "value": "9d3da595e33fb89dc625857f9aed8d08", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38f8fbb9-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679494195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494195, "uuid": "f4e5b7d8-9742-4215-b2e3-2e6aea72cb9c", "comment": "Malware payload (Gozi)", "value": "e29f2dc79fa2f8043bb0cfef152b332c", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494195, "uuid": "4cb97825-d943-4329-9459-6a8dc4d2bf46", "comment": "Malware payload (Gozi)", "value": "07f1cd7945372b991c0757e24fe9d44d98dbcb3dfb9bea6bd80449c00ea06504", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494195, "uuid": "d5896778-c3f0-40fd-ac67-9c3100b48100", "comment": "Malware payload (Gozi)", "value": "aea54be8143e26083e55a311be2583c45b9f3214", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494195, "uuid": "b5ffb95c-1ee3-43c3-9228-be67ecb97b8a", "comment": "Malware payload (Gozi)", "value": "77eed80ff52970bcaef867c4df2257c7e8f960d88acb426900159fd829777908a1d2e9aba8256c86766ac372778bfb5b", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494195, "uuid": "a3272150-fd39-4b1f-b1ab-9c905263da9b", "value": "T1F2744B0393E36C21EF1247728E1EC3F4661EFC619E5B7BAA124DFA2F09741A1D162716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494195, "uuid": "2448b398-7301-4057-906c-41198338a02a", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494195, "uuid": "bddd55e1-e2e4-497c-be36-bb5e82ad265b", "value": "3072:lxaUlSs5UHSj4YNSOAzG/0llNgQZiqrnpvbDCpAN08UqI1ngo8jBJJ:mvcNSxHgajFbDQAN9UpnV8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494195, "uuid": "4b02c072-2d49-4b70-9da2-00e647f93355", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494195, "uuid": "7974ee01-eff3-4b32-a761-f77b0038246d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494195, "uuid": "40d2a93d-4371-415e-ae1f-dbb867ba7822", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ce22793-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679494336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494336, "uuid": "5000df31-01aa-4214-ae02-8921832b58d8", "comment": "Malware payload (njrat)", "value": "104fe8e80032d42e1ba1118fd2049e8e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494336, "uuid": "f2e7a18c-d97b-4e92-8744-7a10392c5c82", "comment": "Malware payload (njrat)", "value": "089c68cc6ef6d1af0201f210b0e88935e6756540aba5521969022b581e1a52e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494336, "uuid": "a98441e8-b154-4f0e-a7ea-63ab041e68e8", "comment": "Malware payload (njrat)", "value": "d6e6695f27fdbce964983f611fc2f09534ea5a9d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494336, "uuid": "eaac2ab0-d5a8-42c6-811d-fc5810ca5bca", "comment": "Malware payload (njrat)", "value": "fbe9e070ed371d3a48703eec2dcf9a2072519194cb86d4142b6333f98e25c3c8dab2c5033965164593d69b71cfe0846f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494336, "uuid": "7a910729-112a-41af-ad25-e8e8062efbcf", "value": "T14713D78CB694E174D5FF8BF1F4A2B2990B71A01BA802D30F99F154D94B73AC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494336, "uuid": "a8e78693-82c5-4897-a42d-dc9d6b0ed484", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494336, "uuid": "5f53b4b9-36db-4e47-b226-e05c47ced3ec", "value": "384:NZyUiFIB+oyitVv0O0EHafIuZzQIij+ZsNO3PlpJKkkjh/TzF7pWnp/greT0pqf7:nO+IliLvDW3uXQ/o0/+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494336, "uuid": "fec4774f-49aa-4ead-89a9-0d7eb37c444f", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494336, "uuid": "90a9314b-4d63-49bd-a062-ad50bdd1bcc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494336, "uuid": "cf927a44-d989-4e92-92d5-ae9083f6217f", "value": "m4c050.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db5f0627-c84a-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679445935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445935, "uuid": "e0e39fee-fe07-4cc1-a420-4717defc4689", "comment": "Malware payload (CoinMiner)", "value": "b2b415bb0201771f663d5d07bf2cce06", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445935, "uuid": "c11fc566-cfb3-4e8f-aeea-1971385dc62d", "comment": "Malware payload (CoinMiner)", "value": "098922c8ff2f0fdbda578d115223a40dbc8849a8d4d6546b39ac8d2746171984", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445935, "uuid": "25584c73-2443-43bc-acca-1804db5d5897", "comment": "Malware payload (CoinMiner)", "value": "f5b2a48c486b4421e1148228b7aa5a0075c49cbe", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445935, "uuid": "c7410fe0-f00c-4f71-867b-8d5d982d5b84", "comment": "Malware payload (CoinMiner)", "value": "32af82595f3accbfb80dc88ebe1d3230cc5204c97fc1059ae27d3091d7b35f4f69ccfcd67c2f441a00fb220412ae7454", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445935, "uuid": "a7d1f345-b0fe-43c3-b470-114ef9672eb2", "value": "T17F24D03178D39133D8A6E1BA8074E7C21D3CA3521171D926AFAB716D8F62EE2C674358", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445935, "uuid": "44144d64-12ce-4588-a72c-0c516e0d0326", "value": "f553b8ac04465266a97d8a15318f0208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445935, "uuid": "34f2e447-c617-4184-a9b4-791d63e90185", "value": "6144:CxUxVAn9g4btd8JXLtvAIjZqO7+IJPKBEV:CaxVAt4tvI+b1F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679445935, "uuid": "3ba13fb3-ea9c-49ab-a576-a0baa851ff0d", "value": 211384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679445935, "uuid": "b3a3d475-e49a-4af6-a88d-0fc3a3c36106", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445935, "uuid": "4a007aae-37a6-4839-9eeb-886574517704", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "229b45d0-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679501459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501459, "uuid": "691691c1-4f44-4dc6-b7f7-a9945482d93e", "comment": "Malware payload (RedLineStealer)", "value": "57b9c4a9a4d907b3370dd6319da8f39a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501459, "uuid": "41e2ec64-1db9-44d3-923b-ae1c6afd8eef", "comment": "Malware payload (RedLineStealer)", "value": "0b64177030a128a9986b2999cd0a5a39e1253b5ad820f2a5ac582472f09ff8e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501459, "uuid": "27bae05c-e24e-463d-bae1-451fcaf75f75", "comment": "Malware payload (RedLineStealer)", "value": "83cb70af730f3f80b342d0383092b50d3818f339", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501459, "uuid": "b79f9f62-803e-4435-b2c9-53605c23f75a", "comment": "Malware payload (RedLineStealer)", "value": "f9625e2af73c93ed9122b1a6304c76caabcd564f76f00f68b707bee46c9b2fa47c9f00b68953db33ef7af16f452c3201", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501459, "uuid": "79cd55b8-631e-42ad-907c-b8515ab1fc2f", "value": "T13144FADBBFA86D42D5038D3E93B3C7125B28E6800E12AB47661D517DCEE16C15E9B2C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501459, "uuid": "e6f5ad38-4cb7-446a-a78e-74679c2ab713", "value": "7d51a0fa85348bca6694d055fb9a732d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501459, "uuid": "1c35de4f-78db-4fd7-ae82-b580612934fc", "value": "3072:65P8qS7w3Ev6l78m7/63WJsVaOEwQkbRaDKjPvJqd/QA95NfxWnOZx5:65kqgwI6l48/63iFwQ+aDKjPvJqF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501459, "uuid": "8426729d-7f38-4915-ae3d-1f4916a0e22f", "value": 272026, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501459, "uuid": "45f51382-721d-4b14-842b-1c466a19e665", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501459, "uuid": "a91d27ae-127c-4cf5-b350-9b01ff6cf96e", "value": "0B64177030A128A9986B2999CD0A5A39E1253B5AD820F.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5bfe409-c88d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679474702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474702, "uuid": "970cd616-45e3-4eba-a77b-0d488a840fb9", "comment": "Malware payload (Gozi)", "value": "b1c298b78d5b5171178929f85748d1dd", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474702, "uuid": "73a02d32-d419-4e68-927c-b7ef0c8dadc1", "comment": "Malware payload (Gozi)", "value": "0c34693df38fb1cfe4eb93a2e52f6d41444ad40d852224be14243dabe745ed4c", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474702, "uuid": "10e76718-1a43-490a-a5ba-1da6e15aa2bb", "comment": "Malware payload (Gozi)", "value": "624ca4497e5ed1c622d9b077e1c99316f42f3d21", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474702, "uuid": "cb4a6231-c5b1-4ca2-8a5f-3d94f0b288a2", "comment": "Malware payload (Gozi)", "value": "9d8b056be3db88641ced3a68fda4b7ec3cc2c7d5c8efc11787aa0b65f780dee30e7bf1bb10813fcb5805a692cc8359d3", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474702, "uuid": "07d42468-2c05-4e2a-9146-64b07579a586", "value": "T1AB747DC253E16C60E5124772BE1FC7F82A1EFC609E597B6E2359AE3F08701A3D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474702, "uuid": "14f4c7f4-7267-4c78-9280-901f561cc26e", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474702, "uuid": "a920776f-84ac-4ef1-b2cd-dfa6579bd0ab", "value": "3072:h/cWlzoO/HiajuamcLRXhAfBze/mc8yNPFAsWdlS1t7taCAgwn0F:lnHXhlYVeh8SEjM4/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474702, "uuid": "f07629d5-a999-4f7e-b460-36db742831af", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474702, "uuid": "7b1b4763-ec18-4560-a90f-5b82e1886899", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474702, "uuid": "ef0f9b14-ce58-4e48-907e-0203dec66807", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18654689-c8d8-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679506596, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506596, "uuid": "61055e7c-a7df-4531-a02c-39f099061c1b", "comment": "Malware payload (RedLineStealer)", "value": "42065857e2bc25ddb74729f15b865919", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506596, "uuid": "0cb55fd6-2204-4e44-b7a6-3bf8fa81c063", "comment": "Malware payload (RedLineStealer)", "value": "0cc5a8a0749f87f37f85e995310c82d7a7dc6aa58c9f0cd66de829fb906b8416", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506596, "uuid": "5e51f514-0d8a-41cc-91bc-ff6783b05a52", "comment": "Malware payload (RedLineStealer)", "value": "0a93f3a2526ba5320510909b17c6946716ff2ed3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506596, "uuid": "7341ed78-8a9d-430f-9e4d-4f1f46168569", "comment": "Malware payload (RedLineStealer)", "value": "ba20a44da9c3ff6cad6844e510c02e1ced12461a068e1ee5e08f7432cdd07a9db55c0081fbd87b30907650f20a1f5245", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506596, "uuid": "b3953d62-5b19-4b16-8e66-c46dd6b4e8dd", "value": "T186251203F9C5D9F2C5521C322A646B11753DBE202F65CEEBB7D82A2DDA215D0E7312B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506596, "uuid": "f932116e-b250-4a7d-93de-c844801654a6", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506596, "uuid": "5e4599b2-9f60-4221-9a1c-776d6b8220e7", "value": "24576:ZTbBv5rUlIsoHutpFftc/7Rj2OswBhwtSsYAP9Z7m9L:TBRNeHu/Nj2/oWYf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679506596, "uuid": "edeab045-a929-46a7-b800-b693414c8f2d", "value": 1027755, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679506596, "uuid": "b4c33f51-930b-4528-acc1-3416415b8677", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506596, "uuid": "2ed56c16-f796-48ff-93e7-43f3aec2304b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f819ad8a-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679500529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500529, "uuid": "d0df2dda-32b1-4955-b56b-620438716af6", "comment": "Malware payload (RemcosRAT)", "value": "1f99929fbd7495eef4b6e0ec6b0e73ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500529, "uuid": "0120c020-0e06-4541-81a0-56dbee92f105", "comment": "Malware payload (RemcosRAT)", "value": "0f8c7d288333c8d1c5d450abeaf869de3d58eb5e8d16138c52b0391cf7a645cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500529, "uuid": "30712a93-6cc7-40eb-bf9d-04840163b299", "comment": "Malware payload (RemcosRAT)", "value": "6c1f07ef6dd7135556b78c7eb1143a3a3159d91e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500529, "uuid": "815c80c8-e6d1-4c33-afce-d5eb7b5be714", "comment": "Malware payload (RemcosRAT)", "value": "cf1d879066d1bd32b812e6e3dd51daa466e807feab26351dd17c806fdb0c08a6bf1726d765d132b1798bafd1be8499a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500529, "uuid": "a63793b7-defe-4de9-bcee-a3de60b53efa", "value": "T1C845120173AA5F52C5F9ABF819B7A08013B5BF762321EB4C1ECA35CF12377588652A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500529, "uuid": "3f156379-d5e2-4448-938a-ec4793a74ed2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500529, "uuid": "418d790f-118f-4315-b157-1c4049f30af7", "value": "24576:2KgkraIAUjhRn/F+3WRDY4fEUe/RM2Iq+nSscsQ48dSl06MF:2RkGUtZ9+3n4fEbu2Iq+SF4iSlL8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500529, "uuid": "947db07d-cd42-47f0-918c-46f86612cc3a", "value": 1241600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500529, "uuid": "f358626e-335b-4e4d-9c10-8df3dce80149", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500529, "uuid": "61236d43-572e-4178-8b14-678c84968fd6", "value": "03-22-SO-0078 (SO+INV+PKW) \u6587\u4ef6\u67092\u5957 LOAD# 423606406.pdf............................................................", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efbcc204-c909-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679528003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528003, "uuid": "16dbaa53-a118-4623-a3ad-3da10e00315f", "comment": "Malware payload", "value": "dfe9d538a602f241f8de80a15ddc1fcb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528003, "uuid": "16648bac-c10c-4a98-a434-999a6220bc42", "comment": "Malware payload", "value": "10703079a669207d7148a19742082c9f9b88b4b86819a7c602b2a365f7cdc1cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528003, "uuid": "779fc644-1fb4-4b06-9ce7-0333818c14d9", "comment": "Malware payload", "value": "a5b856ba40beb96b3364ae91cc164f8ba2cd28d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528003, "uuid": "3aa6e41d-4a8c-43e7-bde5-ecfe17f20972", "comment": "Malware payload", "value": "f20734718b9768126ed550070eb042b4271f0daaeabe658f41611026c4f392d0ff65e52e33c66a96dd91489fb5a8a1b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528003, "uuid": "047ffd31-edfb-4fa2-a697-53bf8e043b07", "value": "T1B3B4BF0253E37860EF234772CF1EC6F82AAEB8619E1B7A5E165DE93F0D701A1C562705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528003, "uuid": "186d1406-f626-4ff0-b531-615c504ff988", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528003, "uuid": "c4bb8d2a-7284-457e-aee7-1d8ff3540396", "value": "6144:hxZZITElC7LgLmnReJZSWy6KZk4RdovtGerCUWJ:hxZZI2C78iRenSWy33TUDrClJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679528003, "uuid": "78850ff9-48f3-47c8-adf4-342f3e7df76c", "value": 504320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679528003, "uuid": "b77405bc-2909-4928-849b-cd2aa57eeb75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528003, "uuid": "9bc3987c-3873-4383-a8f0-2e46b080ee14", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "588fedfb-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679475351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475351, "uuid": "235f4b60-8086-4df1-9b18-f066bcf50062", "comment": "Malware payload (Amadey)", "value": "2b1f904bb3dfe266f8070063356ac2d8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475351, "uuid": "a2f24903-4313-4629-84d0-c7ac71537647", "comment": "Malware payload (Amadey)", "value": "10e475c6e265a1abae2bb69316f54d9754c03bda203c8dfcd9999888683f0023", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475351, "uuid": "1d4da0a9-be3c-4b4d-9f35-4c8e3911e43f", "comment": "Malware payload (Amadey)", "value": "7d41c855be07d3ca21afd4fe595d38c6ff483360", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475351, "uuid": "a1fd4c65-0117-45fd-8123-4a59ea6eeeb6", "comment": "Malware payload (Amadey)", "value": "a08ee20bc5e0c72ac9571f514a48a25837db252c6318572b5964aaef436bb51f45f01c14e3208ea3b73e65db03ab5850", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475351, "uuid": "8c163936-ab05-4849-ab6c-a8f4f86eddae", "value": "T1A2252357FBDC4836DCB4233005F703D30B35BDA19920D7AB2789A5174A726A8A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475351, "uuid": "199ec22a-3335-4b1d-8df2-b2129133074e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475351, "uuid": "4b8c8493-07e0-4a49-b7d4-0416e64dc471", "value": "12288:sMrhy902u/9Z7ml3e6EYET98kqrF6lCD5JKPnY+ON/Zb/8nZx+jqaOAdDNpQRu03:tys/0EYFpD5JmWhKx+r/Npcu0oK5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475351, "uuid": "a5bc85d1-bf63-4a0d-9179-2a2bd994e63d", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475351, "uuid": "a5b6d353-5e02-4c6a-8405-d34fea6d7982", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475351, "uuid": "9dc20857-08ac-47f7-9f48-e6e205b37aa2", "value": "2b1f904bb3dfe266f8070063356ac2d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d481c01-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511758, "uuid": "979bdeba-6515-4148-bd57-1362a882a7a2", "comment": "Malware payload (AgentTesla)", "value": "1f5425252166f69bad7420ce09829d70", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511758, "uuid": "97a534a2-8571-424a-8351-8d5116f669a0", "comment": "Malware payload (AgentTesla)", "value": "1249d019671494f72d4c416ce9b7cf6523ac63eca06dad4da4eaf936d3e36888", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511758, "uuid": "f796eda5-0340-4dd1-a9c7-87a3bc55c5fd", "comment": "Malware payload (AgentTesla)", "value": "2585a30c19e80197478bbf726a61f5958961f5de", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511758, "uuid": "f8dbfe1b-61bf-4829-a384-5ee6de448ce3", "comment": "Malware payload (AgentTesla)", "value": "9631bffce7a41186b9392b5c6662accafe8ece5b79e580a3cb6ed008d62882b70aff3670c3312c07bc8635d9faa70b79", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511758, "uuid": "abba83c1-ab8f-4d4e-91e0-bcd14bc65f07", "value": "T135F4230ABADB5378CD265FBE6892DA030339F3737127DE8D045614AD5B27BE62311B42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511758, "uuid": "663bce7a-744f-4238-94ac-79cd6a776a7d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511758, "uuid": "8c988389-f42d-4481-9a4e-b59edb5e507e", "value": "12288:OOqYzzl06/TgTU4zMh2afkP2HhGJNJCuVijS10rudAOxxiniIzooI8:Nl06MFC2afkP2BGZQK0POPiiILI8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511758, "uuid": "34377c04-964f-495c-b0b0-f68d9248174f", "value": 741888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511758, "uuid": "915b4661-5827-4aa4-a04b-b7063b7c532e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511758, "uuid": "bdd7c49a-d62b-4e30-bb4a-5f366f72277c", "value": "DHL Original Shipping Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d97f3165-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500478, "uuid": "5fb43eac-2c19-49d8-b459-96a8e24775b2", "comment": "Malware payload (SnakeKeylogger)", "value": "dea0793a4fd6ec5a3cadc8ca3ad8c27f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500478, "uuid": "7d8b3692-42e4-41c3-96e3-7a81ca1de83e", "comment": "Malware payload (SnakeKeylogger)", "value": "127830a62577141d565621749c3234430b47b3c502057e493f26ed0dcec07bbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500478, "uuid": "3e4ba6ae-b579-457c-8754-f104ad0c3798", "comment": "Malware payload (SnakeKeylogger)", "value": "f85e5f40228132699d8703fe4aa904c8a22ba0e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500478, "uuid": "734fdb05-2966-449c-8ebd-45fdd6a9f157", "comment": "Malware payload (SnakeKeylogger)", "value": "8edd096890797421d57968723126eac53981ac86b3e05b754519aef8eefe2935e820fef5aa6052e98399a8ba94880646", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500478, "uuid": "bf07323e-cf60-44ed-8c2a-eff2c8349fda", "value": "T1C8B58C51FCDB24F1EA43153248A762AF2335A9091B319FC7DA447B7EAC736E10E32256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500478, "uuid": "06df107e-09b8-4479-893b-6106ff5b3ef0", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500478, "uuid": "fd1bd906-7335-423c-a8b2-87216842b2c1", "value": "49152:K59zMNe/OkZI6oVJ5Yz1tZD1V5NQSrBnbx:AzyaO26J8ZD1V5Nftbx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500478, "uuid": "1fedb92e-5618-4e81-863d-e1aee5f4a805", "value": 2455040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500478, "uuid": "09d112f6-bd6a-472c-b321-bd0bf63c933b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500478, "uuid": "8b66a64a-609f-4922-b83a-dc031bb69869", "value": "SRTPO8765434.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4141b8a7-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload (GurcuStealer)", "timestamp": 1679501081, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501081, "uuid": "7d748ff2-b313-4c57-a77e-d4e66dd88f4d", "comment": "Malware payload (GurcuStealer)", "value": "9086ff963ae98510ea0eb9abad045939", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GurcuStealer", "colour": "#148E89", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501081, "uuid": "fbbdd588-6164-49a5-8b2c-b09f5bc1c0c9", "comment": "Malware payload (GurcuStealer)", "value": "138c7f0a55344e824bfd3cba1ddae87b237500005fd09a22cbde021ec017454f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GurcuStealer", "colour": "#148E89", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501081, "uuid": "fddc55a2-607e-49ce-9351-92562dbfcb15", "comment": "Malware payload (GurcuStealer)", "value": "e9999c73e07daf9ba223fbf796d56ae762b748fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GurcuStealer", "colour": "#148E89", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501081, "uuid": "1f797c8f-953c-4a8b-bc59-50857c735eae", "comment": "Malware payload (GurcuStealer)", "value": "d349f698cc87ca6c18d5a0a4b68e2eb1d060113ed620856944a9828e2d833bb29cc3b517a715e46187f9212ba8c2b10c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GurcuStealer", "colour": "#148E89", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501081, "uuid": "cca520ce-80f7-43fb-a160-a32d8030b285", "value": "T1DA46CC08A7D4ADC7E1FC8736DA0246547A27FA143FC3D7BBA4A817A6978635D8FC1090", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501081, "uuid": "cf982f3f-897b-42dc-a582-26c5593a9a98", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501081, "uuid": "9dd63568-7524-4182-a6f0-f86103acf907", "value": "49152:lwjD4OTpsVac5KCLTK2smzw54y4Hxx/MsjKMm:MsVq3d43/MsjKMm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501081, "uuid": "72bad654-7777-43a9-9aa4-9d478e072e1e", "value": 5694976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501081, "uuid": "78d08a08-4594-4cdf-845c-3ac2244cf7a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501081, "uuid": "14cd1fb4-5dfb-4423-8f98-9c0cb734e4b2", "value": "9086ff963ae98510ea0eb9abad045939.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49f53b75-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679469313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469313, "uuid": "ee1b1d31-c1d5-4618-9c77-fa2d862c6296", "comment": "Malware payload (Loki)", "value": "eaa6fde6d2070d0a187fdb2b86918216", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469313, "uuid": "a095a9bc-4133-4591-840d-35e83401f462", "comment": "Malware payload (Loki)", "value": "140d4eba0a888ce6c948c02141b87249a2dfc7500d7072c1af38a117c3e2b009", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469313, "uuid": "409cf527-524d-4b69-ba3c-cc9ce068c7c8", "comment": "Malware payload (Loki)", "value": "ec6903577f06487a3b9e11a968d3441d84bd94ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469313, "uuid": "f92ae243-5553-4062-8ad6-b3cddec62696", "comment": "Malware payload (Loki)", "value": "f5ac913c5fab579b6ae4f0a49eccbd2d627085e5162228fe4253c4dfefb8acacff716c6399bdee54b1d6e121b5a2ae0d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469313, "uuid": "980088db-0585-46e3-b1a4-5f973781734d", "value": "T146E3025475B0C4A7D8A30772AF3F871BAED5C8141879830F5B905B6DB93AAC1C60E37A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469313, "uuid": "1e08a5ec-8f35-4fd8-9414-e2f9cda83bbe", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469313, "uuid": "6af6f92e-b5a2-4141-b704-6922aeb27ff2", "value": "3072:3fY/TU9fE9PEtuQbbcgWXNplzYU2UWxXXJJfSAVMuqpYsj0KMlMEm5:vYa6MIgYr2FxXX3f1Gks9MlMEm5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469313, "uuid": "9a5369c1-d7d1-4b3c-9fc0-b15c73e9af9d", "value": 151036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469313, "uuid": "149a1914-ce39-4821-8ed5-aac2ef28671e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469313, "uuid": "b0c89dfb-da87-494b-a030-63c745bebde2", "value": "eaa6fde6d2070d0a187fdb2b86918216.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc68b1dd-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (CryptBot)", "timestamp": 1679473854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473854, "uuid": "5e93d707-ad2b-4814-8f4d-79618b1f75ef", "comment": "Malware payload (CryptBot)", "value": "b81da24c4c1a9562e616cba0f8f56dda", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473854, "uuid": "6f89bf08-5836-4734-8025-20cbeaa0fab5", "comment": "Malware payload (CryptBot)", "value": "14933991bc1a703a89ae3a5f72b486bfb700f78adb81e1b3eee8ecaad99c35b8", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473854, "uuid": "17bb1e6e-7bce-468d-a0e6-9d37e7c409a7", "comment": "Malware payload (CryptBot)", "value": "ca2632240d831468682a70affdb78bdc40645142", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473854, "uuid": "127cd22c-f7a9-459a-aba4-6112d054a74d", "comment": "Malware payload (CryptBot)", "value": "d7c31441c03574ceda98fa6df0925becf71de40586c88dccdb560b7155d278e71b72ff947ec375f319fd4762200d133c", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473854, "uuid": "91e8fe21-b7ff-478b-b073-587adf207f26", "value": "T13766232E528010B8D0818C357136BD54B1FDBEB7CB429B7E69CB71E5DD319C1AA4A88F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473854, "uuid": "c07c2254-ec97-4d5e-b2f1-e53f068616d1", "value": "36d75ecd818f0c5cde41f4ee2b1e9296", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473854, "uuid": "029b1352-7c3f-4b36-9f5c-fcdb07adcce4", "value": "98304:E2W8dF7/mrq+Itl5rWjAphwMCZdCUAzRM4D8y++yKKBOm4ttJfFB1LHxIffuPyNj:E2z/mrq3PrWcad0+GDKYzxRau6NLY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473854, "uuid": "087a936b-7803-4c38-a2fd-c3f5b950df1b", "value": 7103488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473854, "uuid": "d8f78f82-ee6a-4fc8-899b-842deac2609f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473854, "uuid": "550f63c2-c123-4080-95c2-9ebeafa4c0d6", "value": "b81da24c4c1a9562e616cba0f8f56dda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab60aabf-c8d6-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679505984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505984, "uuid": "5e34b115-d761-4f2d-b9c8-cb13f2b9a534", "comment": "Malware payload (AgentTesla)", "value": "d4908996778bfe1127a10b8db2741e88", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505984, "uuid": "f63d75c4-f171-4b78-b8e0-c99a78468d91", "comment": "Malware payload (AgentTesla)", "value": "14dc4992e993f0b0b7b176ee8dd0314ab77e1512e6319f0369b6f9fe45369297", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505984, "uuid": "8f1a9c8d-d705-4a63-813b-6daff3ba4add", "comment": "Malware payload (AgentTesla)", "value": "26693af14cb2b0a39e1be8dd4036003d17eb4b6f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505984, "uuid": "d3a7b3d7-d331-49c5-aa26-1ce0dabc8977", "comment": "Malware payload (AgentTesla)", "value": "51c66181f78f008b382c88d39acd50d8f5bc28a986fe2daa9101a0654e404419f0f77a4991ac411d3a3e0f079e5cce16", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505984, "uuid": "eeacf3cc-3350-4738-824b-68008eb9e20c", "value": "T18DB56CB126E3FEC6D77F1E7084042980AC2C586BA7AC9249FCC5269793E5364DF5C6B0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505984, "uuid": "122f2d44-c40a-4bf9-8f8a-c73f1d16a907", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505984, "uuid": "a1f234c1-bf6d-4fe2-8ab4-6a1644fc31a3", "value": "24576:DoENj3r0KZKUvx9Ot09OX7l348A5NyOobnIdFdciC2sltUXbUWc9g4Nh7nkriaOR:nl33UkN3ETAbZvUUK5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505984, "uuid": "c640ebce-0fc3-4040-9773-2f16c6d7c4a4", "value": 2394624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505984, "uuid": "319640fd-e5f9-4307-8533-d2c76355d3cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505984, "uuid": "fdf0881d-724c-4b27-bb2b-3825599bc36a", "value": "d4908996778bfe1127a10b8db2741e88", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fed7bb4-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679511951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511951, "uuid": "7c489996-5900-4eb4-90f4-72020b1bfa37", "comment": "Malware payload (RedLineStealer)", "value": "359293414a749dfe63e12c8df7c52e0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511951, "uuid": "a7ce9a1a-e605-4aa3-89a8-54ab3b8bc7d5", "comment": "Malware payload (RedLineStealer)", "value": "1642832b7b4dff2a31a3ae473e3d84bc1b3867b750537adb617dc1ed817b845a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511951, "uuid": "bc3e9e9c-5184-4fdd-829f-d024483766aa", "comment": "Malware payload (RedLineStealer)", "value": "d84f19fa45bfa6487afdd7666aab2993a07e0b6f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511951, "uuid": "c98188ab-65b7-4ea2-bb3c-b7acf005de6e", "comment": "Malware payload (RedLineStealer)", "value": "29a5665572005866e2391cffd03ffa31b03ba4d3c3b930ea0cdd125db755d0e93c031a2123288fce76c9c2dbbb0e339b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511951, "uuid": "5973a7e2-4205-491c-8009-50f795e9e598", "value": "T195252311AED85473E8E827B064F70693463ABCF17E7941A77395954B0CB39C2A63232F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511951, "uuid": "d5a5a954-8f21-4c79-80b4-223331479226", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511951, "uuid": "7fcaf8f6-2f12-46dd-839c-27f73fc7ad94", "value": "24576:hyCroUUT8zBTg8zYrpQiyV9JlruQn01LHZPDe7/6f:UCkHgBApQiSlaH1jty7y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511951, "uuid": "bd627134-3b5d-4e2f-90a1-15ded4c446a7", "value": 1032192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511951, "uuid": "2c6eab0c-49bd-43b8-b661-1c7ecbfd558c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511951, "uuid": "6b0ec9a0-ccb7-44cf-a571-5dc534727395", "value": "359293414a749dfe63e12c8df7c52e0f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11c2ffd3-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500572, "uuid": "165935c3-2fb1-471b-8001-be21631d35bc", "comment": "Malware payload (SnakeKeylogger)", "value": "328125745e7ed93a735529c83d115a1b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500572, "uuid": "134dcc51-0d43-4cd1-b4de-2882fcda7eea", "comment": "Malware payload (SnakeKeylogger)", "value": "164624329cd069611563f7bf809de8691e254759a75d667cea664d3bc305eb12", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500572, "uuid": "9f3a5216-ad29-40fc-9b48-644d38fd8bf3", "comment": "Malware payload (SnakeKeylogger)", "value": "3a90bc70681a3e7ef9b41d3168cfb0d84308f8cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500572, "uuid": "07202d02-cf1f-4de8-b372-f3f96218c717", "comment": "Malware payload (SnakeKeylogger)", "value": "0cf1ff1c678685072695936e6a635c3d07850898d599ba41e8621469a36e5f213d0a2f98ffad5d345a952acdf5393f3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500572, "uuid": "4f6b07f8-0922-4280-bcfc-54a86e44178a", "value": "T18B45222636954F55C1B89BFC18B2958003767F3B232BEB4D0EC231CE4A377A9C961A57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500572, "uuid": "b1a177aa-ba79-4f97-a6df-a863d3d6a27a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500572, "uuid": "02ced37a-6c56-4a51-9ef1-7a53f4c1be03", "value": "24576:hl06MFwPbyP6y9zN4KHDDubP5YltfT06h3T:hlL8wPU1jDgk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500572, "uuid": "6ed1d26f-ef28-4146-90b1-9b73656a559f", "value": 1262080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500572, "uuid": "f07d074f-1ee2-4e95-b248-382e17a14c60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500572, "uuid": "12285f72-0cf2-4dbd-8666-f9b78dea447b", "value": "InterMetro PO 2300030351362.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef263685-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520700, "uuid": "5b453a00-b5d1-42c6-9918-80cea76f0a11", "comment": "Malware payload (Gafgyt)", "value": "0086e8604bafa75d66748458685b5f26", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520700, "uuid": "ee126c8d-f42c-4a3b-94b7-a0a6cd006cf5", "comment": "Malware payload (Gafgyt)", "value": "16e3176a93f4cc11071d622705826e5de00d46aea5b179bcdbea81c192b8d0ad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520700, "uuid": "3f0be6ae-39c6-4e31-9a59-bc1a618784cf", "comment": "Malware payload (Gafgyt)", "value": "07a6620a123b702f44c010b6a4004d4423361690", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520700, "uuid": "14cd4379-9669-4599-8c5c-8d53067cb261", "comment": "Malware payload (Gafgyt)", "value": "ef9c75cb2a3d85d4ef6bc19eb5da61ca4823d547fd7e50b370d4ffbaf1222d22980d800ed1b4d5f942e090c0005f44c0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520700, "uuid": "8bdcde2a-0ac9-40ed-9967-3da7b98d9f32", "value": "T112B33B4795A89EB3C086BEB525EB59300722ED120F2F1A9621387BF4437F5CD741EBA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520700, "uuid": "79c2973e-fdbe-44c5-b192-44f021216092", "value": "1536:Aq/W65rWXAiP5dfK4EBbkb25lyDQnAjCiB5+TjgkHmmycgYVLu1IPYC:R/vp+9C4xb2MjN0j/HmDcgYVy1IPYC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520700, "uuid": "085a320b-e768-484d-9b57-8a707ebc9343", "value": 108486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520700, "uuid": "13beed5b-5530-4b20-a8b2-76630bdfed0e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520700, "uuid": "920d9c19-2f98-4f69-8b0b-d2a0ff00196b", "value": "0086e8604bafa75d66748458685b5f26", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15381622-c853-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679449468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449468, "uuid": "541ec91d-b23a-46ea-abad-25393af50fd0", "comment": "Malware payload (Stop)", "value": "f21e0b598c538f8db239859b810711fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449468, "uuid": "9fd14b4f-fff1-491a-b560-2c60abd12268", "comment": "Malware payload (Stop)", "value": "175caaa055481f2e74fac2b6801b1e461194b8d662dcfec66ea0adcfd6d64bcc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449468, "uuid": "e1c6dc1a-6b70-41f3-960b-be522d826cfc", "comment": "Malware payload (Stop)", "value": "10dadae041798b768b2c7fa34a7e161499a9dce9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449468, "uuid": "3b00de40-4484-466a-a0e4-8f0e91cf8861", "comment": "Malware payload (Stop)", "value": "9e240bb35f7ab79c2a2eeb504a0c424181e1f27f7f14d31c4ebc07dab8715f31f60c88f12a80f2d504277953ae66159b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449468, "uuid": "9547aa07-ca1f-492c-9cbe-e912e9e03cc9", "value": "T16CF41212B2A9C0B7C99681384802F7B4297EB8724BA54BDB370897BD1F317D1DE75386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449468, "uuid": "244a3d94-9f96-44c3-8a7e-ae8f0f48dc6f", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449468, "uuid": "6075d53f-62d2-4e66-b11e-d2499cb8c8a4", "value": "12288:gha4qODvb2MWTjkww/HD8UnXWe6wzQcdO7c1CPUqZphmNHHlY+hru6D6I26shQ1I:eZxPukww/j8MjzQfQPqZphaFYMJGI26c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449468, "uuid": "e29b523e-6e58-4f0d-b0c2-4dcda38ccfa9", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449468, "uuid": "2829cb32-793f-4ff0-91ce-1f95f6a7ea20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449468, "uuid": "02aa163b-e272-4757-b147-3aaefd9c93db", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e4dcc24-c84e-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447523, "uuid": "954cd47b-a2ac-4df1-995a-fd22073704c8", "comment": "Malware payload (LaplasClipper)", "value": "e478dd003ab0c8cf0bbe61ffb0b77c3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447523, "uuid": "74b8dedd-2589-4a47-838b-56113ace4315", "comment": "Malware payload (LaplasClipper)", "value": "178666b82d3f9f6d4785ea5934870cd87d8e19c42b07379556a54e3007625fc3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447523, "uuid": "492de8bd-bc3a-473e-ad7c-ba2277bff700", "comment": "Malware payload (LaplasClipper)", "value": "9e1d30e2ed508b4473061fd46994332246af458e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447523, "uuid": "a987915e-7975-45f2-818b-d99eff712e7b", "comment": "Malware payload (LaplasClipper)", "value": "3d02116b1eeb9de07fd81868dd31beb873f9c407fd2d42cf9d5c683b0333477ac4926082e3f463d8f7efe9b452586fa3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447523, "uuid": "d65b64a0-071c-4201-9cf8-3bdae6b92ee5", "value": "T17D95F11383923C55EA568A73AE1F86F8764DF670CF493BB632189E5B15B12B3C263701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447523, "uuid": "a1ce66f9-8d48-4614-87f8-4077a738aaa3", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447523, "uuid": "32dd1b0a-657b-45a4-bd07-52d6d77b395c", "value": "24576:ZHt2b1Jo7ja0mbxvAruakDKnWXb4qx6zNFdN1UDgAiUjl5TMOPdR8feOTkjgRi/5:bwX9l1fDeWrskDgJUzdR8wjT/Sxju", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447523, "uuid": "62fe09c4-cf33-4ff4-88c5-8209472d9a33", "value": 2029568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447523, "uuid": "06ce5e32-294a-4ede-8848-033772dd12f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447523, "uuid": "26d6c9be-1e29-47d8-aaff-e87a45439378", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "407723d3-c87a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679466291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466291, "uuid": "bc6603ce-c10c-4f21-9227-0431376b32c7", "comment": "Malware payload (Guildma)", "value": "fbac2b0ba84f2f7d494b8bde3a2746ff", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466291, "uuid": "c35fe5f9-3e2c-48fb-ae9d-54a565ee856b", "comment": "Malware payload (Guildma)", "value": "17d99f915e338153d7e937282c46abb72518281a2d0e214b725e46d4c4a9c88c", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466291, "uuid": "40624e2b-a8d6-4229-b99b-b4091cd3133a", "comment": "Malware payload (Guildma)", "value": "a56a111f67a971c6396c6cb56ba955ab7f05ca08", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466291, "uuid": "f9b89727-2117-4c0b-8238-603dd643469d", "comment": "Malware payload (Guildma)", "value": "09b62350e8e53f2dde98b6d98ad1da28953769a7dc8859b35c2a72b4001a7d4e53ec754e37da6e701412e7c999d573ce", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466291, "uuid": "299f746e-56ae-4b6c-88b5-e85f8cd4b953", "value": "T1FD12CCD9FF97D26A7F70E155A0B00C06EE2EC1B682148CE4B534D6C6F1F8B14E2E6246", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466291, "uuid": "ad711e35-440c-4a0a-96e7-6b64574540ef", "value": "192:IzuNQkVGQJ3QlQN7uqXvQtQjQYHf3phQMQK8dQKJhQO:IKCzQ+iNMiswy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466291, "uuid": "2ca8cecf-85fe-44ad-9879-9bcd1ba67536", "value": 9734, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466291, "uuid": "ffe9df0f-2a42-4c51-bd5b-ea1bcea48ee8", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466291, "uuid": "d1f35b77-cbd5-4d0a-80d5-afe1ffc7bc1c", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdae75fd-c86b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679460085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460085, "uuid": "0890f977-a44c-4415-9196-e65a08c45944", "comment": "Malware payload (RedLineStealer)", "value": "10db1942bef56829f1478f2b42a843d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460085, "uuid": "55bae9ab-8040-4c39-96d0-96523388034a", "comment": "Malware payload (RedLineStealer)", "value": "184f4cdcc8095e694f876a5806f2446eab09cb0f7876d2cce7f5c4537cfb1b09", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460085, "uuid": "50defc29-549d-4833-af8f-03db0e457181", "comment": "Malware payload (RedLineStealer)", "value": "8218f1ac465ef94ac59da608316b915fb888b904", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460085, "uuid": "f25641b4-2b6b-40e4-b6a0-9eeb5c5c360f", "comment": "Malware payload (RedLineStealer)", "value": "85582096be654c290639c2b6344cea2d9a28377595840c65336b1009d0a9d728b81f8a4ee71ffb9b47ba27c3e5bee4c6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460085, "uuid": "871d61b7-e770-4cd3-8ecf-54bca96b7308", "value": "T1E374F11173E2C073E5A745794A6ACBB09E3FB8705B598ACB2B8057AD0E347D1DE36306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460085, "uuid": "8101e9aa-a011-47fd-9981-f4b39eccf63f", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460085, "uuid": "8c4d19e4-51d4-4058-a11e-108c70239556", "value": "6144:9480lL2LXU6Vyrr8DMDfaaAql1c/FI2kn4ehv4ikYdnrS9daTT3:mTlL2jU6VyrjfaPA1c/F+nvhQdanrS9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679460085, "uuid": "4a495d01-f40c-46ab-87ce-ffd1f1f090c6", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679460085, "uuid": "0f981e66-8f02-4032-9d28-bd1e70ad986f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460085, "uuid": "a2c05380-3a0a-4246-b2d4-7a393bd1370a", "value": "10db1942bef56829f1478f2b42a843d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11c6c049-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473514, "uuid": "141cc5e1-48a6-4e92-a5c9-13c52f6cd71c", "comment": "Malware payload (Heodo)", "value": "581709f6d99126b05d3cfd3e88a07438", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473514, "uuid": "9d9557b8-1e52-4cec-9684-480825bf2389", "comment": "Malware payload (Heodo)", "value": "1858af1beb761e5763bd2af55e4e3ccc3c48064061ab36805f405ed8162a3dc8", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473514, "uuid": "b6a31d39-dfc4-4063-9676-8fe96e20ef09", "comment": "Malware payload (Heodo)", "value": "5cf5cff07e700adcec8fb7a0696a7db524a40a30", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473514, "uuid": "b2622e96-f4f8-4122-9c8a-e59fcefb8145", "comment": "Malware payload (Heodo)", "value": "07e3a8216ec9a2c00963ee02ddbbbe6b493af2e73da0db2606e5774c24b0cb2289fd94a8671fdf69236aada43b59b7fa", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473514, "uuid": "d714e80c-226c-473e-8cad-43cc12db4586", "value": "T1B5F402389E26A030E67CC1782DBBC7C6E7B23B7C904DA6ECF559416C8902A153E71D1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473514, "uuid": "c95ea612-9afb-4240-8d95-7fdeed242609", "value": "3072:eSgWiG5Z++yxJU4djtxx0SA0cEaEwj5hsXk6h4x3OOPi+RA5KYncoJMb:eSXvl4djtxx0ucEaHiXkllOU9o/Ab", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473514, "uuid": "eb4f798a-be6e-4a76-ad8c-2148faf3409d", "value": 735211, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473514, "uuid": "323011e5-34fc-41f6-988e-57baf8139242", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473514, "uuid": "85ee59fe-2c9d-4a01-a0e8-ad674bd3a104", "value": "A 2618033.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e0c05af-c84e-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447469, "uuid": "bf27c9b3-5550-4b84-8d68-301acebb7dc3", "comment": "Malware payload (LaplasClipper)", "value": "eaa8dbc48c3f6d5a935141690bed014c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447469, "uuid": "c556b175-1c87-410e-a6f0-d8c6ab3ddb04", "comment": "Malware payload (LaplasClipper)", "value": "1863e62e713302b15c27801878cc1a085e6e0382bd4cc719e2ecb254d0a43051", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447469, "uuid": "636f9703-7025-4949-a155-05b55e23092a", "comment": "Malware payload (LaplasClipper)", "value": "5778105a7e42446503dbfc69cbbd20bfd148f444", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447469, "uuid": "9f2cb243-1a39-472a-891f-fe729ba35d5f", "comment": "Malware payload (LaplasClipper)", "value": "623997c9d4791e0e8e37dc886476f8b10a6bd212c48903096b1f99b5a9331b33cba0b52ba36e936f3b92f3696f738211", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447469, "uuid": "f74c9c24-df9c-4cfa-8597-b432df05f51c", "value": "T17B95F11392E27C55EA168A739E1FD6F8B61DF5709F493BA632089E2B14B03B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447469, "uuid": "748ba60e-ca90-423e-bdfa-64ba0ba416cc", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447469, "uuid": "e9b93239-d561-43fe-ac67-a66875ce97e0", "value": "24576:dVPcOBkwVC63STHaiNdh8fB8dmwJVoYIlpQI0gneH3Lwk0zcdfKkQE/VQmwzQcGK:dv9LkxdKf25gneH3LwXYKkkXQeoP1w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447469, "uuid": "53208d2e-06c2-4802-b69b-9270af4e7652", "value": 2028032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447469, "uuid": "0b205aae-1845-488f-a3f6-214bee4412d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447469, "uuid": "7c3c7b96-8cd1-492f-b10c-3e5706f04487", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25be230a-c8b7-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679492445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492445, "uuid": "90a2919b-9cd8-4ade-b472-8f66f0135547", "comment": "Malware payload (Amadey)", "value": "1d053fb5345a164b175cc83a06b23682", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492445, "uuid": "e8f9aa5e-15da-4758-bd25-bbb53b12414c", "comment": "Malware payload (Amadey)", "value": "1894f6f203ec78738b5a47e68d6bdb70261a4ff0212bf516c8ce47cd61997dee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492445, "uuid": "56b4f704-9e02-4849-858e-402a06401440", "comment": "Malware payload (Amadey)", "value": "d831dbb4f0d1ef63fd24e2282ac6de40b792a902", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492445, "uuid": "c169943d-1b64-4fa8-b0cb-f083e22ec2c3", "comment": "Malware payload (Amadey)", "value": "7b5cb75d147f1ac23852328998fcae3bb8d477d07907900ff489204c1d5dba19603287c92cd0fb22703b834517107619", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492445, "uuid": "612620df-6703-43df-baaf-04a962b422f3", "value": "T13C252313BBD84872C97567B06CFA12830D37BCA199B8C17F2652E45F9CB29C1A47173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492445, "uuid": "24694cd6-972f-4cbf-99c1-13fc5792bf9e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492445, "uuid": "ba9a872e-ac8a-44ff-850f-ec0304f7e033", "value": "24576:9y7pMbLKDyopd9jt6RMDr3jg3h6Z/HcAn37FDkH:Ye33opdeRMTC8/HcAn3RD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492445, "uuid": "e1d6d548-ecb6-40ce-8d5a-0868f29d19fb", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492445, "uuid": "0018fa8e-427e-4c82-b7dd-4724b94715a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492445, "uuid": "ef8d552e-7c3d-4687-b16b-90007c6b0305", "value": "1d053fb5345a164b175cc83a06b23682.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "853a5e67-c89a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679480150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480150, "uuid": "8a476af4-e761-4290-b6b4-d6beb2454162", "comment": "Malware payload (Stealc)", "value": "3011d8256ead8820223359556ec2c85b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480150, "uuid": "7b07173f-9026-4fea-90ab-4a12abf75df4", "comment": "Malware payload (Stealc)", "value": "1978eba30a4ec1374d09affead3a90d4175c97e58f34497d798aaa56e685df20", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480150, "uuid": "e138dc55-4827-4db2-9d04-b8b083cfa3e7", "comment": "Malware payload (Stealc)", "value": "403343881d8440f0cae73e82bc41b32c8b9d4816", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480150, "uuid": "d003dfdd-b35a-4dd2-aeb3-20d687dbc6cb", "comment": "Malware payload (Stealc)", "value": "c637d4fbfe8c11412d4bbb9b498659c9e067337f2465bad77ce39f82ed0a3b362cc86fb923fa33597a4a95651d9764b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480150, "uuid": "02fa3385-d81a-4e1e-b29b-cbdeb776a6c8", "value": "T1EB747DC253E16C20E5124B32BE1FC7F86B1EF8609E557B6E2359AE3F0970163D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480150, "uuid": "1e055c45-c0e9-48f8-9126-6f539aa5fb7e", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480150, "uuid": "171630f6-b046-4a6c-bcc9-a3eb06861d1e", "value": "3072:040TlxQfw/y/7juaehfHY1Agbv6oL4OHkfk235cDk5v0WKSNyg/fbakoggwn0JV:O8myVs/Al4OHU3ODkJU6f2E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480150, "uuid": "0d891b84-80bf-438a-87c1-3932acfbf970", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480150, "uuid": "1cb03657-d0e8-479c-8cac-1df622f10dc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480150, "uuid": "3a78d2a3-6ce7-4976-8394-2795f0693b88", "value": "3011d8256ead8820223359556ec2c85b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a565cfeb-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466030, "uuid": "85e4b6e2-a446-426a-8520-e02cdbf73fb7", "comment": "Malware payload (RedLineStealer)", "value": "1828d1b638d8fb4e35f703afaad96dec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466030, "uuid": "db5f83aa-69ef-4577-855a-af7ac3016d12", "comment": "Malware payload (RedLineStealer)", "value": "198080916344b396a0f74f19017ecd619e599da2f8aa290cb82e839efc6100c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466030, "uuid": "0ab5870a-ec91-40bf-86a6-e18b8637215a", "comment": "Malware payload (RedLineStealer)", "value": "d3d2b8e38d8d168c92fc776df6928295cf5184e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466030, "uuid": "48cd2527-1e17-47c8-b1bf-501373f240b6", "comment": "Malware payload (RedLineStealer)", "value": "cd1478bd0bfa61ae0e5386ef03fec215e0a10033852140ceb5d32634c8851609c6f7626fe0b9876ed0df266dad3f00b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466030, "uuid": "835c5b10-504a-417f-9990-52efdec1e721", "value": "T133C41256FBD54033DCF82BB04CFA07930F34FC914A38971A2785695A1CB2B95A87672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466030, "uuid": "d97e7749-1c23-4d08-843d-d29fa48fa766", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466030, "uuid": "bf4898f1-4827-4a01-a840-a8aab1860f6f", "value": "12288:SMrsy90vywst+UK3oCUqhjLMekz7b+TQuH+fiy:6yotzd3oCUPeyAH+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466030, "uuid": "8cfc9ed3-f433-4347-b571-709a025bbcbd", "value": 552448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466030, "uuid": "ddeab1bc-59c7-4124-80e0-2be878a6ffb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466030, "uuid": "373e4780-83ba-40ba-84de-855dc6f501f1", "value": "1828d1b638d8fb4e35f703afaad96dec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0234bd4-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679481940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481940, "uuid": "323030eb-5aaf-4fb3-a40f-02200731dba3", "comment": "Malware payload (RedLineStealer)", "value": "e913835b6debc148c55827c2efead947", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481940, "uuid": "219434f2-7b79-4a66-8698-cd78eb54eac6", "comment": "Malware payload (RedLineStealer)", "value": "199805e4453100bd90ae1581a4b5384db3ceac6d9896c1a89660b065ab336719", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481940, "uuid": "d14cbad4-c46a-4f7d-be96-993321842fca", "comment": "Malware payload (RedLineStealer)", "value": "5ca2538bacdd7263b144efe48dbe40887388ec4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481940, "uuid": "63457e2c-a8c1-439f-9423-fe5372848dd6", "comment": "Malware payload (RedLineStealer)", "value": "43d195539e4ceec72d9a5b906c0aafafe6d969bd12b33abbb50ed9bbfd8dbe18ee8257df600f46d0f4a71e103920d565", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481940, "uuid": "b9688a9e-898b-497f-bc13-12cdd926a65c", "value": "T1CD252382E6C9A437D4B52BB008F663C70F357D615D3443DA2795AC9A0DB32E2A17173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481940, "uuid": "956cb468-187e-433b-ab03-d264f4b540dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481940, "uuid": "ea1457dd-4dde-4810-bd38-d3231cd546c9", "value": "24576:cygg1ZQXnh5g5/gL3E18TCU0xdvDf8tAs+PPAX:LPeh6GLFCtd7fYAs+PP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481940, "uuid": "fad5cf60-6ca2-4d84-ae9c-49c9dafa7e25", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481940, "uuid": "17b6dd38-0de0-422d-a3d2-26de698b999a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481940, "uuid": "a4214156-b2fe-4bf6-98fa-d3f51009094f", "value": "e913835b6debc148c55827c2efead947.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a647b6a-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511941, "uuid": "c85d58f7-a4d5-4a0d-9f2e-6a3b9794e3f0", "comment": "Malware payload (Formbook)", "value": "0d059cf7e21ac83ee29e14e0692b8d83", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511941, "uuid": "dc23dcdf-f8b5-4a5b-8275-e353eff68228", "comment": "Malware payload (Formbook)", "value": "1a5f6d761050ca929b99fc66e7c4b57f321421a7372dc752d8000e79bb920ca0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511941, "uuid": "ced48317-2072-49e1-94e5-dd29da8680d0", "comment": "Malware payload (Formbook)", "value": "0d9144b1f7cf02b9c1467cb6e7eeb628ff7e0b8f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511941, "uuid": "32559bdf-b2db-49de-bb15-1f393e845179", "comment": "Malware payload (Formbook)", "value": "5acc9c855fbccf3fdbaeba731e04e9fbbe1ec1b1fdb456c9c61a1b8a869724f6c5451c884ea582f67852839b054b3965", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511941, "uuid": "a2a1a3bf-7c13-4fad-8da5-ed66b43fa382", "value": "T1744412852B38C497F522373E9EB9472BEBE5AE300850275F0790635D3CB2651C57E7A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511941, "uuid": "3d05753b-1b61-4285-af2d-618bb0fa9f39", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511941, "uuid": "38b7c62a-cdf3-4e2c-9fb2-a150d7ebe025", "value": "6144:/Ya6L1083JQ50b40LMYzFykJFq5jfhqwQ9A:/YJO83RXlzre58U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511941, "uuid": "09d5e123-2923-45ac-8719-73f34f0c59a4", "value": 255651, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511941, "uuid": "000581bc-9867-4075-bd4a-642c02da6fcb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511941, "uuid": "5aefaca6-b410-473f-ba04-d0df5e3d8120", "value": "0d059cf7e21ac83ee29e14e0692b8d83.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00d035ac-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679512140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512140, "uuid": "937cc79d-f22e-473b-9974-32834a7de326", "comment": "Malware payload (Smoke Loader)", "value": "96cf925b7679c76f3307dc926c196006", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512140, "uuid": "2f3d0a69-572b-4fa6-8cf4-0dd65b38ba07", "comment": "Malware payload (Smoke Loader)", "value": "1bc8d666e4db3a12f4b6c39367aecc4da6d0824965842f4d0dd714cc9d7e0e40", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512140, "uuid": "e77b987e-34f1-4764-88aa-f272a1dc7d65", "comment": "Malware payload (Smoke Loader)", "value": "a6b4558585492fcfa208b8e34bc99425944e825c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512140, "uuid": "7ca0e6c4-6efd-416c-805d-3d0e2e0e69a0", "comment": "Malware payload (Smoke Loader)", "value": "3cc6435580b3cc5a8de144660472e4af579679189ef2697066ef15b15e92f5a65099c3bc9e55e7ee0941b33deec0ab8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512140, "uuid": "9b5faae8-a6fe-4ec4-85e8-ede48df20ef8", "value": "T19B444A1392A27D51EB66CF728E2EC6F8765DB6708F49776632189B2B04B01B3C263711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512140, "uuid": "06e93075-f40d-4ddf-a01b-22fdc1505886", "value": "d46275297bb5ddf343b2027130d69c75", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512140, "uuid": "1747c12d-ebff-4473-9113-4a4efd6a7c15", "value": "3072:URsoEfeLVeB6U8XifhRLknsNJHG9pXgh3ey7y2MGCYhuh5m5aDmUhENRDhGFpy1p:XfeLVfZijsM5GPwde8X4Ja99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512140, "uuid": "c5c846b3-2f51-4d79-a510-e2b7387ab986", "value": 267264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512140, "uuid": "c9182cdb-0a40-47b9-9f9a-54d6e99f21d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512140, "uuid": "80b112ae-1a03-453b-9ce3-93864eaec598", "value": "96cf925b7679c76f3307dc926c196006.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae4b2b49-c873-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679463468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463468, "uuid": "0275197d-7efc-4765-9013-8a92e5cb106e", "comment": "Malware payload (Loki)", "value": "9afbec45bc00b7d945a4194fa7f8b263", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463468, "uuid": "4ed51223-09fe-4df5-be8b-5a900b645cfc", "comment": "Malware payload (Loki)", "value": "1c9d0a9e692e34adb9f9de21ab971767716a73ab5e0ee2ddefb7c6fb7331fbaf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463468, "uuid": "f42a6c1a-0f7b-4887-ad75-a470df3ddd38", "comment": "Malware payload (Loki)", "value": "adc2826775173abb0fc9108d250093989e424c4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463468, "uuid": "b35ac741-b919-4a73-b801-0242254848b6", "comment": "Malware payload (Loki)", "value": "8537c69d2e42288906a8a02c5d1e56bf46a32f72d591fd0062e4856daf6c0d31d4ee8a6ae0c8086dee76f367ecc38a01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463468, "uuid": "2708d399-2a34-4935-9829-0da7f906be38", "value": "T1EB25F11232944712E4BC1B7456EAB7C0037FAFE172F2EA8DEDDA34D54A71794A902E07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463468, "uuid": "087cf76e-7b5f-455d-a217-355da62fe7a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463468, "uuid": "4462cdc6-3265-47be-935a-8efca3fd1e6a", "value": "12288:9cZJUyXZXDISLwe9liOY8q1ef82VB4zqy8+jrwxBD7w/vRSzl06/TgTU4yqY94tE:I1XziOYB1e5T+8QGVUR6l06MFg48", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679463468, "uuid": "355d8668-41f9-4b93-88c2-f7016f2ecd8e", "value": 1055744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679463468, "uuid": "f793c06d-39ff-40b3-a076-5de40846726b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463468, "uuid": "6c045ce9-affe-4c5e-9e57-24413f8386d6", "value": "SecuriteInfo.com.Variant.Tedy.303850.24559.22264", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67ef0a66-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469363, "uuid": "e5254915-bb86-4264-a11e-e9d2d89091da", "comment": "Malware payload (RedLineStealer)", "value": "75d45ac139ac9630ef44d1952e574633", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469363, "uuid": "eecced61-8418-4b63-88e3-3d62ac905b49", "comment": "Malware payload (RedLineStealer)", "value": "1ca7368f52844d39bf76fc1b84ab483f2e1ad0e8ef9969fd369c977cbcf2673e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469363, "uuid": "8a95cb5e-7dee-484a-9a5e-9b0af418f247", "comment": "Malware payload (RedLineStealer)", "value": "e684a7529bcb2be60468c88694d81d26cf82677f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469363, "uuid": "4c4d00a8-ecee-4cf2-94c6-a914bdd1700e", "comment": "Malware payload (RedLineStealer)", "value": "206ab5653c98d277bd8d870ae7b0072672eb07cc7a245ea16e5d75fab7dd33044a3c7c8f5ed6c68e45515db09d57d764", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469363, "uuid": "43ec0d58-1350-4307-87bc-e0aa40b98f0b", "value": "T105720C0FAA834423F2014D308BD692E21BFE7C1376D37A6FEF40168914E19595AD6EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469363, "uuid": "c7aba577-22e0-4f36-90d0-b0d7f1f7e119", "value": "7561f617f3827674993d78a3c48f4610", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469363, "uuid": "024b57e4-df7c-4d36-b54f-a1837eaeaba3", "value": "96:kIVg6r1wCCbBarsanJtRHJeZW+RElJ869X/QNsgBSEnrtDINyncI+vL/mg56NM69:LVZZrDRgAKErnEnrtDINynT+vCgcNX9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469363, "uuid": "55445c04-972a-4640-af56-41717bdc5e2a", "value": 16384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469363, "uuid": "bb1e11b8-2b92-4341-b87c-9bb0084aac32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469363, "uuid": "64d970b1-0666-494a-89c6-5bbb95e5018d", "value": "1ca7368f52844d39bf76fc1b84ab483f2e1ad0e8ef996.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "347a57e2-c8dd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679508791, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508791, "uuid": "acfbca26-d0c7-4b05-a712-783b961aa9a7", "comment": "Malware payload (Amadey)", "value": "97db31adf01533c265b499816678c8b0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508791, "uuid": "3fbd982f-c7df-4805-b3dc-b4f40409af4e", "comment": "Malware payload (Amadey)", "value": "1cabbdefd3f0141e06d0ff0035842f72d510fc01082c8fb8364292a63ad760ce", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508791, "uuid": "a2bcba08-00cd-430e-82e1-c1c57ea1bb95", "comment": "Malware payload (Amadey)", "value": "d3ece081db72c74da1e263a92e86936d5cb809d5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508791, "uuid": "fec26751-911c-4df2-b171-ad4f497a665e", "comment": "Malware payload (Amadey)", "value": "d265fa209dd19000adbe9982cf034b676acbc9805bc6bb41bc3b423244bc88c9d23aee60a8858c821729a173db9a0e3c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508791, "uuid": "3fdcf0b5-8b7e-4c32-9356-7cdc9732e698", "value": "T1FA746D0252E76C20EF2246328E2EC7F4261FBC619E5B7B6E134DEA2F0D741B1D662715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508791, "uuid": "0f859ac4-b3b7-490b-b063-891d7227c1d6", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508791, "uuid": "3dc110e1-8106-4375-b6e5-b63867910e97", "value": "3072:Zud3+ey1hPF9K7/oIj3YpCjuzuuTe+rbP8aOa48ePXxhuiR7bemc4rOCdD5n4+VV:ZuUb8m86KubkaH+PuiNemc4iCJN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508791, "uuid": "e9d16187-fe4a-4dad-aaca-13e1a6a55fa8", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508791, "uuid": "4930ae52-c112-431e-bde2-7678eb39e0e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508791, "uuid": "5e6f3746-f74a-43aa-8fdd-d26e38804897", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83f15d2f-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472846, "uuid": "718946e0-9b55-47cf-a204-9b20d07ade87", "comment": "Malware payload (Mirai)", "value": "8f733ee162c9174a1de08c824d457cf6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472846, "uuid": "ed423ee9-84c8-4b17-bfb0-54cd03cce46c", "comment": "Malware payload (Mirai)", "value": "1d86ada35fd0c9cf29e5568512746a6a2e6b5774b8416828777ed1fe6f475f3e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472846, "uuid": "59c463f0-41f0-4213-ba06-2466b54268a5", "comment": "Malware payload (Mirai)", "value": "a79abbee551c1371b5fdff2811cecde6f34b8b09", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472846, "uuid": "35f3fe3f-5771-4ed0-a982-8f88262d68d1", "comment": "Malware payload (Mirai)", "value": "bc93f9cc55f2d05f4335d940099b3fd14b6353e7c801a350a29776aab1714ff412e7c32d5171a91420c8fc9b7757115a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472846, "uuid": "5b929848-1237-49b4-bc06-5b7c3cb5625d", "value": "T1F7633A9AF802DD7DF81BD77A4457090AB530F3D502831B3B6397B9A7BC721A82D12E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472846, "uuid": "58f0eed4-57a0-4a5d-83c2-090914d905ad", "value": "1536:wqgwla55sG0DYbrP8VQTM1/x9AIJdJzbO9r8mNQAq:PgAa5+bEbrrM1Z9TJ/VmNJq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472846, "uuid": "24f6dcc6-cff9-4aa4-8ed7-81a8687f9be3", "value": 69612, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472846, "uuid": "6526fcae-f41a-49bb-a156-629e93f2d658", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472846, "uuid": "6de07b0d-ef8f-459e-9408-16c036003cf7", "value": "8f733ee162c9174a1de08c824d457cf6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b22fde8c-c8e7-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679513297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513297, "uuid": "c937f114-bc66-470c-a13c-37b1bb5f8f70", "comment": "Malware payload", "value": "a360ad818cd38ab5a82d672912c31d75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513297, "uuid": "29a51294-9574-4af6-994f-10fac6f5dbb3", "comment": "Malware payload", "value": "1d8be1366aea91f7eb8282e110bf632394e3bafae86bbfacbb5145da9c92ee68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513297, "uuid": "52046c12-0713-4dd9-a893-dcf3c7df9877", "comment": "Malware payload", "value": "6972666f8f35882fd55476fa14f324268ba214de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513297, "uuid": "7be98818-5148-4f85-8f11-d993997e4430", "comment": "Malware payload", "value": "0b7080b344f4828114892b23d6d50fe31166e743509f4eb2591de407837673e68d72a60d0c77bd2da3ffda5f8f44a16b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513297, "uuid": "de3905d1-b3e4-4837-8d47-76fdec4474d0", "value": "T181256D0413D9D90BD17CA335E4B152250BB1EABEE6A2E3EF094591FA1B73706BD81233", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513297, "uuid": "3024b488-bf3f-45ce-8459-18601bcf3827", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513297, "uuid": "3d82e141-2925-4216-9346-102851a59e8e", "value": "24576:+V+ESYi6VLhtshGekPyfWAO/1yQfU86QLKR0uAKsZXfgj1tTP2hUa46gCqEl4:+M38wTroqE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679513297, "uuid": "e284b198-c17a-4d1d-a587-9eba5367d943", "value": 973000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679513297, "uuid": "afb5e88b-1395-4dc3-87d6-002d9467848a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513297, "uuid": "f712f1a7-a284-45ff-8c8e-3598f6bc0043", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e205852-c88e-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679474957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474957, "uuid": "b7a6f11c-7f0c-4fe0-a442-d45ee8fe1f13", "comment": "Malware payload", "value": "00f7977e2833fcc4edfd13f978d2e9c9", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474957, "uuid": "5c27108a-f026-4843-a216-62270d4d110b", "comment": "Malware payload", "value": "1dc2d94462f30e8f97c740a578056634809f9bfef4e38d0c887fce98c2284c03", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474957, "uuid": "5d1d308a-12e1-4ae3-a8f6-0eb24567171c", "comment": "Malware payload", "value": "28e184a2233a7cafd447a5b5c668c4fb29ca541c", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474957, "uuid": "41631757-b1d8-4934-98a2-b9ace606c7cc", "comment": "Malware payload", "value": "9b2d1fd5e8c6db146a72462f25bba78e3cd1d53ebd55faef83246570bcc11b326b39e514b2454b8c9f2ad934ccd03407", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474957, "uuid": "0aeafac9-5536-411b-9300-b924a931f1db", "value": "T1817412A014753ADB0AF0B27714174A2D079FCFE54F10F4EFA6CA4586A22F517DE858E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474957, "uuid": "848e02ec-43a0-4ce9-bc96-bd472de55663", "value": "6144:/wtxlALTaOJXIkz8n9GM2VHn7wPDXLR/RkrEv/et4BIuIbLU+Kxa7xnu:/+efaOJXIb9GMgnoXLR/urIWqn0+P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474957, "uuid": "8d20599b-262d-404d-9394-b0fdbc0b319a", "value": 340962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474957, "uuid": "3513197e-10db-4187-a23b-28325c8f5181", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474957, "uuid": "1263b33e-86be-4d38-8d8b-369bd6d9bc81", "value": "Aktar\u0131m kopyas\u0131.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c23cc8d3-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447181, "uuid": "d73e9031-8868-4bb0-92c3-df610e355e50", "comment": "Malware payload (LaplasClipper)", "value": "2cab02f2e9bdffa47eabd1fe499cb659", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447181, "uuid": "b530a203-f26a-49b5-86f9-2f9dd8412a0f", "comment": "Malware payload (LaplasClipper)", "value": "1e85dc00b32d476b0f48f95c74b4d414a91144f5b181815d55908067ac0f25c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447181, "uuid": "a1ca1560-7370-49ad-94f0-6c4c9db541fd", "comment": "Malware payload (LaplasClipper)", "value": "dda9070cebb6e9f4cd452ab681815497d590a719", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447181, "uuid": "7bacfdda-7cb4-4353-8ae9-2cefcbf2d485", "comment": "Malware payload (LaplasClipper)", "value": "87e08c864d1990345c72894717f0e2df062268cef9cdf89263ace721c286e106145b3cedb6b162f058e663cdd6bde407", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447181, "uuid": "10818352-2efd-4c42-8227-d56939b38e4b", "value": "T1D395020392A27D51EA158B739E1FC6F8761DF6708E0977A632099F2F15B02B7C2A3711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447181, "uuid": "3e970d13-d2a8-411a-8b7f-7a26751989b4", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447181, "uuid": "8e5ab573-23c5-4ebf-91e6-d53c61c21447", "value": "49152:Z4W99T3jU5/iEhr9pk59e0GPkZs9M47Ke2t/vGlcC6H7WCag6lX:Zj/T3IFiA85GNKp5GlGH7W66lX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447181, "uuid": "48043668-3f37-429e-8f88-254704b4e82f", "value": 2040832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447181, "uuid": "484c03b4-037e-4b37-af49-9b1cf4b5d90f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447181, "uuid": "69b28c97-0af7-4ebd-8d2f-f3024919ba8b", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba04d1a0-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679512451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512451, "uuid": "8a24080a-b85e-4102-8cab-493ce116fbea", "comment": "Malware payload (GCleaner)", "value": "7c8bc88fc4dcde08fda121950b741607", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512451, "uuid": "ab0293a7-50a2-4ca4-8864-842283f5b832", "comment": "Malware payload (GCleaner)", "value": "1ed63828c472771cf59e95852088a702e381e3350d9c4cf831ca102d922e611a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512451, "uuid": "66baea11-7c76-4232-b203-53cca3800bfe", "comment": "Malware payload (GCleaner)", "value": "e654e807674334967b738057ea6d21b827a0a01c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512451, "uuid": "855a064c-3fef-42ba-931b-81eacbd646c7", "comment": "Malware payload (GCleaner)", "value": "69531dcf3e86094161b1ddad45e3e18843e0e3463f40795da23e6f3986c7bcd13aa1bbef644b7db01d28f0cbc3195d58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512451, "uuid": "e8f6e863-f8dc-40d2-83bd-3a52bf363985", "value": "T19EA5331699CF0A30F55AE5F8B580473F4FAEF6520C6C6448D0DA4EAB1B368C5C6DBB42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512451, "uuid": "964408cc-856d-4a0e-af7b-9449195584a9", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512451, "uuid": "940dbc50-8e15-4c58-8cfc-c724d94999ff", "value": "49152:EGlJfs/Qq/vsfccJReTkMBuyJ/WyFMHQh3qrDIHxAUZl1ufBDwPj5dlLYp:5mQq/vsfOu+OLw9yI/Zl1ma1PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512451, "uuid": "f037c3ab-3017-4e22-90ca-df56569839bd", "value": 2199093, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512451, "uuid": "b644dd9a-11e5-4684-b872-5f01da961448", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512451, "uuid": "1581ba5f-4c7f-47f6-9b30-0d8fcbbc079e", "value": "7c8bc88fc4dcde08fda121950b741607.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c92134b-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511730, "uuid": "47f07680-ab29-4f8b-a385-3180166725d5", "comment": "Malware payload (AgentTesla)", "value": "f4e50afbf350be9c8ef2f1438651d6f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511730, "uuid": "68b39518-0c15-41db-83fb-41cab360800b", "comment": "Malware payload (AgentTesla)", "value": "1f1ef5b3b5392d41a5a3419d9760066f8f6e2c55e352c92f5b3344be3c214aa3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511730, "uuid": "636ecf6e-68ff-4d7e-83fe-0b70cbfc545f", "comment": "Malware payload (AgentTesla)", "value": "94f91ac4ebfc4fce5b637f3211abe636c8da1b29", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511730, "uuid": "0ba88efe-6f0d-4f01-94f9-7840db437735", "comment": "Malware payload (AgentTesla)", "value": "2819746247ecce12cddb5c52dc7e9672b2b51ab1326b631d7eae61eed79986748dd9c305ee8bb00362e6e8d8ac57c151", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511730, "uuid": "5654362f-6d98-4821-9b85-e4bcfb6cc788", "value": "T11B051215B1D6CB6AC17817FB52A7422443F7B39B7533FB8A2E8404CA6B533D44B11B8A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511730, "uuid": "99a78f42-5beb-40a0-9330-e4d69bfd30f3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511730, "uuid": "f6b3ee7b-ce84-43c2-872f-cda49203d12d", "value": "12288:gzKZ0A9nyjxp+bxrmDsevv9qnW72uonGRCqdeZBaTRBt+2:iKZ0A9nytwxiddqW6btyPTt+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511730, "uuid": "4a39bf13-1745-447a-9849-11c9af31434f", "value": 795648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511730, "uuid": "b1dcb06f-e758-47d7-9f91-6516870109bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511730, "uuid": "0b0ce90a-943c-4b5b-a787-c79da015efd9", "value": "DHL Original Shipping Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53a5769a-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512279, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512279, "uuid": "96a001d8-387b-4fa0-9f20-145e868396ee", "comment": "Malware payload", "value": "4a8c83c1b03f19a953a04ce1d2905b7e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512279, "uuid": "d8ef72bc-bfef-4696-8bf4-36b9c7bb8053", "comment": "Malware payload", "value": "1ff0fcdfbcb2a04aa6a1d76f399fb1f9b538424c3305862b09f130120026356e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512279, "uuid": "f2cf6696-f12c-4ea5-873f-1ef3e007744f", "comment": "Malware payload", "value": "860a2d97915ea457a60945d558697c43cb46a1f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512279, "uuid": "0952c094-2b2e-4045-9ef0-4c56abab62fc", "comment": "Malware payload", "value": "7c21528aed955ce8dd850d111fd5be3a3fb8691e58211381c23b7d1a0c9ff44657aabbbf7bd5b05f11703c485595fbfb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512279, "uuid": "20a65561-e856-4a73-9e98-9ad62abe7aa5", "value": "T16585AE725DBAFD66E2ED3FB4B01129D8DDF804179B5AF644F84228925EDD3888E011E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512279, "uuid": "1c95c9b0-c2ee-40a8-b440-ff0c1269e7ba", "value": "24576:oafQKgqtAyrUFdRZTbwcXE1Rw2qs9kpu2ny/v/LtGZsYjot0+iEzyLU/E5h8bV24:oNwcXFoaU/E5h8bKlsy6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512279, "uuid": "6abd9b7f-4573-4992-ba44-0c05b064c9a2", "value": 1760719, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512279, "uuid": "7d537d96-325e-4d54-8975-9f781cd80223", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512279, "uuid": "4bafc0f1-e881-437d-b4b9-5ca0b5a5c6e1", "value": "4a8c83c1b03f19a953a04ce1d2905b7e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "baf95fe2-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679486683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486683, "uuid": "83390c55-0c89-4325-b20e-9a42a7d4fccd", "comment": "Malware payload", "value": "aebfef156850e4bd49a830fce964aea8", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486683, "uuid": "b1637b37-b93b-4086-8d87-d6874a5bb740", "comment": "Malware payload", "value": "1ffdb2bb93c0449bfdb29d98b509dbdb2fb99f753ccc426ccb1719b3814ac1f2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486683, "uuid": "2d6a2e79-3eb2-4878-b3aa-f6ed1483e23f", "comment": "Malware payload", "value": "459035a220ed18a0c4d2166e4c3bee8fd650c3b7", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486683, "uuid": "4172eed2-e8fd-4ca2-a5b7-fe655ff4ba5b", "comment": "Malware payload", "value": "eebdee0b487dece1a6c5a9f600b51301a2c2a3e67f7a1d11554311322f3d97a007ad7e02d80a73921fc97182c3eb863b", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486683, "uuid": "ef4eb347-81b0-49ec-af78-389bfd19c30a", "value": "T1A9A3E18D7B90C462D4A05C360DCBD4C75774BE52AE62478B72C4BB1F7C3AAC0C562667", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486683, "uuid": "2a947c97-13d8-46da-977a-e7dfe6d15ae8", "value": "3072:3OnhR74YhGRCwAmXqlN7gwmbbYIOFIMKkKEfZaof:enkZNAmX27kbbtO7KkK2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486683, "uuid": "53b65d0d-3a72-4e20-a55e-0e99b58e623a", "value": 107008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486683, "uuid": "899fe173-931e-4c5f-a8dc-f7a065fd87bb", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486683, "uuid": "11dc45c2-e585-4212-a862-fb9819fa752c", "value": "aebfef156850e4bd49a830fce964aea8_PT. Geotindo PO.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60eed211-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679500275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500275, "uuid": "1657885e-438f-4342-8dd4-13c10123af38", "comment": "Malware payload", "value": "fe9261575638dec5742ddfba5b5fb19c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500275, "uuid": "7cb916b9-0a2b-45d2-9e12-b47f73c32cde", "comment": "Malware payload", "value": "201f53068429e57f2aefa89699e780375f39d41267173966c1c2adc3f62b0227", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500275, "uuid": "8bfe0081-4b0a-46f0-9a15-e9b6d8230a52", "comment": "Malware payload", "value": "4dc2e4f6556cfcf86d594de9bdd5f66fd9979cac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500275, "uuid": "91f8d372-04a3-4323-afae-a8113e5aa44c", "comment": "Malware payload", "value": "4a1f3f909563ec88e413f52c22cd9eb1f957e65948a2d86bb0980e00c60c19f9472b55fab2f5d96c3147332434331f48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500275, "uuid": "50f5613e-5d62-46ba-ba5b-7e5ff73de687", "value": "T1EBE49E26F68740F7E95120B054BADB725939BA39073A5AD3BBE03D391E201C17A3D35E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500275, "uuid": "94c43aba-6159-491d-bf9b-f7b748ce1439", "value": "376583ef03e4007760fb1259334fc710", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500275, "uuid": "4083a03b-239a-446b-91da-ba84d5d48e76", "value": "12288:DTyjXW+48qWywrU4kGFezOAVuJ5PIGww7F5DO3HYffY:fIXW/8yw1ez54lIYF5SXYHY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500275, "uuid": "79c30424-e3fd-423f-8194-8a0760488b7a", "value": 680603, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500275, "uuid": "203be2a3-3b41-4dd3-a6c3-44593ae748c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500275, "uuid": "81733a73-9c62-4af7-95a5-af5636fb84bd", "value": "outdoor.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5a66046-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679467829, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467829, "uuid": "8bcb49c0-359e-4516-85b1-dd7dd22229a8", "comment": "Malware payload (RedLineStealer)", "value": "a1f3a6b56cd0b6f8d678b85498dc8dfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467829, "uuid": "12207fad-69e0-4c83-af6b-14819c10ecc8", "comment": "Malware payload (RedLineStealer)", "value": "20af33cfb8ebdb16686670c55fadbddc9cdd4caebebf891887654fee09ef8888", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467829, "uuid": "a90abddb-70a7-4c99-b584-158ee28ad75c", "comment": "Malware payload (RedLineStealer)", "value": "900f0b058828c5d12aedf61f61f187fd663ad412", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467829, "uuid": "d365b755-59b4-45a2-93ae-4fcbbe00fe40", "comment": "Malware payload (RedLineStealer)", "value": "7f09d7f93a9f75cb78ee64ccdb24480cc3caa25db852a7bf57692fe8c0c51363f62886376396dd50d6443c8970be7fdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467829, "uuid": "96e91956-f648-4d42-9134-e0fc44221e74", "value": "T16855E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467829, "uuid": "72713b3a-5695-4414-bcb0-e1d1edcbca75", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467829, "uuid": "843a9ff5-016b-4f11-adac-66e655fba5ce", "value": "24576:FnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:ZC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467829, "uuid": "15d14ad8-b67e-49cb-a48c-eceea3e53293", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467829, "uuid": "e006f90a-55e5-4e1a-8fd9-ead894f2277c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467829, "uuid": "9a31b031-c838-4b54-9026-fdde23457dfa", "value": "a1f3a6b56cd0b6f8d678b85498dc8dfa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5967c68a-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471916, "uuid": "25227672-4b77-4771-8e06-fdf94cfe6b61", "comment": "Malware payload (Mirai)", "value": "63190ec8f7bfe0989444d3e3ff7f4d54", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471916, "uuid": "630b3768-d86d-4983-ad98-068bc64802b4", "comment": "Malware payload (Mirai)", "value": "20c88d01c9b79c7f4c6029487d6cfb7cca5fb18edfbb8540da9e959a4caedc0e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471916, "uuid": "5d879f16-fc91-4896-bb9c-a82c736e46dc", "comment": "Malware payload (Mirai)", "value": "308f5ae343b0f027300265159a6fb004630634bd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471916, "uuid": "6c92011c-07e2-4048-a11b-47c1378389c8", "comment": "Malware payload (Mirai)", "value": "ab14ca89495f4c84d8282ddbb5ce54013707d3db26717327e7dbe38a3f062785c268ea21acf2811ca85a01dd58d2fca8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471916, "uuid": "acbe1127-16cc-4b5c-bafc-26b080eeeca0", "value": "T14E735C4AE6C7F9F0DD8605B8106BFB35C536A8322130DFF7E7D8B957AD92202905626C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471916, "uuid": "c8e17abb-fc58-4be2-9ca3-9208e6180bfa", "value": "1536:uimFftlNJTLADfBB+hMxXcB3ziik/nnqe6YDXdg8WLoSbCYtJ:uiIt947BPcBE9WL7bn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471916, "uuid": "0046369f-35ef-46cf-9f7b-a9c319878e86", "value": 78424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471916, "uuid": "ebdb2a29-165b-4f56-ab8b-e8b80ef72e83", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471916, "uuid": "07860884-4f00-416c-a02e-0c54d92e188f", "value": "63190ec8f7bfe0989444d3e3ff7f4d54", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cbeac47-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679486605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486605, "uuid": "024f3df2-4c02-437e-ace6-3553e13941aa", "comment": "Malware payload (AgentTesla)", "value": "68bd3273c9dd7879cc04c91efd4471fa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486605, "uuid": "09237777-3685-476a-90ea-4a144ce3704e", "comment": "Malware payload (AgentTesla)", "value": "2102d9af8a4655fa6da49edf860ee6a2c96db569ba88c330d51f941b28e22369", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486605, "uuid": "12cdbb25-c87c-4214-8360-cab3f3539fa6", "comment": "Malware payload (AgentTesla)", "value": "cc91ea60c55b6910230bfaabc5033e8340cb940d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486605, "uuid": "1fee696a-ef66-4965-8936-d12dc5b5758f", "comment": "Malware payload (AgentTesla)", "value": "09be2d077def6a4a918ae4ba3580441f38f82fe0fe603e28a774897db0f5fcbf0d28ec8bcc677646f46121b2c2e2e178", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486605, "uuid": "0a7ce7b5-e65a-4eca-95e4-181e1fad4e71", "value": "T14A05121672E6CB32D5ACABFE54A2962003BBA34B2633E7023CC414E65F527D54F11B97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486605, "uuid": "1fd8e2ec-1842-400e-9c92-b9502ff3139d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486605, "uuid": "638f565c-5f94-41ce-b978-7ebf5f1218a6", "value": "12288:dQemFe4hixguasdgOxwaEPTS8ApfMpBlyp5+zxCWvM:27Fe4giUR2LApfpp5+dCW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486605, "uuid": "a4b43268-7b27-4374-95a9-d623b05775a1", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486605, "uuid": "63f9a8a6-42d5-4140-8a9d-7955b500376c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486605, "uuid": "b4d6f38a-df3a-44e3-8903-68b1defe6ba8", "value": "68.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d95b6379-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679501766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501766, "uuid": "62cfd3e7-b2b4-4510-8745-909590dbb103", "comment": "Malware payload (AZORult)", "value": "f8787a0e6b80b20bb6da5bf6def1b828", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501766, "uuid": "5f5ea6d1-4456-4147-9226-497188924ad3", "comment": "Malware payload (AZORult)", "value": "21c1b0740fb8e13a15ad3c2f26b37e0093d9acd4d426bd3661d99a4996077f4a", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501766, "uuid": "e11e6481-1df5-4100-82a0-f51743cf6933", "comment": "Malware payload (AZORult)", "value": "2df604286909d6842c8506333db9ffc75b97753b", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501766, "uuid": "84378e51-35fd-42e0-a655-267323eae1a0", "comment": "Malware payload (AZORult)", "value": "0f63fe3a18319346535537aa5a8b8e2586227864c0ff320a7cb7811af36d6416c0cfb34d5dbc0513a838a7c982331937", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501766, "uuid": "d7c34fd2-0a9f-43aa-a0aa-a45d9121f8e8", "value": "T115E2A556E79F03B48B951177161E0BC9AB7DB73E335141A138AC823433AD82E4676AFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501766, "uuid": "0337cdd8-2674-40d5-b766-6396bdb59749", "value": "768:kFx0XaIsnPRIa4fwJMtNqnNYUFlH3sL9gJnPqZxzZLK/PS:kf0Xvx3EMt8u0dcbleq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501766, "uuid": "c8cb5045-e913-49be-bbcc-56c8ab51c2b9", "value": 31776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501766, "uuid": "7092be3c-b513-47da-8e02-4baaf441ff65", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501766, "uuid": "35e93dc2-57aa-4167-9e25-685e4a2f650c", "value": "Remittance Advice.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13af720b-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679481677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481677, "uuid": "8034939c-17ee-40c6-b533-299c7cc41747", "comment": "Malware payload (Mekotio)", "value": "bf536adaffa4aab7e0f2aaf7e95fee3f", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481677, "uuid": "e4730be8-71ee-45cd-b77d-3772d6bf7754", "comment": "Malware payload (Mekotio)", "value": "21d4fe071bba01c33a97b4c5b0bb5e995ea7b41c4281c1affc4b8b8b2857f498", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481677, "uuid": "08d61209-f0ff-4bef-87d8-442b28d5298f", "comment": "Malware payload (Mekotio)", "value": "a5afd77819a9e52fd600c408f649b50f4f73ea17", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481677, "uuid": "100bfbc3-edf6-4e92-9f31-c62489dc9f90", "comment": "Malware payload (Mekotio)", "value": "395fbb32c582618e75b9e49c3c70af3f33e649c1ad870914359727a2c8aa44e73ca85802bd17d6aab4941a5fa29b32aa", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481677, "uuid": "881be7ec-124d-4083-b02f-eb5da16424cb", "value": "T1DF3633C29ADDF37EC9353AE2BB87CB5D3571A67E2E06379257232E2B83250121874117", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481677, "uuid": "51f25ab7-eb2d-42ce-88f4-8d6359931909", "value": "98304:LTvfbOHdm+TrGMUmyZpryMfRM6d1Yo9gu+4waO99RoVd72fuoIoL4/arzGSqgwGI:LTHbOHdm+23xM6Mo9jEaO9gd2GroLqga", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481677, "uuid": "dc4a84c4-1418-403e-9274-0c852d654dee", "value": 5216176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481677, "uuid": "e845c5c0-7301-4fe3-b79c-ec0bb85c2608", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481677, "uuid": "8270bcbd-e452-40cb-a0be-02c43c5a85eb", "value": "ID-FACT.1679481398.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54c4db49-c87a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466325, "uuid": "9ae8fa09-5bd6-4de5-b573-45e4f1f090b1", "comment": "Malware payload (RedLineStealer)", "value": "68179323e39194ef40bd24b94a5a7c42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466325, "uuid": "69f6f5ff-f271-4f74-ab12-a05b415d7072", "comment": "Malware payload (RedLineStealer)", "value": "2237d36f0411546c3cebb2ec21a03097bba255ec49867c72a6c0fbd59bd61464", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466325, "uuid": "562700cd-0288-43b0-a50b-a788ea82d32c", "comment": "Malware payload (RedLineStealer)", "value": "4f3a501a85991231f4284c62fc57a84ad128f188", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466325, "uuid": "bce869fd-0f8f-485a-9a25-9c31e3f0d858", "comment": "Malware payload (RedLineStealer)", "value": "aeb31b64764e9b7a76f3ddae81966196727a84dc757fbd7cb37c543ffa7a64f1d06a24f729f36c80655b6e377af4d60d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466325, "uuid": "3d9c909c-b83b-4e3f-a833-0a7a0da66990", "value": "T177252302F6E45823D878377048FB07D30736BD619E79836B6742AE4D18B36A4A436B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466325, "uuid": "9470e113-55e9-4727-8e3c-d9ec0eaecf89", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466325, "uuid": "6470c5cd-b583-4df0-aa3f-670111d46fe1", "value": "24576:LyWV5yp6IcsB2HAgIzi5KEMr9t70r4V0vObPcU3p:+A66VsB2HRIzigEgQw0SPcU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466325, "uuid": "db7f7324-8e93-48f4-a3bb-19b9dec03b22", "value": 1015296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466325, "uuid": "0c8d1225-8c7b-44f9-be42-3b317b385a65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466325, "uuid": "34018480-aa2b-4a06-8af5-e15d1e17b312", "value": "68179323e39194ef40bd24b94a5a7c42.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c5f9e55-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512401, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512401, "uuid": "5cab50b9-4c8d-4c92-99e4-8692510bc659", "comment": "Malware payload", "value": "0fadab9aad2d3462e9b6da0fbbfebdb4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512401, "uuid": "c9176132-27c2-4a71-9641-72764192f9f3", "comment": "Malware payload", "value": "22eaf3a0b0347866dd89bb191bbd54a64e94a0d472244bf1f5eaf34ae87654e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512401, "uuid": "a3e2eb7a-d06a-4857-8641-328f55b575a7", "comment": "Malware payload", "value": "1684eea96b62f519d789135dd9a4c3d6420ee8b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512401, "uuid": "f34265a8-02bd-419d-91c4-480a5baccba7", "comment": "Malware payload", "value": "980f763577d28947846fda9cf0451b4fbd7bdf44752cc7de9adb1445e249a5ec470ff7214db186b5523612fc511f384f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512401, "uuid": "7bd6897f-ad7e-45d3-8b3d-2872ef240626", "value": "T17CE533AA3C18AE44F482FCBC942497621B1DC27ACC74DB5E3199A541BDF7D73618A3C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512401, "uuid": "857b8820-3c72-4336-8a61-1e861affdc8d", "value": "49152:FjeKUyNL/dgCNkoVsemmIQ/RCLxnnLFeMtpzdIbzDYdHmu6qqqWlKH7/8vNSf77:nUyJF2oYGCLxnJ7rzdIzYsuvqqW07LX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512401, "uuid": "c911a8b8-48db-4e72-894b-10d40b4c90b2", "value": 3178191, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512401, "uuid": "f3892254-e9ff-486f-a3e3-2164d3714965", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512401, "uuid": "b6679b25-03ce-4d80-b70e-ccb501816080", "value": "0fadab9aad2d3462e9b6da0fbbfebdb4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "598323c9-c84c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446576, "uuid": "5e6ec19e-4d87-4f49-b4a2-5b73b5434d62", "comment": "Malware payload (Smoke Loader)", "value": "dad11829d5dc7eaaffba76a0cec749c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446576, "uuid": "72657605-4154-44ed-b5d3-9cc856cfc8d5", "comment": "Malware payload (Smoke Loader)", "value": "23488255342c1cb2d2b0c3abf96df717e4e6403768c36f2c9c44fc9cb70fee1b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446576, "uuid": "ccdf8fdb-b232-4ea5-97a4-8bcc9d0894a7", "comment": "Malware payload (Smoke Loader)", "value": "57abf55a6811571e654054c01a0cc945fe095016", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446576, "uuid": "aab43f52-dd20-483f-b1fd-ab9c2452fcd5", "comment": "Malware payload (Smoke Loader)", "value": "b7bf60126bd278252d940aacdff98024035a9fc8ab85749bd148e83ef7e65d7a02baae483fba9f14796f3c90ed34977b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446576, "uuid": "6a7483dc-a798-4b66-9c91-7a4029880a7f", "value": "T11E64C71383A27D45EB168B73AF1FC6F8F64DB2709E497B6532199E2B14B02B3C163611", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446576, "uuid": "05d6d8b1-2929-41ed-9af4-a5a20d7b200b", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446576, "uuid": "f93aea35-de6c-4d38-a12e-92bd390426a1", "value": "6144:2rWKL+VhtCq4amGGGGG+pqKPcTZI94WvlQ:2rWKiXtCq4fOTZBWK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446576, "uuid": "4f4ca4d0-d2f3-474f-80ee-23b6bb5e0b2d", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446576, "uuid": "bada5563-3e5a-442a-8915-f6889c2cfbf3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446576, "uuid": "1e1a1365-c2e9-4de3-b458-875fa502cfeb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b83ca11-c8da-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679507541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507541, "uuid": "36ab3cdd-b3fd-4367-9aab-d3a6df6d75ea", "comment": "Malware payload (Vidar)", "value": "675cf5e68a94031fbb6872b9600573fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507541, "uuid": "0fec72b4-23b0-4dc6-9520-e6cfba547188", "comment": "Malware payload (Vidar)", "value": "249505e3a21c6f73f7e898c02375517a4cf7b40cf75bfcb7e581b6eecc562731", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507541, "uuid": "e185e2b1-6682-41f0-8a22-348435fa512e", "comment": "Malware payload (Vidar)", "value": "aa8de434e04f018bdb9329764629418ffa445c32", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507541, "uuid": "91f8835c-5fea-466b-b26b-5fc3572caab9", "comment": "Malware payload (Vidar)", "value": "34355d32a69d406b90fcd839cfe3abaf3ae00320e6dd8213f3637ec4802e44b4afb7e489e0b1b4d2a2d6de9a2e5fa935", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507541, "uuid": "9edcb807-8e1c-447f-ace5-9558da64cdc4", "value": "T15526222F622B5185C6C0C9349637FED1F2B2C759CE42E8B866D67FC518321E3E612A53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507541, "uuid": "5760c316-57e5-444b-a18d-ee2b456755d6", "value": "25e5923ab86f25fefe0852239d7a7983", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507541, "uuid": "f31899cd-7de8-432c-882a-9459494ea643", "value": "98304:N+QOGdd5Of4u8+Ws1+zIat5NW2bKfDQuddK+Dh9DigDq94k7LO:4QVdi8ts1+zU2bKfEudUaigD04k7LO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507541, "uuid": "2c4ccc41-2d7e-4de9-9564-03c4d410796b", "value": 4640440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507541, "uuid": "851a819d-c49b-4c20-89d9-d6d1960e8bca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507541, "uuid": "542d1b25-84c6-4024-a323-79c1df5db083", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db84d14b-c884-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679470846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470846, "uuid": "b136caef-0cc5-45be-8d47-24efbd04c38f", "comment": "Malware payload (Mekotio)", "value": "9e8daa51e0d614ad1fd3060af9a4be83", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470846, "uuid": "af34a69a-c3ee-4e01-8841-5012985e6782", "comment": "Malware payload (Mekotio)", "value": "24aea9ae0985db25b6f539d681ad9cb020c53ac9f50ebc1a7177618f14f4afea", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470846, "uuid": "57d3cb3b-f09a-489a-a570-01292d4cb2ab", "comment": "Malware payload (Mekotio)", "value": "09d95293430fede59a2ea05c4337193f7e26ec95", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470846, "uuid": "e11d05dc-bed7-42d7-b305-267827f519a6", "comment": "Malware payload (Mekotio)", "value": "3a41683027bc479abe73befc2c8e7e691088169a079948d8f2ab30f3eadbbfcbef80eb37d8b1901b97a51c7ee4f7bcd9", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470846, "uuid": "729bb0ab-f696-4697-be08-a264627054f8", "value": "T1553633C29ADDF37EC9353AE2BB87CB5D3571A67E2E06379257232E2B83250121874117", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470846, "uuid": "54821b52-e5d0-4123-acd4-5b5dead899cc", "value": "98304:ZTvfbOHdm+TrGMUmyZpryMfRM6d1Yo9gu+4waO99RoVd72fuoIoL4/arzGSqgwGu:ZTHbOHdm+23xM6Mo9jEaO9gd2GroLqg8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679470846, "uuid": "7fff68b9-1ea3-4d5d-91f4-1a9c083205e2", "value": 5216176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679470846, "uuid": "2fc35494-3eaa-4369-8623-9ce7e08b1ebc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470846, "uuid": "210317ec-94f7-46ec-bfae-11e952eba100", "value": "ID-FACT.1679470805.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12099a81-c8cd-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501861, "uuid": "dc4f1688-23d8-4a32-acf5-52897cb8ccc6", "comment": "Malware payload", "value": "14ec616e9d4790509116ef8d38702b24", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501861, "uuid": "d05a89f8-b6b6-42eb-bd82-08bb88f78318", "comment": "Malware payload", "value": "258666b42a8321ce521094e20bbb630bd27a8a2c96afdb2969aa5cf132fe8b26", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501861, "uuid": "4b8df4de-578d-4ec7-ad9d-42db7eab8bb7", "comment": "Malware payload", "value": "753fb67d5c988010094c58c5455f894954a6b23d", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501861, "uuid": "598a9625-c94b-4b8b-8b24-7ea91f2428d8", "comment": "Malware payload", "value": "463343dd034135b729d18688bbd0955b30223642a85cbc09a00ecd1a6b21696dcb7a2ae1c6ffb8ee70f58ea6530947d1", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501861, "uuid": "cf171a3e-5d65-4fec-9e99-94397e8a7b0b", "value": "T14FD22912F7AD03B94B951173262D0ADDEB39957E7360509138AC923433AEC1D87BA7F8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501861, "uuid": "5602df7e-5325-435f-b507-d36fafdc745d", "value": "768:vFx0XaIsnPRIa4fwJMCMfTxYWJxGKtUPtrfrVM6hBnhs:vf0Xvx3EMCMrxJxGK4f+6rn+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501861, "uuid": "ea6de926-80ca-4293-b5b8-68802e3db358", "value": 31021, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501861, "uuid": "db9939b3-7f92-41a4-8d4d-18ccd94908be", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501861, "uuid": "dc0adbf7-df79-4ea2-93eb-1aaa6aaccfd8", "value": "DHL84587.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af1e1a5e-c873-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679463470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463470, "uuid": "bbe0d200-53dd-42bc-95e7-8805969da213", "comment": "Malware payload (SnakeKeylogger)", "value": "561cb8f4159c9020f2606ef501a2b8a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463470, "uuid": "f337b13d-a3dc-40d1-acc8-9c8acfc02e70", "comment": "Malware payload (SnakeKeylogger)", "value": "259003dd09af10934997d24fb92c517aa1e1881b006a71f4646ae85f6a6c6ae5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463470, "uuid": "ab805e85-8a3d-45e9-8ec2-f34d7da8cf9c", "comment": "Malware payload (SnakeKeylogger)", "value": "b42fad473a9f232553550f1f9625008ab419260b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679463470, "uuid": "4e08e0c2-6ca5-4d2b-8dd9-c41eab56f285", "comment": "Malware payload (SnakeKeylogger)", "value": "6efcb6acccb76aff3812464150a2cd1d6fd8ccd8528766515585520594c0bb23d64d759c692ae35cb20d376be9e59071", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463470, "uuid": "265c727d-679b-4af2-b151-435f63697210", "value": "T14545F57CB580AE8DF4C68AF1877838B0A5615991FB37E14B2C323C9785DB6C64A34B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463470, "uuid": "9ae9295e-5003-47ed-befc-1d8aea858864", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463470, "uuid": "27042b15-412e-456c-a163-4e08433b4c5c", "value": "24576:7Iu8/kcrUF4bWfFJkCojwYlbTFQDl06MFkI6:7389WfFCCmDlmDlL8kI6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679463470, "uuid": "7291dcba-2dca-4f90-980d-0a69398f3ab0", "value": 1196544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679463470, "uuid": "9a7e75cb-037f-4a12-a2a9-a188f04af8e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679463470, "uuid": "77e88fef-ca30-4d36-ac5c-143e0814299b", "value": "SecuriteInfo.com.Variant.Strictor.113361.10266.24713", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c43938-c8e0-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679510078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510078, "uuid": "2f94d9ec-f0bd-4402-a225-b433d2b4d2f0", "comment": "Malware payload (CoinMiner)", "value": "fc6bc7036920dac780a1aa525c4019fa", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510078, "uuid": "905bf6ba-a42b-4843-b66b-f25b1869c9c1", "comment": "Malware payload (CoinMiner)", "value": "267d627adc11723b2d7dc15bc8713a2f4fd34593f8bed87777fc23e5a7db391a", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510078, "uuid": "8b7bc483-5220-4f01-b4d1-25a0d380d05f", "comment": "Malware payload (CoinMiner)", "value": "384ccaab3953839873e9e033bfdd005c3056ecfa", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510078, "uuid": "35cf3ee6-f7c0-441c-a7a4-0b972cb35eed", "comment": "Malware payload (CoinMiner)", "value": "e14ce31f2d274361c0f7eaf7c98ede6864936ccf1473eb4e71b66fdc3f45bc26f42b9810e47e5a14f437103e12fdc175", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510078, "uuid": "0e8c3b49-8304-41aa-9436-6a369ba12350", "value": "T1526533EA29A06E46EE3E4230552054B60526D3791CE9C963F87C10E93FF37D1B57C2EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510078, "uuid": "dc4c41be-375e-48d8-b7d0-8db3eefda2f4", "value": "4e7985092d46eb55f0c6d62c8dfe0bf5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510078, "uuid": "a1c9f789-d80c-4b62-9b07-cbad311f1b0a", "value": "24576:CPK2rFv42rkotEqqaOspa7ce99XL5Vl2Fgb5048cXfoe8UPJ:CPK2b9tWaEVBL5Wyb5LdfC4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679510078, "uuid": "f80812a0-ecf8-4d25-be95-efc16dbc5d4a", "value": 1527608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679510078, "uuid": "d9f20fe9-ae5f-4b55-a665-b756e2509a5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510078, "uuid": "7805180b-cd1d-4371-8bc5-7cc509ee821a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b042ffd-c853-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679449665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449665, "uuid": "0659f929-d30d-459b-bc29-72ada66f4029", "comment": "Malware payload (DCRat)", "value": "e6e435597e9a91f52548a33b364dba80", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449665, "uuid": "239bd308-b280-4d51-b0dd-d06404cebef5", "comment": "Malware payload (DCRat)", "value": "269b3fc526f5af413ede05940c05111eeac1202bba4c5192c1a98f9f2d840038", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449665, "uuid": "ffea32fc-7ea4-466d-89f8-4b9fa99a18b1", "comment": "Malware payload (DCRat)", "value": "1c330dcc94650ec6f595aaccf1e9cfa4195dcf53", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449665, "uuid": "43276039-4e83-48ff-9e02-e5cc20bfe930", "comment": "Malware payload (DCRat)", "value": "55e3e369c658e51ab162e41ef167f5d3367839b55c9953239b9dd2928376e9a493605e4953b10f5c7c46baa1a3130428", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449665, "uuid": "fe06cfef-a9b8-4588-9d96-ccd2a74e1db7", "value": "T131859D027E85CE12F0095633D3EF454847B4A95166A7E32B7EBA3B6E15123A37C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449665, "uuid": "36b25c61-8755-4194-b100-d25997cd918a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449665, "uuid": "07c7a6cd-295f-4d0f-a3cf-a9484ced513b", "value": "24576:JPp2ne4gESNDVVBfxUKcolRP6wx63uDYxrPiEBAhIo3njm482XralHLyKfmityU:JPonvSDVVj1cAcrPiEDo3jh82OlL7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449665, "uuid": "f13be6c4-171d-49ef-8d8a-2aa8e6431c63", "value": 1728000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449665, "uuid": "33f3d260-2ce9-44ff-8899-31ab2dec6141", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449665, "uuid": "721136e3-557e-4149-820e-1be44aafc8a8", "value": "steamwebhelper.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "831e1004-c888-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679472415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472415, "uuid": "43b9d117-8bdb-4e44-bf05-b85dbef2edef", "comment": "Malware payload (AsyncRAT)", "value": "f262b430db008a1b9bee64c7a3d82d97", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472415, "uuid": "229e69cf-beb4-4208-aa8b-353d9fba6e12", "comment": "Malware payload (AsyncRAT)", "value": "26c9f29fceaee8b13ba0fe4d7170f50c8046e43e11e461a43ce92b22d8e24bf5", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472415, "uuid": "9d967572-dc9c-40b4-84de-2e54647312cb", "comment": "Malware payload (AsyncRAT)", "value": "d46faca1eb97e278558de284457f5ec25735c8b3", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472415, "uuid": "e0390997-cba2-49e6-8735-bd41f3f901b5", "comment": "Malware payload (AsyncRAT)", "value": "6dce0f53e1a1b08b5188e7fceb2f1b5175cdd3cb832d8bdda2ff9bad8b88288b1ad73b8552ea56fd7de39a0beb710664", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472415, "uuid": "cdd7f289-272b-4fe9-9b8d-b5798810e842", "value": "T1DA412C275381DAD7C66FADB4C20B1AECB10D7AA2CB987C655DD4135A74820C4E0B763C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472415, "uuid": "d740373c-db4a-4b5d-b6f2-f5f701188d1d", "value": "48:9AdTWeKGw2TIVgL3AKewZICBmro7mIiB32holGT1pTdUjz9jstvoRs/:CcegcYMeRu8d6fp+2tgO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472415, "uuid": "40009bb6-a0d6-4141-bf6d-cf383868de0e", "value": 2231, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472415, "uuid": "7b724527-b865-4c5d-b425-ce2dcc967b40", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472415, "uuid": "58dcfc77-8041-4796-b33d-e840e5924bf7", "value": "07e25cb7d427ac047f53b3badceacf6fc5fb395612ded5d3566a09800499cd7d.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3c8b2b5-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679511152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511152, "uuid": "063f7a18-a140-48b8-9f9c-3003567e1485", "comment": "Malware payload (Quakbot)", "value": "35575ea96858ca7cc38ab1dbd5ec0ba0", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511152, "uuid": "b7f7cbc9-6d29-4aec-98d5-b247f7165a2b", "comment": "Malware payload (Quakbot)", "value": "26d6ebf5aed7c9578a1a6c963f67245240a6d4d54b4281c28c747b9b0e67fe5e", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511152, "uuid": "a815189a-eabc-4235-a2d8-cd14b18ee0b8", "comment": "Malware payload (Quakbot)", "value": "ab863b2262b2b2c431aaf7b077e1a4cf6da050c8", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511152, "uuid": "9c231707-2adb-4af8-ac18-332f8eec0454", "comment": "Malware payload (Quakbot)", "value": "ecbd2e94ad6e903f118bb27fd9f35bb5afb938c40f10df93e2466a4f87cdd8f8ff73ecf3b11f73427c2e2b5d5b0d9350", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511152, "uuid": "da013d3a-3bb6-48fe-94ff-47b012ad9d51", "value": "T11471CAA15F204214211FD12FB633F0CAA610974372AED9BE95BE3055EC10914AFEBBF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511152, "uuid": "d0f63f79-16e2-49eb-91af-0b59543089e5", "value": "48:EzxHaW+/ckVh+xdYmmbmT3KjycADZkFxDnxEwlZB6Iis0mZrc1iarfk5wiHC/H+C:Yx6WQcC+xd0bMKj2KVxflZBg9fKaL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511152, "uuid": "0a898943-070c-4d78-b676-87d5ff7c2328", "value": 3809, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511152, "uuid": "f3f383aa-3d2c-48ff-a289-b3a67a61673e", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511152, "uuid": "0884e96b-a550-416b-9317-7584637ebaa6", "value": "Velit.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb8df3b2-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679512480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512480, "uuid": "5fbd40a8-d60e-43ef-a3fc-20679a8cc492", "comment": "Malware payload (AgentTesla)", "value": "c63f58e5b38772386fc1df4d1049fa27", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512480, "uuid": "8bb016aa-0692-4d67-beed-3e4995d69c8e", "comment": "Malware payload (AgentTesla)", "value": "26e4169f450ad33d2ac91ed523a144039a75b295dd77493dd6b15bda5e7094f6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512480, "uuid": "54dec1b6-5c34-4ddc-81a3-4e9ed38ce65d", "comment": "Malware payload (AgentTesla)", "value": "b69428ad222892b21004d22418827e3ca1d83fcd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512480, "uuid": "314cba78-8e0e-42ab-a1ec-4d0443e28cf9", "comment": "Malware payload (AgentTesla)", "value": "4df9887b4807d2f916e148a0e6bea9ba9836f20cb01dad939674af69766e9d3fe6e1ce9547bc22782c5e837c0bf2b652", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512480, "uuid": "fd88cbc1-6812-4cb2-b62c-5ce87dcc7cfa", "value": "T16215022A7BA54F42D5BC87FD44B29140277ABF362736FB4C2EC630D94536358CA52A83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512480, "uuid": "05a4bbb6-983a-4d9a-9637-ebd4b6b1b886", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512480, "uuid": "ea78bdf6-7ce9-474b-a064-b48e91c9e003", "value": "12288:acZJU4zl06/TgTU49mjvjT5hK/Ry3naeprB8HcKNTbW9dQ2qG/tsEh5qMqY:1l06MF9Yvj/53n1vMNki6u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512480, "uuid": "ccceade7-4440-489c-a28e-c37934358181", "value": 928768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512480, "uuid": "0a56d1ea-62fc-41de-888e-6246a3ee5e35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512480, "uuid": "1afe8f93-4843-4467-ba05-cc4a29a90485", "value": "c63f58e5b38772386fc1df4d1049fa27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38a7ab74-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516529, "uuid": "7f8914d9-f0b0-448f-af57-1d54cc8b54ae", "comment": "Malware payload", "value": "d30c51062ee0c7f3859e63fa1323078e", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516529, "uuid": "0a896f3c-f6e8-4425-8dda-9ecf3a55be7d", "comment": "Malware payload", "value": "2713ce397af2da08728ce28c8cb537ab9887d91f6303edb7e624c7e88876c404", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516529, "uuid": "ffe1349a-e487-4a61-88bd-114c94c3a62b", "comment": "Malware payload", "value": "cbb665dfd4bd21de34527704e2e577e53e635ea3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516529, "uuid": "5890e305-4855-4b86-8f1b-d9e6ca8304b9", "comment": "Malware payload", "value": "846105f6794a049e0ce55614ce59367d0c4233176824fdd7a4e868ecfdfba08ded54c09500e3b5ab0ac39f00e2417083", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516529, "uuid": "62bc7fed-5f16-45c8-a1a7-ce157fcfb2b4", "value": "T11D035A55ABF44032F5F31B71A878886ADEBABC216476D45F87C00EAD1970942CE3DB27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516529, "uuid": "b33efc01-9bbf-4db5-b396-53e51767e525", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516529, "uuid": "ec7b60f0-7db0-45a2-b951-9da37a51997f", "value": "768:m8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1hl:p/6A0q5HDR4oWBx3xrBx41z8Qc3l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516529, "uuid": "4cce6c12-8e91-470f-878a-4a3f9db4fcfe", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516529, "uuid": "bfd56145-283d-4257-9029-1458dcca1a82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516529, "uuid": "855babf1-760a-4c4b-a03d-03421f65e7e3", "value": "2023-03-22_d30c51062ee0c7f3859e63fa1323078e_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ff39a9e-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466021, "uuid": "ce9dea52-74a2-4bae-875d-03471d25a3d9", "comment": "Malware payload (RedLineStealer)", "value": "8838c95b8f6cf5198ec8ce820ab5b936", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466021, "uuid": "d3c6c6d9-2447-4e0f-ab45-0ed489e862f5", "comment": "Malware payload (RedLineStealer)", "value": "27f3164eb0ea9037b70db1aaee013b72ce08f024a6f9053c7ee5603418ad8429", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466021, "uuid": "df519c7a-d399-4a6b-92a9-e5ff466396da", "comment": "Malware payload (RedLineStealer)", "value": "b854a757509620141b2621a55e99e0c85b241310", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466021, "uuid": "68e926bc-82e7-4ea9-9bd9-ba82542557db", "comment": "Malware payload (RedLineStealer)", "value": "51b98844d7c99648dad0754a82d752945ed013b856873645369cb3773d7938d2d354c7ec7a8cc469a2281910a936e37b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466021, "uuid": "bc0f938e-9c10-4f0c-907c-5174a67d5295", "value": "T1C5252327BAD00426EC7613B098F303C70A3ABEA59878D7577755A8670EB3AC06771763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466021, "uuid": "ad65f849-99b4-4998-bb7d-36fb25cb8c5c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466021, "uuid": "8607458a-d03d-46bd-a4eb-fb74999258b8", "value": "24576:7yKGOWXKoyqE4xJIlVF4uEH3kWpxLdmkSXFYD6Nje6Y++pI1:uEW1JqVPWfdmhX46NiL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466021, "uuid": "8fd21e85-4270-4c81-b4b2-e9d14b278309", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466021, "uuid": "cb6092cb-b080-4d8b-9010-23fb558c06af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466021, "uuid": "bc311933-605b-4010-85a5-99dcade80042", "value": "8838c95b8f6cf5198ec8ce820ab5b936.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd3b2eff-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679500887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500887, "uuid": "effae2ff-2074-4911-9592-9e98578887fa", "comment": "Malware payload", "value": "e67794445d4082a91b6918d8966bd0f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500887, "uuid": "640eaf47-1e28-4cb5-b302-fd7bf30b7ff2", "comment": "Malware payload", "value": "28136a29c01516f8b000651a838f1150878192f70332f9d7fa51133947f254d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500887, "uuid": "900605ba-f49c-48c6-907e-a23e22246c3f", "comment": "Malware payload", "value": "53863c348f0c864f68571583d721bfee41419b5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500887, "uuid": "72b7ca55-40de-438b-aa09-f846b3e87341", "comment": "Malware payload", "value": "2b2c46701d55c8db83fbddbce45a9d94e8bc6bd21eb42b9b807c70e6eca5fa594b9d46f0880093014e740b12f0130252", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500887, "uuid": "90d73268-c591-42df-bfe4-9e249edbf8cd", "value": "T1588633D85A4E46AEDF2292B3A872FE6059BB1FEC27D162728434F75E443B47F4121C42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500887, "uuid": "ea9fee9f-88dd-4d69-b792-f1730ccf3c2f", "value": "edc7ff2be90bee2a9c10e50db94e3c46", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500887, "uuid": "13a1c62c-132b-4b0d-8cf5-0d164a9d340b", "value": "196608:IZabqgIyoTBv8V8B4u86rgAoIIFY6O7s6FR/pi:6a7IyoToy4u82gjxZO7hH/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500887, "uuid": "2b4cda0c-3b1c-4624-bf0e-4952bddbfd4b", "value": 8075776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500887, "uuid": "888b3f88-6769-47bf-b639-40f816abd926", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500887, "uuid": "3c30ef3d-b6cb-41ac-a9f6-3e1b5871d663", "value": "e67794445d4082a91b6918d8966bd0f9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "401850f3-c8de-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679509240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509240, "uuid": "f0fb7593-e05b-4712-b2d9-1ce44b296df7", "comment": "Malware payload (Mirai)", "value": "7f76e60a75a92c6b01ac72a6242189fb", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509240, "uuid": "3d8ffac6-d36f-4ba4-a551-08582c799ee1", "comment": "Malware payload (Mirai)", "value": "287517b32dfb5c55841c4243bf42f58d29d6e759f1d910a5e8edfefbaf6eebfd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509240, "uuid": "0a30f7b4-be94-4f9d-9458-dc3533c3c022", "comment": "Malware payload (Mirai)", "value": "bab818327f50185f33578e60f822a69442d6c074", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509240, "uuid": "2e2cfad7-9c7e-4917-8f8a-f8fb2b5c8098", "comment": "Malware payload (Mirai)", "value": "e7778bc40b3de179209f8977eaf2f8af814a9f9a708a3b54d64fee793aab7e3d0b4ea6f8abcb93f24ded4324a3ae196e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509240, "uuid": "017664fd-7214-496c-8210-3256d8a3d73b", "value": "T1FE930845BC815B12D5D822BAFA6E018D336327BCE3EE71129D105F2577CAA1F0E77A42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509240, "uuid": "c0a8dd3a-8364-47f2-b387-86119d3cad94", "value": "1536:/JnX4h9coIAvbtqbDfgl1fv6MzlkDPk7gImPGYgqlLkfjA6VD2Oml3eciMQpVxn1:t4XZb4XukDPodmPGlqlLkfjAUVmQpVx1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679509240, "uuid": "7e8bd0ed-5884-47ba-a97a-ac2a98b9a4fd", "value": 90036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679509240, "uuid": "b666ba1c-02e8-4382-a59f-2210bef4c5be", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509240, "uuid": "a9d4680b-c5b2-4e3f-9d34-09a0dc9902b1", "value": "7f76e60a75a92c6b01ac72a6242189fb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1929de3a-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512181, "uuid": "4a8c491b-212d-42e2-8bf1-97643181c669", "comment": "Malware payload", "value": "56a5aa1229762680bbdabae3a030b52e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512181, "uuid": "13d24f54-c1d5-458f-9c86-c1fd43023a0f", "comment": "Malware payload", "value": "288a5c602d071bc4630b8bac57c2e9ea24f68919b552ccb6a2b2b543d6a895b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512181, "uuid": "e14e357e-5ebe-446d-8f7c-fe8a6a30e750", "comment": "Malware payload", "value": "bcd7c9b44ccddbd71ba8ad5fba336339f7d23c73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512181, "uuid": "1562efa3-7bd4-49f2-bfef-327ac1413218", "comment": "Malware payload", "value": "53ebfa62076f301dd5123ed3b756dd54a96263417535785d2c2a096b406e6cf5d7686f0a2fd02c50f17352509cf8f737", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512181, "uuid": "1294e200-7995-4017-bf38-32b6464b7417", "value": "T1152633FBB15150E7F12091632BF02D2D1ECA1E6E886C37E0E8BF5645B47B8AB3454B61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512181, "uuid": "39fed612-bf49-4e3b-9464-399728cf7ebb", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512181, "uuid": "c7c9554b-52ee-40e6-ab9b-1833b4e9f268", "value": "98304:l9kuhnIns57xs0l+POEtwsESaem9RA/ha5OSfaJfiROZau8vPY1Eg:YPsxePqsEL1g/g5XfEZaVqR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512181, "uuid": "a524bf89-9e4a-4676-a30c-d5d8b085479c", "value": 4510720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512181, "uuid": "39eee2e0-a8e7-4640-aa38-63fb7f6acdc1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512181, "uuid": "0c6e65e6-f1bc-48ee-b644-8d06dff0e113", "value": "56a5aa1229762680bbdabae3a030b52e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3ae7536-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679500441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500441, "uuid": "2a63f978-b440-4cae-9a24-52d6e4160977", "comment": "Malware payload (zgRAT)", "value": "27e482c64f1b9035e550ac07f1d30f2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500441, "uuid": "4284c0f0-0e0c-4527-847b-ff98e06792dc", "comment": "Malware payload (zgRAT)", "value": "28c32f08c1471496052f517ee43313f86c38f74bdf0194707735574157a2d55c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500441, "uuid": "abedbab2-0ac9-4bfa-bb35-1444024560e1", "comment": "Malware payload (zgRAT)", "value": "4d7390da7f5c4bf6127fbb3d793e8917a47c45bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500441, "uuid": "4de80e40-d6f8-4dc6-bf4b-dadcb646d6a2", "comment": "Malware payload (zgRAT)", "value": "836e3dbcae248757134c63514ffa53d6e1effdea6f6996b7aa875c3b87c170333d2833eb02aa870b411eb337fb5aa561", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500441, "uuid": "93a57eb1-6434-4828-88a9-efeeb4ddf0e9", "value": "T1BA3523017AABCA73C12D55BB91E6205193F2C35766A3F78B3EC441E91E43FD84A12AD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500441, "uuid": "8c7fe0f7-17ce-46a7-a578-0590cf40ffb8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500441, "uuid": "44c88202-02dc-4a7e-81c6-725ce8a9643b", "value": "12288:iOt4pogcgotnPXWZsPxIexTmad12j+iVb4ZdQT/ijLC7aX6zLTisxEZONerixVHk:mojjlgsxZG28K3cesxKkMcyPQTnK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500441, "uuid": "b082839b-1158-43ec-a669-6db6489737ef", "value": 1093632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500441, "uuid": "9062d5cb-776f-4922-86dd-98372f82165e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500441, "uuid": "2a16c30a-70ba-464f-b2c6-936c502772fc", "value": "DOC Maquinas-0215522-23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ed29031-c87c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679467227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467227, "uuid": "56d96114-241b-4174-94f6-415ec8b5d73c", "comment": "Malware payload (Amadey)", "value": "31b365d266b5092586f9042b2b9e6df2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467227, "uuid": "fb419d89-bc61-4db3-8c3f-ac88a7af369a", "comment": "Malware payload (Amadey)", "value": "292829dacf9bfa34914806dadce0bb5b94f1a32be95d20827c93c5657489ec42", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467227, "uuid": "de49f9e9-c47b-4b28-a01e-bf18cf6fb03e", "comment": "Malware payload (Amadey)", "value": "7f2d2c7314a520d6b9b3911328142633df25326f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467227, "uuid": "83e08dbe-6a51-440a-a0b5-72961aa1d514", "comment": "Malware payload (Amadey)", "value": "0f084ebd673d0bddc1dd25fade4bb8a66d799f9f92fb07a49955736a9058148d0b736ac06efcaa177d9d863f4fc2e314", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467227, "uuid": "8a92437f-4f7d-4f18-8c99-d914c7dcf973", "value": "T1F055E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467227, "uuid": "bd3df899-b331-4aea-84e4-a6a16de343c9", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467227, "uuid": "3000352e-63ea-4c9c-b41d-6cd94c2dfac4", "value": "24576:CnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:wC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467227, "uuid": "2c141150-f303-448e-9ce1-5f3038d5f07e", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467227, "uuid": "f5c89568-7955-4645-974c-e7a121b7ee41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467227, "uuid": "6d1ae62e-fbeb-4cd0-be2f-4ecd0e5f7160", "value": "31b365d266b5092586f9042b2b9e6df2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c57b855-c8b0-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679489477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489477, "uuid": "4cfd57ea-8eba-4062-b3a8-b28ac63a96b4", "comment": "Malware payload", "value": "935952cbae77b2f73061e233dac7ed3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489477, "uuid": "4d2e9c58-2260-475c-b560-73af702ca0e4", "comment": "Malware payload", "value": "297d1654d2cad4a2c2fbd278f73a535ff2bb6e382966aea77266974c1122444c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489477, "uuid": "0c0e3ed5-8fa0-423b-90d7-36aec50af028", "comment": "Malware payload", "value": "f8c73faf975c8b8c69e7d8c0a94dededf41cfb55", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489477, "uuid": "9acdfbb7-2008-458d-8127-760c24e5e65e", "comment": "Malware payload", "value": "9e9528c9a8e9eb407b29b46e7d2d0d6c585cd208a24448979d00f1eb125ff5f77639c21f31b28c3011466f82a7145d68", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489477, "uuid": "2a6ec32b-37a4-4562-887f-263f6559fa0a", "value": "T15D66122B7268732FC6DE0A7585F242DC76B76E6624069DFE03E015CCCB2582C1D2B6D9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489477, "uuid": "6067c82b-752f-4431-9195-63d21f57fc86", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489477, "uuid": "fef42c14-7048-46b5-ac96-eafcea6904df", "value": "98304:ykL8LkSZEOXPzQn51s6WHq2YjXKpw5CliqTFnVQcfwGbklCOuieChUDVTyqL:d8YSZEgU5i9tkCliqTdDf/bksOze8Zk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679489477, "uuid": "16ce6b6b-87ce-484d-92ef-6310c516f1d6", "value": 6829739, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679489477, "uuid": "f631ab09-e5c7-4058-8417-12d2c179aa39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489477, "uuid": "c4d32e1d-1054-4bc8-b09a-52d1090c26f2", "value": "SecuriteInfo.com.Win32.Trojan-gen.20306.31853", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a770c26-c8b0-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679489473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489473, "uuid": "6c321e2d-89ce-49b1-9ae2-e29e082312bc", "comment": "Malware payload", "value": "8369d43ad0d09d1a368a9cc901626c08", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489473, "uuid": "d6f9ef4f-8428-44b8-9608-687428f254fe", "comment": "Malware payload", "value": "298a3e2be9a3af2f8db97eec5c265895e21f0825f96f624c5b2229d6db81209c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489473, "uuid": "cf57ad71-411c-4467-93f6-520284164826", "comment": "Malware payload", "value": "30e2ca5e33c0728da9eb22c29fb56f3a4a5150e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489473, "uuid": "a3829c12-6e04-43cf-a06d-bc289b5058a6", "comment": "Malware payload", "value": "18ac730b720612fa630fe94a1e8cb417f9a0ae9b2b7fbd7d69ecbf0d5728c6dfdd7a37d88468626746a3921cf9338e71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489473, "uuid": "8191dcf2-677b-4a93-aa16-56d34c8d4e0f", "value": "T1FB436C1236E2C039D4A7123459BCC7524BBFBDA28E74D0473BD41B4D4EB22D5AA293A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489473, "uuid": "347202fa-4ddb-4cf9-b738-390d947439d9", "value": "7b60423d8762133ef9c65e4b4a86b424", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489473, "uuid": "2d24c132-51a9-4e0e-bc4e-d52beac83ed4", "value": "768:KqoLhCal2TeEzJ0O0fpqHxGMHbYipYEQdlSoxfhVEHWyUNKvW6y3Bfaa:KgeEzJD0p3xUHVby0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679489473, "uuid": "82cd22ae-3db6-44b1-afb5-98a5e35e32be", "value": 55296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679489473, "uuid": "022cbcaf-1301-47d3-9dc9-4f2199a1d91d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489473, "uuid": "b1035163-24e1-4fb0-93ac-355bcceea126", "value": "SecuriteInfo.com.Variant.Jaik.124214.32479.6597", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9c4f1a7-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469044, "uuid": "1f247749-a6a2-4ed2-8313-a654d349f907", "comment": "Malware payload (RedLineStealer)", "value": "9af400b070b6bbc9266a3134db40a09d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469044, "uuid": "5486dd5f-3902-4d05-8307-cb38e0a9d212", "comment": "Malware payload (RedLineStealer)", "value": "29becab6a023fa24782253f2179fa73d2893992bbb516f5f54c65cc439920e5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469044, "uuid": "ca629e45-01d5-489f-bf44-fd9e06dc66aa", "comment": "Malware payload (RedLineStealer)", "value": "b3ee06df7da2b747f2e7405370bf09a57a1e35fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469044, "uuid": "87ea681c-d50c-40fd-b03b-1ec0cfbf6701", "comment": "Malware payload (RedLineStealer)", "value": "a97930a302799d324cf691de92aef40c1ca5a9e433e79430994945aa2b31d09791ba1ac755ccc10fd2c6cb5aee8f19b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469044, "uuid": "dff45179-ab62-49b6-864c-6f4cedd9811c", "value": "T1ED15235693D84032DC3A6BB05DF603871B32BCB1ADB9816B77509C0E0C722D5A5727AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469044, "uuid": "6ba44dae-8410-40aa-b7a5-0d0f185abc89", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469044, "uuid": "625db217-e9d1-4330-9235-b0a387047cb8", "value": "12288:lMrAy90MM+pcLaLmbYGMxIjzUz6lul90LRdd6XVNK3Q+3XcWjlo/6xBZktpE9i:1yN5zqYTIjzjQl2RiF+7lbxfIL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469044, "uuid": "9a142e04-d786-497e-aec4-ba23ab887499", "value": 929792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469044, "uuid": "e6a124ba-0975-47ba-992b-09a0aa919405", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469044, "uuid": "ff1fae65-9a6a-4346-bf26-0c11c417fc0a", "value": "9af400b070b6bbc9266a3134db40a09d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7550d7b4-c8ed-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679515771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515771, "uuid": "ccb15df9-405c-4d50-8183-497259a2192e", "comment": "Malware payload", "value": "28f279fef95d383d87dfadc96fa35b70", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515771, "uuid": "6da1a3be-3022-42d6-b9f0-a4f7e5df15cf", "comment": "Malware payload", "value": "2a689712dc01a555fd756f77e8c63b5c0ed4b1d7632a1fc97b7810a121fdcfc5", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515771, "uuid": "fb033a35-d30e-4fb0-b81b-a2b368dc9867", "comment": "Malware payload", "value": "4b0e57c03358edd3e1c1b56538871e25202d2022", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515771, "uuid": "3e622c8d-ba26-44eb-a46e-90695bea3071", "comment": "Malware payload", "value": "62378bda3349fb870d9cafa699d15f5902835e37773939b2838d1c3e643636ab039561c3d9468f2b21ddf0cbf03fe7ce", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515771, "uuid": "92baf205-6720-4854-a26d-066d08da635a", "value": "T148F4122076E2C477C5670A384511CBB62D7B7C316B255ADB7B44932FAE312C0EEB634A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515771, "uuid": "32a7e28e-78bb-468f-bb96-2b05037caa45", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515771, "uuid": "f6d15066-3c83-4a46-a1ca-fcbf0feca320", "value": "12288:5UhWoWtzS8nqZNsz1P0pe1YT29U0ZiUnTQn5PmNoMlB6N3v7bx:cedS8nqTXpetU0BTQn5A8N3Px", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679515771, "uuid": "f5ce3fa8-efb8-4f21-b06f-9d3ec3c4a151", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679515771, "uuid": "8a5786d6-c308-44bb-8537-b0b143fcd722", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515771, "uuid": "730a59f8-844f-4e1b-8f75-fac2d0f2a4f3", "value": "1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e7b1d9c-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679511948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511948, "uuid": "be69a667-7207-46da-829c-07139f034fa4", "comment": "Malware payload (RedLineStealer)", "value": "64035bd0245c004dee2597fc89b5f610", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511948, "uuid": "bfe3f0c5-87c4-4630-89fc-915c60378116", "comment": "Malware payload (RedLineStealer)", "value": "2a71946ec6379a803b32f7efb541a51ddfd0d77d74ca8c0791d25052bc6fcbb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511948, "uuid": "a93f1f2b-6d3c-4495-80b6-ae93cfecfa8d", "comment": "Malware payload (RedLineStealer)", "value": "c1c75f89d478b07ab26b37b43a4a2d5974dd653d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511948, "uuid": "9e392784-cca0-4ace-a5e1-d29bd326ba49", "comment": "Malware payload (RedLineStealer)", "value": "5ff608809e95e0d9da5e61546e7570cb1190a3c563d358a35712d878e3b29a4e7386c232ce4ce26dff33a97c6f851302", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511948, "uuid": "bffb3a46-7550-4d1d-a340-cf5545a94e3e", "value": "T13FC41266F7D8A033D8B11FB008F717871734BCA08E74D36A2B59996E1D73580A97272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511948, "uuid": "8861d110-42dd-45c7-90f2-9002098dc73b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511948, "uuid": "e7821181-3a76-44cf-8e2d-d97028a08c54", "value": "12288:nMrwy90g7VtmSSWEL1apxMl+K+AwY81M91WPFmN7mWYngOI:7yfVtmSfE4xMxdn81Q1WPFM7LYnXI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511948, "uuid": "632ad3da-6aea-471e-b792-c70356a0bf61", "value": 550912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511948, "uuid": "730ecc63-8e28-4269-b957-c14193368268", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511948, "uuid": "0666f86a-b838-4c1d-af73-e34ef210dec4", "value": "64035bd0245c004dee2597fc89b5f610.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6e51f4b-c907-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679527075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527075, "uuid": "2a30d98a-16a3-4f12-9366-bc6304a9e40b", "comment": "Malware payload", "value": "7704955bcbd1e4b049d6009ad941ea97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527075, "uuid": "33d9d6ab-4ba2-4988-a23a-caab3b0e0b94", "comment": "Malware payload", "value": "2b148c128498a1db1eeb51c6410a9f90e2f4ecfaa96c4bcb60a6f8e96b0e5633", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527075, "uuid": "5c46d3be-6b24-46af-ad07-7be14750a973", "comment": "Malware payload", "value": "a850f581fa3929f3433630db85aae80ab2ca1e54", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527075, "uuid": "4c2465bc-3509-47b3-8a6a-723a89204f39", "comment": "Malware payload", "value": "aaf5911ed40b251311d0ad1cc4a7548ed3be0754276a4fd60d9b8926144fb090491fa9cd36d4d785a38f8ce519dc5e58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527075, "uuid": "2c59af97-1f45-4331-9b36-06449de4b47a", "value": "T17B252263BAD81437D9F0173068F687A70E37BE7198B9D7AE36402D8E0C72690E53475A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527075, "uuid": "65da4ab7-c650-413d-bcaa-b4ed773118da", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527075, "uuid": "998cdad2-3947-4865-bd2b-2a3d85b10882", "value": "24576:VyIu4EECnW88cW5NUB72dbhBnRhQ0jqNKqwq7:wI9Yz6VBn5Ewq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679527075, "uuid": "cb4094a1-6fcb-47b9-b569-74be8ccd8776", "value": 1057280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679527075, "uuid": "42ecb224-6f4f-4749-aaa2-f75f16850827", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527075, "uuid": "e2798b07-45ba-4a38-b70b-2050542a57cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19595e89-c8cd-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679501873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501873, "uuid": "ab42e1c6-e3e0-41ef-bcd1-35c6599664bf", "comment": "Malware payload (SnakeKeylogger)", "value": "e9f9342c997cb1690df288749fba6f02", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501873, "uuid": "5c0c3206-ef67-4468-9f23-fad61e8a0bb7", "comment": "Malware payload (SnakeKeylogger)", "value": "2bbe4882f38ace702ae46c8288f2036a44a98673e00797f85f4e223569ed3796", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501873, "uuid": "0910243d-3891-4e19-825a-fb1f74495423", "comment": "Malware payload (SnakeKeylogger)", "value": "e6fe4a5f3b24754e21070e6977d9191991136033", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501873, "uuid": "9071d55d-0fc2-4ae2-8815-4e0f0ddcb80d", "comment": "Malware payload (SnakeKeylogger)", "value": "43f388706e85a62860d45d97ce0585405429451ab2dc2f97f062a6e3e23d989aabaed10933da0f1e97ab47a73acfe704", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501873, "uuid": "c78937ed-85f5-4e91-8a53-878f59e4f93f", "value": "T103450213E9C49D46D44347B96BF379C8132EBC626BD2A2872744B70F6F786E0864721E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501873, "uuid": "66e15a8a-90c3-4e34-82e5-3e2c4acd3a05", "value": "24576:oLKJWQmmav30x/+MXUu9/Bd+MXUu973bVB+MXUu9R3bVMeg/DYgi/axIw:oLKYQmmQ301+MXV9T+MXV973bVB+MXV7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501873, "uuid": "3d15c789-1a9b-42b6-a020-72da2d42eeae", "value": 1164288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501873, "uuid": "8d9e1275-31ca-43bd-8453-162cb55269cc", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501873, "uuid": "81e86d5f-97a5-43ff-911b-d692fc5529eb", "value": "OBL_NIRMALP1_GBPOUNDLAN_JHT0575275.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64db9256-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679511878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511878, "uuid": "d7832d05-7f8f-4f5a-a64d-4c16fe61294a", "comment": "Malware payload (Loki)", "value": "01a0759e370923ca6c9e4777f1988c8b", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511878, "uuid": "87a797c2-ee70-4a2a-8d5d-36f419433598", "comment": "Malware payload (Loki)", "value": "2caacd94e02ea3156a3eb70a333a85c294024f7d6d0c152966b1ad0bbe263b28", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511878, "uuid": "8ac5e507-4f66-4563-8ae8-0bafd7ae3d0c", "comment": "Malware payload (Loki)", "value": "6e90f1abed79cb11937bfa882a12e78c31a4e5fa", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511878, "uuid": "ce86bf47-246f-4e06-abcc-db9b84ee964d", "comment": "Malware payload (Loki)", "value": "dbaa7cd56738d82fb99072cd1874b62a56f0172797531b612bfc5581ec4337c764a02214ba23163a75556cc5bcd2eac5", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511878, "uuid": "92607204-a7f6-4f63-9ab7-3d2be5c39991", "value": "T137429F5669C3A1CA5CF2A2A2974AC335E4131DBEC430DC7D281AF5647CC5708AB6B1BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511878, "uuid": "5c6b436e-6677-4b5c-944b-6fb20e7336fb", "value": "192:1Q7BBX1hp2Bk53By044EjtZDozvC0fnt2fzAkzrsAR/y9rxSP5Rm3vvduDYCuowc:K2fv/5CsPIiPrSGUxVAopS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511878, "uuid": "dde34255-a50f-4d6c-b907-57dad098b963", "value": 12149, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511878, "uuid": "c47506e2-cca8-45c7-bdf7-ca8e63e0df1b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511878, "uuid": "f8306b48-bfb3-4e2f-bd1e-15a3a0be1f69", "value": "PO.pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09624708-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679507859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507859, "uuid": "90c2df01-9b86-4416-b224-3762abf42946", "comment": "Malware payload (RedLineStealer)", "value": "14d854b1cc8b6e3d4a6454ac0a76f590", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507859, "uuid": "b3056aeb-0984-4943-96bc-fc514606cce8", "comment": "Malware payload (RedLineStealer)", "value": "2cd35298eaed2a4d778fdcd72458e6cd6be0f65ef57cbc852f3be318e6613a27", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507859, "uuid": "e23998f0-cf35-41f4-b215-f0b46a07c027", "comment": "Malware payload (RedLineStealer)", "value": "76cfb3c1200cce1d1c7fdd08b3efb1f139020429", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507859, "uuid": "1478413b-ba14-49c2-a6f1-e170bc8ced81", "comment": "Malware payload (RedLineStealer)", "value": "ec02c662c8627d556396e5dca7a8b7c0b3d990df4e3e53fadb97cca4605985b94db468926f45a596443695db769c077c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507859, "uuid": "00ba83f9-7aab-4a3b-9295-af49ef3ee91d", "value": "T108A4AF0253E36C20EF2247328F2EC6F8161EBC619E5B7B5E165DEA2F0D741B2D562706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507859, "uuid": "5fba1b25-a691-4cce-a578-b58b7b11fb8c", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507859, "uuid": "a7d8c454-003c-4d39-a306-e8bdab102aad", "value": "6144:xuOClZTu9NA2B9Wn8pPVgj7eh1U5akum/3KnU23LQjVAU:TClZAUn8VOjKhmgkumvrsQq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507859, "uuid": "250f4949-6d8f-4582-ba06-f2f541875460", "value": 476672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507859, "uuid": "2be1330a-9e6b-4411-8b6c-d6f56bd67358", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507859, "uuid": "f3c31391-020d-4219-beea-761dc4f0a4f3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e93588de-c8be-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679495780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495780, "uuid": "1ef4af83-fa7d-4b33-8b1f-002cf2801b29", "comment": "Malware payload (Formbook)", "value": "0443c3768dca6ea9419f767010c6d81e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495780, "uuid": "df44608f-e99f-462d-ab1a-118d6a2b3426", "comment": "Malware payload (Formbook)", "value": "2db66ebbd69fe69cc70dea0f98926942f4585dd37cdd13eb4d9232697fffecc6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495780, "uuid": "0ca54d7a-5b76-4bab-b454-df41b364f8dd", "comment": "Malware payload (Formbook)", "value": "74ccd8aa523196622935ab9ebc16bf2fdffee925", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495780, "uuid": "23f39cef-ae04-48c1-af5f-a237a2555da9", "comment": "Malware payload (Formbook)", "value": "89c7dd3044e833a26d0c654859c32a53eb79b12a9df660d249c210ceed4b9242037ce813d5c058cc33ecc267ce9425f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495780, "uuid": "3571cc63-50a4-4315-a991-b8423882d12a", "value": "T196641238359A5C5EC9643278884EFF5C12F06863E627E71BEA4E17CA668D3F0560137E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495780, "uuid": "aed8c4d6-f66d-4cb1-a908-156262710e0d", "value": "6144:NLbzaxqIKiP92WnTHuGI2esp2mtMviKdrmJR5tkhjMOBQmUElN:dbza19c0LHNzp2mtEiUrmMXQmb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495780, "uuid": "3aa4d7fb-54ef-437e-8900-2428072bf017", "value": 317440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495780, "uuid": "58c81e31-0e15-42dd-bf92-37b05eaccaf9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495780, "uuid": "b1500c9e-1fd7-43c6-b4f6-7fc5f6c44a93", "value": "04.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a29cf1de-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679469032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469032, "uuid": "5453522c-3fb3-4c7c-9877-a191fee41fe2", "comment": "Malware payload (Amadey)", "value": "15f6fc4605fb1912853a056d2a2a6b00", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469032, "uuid": "82f5a268-8727-4931-9b04-5edb03de4885", "comment": "Malware payload (Amadey)", "value": "2de396c1cb4a69db61d98c91dfc1b301c1bcf939990f1d12bce7f62db9b2236b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469032, "uuid": "b33870c9-d4ce-47fb-8bb6-195667f47a6c", "comment": "Malware payload (Amadey)", "value": "553aa9143d50696ec9668b33abf2049c06bb7881", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469032, "uuid": "7d5c293d-b88d-47f8-ab32-5aa8a827ed51", "comment": "Malware payload (Amadey)", "value": "a61cfb86f4f18853725585b6c8ac39733b4c7d0132dc4eeca6bf869425eb482478a8a850c186b686f359f7e814e59c74", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469032, "uuid": "60901ec2-d56f-4f31-babd-17e0a3e0055a", "value": "T1EC252353F9E91025E8B907B04CF607D7093AFEA2AAB4C3176315698F1E322F49625737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469032, "uuid": "265c49f9-1d11-4f5b-8a8e-5c3fff7d466a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469032, "uuid": "b5d95158-4108-4306-8f2d-8b030345c5f2", "value": "24576:gyCM6Myk1QIsDRFY3WAiaEwujwqcKhdbp0FWU6bVTEUqa:nrblKnT8uftun6bZ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469032, "uuid": "34aef7bf-6e65-4466-8abf-f4986f2fa864", "value": 1037824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469032, "uuid": "d8888e9c-2d80-4975-81b8-c0f406553d22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469032, "uuid": "d2dca8b5-63bd-429c-bd89-5b4a3b83b744", "value": "15f6fc4605fb1912853a056d2a2a6b00.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1150d04-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679508168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508168, "uuid": "d04ec3fd-f08f-4eaa-b93c-16d8f7d38b0c", "comment": "Malware payload (Smoke Loader)", "value": "41c29bf1cb75cce91a9ca56f8c821212", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508168, "uuid": "8d351bad-fc3a-4704-b296-293406f1577b", "comment": "Malware payload (Smoke Loader)", "value": "2e5e08697e7c2c8777eb1872adc9ec7f36a04c9b41593d2d820c870dcd51d64a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508168, "uuid": "0a80d49d-3d16-421e-b2b5-0ca1e679c2e3", "comment": "Malware payload (Smoke Loader)", "value": "1304d0bc0d9b1a14fca18f7456afc6d6adefa1d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508168, "uuid": "de641159-58ca-4171-bf34-3526fc2cb63d", "comment": "Malware payload (Smoke Loader)", "value": "f04b69cc2639925ea07deb520d0e8f5857c019ef241682e22e54aea755aabf8f3fb4ced125abec1abdc170e00c2bf4a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508168, "uuid": "b63a111c-5ac2-4bcd-9e55-a7eea0b4b92d", "value": "T178746D0253E37C20EF6347728E2EC6F82A2EBC619D5B7B5E134DAA2F0D740A1D562705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508168, "uuid": "a1c2cc05-a60f-4a17-bc1a-6ab60c338aad", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508168, "uuid": "1a2d26de-9eed-4c1c-98a2-a92a28d241b4", "value": "3072:BudcDGU2PvReRU+ifj3Yf73su2uTeaP/a+P+ORyg+uCmoKrJ8NbX/SlWV:BuPhAf78xuxPi+PRyg+uCtt1X/Sl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508168, "uuid": "2f943908-19cf-4463-aa19-965aab78dadd", "value": 367104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508168, "uuid": "4c36d744-20a1-4445-ad7d-e1e923ef1918", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508168, "uuid": "3628a975-78d5-47f9-a9fd-06ff45e50cec", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "664b5060-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679511022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511022, "uuid": "cd7d3081-8097-4dcf-8154-5de3038e9bd9", "comment": "Malware payload (Quakbot)", "value": "159476d1dac19ddd0a5e9a555f8e612f", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511022, "uuid": "a4caf1a6-9850-402b-80c0-35f05c4646c3", "comment": "Malware payload (Quakbot)", "value": "2e784c30f066aa88803a98229e01721a956069c14c2adb8cfdc06c5150c6aeb4", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511022, "uuid": "68f9b09b-4e49-4c6b-ae91-9ecf96736dba", "comment": "Malware payload (Quakbot)", "value": "c86634fab1d1e58c64ef3217ba06dfb0fcb7e734", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511022, "uuid": "f63610ef-eb93-41bf-9d7c-d452f79437f7", "comment": "Malware payload (Quakbot)", "value": "904eef9c5537f0a3b2d5c1116d64390ee1863a5afce81bc93deb376c35923e07381a884f7edf5cb34d5ec037bd5bcb5f", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511022, "uuid": "8ca1c613-3493-4d16-b660-6acbd3bb4dd5", "value": "T1474351A04F521629178BF8266A389460DF790E17C784654BF54F3660FFCE16CE8E07B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511022, "uuid": "9bff5fc0-c00c-4175-a204-34828b57bbed", "value": "768:o/oqvUtoiMUvmRkTWtPm6ClpasInQx5OumR7FlNBTpvIvw3boYFEB:flm5HCRIC3mRywrZW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511022, "uuid": "a50a905a-da81-439b-9be0-9b4c43079c25", "value": 57741, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511022, "uuid": "54668645-41ae-48fe-8544-6aa147fd520b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511022, "uuid": "39eae299-5548-4d07-9c9a-c93615a52f1b", "value": "Qz.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8653043-c8f6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679519749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679519749, "uuid": "690abbd9-6b48-44f3-a589-0eb0b8b5180b", "comment": "Malware payload (Amadey)", "value": "1af89ebf146cff18ea83f5331b61a6c0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679519749, "uuid": "693f83a8-977a-45a5-886f-3044ea3f20fb", "comment": "Malware payload (Amadey)", "value": "2f2348283dd346326645ae7f303c7d3b59681d0984fda5e7b9fd7e1bbc3a082e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679519749, "uuid": "4a37a97d-196a-4344-8ab5-97740aa7289f", "comment": "Malware payload (Amadey)", "value": "3992dd0ea3c33def0a8c81fe40b3622468a676f4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679519749, "uuid": "257f43e2-3d69-46e2-bc94-ffdb0da5a252", "comment": "Malware payload (Amadey)", "value": "f091f766c4f9916f0a7641852d15a9bc61eaed199a401aee7a9f0e4f113385fb471c6ec641c49784f4ade47536bb58c6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679519749, "uuid": "20c9247e-38e4-46ea-a888-e957afdaa2b9", "value": "T1D945F113A3E17D58E9228B729E1EC6E8371DF561CF59B76532188B1B04F22B2D163F90", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679519749, "uuid": "659981cf-bebd-4836-b5d4-b2273ea466c2", "value": "5f14ee1fa154edd63a375263ed45a9e0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679519749, "uuid": "7809bdb1-8707-41c4-8ae2-2c03c60e427f", "value": "24576:agcL02I4/sr0X8KvEjUS3/XxExcPXxp2eCEpH:agcL02Ix2SPX2+PX8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679519749, "uuid": "c712130a-dcef-434b-841c-2465d34d316c", "value": 1257472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679519749, "uuid": "d1af9276-204c-441d-a372-838ba942d93e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679519749, "uuid": "6a8d3592-ba58-4307-ae7d-cba24d645821", "value": "1af89ebf146cff18ea83f5331b61a6c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b17b821-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447062, "uuid": "36ff35d3-c356-494d-b16d-b3694ab13ab7", "comment": "Malware payload (LaplasClipper)", "value": "181cf5e5f39bbe387b3b985b826b16f1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447062, "uuid": "cd5c2b98-06d2-4269-bf0d-1f3822936c18", "comment": "Malware payload (LaplasClipper)", "value": "2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447062, "uuid": "77901fc9-df29-4367-8d9b-7f502d6ae748", "comment": "Malware payload (LaplasClipper)", "value": "4de92a14f49359ed21c3ee0be536f3126eda37db", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447062, "uuid": "9cd4febd-635a-451a-b195-4a25effaf014", "comment": "Malware payload (LaplasClipper)", "value": "1920de24aaeab9814c810ac4f543226dad7463d49ad006563af509741cbfba3d7158fb7c119700a35d7dd0ed6e043619", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447062, "uuid": "d68d9684-e0c3-405e-952f-006a4cdc7d31", "value": "T11495015382D27C44EB568B73EF1FCAF8761DB2708E493B6A72199E2B14B0273C163651", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447062, "uuid": "beb6a528-aef8-4540-bc0c-d738db118048", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447062, "uuid": "caf74b13-2813-4835-a722-c1532ca5bfbb", "value": "49152:TkLM27jaMzaTnmg4Gd+cauh5ZvumK3GVtoxRTGs:TGM2GMuCg4h05ZvpILRL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447062, "uuid": "acaed106-9aa5-4499-a947-a1f4839a3fdb", "value": 1993216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447062, "uuid": "dc598b28-a0f2-44fa-a19c-e466db294c14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447062, "uuid": "f091e615-a54c-4467-861b-b3669f7b8893", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e30084a-c8c6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679499009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499009, "uuid": "01c747c7-ae2a-4097-aad0-399627832e59", "comment": "Malware payload (Quakbot)", "value": "f151d81ec86bde4180e84a486411e2bf", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499009, "uuid": "da24fe2a-3dd2-46cb-a603-e3729a7ceb7c", "comment": "Malware payload (Quakbot)", "value": "2f7f3b2e6e332584d71f9efdbd330db39c4fa62dad80b91bd3945842abad00af", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499009, "uuid": "eaffea57-dfb8-48c5-933d-743dcbbbf701", "comment": "Malware payload (Quakbot)", "value": "1586b1c549e9602a5169e7f15ce8da09b822a602", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499009, "uuid": "9f0da745-cb73-4d53-9fe3-d648a7f55fd7", "comment": "Malware payload (Quakbot)", "value": "292abf31fb706e835c13322727a5332a8190a81fb5e6d4219d2a041db74522b3248279a98127cc0ca13c71f72d5b7f26", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499009, "uuid": "c6eb2089-6197-49b7-b126-1d5693c08f18", "value": "T1A88101370D3DA2CF11209DEFB42967C89515E5C9F0915407929BE6FFBD2B920ACE2864", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499009, "uuid": "deca5166-069e-4031-915f-8f0f45d0cbb4", "value": "96:0x8I0Fv+midMBCCKFVgluVwRd0b0ChuXaHwY/VGEMom8z:0xD0FvPbRKFkAz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499009, "uuid": "e934dd8c-c7b0-424f-8986-bd20e96d78b1", "value": 4157, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499009, "uuid": "f82a8645-8ab5-437f-89f0-5dd51426db8a", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499009, "uuid": "2e38e258-da1a-4ad6-93fb-f9cfa928f690", "value": "In.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a67ffea2-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466032, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466032, "uuid": "c0720dc1-1af2-44a6-8823-d5e0ddf654fc", "comment": "Malware payload (RedLineStealer)", "value": "78859371c9a0658b63c4d56c9b95d2c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466032, "uuid": "19f024ec-225c-4e6f-8d9d-cc620a0cb2e9", "comment": "Malware payload (RedLineStealer)", "value": "2f9b691febe761247bb517b3fd41af3784f685f56f44d36cd0d159b301b806a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466032, "uuid": "50f7e0bc-9c30-49b2-9532-33f7c69c30fe", "comment": "Malware payload (RedLineStealer)", "value": "2c88a595fcd8728024a3df154a1131780949cd02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466032, "uuid": "03ead26a-3aae-4483-a262-6a8d75266fa3", "comment": "Malware payload (RedLineStealer)", "value": "95cfb2f8e382b921db0e9a8959ebaa2a07256f621aa0107ad5fb118167cabb7e361d77b201148ba2fcfda3d2bc1bd338", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466032, "uuid": "bf86c0ff-bf17-4c45-ac4e-735c68cc7b5b", "value": "T16C152356AAE48472D8772BB118F70B834F71BCA1CDB8431B339A985A0DB3341967476E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466032, "uuid": "299e21df-92d8-4c7e-bc8c-83727c05f607", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466032, "uuid": "3caf252d-f12b-4b1f-a613-6f161821a06b", "value": "12288:cMr1y90bz7HqMAdgpM7eP1to/NiuWSNMSxPcQPPhS+DoHa1NE2fj+W6miR586qTm:xy+FS7eNscXSBXS+M+N5+W6j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466032, "uuid": "19638a74-1df7-482c-95b8-191107546bfe", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466032, "uuid": "f16009c8-05fe-4da1-95cf-2222b8a6d19f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466032, "uuid": "5d8164cf-10a9-4d78-9fca-58615e387e78", "value": "78859371c9a0658b63c4d56c9b95d2c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd12debc-c898-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679479438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479438, "uuid": "11dfa308-8e29-4f23-be90-585dab213673", "comment": "Malware payload (Vidar)", "value": "b6e2c3d12cdfb982e4a424336b051ff9", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-1896", "colour": "#D5838E", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479438, "uuid": "e465ccf5-0580-4535-9b23-33875bad1649", "comment": "Malware payload (Vidar)", "value": "3020dcb5fc932db3c217c7b02b9df5d6a4ae6b313a128f4ae980a288f774fba2", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-1896", "colour": "#D5838E", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479438, "uuid": "b55b309b-859d-44c8-955a-7694356f58a9", "comment": "Malware payload (Vidar)", "value": "ebabe492137418349eb65bbc72a5b0f1375d18b8", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-1896", "colour": "#D5838E", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479438, "uuid": "d5a84a6e-ca4b-4fad-a35f-008e503b2b8f", "comment": "Malware payload (Vidar)", "value": "bafef07d4d2f9010670f5b5bfea7a34180868c1d77d90a522258f682a3c75d355e3377a4037d16112315677555101a0a", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-1896", "colour": "#D5838E", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479438, "uuid": "b74fb20c-a01e-40cd-910e-bc780b7b7d46", "value": "T1A995334B1AD66E8C163CD682D4626BF5407A67AD5C119FBC1E09E34F9CDA1ECF804A0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479438, "uuid": "ebe50a42-635c-42d7-b59f-0242c153a1f8", "value": "49152:lRj9pCz+Um/ono940L+IBJZjEiG0dIKVo45xiCYZBuegiXMv:f9KdncL+I5jnGwN55QBljC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679479438, "uuid": "09fb097b-1140-4ca3-a4d9-df453fc4f50b", "value": 2004462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679479438, "uuid": "bdeeb3f0-51fb-4dbd-aeca-2257c3ff5e0e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479438, "uuid": "e3035519-4b04-4e41-8511-f3a18cb890cb", "value": "GTA Mod menu.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb02f3aa-c904-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679525767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679525767, "uuid": "f5195a1e-1d2a-4ac7-8694-eb58f3021919", "comment": "Malware payload (RecordBreaker)", "value": "18490cb504d932b35976f376a2dd74ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679525767, "uuid": "a6e8ad3e-398f-4be9-9f45-9861ff9cba7e", "comment": "Malware payload (RecordBreaker)", "value": "302886dba2ea9783a67247110cfabea3f94d1f78343b55f66edd58fc4be926f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679525767, "uuid": "c09a8548-03d1-4d19-9ea1-7a32049bb90b", "comment": "Malware payload (RecordBreaker)", "value": "57fc803e19828f0112c1522c2e5c032f87b92797", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679525767, "uuid": "ed2bf0c8-4e6b-4109-a25f-235df6762992", "comment": "Malware payload (RecordBreaker)", "value": "0aaaea5add422f8e53604ecf4ac202cbee055653a3156353c9ae0e9b63c4b6060391c098cf7f841e9866a7d97b2d2339", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679525767, "uuid": "d5adea0a-47e9-445d-8d02-01b48770e348", "value": "T1DAB5700AB612E866C1D641B3330BEA90A9263E315815C86BB7C3FB5B79315CD5EDEF40", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679525767, "uuid": "f361075c-7ca5-4941-8b1e-7b71f7720e43", "value": "b67719db4a46e13bb822a02b35c899e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679525767, "uuid": "da48d118-444c-44b6-83e3-988f0d8b3f0a", "value": "49152:xoUq+dqhqk1zuyRTc2nyea5ibTvzS9I9p5E+lgjuPfEqmF5ZQGMPHXBE+fyTnp2m:xztID1zuyRTc2nyea5ibTvzS9I9p5E+u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679525767, "uuid": "6fad0d5d-b6c5-4a91-a8fc-038ad3f2e83f", "value": 2444568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679525767, "uuid": "b86823d9-8889-41fa-a8ff-124d156bfe60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679525767, "uuid": "66ce029f-d403-4eac-97f8-3eeb108b5821", "value": "18490cb504d932b35976f376a2dd74ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c3f5d30-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679469344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469344, "uuid": "082d0300-0d9e-4332-ba4c-02b2b29866ed", "comment": "Malware payload (Amadey)", "value": "c78dcdb5ddc0b39851e2238aaf5c259b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469344, "uuid": "0c4d9783-1cf4-4bec-96e3-0ab224c9682f", "comment": "Malware payload (Amadey)", "value": "319e74adea76f9716d81fa92a7cd005b721a4beacd9cd786fdffb5b4c7846b33", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469344, "uuid": "d3fee14b-ee7e-484c-8c34-8f9fcfe3f747", "comment": "Malware payload (Amadey)", "value": "baad4ce2634764b8be2f39cd9dbd0c78047ea914", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469344, "uuid": "ef339a1b-f38f-4ebc-9684-4e951cfb1aef", "comment": "Malware payload (Amadey)", "value": "7fa6f0749019e2fdc55538866dc1aa025b3719e6181e11f567387c7ebba966a2d45cc7256cb8107ddf993849e6079a4e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469344, "uuid": "e93c23d0-90c6-4b75-9e85-41dbcf2e4754", "value": "T1EB252313BFE84435E9B0177028F702D71B2ABD469974831B2356A89D5C73B88D1F27AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469344, "uuid": "2ee7daea-d9d7-41c4-a06a-03570700182e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469344, "uuid": "d9fe0322-3fbb-441f-aa73-f07805f76577", "value": "24576:byo1VIqI1PvmgYSRWaQGb0tTVaFph6gMQ/QIB:OyIPuLH9tTs96gMQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469344, "uuid": "1ccf9c11-c65b-4e7f-b251-67ae2babf91d", "value": 1051648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469344, "uuid": "3d8ad585-e56a-43d9-97e3-1504fb13c052", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469344, "uuid": "6fe39e7e-8d1a-4730-9042-fcfb3af00e03", "value": "c78dcdb5ddc0b39851e2238aaf5c259b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d3effff-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679500350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500350, "uuid": "8ef48839-9391-404b-a005-51f4993c712b", "comment": "Malware payload (RemcosRAT)", "value": "826532ae78986d3b52639e72b1ac0e01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500350, "uuid": "0986f0ad-6417-4e7f-943a-6a1eb1488616", "comment": "Malware payload (RemcosRAT)", "value": "31e81d4201fec97127d8f8deffb64c25a76825d6c68fab083775e7197baa0956", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500350, "uuid": "c1fd3f71-0edb-43ae-a5a4-0d7b6604ac6b", "comment": "Malware payload (RemcosRAT)", "value": "bf5d6199c99e22e947595687af9b89954e2a6e37", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500350, "uuid": "4f2b6517-eccc-441c-96df-130698f5e6e7", "comment": "Malware payload (RemcosRAT)", "value": "a86bab0699142019c6bf9c77906674d52a3a6b7f22361ef9e1733f6b92ed9f1f62be034e05f117b219e0ecb6d912c6cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500350, "uuid": "28c17671-d713-47be-9df2-32efb05fd5c6", "value": "T1ABB42311B94088E3DA6012B159BB3696ACD2FD301D7867676F90BF6D3D3A0A2C70E753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500350, "uuid": "2c5c3ada-7ffd-495a-b7d0-7489cac25f86", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500350, "uuid": "93158a5f-1b82-4a9a-9ccd-3908b23289ae", "value": "12288:JYkYar2AbX18zFRBXKz6u1pSpGLyfeXLl3UU70:JYkYYi5K6u1pmEkeXLhA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500350, "uuid": "782bef52-26f8-41f5-8974-6bfa51c020fd", "value": 512671, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500350, "uuid": "cd46af17-63a5-45ca-a2c9-694d61f85961", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500350, "uuid": "f10915f0-4ca8-46ac-95b2-48a099dde08a", "value": "hesaphareketi-01.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6ab44ff-c8b6-11ed-88f6-42010a9c006e", "comment": "Malware payload (XWorm)", "timestamp": 1679492232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492232, "uuid": "ffd22f6b-15c7-4427-8ddc-8891d6889509", "comment": "Malware payload (XWorm)", "value": "07308fe6fae4c223dbf0c670487f52f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492232, "uuid": "25cd781a-c7f1-470e-a995-3ae707ea6efa", "comment": "Malware payload (XWorm)", "value": "3241590d83e64c4274595c8d96c9db08df8db169cc54ecde703184ad9da7dc5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492232, "uuid": "f3c6cab1-d7dd-4400-939f-d5f19da32528", "comment": "Malware payload (XWorm)", "value": "cb242dd8a57cdd062109461b7158cd59b18512bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492232, "uuid": "8db88ed8-10a2-4075-bd82-7b6fcb1e0616", "comment": "Malware payload (XWorm)", "value": "cfdbb20899c8bb7f5a716ee3218ffa4ac7e4779584201da09bd5b08c1cd32b744b020266c04abfe7140bdcb188e29353", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492232, "uuid": "b45db6d8-2fd8-46f3-96a7-b1f2ee466234", "value": "T150A33AE9F6F3CF62D3ED0932C4E55B68433AC7593923EF09168405A36A837D6A242CD5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492232, "uuid": "20b379eb-0373-424e-ac3d-efc0c635d867", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492232, "uuid": "15118a28-3e7f-46a0-be4f-003319849c10", "value": "1536:JRA2pMdDoatDILnthoiPeYGSIeukt9cigvXLmg4MivFCiw3XY5PdI5Mb:Ja2pEILnt6inIeR/m6myoiw3XHm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492232, "uuid": "b3fd7961-fe2e-408b-b077-2a1ace02d463", "value": 101376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492232, "uuid": "8bed1524-7f70-45ff-9d62-ad5c56467c73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492232, "uuid": "68d27c94-f861-4b68-b9d6-4570ed9c4771", "value": "download1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c79fdcc-c8bf-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679495839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495839, "uuid": "5fefa012-0b3c-4af3-b8d2-c33a9a229690", "comment": "Malware payload (AgentTesla)", "value": "2ba92a0c0cf6ea9049538567ec40561f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495839, "uuid": "fa0eb47e-c541-4a0c-a806-8b18d6c22101", "comment": "Malware payload (AgentTesla)", "value": "32df9d60850947b86582d442e8787c8883558da9ad76a760e09564682c196db5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495839, "uuid": "c7c093cc-1484-4bf8-98d9-f5312b673f2a", "comment": "Malware payload (AgentTesla)", "value": "ac39b3176de057c60aaef0489fc2cd432a176355", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495839, "uuid": "a8cfe96e-e2a2-4b89-9a9e-469e70716783", "comment": "Malware payload (AgentTesla)", "value": "c8b3565c3297f2fbf9c927e1ff539f2f8e665c4e7c65ffb4f227a12d51ec9374a0ccb5d749fa380582ea650f20060d6a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495839, "uuid": "aea7a11b-4f30-4b22-a433-bf0a3110576c", "value": "T1C925AD46B6F850E7EC8E41B50D13F1DE2C00FC4A6621EE365E6ABA41D2351BB35B712E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495839, "uuid": "ad5ee770-5f72-4773-a6aa-8bfddfbe824c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495839, "uuid": "750c37e5-2673-4aa8-99b2-7665dd84d526", "value": "24576:sEP78/1kj9UltaFOjmDPhlOhYKtRZajoBZnUu6/UhySKXFcnf:0OBUzo4mDrKBVHnUu68XSFcn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495839, "uuid": "d3e2117c-03b7-4559-9e1e-f6f62c2a264f", "value": 1049600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495839, "uuid": "efd8cbed-5e72-44ea-b47b-84150ec62609", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495839, "uuid": "faaa56b0-526f-42c1-9936-874272e0d347", "value": "32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54bc94ec-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474056, "uuid": "f312bdc7-8b8f-4be5-8804-c9c6b3bbc29a", "comment": "Malware payload (Heodo)", "value": "72e7f69a3945607de7ff0216ab5b283b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474056, "uuid": "b2216862-a9c2-4861-800b-4a9f24f28204", "comment": "Malware payload (Heodo)", "value": "3310e612eda86dde309eb3c383d95da5986c3332880751c08c60ce4a67a72112", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474056, "uuid": "2c461087-a637-4600-90a0-e002a59ca042", "comment": "Malware payload (Heodo)", "value": "a73d27f1a32a42a99ddb0b178615ac388080e881", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474056, "uuid": "e0c8f99a-fdd6-4b1a-8bca-69c3d3391a3e", "comment": "Malware payload (Heodo)", "value": "a2257f8dfc457437c7f40f43c7dbcf74239c308bd8bc52c60807ca1ec5c6c2c8619b9d45d8840b23f4cd6d5b69b659f3", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474056, "uuid": "a259d1b7-747f-453f-8d71-922d3ca4f394", "value": "T1A92523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474056, "uuid": "e3599816-b384-43e3-9548-7d4b36fa7fd9", "value": "12288:wkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deW:DXzNdfKluvnRHthzfoYxJlz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474056, "uuid": "b61037bc-008a-4be5-86d5-7153514587aa", "value": 1011295, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474056, "uuid": "cac063a8-52ce-469c-8b50-cd9381c30e65", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474056, "uuid": "1c33dcf1-b834-4eea-826a-082380504104", "value": "w3gCC1J7azzYmRESltw.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7e2627e-c8c7-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679499643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499643, "uuid": "f43054d9-735f-4d6c-b278-9a4cee835031", "comment": "Malware payload (Quakbot)", "value": "2a3c8c1a1ff634e636948a1c110e1969", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499643, "uuid": "bd31863f-5e4e-4824-a5cd-bfaa5674aa03", "comment": "Malware payload (Quakbot)", "value": "33b18b5088ead937451a5b45c8f15ba70e2af963a3a3d2c670ad77c19d550cdd", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499643, "uuid": "887bef87-bbed-4976-adc0-a77d6f10c907", "comment": "Malware payload (Quakbot)", "value": "65d038657e6eebbda3eac0aea0c57555e4c3c8a0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499643, "uuid": "6bbf4ad0-b994-4f4b-97aa-7579c7730c98", "comment": "Malware payload (Quakbot)", "value": "e2f85e514c2b0995e84380d98a3d9c713d5e3d8247ee3ed44df73b53495af98d60070b8bd79858a6449b36afed0d2837", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499643, "uuid": "6366ba1a-388a-4d99-a93c-12d8cf6be71f", "value": "T19C5385A00E021629074BEE22A63CA095CF7E095BD684B54BF44F3255FFCE95CD5E0BB6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499643, "uuid": "cd62c8fe-16ab-450b-8104-98f500cd327f", "value": "768:TFaXfK2JjjhE1X+d8OENFHreR9vf4OmvZ8M1kLgATWUgWLz4ogYYga5BvCtrRb/r:5Mfv9AL5+sFkz6gaDKjoKCtwp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499643, "uuid": "70062072-5595-44f4-bdca-936603e0fd16", "value": 60696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499643, "uuid": "cff7ef8c-7d1f-4f42-a9bc-87f67e9c7f8f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499643, "uuid": "1975f927-ea16-49d8-9765-1a748bf42578", "value": "dIL.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f8543bd-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679481670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481670, "uuid": "99738b1b-3545-40b6-8da7-f384e8ddc8ee", "comment": "Malware payload (Mekotio)", "value": "39f48b5e48196aa7f8631bc9e2a93234", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481670, "uuid": "76fb50c8-9777-4d7f-b9f2-89352f06c549", "comment": "Malware payload (Mekotio)", "value": "342da16b402410d4f4101a593d2796c9eef1c20e6af5b9f1cd558117ab93c6b9", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481670, "uuid": "31080681-59ff-45b3-86bc-90c953f14ba9", "comment": "Malware payload (Mekotio)", "value": "b6b7e54ae3bab96a4c05fec30342bcbba50462bb", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481670, "uuid": "dcbe8ad6-034d-4dde-b8f0-1b6595fd1362", "comment": "Malware payload (Mekotio)", "value": "c86e33cfcfdda071f6db79e05aedaf43fdc0fdbdabc08828848aac93c684a84e2edafeaff8a4ebf9a35e3075c53dad6e", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481670, "uuid": "b0c5a239-4f4b-4c2e-a086-55fb06b91db3", "value": "T1523633C29ADDF37EC9353AE2BB87CB5D3571A67E2E06379257232E2B83250121874117", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481670, "uuid": "e73c687f-6374-48bc-952e-004f09a62427", "value": "98304:PTvfbOHdm+TrGMUmyZpryMfRM6d1Yo9gu+4waO99RoVd72fuoIoL4/arzGSqgwGk:PTHbOHdm+23xM6Mo9jEaO9gd2GroLqgm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481670, "uuid": "d64ea845-2f6d-4d0f-b086-9c5562bfc65b", "value": 5216176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481670, "uuid": "02dadf6b-d3d5-43f1-b0b0-02b1e96fe84c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481670, "uuid": "3ee2c42a-0b02-443a-84c1-71a3c6733ce6", "value": "ID-FACT.1679481359.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69fb0d2b-c898-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679479245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479245, "uuid": "b98b8921-7601-4daa-82bd-5985956d657f", "comment": "Malware payload (RedLineStealer)", "value": "2fdbf9583b7b9718fd2c4b320fd559ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479245, "uuid": "e20eccf4-e3e9-4174-aab3-ae5dc7e1b624", "comment": "Malware payload (RedLineStealer)", "value": "3487c2876b10e63f53c2e33357725be1047dbb124cc43481dbf5a87e28d559bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479245, "uuid": "f42f4b26-f780-4b59-a854-d0e342f2df03", "comment": "Malware payload (RedLineStealer)", "value": "450a2bd5d7e872444cf589715cd15ad0ccb4abd1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479245, "uuid": "9408b205-ba2b-4066-b9db-1c940ad98e47", "comment": "Malware payload (RedLineStealer)", "value": "29e9ae20f374931394d50977d3c46a58ee299660feac78cf35b450f2a943af9c544ba669a8fa418cd001e88133aa389b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479245, "uuid": "305958d0-f6ff-41e3-b3cb-39b881578047", "value": "T121C40202F7DA8473C4B45B700CFB12830B35BCA1DE7457AF2796A85A1D72694A93237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479245, "uuid": "dff7d251-834b-4432-bc5a-8ef1dfb6cf84", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479245, "uuid": "950115ad-0cb0-4c7d-babe-cd129e7ebf5c", "value": "12288:3Mr8y90mcomFPKcSqFklhxDxhGzxYfGmW9SYem8Z:jy8wcdFkln6xYjP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679479245, "uuid": "e8b5c508-51f2-4497-8489-74ae9e152055", "value": 549888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679479245, "uuid": "f2ae2367-fa98-4406-97c3-69418536cffb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479245, "uuid": "51258520-5b44-4102-97ae-04cbb5937710", "value": "2fdbf9583b7b9718fd2c4b320fd559ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed592416-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679497075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497075, "uuid": "5df3acf1-0803-4236-9aa1-55b10967bc36", "comment": "Malware payload (Mirai)", "value": "0da3f58817fafe70bba068c8fe83a308", "object_relation": "md5", "Tag": [ { "name": "dbg", "colour": "#9C42A2", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497075, "uuid": "e9c2e5d1-7828-4a62-ba15-bb863a3ba7bb", "comment": "Malware payload (Mirai)", "value": "351161a6db2ad8bfa14bad0682108c3a01775a1ffb1c934c38c094b67f52a3cb", "object_relation": "sha256", "Tag": [ { "name": "dbg", "colour": "#9C42A2", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497075, "uuid": "e26971e5-641a-4db8-acca-fc2ed41bf428", "comment": "Malware payload (Mirai)", "value": "a6df349de06fd01f313daf1fa808bed2c172d96b", "object_relation": "sha1", "Tag": [ { "name": "dbg", "colour": "#9C42A2", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497075, "uuid": "112659bf-6e15-45ff-af5b-ce80b963b959", "comment": "Malware payload (Mirai)", "value": "74896f0c25d8e439631a16fa8f0d113b72dde2d7b417ce05f7399142e5e9558132786e37beb0e2447df46b7275bda48d", "object_relation": "sha3-384", "Tag": [ { "name": "dbg", "colour": "#9C42A2", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497075, "uuid": "5f2cd25d-add0-4671-ac13-378035cd41b0", "value": "T1A6637EC9E283D8F6FC1705706036E73BAE71E0AA211CE686C778D5B1FC86941A117ADC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497075, "uuid": "0aa3db31-d111-46ed-a1da-833296c53394", "value": "1536:pnUQJZdRlDAXO6QyQwOaOAOJx4xhP2J7RvsuIr5bhr8V:pnUQJ7RlUXTQpwOaOAIx4TPC+uWaV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679497075, "uuid": "55468cae-a9bd-4e05-82fe-f16030b40b19", "value": 70736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679497075, "uuid": "627d5c47-3e7a-4ebe-8d93-9ee3cd77128b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497075, "uuid": "cf19e9e4-6526-4931-ad96-9903793fa97d", "value": "debug.dbg", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a10a9561-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679446266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446266, "uuid": "2c3971c8-5839-423c-a356-e9283f1569ad", "comment": "Malware payload (Amadey)", "value": "ade7133a2f4a50a1b7dc122b55778280", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446266, "uuid": "b30c9739-58b5-4970-8e2c-ad1e022fcfd6", "comment": "Malware payload (Amadey)", "value": "35680af06d652cd775cb2f040797d6bdfa8ccb1a89c5c37095753de1fa3bace8", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446266, "uuid": "1180e85b-31b5-4993-bddf-047ec631f61d", "comment": "Malware payload (Amadey)", "value": "8413e88ec4b203116cb03cb8c099556be1bee557", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446266, "uuid": "8019672a-9281-43af-9937-08623db4ba9d", "comment": "Malware payload (Amadey)", "value": "7433069b37046205c475a8f63ef33b923c2d85487bddcd0f8d13b5ac4ea9d14b1f46e3ff952b316398c1dbfb2bd752d1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446266, "uuid": "cd0f608f-860f-4829-8176-04c982bb5ac8", "value": "T12174C70386927D55EA258B739E1FC6F8B61DB670DF493BA63218DE2B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446266, "uuid": "e7217312-08e0-47c0-948b-d892021c8658", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446266, "uuid": "4f8f28c3-61c9-4b7c-8286-6b53f7351b3e", "value": "3072:l2BlclwMSOCYeLj8eONF6Qro/vs9ak0uYwccvqUltbbcW5D78WOhSdRDhGFpy10j:KTYeLjNONsQrKkIeccfpcg78WbV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446266, "uuid": "4520a716-84b0-4fb4-88e8-0861525cd231", "value": 365568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446266, "uuid": "eea7d58f-80e9-4b78-808f-5ffca2f10341", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446266, "uuid": "47b33db7-e70d-4bbc-a098-876e1bfd8767", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03744e7a-c84c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446431, "uuid": "6279e679-9613-4614-9843-2048d38e80f7", "comment": "Malware payload (Smoke Loader)", "value": "ecf8568540c40b5b29692183ddfdbc2f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446431, "uuid": "aa82b985-aab7-4eda-82e9-96523cd1f3ba", "comment": "Malware payload (Smoke Loader)", "value": "3747e33141ab6d7cfb305806c49f092623dae8817ecf24b3dc51793a73de7978", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446431, "uuid": "9a757f9a-ab0a-460a-b11f-2c02e5bd62e6", "comment": "Malware payload (Smoke Loader)", "value": "5bd507431e2c5d60bf6c260333295d3436ac9193", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446431, "uuid": "ad27389a-a7fd-4d00-8990-7a056d9d9602", "comment": "Malware payload (Smoke Loader)", "value": "4264e10e138a25278db1d607326f37768678784414b8d75ad1f59564855c5bc4940a51e6ee41c5156f966958b31f9e59", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446431, "uuid": "de14e4d2-fe46-4cdc-86a9-ec551866ba21", "value": "T1C064C75382A27D45EA158B73DF1FCAF8B64DF2708E4A7B6532189F6B14B02B3C163611", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446431, "uuid": "3e85da2f-cff7-4b04-b7a7-ded28b7eda4f", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446431, "uuid": "b70f6c3f-a677-4905-be67-bfafc06db68b", "value": "3072:W0fz8WYL34FP6Uvzf390PxaGA2m7o9xxG4F5ZOUnWOdAoRDhGFpy10wZ2iQ:WJWYLoB6UvB+Al0O4WUpQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446431, "uuid": "26f64ceb-d241-496b-9c1a-98f8e8c02277", "value": 326656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446431, "uuid": "0ede2456-a54d-4adb-ace4-aed483bcff0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446431, "uuid": "28c02f04-3f76-4ab4-bbd0-2e120a42deeb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f85d1630-c853-11ed-88f6-42010a9c006e", "comment": "Malware payload (QuasarRAT)", "timestamp": 1679449849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449849, "uuid": "ee2b3ccd-fc33-46d4-9e3e-0275016c0f5c", "comment": "Malware payload (QuasarRAT)", "value": "a0ea62228a00a903b0e2edd2a1077f76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449849, "uuid": "cdaae34a-3828-4a85-b9af-08ea5db59879", "comment": "Malware payload (QuasarRAT)", "value": "3a62c18261a8f899c82eaed7aeb78c2d284788e55dd6c37cad57701a44df9a86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449849, "uuid": "10826c1b-502a-4c46-93fd-eba6b03befd7", "comment": "Malware payload (QuasarRAT)", "value": "cbababe0111ee963a3cdf70ff1d6398a853f467f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449849, "uuid": "43114465-f6e1-4a39-aaaf-b93a8c2e246c", "comment": "Malware payload (QuasarRAT)", "value": "6bfb0f28a22d31a526c0d79315c1dfb6862d371ea01e07a27b4ecfc214bb06fd436abe7f253442bfc24cfd52acf0e29f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449849, "uuid": "e7e03afd-a716-4e3a-b7c6-33bf2fa64db0", "value": "T151F5391437F85E62E16AD6729AB0D03263F1EC2AB363E70B61D16E7F3C53B5058016A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449849, "uuid": "06b7a3be-33ad-4a58-a01b-7dff27b09661", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449849, "uuid": "4110889b-900e-4dbf-8d5a-cf9cd53392c4", "value": "49152:dvGhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkauwkr+Mf2QoGdw+THHB72eh2NTj:dvot2d5aKCuVPzlEmVQ0wvwfuwkrZ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449849, "uuid": "269ad880-0d42-4d76-b058-4baeafca8f90", "value": 3402752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449849, "uuid": "fa3190e5-b76d-42ae-a21d-8e336acbd8be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449849, "uuid": "81544121-950e-4210-81c6-892d8a069042", "value": "Quantum Realm.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec3edb18-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AnyKeylogger)", "timestamp": 1679467867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467867, "uuid": "e8dc8f9d-5e5d-458b-9d05-80e02e11db4a", "comment": "Malware payload (AnyKeylogger)", "value": "dcfe7be66afb58806186046e432de88c", "object_relation": "md5", "Tag": [ { "name": "AnyKeylogger", "colour": "#4121A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467867, "uuid": "b008ee57-61f7-4093-8ddb-4c9783ea4ed6", "comment": "Malware payload (AnyKeylogger)", "value": "3b0118c7402a350b628a09e7c4594199b2e62d91800b287cc6655bf1e51269f2", "object_relation": "sha256", "Tag": [ { "name": "AnyKeylogger", "colour": "#4121A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467867, "uuid": "75d98957-5fd8-4568-b6b1-28655f189cef", "comment": "Malware payload (AnyKeylogger)", "value": "806f99ff22f047b481b83b791748d101e49013e9", "object_relation": "sha1", "Tag": [ { "name": "AnyKeylogger", "colour": "#4121A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467867, "uuid": "a6d9745c-b0c8-4cf6-960e-3c21eef49887", "comment": "Malware payload (AnyKeylogger)", "value": "d384a6b73037abb74bfbd0f33b7a44221c04900389c4bea0f8fbe166c6eb8b17c661efbdd028e9ae611377c99c594864", "object_relation": "sha3-384", "Tag": [ { "name": "AnyKeylogger", "colour": "#4121A2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467867, "uuid": "3636a764-e34e-40d3-a792-34f31da15fee", "value": "T183F5012BC55FC428DFBF56B762C78ACD6437A259982F917D43F06CC04E928460762B3A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467867, "uuid": "97580651-1d82-4148-ad5a-a9e0836bc2d4", "value": "98304:937oJhWTcl5YGRZcF/p29DTPxNLnBuQyo9Rp6qqAzISl:Ghecl5YCv8l8E4Im", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467867, "uuid": "a7a7bf1f-c435-4c5c-98b0-c38000c0fbb4", "value": 3444986, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467867, "uuid": "958dba53-87b5-4725-bced-48d94eede5a9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467867, "uuid": "2c71b2ed-7355-4a8a-8333-437bc81ebaf1", "value": "lolxd.jar.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0139631c-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500544, "uuid": "873295dc-c8cc-49e0-a5f4-933be920aa50", "comment": "Malware payload (SnakeKeylogger)", "value": "eaa50ad2ad4f4dde101eb79cc4835829", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500544, "uuid": "cf80d9e4-420c-4b87-b1a6-9608f868fc30", "comment": "Malware payload (SnakeKeylogger)", "value": "3b33ce4b55bd9ffa8cd93762179724bd799ee5073a4e2f244959d08a00fb78b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500544, "uuid": "aeb025cc-fd60-49ca-8b7e-81d262717003", "comment": "Malware payload (SnakeKeylogger)", "value": "0c2687c7e7e163510f72634eb7e1012bf7db0dbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500544, "uuid": "95be7341-4a18-40a9-a2c9-7cf6260b51cc", "comment": "Malware payload (SnakeKeylogger)", "value": "edf8bb45a64daa8a339d2200acba666582a79ecbb64ee8c116096471cac34b638ba206961c662e7a9b84d820b273badb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500544, "uuid": "172e9d94-7fc6-486c-977a-899ffc20a88f", "value": "T165F4120762D28FB2C06C9BFA9493543043B6B3966263F3463D8851D96F1ABD54F06BCB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500544, "uuid": "8bdd4eda-4519-4baa-98b2-10b14e3486d0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500544, "uuid": "4c4188e0-9cea-4ba6-842e-9f451993fe93", "value": "12288:W1ygI4+ZF/VjHy09KGISTRO9YW6CM9oPAwebnPUms7mS:xS+Z/zTHTROGW63OPAzUms7mS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500544, "uuid": "65c2e374-d293-4b3d-805a-be06cae2677d", "value": 757248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500544, "uuid": "a71b331a-80e4-4db4-a548-fca4dd779242", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500544, "uuid": "e1ce9ffe-9add-4b6e-8162-98863016914c", "value": "ENQUIRIES.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bafb77ea-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679469503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469503, "uuid": "99e020b0-1358-4d63-9f41-ac07fc09aa38", "comment": "Malware payload (Mirai)", "value": "342c4798be16aedfa2a452d3b1b57a00", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469503, "uuid": "097e5e9c-24fd-40f3-95a3-0d00c3306514", "comment": "Malware payload (Mirai)", "value": "3ba8be440a17901bb03cf637803cc30e0ad5b2abdacbdd425aa18afbcd4fa540", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469503, "uuid": "db398fd2-81ec-45de-b34b-e22d14235173", "comment": "Malware payload (Mirai)", "value": "96b938f22b495fb2ba9c58ff371be5d8c13c3645", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469503, "uuid": "1fd85a63-6074-4e0e-aeed-e72b60859961", "comment": "Malware payload (Mirai)", "value": "5af7909b983cc2c04d488ca433600ea84d4a93ac8eac43c945419020bba0e5788b109643883adf92e5b635b3c64e1ed1", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469503, "uuid": "ac12a3b9-60b5-4649-8104-337afb8b0ec5", "value": "T145732A46B9C485ECC089E43403BFB639C455F1BD2335B2DB37C8BF2B2919EA11A5D85A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469503, "uuid": "6476c33e-e872-44bb-a052-163d5d151cf3", "value": "1536:3zoTiftlQpG14OI0waSURBlr3UctMG9ahPcAKUcwJs:jTupG+OI0waSCEctMYahPcUcwy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469503, "uuid": "7f6fe5e5-65a7-4e8e-a049-15b7690e4bae", "value": 75776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469503, "uuid": "a4ed5513-1aa8-4a12-bbf4-23e1801330c7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469503, "uuid": "b2b91b9e-51e0-4c2f-a45e-afafaebadb1b", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4dc7a0b-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520710, "uuid": "20c5a023-b424-4e2f-84f0-d4836478bf26", "comment": "Malware payload (Gafgyt)", "value": "d06ae37719607acc4402d4c10e3139c9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520710, "uuid": "3be3c96c-9d1e-48d4-a441-fe0e8afb970d", "comment": "Malware payload (Gafgyt)", "value": "3c04dd88048de2e31c51174b8fae6070fb311d3dba6c6dbd89c64523a9d851f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520710, "uuid": "ffaba2dd-cce2-48bd-852b-09f0b49b77f0", "comment": "Malware payload (Gafgyt)", "value": "77780e9cb6fd5fba5e4b15c2b81943465110729a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520710, "uuid": "1a95df30-3ba4-426b-bd2b-26d90a1b1a91", "comment": "Malware payload (Gafgyt)", "value": "23e4e5d67e3947ba8d159be61ed485cb4776fe0e53e079249dc0c59b8752d9068c5c6ea4baedb02c644ac60e8a9ad657", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520710, "uuid": "89022df3-03d6-4f13-8461-2b88f2f1f3a0", "value": "T1D8B30692F900DFF2F40AE67604C34B2566B0BF660F536A66B21739A79E721C43867F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520710, "uuid": "5e6e2932-3699-468b-8a22-0b6a9bb8acdc", "value": "3072:gLWUEK1FSHGfs1QbEE6QyPwgs/avcWVRm2pgYMx3IPtW:gDsGfs1QHyPrsSc2Rm2pgYMx3IPtW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520710, "uuid": "a71b32df-06bf-4a95-9382-77875b86117d", "value": 113759, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520710, "uuid": "825d5f7b-23bc-4e6b-9338-9ac22e3ef2b1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520710, "uuid": "98084b0e-c9d9-4e82-ab60-30fb95f12a23", "value": "d06ae37719607acc4402d4c10e3139c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92d12918-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679486615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486615, "uuid": "9b97363c-090e-4578-a741-f784b5544dd1", "comment": "Malware payload (AgentTesla)", "value": "b35dc8287f0e24bb470e3a134730db74", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486615, "uuid": "2dde9a38-6ece-428d-a8b2-f435ac6431ef", "comment": "Malware payload (AgentTesla)", "value": "3cacd0691978243f04148ce39e057d9eb18f569515ec32ea49f58b6a11a58313", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486615, "uuid": "6e2b82da-555f-4089-be7f-0fb5d66abebe", "comment": "Malware payload (AgentTesla)", "value": "9b2cf399dde4cafa0e62160f3f91a89cc2845ace", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486615, "uuid": "d0e130ae-cfdd-4fd3-8c75-c2339e9b351f", "comment": "Malware payload (AgentTesla)", "value": "b0f2bb068efdbebc230815fdf41acf21e8254f8b68919a01b240f1159c129853984cc1a127894473ba2406cdc8c3062c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486615, "uuid": "de3c080a-fde4-4e0c-b0c1-07e07ff40c4a", "value": "T1DE05121672E6CF25C5585BFE94A6862003B6A39B2633E30B6DC414DA2F267D04F11FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486615, "uuid": "79149df1-5b3b-4471-b08e-4d9b3c786d76", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486615, "uuid": "dbf753c6-6a47-4334-932f-b91f8052cdf3", "value": "12288:OCwhFwzG7yr8do1bUOThoDnK3M2yc3ML+nnHYhoxCEr0jCv:OrwzGOgdo1bUOTGDnKc2r3uunHY2AEl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486615, "uuid": "69359b3b-6ff1-45b6-adc2-45f79c6efea9", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486615, "uuid": "72e899e7-9921-42e9-b2d8-d0ab487345d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486615, "uuid": "7280ae05-1391-41ff-a34c-43dc3040f9f6", "value": "b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9e6bfb6-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679494465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494465, "uuid": "eb84acf8-3590-413a-ac32-98808781652d", "comment": "Malware payload", "value": "59ef0e5edfa407db55f71a88b301de31", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494465, "uuid": "96dffe70-2ca9-4624-b290-b81ffabb4a18", "comment": "Malware payload", "value": "3de3be7994f84b3e48bcfd5e859ae4dc7a889b633ff2b97a63e09b86a818c7af", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494465, "uuid": "f4e7ffd5-d04a-486e-893d-2f822d83176d", "comment": "Malware payload", "value": "fc65154b24fe29cb2a7e77d436d89940a97c05de", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494465, "uuid": "3c89aab6-0d4a-4721-a3de-98cdcb50d37e", "comment": "Malware payload", "value": "e8bc162276eff6fd14679fdda00ade316c8f6f3937a68b14d14ed61a1e53beecf474ac4502415b6ea7ee94ebc3ab47cd", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494465, "uuid": "02c19546-af48-4b9f-9cd1-e6f970bca79f", "value": "T1BC15332C63A164838930B47E2B3C3FE042D644E44B7677576CA5C6352B5A3CF6212FAE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494465, "uuid": "5607f057-942e-42c8-99a0-c16e2f7568be", "value": "24576:n5F6F5r9Hmt2uK0hOtdiCaPGopG/PuTiC7Llwc:n5sF42FmOt4CaC92", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494465, "uuid": "8a527b3f-639f-4491-a954-e65732c4d0d9", "value": 928390, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494465, "uuid": "c4ff9309-be88-41ba-8da1-09358b542b7e", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494465, "uuid": "c4620361-6c9d-4a10-a35f-d3957dd4d0c9", "value": "b7giw9.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24072640-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446057, "uuid": "e39871db-6621-49ff-9093-5f015e3a2c7a", "comment": "Malware payload (Smoke Loader)", "value": "3a933ac5b72be1c97406cc77f5631b57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446057, "uuid": "c54ead29-0ab7-4fee-b43e-48558d486080", "comment": "Malware payload (Smoke Loader)", "value": "3e3b2e5066fbfdf8a3b1c83b95a58463025b43bcf91729a3368729968fd212b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446057, "uuid": "934bda35-ee14-451e-8bf9-807589b39783", "comment": "Malware payload (Smoke Loader)", "value": "e1d355199465bfb78f9fbe3b11ed2d369e1153e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446057, "uuid": "6f2a61d9-44cf-4936-98a2-24120ae76b30", "comment": "Malware payload (Smoke Loader)", "value": "516c4fd89a2d0f074a629c1ba7d1f33df21c7c949315c437bceccd1d7a89f7a734e543c629c6c141fb201aa286c345e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446057, "uuid": "2f2329d4-b99d-45e1-a9cd-5e1ef3dfd1fa", "value": "T11F44CF22B692C0B3E5660D794811C7B4EA3BB8316B558ACF3784177D5E343E2EE36346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446057, "uuid": "46471a91-1562-4dbd-bb04-3193130c4b30", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446057, "uuid": "16a92b59-14e2-4cd7-8040-b487e35baee2", "value": "3072:eajtqG3QXhrUqFYY9LrdbVjPH0NgpK6M6y4en0uLgegcbm+z5ssjjc9I2YU:F9/TY9LrdRb0NIM63enC1c4ajc9I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446057, "uuid": "e6e74b24-8756-44df-9eff-e44ef1c20f27", "value": 257024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446057, "uuid": "5f9d081e-a785-4fd9-bd1e-aad9bfe59f90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446057, "uuid": "4f34f38d-25dd-487b-abaf-4288b739d7a2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d278240d-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679480709, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480709, "uuid": "6d87ae12-57d2-4169-9803-5a35e466dd40", "comment": "Malware payload (Quakbot)", "value": "ce6c25efd8a248f35a3b24ebd0820a6c", "object_relation": "md5", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480709, "uuid": "4de13f55-db71-46c8-aa13-4400921e4bb4", "comment": "Malware payload (Quakbot)", "value": "3e7dc97515f130901df5e7eea85a1ffa1fec1e1472fdaa010b1cd0ff5a71f5d7", "object_relation": "sha256", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480709, "uuid": "e0b41c2b-4783-4951-bb06-be95a442d79b", "comment": "Malware payload (Quakbot)", "value": "7d8d84dfb6d807f5776739bd99dfb66f51d2b481", "object_relation": "sha1", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480709, "uuid": "0b438a7e-517c-40f8-97b8-0bafbcc947bb", "comment": "Malware payload (Quakbot)", "value": "797d7ff68ad7ea709024915bad70b7e7cdddbdd06703d3705b0378ff1d214597fce82993a55036e4de06cc035e4eef9a", "object_relation": "sha3-384", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480709, "uuid": "ef71709b-d753-4961-a41d-f7e1bef7d214", "value": "T137949F52F6828CFADC0606748592D32B563DFD518A22CB87EA647B3D9D339C27D4E306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480709, "uuid": "ed3a471e-7691-4052-88aa-7e7706a6f543", "value": "8fc8d2aeb26153e5af5a4b8dcc7deaa0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480709, "uuid": "e9b962fe-f394-49bd-b713-cf9514a18281", "value": "6144:dJw5P0mR1bHI01J/LW3w7RUw50j6fbnFNr/GwgSMsn5HIQ/bSBBMxM6Qb:7wVv1W3xwdbn3rHgGO8SLT6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480709, "uuid": "68d12b13-d129-45c2-9ebf-02232558f2b1", "value": 435256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480709, "uuid": "10776590-c535-469e-814c-824f2bd33514", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480709, "uuid": "ede94144-edbe-4d73-b474-86dee39a314b", "value": "semimonopolisticEnnobles.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f8410e5-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473564, "uuid": "1a5edd44-7582-4340-b25c-4cca18ceee5e", "comment": "Malware payload (Heodo)", "value": "e829fd1ab215be4a915946926baf0744", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473564, "uuid": "1d376323-3fde-4db9-8048-dc66247aad46", "comment": "Malware payload (Heodo)", "value": "3f1d493543a2c67c1ff132653796a014f15320b499d2246e9806e3064b35557f", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473564, "uuid": "4b43af04-100e-419c-989b-432472d58839", "comment": "Malware payload (Heodo)", "value": "0761e5f38d9437f25af9e3f3d6cc7f6a95d675b3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473564, "uuid": "0f30d925-4c56-4cda-a3cb-641d60e2f983", "comment": "Malware payload (Heodo)", "value": "45312bda67a29f65667ee35a57186ea1aeaaaa5077fdc6bd01c392586d4f1f918c462851ea9d77db739aa7c7345bcb40", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473564, "uuid": "a2539db4-1368-4d5f-8649-2f6f75da5ef0", "value": "T1F6052368C67295D1DE81E635B6721A09FBDE0791A80338FDA4FD5C3D29F0E40973B922", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473564, "uuid": "3b5248fe-e918-497d-91f0-09104fbfdaa9", "value": "6144:sA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3p:B/fqmm2sObC7ezET7vh73p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473564, "uuid": "94fe2c18-cbe7-42eb-bbc2-e23c4add4050", "value": 826914, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473564, "uuid": "cf3d8cc6-d091-454d-ba4e-dbeb0d9a8562", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473564, "uuid": "ed317760-6e85-4853-8065-bfeb71038325", "value": "Ac8wwulKxqZjc.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c31d0490-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501729, "uuid": "82a7253b-b858-4e9e-9e12-5a293216b2e2", "comment": "Malware payload", "value": "aa99836643f0b2c8fc39939ec3ee27f3", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501729, "uuid": "efaa45c4-5891-4bbf-b018-644315b08638", "comment": "Malware payload", "value": "3f56119af8fef0b7f8f213be2f3b681225181166cd3cd9594f4f4a2977beba34", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501729, "uuid": "82ad1e76-8750-4db8-b6a5-5768a121cbc7", "comment": "Malware payload", "value": "f0dacaacefb80336e67725d4a555b2aa243994e8", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501729, "uuid": "518d64f3-ecbb-46d1-a84b-7160bbe88062", "comment": "Malware payload", "value": "d87ebae6499958dff1e95f18a2442260452779c67909c23e749e9d120a40d8d5f7c93a3af29a6c544f31c12779990071", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501729, "uuid": "51a75177-f8b3-4d04-bebe-e38c938e6527", "value": "T1ACA30169B102C552EA81D47A0ED1C29F6733BC81BD57C25B7295738F68398C4DB83E47", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501729, "uuid": "3187252c-e4ef-4d23-ab26-c8617ca18440", "value": "3072:0OnF5J68LLyT4LyHH2p84Wj1A4w1iuSK:X3sFTayn2p8o4w1iuS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501729, "uuid": "2c457afd-2238-46f7-b7f8-abdbde3eb34d", "value": 106496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501729, "uuid": "91cae33a-50b8-4eb8-93ce-81c511a8bfad", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501729, "uuid": "c8abe8cb-4adf-4e76-b134-2a25ad236ac5", "value": "Purchase order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d24f7fa4-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501754, "uuid": "92f52df7-2ec9-4fce-8cea-91362dadc4ae", "comment": "Malware payload", "value": "cc638c42919721064d6784baf6bb498b", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501754, "uuid": "516b4abe-2d57-46b1-9a8f-d1d4d6825ba6", "comment": "Malware payload", "value": "3f6d0c111c8a6734a77b581dd0853d519426a8965c9f675f813d32de8ea3aca2", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501754, "uuid": "3de8ae1b-7722-488f-a068-88bc33429562", "comment": "Malware payload", "value": "59be32df99bedb97b2c56548032cff9b41e19746", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501754, "uuid": "642b3b45-4853-480f-8fde-4a5ae10d1691", "comment": "Malware payload", "value": "30ddcff8d4502011763054d8715e07c7ad11ce4384f3cd47d246ecf32f9548c16dd552cab476f86fb71647188424c1fd", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501754, "uuid": "86cd2c2a-ed05-46f9-82f6-180a10fb3368", "value": "T1F3451217F9C48D4AD48247F93AE77999131EBC622BD6A2C72744770F5F78AE08A0311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501754, "uuid": "75f24c00-83e4-47c3-8a3b-baa1702a8af3", "value": "24576:2LKGWQmmav30x0+MXUu9u13a+MXUu9s3bVS+MXUu9n3bVuSbErKf50gE:2LK7QmmQ30++MXV9wK+MXV9s3bVS+MX4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501754, "uuid": "97f07d08-cc63-4440-b970-5386be0d00e1", "value": 1169408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501754, "uuid": "a64856ee-9673-4f1a-9d36-4c14eb9451ce", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501754, "uuid": "ec947a1e-0827-457b-9cb2-f4e3ceb9a9e3", "value": "Shipment Doc.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aaee85b6-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469046, "uuid": "ae5594ed-c7f7-4c46-8b56-fccf95edc922", "comment": "Malware payload (RedLineStealer)", "value": "ed25f6cc36836a83c0031c16fd1d5569", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469046, "uuid": "475371f6-623d-46b9-806c-4eae92acf6cd", "comment": "Malware payload (RedLineStealer)", "value": "3fcbce9b8b29a899a766e1aa62e8abf3e9f6cc0f03bb0f3b188bbb5777fcd0ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469046, "uuid": "80265148-da60-4527-b605-897ecfd3afb7", "comment": "Malware payload (RedLineStealer)", "value": "9a343973a3ba67b72d2dd2bf26f46d58bd2fa069", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469046, "uuid": "3303f292-3ede-43ec-8218-b3270127cdbb", "comment": "Malware payload (RedLineStealer)", "value": "bca201575f9bef21aa8dabd0b88d750db937c1b5eb40c7bb051776028fe306e8d5c71102915d10e3b5ce74cec21cdc4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469046, "uuid": "6c12ca34-46d3-493f-9dba-40e68d7c5067", "value": "T15555E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469046, "uuid": "7306603b-f6be-4779-aefc-0512df93a55c", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469046, "uuid": "c97677b9-8c7b-450e-9a4d-b8dfda69158b", "value": "24576:lnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:5C/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469046, "uuid": "599b74b7-f13e-41d9-999e-f04f12ea8ad2", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469046, "uuid": "3ab69050-1406-4aa9-a5dd-005912ade13c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469046, "uuid": "cc55eb8c-747a-4d0f-9ad4-e7c6526954cc", "value": "ed25f6cc36836a83c0031c16fd1d5569.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4d34455-c8bf-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679496121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496121, "uuid": "080fd765-476e-48c4-b4cf-a7e31dd203c2", "comment": "Malware payload (AgentTesla)", "value": "52e040787f8d7e0d5b760db5b5374259", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496121, "uuid": "9a1f97a8-a7b2-4065-8283-8e61695af174", "comment": "Malware payload (AgentTesla)", "value": "3fcc344b3d212c6bbd03a9d6bc8f0c353b12ecc46084c7c6d2e716895c67e4bb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496121, "uuid": "f9f5dce6-c99d-4952-aec2-89803347226c", "comment": "Malware payload (AgentTesla)", "value": "10d33d08a25a947c624bb8bcd014d464020364c9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496121, "uuid": "1aafda65-f646-40e1-bc1d-04dc101c5486", "comment": "Malware payload (AgentTesla)", "value": "8f4345284cd2a3838d2bf8dab0c4d582d476ce87542f5cb9925fc76829cee151f962ee610d8701d03e6e5d5b875a55e5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496121, "uuid": "f44f2302-6e5f-4e9b-bf5e-a331eda13c8c", "value": "T173E46C7D2DB89D26F435D6798BE0C133B0A0D7D77B228B18478B134D8E0295678DE1AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496121, "uuid": "9a83fbc8-dd42-44df-b899-d86bc979763a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496121, "uuid": "641e2fdb-b121-4da9-b11d-c3bdfd94c8e5", "value": "12288:6QzoeLD8dC3okCeXZ/QuM4BNKr06LgNGSD7QKqc16:UeLYP+p/P6LMMJcY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496121, "uuid": "3f047ea3-37ea-488e-96a6-4b027d2c70e6", "value": 715264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496121, "uuid": "f4de5590-f86a-4461-a599-73b28367321a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496121, "uuid": "201ed9b0-fd59-43f3-8fee-fc665f9e4a13", "value": "rSOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a5643dd-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472830, "uuid": "a4c561a7-d5ef-4f5e-8792-74f568b12a9e", "comment": "Malware payload (Mirai)", "value": "05385317639062bff3ccb4883c67be78", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472830, "uuid": "80c66bca-745f-43e4-9637-78be671f0b8e", "comment": "Malware payload (Mirai)", "value": "4001864cc99271ff6dceae8aa39679c5a6207da8822b1659f48fd2c164a58bd5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472830, "uuid": "49c2ebd4-cf73-4cc3-8f5e-109ffbae3335", "comment": "Malware payload (Mirai)", "value": "67ddb75245d3571eccf232f605def6036a8017c2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472830, "uuid": "aa119be1-049f-490e-8659-d56c2319566d", "comment": "Malware payload (Mirai)", "value": "18cdc937bf88dc74500e8294dba319c022cae66d25fd0a24a29036a29faf7d42cef94436436970d6c8615f5e04a04eb0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472830, "uuid": "31aa3abd-1199-4f5b-aa40-cd9df61686ce", "value": "T15FA3820D6E619F7DFFAC823987B75B209208339622F1D585D1ACED025E7034A741FBA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472830, "uuid": "857bb7da-ed56-47a9-898e-8321dd12eb17", "value": "1536:VIoF9MIA6KTsn8K30hPOrDQqWYzslYCR74DTLjwG4cHWaag:6+9jA6KhK3uOrDQqToZ74DTLjt4cHDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472830, "uuid": "26540df9-aef9-4d8e-9b34-ad6d60c172d8", "value": 100480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472830, "uuid": "a5cf70ac-82d2-4728-9099-bbb821fe0c07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472830, "uuid": "f8f92641-fd31-40a3-99d6-78ce8e360e7d", "value": "05385317639062bff3ccb4883c67be78", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3637d9c0-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516525, "uuid": "9bea9e02-265c-4996-8f92-0778ef69e0f3", "comment": "Malware payload", "value": "2fb859df5294e1e39cc443dfaa1be0a6", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516525, "uuid": "4c514f86-c881-4afd-a35f-8bd70b702cf8", "comment": "Malware payload", "value": "40183ac364ce6edd33a9d02bbe52d0f7ec2d814560119b121c1030fcc9b3762d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516525, "uuid": "e9563c92-f787-40fb-a0a7-efba0c030130", "comment": "Malware payload", "value": "d393af79efedfd05945f6e32d81323002e5722dc", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516525, "uuid": "cef9ce0c-e988-4303-a7f3-f8c8101c3ee9", "comment": "Malware payload", "value": "91eb808d280d55bf9aa281f3567285d1252b3188602caefa4f21f13a2946068f0971b584d18f0b91c15648d70c7f3364", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516525, "uuid": "8d6d2843-4d12-4074-bd29-1f54c2b469f5", "value": "T101135B56ABF00432F6B30B71A938586ADF7ABC206477D49F8B900E6D1570D52CA3D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516525, "uuid": "c3cd481f-3acb-4d00-9b4c-a2b518bbfff7", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516525, "uuid": "b1d05d44-2566-4ccf-a83e-8848cd6ce3e5", "value": "768:k8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1kkQiwBeT:P/6A0q5HDR4oWBx3xrBx41z8QcKbi+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516525, "uuid": "98fc275b-d9c4-4769-9f8e-a50bb53ac748", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516525, "uuid": "a227e387-884e-4d58-b23e-39b886dc9923", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516525, "uuid": "8cff27f1-49ef-4913-b840-4de5a3f1174b", "value": "2023-03-22_2fb859df5294e1e39cc443dfaa1be0a6_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e24d811-c8c7-11ed-88f6-42010a9c006e", "comment": "Malware payload (AuroraStealer)", "timestamp": 1679499358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499358, "uuid": "11753b6e-3d63-4beb-a731-e3de503ed709", "comment": "Malware payload (AuroraStealer)", "value": "034915ed46b3bf19f65247df67f22a14", "object_relation": "md5", "Tag": [ { "name": "AuroraStealer", "colour": "#51F769", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499358, "uuid": "314c50af-45e5-4e84-9ab4-ae22a97dc428", "comment": "Malware payload (AuroraStealer)", "value": "403b9b23861e293823bd1e8f5c5dd17463ef79d1936fa6d1b24e64b027b29398", "object_relation": "sha256", "Tag": [ { "name": "AuroraStealer", "colour": "#51F769", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499358, "uuid": "f1067d99-dc7a-43c8-af3e-276c5b0af050", "comment": "Malware payload (AuroraStealer)", "value": "b9eed1429f6af82d86b70ff1ce5c111d96896f77", "object_relation": "sha1", "Tag": [ { "name": "AuroraStealer", "colour": "#51F769", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499358, "uuid": "13b90218-8af0-47d6-8fd9-b73f1d36ee8e", "comment": "Malware payload (AuroraStealer)", "value": "3d4ff07a774770dd07e3fc72102076e95f404a7efcf56298d4790fb7f51ccf89d10702679a177afabd94be310a7cceef", "object_relation": "sha3-384", "Tag": [ { "name": "AuroraStealer", "colour": "#51F769", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499358, "uuid": "8522ad1f-65b6-4678-aea6-021d67ee0860", "value": "T129745C0293E36C60EF1246728E1EC6F86A2EFC609D577B9E234DFA2F09741B2D552705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499358, "uuid": "e95522ee-e1f0-4140-9bf7-22f27dd1705a", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499358, "uuid": "01ca00ac-dae5-465d-9042-a822072bdd8f", "value": "3072:vOAR8Pi9yGfgz6nDYmD9GyItEF8KHIzbBt6GD+aVSUazKRz5CJJ:t+REA4Yq4/cUh5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499358, "uuid": "98ee75dc-4775-44a6-9349-0d69db392ab5", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499358, "uuid": "0600a68f-4d56-41a0-a8ff-7016cb663fe6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499358, "uuid": "2d301a8f-68e1-4f81-8070-630d38e46c76", "value": "034915ed46b3bf19f65247df67f22a14.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5207f00a-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679486506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486506, "uuid": "21da385b-2ea9-4882-aa67-eee82429cb02", "comment": "Malware payload (SnakeKeylogger)", "value": "778bf055c929a3e3ab64d7ce332060c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486506, "uuid": "b9827dcf-51f8-4c67-b9b4-1d938bd55056", "comment": "Malware payload (SnakeKeylogger)", "value": "41a4802d7592d29970a041b399fa9c91caac9c393a0e9353c59ca946e7ff557e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486506, "uuid": "59638024-46f2-4778-998a-6c30a0e26323", "comment": "Malware payload (SnakeKeylogger)", "value": "aecea68fc418be57b6d9af21583f40c8b4ff8ef0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486506, "uuid": "2eb1314c-0c12-4875-8078-77d1d1bf9df0", "comment": "Malware payload (SnakeKeylogger)", "value": "ed1ca049b5db866d68ae27f7ff77d2e846af603f6cdb0665d282d1c241a3f4fad13f7a2a2b36932d737000b8b4603939", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486506, "uuid": "0168affe-9e3e-4b1a-9778-34303b3f6ef6", "value": "T1A3256DD1F190C89AE86B49F1BD2BA53025E3BE9D54B4810C569D7B1B36B3352209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486506, "uuid": "ef679cf6-334e-470b-b303-186a15d3f05d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486506, "uuid": "7a5f7a60-3317-438c-b637-1a530bc2bcab", "value": "12288:H2lfJfJTRIV6dEvC7bVFvihgxnB5QJ+KaQ:EfSV6oC7BFyanB5QJ+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486506, "uuid": "04800218-583d-4dca-acf0-6e516c7ddccb", "value": 1033728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486506, "uuid": "86b5a49d-650b-41ad-9a77-0ee0200ac2a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486506, "uuid": "39221f81-476d-4f68-837e-5f87aec7c023", "value": "ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a65cdff-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (LummaStealer)", "timestamp": 1679511914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511914, "uuid": "aeac9d7d-f54f-41dc-b46b-d251f3656cf4", "comment": "Malware payload (LummaStealer)", "value": "86226298f5f7c878323137119929a4c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511914, "uuid": "a881930c-0fed-4f23-86c6-9b1d1a68b5af", "comment": "Malware payload (LummaStealer)", "value": "41ae7c8a95a5367900997394091ab6fb70b83157906df1c95f7dddf124a07532", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511914, "uuid": "0d12af73-74f8-4553-a45e-5a546d36c197", "comment": "Malware payload (LummaStealer)", "value": "83db798ff6aee97864c18827749a3f1c5cbc4c51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511914, "uuid": "ecbf0275-d3b1-4ece-86ca-34ffb2f90dc7", "comment": "Malware payload (LummaStealer)", "value": "cc987fe31d9b6ec458925590f6b25e2c16fa0d350a3a542a3b2bb76b6755a0490830f9fbb3eb23f5f24e3dd29782690f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511914, "uuid": "2a311555-d203-4c79-96f0-1a737d30cc36", "value": "T11B25BF0382E27C55DA158B739E1EC6F8F65DB670DF493BAA32199E2B14B02B3C163741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511914, "uuid": "13bcece6-6279-4670-9347-fcdee1baad8f", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511914, "uuid": "2264221f-d101-47e8-9d43-caeee5b04869", "value": "24576:TNmsC6pxpjI6YZ6dDyFqQCtqckiY7Y5u:T5RpU9ZSWFqrjkiK5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511914, "uuid": "7edacc4d-c50f-4ffa-b759-2d31aa59154a", "value": 1000448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511914, "uuid": "38e33127-7ce0-4cfc-a3e3-c81d28c9e825", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511914, "uuid": "a2b31846-0baf-40a0-82df-0a8efd3f552a", "value": "86226298f5f7c878323137119929a4c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d6b5cae-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469346, "uuid": "32c46fd4-1bed-4ea8-b747-a2f7bf109eb7", "comment": "Malware payload (RedLineStealer)", "value": "bd596f62f14ef28f920c4e54eb062162", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469346, "uuid": "0e46d42c-5e57-47fc-9215-27045029e8b7", "comment": "Malware payload (RedLineStealer)", "value": "423476d7b86e1f3a6e36a3f4e8de2a8e6b3d671d384eedfcc5bf6f0d0453a155", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469346, "uuid": "d14dd1c1-19a3-4a6e-814c-ddeac7df05e7", "comment": "Malware payload (RedLineStealer)", "value": "e6c18546b3bcb71714c2530f236470bd951eaaa2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469346, "uuid": "52319bc1-45fc-4673-9cf9-967cb5030805", "comment": "Malware payload (RedLineStealer)", "value": "41900ba816d90ec3b381d186c938ea8f072aee795d5350caea6fa8491ed0d15715bd510ceccb95c714ff9fb3ff56105b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469346, "uuid": "6d3d87ae-6fc2-4681-961c-e818c0967743", "value": "T1D5252352FBD94072C9F87BB094FA41C30A31BCA55E78871736626D910CB1368A673B7E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469346, "uuid": "7fdeda2c-c80c-4ba3-b11e-ca3b66dc753a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469346, "uuid": "0d808c53-39f1-4462-a8fb-196d147ddf41", "value": "24576:iy+T1Br4kw1ZOiCh67GR36d0e+yzIfh13ltksq0:J+Tvtw18vT7sar1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469346, "uuid": "085af5f2-facc-434c-b10f-b9cc58281b2f", "value": 1032704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469346, "uuid": "3d59db6f-de01-4f8e-9f27-717284df7c5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469346, "uuid": "a8c38708-a866-468e-91d4-0c51469a1f57", "value": "bd596f62f14ef28f920c4e54eb062162.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b16bef9d-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520597, "uuid": "bc45c2e3-27ac-4982-9f4f-b0da8e8a7eba", "comment": "Malware payload (Gafgyt)", "value": "2ec843f993352e6ce2df7324ee38c64d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520597, "uuid": "d119225b-c8f7-4218-82f4-c7cb50b3bbba", "comment": "Malware payload (Gafgyt)", "value": "42b471fa672fabd414137a519b002bfb2374d1592b3b1e14716e8e5002debcf1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520597, "uuid": "ea2b9ace-c9f3-49d4-85b0-29b553cfce33", "comment": "Malware payload (Gafgyt)", "value": "c82e76a86e66a1dab823e5fa2b7915e894a55e6d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520597, "uuid": "c5f3168c-ca16-449f-bb94-74d76e4a5224", "comment": "Malware payload (Gafgyt)", "value": "1b1fa25d32aaf327c8ff8568cd859154f0ccaa0ab503f059110ca3e97819e458f9485a90591a77e227306b6c4e7b1ae2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520597, "uuid": "f06e9283-20a2-4717-9863-df8a95e9449c", "value": "T135C30A45F941875BC3D327BAE74E428C37355E2897DB33156A38BDB42BF2B982D29120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520597, "uuid": "9312443e-f948-45b4-899e-c4213349fa90", "value": "3072:hQrFRNfuLrGhEPOD0Jg3gNlmBoHQuQekQnYW:IFzuaEGQJg3CmBoHQuQekQnYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520597, "uuid": "63d6cffd-78c2-4992-bbc3-271c0ebda4d5", "value": 120177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520597, "uuid": "b0d3d252-bd54-4df4-9b00-d9657c14d848", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520597, "uuid": "c9e89f1d-44ae-40df-8c85-aec87f9e09f0", "value": "2ec843f993352e6ce2df7324ee38c64d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32650885-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473568, "uuid": "1a203327-b946-4b2b-a3ea-0d48e95b809c", "comment": "Malware payload (Heodo)", "value": "2f56a13efc346438a275f675f9cbe794", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473568, "uuid": "cb0145aa-14a1-4f81-b42f-dccd0b36ffc6", "comment": "Malware payload (Heodo)", "value": "437f0dce73d03e764e346dee98bb44c6111766897c2fd085c8c1c5457988818e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473568, "uuid": "62124341-1766-4cf7-9f90-9012bf92fb9d", "comment": "Malware payload (Heodo)", "value": "bb50faf6091e39b9d8ba9048dae965bbdec2c4df", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473568, "uuid": "eceda0ab-ea40-41d4-ae93-05bdf099baec", "comment": "Malware payload (Heodo)", "value": "7ead247081b527eb34fc986eaf5c64b180e677216bc8436ce739e12909131ee775742ac0826298cd1fe4640746bc3b4e", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473568, "uuid": "52d6d8e1-d36c-40e1-af3c-9a970493f2eb", "value": "T187052368C67299D1DE81E635B5321A19FBDE079168033CEEA4FD6C3D29F0E40973B522", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473568, "uuid": "f8eecc7c-5d71-43c0-ae9f-c7ca2e595a3e", "value": "6144:mA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3l:3/fqmm2sObC7ezET7vh73l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473568, "uuid": "019ab01a-31b8-43a3-9427-80e206f4b465", "value": 830951, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473568, "uuid": "160c3160-1ace-4b40-9ec1-dead3cecab14", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473568, "uuid": "90ac89bb-359b-428b-b4f8-a08775ab00b8", "value": "O1uPzXd2YscA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc64a4b2-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472968, "uuid": "bc441072-5552-4c67-aec7-62445c3ef832", "comment": "Malware payload (Mirai)", "value": "7378b3b795bb5f2de24d4724685235a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472968, "uuid": "8f8c8650-0f68-4f79-8c6e-2ea62f9b4b13", "comment": "Malware payload (Mirai)", "value": "43900a054ddef9b5d8323e2ea2a24db4387b2922147ea981d5290fb46936eec3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472968, "uuid": "77c6707d-b7ce-454f-baca-7e8ad636fd37", "comment": "Malware payload (Mirai)", "value": "c7e01d3738db8417c3bde19c65252668868de19e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472968, "uuid": "8f4c2519-34f5-4946-a536-c9d60ea75164", "comment": "Malware payload (Mirai)", "value": "24717700637ed89d7ca238f01c4fa8613a9f3ac75e6200c997b9673f5e1ace24e114ef67daebc11fbd97ae7a8d4a13e1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472968, "uuid": "a7c8a0e1-3df4-4561-8681-6ee2bbbe152c", "value": "T159634B0173588F0BE59A0EF8283F17E583BEEE4021E4F184660FEB5A4235E77545AF98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472968, "uuid": "02738201-b8df-4ee6-a098-92a037c61ecb", "value": "768:ocyOee1sVBSrgLRMZRZWFY5Rn9v+i5Tr4i+8+QdRIeYBy9Hgkx+CYafu+opU5dMR:d0sEk1Tr4yRIe3HJ0afu+Eeub/Ve8XCC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472968, "uuid": "f96af794-db7d-4200-be80-2dd22a952374", "value": 72944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472968, "uuid": "d1aa778c-8911-4eb6-843b-ed224fbe5cf2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472968, "uuid": "be1112d2-73c7-4464-a078-afdab6c04c6e", "value": "7378b3b795bb5f2de24d4724685235a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecbf836e-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511677, "uuid": "890d5459-b5b8-4b4a-9f92-43460074a7f9", "comment": "Malware payload (Formbook)", "value": "cf9b9e76614e64235a6c79280f338feb", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511677, "uuid": "78c004f7-3a13-4a34-a74b-330bf5956b76", "comment": "Malware payload (Formbook)", "value": "43b59add45c5a5b3ade4f706143768fc6ee0006500aa0b1a983af81900acbb73", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511677, "uuid": "0b3e59d0-3c20-4575-911f-49184d71eba4", "comment": "Malware payload (Formbook)", "value": "703dae2fc6fa14502c83bc41d0537ebf4bdfab76", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511677, "uuid": "18f162b5-759a-4835-b4c4-baf1097b337e", "comment": "Malware payload (Formbook)", "value": "b00dd3dd0f913954e66bd4dd418da54b1567424a39cf80add9221caa230452e02e241bf62027e229af60521c88ce20e8", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511677, "uuid": "bd046f5a-7e6b-44a0-8b28-e59c82e3a0d4", "value": "T1FC64E096B616709FC81BC276C9D95C249B60B3676747C247701B239EDA4EBABCF400E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511677, "uuid": "ce532c67-1852-4f58-bc85-8ae4eab36100", "value": "6144:kZc1JhIJqN8ZQ/esU3aVoqNDrn82A1raVPsCqLxtmKC/mnP3y2hp/Xln4:T1J2J08WPyQoqNf7AMBquKT3yoh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511677, "uuid": "cae46c71-78ff-42d6-8737-d7f35a942940", "value": 314952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511677, "uuid": "c4ff9303-5028-46bb-a7fb-fdc47d9502c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511677, "uuid": "517ae212-05fc-481c-94af-00f82457b420", "value": "DHL form_10020230322_docs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b81d5285-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501710, "uuid": "ecf2e078-fbcc-4540-b4d4-42e74998f356", "comment": "Malware payload", "value": "578282541d2f0c709166559a86112272", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501710, "uuid": "7cd73128-52f6-4015-a4a5-c514beece21b", "comment": "Malware payload", "value": "441f0fc2efe06e2dbdde00738151b79be409b9f7115bf48908fd9f868b8de019", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501710, "uuid": "a7b28dab-dda9-493d-899c-1a1df1ad612e", "comment": "Malware payload", "value": "9da9168482e73e121399289b4710c2bbc671c127", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501710, "uuid": "17338aa4-a3d9-4b6d-b0bd-bf11c08dcb20", "comment": "Malware payload", "value": "31f631b9acd4762a6d1aaa7adf20a40f75f1107e808c0cc3108302a974a15179c089ea5fbd39e3277769aef76097658a", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501710, "uuid": "f79f4123-5a95-4e1c-a05d-77d745744c25", "value": "T103350217F9C49D46D44207F97AA37994132EBC626BD2A2C72754B70F6F78AF08A4310E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501710, "uuid": "350b005e-f4c2-4d39-b806-505f0d975f61", "value": "24576:JLK4WQmmav30xZ+MXUu9/bW+MXUu9o3bVz+MXUu9+3bVuBv77La/T2:JLKNQmmQ307+MXV9a+MXV9o3bVz+MXVz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501710, "uuid": "6a6217b1-47ad-41c7-862a-260605de67c0", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501710, "uuid": "d32b6ebd-6de7-41dc-957d-72204bfff357", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501710, "uuid": "edcbe3cb-446b-4aec-9b07-c248eaf71628", "value": "DRAFT SHIPPING DOCUMENTS.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba6c0453-c86b-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679460053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460053, "uuid": "61ee9ffa-3081-4c35-bbab-14ad56b50c35", "comment": "Malware payload (AgentTesla)", "value": "3a02d50415b4f76d02cda80340ecccbe", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460053, "uuid": "6933d30e-5ec3-498a-9eb6-4db2bfb09ae1", "comment": "Malware payload (AgentTesla)", "value": "44daf0f79a8c0f762378b5418a90d3b15925d4be8f35be293bc2ef657aee7078", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460053, "uuid": "a9b60ba9-1678-4742-a423-e247b631c2d3", "comment": "Malware payload (AgentTesla)", "value": "5f4ecc1fe8f99ebafcba4d15df74c535a8c5c800", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460053, "uuid": "13dc499c-0e5b-4bf4-a449-708f29a16cb5", "comment": "Malware payload (AgentTesla)", "value": "a571ee45dbf1aa601cfd95879c96176b1860b13d431e996c586dac0ec844771e986ef9a99c6bc5e1fa5415624b87fca8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460053, "uuid": "de426f14-06e7-4e75-be47-3d690cff1e8b", "value": "T1524412752764AA7BE8631B712D3627079FEEEC1914646A0F23140F5D3E79680CB9E323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460053, "uuid": "0f2f3480-2632-4277-aad5-504f69b4ea02", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460053, "uuid": "18584ad2-6fa6-4015-9978-c498358832eb", "value": "6144:/Ya6AtECrPFGPiBztYwpoEVoa01VPIDSEYqGCX:/YOtzVR8ESJ1jkX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679460053, "uuid": "2df1d2ab-afcd-4f97-8178-b8c9d83bd9f0", "value": 272792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679460053, "uuid": "ec348cf3-7eb7-4164-ac20-d938d9ddf3b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460053, "uuid": "b946224c-1791-41b9-bd73-9893d5ae5199", "value": "3a02d50415b4f76d02cda80340ecccbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81e3bc72-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446214, "uuid": "869f4c71-4416-4488-b1ff-9a9b9ab79cb5", "comment": "Malware payload (Smoke Loader)", "value": "d5da1abea4cbea3dadbe35048f025a64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446214, "uuid": "29ce5199-5ec3-4f11-9d99-8af218102752", "comment": "Malware payload (Smoke Loader)", "value": "44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446214, "uuid": "0d6b04e4-31af-474b-b4f0-8ba3a3222759", "comment": "Malware payload (Smoke Loader)", "value": "ff6be5e6d96f48b8e624e659a16497623e43c279", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446214, "uuid": "26ef0c7c-9b9f-4268-a37b-190316e3b78e", "comment": "Malware payload (Smoke Loader)", "value": "7a88e9ab4a4050cd7d6372e2dbc6ae6cf077b1017912dbd539b1ee2cd0c25b4612555e5005496f0ef31e3e2deb5a2cfe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446214, "uuid": "949a2a4e-743d-4596-a0d2-8aaed0714ca4", "value": "T1DF74C71383D27C55EA258B779E1FC6F8B60DB6708F493BA672189E6B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446214, "uuid": "c3f6829a-d8e3-4aaa-908b-42ad4b556568", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446214, "uuid": "623750a1-68b4-4283-8e23-9df0f613df37", "value": "3072:5vgPXKqJgECYqL3MYxWMeD0VpyH9NREM8NH2JIm3hqcRR5zd8WOeukRDhGFpy105:mKYqL3X0oHG9N0HZm3hRRfd8WEQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446214, "uuid": "02b75d1d-0b3c-4c1b-890e-259a9a753212", "value": 366080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446214, "uuid": "406fa22d-40c1-4bf0-a7f2-e66e31b6e36f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446214, "uuid": "7c68aac2-af99-4668-931b-897b1dde1a09", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b271e21-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471892, "uuid": "2b0705e7-8733-4ca8-ada8-055a5dfd3912", "comment": "Malware payload (Mirai)", "value": "052b6db1061a17d9aca8bddde88346b7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471892, "uuid": "da8dc03a-217d-47df-9836-43e681677f3d", "comment": "Malware payload (Mirai)", "value": "4561b8804596510121faea78258f8812109cbcac9404636f26ffad98d9797953", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471892, "uuid": "7c310814-a341-4445-8470-b8c58b7501db", "comment": "Malware payload (Mirai)", "value": "773ea4e5682fc8610cf8b8bb42519d732ff92e60", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471892, "uuid": "9d80b698-2725-464d-b24c-f53d9fd5931f", "comment": "Malware payload (Mirai)", "value": "f4e649890428828f619fc18c4e4239680f77cd2c76e12d6eeec534994d9b43a4c9dcdb7673a338474d537323f277dff4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471892, "uuid": "9e51101b-9abd-4f88-a2ef-ec581800a3a0", "value": "T19FE32C46EA408B13C4D61779B6DF42453333ABA493DB73069928BFB43F8679E4E23905", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471892, "uuid": "814f6df7-6d35-4b14-be93-ee3c125df00b", "value": "3072:IBK0/9ARiUhra5UOwRN++5pE7or1l2ZXUzEM/9QHRQY:IBK0+ra5UOwRNt5pxn2ZXU4M/9mQY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471892, "uuid": "c54aa7c7-4845-49a1-bfc3-7040c0ed96ce", "value": 150626, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471892, "uuid": "5ccb6a83-9f38-4f02-94f4-9ce68a0b4a7b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471892, "uuid": "6b630d8f-dd6d-4a3f-8694-14d27a2a5b27", "value": "052b6db1061a17d9aca8bddde88346b7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac0854f8-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469048, "uuid": "1e58cc06-a525-4e51-a4ee-a1744721ce47", "comment": "Malware payload (RedLineStealer)", "value": "ca5551b906080a050d8b082eb7da84a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469048, "uuid": "43b0eb12-298a-4372-9801-b4ce6b907398", "comment": "Malware payload (RedLineStealer)", "value": "45edb22a053132e45fe008df8a8fd32e1023ddc871e265ac84f62f395663aa64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469048, "uuid": "d7e39961-d310-46dc-bc3e-411a08e53eb3", "comment": "Malware payload (RedLineStealer)", "value": "c5750cf943782513bc31a5d9634d89c9784cb4c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469048, "uuid": "3de218d8-67ab-4f64-ae2e-3349647e71ae", "comment": "Malware payload (RedLineStealer)", "value": "e18c43b488227eb9ae9cbc5aba3f5541debcf72b89c5b7c68ac555b346db607e5369d188ba2f681fc5e518ae81d67492", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469048, "uuid": "90f6bc59-a7fd-4a8a-9fb9-b43b7b62a63c", "value": "T116C40243A6E45132E9B177B05CF612D31F3ABC5569B4826B2309E95F1CB3281E57233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469048, "uuid": "33911541-6a2f-4e4d-a608-4783e12eab76", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469048, "uuid": "c099c001-0b16-4445-afeb-d4c95e5353c9", "value": "12288:oMray90gPpsaexGuwnmjkRrYHTTTDFW+7+yFCtmNqVI52Q:yyhUTwm6rYH3FW+7+42iqWoQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469048, "uuid": "59b6fe15-e8aa-4aca-8938-0054f556db38", "value": 558592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469048, "uuid": "a294e9cd-0a11-46ef-b0a8-00239a233969", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469048, "uuid": "4f562f5f-5d88-4f08-ace1-0527b1411231", "value": "ca5551b906080a050d8b082eb7da84a3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4d993c7-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501758, "uuid": "507bf44b-4fa9-42cc-a464-0577f431279e", "comment": "Malware payload", "value": "eb955ede0aec078ab68cfa3961d7c51f", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501758, "uuid": "4032b102-ed72-4ab7-8895-4cc7e600f9d6", "comment": "Malware payload", "value": "46565a6680f1109b7e2992372ce32198250848f8a76272400a00741072982787", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501758, "uuid": "267ea629-1c9c-495a-900b-53aa1728f8a4", "comment": "Malware payload", "value": "2be16fceb95d47fb068f336da92f51a70342be2e", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501758, "uuid": "86eff301-b6c3-43ef-8d3f-34b3208928f1", "comment": "Malware payload", "value": "373f7d4e22f9d83deab41735374a99e9a170d102dd7d77ffe1ccff6bf693ce14ff30234a12a20da08e907e4c73b16174", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501758, "uuid": "2e50cfa2-028b-4e61-bc8c-3b6ee4628a60", "value": "T183249F026797DD1FDB9240381D0BBFF6A32EEC995B5F81926014F2A92C3EE22F355584", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501758, "uuid": "8454b230-54b9-4c0c-9158-4cfc4bc5be02", "value": "3072:rtDUowQvvcXbKWVLarYTEDNxNQ5uBBzwFWIVMRcQDNu9spD3qWjx9:ryorvEm+LaMTEfe5Awrw4WN9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501758, "uuid": "49127ae5-ef75-4e4d-abca-969ed4195e6b", "value": 220160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501758, "uuid": "d248b95b-adbf-44ea-9758-505d746d1841", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501758, "uuid": "1f2fb025-4fee-4ee9-a015-2be9a9717932", "value": "5458353974866046490330130384.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e1a7233-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472863, "uuid": "ba786443-b441-4801-aa61-f80acf70d04b", "comment": "Malware payload (Mirai)", "value": "03ff3974f7b146416ef48efc17215fdd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472863, "uuid": "0ca109ab-b3fd-4d5a-b7f7-e1125cd237b7", "comment": "Malware payload (Mirai)", "value": "46c52e5a8c3e7e29414cd9c06612407aa51dcf5b3054b952fd414eba8f938613", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472863, "uuid": "73f055ca-75f6-4d83-81e7-507f9025a142", "comment": "Malware payload (Mirai)", "value": "f49d671bae446a7ffebf4ab6ce829fca402f4dff", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472863, "uuid": "3765dd02-6378-4969-9207-ad940b355377", "comment": "Malware payload (Mirai)", "value": "da4b485ceb6d87d6137a31713c0f7b66d45d7d867c0eee2cfdab76c1970c5688b41fccbfc326d1ae22d2c3865a4bd4a5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472863, "uuid": "ece1015b-983b-48f8-8600-e68d32198665", "value": "T193831A86BC409A11C6C50777FA2F118D330267A9F1EE7252CD155FA07BCB91F0E2B69A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472863, "uuid": "037dc8e0-8d63-4f2e-9adb-0e6a0b05f3d2", "value": "1536:CynA38H8OT19Ncs8d82YqL7OCzUR37g8DnlX0qtdt24HWzCIAinMyntmW8:UMHP1Hcs0NYqL7OwGdlEqtzWbntmW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472863, "uuid": "54dc2991-a493-4ae2-871a-de6b575a9f6f", "value": 88668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472863, "uuid": "1147bd5c-6f83-4ff8-aff9-187506fb1e8e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472863, "uuid": "a6842f68-0b6e-4981-8285-e54f42af1b90", "value": "03ff3974f7b146416ef48efc17215fdd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57861fdb-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679475349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475349, "uuid": "bf27e3a6-e141-4de5-b54b-4dc9497ceb9c", "comment": "Malware payload (RedLineStealer)", "value": "507a6003e64894b9d3bfc42d8d0cf8d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475349, "uuid": "1d5d75b5-0de6-4c56-9a07-e306100aa420", "comment": "Malware payload (RedLineStealer)", "value": "4737a8baaf13aa6657c6b2a9e6ea208a82674d4534edf232725588c3332f1f48", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475349, "uuid": "5b4c308d-ca4e-41b7-8b3f-0a780f6a2837", "comment": "Malware payload (RedLineStealer)", "value": "0d45eef5e196b6bfdb0b61322ef0c7acc6385d33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475349, "uuid": "f4fc4e57-b0de-4695-b7e4-c7891a6b6c06", "comment": "Malware payload (RedLineStealer)", "value": "2e692decc8d3f5894ff76967b4969ca3a9354394fb2ed2f3c75ca2d4c9186c81c35db3e3c6a02167fb5ff0c532bdc3dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475349, "uuid": "a886539f-3ced-47c7-9bf2-5876dc30e6db", "value": "T125C41212EBE84033DDF55B7048F703C31B36BCA25D30535B3B9669AA0DB2598A876736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475349, "uuid": "d3c75aba-6e8a-41ad-a60d-5946f59632b0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475349, "uuid": "c5bb7c28-f60d-4631-b285-6caf42f64c49", "value": "12288:6MrWy90vstngFhtSU5n6JlhEDxhQ5xYzGmgjcd6CNv23Xv:AybgF66nelCMxY3gj59v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475349, "uuid": "17f0850c-c61d-4ee6-9cd1-dcd8c3cbbfe8", "value": 549888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475349, "uuid": "66faa33a-5df7-41a2-b3ee-791c35462670", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475349, "uuid": "6f1a0612-c5cd-47f0-b17d-aa39fc22f3b6", "value": "507a6003e64894b9d3bfc42d8d0cf8d5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ada6c75f-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679511141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511141, "uuid": "380e29c1-367d-4b18-98f7-e39ed8e39aaa", "comment": "Malware payload (Quakbot)", "value": "f749abe95c4aca71c96eb3b33a8b632d", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511141, "uuid": "074c787c-1eac-4be5-a9bc-94b5f3498dda", "comment": "Malware payload (Quakbot)", "value": "474f1e4ca2742b8971e1eac7656738c3fe9a8730ed1acfaac030474ae66c722d", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511141, "uuid": "4e795219-6a09-4a2e-b207-96b0817ee3d2", "comment": "Malware payload (Quakbot)", "value": "c5efe7c0d9dcf4e5fc9d705f2c1d94cfa400d06e", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511141, "uuid": "bf89a374-da34-4f7b-96a7-124e21534b6d", "comment": "Malware payload (Quakbot)", "value": "8d2c0c22392a7b7eb788e55851b22235ace97b476c5e06f6133fad0206c54a40efae2ec09460e04504214e31bf28174b", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511141, "uuid": "eb0f06f1-4703-4745-ac5b-f9bb1757ab0c", "value": "T1D581FA75ECF78ED5DA038B663021909B7485EA45223F98C1F2EA50DCFB4B310EA23857", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511141, "uuid": "b04069c7-c76c-45c9-92ef-8d82cf8df7bc", "value": "96:LxeONpKwJDW19AN2LrtD/36Owx5yXe1qiYO:LxeONguPMvk75F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511141, "uuid": "357b24ef-9f67-4a5f-a56d-4fbc508cb548", "value": 3987, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511141, "uuid": "d44ac4a8-3bd6-4690-aa0e-1a404d5be559", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511141, "uuid": "4fd58e9f-c321-4a52-8179-e2067063671f", "value": "Beatae.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55f07efc-c87a-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679466327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466327, "uuid": "e48ba781-6e05-4e5e-b0d3-eebe4a775184", "comment": "Malware payload (AveMariaRAT)", "value": "4b87f8949844fa8dddc6bb0c965e34ca", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466327, "uuid": "45aeb368-363d-4774-b03f-3276cdc05165", "comment": "Malware payload (AveMariaRAT)", "value": "47e091ad10fe9644a3c5459c4a99f69d25629540b38fb821311a09215da9b497", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466327, "uuid": "e1d52149-1150-4640-840d-dc9df4877eca", "comment": "Malware payload (AveMariaRAT)", "value": "82c03836e57b28b399ef04bec6e9502e5b2d0787", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466327, "uuid": "2d29ad7d-e3ce-4824-9a28-6afd7b004f80", "comment": "Malware payload (AveMariaRAT)", "value": "52c09907fcc81c2599e91f4c5e25b60fbe0b1184b12aee46785b6b7196a377606ca71cb5a3a0fe1e38cc5252b1d1b8f3", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466327, "uuid": "8d3ad5a6-3a01-4a9c-834a-53c2a030488f", "value": "T13444CF2272A1C473E85741798811FBB42A7BF8B15B6BCADB3740527E4E313D29B36346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466327, "uuid": "763bc83b-fc99-41e2-9bbd-34e1ddc15e7b", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466327, "uuid": "6ba3e250-d88f-431e-982e-a349870c08e3", "value": "3072:djwdr+0Yc1xYcYbYLD7fHjZXiToAazfD18C8B/KPflJHYp5hcS2mJ:FMC6YbYLDrDRiTIv18hCPfWP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466327, "uuid": "eacde1e7-7e25-43f0-8d83-e258808ef9f0", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466327, "uuid": "296ba27d-aea5-4a1d-bc9f-c7718d053aec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466327, "uuid": "215cf808-13d4-4d83-856f-fd003f229022", "value": "4b87f8949844fa8dddc6bb0c965e34ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4638886-c84e-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447668, "uuid": "278d1929-7809-4553-a2bd-bfd67be870c2", "comment": "Malware payload (LaplasClipper)", "value": "f465d008c8ac27c3946376b5a5a9f5f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447668, "uuid": "f29d5d60-7b45-4e4e-a1bf-dcd45c6ca8e5", "comment": "Malware payload (LaplasClipper)", "value": "483fde1fba538fd23eff241ac85960f2710850c8bcb7bde0024e298d065fc01d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447668, "uuid": "c5e49d66-5aaa-4efb-af06-7a9618864257", "comment": "Malware payload (LaplasClipper)", "value": "614b5376bfb761e2177af0b5c097081d31689883", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447668, "uuid": "acb7052c-1cd0-4c9b-92fe-13fa9b1470ec", "comment": "Malware payload (LaplasClipper)", "value": "2540bf9b6ca31abb9e97680dd9b20cba60c8a36c20ebfca832e8501a4f3af154a4d2e8df8a552875afd9361257baec48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447668, "uuid": "2d83679c-cfea-4a1b-b85e-a85fd94cfc10", "value": "T18A952321B6E1C130E45606F14D18CBA96A79797123688BFF275087B67938BD2C93F70E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447668, "uuid": "912f2957-9def-4ee7-8930-e6b1b857cbc2", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447668, "uuid": "bd3bc702-427a-470b-8cd9-0e9ff8d9cbb8", "value": "49152:W7WhJ7cYDtLPUx4Pz6zqhxldCkVjBVn9:WkN7xIq+zqh7wkrVn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447668, "uuid": "deea6702-e884-416b-9ea9-f099ad483702", "value": 1919488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447668, "uuid": "f8433b58-ea0d-4548-b986-a88ae1818946", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447668, "uuid": "b9e74914-c2c3-4b9e-a138-b429cd63a1a2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "393f96d8-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516530, "uuid": "93b0549f-66ae-46f7-ab12-fc61ed8487ac", "comment": "Malware payload", "value": "eebbb75c7c678ad6e46a3c23ff48686d", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516530, "uuid": "6e308371-dd07-40ef-a001-0b76205e5be6", "comment": "Malware payload", "value": "4878d4c86a01d47ed7802effc4b839b6245001c0f18fdf5d71643329eeb7a178", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516530, "uuid": "9049778d-056a-410f-a8fa-64f748c1758a", "comment": "Malware payload", "value": "e5756b50d36035369f24ccbfb9e16f6d49397bd2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516530, "uuid": "9f34e1e6-f009-4a69-ba07-3653ab1c2604", "comment": "Malware payload", "value": "172ee41eb3e7267abe6625aaddb3d60d5bd0d0c2ffcc8cbd2de3111811e1d9b8c069c802780622653cae6ff82e1aa798", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516530, "uuid": "8b42f226-8688-4527-b30a-8d2c145229e2", "value": "T163136A5A6BF10432F5B30A31A97444AADFBEBC226477D4AFCB800E5D15B0915CA3D763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516530, "uuid": "c08afe43-a35c-4a41-8eb8-021e151bd29f", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516530, "uuid": "ed419fc0-9e1d-4207-9d93-d19481c44cd0", "value": "768:m8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1wRQiwBeT:p/6A0q5HDR4oWBx3xrBx41z8QcK2i+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516530, "uuid": "7838d90c-ae21-4fb8-83c4-a0422afda55f", "value": 42496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516530, "uuid": "35322e97-6ae4-4193-924b-5e52071d504d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516530, "uuid": "cfe92cfa-fca5-470f-bc12-6962fc61f43a", "value": "2023-03-22_eebbb75c7c678ad6e46a3c23ff48686d_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "162cef71-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500579, "uuid": "cb636b0e-2d7b-45ea-b7a2-103c227a35e5", "comment": "Malware payload (SnakeKeylogger)", "value": "3b71521d0b2c2a08ef6f13250d5155cd", "object_relation": "md5", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500579, "uuid": "5b9ebac3-e39c-4c24-9e72-dcd7c55529ab", "comment": "Malware payload (SnakeKeylogger)", "value": "493486c4f573bb9e0d4aa1515ad6797b86caa054c009d814099846321a2233fb", "object_relation": "sha256", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500579, "uuid": "d8321542-4658-4994-95b8-ff98a34b7f08", "comment": "Malware payload (SnakeKeylogger)", "value": "efd0ee54e09b74c84df188c139acc38e6dcee507", "object_relation": "sha1", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500579, "uuid": "f6243a9c-bd2c-48f2-9b8d-9f95e093023b", "comment": "Malware payload (SnakeKeylogger)", "value": "2a8d68761e7ec262712b145b9492f2b39c27d8ab94dbefa5501b8ce93c567cf0dc92e3770a6533afd4cd50046bd6d305", "object_relation": "sha3-384", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500579, "uuid": "2f2fb1ad-0bc6-4694-99e0-bdfb05b76dc7", "value": "T1CE3412044AD5E163D8A31F749E722B161FA6B52502E88B1B07201FDF7E33212E55EBB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500579, "uuid": "a11c13b7-645a-4928-8e90-f291667df7ef", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500579, "uuid": "cc97cb1f-65f3-45c6-9d5f-39974a974786", "value": "6144:vYa6hM2irB0OHtRbe4uTIxSAuy7Tw3dITdyj4w:vYrmrBNLb5E/y3wNITdysw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500579, "uuid": "d26d9075-d6e7-4c1b-910b-5906b326637e", "value": 234593, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500579, "uuid": "5408f7ab-02f8-48e8-b679-6ea20ac2f9cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500579, "uuid": "1202f4f8-5112-49f5-a3c3-6740b5e4779e", "value": "payment remitted.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceba0cdb-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679474260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474260, "uuid": "be0378d3-c77e-45de-8884-2e7ab6e385e3", "comment": "Malware payload (Gozi)", "value": "97653330273d8047448ce5199af7d83f", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474260, "uuid": "14618e61-96ea-4a4d-ab61-f0ac8b650e82", "comment": "Malware payload (Gozi)", "value": "4a1ceb484536bd1fe3da65c76d7ec161d06190960e1623dfc89c444fa4b4fde0", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474260, "uuid": "d1844d7a-da60-4490-b613-93d4eb186175", "comment": "Malware payload (Gozi)", "value": "375d5849a8703165a6935074ae7925c27bdc01c6", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474260, "uuid": "756ed251-4e87-41d4-8633-5b99f03b2c20", "comment": "Malware payload (Gozi)", "value": "f5d8cb17ff18104f4d8f845aa1a9570181fdebff2442e7bc206c48d35a2491152d0c567399f8fe2e91390a2b0bb7a37c", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474260, "uuid": "dcd1e1a8-8310-4567-8405-2e388882ac70", "value": "T104748DC253E16C60E5124732FE2FC7F82A1EBCA19E557B6E1359AE3F08740A3D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474260, "uuid": "9fa1ae74-4057-4f65-b033-7522128e112d", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474260, "uuid": "6d62350f-2fc4-4ad4-bdd3-818860413336", "value": "3072:1zd4lngW/Yx4ujuaatQNb5AAQG/TuSn4G+btjGWHAoGAVQgwn0F:GvYLsC1MSv8xHGP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474260, "uuid": "beb179a6-c946-452d-81ae-95b1cea25561", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474260, "uuid": "4d5489dd-57bf-48a0-a7a8-7fa79bda863f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474260, "uuid": "bc6fa0c3-f65b-432d-a48c-c53781259063", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd44cde1-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679501826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501826, "uuid": "6c7c499a-f413-40e1-9a94-39fbbd4f61e1", "comment": "Malware payload (AgentTesla)", "value": "1a3469c5c9dd3211b0164c07e5894bed", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501826, "uuid": "c4b26d2a-309b-42c0-87aa-38a633664027", "comment": "Malware payload (AgentTesla)", "value": "4a3926d18955019e40b3c20c3b60f420f2e74542d0aa45073c1b7aca37f75b79", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501826, "uuid": "52c41fb4-2e61-4b61-bb72-6409da042b4c", "comment": "Malware payload (AgentTesla)", "value": "2674bfc1d85b0daaa7ee47b0f3346a6c9e52822f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501826, "uuid": "d6561197-d141-43d2-9d6e-b37a79938735", "comment": "Malware payload (AgentTesla)", "value": "507e070d29aa46c308a301172e1b9fb0ec0d7705b31997cb549df8d34ba53b32ce7608fe80e0fd557c1d276794e802b0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501826, "uuid": "c65fc725-6582-48bb-bd6b-b3f55aaa4efd", "value": "T1E7351213E685CD06C44287B57BA37998631EBC623BC6A2C72708770F6F79AF44A1750E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501826, "uuid": "542152cf-c2c2-4f2b-8b99-d6a551b39651", "value": "24576:xLKM6WQmmav30xR+MXU66y9+MXUw3bVj+MXUa3bVaINQci3Dmz:xLKMfQmmQ30j+MXac+MXL3bVj+MXt3bJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501826, "uuid": "2e377643-c029-4df2-a907-43c6d00e9044", "value": 1157120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501826, "uuid": "8330196e-e73b-48f0-8d41-53de5c118813", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501826, "uuid": "2309a9c7-91d4-4813-910a-c6dbbf650417", "value": "PurchaseOrde sample.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adc6ab76-c84a-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679445858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445858, "uuid": "0017d9db-e748-4794-976c-565644dcd296", "comment": "Malware payload (CoinMiner)", "value": "c81cde0265b8c5a66b5eaf5f7d5ac9aa", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445858, "uuid": "8041e241-2bf5-4469-a9cf-c6fb5c080326", "comment": "Malware payload (CoinMiner)", "value": "4a49f5cce550802239f4e18d4dec9bb2952190eada5e346bebe285690d803dac", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445858, "uuid": "c5ca016e-57da-45e1-90ec-115f606541b7", "comment": "Malware payload (CoinMiner)", "value": "212489b68f922ab2d96d9c634ad86cf6324f0cc8", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445858, "uuid": "2c4c2d6a-c64a-47e0-9877-ae2454e16015", "comment": "Malware payload (CoinMiner)", "value": "4212846e3a06463eaeac2d06c12d00aace10c21f4e25032a4427e1d21c1a141c0ffd4cb76065544616e33bd62623b0a1", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445858, "uuid": "97864932-2d80-451a-9701-11a1f373a250", "value": "T18853629C765072DFC86BC972DEA42CA4EA60B877530BD243E45316ED9A0D98BCF150F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445858, "uuid": "cf37d002-1fca-462a-a028-524d10e242ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445858, "uuid": "7431c3e3-0f2b-4e2c-ab5c-66eae666efe5", "value": "1536:/AStOLuCNRYELEcEASBMbE1VVAjMEzcsftw9T:/cBVDSBMbE1VVAjMEzcsfOZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679445858, "uuid": "9af91023-736a-46aa-a25c-72fbbe332eb5", "value": 64512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679445858, "uuid": "8e1175d4-17f5-43c8-b965-bf953b93f5a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445858, "uuid": "e27536e2-1ad3-440e-9519-ec21ed9df0aa", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc2b09e8-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679511622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511622, "uuid": "d1840865-0952-4155-985a-41eb20540e33", "comment": "Malware payload (SnakeKeylogger)", "value": "9939f79978ff3172fe4bf63263986032", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511622, "uuid": "2f4e41fe-3bf0-4dba-8b4c-7bc9ca02feea", "comment": "Malware payload (SnakeKeylogger)", "value": "4ab665d75bc525a7bb5cffb01c28943b70fb3d4c7aceaf8a9a1bdbf1f0c7277a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511622, "uuid": "fbd84897-4a25-43e1-a15e-addc8060a722", "comment": "Malware payload (SnakeKeylogger)", "value": "5948a545ecbdc073ebceb81aa1091b39ceefcf3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511622, "uuid": "37734bae-1822-4f6e-87b4-019e08b5449f", "comment": "Malware payload (SnakeKeylogger)", "value": "a63e552d9f7926c0293e6466ea791980d791c933d1c6ea3c488065681b677d7c365ceb7981ac34a4249467bc52c6a75a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511622, "uuid": "4fce74f2-44af-451d-b11b-44652e8844a7", "value": "T16E256ED1F190C89AE95B49F1AC2BA53025E7BE9D54B4810C569DBB1B36F3342209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511622, "uuid": "d082d91d-e115-4d12-8128-358feb5200b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511622, "uuid": "fe19fb16-2891-4a1d-915e-7654b57883fd", "value": "12288:zCIU4uknw2a0U1MMIJDeddybFnlDuBX5dA4Lcd:mIU4u0dMIJA8bFV4HW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511622, "uuid": "75a4bfe1-f9f3-4922-81fb-af3130dd60ec", "value": 1035264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511622, "uuid": "eb45342e-231c-4879-98e5-aca0b660eebe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511622, "uuid": "2aecd939-e99d-4725-bb8e-99a198ce370f", "value": "Ziraat Bankas\u0131 Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a33d7b0f-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466027, "uuid": "2cf0b802-87b8-4d81-9e9d-b7f82ec27e65", "comment": "Malware payload (RedLineStealer)", "value": "27065604e6f991ff9f4fd9ff50419993", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466027, "uuid": "5f589850-d00f-4b5d-880d-005b1899234b", "comment": "Malware payload (RedLineStealer)", "value": "4b2369f54e83b783cde8e4a42b61cf8387d9be02a96112b878dcf291cd6d7a54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466027, "uuid": "394ea0bb-830d-45b3-8273-40ffc6f93f8b", "comment": "Malware payload (RedLineStealer)", "value": "c48c7bfa51171123a23a8591d6fb6ddacd9278f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466027, "uuid": "85bbeab5-92f6-467f-8451-36057ff566a7", "comment": "Malware payload (RedLineStealer)", "value": "c54f30ff5c5a53ac3f8d57e4fe625839b699482d97950ab66e43d7192c641deb4c32635bfa71f08309dfc0a66c55a6bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466027, "uuid": "b7ef10fd-de1f-4668-ba48-d6db84d4dbdc", "value": "T1B51522039FEA5133D8760330A9FA17C70A393DB7897897AB274A641B1CB27985472377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466027, "uuid": "371774cd-1147-46fe-8fca-6b8b9a189153", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466027, "uuid": "2e6eb29d-5159-4f49-8826-74eb3c8cb15f", "value": "12288:yMrxy90+0lYl/Q5zi8inWzKWH6P6b7uXwMA8NoCAFdlFWfo9gRUAapUBXXqfoqX4:LyBVlH8hGB6vwoz92FraSBqfoGmwjed", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466027, "uuid": "582abfc8-04a4-4805-a7f0-9f0f381ce68b", "value": 928768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466027, "uuid": "ca9adb8b-a933-4315-ae09-47d6288513e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466027, "uuid": "a0a4b171-84e9-4380-8aa4-b00bbe984fe2", "value": "27065604e6f991ff9f4fd9ff50419993.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "addcceb3-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679486661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486661, "uuid": "101fe30a-a535-4dcd-94ea-b6a86ce370fa", "comment": "Malware payload (njrat)", "value": "e3f8da8e9022a6e9e77d7accbab2fc9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486661, "uuid": "ce60d7f2-6d63-4fb2-9cca-b5472acc15b1", "comment": "Malware payload (njrat)", "value": "4b54fe5466cde6d4b3082cd5809aa4741c5741ab3bf682c54dd6a07fba2241a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486661, "uuid": "4c9c1d0e-114c-4a08-adc4-2a17a171d4fd", "comment": "Malware payload (njrat)", "value": "5364ee7b5131f197bddc745cc2bacb48272c50a2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486661, "uuid": "c8c267e3-c286-4157-8abc-c9b13ce88a94", "comment": "Malware payload (njrat)", "value": "51e2df350c345e13dfe15e6c27241bcb64a15411ad01b55d158e08eb84c602d9a77a7f65e3cc16300ba87c0a3c5466e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486661, "uuid": "421b61cc-90d7-4562-9e81-27a00946b615", "value": "T1FDE2080A77A58115C6BC1AF88CB313210772E3478532EB6F5CDC88CA4B67AD44645EED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486661, "uuid": "9c730d4e-1a0b-4664-9ba7-30f8f3e05aac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486661, "uuid": "313673d0-e4d3-4b04-b63d-191c8c1deb67", "value": "384:M0bUe5XB4e0XXOVFggUBZIGNWTFtTUFQqzF/ObbZ:ZT9BueDggUBZIpFbZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486661, "uuid": "01ba4bea-dd6a-427b-8e9c-0b459bca9ba7", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486661, "uuid": "f43ab9fb-dd9d-4189-9116-03be1364dd8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486661, "uuid": "d612f8f2-092b-40c7-8eab-2390a3d52378", "value": "xyMxPOlHzrr7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "831499c2-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448793, "uuid": "1642a625-583d-4bbb-bed8-7b66415b76fb", "comment": "Malware payload (Rhadamanthys)", "value": "1dc54f7e2fe1e126dad15767658a1951", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448793, "uuid": "8f99cbbd-7544-41d4-bd99-6865314b2bad", "comment": "Malware payload (Rhadamanthys)", "value": "4bed42a91c0bea778b8cd2a60e68b8fb0982006a2640781f3fea2c81798fcca1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448793, "uuid": "0b704a88-bdb2-4299-bcfd-105b92f95d41", "comment": "Malware payload (Rhadamanthys)", "value": "1737399ab29d8a0d8c959ad70bd071ad2fcbfb9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448793, "uuid": "c42bd9af-2897-47c8-826a-659fe3ad7650", "comment": "Malware payload (Rhadamanthys)", "value": "525188fbefa4a7b7b86edbb15473de5b4c2275e8bd3484e6390ff017b9a3f76942b6336f7d8960be749864b2feb7bd8b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448793, "uuid": "1a18adc2-8b9e-4eab-83b3-3a4e7566f1f6", "value": "T18594091393A23C55EA258B739E1FC6F8B60DF6709F493BA632189E6B14702B3C163751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448793, "uuid": "f9ef0eb0-2db6-4185-b5e7-50d3ac7a9f68", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448793, "uuid": "31e62231-77f4-4b1f-ab21-d9f733129eea", "value": "6144:QnbPLRmEKfNxLXxLPCp0lVD5OUqc6PucWHogWq:KbP1mEANFXh0UqcNcWhW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448793, "uuid": "d048eeae-4a32-42c1-8b41-a3ef340e2d6c", "value": 429056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448793, "uuid": "97187516-e198-4330-870f-8d5dac1f93e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448793, "uuid": "a735f550-13a0-4006-9b93-8505464b3e70", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5b6c3ff-c8a7-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679485842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485842, "uuid": "6128ad12-2d29-4369-a759-386b7ccefda4", "comment": "Malware payload (RedLineStealer)", "value": "f47318f432edf154205e219d5db16e7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485842, "uuid": "cb77b6d5-5764-467d-a690-7ffa9ab68dbd", "comment": "Malware payload (RedLineStealer)", "value": "4c1bd159756d325a030c49d4b4de97fa9050d3cfc6dc30a3e4e12609a17c20ec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485842, "uuid": "f3f223ad-df62-4ca9-a4a4-c039621bc7c0", "comment": "Malware payload (RedLineStealer)", "value": "acf5a5740ae2c7f91ee22be6ebaa624ff4efcc55", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485842, "uuid": "c94824ce-50b6-429c-90cf-1642c131cc4c", "comment": "Malware payload (RedLineStealer)", "value": "fbce47cc47596aaef218232611d965fda895a1c29a159e28ee1b89c0da46f8355a1219987784ae28d281ca15f05c2111", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485842, "uuid": "7fa6c8b0-51e9-4371-aea8-548857a9f047", "value": "T108252202AAD54432CDB12B7159FA03E30E397D619978E39F6286F9180DB27E9A131377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485842, "uuid": "436155e1-faf6-44ff-b3d2-414a09702aac", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485842, "uuid": "37f5b9b7-c852-45c9-ab4d-614931021a56", "value": "24576:hyPZFQ/kWzyeXqElfaRfgayTp7oMzMNZFLZgsiDbAmoq:UPHQ4saREFTM/9ZghDbA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679485842, "uuid": "291f77de-ef07-44b5-8b88-1d3af20a0e26", "value": 1031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679485842, "uuid": "8d67558a-9a2d-48ca-916b-cd064496ea94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485842, "uuid": "687b6672-c51b-47ff-afd0-0c4e3064ef8a", "value": "f47318f432edf154205e219d5db16e7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9baa46a5-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447116, "uuid": "b1dd478f-72ae-4de2-9d21-597dec955d0c", "comment": "Malware payload (LaplasClipper)", "value": "66cb9bf8324c1de0e44b0f376b60ab1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "LaplasStealer", "colour": "#8F9F79", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447116, "uuid": "469b1912-20fe-476f-8a03-6215ed0f0fe5", "comment": "Malware payload (LaplasClipper)", "value": "4cacc59732f82d1c1f2d3b1c327981b23438f7f47aa326e4298bee763226e85e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "LaplasStealer", "colour": "#8F9F79", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447116, "uuid": "ec832866-71d9-4fad-aca2-e028f73edf15", "comment": "Malware payload (LaplasClipper)", "value": "59709e524dd2a2d589a9f548530bb5a682368a01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "LaplasStealer", "colour": "#8F9F79", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447116, "uuid": "3127946b-f3e1-4e3b-82c2-f47463ad517d", "comment": "Malware payload (LaplasClipper)", "value": "68e318d67a767ae99391df9977fdfc8e16445f7683c1d92b08eeec184c4c6f93968335d2dd1473760696971515787180", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "LaplasStealer", "colour": "#8F9F79", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447116, "uuid": "0d44c630-d50d-4fc0-b73b-7a717579b02f", "value": "T1E395F10383923C95EA658B73DE1EC6F8B60DB6708F4977A632289E6B15702B7C173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447116, "uuid": "e6b2b2ed-15f2-47ba-8ead-85b142b6b9e7", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447116, "uuid": "a201520d-d057-439f-806e-27210546a195", "value": "24576:GyekufYPXnljXYjIAu/pbifU4EvOAzfVz0dTMA8Ej06EvdxMnJlZXzk0PHDawz6f:G5gPl0CxObEWuIdITEj0XMnTZhLF6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447116, "uuid": "25e3cc6e-3245-4362-b0ee-8f550e794548", "value": 2030592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447116, "uuid": "cef2f7a7-d0eb-401f-85c5-53d37173f158", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447116, "uuid": "3245e020-15e0-4658-a348-9a95abffa142", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a104e3b9-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466023, "uuid": "db9b3124-e368-4644-bec1-21a382b83acc", "comment": "Malware payload (RedLineStealer)", "value": "db1f050432eeb17881296a753a58eb27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466023, "uuid": "1f920b5f-4de9-4982-ab44-7777c2ec1253", "comment": "Malware payload (RedLineStealer)", "value": "4d69ddf2554a918b19ee72c9c6f379ba63132a16df70f6f9d880c7cdca8cbd33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466023, "uuid": "a3813267-6948-426e-8441-368cafe3e3d5", "comment": "Malware payload (RedLineStealer)", "value": "b78e5b4447a27de0ae242afa9648943d56d2e80e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466023, "uuid": "730db499-f262-4091-aeb9-192487de929a", "comment": "Malware payload (RedLineStealer)", "value": "a25c1c749f220804349eb9572c984c2a4c20c97cf55b8945ca9c9ff552f67bbcc08b74552bbf716e34949587955f9f0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466023, "uuid": "bd75453f-f6ed-40c0-bea8-36090486e8c2", "value": "T1BD14C002E7E88872DDB527B058F603831B36BCA15D78836B3745995E1CB3690E83677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466023, "uuid": "4e950cf2-545f-439f-825c-f470f39939a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466023, "uuid": "ab32d06f-42da-4616-b231-faf6a25e825e", "value": "3072:Kmy+bnr+O1G5GWp1icKAArDZz4N9GhbkrNEk1YG0Eu8J50rcMgtsLoP:Kmy+bnr+pp0yN90QEshFkrcp+k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466023, "uuid": "35039324-13b9-4df7-a758-5c52a179ab6b", "value": 196608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466023, "uuid": "e5fffb27-149c-4f5c-a158-49c8ef7799f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466023, "uuid": "ab11b957-d7d7-467b-8960-fc289cc3c62b", "value": "db1f050432eeb17881296a753a58eb27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4d49e1d-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469036, "uuid": "c442ddaf-c1fd-42fa-953a-f070b4f23a42", "comment": "Malware payload (RedLineStealer)", "value": "66ebb8561252b057b1d19b5ea954e25b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469036, "uuid": "db8bf050-365d-4f71-b6a8-fb6b90b17da5", "comment": "Malware payload (RedLineStealer)", "value": "4dac8d86aec0eea55d47d0e56798178dd5ed996d96634da7fd260e06e57403c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469036, "uuid": "11dcbd1d-bf08-4c4f-a019-f2f2bcb94bfc", "comment": "Malware payload (RedLineStealer)", "value": "17d985b4ea55245a6dd952703f6ef10236f46d3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469036, "uuid": "4081ec7b-a656-4a91-92a5-48cf5ac9dfe7", "comment": "Malware payload (RedLineStealer)", "value": "11872daa9058e6b1eb75f0e9b79b93bf6988f2ec478e13bb2d983d9d3569db97c485f05ac49fd9b463261176a085bdf7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469036, "uuid": "0ef2db0a-f366-41a9-83b9-38bfd0d99221", "value": "T119C41217ABD49432D8B563710CF303D30A31BDA25AB4C32E3B4199598DB26D5A572B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469036, "uuid": "31629437-1b20-477a-a45a-57bce3576d74", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469036, "uuid": "88ac0893-668d-4fd8-a533-a9137a0161c3", "value": "12288:mMr6y90FAZL4zbo1r7asuq0zjsDFWfiHyl9sr3LJVJqO67:wyF4XAreLVoFWfiH29yLJVcOE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469036, "uuid": "97827f18-dcc0-40a0-b71c-3cb112f2009a", "value": 558592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469036, "uuid": "1ef1d767-152f-497e-8b51-4ccd6ff44776", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469036, "uuid": "5e2cfa0b-574d-413c-81c1-6a9eaa43be53", "value": "66ebb8561252b057b1d19b5ea954e25b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90a9fda6-c8a1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679483176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679483176, "uuid": "43c9227e-1863-4eca-82de-e0e8e2ee46a0", "comment": "Malware payload (Stealc)", "value": "48b1cef86ef420e72a084fcf34509919", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679483176, "uuid": "92a9d749-01d0-47ae-989d-270164064e38", "comment": "Malware payload (Stealc)", "value": "4decda3f59361e62bca26d6c7406c5e8217fd25249fb03843ec78ba0c09416c8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679483176, "uuid": "3f536b50-f0f7-4f5b-b63c-67dfb5e017b0", "comment": "Malware payload (Stealc)", "value": "b18651cbf87dc036c01d6b25ad318f4a8ec52c84", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679483176, "uuid": "06e1d43b-0857-44c2-aaf7-154877349058", "comment": "Malware payload (Stealc)", "value": "9053c6081621c9b703c28ab39a70964d38b85e57ff8dcc8a48887a234828e15d38d5102cfbfaecad9348a2f7c9985101", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679483176, "uuid": "01c0563a-fa7f-4d03-93b8-166d42c8b277", "value": "T110748DC253E16C60E5128732BE1FC7F86A1EFC609E557B6E2359AE3F08700A3D166719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679483176, "uuid": "a6f4ebc3-fbfd-457a-bc37-8b566d487b02", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679483176, "uuid": "fd5ddb76-23a5-4b85-8fb5-73dadf75b9f1", "value": "3072:pfZslTo+/si6juaGN0x3uAwzdVnt4jxMgAPn+ZH0KQrMUXYc6L3gwn0JV:KXs3oCqK9MNna0KQrXU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679483176, "uuid": "2e9c2699-24f4-412b-911b-65d46da5105a", "value": 369664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679483176, "uuid": "70def456-a007-4667-96ba-20e65ca2bc2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679483176, "uuid": "864c921b-742a-4b22-b38d-2fa21988f1fb", "value": "48b1cef86ef420e72a084fcf34509919", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7facdbb-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679480745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480745, "uuid": "e5f5a992-f2a3-4fbc-a4bc-805726497cbd", "comment": "Malware payload (RedLineStealer)", "value": "984c002914af0c0ef0175ae6e8e27ab0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480745, "uuid": "bde9d464-5c45-457c-8b00-464cd4effae7", "comment": "Malware payload (RedLineStealer)", "value": "4dfd4bc02fbcb9d2b11ba703c71ae3ea33a1036a16b1adc22fc64c2ebe69c216", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480745, "uuid": "2f6845ad-82c0-43be-a0f7-56329020ddee", "comment": "Malware payload (RedLineStealer)", "value": "3017d4b9080e494129cee932489ebbac88822b80", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480745, "uuid": "94bf8f14-cace-4462-9418-a1b2340a1a5a", "comment": "Malware payload (RedLineStealer)", "value": "d11444220fa9551d395aed55974c81c9ea3958f9cb86b6e23db9e9ce9288e7b2f03a7e6c4d2b02388407842cc4b82969", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480745, "uuid": "05aa7c26-80a8-4eb9-8d7d-cd84a618bcfd", "value": "T1D6252312D7D49137EC395B7298F702934F327D609874929B1A46BC9A09F2BC0B83677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480745, "uuid": "ec68ea08-4ede-46e6-ae54-e6dc2fcad83a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480745, "uuid": "1a130a5c-717f-4ba9-9d98-a2a924dedbf4", "value": "24576:SyJ6soLHPqTuibOM5msYxeXeIeWZ+2hKGROz:5wsoiJ6rsSgeWZ+2hBU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480745, "uuid": "972fb0f1-f2ea-41c4-9cec-7f1ff1bc8441", "value": 1031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480745, "uuid": "abeb2056-bee4-4f92-b757-999499ce2641", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480745, "uuid": "7a91c070-38cd-44ce-8473-6e39f8b726d5", "value": "4dfd4bc02fbcb9d2b11ba703c71ae3ea33a1036a16b1a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65c4228b-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679471937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471937, "uuid": "0a65210e-4d48-4781-9b32-9996d48f046d", "comment": "Malware payload (Kaiji)", "value": "63bf6ff04e8c8f3f296cc5a0cc266df6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471937, "uuid": "619823b1-7ea1-43a9-b232-63e3b6575ca9", "comment": "Malware payload (Kaiji)", "value": "4e681ace04c57dc4f649fa0fd407074171726f91c552757367655e329ec4840d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471937, "uuid": "bcaf6762-bff2-4614-b427-ef0e04c178ae", "comment": "Malware payload (Kaiji)", "value": "804585de2121fc41a26a9822adb2e5780f2b2ce1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471937, "uuid": "2e5a07b1-1d5f-48ab-81b5-1fce894b7ee6", "comment": "Malware payload (Kaiji)", "value": "a6894f494ce1fc29e15e81176de13dd730690facdb32049ae02fb5e7b7593f63f6d0ffe6abd89b6b1beb769c0cb6c702", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471937, "uuid": "bf3374ed-60ee-42ba-8246-8d5274523da7", "value": "T1AE56F805ACC82BA6C06D5B7485EACE6163B41D085AF14B362654FFD8BC762B4BF07C9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471937, "uuid": "76e7086d-121d-45e6-8df9-5bcc1dd15d93", "value": "24576:avocWXZYzv15eZ6kh9wZhZkvhKRuZBAPZJqh9xZH5xJloaRgkZzILs/1ppAp8ep9:KtztascbyLs+nwpZcG00mWU1I1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471937, "uuid": "f38bee41-013c-4668-b248-74bc54187672", "value": 5898240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471937, "uuid": "2608009b-7710-4830-b214-ceec805e1c60", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471937, "uuid": "2527b24e-09c9-410d-96bf-e564029ee782", "value": "63bf6ff04e8c8f3f296cc5a0cc266df6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8336543e-c867-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679458242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679458242, "uuid": "7cc2a530-d084-4fcb-a432-d17f91ae4d4e", "comment": "Malware payload", "value": "2b216732d4e5bf8afb6dfb3175b11615", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679458242, "uuid": "a3333b76-3dcc-4986-81bc-94fd4c1b5fa8", "comment": "Malware payload", "value": "4ea3e035a4fa39704fe40702fcc1e87ae78aafcaa679b879b6301c7f592e6578", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679458242, "uuid": "d35e27db-569b-4fa8-9207-fdcc0129ba75", "comment": "Malware payload", "value": "a5cfd7c165463bba318b96191aede322bb4fc986", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679458242, "uuid": "276f940b-391a-4820-8d4f-48bb8149acb6", "comment": "Malware payload", "value": "77a946c6374ea99b890b3c19ed8270734b944e503327d5acc01bc124f73a4b2042470b2b391abe59dc7bf7441d0f10bc", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679458242, "uuid": "19c11090-1c92-4fb5-b50b-00b1cbded014", "value": "T1B1862325E6878622C65D027BF529FF1E1535BF63073041E7B6F93D2E88F08C166B9A42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679458242, "uuid": "9b24aee1-59e3-4124-8e38-ac12d121d9f0", "value": "196608:0677XOiiQdcRvLOemSLxi3Nh10ZRHC23c:06ekdGXmHss", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679458242, "uuid": "e60c62f0-19c7-45de-b1e2-2cf25f34763e", "value": 8487424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679458242, "uuid": "c163a4bc-42dd-4ac2-a7cf-950aed1a6088", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679458242, "uuid": "c20b883a-24ce-439d-aeb1-9b337d3a5e08", "value": "z12A____o-Trabalhista.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9497b623-c891-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679476310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476310, "uuid": "c8a5cdb1-4b11-4876-906a-313bceb5c52d", "comment": "Malware payload (Loki)", "value": "f8907e4492367a471d4883b2bb07c2ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476310, "uuid": "0e321dfa-4c14-490d-af4c-ad1431d129e2", "comment": "Malware payload (Loki)", "value": "4ec2fd690c7b8eca3ef9a7a2624672f7ef09f75985922656ab588062ec1212ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476310, "uuid": "61a7b420-e0b0-4c9c-9ea9-2bb4a70b1f2c", "comment": "Malware payload (Loki)", "value": "eced4f9dd7e9dea0d6836753cc55042dac7b9aab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476310, "uuid": "745b94b8-8833-4aa4-9000-32b8da43b48a", "comment": "Malware payload (Loki)", "value": "f4f693eea79bfce2e9fdd3091dbc2f9ea9847b6e2fca1683b8260de40a8004653cdb649a12d1faa3e1a7a8b7e6aec06b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476310, "uuid": "4900d0fd-cd47-4569-8504-0dfb23130cef", "value": "T108C423517390E826C4A24F72DD53AA6ADBFF5B1055791A0327383EEFB333B820945729", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476310, "uuid": "8ecfed5e-b803-43ba-a771-9e26fd5abe9b", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476310, "uuid": "f08f1d1f-8689-4769-9032-d5027ef91e7c", "value": "12288:cqp+8Qve8l8/bB84fFVubbn8XfG0xTzLSS0/K779NKKc06Kux:48Ue8l86GFIbn8XppF58h06Kux", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679476310, "uuid": "072c251b-2694-4831-b0c4-e24a3392a9e3", "value": 567315, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679476310, "uuid": "ae817fc0-a1e7-424f-b0d4-f99d1a24aa49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476310, "uuid": "f50f71da-522b-4999-9a85-ab2dd5b5f0f9", "value": "Shipwrightry217.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "242e2d20-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679473545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473545, "uuid": "b3a0ca9b-44d9-400e-a9ae-ad3a3a779a76", "comment": "Malware payload (RedLineStealer)", "value": "325792c72b476d4c3e5461ee06adba86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473545, "uuid": "4117dc63-7b8d-456c-be59-4b8684251131", "comment": "Malware payload (RedLineStealer)", "value": "4ed6d8957853b7418ddd4e07ad4cc282b8f94cf2417c10f888d8bd5c41f28446", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473545, "uuid": "bba4fcf2-c905-420b-900a-a829d304867d", "comment": "Malware payload (RedLineStealer)", "value": "33a1bb8ad214e596891eadc0815492081a4d0f76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473545, "uuid": "0f60583e-7343-4ea6-80ce-edba7a059f2c", "comment": "Malware payload (RedLineStealer)", "value": "5fc721e2ec47b72badce5b5d915a38ae3419973c716c83f26a98324c0c32d6accfa2ca8606ab939e3a88d43d80d99759", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473545, "uuid": "1a16737a-c846-491d-88bc-0fd29aa3cb05", "value": "T110C41213E6D98577CCB627B048FA12D30B3BBCA19DB4432B234569990DB25E87936337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473545, "uuid": "81d134b2-ea6c-4eed-920e-72ead1b5cdbe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473545, "uuid": "874a14da-1ebf-4e58-9c65-70dd6ed8978f", "value": "12288:FMrgy90fvuvbfKGpB4OlhJDxhgMxYwGmVk1oYmU2e+pKSoAr:ByaOftlHDxYs+rmU2e+pKhAr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473545, "uuid": "7b182011-3a72-493e-90f4-5afc073387e1", "value": 549888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473545, "uuid": "f8dc56f1-2ace-442a-876c-cb520d48c7cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473545, "uuid": "c57b79df-081a-470a-9d09-a0b77d175074", "value": "325792c72b476d4c3e5461ee06adba86.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "464b5866-c8b3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679490782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490782, "uuid": "ab13c5a8-d21e-4e73-a546-5db6296cd457", "comment": "Malware payload (AgentTesla)", "value": "7b27f3ba2751b9eb00f4ff7bee50acae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490782, "uuid": "d3a82ede-1a34-423c-be93-c55333e1a874", "comment": "Malware payload (AgentTesla)", "value": "4f72f52545b73d039d37755b2f7c1aecea39abd72fa0dedf8081a03439406ab5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490782, "uuid": "52e2ccaf-cd8b-48dc-9dad-d80d7b6f40bf", "comment": "Malware payload (AgentTesla)", "value": "155b2977eb76171d1709c923df1f35b7e02b262c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490782, "uuid": "0ab6b5e4-9380-4c8f-aa1a-9f01ffbd8ef1", "comment": "Malware payload (AgentTesla)", "value": "3b3794a30b0397162d3af3b9bcb87608e94a0ce9cdd530d33fe2b7e3ae3adcb541e8b43cbd2160ca0507119c201be91f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490782, "uuid": "951b889b-1cf1-422b-8fdb-3fe0827954f1", "value": "T120056C1D7CA899E3D324D577DBE2C626B3639F467723C96924C213220E0E356ACCB15E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490782, "uuid": "8d937fb7-2673-468c-af84-e45092f4ef41", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490782, "uuid": "1d7c562a-3434-4d98-8431-c7ec886cf8b5", "value": "12288:tyLttx8pfCqPNSXAtOOlbwaIWy5yw2RmNSlE3H4NW7GrRyb9:3pfCWtbbwSDw23EX4NW7GrRyh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490782, "uuid": "2de8b765-8b0f-418b-91a7-0795449931f7", "value": 807424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490782, "uuid": "69d84229-f99b-4755-acff-3b7f5f52d7da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490782, "uuid": "bda60c41-1d1b-4627-956e-d11c8a479c6d", "value": "DHL Confirmation AWB200519089966.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35f62fba-c84e-11ed-88f6-42010a9c006e", "comment": "Malware payload (XWorm)", "timestamp": 1679447375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447375, "uuid": "69cb1cc9-19b5-45f6-8a40-b4bef330620c", "comment": "Malware payload (XWorm)", "value": "7d4e7449b76c34210100ea88c163c7fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447375, "uuid": "957cd5a8-cabf-4f33-99da-94a5e27f10ed", "comment": "Malware payload (XWorm)", "value": "4fc4ae98d231e2bf0b8d4ad5463d9d4f673c1d5d63dc98838cf14a61d64ce6e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447375, "uuid": "153e1938-ea8e-4929-924d-82da0f2ecbf5", "comment": "Malware payload (XWorm)", "value": "ef679b47eb42f162355e8772ceb25712dc7ec75e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447375, "uuid": "6263f76d-1fbf-461f-853d-6ab4a5ccc498", "comment": "Malware payload (XWorm)", "value": "fd0591886b9afb6582eb9f8149de28727b0851a833e72b258875678172ea610d22d5c5c21405ce2456e9769d37981b37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447375, "uuid": "d5d835cf-b68f-4bc2-b16d-3a26e34c6c3d", "value": "T14F22B81123EC0661E3BE07360F7A631186BAF90D9977AF6F1058FE9D3B225134A51B72", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447375, "uuid": "087ba1e0-39d4-41da-92ff-58588d7aaaf3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447375, "uuid": "5fcb148f-edb6-4d40-b3b8-dbc89f0991bf", "value": "192:qLH2ANdaLix1upSiP/VunlYJLLLTuzTVQLFjb5cqfM:qLH2ydaLiO3hPLTucTf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447375, "uuid": "86c5ed05-bec9-43ee-bbf6-34f1555214a4", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447375, "uuid": "f5173545-627b-4ad3-b49d-956127e51ce6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447375, "uuid": "c075ba91-94d6-4fa1-99dd-961f357e2fd6", "value": "XWormContent.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52871fb2-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500681, "uuid": "065529b9-eecc-42c0-8142-2704b5dfb175", "comment": "Malware payload (SnakeKeylogger)", "value": "5993095fff1db2fed20f1458dd91e477", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500681, "uuid": "2b8631ab-3796-489c-a81b-4fd2f14d8759", "comment": "Malware payload (SnakeKeylogger)", "value": "4fe8b6b91ef791d88f989d0dba6cdf1ab8ab20686c8ca74a6b234d6f3bfa0a39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500681, "uuid": "d47b675c-7756-4e55-9e8c-dd24609aa9e2", "comment": "Malware payload (SnakeKeylogger)", "value": "3b28deee70c83225ad8b97515e5042166b034d4e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500681, "uuid": "c5b60afb-693f-47a9-9873-74ae250cc8ae", "comment": "Malware payload (SnakeKeylogger)", "value": "31c0a37707c5752de1647b44f7486b68c5283c4cc0baef4febf7880a7cf5bdc343d3157e1447f5e0ea5b18ae0498680e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500681, "uuid": "4272802e-20b6-4d04-b245-f9513e4ebc28", "value": "T108D25C114B142EE3E61EB73228537B458B2CE0538997CB0F624D1C2C4EA27D9BA4777D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500681, "uuid": "a0d98d02-544b-45f6-a536-0c84e96a69b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500681, "uuid": "dbee3b4b-ef0f-4f98-a7fd-ed19b9c18652", "value": "384:fxByRbqlgJiavwYgf2geMLnaeogyu2YGq////////Vq4uhfJrs60SnGAsRTd/O:fx2YK43UgzOxhfr0WVu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500681, "uuid": "1811b0a0-9044-4109-90a9-372df63e103a", "value": 30720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500681, "uuid": "7da72514-c466-454b-8f99-afc328d5f8a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500681, "uuid": "2799b438-52d4-4163-a0d2-bc66a5e454cd", "value": "5993095fff1db2fed20f1458dd91e477.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9edc3817-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679466020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466020, "uuid": "2193dbb8-b01f-4633-84a5-217a9e36fb34", "comment": "Malware payload (Formbook)", "value": "2421d5bcf078bf77abf3759bb80695ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466020, "uuid": "abb2641c-f2a4-470c-b963-57bdb256afc2", "comment": "Malware payload (Formbook)", "value": "4fec09c02c8f80d1d158bfd9bc6e4adc5aa9891726901db4572843c405e2519d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466020, "uuid": "41d5d984-55e3-43fc-ada2-2893c1bc6367", "comment": "Malware payload (Formbook)", "value": "e13e6f03918cd4c2fa35cbe2dafcc7e352ce5b76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466020, "uuid": "eb5ee005-9fb4-4471-ad81-76c3c92c4750", "comment": "Malware payload (Formbook)", "value": "af76c2ca393431b63bc845bbf0991cdad22e1b8ca4b1cd06ec22aa4ba3b4b8b680d37a76dc132f54ccdcc600a6f0014e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466020, "uuid": "16a3d88b-e8a1-4db7-8cb1-066c5bf8390a", "value": "T1E6441229B3B0C077DE6357324D3F7516AAFD980224AE471F27A09BAE7721151DA0F362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466020, "uuid": "72f1878c-ae95-48f5-8a2d-baabf714173c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466020, "uuid": "76ac0a3c-c4bf-4b26-bcb1-e7d5d687e248", "value": "6144:/Ya6+VEijktZwms1W2iGcBm4AP0ur+EDAKMKebKAy7tdmLXjeq:/YoVJkLw16APx+EDAl/bKAktWqq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466020, "uuid": "efdfe4a1-66df-42a6-9a21-f979cdcf149a", "value": 255830, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466020, "uuid": "becfac61-df87-4599-b6b2-2928702a5a1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466020, "uuid": "e535dcfc-d574-4e0e-b8e7-f0032c06afa1", "value": "kkkke.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bedad14a-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501721, "uuid": "0b3e442e-2683-43b2-ab85-e29279e998e4", "comment": "Malware payload", "value": "d8622f223940c384dbb5358c5676fa5d", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501721, "uuid": "418d716a-e1c9-49ff-b790-a0d516c913e8", "comment": "Malware payload", "value": "5089dbdf6f210648feb61e17388900bac63988b29c4cf01e10fd736f2a7e8ce3", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501721, "uuid": "b2dfbe88-1f28-4701-a115-fc800c61e7ad", "comment": "Malware payload", "value": "f4c4dcadb581f04907e4b796a9b530420cc56807", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501721, "uuid": "d93ec225-e406-45d0-b578-43ff188a14b6", "comment": "Malware payload", "value": "fab46bce45d419073ec6dbc18b36df7dbd62e59c45f3541fb484e765a1ea8eabfc0a0065da1b79131447f4c6aa4325f2", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501721, "uuid": "9e1a6d5e-0209-49c5-9f3e-f35bebacf802", "value": "T1EFB3F12434DAC227E4C982F8DED1D5DF57207C03EE929A5BB2807B0F647D5A2E50BB16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501721, "uuid": "131298d5-b803-4b3c-acb6-7d23e3137b99", "value": "3072:HDpIFDw2q9RGASashLgrjGgKLIzFli7OB2zG:VIe7S10rjEIMA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501721, "uuid": "f29d59dd-9939-4ac5-9496-56ac8b35ce51", "value": 107520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501721, "uuid": "70f8857c-6869-48cd-9bbc-8c05c52de644", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501721, "uuid": "b3bef7fe-29d5-40f5-a278-a7103da1749b", "value": "Payment.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b29c319-c862-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679456028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679456028, "uuid": "5b948c8b-3da0-4975-87cd-ba7be74743b1", "comment": "Malware payload (RedLineStealer)", "value": "ea67001e32d630a7e4ac12d920fbf57c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679456028, "uuid": "f29ce9cd-2244-4e74-9691-e81320149608", "comment": "Malware payload (RedLineStealer)", "value": "508d8a7b7e277ce3582be62ca08997f1bd431b98e257e5369c16f08917a937ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679456028, "uuid": "3438285d-ab43-4487-91be-bb9bcb2f99e6", "comment": "Malware payload (RedLineStealer)", "value": "165e3f791c5bd495fcc60e66eddf56224029757e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679456028, "uuid": "fcc011f2-e72c-4a74-8254-9238563cc085", "comment": "Malware payload (RedLineStealer)", "value": "d5839c4c80e84bee851d1ed03136dfb135682a90d4e2fe324d04d33e95a84ae847b7e7b7b2e2243f790898ad2f251941", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679456028, "uuid": "6bd14955-f01e-49a3-b211-f632cec83114", "value": "T111444C3A4AE18457F51CC23C5CE471F4470581B7B7A8F1CD2AC4B4EB7CA19E396B6A0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679456028, "uuid": "7f807b21-89e4-4993-94d1-18977c8ff5f4", "value": "cf1b6413c528ef7f498e62f16d8472be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679456028, "uuid": "ab906d7f-f9ca-4e15-bb59-ce0a8c08bd28", "value": "3072:d5HM3QnAMZyL0bbCLlmj1fcTuoVXuWrgQq5dbxPmX/mYnJsT7R6HqZNRM1t/G4L7:oAng0b8mj1fcTuoeWrsvdPmvmLG7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679456028, "uuid": "f9b45c55-c373-4271-b0bf-8341820e2bca", "value": 264784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679456028, "uuid": "c4c6dc8c-0214-4348-843e-8dc57b71d8e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679456028, "uuid": "759b8088-03e5-4a10-b85f-470c7258446d", "value": "en_xachinaproject_fun.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d722e9a9-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (SystemBC)", "timestamp": 1679500474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500474, "uuid": "57072242-dad5-4f9b-b82b-26c83e1e79c2", "comment": "Malware payload (SystemBC)", "value": "36317e75e7e6b397e3601a6f57d47869", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500474, "uuid": "cbc86ac5-4ef3-43ef-9ccd-55d32a42a1eb", "comment": "Malware payload (SystemBC)", "value": "50d803405e13a8749bbbc53185cc4e3d104ab2dd1d85e3c4c375a95697908ba1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500474, "uuid": "250f93aa-49a2-4bee-a42c-e270aeb2a144", "comment": "Malware payload (SystemBC)", "value": "ef352460956ae1daddedd9bb5cc6a3e82eaa9f84", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500474, "uuid": "b73d51ef-30a6-4c1f-b501-3e865a056c68", "comment": "Malware payload (SystemBC)", "value": "f6fdbdc9e73cec192d307fcfac8d174abd3d83cde08ba8076b03fa6ab714ed0ac8d6084806f278e33c0d17a541333eb3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500474, "uuid": "c29747a8-dfff-4c30-a3b8-2ca2e34c115a", "value": "T1DCA4CF523E93C0B3D28100326E66877B9FB9F5652724E1C3B7EE4460AF61E92E739345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500474, "uuid": "9beaa719-41db-46b9-96fc-b269cdc12788", "value": "862ce0ec68439a837266e9c0bd164293", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500474, "uuid": "c6861b28-6807-4f5a-8546-5dac0611bffc", "value": "6144:bU8mdthp2dsUmpiBXCAbiklSV1vGw5dTB6HQo4+HqEV2XlicY26C1:ep2OMCAmDVUw5d4nqEc20", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500474, "uuid": "edadea6a-1f97-41fc-a5e6-3b6a2006a79e", "value": 475632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500474, "uuid": "48827a62-ed28-403d-a8f5-62f362ff3ff2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500474, "uuid": "6819fdd0-1fdf-445c-bab2-9027a00d1a92", "value": "36317e75e7e6b397e3601a6f57d47869.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d49acee9-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520656, "uuid": "e40bf044-aec7-4483-81c4-a5d7cbe5d9b2", "comment": "Malware payload (Gafgyt)", "value": "583be4d033c3f7b0e957950d467af808", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520656, "uuid": "c8db66b1-5a38-4d1c-9101-bd59d0021ebd", "comment": "Malware payload (Gafgyt)", "value": "5190f56bd05cd64ee033cab258854dfdde869c53fbe07a55a79b131b22cd02d9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520656, "uuid": "09bca23a-688e-4ee0-ab3a-4ecf274d5fe9", "comment": "Malware payload (Gafgyt)", "value": "a886ed436fb1f4f90fa9aef8ee78217bf5b86fdf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520656, "uuid": "63f7877e-cdfc-4539-a461-6b547ca51060", "comment": "Malware payload (Gafgyt)", "value": "bac487303cb32a2b47d792427d6fa81691fe8a3760cd4b27d8d3f3e8247c0aa1e3c31e8068f81451f980d90d6ef35e88", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520656, "uuid": "7aaf445f-6234-4661-b755-c960e907058f", "value": "T1F8E38366BB619EB7D80FCE7309A64501118CDD4642D93FAFB2A0E51CE76B84F08E3E54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520656, "uuid": "020a8070-c646-4ae1-8855-a4911149b4a2", "value": "1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytVXpLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PfltgImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520656, "uuid": "c5a2bf36-73bd-4a1b-aa55-20dfb6062c27", "value": 152201, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520656, "uuid": "5ba15469-698b-4014-a64c-40da8ea3ac0b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520656, "uuid": "0867311d-1adc-4db4-8c81-fcf7cbf61d57", "value": "583be4d033c3f7b0e957950d467af808", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dae6f4b2-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520666, "uuid": "6af6d92d-cb0d-4f79-952b-9a61c63a1c8a", "comment": "Malware payload (Gafgyt)", "value": "b349a3a611014e406741c3aa8320055a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520666, "uuid": "2d5d67c9-0b5c-43d6-af27-aee7367eddd4", "comment": "Malware payload (Gafgyt)", "value": "521cc5404a70afcfcdb43a4a8e66b4761514d8303df2e9395732c417073b9ef2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520666, "uuid": "4f96459c-3fcd-4f37-9fed-9e32840cc68f", "comment": "Malware payload (Gafgyt)", "value": "38cfc68db54251fa4da7bc5efe8fc416fea7c1be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520666, "uuid": "58128b34-5046-4f2e-95d5-c1e7ed5679aa", "comment": "Malware payload (Gafgyt)", "value": "14fad8630206235fe7668dfc710429d45f77f029e2718b48ff9164f7e35363734e59ec0e20e607c07b1db38cc9842ab1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520666, "uuid": "4922fb12-f425-4329-afaa-697528a2981c", "value": "T128E3866E3E21ABBEE16886310BF76F70C39529D636A19342E16CF7185EB124C1C5F760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520666, "uuid": "12387556-8dd8-4147-8460-3f1708f0d7d2", "value": "1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hW:vY01ZkXAQT4NX9//ImlWs4zWfOodW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520666, "uuid": "aa37f0b7-fd0f-4e54-aaf0-1071d38f063c", "value": 152121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520666, "uuid": "f1c49838-447c-4d55-bfc5-86f4f07c3a43", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520666, "uuid": "8eef2181-6f5a-4a65-b509-049f9fd4d1d6", "value": "b349a3a611014e406741c3aa8320055a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8cc97ed-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679501738, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501738, "uuid": "8ca8c6bf-2517-4952-bf96-f95735c05d50", "comment": "Malware payload (SnakeKeylogger)", "value": "e8d2be2eb0c5a04efd2ab5bba849a041", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501738, "uuid": "833525df-0210-4690-b0fe-7a79dc23c36b", "comment": "Malware payload (SnakeKeylogger)", "value": "535e47975d611764a2cd0f0d450311c80171c96b632abd73fe48666874139ba7", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501738, "uuid": "8fed6c6c-1b3e-41bd-97a2-80bdc9c7ad06", "comment": "Malware payload (SnakeKeylogger)", "value": "0231819387d9069e963be41d2518284c7c6864ab", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501738, "uuid": "7dd09b49-3e61-4d51-b9a0-e245e8376f4a", "comment": "Malware payload (SnakeKeylogger)", "value": "57c4513ec996a086c4469a6fba0f04afc1bd067f7ff2fe83d5cb26db45163c04fdcac6333af79932d39e2f1bc2199011", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501738, "uuid": "f0e678d2-3369-460b-a588-4c7eab09254b", "value": "T1B8350213F9C45D4AD44247F56AE37998132EBC623BD6A2C72748B70F5FB86E08A4311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501738, "uuid": "dcadaef0-323c-4421-a49f-a3196cddb010", "value": "24576:+LKVWQmmav30xT+MXUu9/eE+MXUu9L3bVL+MXUu943bVFYBX4Q6XrFMQyW:+LKUQmmQ30J+MXV97+MXV9L3bVL+MXV3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501738, "uuid": "7cee3560-324a-4649-b3ef-1014e6bf273b", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501738, "uuid": "7d81d8c2-1d43-4f5f-8c0c-c99932078ead", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501738, "uuid": "e48461f3-60eb-4065-a0cd-8c74954fb548", "value": "PO_A0189-RAV1-20230.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7836a71-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679500850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500850, "uuid": "38175310-9cb8-4945-96a9-888031d04eed", "comment": "Malware payload (RedLineStealer)", "value": "c9a275fb0b505de9b4f071aafcc51d9d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500850, "uuid": "f68dfe79-1772-46b7-b182-03d2746b0734", "comment": "Malware payload (RedLineStealer)", "value": "538d62f313723ed18a1bfb1de13e8ec1e5125c5f07158ce0db4361c2591b46aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500850, "uuid": "63542fc0-234e-4a8d-a748-32de8f6b595f", "comment": "Malware payload (RedLineStealer)", "value": "bf6a4d7a0a33d952874e31b2c6ebe720cdff52dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500850, "uuid": "6f627fa9-3eec-4c2e-b716-8746d5f3bbf9", "comment": "Malware payload (RedLineStealer)", "value": "de9c6cecef521d2f140d8cf1eba898ae3ff9cea1236e28a0c713c35fc4eade5d6914c9863ce3d6dbd6ec8a41389d7a7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500850, "uuid": "28783631-8649-4e62-933d-0fe0014fce0a", "value": "T14EC41242FBDE9072D8B51B7068FA42631637BDA15E38971F2B01D69D2C72A949C3133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500850, "uuid": "01e906ff-2ed0-4adb-80b1-38dde93d308b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500850, "uuid": "eb61d338-981d-4949-ae43-fae196100057", "value": "12288:qMrYy908O6crLJ9i6rGlsbB4/oqD7t/7Mgm:2ybO6ci6osqlDe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500850, "uuid": "af121218-e6b9-4f3e-b9ae-ac343d7dfe14", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500850, "uuid": "33b31c3d-a3f2-4a24-80a8-ba1fa3af50b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500850, "uuid": "d57b1c2d-cad0-4f6d-8a2e-58a1d82a82dd", "value": "c9a275fb0b505de9b4f071aafcc51d9d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8aa8b528-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501634, "uuid": "6f70516f-a43f-438e-99f6-c39ea7cd5ee1", "comment": "Malware payload (Heodo)", "value": "49a307bb3ccce451737f2d6ba035efcf", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501634, "uuid": "2939f0ab-4753-4807-aa38-9a114aa912e2", "comment": "Malware payload (Heodo)", "value": "53a0177376a77a326faff38d768c0e373120e558b72719340ff557ce28034567", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501634, "uuid": "e9810fcb-fbdb-4641-925e-cbb93d8d8c8a", "comment": "Malware payload (Heodo)", "value": "7b2c5658f14b2999d4d2de3108a1ffeb04f0d899", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501634, "uuid": "a295c759-000f-43b7-8ce6-90e3dc0a6a4c", "comment": "Malware payload (Heodo)", "value": "1315139fc6cf98c37a4b47637fc44ded3868b2ec61fa821b02eec011bb5fe7e04137fa8db3ac385cbe61d3779abeb4f7", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501634, "uuid": "fb138fe0-c72f-459e-8d5e-ea967e24e325", "value": "T17534C3026352CE1FC79101302D0BBFF5A72DEC946B6F8192B954F2A82D7ED56F329584", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501634, "uuid": "49088a6f-0145-49cc-b1ee-bd619e498e92", "value": "3072:3C4JpR+K9y3LtqjsW5rQWm65BxPiP0wjEwRzpswUSkCI1ev2+6ssXR:nD7435u5aWmyBxK3MCI1ev2+6V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501634, "uuid": "08f3a343-3d90-4940-9d20-d6ddc9551b26", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501634, "uuid": "4befbe64-d24e-49c9-b8ff-9a8ebcacf1a5", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501634, "uuid": "20727aa8-456e-492d-a9f7-3720c1347ece", "value": "OG259431307915205_202303220812.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7032e3f-c8ae-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679488904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488904, "uuid": "4c0b65b7-1c22-4178-93bb-5b11cdebe423", "comment": "Malware payload (Gozi)", "value": "72d3165bec2032972336aa6e3fa5fbfb", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488904, "uuid": "74e312b7-2f30-4ed0-b0a9-fe5f082c2a37", "comment": "Malware payload (Gozi)", "value": "541a131186c7861caf0517567d8c6208f2f95712b637a488ac6fbbfe7756efdc", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488904, "uuid": "e8a457fc-3f73-42f2-a07f-ea79a628c4b2", "comment": "Malware payload (Gozi)", "value": "76005704232b27e2dbdd14df990b204e90e0cf81", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488904, "uuid": "8e190f19-2b25-413e-8c70-a68fbe09aeb7", "comment": "Malware payload (Gozi)", "value": "aeaaa011ae5e37a2d1b4ca2814c60a762520d46d2fcf1a00722aa8eb36e300fcd98ee0cfd96fccf74e3637db52f61d1c", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488904, "uuid": "0f6055fc-7025-4a10-b6d3-7b25a1c0b4af", "value": "T192745C0293E37C20EE1246328E1EC7F46A1EFC619E5B7B6A234DFE2F09741A1D156716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488904, "uuid": "b4cc8061-91d8-47ba-b382-3814793b7688", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488904, "uuid": "c04d487f-4b9e-436c-8f66-e1b2b7b12b48", "value": "3072:i+VtlxQDPB9j4Y9pHYl/hH9F2xC0JY7UY0mHIy6LKFWVNcGcJJaJJ:hKJ9xEX2xaWmYLKMN+JJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488904, "uuid": "d5834905-7978-4442-b76a-1c0e3cb05c72", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488904, "uuid": "f326c9d1-7f45-4412-b742-68d1139ed4bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488904, "uuid": "28f7f657-83f9-45e8-b23e-6a26191422a9", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b852a487-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679480665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480665, "uuid": "215754d4-d7d9-4466-b172-90632734da60", "comment": "Malware payload (Quakbot)", "value": "8c2d3b61553a572bd03162313831813d", "object_relation": "md5", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480665, "uuid": "16434faa-457c-4000-9144-8a9d8407941e", "comment": "Malware payload (Quakbot)", "value": "543e518af60fc33a9e66aa0df9458d0ec0e61e7476ea1744f384f8e509ad2adc", "object_relation": "sha256", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480665, "uuid": "9c123dbb-a5bb-46c2-b410-5ec8a9f5fabc", "comment": "Malware payload (Quakbot)", "value": "63b1b8e13daccbef0198a3ce3a86a7ffb7fbfdb1", "object_relation": "sha1", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480665, "uuid": "66f9b2df-f68d-4aee-ae18-d046e287f5e8", "comment": "Malware payload (Quakbot)", "value": "6f22a5b0a6525bfcb52fd23ce90cc5ce0f01a0506ceb9df2ce9740c9f91cf9e0caf5226d6f6f32861128dc6ca999c0f5", "object_relation": "sha3-384", "Tag": [ { "name": "1679411795", "colour": "#82EBC5", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480665, "uuid": "8848d54e-89ac-4f04-a071-8a707f715004", "value": "T1B64375605E5211303B0BBA6B551DA891963806230644FEA3FD5EB2A5EFCECDCD1F89F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480665, "uuid": "be654315-a391-44ec-8c43-2d4f66637658", "value": "768:cBkuoSV50laWD7M+ESHgqvw9SiAkWvbpBscChU9ashN/zQMHbAjUZwQWtCf1mG:9u/VAaWD7MsZIcCShJznH6QWG1mG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480665, "uuid": "282c715b-1340-46c1-9a0c-a927e26422f5", "value": 60461, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480665, "uuid": "e0fbba47-feb9-4ef1-8972-ccd86d3cce3f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480665, "uuid": "f4aec182-17ce-488a-a59f-57c5a7d2ca66", "value": "oica.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e99bfc73-c84c-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679446818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446818, "uuid": "056d44b6-2181-42fa-ac55-7afa91669b24", "comment": "Malware payload (njrat)", "value": "d292e38ae9448135ff757d8023d2c10b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446818, "uuid": "bdf56438-ee95-4572-ace6-3a0cc4895c6d", "comment": "Malware payload (njrat)", "value": "5453d518a08515c4f08ebb09601a925f6164e22db494ce1785e70f00d61f8589", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446818, "uuid": "015dd4ce-3bb8-471e-bcf1-95c883910d90", "comment": "Malware payload (njrat)", "value": "a5590dcdcf4bab86ac15234bf83957c7d828bcfb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446818, "uuid": "a331caec-a758-4863-9395-0c4fabb1cd7b", "comment": "Malware payload (njrat)", "value": "5a6ed10843b8ef664027351c64742dcba18cec5713ce8961baf7e0d4d97203469e20de1f9cb7b890bc60cc88fdfdc830", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446818, "uuid": "55a79b6e-2e8b-47c4-a0ac-3cffe6b2d820", "value": "T18A032B4D7BE18568C5FE067B06B2E41207BAE04B6D13DD0E8EF264DA37636818F50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446818, "uuid": "447f063e-ec80-46ee-8d8f-7cd408c05b0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446818, "uuid": "8ad297df-5c0c-4177-9203-c327c935d83b", "value": "384:8wS6yikt2zIuMXY1uyZD71qwkfFoseyHDrAF+rMRTyN/0L+EcoinblneHQM3epzP:zoY1lN7Qwk21yjrM+rMRa8NuTrt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446818, "uuid": "4b08b9e8-a67d-4065-9f7e-5f8cf6021676", "value": 38400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446818, "uuid": "784ec477-d523-425b-92a5-247243d983a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446818, "uuid": "e6d20013-3e90-41bf-9de6-768bcd15213a", "value": "TEST BANK ACCOUNT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e1ce8e6-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679446933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446933, "uuid": "3e754065-4763-4ab3-b440-a2290e37d490", "comment": "Malware payload (RedLineStealer)", "value": "f36fc76ed965ebb71a8e6aa614e9825c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446933, "uuid": "6500b33a-560e-46a6-8dfe-565e1f32f5dc", "comment": "Malware payload (RedLineStealer)", "value": "5479d13fd63b35f2a27885b13c3fd3272981bf3f198df6a3d127389da2492fb6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446933, "uuid": "e16bfafb-7ab1-428d-8b45-f7bec59fb90b", "comment": "Malware payload (RedLineStealer)", "value": "7d649a04e678e52a25b8c9bb9b671ef67ef3486c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446933, "uuid": "82234f2a-769c-4441-be7a-8f3ee90a6605", "comment": "Malware payload (RedLineStealer)", "value": "91d4ca3732e9745e84cad34708f4b37cb9c60a402dfa713df9915e188ac5d6d4857f1929d56b8d4ddf632ed8112d1906", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446933, "uuid": "a585e7f2-233e-4a37-8fe3-513496670ab5", "value": "T18B352326B7E98472EC7817B058FE03870A2BFEB4893087BF2B457A564D326C5643175B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446933, "uuid": "132d09e9-00ae-4ead-99db-6110dfe541a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446933, "uuid": "4e1505d2-d60e-45ea-9a38-ff4ae0f97854", "value": "24576:5ylfYXhXUadXtcwdPtL9tEZ1tzN4IEpAx:slYxJNVPtL9tEPtR4IkA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446933, "uuid": "6a1f1df0-14df-4d3a-908b-6fb6bfdb0e19", "value": 1115648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446933, "uuid": "d2c6bbcd-2d00-476e-bb53-6a8d6ba21b58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446933, "uuid": "15cddadd-0717-4cdd-843e-d0718e1a17a4", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33cbc082-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516521, "uuid": "7248970c-edb6-47d8-adae-11afdbbc14c7", "comment": "Malware payload", "value": "003ce1ff8d0e801f149e9afc2e1b94f8", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516521, "uuid": "23946b88-8288-4c4c-88b3-4e74a8e03395", "comment": "Malware payload", "value": "548ec9b3d264d1d3b9c98a7f3b3680d3d63f706d910469ce7c1f8a244fbfc5a5", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516521, "uuid": "52c62e81-2715-4b4b-a3e8-332d803a565f", "comment": "Malware payload", "value": "c6a6eca2a1b3fe1cc1e930fa56e2033c753560dd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516521, "uuid": "67c0fd2f-793f-4e12-957a-5e627d615e0a", "comment": "Malware payload", "value": "88d486b9009cb98ff5f2ae5e0d1a97b67ffd29e1dcebeefd5c522e4e01610dc5bb04aef6ca01e8d5bd98f8f26f97329a", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516521, "uuid": "d6ec1d93-0029-4aef-9c97-669277c0ef00", "value": "T169438C46ABF11832F5B30B31A47848A9DFBEBC216432D59FCB900D5D1970E55CA39B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516521, "uuid": "84cedd81-5c5e-4748-a8de-8a9c0485ee73", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516521, "uuid": "5721a297-4be3-45ab-86b8-f81ee6806267", "value": "1536:c/6A0q5HDR4oWBx3xrBx41z8QcMeWSDBPrxZaw8i+RS:a6G5HOoWBx3xrBx41z8QcMXSRxZp8/I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516521, "uuid": "723232fd-9059-41b6-b66a-1dc77976744b", "value": 57856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516521, "uuid": "08d5288c-43e7-441c-9e59-ab9fa60f2727", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516521, "uuid": "9a4c83d1-dc3c-4fc1-a1c8-8abbb110c9f9", "value": "2023-03-22_003ce1ff8d0e801f149e9afc2e1b94f8_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3366ecd-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679512493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512493, "uuid": "8015da41-6a3b-42ca-a5a9-bd04c734e2e8", "comment": "Malware payload (AgentTesla)", "value": "d3e0294706526840f2155147b7e648f2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512493, "uuid": "2266adc5-c038-43bb-b661-5c36319d7a0c", "comment": "Malware payload (AgentTesla)", "value": "54d2d443952347ccc724a8f39806ff9fca252511b2fca91e2fd6c9998612ed32", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512493, "uuid": "f32fb019-2f6b-4e48-b3d7-e537b3f2d237", "comment": "Malware payload (AgentTesla)", "value": "381fe16ef161eb56f2b73a2698074305a7ab9700", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512493, "uuid": "94135bcb-eac3-44e3-b2ab-392d898e22e6", "comment": "Malware payload (AgentTesla)", "value": "c46fce1e2fe24cc8266868435db69d95941e5892e4e1b5bd24090ef91481820370653d32a317e8061dd6dc8c9a53a455", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512493, "uuid": "465d588a-efc4-44d2-a365-c1a95b24da9f", "value": "T14915022937B65B46D2F85BFC50B2914007B66F7A2623EF4C1EC230CE1937B5C9A52A53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512493, "uuid": "850b4873-2b99-45e0-90f7-c60ef62b90c6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512493, "uuid": "3d2ecb7b-aaba-4092-be53-9c566e96d842", "value": "12288:6cbJUwXIW7bv5MzHmq/ochqgDjarJody8FnAwvj3MiIqhZCzl06/TgTU4GqYG:XXIWPxUHqImrJod9FAw73IGZql06MFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512493, "uuid": "1a6d6348-740a-4a58-995f-8a7a29aebaf7", "value": 931328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512493, "uuid": "3fc2b90a-f58e-414f-87ff-222b18254fac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512493, "uuid": "06ce8d23-496c-4ed6-bab7-e0ee937d46a4", "value": "d3e0294706526840f2155147b7e648f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f49254b-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446102, "uuid": "dbe054dc-1189-46c8-9c9f-e4b24de6a9e2", "comment": "Malware payload (Smoke Loader)", "value": "6e55c4116140d02727de79e1e6cf4c18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446102, "uuid": "8248d0fc-9609-4822-99e9-fdae3d050a62", "comment": "Malware payload (Smoke Loader)", "value": "54f9f3858ff04f5b81cdb40ea77f8397e789f4f6c5b40a010545ae72b1ab85a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446102, "uuid": "f7d49c4e-de84-450b-aa68-576a71623176", "comment": "Malware payload (Smoke Loader)", "value": "6a0fe3c96d6a70dfd2e8e9b7bcb1797aa91c1ce0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446102, "uuid": "08807852-2953-42cc-84a1-700f9b104e4e", "comment": "Malware payload (Smoke Loader)", "value": "24bfb9484ffe9076d84f33cb54605a2cc2718777a434e5ad40aa999a91bb8200a332da8f5694d51d7854744f065056c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446102, "uuid": "e8d56817-1a39-4db6-9394-857d9f75703f", "value": "T11B74C80383A23C55EA258B739E1FC6F8B61DF6709F497BA63219DA5B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446102, "uuid": "bdc43eeb-6b7c-4489-8143-4d025f429c69", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446102, "uuid": "14f12d63-6e4f-49c5-bd75-8ef2e7dacb74", "value": "3072:pjhcq76+n+C3VjSwqY5LPnyLy1mg4YXdVkzPgGN6oYim9vmQaOSi5cyWOd7msNRV:RKq/9S7Y5LPn+ABRGd/yvmjyWUM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446102, "uuid": "78d190b9-9198-4a23-bab0-856357883909", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446102, "uuid": "186e29e5-8132-47c9-8042-812ed8917b33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446102, "uuid": "ac820846-2761-417b-8c44-d942a6feff08", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15d0007a-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679512175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512175, "uuid": "f8702541-b474-4a6e-83d2-a1cb0ba6d84a", "comment": "Malware payload (LaplasClipper)", "value": "406a0e14b6569ebc5f1086801e043fe1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512175, "uuid": "ca9a44d4-25e1-40de-b927-ba311b25aa17", "comment": "Malware payload (LaplasClipper)", "value": "5502d7c1c81714b998f594e523274a828d919f69dc08bffde5fe118918a8f43b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512175, "uuid": "8dbc9d4e-ba77-4d13-9951-3604e4e33cfd", "comment": "Malware payload (LaplasClipper)", "value": "b15c199f31dcddcd37f10f143b62f2ff998324c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512175, "uuid": "ef051e82-511c-498a-b51b-1e20c08a1202", "comment": "Malware payload (LaplasClipper)", "value": "6046ea859acf8c2a5462eab62b867e79e441b841d2d52463c66fd9ae893f51835101f176c1ca710333702324e9fa9e0b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512175, "uuid": "f894d8e7-a0b3-4dec-a16f-2ea81448df6c", "value": "T14895231341A0B9A6FBAF85768E0FC2EC776EF9304F4897573218163E2C741F6A126751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512175, "uuid": "6baed9ff-2728-4a86-8bf9-3fbb85bf02dc", "value": "86f73ba4a5b0bd6d0633bc10b0ac18f2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512175, "uuid": "e6d27ec6-4659-4417-bcdd-013707573493", "value": "49152:VJGty7g6F2SKtEjjbgitUonmkXhDbl0nXj5:VJzpF2SKtEjfBUChTm5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512175, "uuid": "1e64bc58-f75f-4dc5-981e-dc2e16254bb1", "value": 1900032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512175, "uuid": "63fc7866-0af2-4c5c-89a0-8106b265b939", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512175, "uuid": "ccf3c7f5-5cf6-4e22-b014-d44e7b39221d", "value": "406a0e14b6569ebc5f1086801e043fe1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8a232c6-c8bd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679495242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495242, "uuid": "ad720c7a-2226-4d59-b131-ab4414a52c11", "comment": "Malware payload (Gozi)", "value": "00a7ff9f66455f3fd0b1ae9a89568c83", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495242, "uuid": "a7ae7fee-db7a-42fd-afe6-120b85e916c9", "comment": "Malware payload (Gozi)", "value": "55f2027f0bc97eb90355209216c8d870d9d08f5c8eda5afbb7f9142abde2ed2c", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495242, "uuid": "07409c88-9fcb-491d-8b26-7e1207e77335", "comment": "Malware payload (Gozi)", "value": "fc54c77eb68acbcaf5c1ec2f42cab371f7c669c2", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495242, "uuid": "2f218add-f40f-4229-9ff7-c281dd9bc9e9", "comment": "Malware payload (Gozi)", "value": "e3f072db0fa0c608df882196d06d4493ed2b653887c8ec94e3e9f134bee72761889e390eaae555822f5a9eb37b92fe21", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495242, "uuid": "6f094c8d-a55d-48ea-87bd-eaec9fc5f7ea", "value": "T198745C0253E36C20EF124632CE1EC7F4661EFCA19D5B7B9A264DFA2F09B41A1D163716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495242, "uuid": "ab801d20-5291-4c42-b2ea-47e2bb90a329", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495242, "uuid": "75b8a3ec-66f0-4a13-8aee-dad1407729ff", "value": "3072:fL8obPjt6x20ZN+OjmnDYyLphftNPL0qDWEFYhLlgsr/PJlDiXEgaTtmUowJJ:3CFyVlLiEehC2leEgaTtmUo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495242, "uuid": "e449fe3a-d255-4b90-8c2d-7d9df5fa0882", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495242, "uuid": "1a42f907-d397-4e1e-b2ff-0a5e15363751", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495242, "uuid": "2f213ef1-7e05-4ddd-b854-3d2efdfc216a", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "620cd822-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469353, "uuid": "2213cfdf-decd-43d4-80fa-1a47ba571b54", "comment": "Malware payload (RedLineStealer)", "value": "ff6b172be4941c011db0b7d474ae3a28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469353, "uuid": "b0297137-7c9c-4970-9283-355be583ba39", "comment": "Malware payload (RedLineStealer)", "value": "5626b155f8cb5bcd815c0659fa803dd42a293f4d1bf7da3af182067efe0b9e72", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469353, "uuid": "6e0df5c8-417d-4af5-ab82-8c2cc735efa8", "comment": "Malware payload (RedLineStealer)", "value": "851112d85894bdde8bfe2f5ac7d72ffc60188473", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469353, "uuid": "2401e843-537e-4200-b411-bda6bf9044f7", "comment": "Malware payload (RedLineStealer)", "value": "4946cfa04a3115810ecd3dc7761db7e2489deaa0ca35e6be4abb80a57dd7e1aeaa1c9f2b320ec6b3b97466be33e24985", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469353, "uuid": "b7816ff8-a3e2-49d5-ace7-7905bfe9c6f6", "value": "T176C41257FBD84532E8712BB09CF606970737BCA29974832B2B04995A4CB3AC5653633F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469353, "uuid": "6c163d48-0181-498b-b5ab-c35122a1cd93", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469353, "uuid": "83775c73-964d-4c22-87d0-8225c6cbe6b2", "value": "12288:HMrKy904/B/Pw0K2DvBuzeoXFdhYRFWYggydlHKFZK4EIe2s:py//Po2DBuzTPhwFWYggilqi4EIe2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469353, "uuid": "a95f407d-f0c1-4c38-911f-40d78cc5aaad", "value": 558080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469353, "uuid": "d9685b13-8b4a-42dc-b9f3-2bcece6a8389", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469353, "uuid": "eb342613-8953-4da0-bf95-3cbb5c7fdf2f", "value": "ff6b172be4941c011db0b7d474ae3a28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fd39501-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469350, "uuid": "0500c622-c7ad-4633-9888-e8b7f3e5d9f8", "comment": "Malware payload (RedLineStealer)", "value": "1af0a886d082f1b1917f76937973890d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469350, "uuid": "5925f63d-0954-4da9-a423-bd596129dff4", "comment": "Malware payload (RedLineStealer)", "value": "56f23d3d24c158230d92ac311c9843cd51152a47c3623a114bcfd13b3bd12fca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469350, "uuid": "c03918d6-ce68-4be9-ba82-ad8bc23e7690", "comment": "Malware payload (RedLineStealer)", "value": "cf202149fc7958daa3998b006775e8d715ee100f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469350, "uuid": "001c9992-8d27-4b64-9066-e58c9fccf437", "comment": "Malware payload (RedLineStealer)", "value": "e7b146527f27aa463aa1dc04f48805836b0e0aeb989d1eeb7d2bbad187f9b151109473fce345336ff6693100d5c48b64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469350, "uuid": "421552c7-92bf-43ae-bdbd-60a6357500bc", "value": "T129352343A7CD8013DCB55B7498FA03830B35BCA08AB9971F67D968694EB3580F534B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469350, "uuid": "2bd1f755-8440-469a-89b6-4f1b5988cfd9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469350, "uuid": "289db03c-2a49-4ec9-aac8-1a53c48242b6", "value": "24576:OytJ7gsS0BdCZhy7lqfjIeo4CPtwh3xFBMZ/7+YNv:dO0B97LLz6wZD+C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469350, "uuid": "2210921a-a059-41f0-a8f6-3b7a56aadcb7", "value": 1116672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469350, "uuid": "c355620f-5613-4d06-8042-ecb44705ada9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469350, "uuid": "7e91616e-de34-4547-9a00-33bf6c5e5118", "value": "1af0a886d082f1b1917f76937973890d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fd8a9db-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679486503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486503, "uuid": "2fbbe7b2-143a-4d2a-a29d-8352506699e7", "comment": "Malware payload (SnakeKeylogger)", "value": "f0a9dbad9445a470266572a4f8f139a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486503, "uuid": "cf1e0a7a-be98-4eb6-bece-361c29de153a", "comment": "Malware payload (SnakeKeylogger)", "value": "571a662f9f434bfede9e6c79294bfd87fa23e7f93918e4824590b961f5b10d85", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486503, "uuid": "ba8c79d8-484e-49fb-bf57-2db2f824d4b2", "comment": "Malware payload (SnakeKeylogger)", "value": "a573d6a4f07a6a3555482752fe6328eb320ac096", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486503, "uuid": "68e1e744-f578-434e-b7a5-3c03dffbd5c6", "comment": "Malware payload (SnakeKeylogger)", "value": "d78031901ec5afcd004b6b96720bffa3bec2b72b63c6be8784280e307988862625bc0d8ae09015a56e622e7a080d3d03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486503, "uuid": "1f892a00-94ce-4232-b79b-213859d68595", "value": "T14EF40206B2E6E721C1D8D6B59492852503BBA39F263BEB063DC41AC91A76FC41F03F57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486503, "uuid": "a92de60d-215f-4b94-8468-bb36e6e5427e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486503, "uuid": "4b0cd0c4-2003-4144-9938-e51ecfb787f9", "value": "12288:dsoWFWvKUv/4H5nshgBk9lrcTE5qUVu7bRdqfHNZ1/85SqYpe1Bo2gMMMDMMM:pW4Cqm5EgB0EE5qUVuXCL1/vpomMMMDg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486503, "uuid": "00c34907-9c47-4ef9-bc0b-6360c58309ab", "value": 757760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486503, "uuid": "a2029faf-019e-44cd-9336-cdc8becab455", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486503, "uuid": "5c03fd82-a63a-4218-8d92-b3b6d9363475", "value": "57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5d64f67-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511692, "uuid": "c665d05e-f0af-4edf-8f40-0f6aa0bb3b2e", "comment": "Malware payload (AgentTesla)", "value": "c1c91e8643a6d65d7a228ae95262737b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511692, "uuid": "f5a51133-f253-4b18-8b1c-ca852a8baeef", "comment": "Malware payload (AgentTesla)", "value": "572cff30e2206bea4616dfe3ff3dcf490728492fd22f5b52a2caf54d8dfef82b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511692, "uuid": "025c36d6-a5f0-4c9f-8f6f-758970742df3", "comment": "Malware payload (AgentTesla)", "value": "5373d071c4efbc92bb844bf2a50983fa46620092", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511692, "uuid": "94cdb4df-d90f-4327-97ff-0cd85a8794e0", "comment": "Malware payload (AgentTesla)", "value": "a5ec585c09f990b6f2c81c0756c307b9efbc7f70a46e700be350c33b0ed99f290b4867d68225e10385a74a83483dffad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511692, "uuid": "017343c1-4b62-431d-822e-b1a28eb3f8de", "value": "T15B051207F2E6DB63C69D55BE48E2811003BBA31B2767F7C52DC0509AAE93BD40B1578B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511692, "uuid": "744457e6-f92c-4604-b8ac-ffcd6759e47a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511692, "uuid": "5ee8d512-e13f-48b6-82ea-7abc9c833fac", "value": "12288:O0CS9eM71FJkICyqrY9RrgdIq5MIp5jW5zG36epb+1l/:oQ1zkdK6LppW5s6m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511692, "uuid": "c816cf4a-0ad1-4763-8892-ff0334aca2a9", "value": 846848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511692, "uuid": "3855d9b1-a280-4228-abb7-3869de08e02f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511692, "uuid": "acc1cb53-c69b-45bf-a088-87509f091f4c", "value": "dhl-1465666436....pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b7c8933-c876-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679464537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464537, "uuid": "91178c3f-846e-48a7-a85a-60548e16bb16", "comment": "Malware payload (AgentTesla)", "value": "779e24418ee65db182549953deb70603", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464537, "uuid": "b0ffea5e-797a-489e-85fa-bceb95625b36", "comment": "Malware payload (AgentTesla)", "value": "572ec19886610c8095c79149cd6868df458f37e3dca298eb1299d6848559bf19", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464537, "uuid": "17590e40-f29f-40c3-9d97-057d9c396154", "comment": "Malware payload (AgentTesla)", "value": "2724efa456c324f96b3a7b9025d9b8580fe5363b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464537, "uuid": "f56b2b20-3c62-43a0-9d51-ff0ab0de8226", "comment": "Malware payload (AgentTesla)", "value": "f261f3c0497be559d2361f9bbd7e36eb863e21a29d0bc47cfe145cf6028c7cd4dab04dc81499431e46a1f105a0901dd3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464537, "uuid": "f648868d-3f27-4a7c-b600-c567355180d2", "value": "T1F6150A3859616E11F429C334C690E46E6D93AFD7ABA24F1F97867D0CBA394C2348F09D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464537, "uuid": "cdd09f82-eccf-408a-9a91-6a983bda4063", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464537, "uuid": "cf3da2ef-4b6d-4098-ab42-eb44bae22391", "value": "12288:ThozMjiev3ZzevL7UgvDxgNGSD7QK30miXl5I:dhPZzejJrxMM+iXlu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679464537, "uuid": "e0275e25-1b6e-4f7a-a714-c56ccf690149", "value": 896512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679464537, "uuid": "8a9689d9-e170-49e8-bcf3-515bd010ac86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464537, "uuid": "d60e0373-c216-4d01-842f-eea2f4e90eff", "value": "Invoice Overdue_C0809-H03.xls.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fd3029b-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679447955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447955, "uuid": "9dff3e82-c7bf-4741-ad3f-a744f5749b65", "comment": "Malware payload (RedLineStealer)", "value": "c2fda4c852307e96c088f6b60ca51545", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447955, "uuid": "0b6a810a-b3f5-449f-9404-de7daf829f62", "comment": "Malware payload (RedLineStealer)", "value": "579285a7c91bf6a498ce1524f63720920faa17caa0c41b5f4230aca75aca7009", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447955, "uuid": "29b6feea-f4e1-4317-a7c2-2a63c604bb91", "comment": "Malware payload (RedLineStealer)", "value": "363363289d3c65e5ae941a26ec7bb326ab50094e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447955, "uuid": "e2768771-2524-4c4b-82d1-27e52c8d0d7b", "comment": "Malware payload (RedLineStealer)", "value": "b4fdd79448f4be912c01632671e203ef793ba13f412d7cee76de9eccf017b955c8b21ecdb90952a91d6a653dfbbb6742", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447955, "uuid": "cc636c82-401e-46ce-86f1-f3a81b36bed5", "value": "T1FE55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447955, "uuid": "27f4e9c6-14f7-4704-bc91-686cbc1786aa", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447955, "uuid": "e0c82ff7-4783-4e25-977b-775ccddd7378", "value": "24576:QnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:mC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447955, "uuid": "e735fc5b-d95e-4d7e-929e-33215234d109", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447955, "uuid": "cb366293-d099-4805-bcf4-c5f6c63ac05d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447955, "uuid": "6131dc4c-f704-4254-b700-ea3fb7639a49", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97eb6567-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472880, "uuid": "1b5ae19f-012a-4cb5-9837-6fc671691eb4", "comment": "Malware payload (Mirai)", "value": "add1e80a129800be03e4350a3b20e020", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472880, "uuid": "80bbec21-3b5e-4e2c-b3c9-bde9aa8249d1", "comment": "Malware payload (Mirai)", "value": "58025b860a35a6c0ab26d0c48958d34738f03e5b76bb1dad1b8d90c4f30731ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472880, "uuid": "6d17d30c-a014-4a1a-ab9f-343a7d7bd68b", "comment": "Malware payload (Mirai)", "value": "b466c939aad0c1ce711d0c4fc91e3f71aa8d7ac0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472880, "uuid": "11511794-2438-4dc6-8f0c-8d9201fc33f6", "comment": "Malware payload (Mirai)", "value": "0872acb932df0b58a08d6a0d742a11b456341dd918d2fd68ecbb94ea616116e01bb07aa2b4d61432ab430384e00f6508", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472880, "uuid": "f23c64f0-d4cd-4298-9e55-a9117fa4ae8a", "value": "T187F320215966E217C4E7FFADEFE6769693ADF2474E89820374E0104E4EF4D58602F8C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472880, "uuid": "09142f79-3252-4681-b91a-c37d98d2b062", "value": "1536:CmyqoAJbBdlgSd7ZtQZYM5QFatQERPF8KQTiMy0MI:CmZRaZY8QVERPF8KQTiMy9I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472880, "uuid": "7f59ec24-76c9-4782-a6f1-c68921af0edd", "value": 168908, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472880, "uuid": "65c396bc-7333-4e3b-b3cb-4b02ba722727", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472880, "uuid": "1e7eb693-d6cf-40b5-9f8d-a932bef44445", "value": "add1e80a129800be03e4350a3b20e020", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23f56f50-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679512199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512199, "uuid": "2b7d2c5f-33d4-41d5-b648-a99135be7e3e", "comment": "Malware payload (AgentTesla)", "value": "39217fce59ada2cc3926c211be37e30a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512199, "uuid": "82259e64-81f2-4608-a55b-c5e28ea9e401", "comment": "Malware payload (AgentTesla)", "value": "58c82c6759d1284e35311a76db2c5c81db938ac0722ab97ee5c56ac75caefe13", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512199, "uuid": "39e0ec28-ce21-4d08-862f-85eb53f4c884", "comment": "Malware payload (AgentTesla)", "value": "184b3f8c58f9fdad5426b5146ba1775143b7f05c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512199, "uuid": "009b23e9-5068-4426-af42-f5b5d2ac58e4", "comment": "Malware payload (AgentTesla)", "value": "4b6a2f5b4dd5c4517e16b538945fdfe4dc9965b2caab9f2b755c472f8f647f644a80a2d4d91d77d9e927a338e32e432b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512199, "uuid": "6fd43587-bc68-42e5-b164-aaae082fd29c", "value": "T1D6052206728B9B63DC3D0AF5852232941370FB255A03DBEE2DE295DCDAE2BC1570176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512199, "uuid": "6ef883e6-91ba-4942-a0e6-e3fa046c2ead", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512199, "uuid": "46a1352e-c2e1-48f7-b538-6062819b39d6", "value": "12288:QacUqY+x5cfO6XUNZczdZXJ1ZHNzznEreD1/m2NJfGUa2Vgc4SMJMNoAuz3Sd0WB:H3dE8XH5as1+2NJta26IMmNume", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512199, "uuid": "3d03da70-e496-4a20-95ec-b903d298bd21", "value": 841728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512199, "uuid": "b71787ab-24fe-4b47-836d-3e0dd4ff64ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512199, "uuid": "49c710e8-91f5-4452-96aa-a82bcb0ad95a", "value": "39217fce59ada2cc3926c211be37e30a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91a41533-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511524, "uuid": "fdfd5045-bc0c-48a6-a0e2-c61ae18df362", "comment": "Malware payload (AgentTesla)", "value": "3433d737fcad22c067c633c9405bf207", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511524, "uuid": "46625763-74cc-45cf-8dcc-e64332485daa", "comment": "Malware payload (AgentTesla)", "value": "599150d2aa3876bf95fcfbf1a8467f52781caff71ab9e09659f4c4120e34c027", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511524, "uuid": "7f3a08ef-c899-45bf-b9c5-5be7585c7f45", "comment": "Malware payload (AgentTesla)", "value": "e69846da2c2202ce25fdc0473bcbd33f14c3ca69", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511524, "uuid": "658881dc-35cd-4eb2-afa1-5911357ecdf2", "comment": "Malware payload (AgentTesla)", "value": "297beaf2c8d92a37da6e28150029d22b7475a7466a3d9505351cf50ad678382a9ac8d2e30bf1de2a6aebfd807ccd25b9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511524, "uuid": "7d3b532b-df29-43bb-baca-7379d1185b72", "value": "T119358ED1F190C89AE96B0AF1AD2BA53021E3BE9D54A4C10C559D7B1B76F3342209FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511524, "uuid": "1353a666-5ea8-46a3-aa49-7c8ef6883d6d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511524, "uuid": "a39895d3-458e-466f-89e7-bb981aad2162", "value": "12288:slah27V07cjiCUVj72TF4ukVpatiumZCZmpSA978+vTjH9c:WmMLUVH2TF3kVotiumZCZySA9TW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511524, "uuid": "d3c9dbaa-af76-40a1-bc43-392525ae779b", "value": 1076736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511524, "uuid": "8d9ef088-c1c8-4d80-b459-63f2f4c88db2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511524, "uuid": "da03b4b9-8b3e-413c-bda2-dc9f01845209", "value": "yeni sipari\u015f111.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39366593-c89d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679481311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481311, "uuid": "2607e852-b731-4d1f-b431-26ad7673036c", "comment": "Malware payload (Gozi)", "value": "e14ce4c0a68cfec0a9fafd24508a0319", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481311, "uuid": "004cef84-9afe-4c0a-88c2-c67d7483bc55", "comment": "Malware payload (Gozi)", "value": "599955669f11878d82c9a589193a8a849dd8ac6e8a5e3d6c7ef8147ae0538868", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481311, "uuid": "643f346b-0577-4b4b-8709-75b3c39d38e8", "comment": "Malware payload (Gozi)", "value": "f4a70cd3afe7574ec5277a708ecbc8d1d86ad7bf", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481311, "uuid": "5eb102fd-187f-4326-9b81-c3df8657f539", "comment": "Malware payload (Gozi)", "value": "971c488713ef48dda28d9b81783323d55b87005873c13b19cccedcce5a0b6ec0db07ff526f5a904877c9a72354b13471", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481311, "uuid": "6788a493-f87e-48c9-902b-000c7ec19ee0", "value": "T1E1F055BCC61A253BFECB79BD65853B10287CC74F285826136C7FB9280805BCE9616303", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481311, "uuid": "3c248a62-19e7-4b1b-a06c-af24cecaab77", "value": "12:5jD9RIzM/OmI/Pv4ocbsAuJNrQqSZHMo0uE4Cw8WIiNWhNbV1EB1P9:9D9RIzM3I/X4ocAApqSZn0uE4l8WIwo4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481311, "uuid": "561b817c-45c9-49f3-bef8-c7c8f49f7b04", "value": 521, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481311, "uuid": "00b0808d-177b-4858-93cd-23e203bbb429", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481311, "uuid": "4f6e473b-b555-4192-b223-de256b20720b", "value": "Organizzazione783.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7753b139-c905-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679526083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526083, "uuid": "809adec3-093c-4ec0-a179-865180c3329f", "comment": "Malware payload", "value": "00539a669280db2e0ad9698545726156", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526083, "uuid": "ad7fd3ce-310f-4247-b296-9da7274b7270", "comment": "Malware payload", "value": "59d0992382ba2953514858b563ede4cbb4015af18494539bfb9be2d47a0c2270", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526083, "uuid": "cbd45c7b-5f37-4f76-8dcc-347bb0f5824b", "comment": "Malware payload", "value": "ec0cbbd1772173fc2ead1fe8e75b5bd20afc2a79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526083, "uuid": "3e2da0c0-cbe3-4838-a6e9-b097da0de245", "comment": "Malware payload", "value": "e2ce85de459d158b4b2fd06da42cc9da0ce8790502dd96d3885421d0c33780693e02cebc60e534cbb6c42c013f24c4c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526083, "uuid": "6a1df276-8242-4b34-b3d4-e27b5bc2fafa", "value": "T1B4A5331A95A978B5F2F1F3F4A914C91BDF31B8631B352C18719D138F9EB6241C42E34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526083, "uuid": "2aa4d35e-24d1-4d4f-af74-0b388ca0b5cc", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526083, "uuid": "fbc51882-66c3-4815-b79d-0dd62e6e21da", "value": "49152:EGlJfsEgZXIrjCQHNEefbwASqeg7MxVrUlVE1x6N/5dlLYp:5/gVUpfbwrqIxpN1EhPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679526083, "uuid": "be564865-03e2-4efb-805f-7351db026fbe", "value": 2182069, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679526083, "uuid": "ece6b812-b83f-47bb-97e1-058847c5f1cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526083, "uuid": "ad58c5fd-84f7-47f2-965c-cabeb114f298", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11a5c200-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679481674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481674, "uuid": "259718bb-66bf-41fd-8896-75a6e160f351", "comment": "Malware payload (Mekotio)", "value": "705298ff98e0751cd8fa1fa450eccba7", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481674, "uuid": "9fce3b95-4581-412a-b807-ac631c3e7906", "comment": "Malware payload (Mekotio)", "value": "5a483777d50aa99475eaf2fc2035ea6d7d31166217016d46dbed2f1b7e3708a9", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481674, "uuid": "85586d41-f0c6-48d4-b2d5-54345e79163a", "comment": "Malware payload (Mekotio)", "value": "7b77ef58690e48d1ae6cd03c38c8fd3da880307f", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481674, "uuid": "6e8e24c2-fe15-4344-aa6b-708cea335c43", "comment": "Malware payload (Mekotio)", "value": "2bc125b24b4dbf59a4c733f5fe754d4b9fb9f88d663a90bca7fac016fdea1d6a63084b7d3b0bb242a670c06246511086", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481674, "uuid": "8bb6e1a3-d9b0-44fb-abc9-480ea9d8700b", "value": "T1083633C29ADDF37EC9353AE2BB87CB5D3571A67E2E06379257232E2B83250121874117", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481674, "uuid": "14ccc102-c6ce-4a95-9270-78d939cdfccb", "value": "98304:XTvfbOHdm+TrGMUmyZpryMfRM6d1Yo9gu+4waO99RoVd72fuoIoL4/arzGSqgwGM:XTHbOHdm+23xM6Mo9jEaO9gd2GroLqge", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481674, "uuid": "03f9ec5d-b7dd-4d96-834d-95ef58155d22", "value": 5216176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481674, "uuid": "18f529eb-cd2b-4f83-bf0d-04040a64ae66", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481674, "uuid": "5bddb6b6-c7fa-4e4a-906a-1bc122a300a8", "value": "ID-FACT.1679481390.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34b814e5-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679480444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480444, "uuid": "c361628c-8fb8-4e98-8893-740d7918a41e", "comment": "Malware payload (RedLineStealer)", "value": "e404de5823801451f7a84057a34fb5f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480444, "uuid": "4b3cde2f-9fbf-4a77-9e18-bfd6acc8dd91", "comment": "Malware payload (RedLineStealer)", "value": "5a98d0067bf196e87c6eaef2c47e595aabb29839fc807e177c083edb737fadad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480444, "uuid": "bc2a5c0c-03ec-4b8e-a62a-cae6432bc5e8", "comment": "Malware payload (RedLineStealer)", "value": "5b6d331ce47eabd35708fa986db08f0159f79770", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480444, "uuid": "db4e9107-b513-4ad0-a66e-43f051ff5d83", "comment": "Malware payload (RedLineStealer)", "value": "9329abb5d4b29193727de95e5b12b826aabcc90e8ab535b98c4cb644030e88bc2eae38bd5dadffa8b01f26f298d8b6ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480444, "uuid": "946e298f-bc04-4fbc-a18b-1d2e521814d7", "value": "T1302523A3ABDD5537D9B147B068F612831F3C7CA28D7863EB2391A8960C722919473737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480444, "uuid": "126a1edb-502a-4198-9624-b63bedc5e452", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480444, "uuid": "1b205d77-53b5-4a46-87fe-06a20e2c2d41", "value": "24576:KyTkEDclqgYKAHXyBbOht3XcJMyUMmxa/ntSI9b8Bg:RTqlqgYKAHX2qt/jMm8F8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480444, "uuid": "10a03eb5-4467-41f0-9771-414f333a30a8", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480444, "uuid": "ed0f56f7-930e-4577-9050-e2478da14954", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480444, "uuid": "6733642f-d28c-41cb-b459-b1a70220fa2d", "value": "e404de5823801451f7a84057a34fb5f9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aaaf29ef-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679512425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512425, "uuid": "b356fd02-2c69-4199-b83f-e87beb1d1d4d", "comment": "Malware payload (GCleaner)", "value": "2ed3738fc99a3438a6f953a317fd00c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512425, "uuid": "7c856b4d-d5a1-4400-ad74-a65bc9777910", "comment": "Malware payload (GCleaner)", "value": "5ab2cc3237c2857bc3943ded65eeea7cc88bd1dcfbb170e8069def2ca54e46ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512425, "uuid": "c34c1443-ec19-4935-8699-4ef20a9f2a2d", "comment": "Malware payload (GCleaner)", "value": "ece3ef5cbb78802613273df3f3b226c39d2ac7c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512425, "uuid": "15d4f36a-cca8-4ca8-b00f-4891f9793e4a", "comment": "Malware payload (GCleaner)", "value": "18d6c89793c4c6fc73b0a80ce3a94812ffdf13611401cabcd520d453737152193dd434f5bba03ad7bd8e6f28e5139bb3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512425, "uuid": "9819f9c6-5ed4-4268-b208-2b52bf3ee21a", "value": "T1CFA533039FC90CB2F4B176B1AD299E448673FFE3083C2B98599D555E5E3CB968913B02", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512425, "uuid": "b3554f7e-6eff-4572-9ed5-db5d44832900", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512425, "uuid": "5a598ad6-8905-4766-8ab1-78b3d68cc688", "value": "49152:EGlJfs2YQmXbs2nOFx4AFZzBO0M881PA/XW/cBm5dlLYp:5GQ6g5Ey3o8wE9BsPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512425, "uuid": "07a5cf9e-3519-4bf5-951e-3d3fa51dae0b", "value": 2154138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512425, "uuid": "0723f536-d1b6-4f05-80cb-5e127d2ab50b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512425, "uuid": "37576408-274a-437b-907b-a7517a3596e1", "value": "2ed3738fc99a3438a6f953a317fd00c8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c3c0837-c8ad-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679488322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488322, "uuid": "ad1deb76-53b0-49ba-b49e-3db168b904ce", "comment": "Malware payload (AgentTesla)", "value": "7988bf43a540208ef6c9231183732875", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488322, "uuid": "cc457ab0-94d5-4de9-b138-b97b03c38bb6", "comment": "Malware payload (AgentTesla)", "value": "5b8ea5f56d68898aaebc5f302bdc6d61a708456ebc2188c675d5b64038d4dd9d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488322, "uuid": "3fb88200-525f-42da-8cbd-13a314ce8efc", "comment": "Malware payload (AgentTesla)", "value": "f112d4c787c206c7c342d39f87ea6dd675675c52", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488322, "uuid": "185b5f0e-9470-4159-9382-16bec6a489d4", "comment": "Malware payload (AgentTesla)", "value": "df06d45de6aa52e3ea6515e8aa28d009b8e5455b1f982309d739c7fd9e401fd68847986debdde06f4c0aebbaeb0c25fa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488322, "uuid": "5b946824-de01-4bd8-80e4-6f4f8b6f6421", "value": "T10905120672E6DB6AC11C1BFAD8D5562043BBA38B2233E35A2DC815D56F277E44F11B83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488322, "uuid": "fd07d4cb-a773-4709-b0bb-7b3196108d88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488322, "uuid": "0c878450-91af-4ac4-9b42-5671c7b147bc", "value": "12288:mHv89P3ffNCSR4sOWV1HUuR8KHVChIrOAp1HsqdOuVK8lodtNnPFWg4UhP:7/9dPbV91RohTg1HNOggHNP8aP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488322, "uuid": "5d3f2401-be2e-4f6b-bd8c-a3d3b680a51f", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488322, "uuid": "71ee220c-b34f-417b-9a6d-8779e1364491", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488322, "uuid": "fe31c3dc-57c6-4f88-bcb2-fd4da22624af", "value": "2023 MODEL SPECIFICATION.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0745ed3b-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500554, "uuid": "f74bab9d-5399-44ad-9cc1-da91b991cc87", "comment": "Malware payload (SnakeKeylogger)", "value": "0bbcf233b7fbf4a9a6fe3a08bf2f6f61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500554, "uuid": "8f9cd4c5-4de9-4add-8ee4-7a26dc151a40", "comment": "Malware payload (SnakeKeylogger)", "value": "5d0111c7a6f285a4a74a2f504e73ec97e5f6538487e694f2297f429a3d34dcec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500554, "uuid": "e1faed90-12cd-49c2-a426-6cdc9d3889bf", "comment": "Malware payload (SnakeKeylogger)", "value": "c76da56ed7e695a1743d16a17f13ac77d204b05f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500554, "uuid": "4921766d-3361-4b16-9bae-7b12412a671d", "comment": "Malware payload (SnakeKeylogger)", "value": "535ba6d78400d8a49ccd60552d0b9546b00d8c4d1aeecfc7e1f21427b87a114c3f54526b23bc51a8eb43509c7dafaa82", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500554, "uuid": "9c470477-4cf0-42e2-b805-2ac0492d17b0", "value": "T16A257ED1F190C99AE86B49F1AD2BA53021E3BE9D54A4C10C5A9D7B1776F3342209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500554, "uuid": "b2f3ba95-5def-4b74-805f-691bb41fb2a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500554, "uuid": "ed32fe9a-2dc7-45aa-a172-bdc595ef5b77", "value": "12288:FWpujAkBPEeN/Lim3UGhpsExH8FyKJd49rddfho:IpYjRVmyUgWocFyme9rvho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500554, "uuid": "08a7c090-7570-4ea2-b0ba-9b2dc8797f70", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500554, "uuid": "33a28c49-a46e-4f28-a459-2c1548571c4d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500554, "uuid": "bc84d876-d2cd-468b-9022-30a30ca2b24b", "value": "\u0130\u015eLEM - Kredi Kart\u0131 Hesap \u00d6zeti - 45431108.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ca96605-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472888, "uuid": "6e401bae-ead5-46aa-b26c-43d9a5652edd", "comment": "Malware payload (Mirai)", "value": "874995cb25040bf321efa2d0681c58a1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472888, "uuid": "bc13b95b-7347-450c-8493-35d9bb6f56b1", "comment": "Malware payload (Mirai)", "value": "5d452229d8f07f6ac5dcd8e85d8d3b85591d563ba556bc9c81a1b6db848c8e65", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472888, "uuid": "6f0bd8e5-bbad-4413-9fe3-a8de7855d7b4", "comment": "Malware payload (Mirai)", "value": "a9438680c59e08c46c10ef13da270d8c7e9a79e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472888, "uuid": "95f968d2-d590-4d81-afdc-d605ce7feee3", "comment": "Malware payload (Mirai)", "value": "3561953e826f436b15a7254ed513fddd95b0c3f45b6aef49266f008d047ea30073fb84325b68aeca9c23929493fcf649", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472888, "uuid": "5ad9a360-644e-4bc9-849d-fff44b096a6e", "value": "T16F34A6215966E213C0A7FFBDFFD676826319F7424FCA930360A011AD1EF5A5D582B8C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472888, "uuid": "b12b8cbb-f0f4-43d8-9896-5e3bb7517b52", "value": "6144:sieaoTc2BnDG5modEgtan7M/9ivFm2wPe1uT+:sieaoTc2Bn4pgI/09m2se1uT+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472888, "uuid": "a5fdcaf1-ee9f-4a8f-9b03-58fbedaddd3c", "value": 249081, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472888, "uuid": "6aad609d-6fe0-4049-a789-803a1bf7ac6f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472888, "uuid": "01da2f8e-9cf5-4ae9-b803-fe746b3639f2", "value": "874995cb25040bf321efa2d0681c58a1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98c3f2d8-c8a3-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679484048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679484048, "uuid": "1dd80fb9-57aa-435d-ac92-163d07b05dcc", "comment": "Malware payload (DCRat)", "value": "36debef0fda01710af9b0e7b6d990a37", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679484048, "uuid": "ce8a06d4-14db-4fb0-ada3-80d43d7d2c0b", "comment": "Malware payload (DCRat)", "value": "5d61d2fe577e2a1feac949e6ee980fc9589e4b9472bc4ae249e5d50371ce0e9a", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679484048, "uuid": "ccdbcd89-c376-4b55-9740-1c4b14a1ca0a", "comment": "Malware payload (DCRat)", "value": "b74d79014b30d14abbfbc7adac9a9c2a484f51b9", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679484048, "uuid": "bb2bc792-ba0e-4dfa-bac2-4563654db7f7", "comment": "Malware payload (DCRat)", "value": "812b3cdfb6314b778660a2a5477e873808d396d656cedf05c0ee80ecf39248984e0fae9bf5b570c7215bab9a91d46f69", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679484048, "uuid": "e461f3f2-fc8b-4e6c-b334-db0c2ee02f95", "value": "T1BD356B40BBD48737D26F9BB285B303166BB4D0C6E396E39B0F5412B53C823596D193AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679484048, "uuid": "1b0f1760-0a42-46f0-bb6e-76ac94b7e273", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679484048, "uuid": "3270d593-c7cb-4959-b5ff-0b7655b26110", "value": "12288:7EOA56TrfgrfGA3hM6iM8QSArLmMcKDJW0lt6/9y4dne+qR/:o5IErf1hTP8ALrDc0lQ/9y4dne", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679484048, "uuid": "7a24788e-502a-4c92-9e49-797cac123f62", "value": 1157320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679484048, "uuid": "e62fd140-9eff-42e8-98d4-aa85b9e5485e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679484048, "uuid": "2731888e-bfb0-4498-bed1-aba5c3e0406f", "value": "36debef0fda01710af9b0e7b6d990a37.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8920b73-c8c8-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679499966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499966, "uuid": "c2987a42-26f5-4cea-8347-d8fbc957c93e", "comment": "Malware payload (AgentTesla)", "value": "1350a6fb4825da4f4a6642c70d07129a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "rar spam malware", "colour": "#0F450F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499966, "uuid": "4ae2cf72-488c-451c-ba8c-1c1f689c77a2", "comment": "Malware payload (AgentTesla)", "value": "5d73e9efb256930994e84a56fac726d77290e2847f57e8d1b131231e7b6f2c82", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "rar spam malware", "colour": "#0F450F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499966, "uuid": "d7b320bc-da40-4515-91c2-2b2eaf0af4d6", "comment": "Malware payload (AgentTesla)", "value": "24bbd02a99fe02cc8d37d365da12acefe4a482c6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "rar spam malware", "colour": "#0F450F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499966, "uuid": "2e29587f-3721-4eb5-817d-fd18c5dc9815", "comment": "Malware payload (AgentTesla)", "value": "3f25e8893e27f32a9c10dea547f85e2487b312323f20ae9cef52bddda6444452025ad199af4fabeba899d0a656bb67b5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "rar spam malware", "colour": "#0F450F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499966, "uuid": "6a13b701-30e0-48d4-a0e5-46f8506cc5e7", "value": "T1E8E423ED7A3856E0761D8CF995F78BA5E2AB3EF535010C3B93A9CDB8D8318421E05B50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499966, "uuid": "f068b56c-424a-4e1c-8e30-c24b1297c90b", "value": "12288:XykOsxiUDSTdh2JdkZ8xs60kDz91o0vy+Aq42XXsBl38q8P/qfXcs36:ikOsP1dkqxsnKz91fl9Hs7Mzsk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499966, "uuid": "a6c93613-0b5f-4279-825e-042121e28d75", "value": 704106, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499966, "uuid": "28109fb2-48c6-4ecc-a618-512cdd72c3ed", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499966, "uuid": "e42b69d2-e396-4aad-9e5a-acebc9f96d8a", "value": "RFQ Number# 400013296.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "569d8d06-c898-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679479213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479213, "uuid": "14040765-e593-40f5-8f96-1ced1c0b3d07", "comment": "Malware payload (RedLineStealer)", "value": "103f1dc5270469cf9414ee95dee9561f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479213, "uuid": "4eb4505d-2c97-4849-8ee0-254ea25043c9", "comment": "Malware payload (RedLineStealer)", "value": "5d8fcce25d88b4e04ddda7cc22108623d6ca4dc9f7a6a671d57e9230fd6a95ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479213, "uuid": "fbb5728a-f295-412c-a50f-401ecd533fa7", "comment": "Malware payload (RedLineStealer)", "value": "f44b74ac4e35943c1b9f85ca560595bb64a8c918", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479213, "uuid": "f1ea69c2-ee74-46d6-af7e-5fdf28e636d4", "comment": "Malware payload (RedLineStealer)", "value": "94d0dfd43595f025b1241c90efc81b1a8424ac43a13526760efaf45fb1e25a1dd4582314ee167f41784eb3bc59860e93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479213, "uuid": "9599f961-5255-47d1-a414-af1be78173b8", "value": "T11975F1087353923EE5556BBECADCE3086F223578871ED4C3F3D216851BF86E65C2224A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479213, "uuid": "e65f910f-7951-4e54-93af-c010e3f8ab25", "value": "231e93d6c38d93827fc1150514e60423", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479213, "uuid": "4f6102bc-e7c3-46c8-9d18-4976aa7c8b63", "value": "24576:E5SH0+xjXR3uO29j3w/2H+vttmPoADPn7axIGXliWvVznOs0O9dDNh:NhJq1HYtm+xLiWvVS+DNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679479213, "uuid": "137b0c5d-9ffe-40d0-89a1-9e3e126eac8c", "value": 1592744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679479213, "uuid": "fd8437bf-cc78-4d47-839b-45093ee398bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479213, "uuid": "ae6917bf-21e1-4038-94a5-474624ad99e8", "value": "103f1dc5270469cf9414ee95dee9561f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c88126e5-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448051, "uuid": "c84b8bc5-8f69-4ab2-8533-fb71aebe888c", "comment": "Malware payload (RedLineStealer)", "value": "eed3c89906c0bfab8c810373ebb06389", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448051, "uuid": "4c62b49b-3ae1-4fa2-8fa4-9c3fcebb150f", "comment": "Malware payload (RedLineStealer)", "value": "5e3b337f41ccbe39106b15ea3a07759c01ee41e7d18ed62395f277767634c768", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448051, "uuid": "9257f113-772c-4034-a22c-648240ae6478", "comment": "Malware payload (RedLineStealer)", "value": "99fd966feb520ba14f76d249510a0c57a941deab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448051, "uuid": "e0a62814-f1db-4069-b3a5-08a58bd9a842", "comment": "Malware payload (RedLineStealer)", "value": "ea188d76a9882c05c33b6ce3331580e6283180e8f1eb47f6b0931bad1a9b90d33e3b88448250c80c0c50f5ec491839bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448051, "uuid": "8e231dab-cee6-4ff0-8239-b20af8c03e3d", "value": "T113352342A7C94432CD6633715CF627C74B33BCE24C644667235B890E0DB26D4AAB6B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448051, "uuid": "e283ecb2-9c70-4ea5-b37e-b52361c1be62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448051, "uuid": "32205a8c-d286-46df-89a9-71e72555883e", "value": "24576:my8sVV8TgVyulUOsB3LWO5psLM3WAwgmQ0a3cao:18sVCMmOULXfq+Wqz3h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448051, "uuid": "e176d859-7926-43ba-ab15-059925e5b488", "value": 1117696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448051, "uuid": "1a80afd9-7419-4d7a-996f-8397d2d5c8b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448051, "uuid": "ce46916b-2f03-4d1d-bb1e-ca2043f4f1dc", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9065a34b-c8d9-11ed-88f6-42010a9c006e", "comment": "Malware payload (Fabookie)", "timestamp": 1679507227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507227, "uuid": "ad2d3496-a01e-4f67-bfc6-2f993654e9e7", "comment": "Malware payload (Fabookie)", "value": "614bd1c62693d3b49436d3d4a48f2c6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507227, "uuid": "7e50f80c-4400-4950-bdb5-6c95aa1ee71e", "comment": "Malware payload (Fabookie)", "value": "5e5a9bc8120a72b93745a3f57dc953bb897b535f5cf3cda613f26fd509a10ad3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507227, "uuid": "bc51386e-956d-46e1-853b-2337c4913753", "comment": "Malware payload (Fabookie)", "value": "4a26460e9d1916bf47bc74d241e2c325b1203fbb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507227, "uuid": "086da055-2e6c-4755-aa7a-e7e4364c4ed3", "comment": "Malware payload (Fabookie)", "value": "ecfedad1b332a9127613330c633843686b8aebe8fbb203549a112c691bded9e09f00cc1bbe4ea2e981e830076f923208", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507227, "uuid": "4f5c78d7-13ce-44b0-ac89-c92a3ebfc557", "value": "T18A156C5EB66C00E9D0B7C179D5439A03E6B6780B03B15EEB139147A63F276D84E3AB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507227, "uuid": "1a2bcb1d-aa99-4fa8-ac3c-6c193b338379", "value": "ca4024c0e7ca045d1b257058baf9658b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507227, "uuid": "accc1fa9-bbf9-417d-9174-0490b88de76c", "value": "24576:XyE8JiMHnEBiehIMZR9CjI21FiWOnoxkNMu4dXxbfat6Z:PCiMHEBieK+RX21FiWOnoxkNMu4dX9aE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507227, "uuid": "e0ff8429-3308-4feb-b7ca-d3d1790aae0f", "value": 883712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507227, "uuid": "d9dd41b8-1785-460e-85fc-80a57357c4c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507227, "uuid": "5d45cf7a-6e23-4864-8b38-619c2cf07e9c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d57927c-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679481667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481667, "uuid": "2814afde-bdc6-4f0d-b612-e2ebf07b8abf", "comment": "Malware payload (Mekotio)", "value": "817989747af68e2b91e5a3daf915bb91", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481667, "uuid": "4a56912b-245d-4bb2-ba22-07ac2634c860", "comment": "Malware payload (Mekotio)", "value": "5e93bd882bd30f78211051a1bfa8179519adced2aeb7fb6c95a01e288ebfec7a", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481667, "uuid": "39d00e18-c41b-4808-9af0-13a9962cdfa6", "comment": "Malware payload (Mekotio)", "value": "61d61c4bab3d249505b0a4c0a10066c53d058f29", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481667, "uuid": "74842233-097e-417f-9d64-03e0da8ba4f7", "comment": "Malware payload (Mekotio)", "value": "119d1128a88c266eab42e80128031202ee71e96501e3e7c05eec3ef16d0d6618a38d6fe03dfc9e59d95f6b098ed744c6", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481667, "uuid": "d2af51bb-e83c-4b8f-9af7-8197b10bbc27", "value": "T1BF3633C29ADDF37EC9353AE2BB87CB5D3571A67E2E06379257232E2B83250121874117", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481667, "uuid": "df21c865-fdae-4c65-9a6c-69bc79b5141d", "value": "98304:tTvfbOHdm+TrGMUmyZpryMfRM6d1Yo9gu+4waO99RoVd72fuoIoL4/arzGSqgwGu:tTHbOHdm+23xM6Mo9jEaO9gd2GroLqgc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481667, "uuid": "e20651e7-04b1-43d2-8619-718e8ef86c72", "value": 5216176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481667, "uuid": "8ae67e1e-8b81-41fc-ace0-d78b16da7ef4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481667, "uuid": "14c5d0c7-0b10-423c-8552-4531523fd6a2", "value": "ID-FACT.1679481344.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10babcec-c882-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679469647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469647, "uuid": "3c933f53-90e4-440b-9cf9-a0d59790e2f9", "comment": "Malware payload (Gozi)", "value": "1b6b88b4f8da87f1524d77166c9a01dd", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469647, "uuid": "f24572f1-d653-407a-932b-59b13fbcd671", "comment": "Malware payload (Gozi)", "value": "5ed9e8b1e7ca4c6ecce0929514d0f195d4202809a3e933e06f2af0f7eba53d8b", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469647, "uuid": "e0f34a59-0e38-493c-91c9-aa647c127524", "comment": "Malware payload (Gozi)", "value": "a4abf24eda19bf997e2de103c6d0cb3675f225e0", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469647, "uuid": "fd6e0d7c-7232-4785-ac7a-46179ed04ebc", "comment": "Malware payload (Gozi)", "value": "2b069d35cd09a70b45993d704fa78d71d496cbb4027fb53a5c8d2ffc40c4edfed128d0ff69ba1cd294c707d822cfb5f4", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469647, "uuid": "016f0239-58e6-456a-a3aa-6c4c3e23978b", "value": "T1D2C022048A0A806AC142440AE0A8BD68AD0EB0081CFBCA1C23C9E987AC804D5CE04ABA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469647, "uuid": "19e607dd-2dfa-477a-9e11-2afd1df1b97a", "value": "6:HRYFJb5bsZD68Szsj8UNIvyc1yc54vVG/4xHy:HRYFJ268x8UCvhy3VW4xS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469647, "uuid": "1df0c886-753e-4d92-80f5-52a254d1f646", "value": 194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469647, "uuid": "70eac87f-d985-4971-8873-f18fb294c248", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469647, "uuid": "fa695323-f8d5-4188-8061-51b84b316d7d", "value": "Documenti url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf62608f-c87b-11ed-88f6-42010a9c006e", "comment": "Malware payload (WSHRAT)", "timestamp": 1679466933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466933, "uuid": "43de5d22-833b-4276-9861-ab6cd3adb7a0", "comment": "Malware payload (WSHRAT)", "value": "2a76503660d140d0aa08bd758cb9c29c", "object_relation": "md5", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466933, "uuid": "8c40f8c5-c0d4-43df-b065-7c7d7489732b", "comment": "Malware payload (WSHRAT)", "value": "5f0329e51f347ca573ea69cd865bb03d0526d9e9e91477a4502a9fe35c3fbddf", "object_relation": "sha256", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466933, "uuid": "8d1621ba-7103-497f-a071-6ca7ad9c2636", "comment": "Malware payload (WSHRAT)", "value": "55c1ba23321e11c0298450fb9dfa1ccebdea2d86", "object_relation": "sha1", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466933, "uuid": "6fa06575-c552-4b00-919c-5a723ab78b9f", "comment": "Malware payload (WSHRAT)", "value": "4b466437a9ba6f445199016b14d5016cf8ad4765b83c3352d5212432f9fd5e042af41cd7bd3ae9d1ee64e923b1874274", "object_relation": "sha3-384", "Tag": [ { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466933, "uuid": "bec450ba-041e-408a-9d1a-544a96a5aa7f", "value": "T166449A023E4BF93C165F2E0466380E370F8EFE62D619654A12095FBCA3A758C177F929", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466933, "uuid": "fe0c4222-1c8f-49c9-8a0c-f3748a12c260", "value": "768:19C8cPTeUGV5V4ky1rHHPskYROOowLXMJuzHHMH+HCo/LiGi2tl33xRXC:yR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466933, "uuid": "86a5ce78-e9ba-4bbe-9292-5cf5678d9105", "value": 256560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466933, "uuid": "73137f4b-fd1b-42e3-9d44-961c9eaa342e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466933, "uuid": "4cbaf4ba-8593-4d16-86da-b30a8a8779bb", "value": "ORDER230322.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2401efef-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679511770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511770, "uuid": "4ad5f6a8-86d9-4fb9-85f1-8435e3477f49", "comment": "Malware payload (STRRAT)", "value": "76b8dc2d5826f3ef4987ce87cf859719", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511770, "uuid": "37bc4266-fc73-4215-bcee-f63055973c5d", "comment": "Malware payload (STRRAT)", "value": "5f0e14beeef801bd36a5a4dd142fc0463d477dd664f407f4ff563977b4657968", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511770, "uuid": "edb9fda9-1cb9-46c9-b190-ab9c74d76aae", "comment": "Malware payload (STRRAT)", "value": "0b3fbbbba031a5a7d8c65dea9f10640aaf71b64b", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511770, "uuid": "2315bf07-1c33-4e71-9caf-f144fc74d46a", "comment": "Malware payload (STRRAT)", "value": "25f2649cf9c19a654a2949ff45a3af89cccd67b2c62e9b8d5b46aa42268a8b39b34b5a17eda4c77d6df8331b964bbf55", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511770, "uuid": "71b003e0-cd2b-4a5d-8f3a-a16f9469b202", "value": "T15A24010EBDDAC1EDE00B40B505628033365C9147C496D66F7AFD26BB0E75D3A0B5AACE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511770, "uuid": "accd7d99-54bb-49ad-afcf-7fe197939dc7", "value": "3072:98OpWlMEeYH4ueAmw6qOXcurrP7ONu/qUVc+7sFZizP/+TOKbdjAYX9hHG+2/gyG:63xQwhWcunSNu/q4WFyLESAg+2o9X7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511770, "uuid": "e361d91f-59dc-4d14-a330-d6fd79b1dd1e", "value": 210189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511770, "uuid": "4ce57f7f-0334-48e7-9fe9-9ebc76f777fd", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511770, "uuid": "377412dd-b3a1-425f-8cdc-6daf1b3db800", "value": "RFQ EIC202300.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "448ed056-c8cd-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679501946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501946, "uuid": "bf025abe-bdb3-4df1-8312-2cda28796ec3", "comment": "Malware payload (AgentTesla)", "value": "28d93cc0638002feafa3896879a28d62", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501946, "uuid": "69e3ee70-dafc-4733-b330-0000dba0503e", "comment": "Malware payload (AgentTesla)", "value": "602741071b2e71f45452d67885083f6d2cd0833d9d2ed6dd753321b934e9c3ad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501946, "uuid": "d7ddff33-95a7-4985-b7e9-b91267693fff", "comment": "Malware payload (AgentTesla)", "value": "e8e4d93dcc60b44b4e3c7b48e5cf8ba3616785c8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501946, "uuid": "43daea43-f1b9-4f76-b386-0f0491d5ef2a", "comment": "Malware payload (AgentTesla)", "value": "7453c8cfeb51c3d53e0da8f3092382a99022d26767239bb1d37d83d91d735d5afe7f8eec4f1993bf47b63a56b8fb95f6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501946, "uuid": "1184a23d-b29c-4e2c-ada5-a8a18c375042", "value": "T129D2D656E78E03744B9111B7231E5BC9ABBDF23E335151A138AC927433AD82E42766FC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501946, "uuid": "c664e29d-210f-41f3-bba4-4ea17b2be146", "value": "768:EFx0XaIsnPRIa4fwJMHzpG5764JV25UZn2:Ef0Xvx3EMH0576UHn2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501946, "uuid": "ed57cdea-5252-4528-b5a5-99a3abd83e7a", "value": 29687, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501946, "uuid": "7414c499-68a4-4139-bc18-d7b3c3c176bb", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501946, "uuid": "09ffe28d-6bd9-4a55-930c-006639726ad9", "value": "butterfly valve GR.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49930a62-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679511833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511833, "uuid": "6c2216c0-1582-4dc5-ba5b-dc62336309d8", "comment": "Malware payload (GuLoader)", "value": "3c6c550ce61ccdbb48fe71cc05e801d1", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511833, "uuid": "3a5ab9ab-75db-4518-84b5-b4b1f6da1e17", "comment": "Malware payload (GuLoader)", "value": "60b1ead9e5d8f7a259be747f10bf7ee59dfb93fa89bc4c4ff61c53aef8d42144", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511833, "uuid": "a396d6be-631e-4acb-8644-d0110d5e665f", "comment": "Malware payload (GuLoader)", "value": "d2e6a67a2cf6423da7caa9386453075e5f5553bc", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511833, "uuid": "27670938-d0b7-4698-9acb-ac04c56b2215", "comment": "Malware payload (GuLoader)", "value": "e2aa08632617eeafafce150d1248dfcba12c307e17b1002bd7794d730579e40380328307357df09060de01fc11858967", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511833, "uuid": "89481db5-ab9a-4bda-9b90-92ea7025b8f9", "value": "T1541506ECBB4926050B4E368E98870440C1AF85E5D13E41E5BDB9068E7146CD87FEB6FB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511833, "uuid": "045c39ac-568a-4d1f-9bb3-e9bf9ca54b17", "value": "12288:0kbA1wAmOi2SsvpsClz0LRU8AWx4YKQ3DkhuevABKwOeJJONJvuz:0RHmdCvp2V4NsD+hIAwOEwU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511833, "uuid": "6dad20fc-66ed-40b5-9470-d63da37e71d1", "value": 921233, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511833, "uuid": "4bf09c59-a7e8-42bb-99a2-57fdbbb07ea2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511833, "uuid": "5c10cbb1-513e-41d6-bb04-4861385bf52d", "value": "JUSTIFICANTE DE TRANSFERENCIAPDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfc9ea4b-c8b7-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679492757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492757, "uuid": "8dd39fd0-baf6-4497-9802-dd2f31ed8b97", "comment": "Malware payload (AgentTesla)", "value": "4d967148fb6cdca050bcd6b47cbadaa9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492757, "uuid": "427c9cfb-a82d-4761-a428-8b5cbdf0afad", "comment": "Malware payload (AgentTesla)", "value": "624df8862786c9971cd2fd2f499e5e186ba0fd7f0b15f270933806e5c2e7193f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492757, "uuid": "8f578a5f-ee6b-4d03-8a24-c4dcc879d715", "comment": "Malware payload (AgentTesla)", "value": "0233bf642cdc0535aef9d1fced0874bde49fbc1f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492757, "uuid": "23e7ef32-a27a-4ffa-a327-ea1d38b280ee", "comment": "Malware payload (AgentTesla)", "value": "d2e7973265c6322980eae21adb380f9a8606aeeeaab61ac74a84b2ad02f02723e931feb1652fe0bd895a8d8a7ce03264", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492757, "uuid": "e88df704-561b-40da-8b73-9df391740709", "value": "T17DD57DB15282FE96D76F2EA0C40417509C309C5BA76DA348FDC436A76AF5320EF5CAB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492757, "uuid": "f88475fc-e285-445b-97cc-30295761ce41", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492757, "uuid": "017ab41c-3ad0-4205-864a-b18064db8e85", "value": "24576:vwp4tncOTPcvfKtu1Dze6HDpLfr9MEWU9Ikb8vSH3TC1yKOuK6CYCSKskrlKIFPT:24pTUvEEW6hJdYKvx7dEJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492757, "uuid": "457e6dfb-594b-4b03-be88-58cac3572469", "value": 2950144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492757, "uuid": "8f24781a-7d30-4c46-8c14-5662868c06cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492757, "uuid": "2df64522-9bdb-470d-8962-d012323226ea", "value": "IMG2115600269pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3d26afa-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511554, "uuid": "08dbf0c4-e5a3-46fe-8818-8f49d3d86ce9", "comment": "Malware payload (AgentTesla)", "value": "4b9ece81a545dc90d05cbbb19d0dda8f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511554, "uuid": "a5a18b91-d821-4d6b-a040-1d17b5ef80c3", "comment": "Malware payload (AgentTesla)", "value": "62db734242a6e88699be7e406b7266d2abe295c068834966e487cb8052f76fa8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511554, "uuid": "271fce38-6066-4445-9433-fa79d8361c42", "comment": "Malware payload (AgentTesla)", "value": "5034294c4493e5ebaf79025c96d91e8f5ce44ca5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511554, "uuid": "ec8db137-bbec-437f-ac1a-19ba87ea64f5", "comment": "Malware payload (AgentTesla)", "value": "e690b1f82c0d8065d9a5a8cba050d5865629df0d90879660021f04a7e38caae1f16529e8845c8413def0a80dd7bbfe42", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511554, "uuid": "2ba46be2-7934-4469-ab96-92b505a2e607", "value": "T1AE357DD1F190C89AE96B05F2AD2BA53021E7BE9D54A4C10C569D7B1B36F3352209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511554, "uuid": "c8691c82-5305-42bb-80f8-93dfd22677b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511554, "uuid": "798f1b24-f970-40ba-8237-eb657f81cd58", "value": "12288:x8WrjU7iC6/QsE4N9eRqWc28RXVgJbZaQ7g:UdhsE4Haly", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511554, "uuid": "15dea0fc-91a2-4b7b-95ec-c473708d9496", "value": 1075712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511554, "uuid": "a9ec2859-d40c-4269-951f-5b5d54432cb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511554, "uuid": "278025f5-a2f0-4da1-b726-66cff30ee6df", "value": "yeni sipari\u015f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80a27de0-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512354, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512354, "uuid": "0024a8f0-4b96-4d5b-ab57-9ed3611815d9", "comment": "Malware payload", "value": "a123f4944f681fb01b35d903bdc35e10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512354, "uuid": "ba8e04c1-ae8d-427f-8a39-9b5aee592b41", "comment": "Malware payload", "value": "63408e59d89c7afa2dc16d018ee143de139143ea1ceb8326a6a8bf0f4637dabd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512354, "uuid": "72603505-925e-44f1-a78e-cf1aba052c95", "comment": "Malware payload", "value": "a10710e4b4ce6a3bf018e91f73f897bd9d7a5442", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512354, "uuid": "6d9c0af5-df05-469e-8cf7-5df0edbd6ba4", "comment": "Malware payload", "value": "c80a17f065300e9e23601ede64682504167b1547965e1f4e88c3881291eacbe787a572e49ab19e2b331668b6e789426f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512354, "uuid": "a581d231-42ab-44fd-b288-9ec7e2537329", "value": "T117F51890FEDB50F5EA0359701597A23F67306A0A4B38CED7DA902F52E833AE2097751D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512354, "uuid": "63e6dbb9-c16d-4eb1-922e-6acad72781b9", "value": "49152:PsMhHzgncqZ8Gl5gJxGjNBksmobpZu8RPl+X7wL0h5CJrJCi:PsMhTgTfuJENBHvu4PxMCX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512354, "uuid": "f6d0e753-d287-46f8-bff2-954691deb298", "value": 3538982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512354, "uuid": "5bd3a61b-ef43-4657-87ab-5f59f5bbb745", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512354, "uuid": "c3d1764d-c777-43ce-bac6-369b09995367", "value": "a123f4944f681fb01b35d903bdc35e10.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de6a2fd6-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679486742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486742, "uuid": "5eefa335-a8f5-4310-8acc-82b41a4bb856", "comment": "Malware payload (RedLineStealer)", "value": "2aa10d4fa496fda919f022f2c9b05377", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486742, "uuid": "bc6429b0-d49f-47c2-b673-f49f5c3b887c", "comment": "Malware payload (RedLineStealer)", "value": "640d10b89e9dcb39e13002ff50ad5aa312a51655f60eb45c8a6957fc7da5a450", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486742, "uuid": "36a8ccd6-40f1-4714-9b89-6b88e51d650b", "comment": "Malware payload (RedLineStealer)", "value": "0d31727ad728cfb5acd67cbf54b4f7c22d0ee215", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486742, "uuid": "d0390e76-c697-495c-8314-28a812fe151e", "comment": "Malware payload (RedLineStealer)", "value": "37af69d39a8c1cd9e79094477ff88cd5510b5acaa84f5644928b9a1868120233dd94b614d647ef2c96d88934c10a59df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486742, "uuid": "d7d84bf6-a7c1-4abe-9ee6-f183e214aae7", "value": "T1EAC41243AAE46033E8F527744CF687C30A35BCA168B8537B27825D990CF3A54E57176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486742, "uuid": "bd312751-4d3c-4bac-81b5-fc8974d7e954", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486742, "uuid": "86c02fe7-97f9-4022-8d92-15aaa22cb2a8", "value": "12288:oMrey90KJ1dGrgTbdVz5GDGDBHoY6zWCgwEHz/kMWvKAWE:GydvdGrsVagKYlxT/LWSAWE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486742, "uuid": "251fd147-4982-46a7-8b47-cf7ea8317353", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486742, "uuid": "1d2a3ad2-b3f4-4d6f-aa63-94d81b1fea63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486742, "uuid": "09a09ccd-77ee-4166-aacb-bd618850a8fb", "value": "2aa10d4fa496fda919f022f2c9b05377.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "240e0d2b-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679467531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467531, "uuid": "973c4c25-a671-4cd4-84c0-16bb1a9bc3ab", "comment": "Malware payload (AveMariaRAT)", "value": "c4ca6015924d96d2857a8a357e033063", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467531, "uuid": "03ec3b3c-3e32-4212-89e6-0250c2a05f20", "comment": "Malware payload (AveMariaRAT)", "value": "6724ed0c8f434f238d2409c6ff5e03eccea511e0510d547da7b0672f85cac036", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467531, "uuid": "f8c2bfde-e483-4dfa-a845-d7449f0f739f", "comment": "Malware payload (AveMariaRAT)", "value": "0c85bf5ea42896912005380fb036c558606fd07c", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467531, "uuid": "3e23204d-5cdd-48ae-ac7c-edf6cfb97862", "comment": "Malware payload (AveMariaRAT)", "value": "50c782988e9dde46d51bcbc736cbfd02be99256b8295984d4c30ad203981d6a5b2b1a7e89a502f3d39c948571ef55085", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467531, "uuid": "6bedd894-a84f-4ba4-97bd-7eb8b4200d14", "value": "T15FA48B30B5FDC2D5D5A93938EC5BB0F85994EE21D9609C1F3E987E0A34706A2F83521E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467531, "uuid": "4a6b2ca3-079f-4911-afa2-a588f7a01332", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467531, "uuid": "ac485261-a91f-4dd7-be42-9adc917f10cb", "value": "3072:4fY/TU9fE9PEtu8EbzNpL2gONwWlxfe1LJ38yk/FSxCfKIz8vlHnCqxuxWMifMU:uYa6TppaJ2WlxMOvoCyIzwhXcHiUU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467531, "uuid": "dcd66c4d-6c2d-4af1-954e-0a18eb279e5f", "value": 490406, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467531, "uuid": "b37d6396-4207-4388-8124-1db4dfb3037c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467531, "uuid": "70093f63-e776-40f3-af95-f93652a1164b", "value": "WA000065987.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32cc6a2d-c8de-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679509217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509217, "uuid": "76e9bbdc-98b1-4033-acee-691a983dd5ee", "comment": "Malware payload (Mirai)", "value": "75ca6f471ef6391e87cd26f8cdabb1d4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509217, "uuid": "bfcfbafa-9029-4734-bf46-3ecda863ee0a", "comment": "Malware payload (Mirai)", "value": "67636fe25841328bd940f41315246fa1832725b8e8076c455c003f2b9761bac1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509217, "uuid": "03e4bafd-8b38-4a70-a7e0-5a5428565ed8", "comment": "Malware payload (Mirai)", "value": "92ecbbb84571e7001cebdd01d9fb878039658317", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509217, "uuid": "ce44222d-5e5f-4210-9bec-adc03c194cbe", "comment": "Malware payload (Mirai)", "value": "d3ea5ccfe7b40050cc418f799918fb232a2264e8cdcebf250863ed5b141638eeed4ab6102e30783b453ed4008ec2b363", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509217, "uuid": "aa45611d-2626-4342-8a5c-78bdea448985", "value": "T1C2333B96B8019E3DF85BE7BEC4134909F620735150931B2BA777FD935C332A49E26D42", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509217, "uuid": "f33e07fc-4643-41ab-aca3-2ee7e60892de", "value": "1536:IjVrjmxYGkDpjcCTZ7cOrjn7BlW+G8ZrE:IjJjmVqlTrJlnFE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679509217, "uuid": "f84de6df-8bc7-4cfc-8fb3-e014891dd062", "value": 54144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679509217, "uuid": "64c16ba6-c686-4a33-a3cf-576bd80a5873", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509217, "uuid": "f6d72a80-183b-4e5d-8c63-53f58512011d", "value": "75ca6f471ef6391e87cd26f8cdabb1d4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0b0ab0f-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679511147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511147, "uuid": "37c03bd6-d379-428b-ba84-a1993719c244", "comment": "Malware payload (Quakbot)", "value": "62eb0a0226b1482729bf702b16437190", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511147, "uuid": "a54dc36e-56f8-4032-b133-1f2cce5636b3", "comment": "Malware payload (Quakbot)", "value": "68f78f466e42d949bce2ec98e75ae1fdd34a4db3bbef194de7249a2909d34d19", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511147, "uuid": "cd56759e-a304-4a27-9818-a8afc6b80400", "comment": "Malware payload (Quakbot)", "value": "e05f4648263bf5aa12e00c6db310a3ac8cd646c0", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511147, "uuid": "d83879fc-85c6-4fb6-8331-82597e062374", "comment": "Malware payload (Quakbot)", "value": "1cebe107210b3034c67483c22472c3df18d770586465c96c29e83b77292edc619379f37d2559728d34fe1d1500144842", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511147, "uuid": "eac227b9-5019-4e70-ae62-0b17eef2ff75", "value": "T1E98185C68EB05FAF3D21717A572D00C85A5456C12E91FC3DAAE836DE2E08196EB137DC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511147, "uuid": "d78c6367-1024-4cb7-8265-3c69cc2ca99f", "value": "48:0xH5jtuU87lfYp66VQPS9lkOBFatvcnTKqgKsuS/nlGTjBzLyl1k50/wgwZ//wfG:0xZjtuUWdYp66VwSoAFa5MWWUnweQ5vT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511147, "uuid": "3cd137b9-b99d-462f-8b03-32be0b73cbdc", "value": 4199, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511147, "uuid": "e8795a31-2f4a-47f1-9464-9d5067ecc679", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511147, "uuid": "acacaa42-dc43-4c4f-9a63-334138953917", "value": "Necessitatibus.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "339c9b57-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679480442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480442, "uuid": "6f3caf92-8909-4345-84cb-abdcc030b3b5", "comment": "Malware payload (TeamBot)", "value": "615c39d967d9dde2610d632bb98147f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480442, "uuid": "5dff7505-3c33-4268-a3d5-ad0e4ca35e09", "comment": "Malware payload (TeamBot)", "value": "693ea03ec6210684d9437c2a31974184b816630a3d17d2eb9ee23441308281ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480442, "uuid": "b607c7d0-028a-4768-863e-b8a996df6fda", "comment": "Malware payload (TeamBot)", "value": "7d9490d20778fd2c45c355788d23aa461dc651c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480442, "uuid": "ba70e8b2-a21c-45a7-b12c-f888f8e6e6ed", "comment": "Malware payload (TeamBot)", "value": "b8df09df8f05de955bc98e10c80ea53ee9865453f1a14efa37498636a444ed27f51ecd1f1d531a649c65a98cde9a7db5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480442, "uuid": "e2b12129-c114-4d45-b349-6fb584a898d1", "value": "T12E747DC293E07C60E1124776BE1BCBF82A1EFC619E557B9E13599E3F08701A3D162715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480442, "uuid": "0590c891-368a-40d6-a1c0-96d6c4299c71", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480442, "uuid": "f361c6ac-52a4-428a-aadc-84c878a46ff5", "value": "3072:Sw/DlH0j8/64BjuajLSSimiA71hY++do7RSuLpZzrgwn0JV:5SS6aPFi6Y++dOMu9Zn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480442, "uuid": "aa0ef190-ab13-4d56-bc7a-5870432842bf", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480442, "uuid": "288d574d-96ee-4a9c-a82d-08ad225bc915", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480442, "uuid": "5dcbfcd4-c809-40aa-a632-08edf02f1466", "value": "615c39d967d9dde2610d632bb98147f4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6a70523-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679501735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501735, "uuid": "d8ee303f-7e07-4f1b-9777-a69e7a2ba519", "comment": "Malware payload (AgentTesla)", "value": "c4443112dd23d9d4bca3eb79aa8e4e3f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501735, "uuid": "ccc01dad-cae8-48be-8f22-a7ec7be618b2", "comment": "Malware payload (AgentTesla)", "value": "6a083d2e2c53c2e478f36647f3c7bdae2d8cac60b2e0b07ec3551a68b184512e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501735, "uuid": "1468fd8e-1770-4ac3-9c61-ab7a78a394d7", "comment": "Malware payload (AgentTesla)", "value": "2179efa5ae12f31f5f41e2ccbafca7194e3cabf6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501735, "uuid": "03258e46-0d2b-40d8-bbee-83ee7d0b6f51", "comment": "Malware payload (AgentTesla)", "value": "345c82324d3396ed1307b690ddd3026ce547fbaf7a355c54f90f69dc71a06b3c5bd01a0ffed4a4559f298ea8e7ffbd39", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501735, "uuid": "e1ca1649-0fc0-42a3-b9ff-1c5ce10d5091", "value": "T16E351213FAC58D06D44247B56BE37998632EBC623BC662872748770F5F78AF0864760E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501735, "uuid": "57ec1ffe-2d91-4a9d-b024-e53392f4bdd7", "value": "24576:gLKBWQmmav30xl+MXU6Ml9+MXUw3bVc+MXUS3bVzMKNpSHOMgo:gLKQQmmQ30H+MXsf+MXL3bVc+MXZ3bVc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501735, "uuid": "15497ac3-429d-4f32-83e6-419f62cf17f9", "value": 1156608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501735, "uuid": "bdaeb5ae-de7c-459b-a5f6-fcce784d05cc", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501735, "uuid": "fd978953-2dc7-42f7-a491-1bed23d38cea", "value": "RFQ.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e11cc31-c896-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679478313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478313, "uuid": "a9af3045-91c7-4394-803f-95e2c3d17089", "comment": "Malware payload (AgentTesla)", "value": "8b5ac8633c1e8d8bf7b578fac0ce65b2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478313, "uuid": "197ff1dc-9182-4fe8-85a2-66d77f89182c", "comment": "Malware payload (AgentTesla)", "value": "6a46c66555d07f37d5612c8a977a35bdf47c21914a41c5bac2628852d2854888", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478313, "uuid": "042ae2a8-c8b1-40d0-af5c-a2ed69e2ff34", "comment": "Malware payload (AgentTesla)", "value": "3387dd68db6c3b97e4afe9cf4f21f7aaccacd0a9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478313, "uuid": "95b83449-d66a-471b-bfaa-0f92cb3bbf32", "comment": "Malware payload (AgentTesla)", "value": "cc6f1740c73dcb56874b3503830bd0dc6cdc22d14ff8d139424566dcc2fc8216a3979138696f263442b7a40955bac919", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478313, "uuid": "4fe5420f-ea4d-4d3c-ae62-de2d8b6e121f", "value": "T16005E0E73A58F6F9F433D6BD34A03688D7DE63A36363D57C44A511C906626020EF362A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478313, "uuid": "2f7b54d7-41ce-4d67-a915-f0b51b615fb6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478313, "uuid": "03e0aa2f-eb04-4e6b-9c56-6fd8c1794cd6", "value": "12288:f0cmYMUnFW/NibRYxjYCCGeslynxs9gOkK3DFoXX7+SPgxDr7tEdOmn5WrfjUO37:f0cUYVYxjYC5ynOOxKKhPgxVJuWpr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478313, "uuid": "e2a8ade1-0379-4836-9266-38ec9ff0ec86", "value": 841216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478313, "uuid": "89e9bbe1-5c12-46fd-9e3c-41cfc4512b15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478313, "uuid": "4cbd9f89-157a-4ba7-8bb2-2daf2438b479", "value": "Purchase Order-099367.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6c6c96d-c8ee-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516391, "uuid": "5bc443dd-34ef-4138-b604-eb27b30d61c0", "comment": "Malware payload", "value": "0f1c3242c7f577cb3687f7dfe592bac3", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516391, "uuid": "ef61a78a-4c90-47da-96fb-cff75ef9c5bd", "comment": "Malware payload", "value": "6aeca042b584b45f29a74186ae490e7c09a40f20d7fccca9358d5c79c75ae85e", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516391, "uuid": "b9550401-029b-4af8-a695-94962feda074", "comment": "Malware payload", "value": "4871fc4c95e72aef2110b4c8e49b06a4d5fa1170", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516391, "uuid": "f00a38b0-c024-48f6-a0c5-5aa92a0f7257", "comment": "Malware payload", "value": "a6c5a7aa06c0870f519eb2258e20e97a9e8bbff665de2cfc51f601ed2a3aa918a0503da524b38d688d3e488e82179d4d", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516391, "uuid": "80dba711-2c59-4d6e-ac30-90f7d8761be9", "value": "T1E4D2191977FA0B31F2FB1FB51CB251416776BC66ED3DC798188D404C0922B6C89B2BA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516391, "uuid": "4b6edbc4-9c53-4b63-a8ad-a4a14a96aa22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516391, "uuid": "3c4e796f-ecd7-412c-a04e-9131eca218b9", "value": "768:2OgHsv2zm3FHMBar9dYbjT7EKBTnYD3T7:hgMeaiar9d8798DD7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516391, "uuid": "5defb2b9-cd01-4d44-8f47-71b3f61c1a3c", "value": 30617, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516391, "uuid": "b6be0f9a-56d2-43db-b484-933cd400b346", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516391, "uuid": "3a1823db-c562-4fa0-87ce-2000ce928b0f", "value": "2023-03-22_0f1c3242c7f577cb3687f7dfe592bac3_destroyer_wannacry", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1140fa9b-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679511738, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511738, "uuid": "a193acc4-54c7-4a35-9fae-1faae7faadb3", "comment": "Malware payload (GuLoader)", "value": "d5ad455fc4cb6eb845f6ec26dacef302", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511738, "uuid": "c61e3dc9-b448-4d40-b917-2b3480e6cb4b", "comment": "Malware payload (GuLoader)", "value": "6b017394a528be196879753f3c7ae1403aeda629a31b3b6993bc28921521808d", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511738, "uuid": "99850510-3717-4a33-aa9e-be7200a2bd8f", "comment": "Malware payload (GuLoader)", "value": "84c38d916ddbd87d7fa5f7e49c4e96798f5adc09", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511738, "uuid": "54c0162a-e5ce-45c0-8dd6-9aaa9a211b2d", "comment": "Malware payload (GuLoader)", "value": "10a1643daabf649d7efacc04db96e15bcf02198154ca4f7fb7ba7f0b2edacfbaa770ed6722187e0e00c90e87d8e83ef1", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511738, "uuid": "90c3e575-917e-4bc7-ac9b-abb362f5abb6", "value": "T1ED44128128A1886FEA9749B10E6DB324D7B5EDBC01A1774F67513EBB3B72343422B447", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511738, "uuid": "42783c51-1e87-4cab-aa14-bf76167d7417", "value": "e9c0657252137ac61c1eeeba4c021000", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511738, "uuid": "33a68b32-ee7e-4ebe-8ff9-123126e2b4db", "value": "6144:U6dLy5hBL108rM49Avk8/bxqYY7CEUlx0b9B2crhR+/A:k5HL13M49j8/QY1EQxkB/rTj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511738, "uuid": "fcd72873-676c-4713-ab60-e1cef119b844", "value": 275608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511738, "uuid": "9ae62891-6530-460f-a5d6-93e88aa89dbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511738, "uuid": "02436e4b-d784-430f-89e4-85bd6ab41be6", "value": "DHLINV002347.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19f9f2c1-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501015, "uuid": "50f33773-2148-40e4-b008-da226ebb0ed2", "comment": "Malware payload", "value": "8d3942d2bfaf962a1177aee8d08ca079", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501015, "uuid": "92a0e70e-60e4-42d1-8c84-d0982de21e6c", "comment": "Malware payload", "value": "6c2d4769002a3032dbf7e7f7cc20ee2e037d9f8a6a4a14e997e5e2a3b1d0ca87", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501015, "uuid": "5c8f66f1-99a8-4c3e-99d8-eb38562d9df3", "comment": "Malware payload", "value": "a36452da8888b88e8ad9753c0d0cb0cef6a3dee1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501015, "uuid": "c9f50aa3-123e-448d-8737-c3e9c17b77b5", "comment": "Malware payload", "value": "37af42ba6dc479cf181ddf5a786c559f050c17890b25b6a46cacf75c055809852d4e95307bc008046c428f13e91ea30e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501015, "uuid": "3d5ecf5a-88f5-4b08-a16b-0eec905abc8a", "value": "T1B716334A91F9F2F2B002B670121CF5F0E40B75238D59B4704D5BCAF829BB9D396AB716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501015, "uuid": "080bed7e-4b44-4936-ae80-af599161b6dc", "value": "6ed4f5f04d62b18d96b26d6db7c18840", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501015, "uuid": "d58a66ae-b557-4a9d-8d8b-052ecd55db8a", "value": "98304:GHKnyIBCaUVmAYzLiw4UtCsDB2DsEUcQF+KnG5N73/hx9gnxxVeIaGgchSh13jDX:YoyIM3VczLiw4S5QirnGzpM3VHaGg6ug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501015, "uuid": "b84d99f9-e380-4e2c-8ee3-537b3857a913", "value": 4386304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501015, "uuid": "70b3df49-0cd3-4641-939b-65d9e29f07af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501015, "uuid": "1dfab523-27df-42fe-bef5-5e4fd15a7f1c", "value": "8d3942d2bfaf962a1177aee8d08ca079.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40e18005-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448252, "uuid": "d241e432-54bd-4d14-927f-b473f81e7445", "comment": "Malware payload (RedLineStealer)", "value": "27b9b8ebf873c80b9bcb24c804df9b49", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448252, "uuid": "350ac8d1-0b48-40ed-8be8-e4505e20e37e", "comment": "Malware payload (RedLineStealer)", "value": "6c469f0950b57cdd22bc2f4f0b6aae7e218acc8d2c8593ca57430282316d2d2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448252, "uuid": "f5e7dbb7-d369-44c1-a963-f3602a0700db", "comment": "Malware payload (RedLineStealer)", "value": "09eb4aafc13c62986687aa4ab22d492405948ef1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448252, "uuid": "2c453df2-20ec-4ddc-b277-1efc3814d312", "comment": "Malware payload (RedLineStealer)", "value": "e1aee1029e4958c5c13f357c27d1314d6285b737ca8885bec93fdd6ebd42ea7c45989de0bb4ce328e72ceef9b1602f1f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448252, "uuid": "164a9255-592a-40c8-9b6c-ae536ab0c6b1", "value": "T1D655E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448252, "uuid": "ed9fccd6-2f33-4626-946d-519a662a0306", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448252, "uuid": "16cfaddd-4dcb-48ba-9245-430b61e2818d", "value": "24576:InzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:eC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448252, "uuid": "1e411a16-94c4-4ddb-ae70-08f226422611", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448252, "uuid": "de2dcba9-80d9-4621-b2d6-0d751407724e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448252, "uuid": "b853d24d-ce42-4c20-bb2d-fc8c0b394e26", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6ffdc02-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520579, "uuid": "408cac83-6829-4f9e-800c-5a3707f11285", "comment": "Malware payload (Gafgyt)", "value": "ce6623e577de9f50d4f1de58c4830e34", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520579, "uuid": "95e17f7c-c9d1-4674-861e-e0f520d54f92", "comment": "Malware payload (Gafgyt)", "value": "6c52f4511958c1be8ee333e05c515d993dbd0413e728adffd7c623d3922bdb91", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520579, "uuid": "236f0e86-ae5b-4b14-9824-4c03b823886b", "comment": "Malware payload (Gafgyt)", "value": "28880994856f9ca2387caf28167985478bf337b0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520579, "uuid": "70c6b39d-7326-4e51-8742-747ca4398933", "comment": "Malware payload (Gafgyt)", "value": "e279b6cea954e2d9f5fc71d6dc6fbc82b0d7c2a0899b45f6a927bf46988cb7977f29a0b38a37d383d950d400dba5f961", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520579, "uuid": "91040dac-4c56-4dbf-9ba8-8cf9260639e8", "value": "T12BB328436B1C0B87C49B9AB01DA737F18B69BD7112A351C9A90BFEC04733AB81527F95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520579, "uuid": "fadc81b3-b563-4314-89b2-b8b1561b21ce", "value": "3072:WD3l+XQzPeV91310pWudnKakpNDtm2pgYMidIP1W:WD3l+XQzPe713CpWCnypxtm2pgYMidIQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520579, "uuid": "849b2c7c-3900-4c7d-903e-a76f9da2ed9a", "value": 113194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520579, "uuid": "442b129e-1e64-4206-98a0-44a574e62223", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520579, "uuid": "c26d14ba-849f-4dc3-96df-0a5d67366410", "value": "ce6623e577de9f50d4f1de58c4830e34", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c553c3a7-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501732, "uuid": "d9abdc69-de4d-41e6-81e8-07781608e7ed", "comment": "Malware payload", "value": "7eeaf742f9695dc7ed3424c516f86244", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501732, "uuid": "7d45dcf7-bcbe-4d83-bad7-ba211e193e53", "comment": "Malware payload", "value": "6cfa50781e624efd30bae6c1c9fabb2ba64c0ffbb7e3d94bcdbd51b831228cf7", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501732, "uuid": "b4c8549c-e008-46ef-9d7b-587f6ad698ad", "comment": "Malware payload", "value": "1f19342dd96e26d7acdb6e8ba555fffeb71e1212", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501732, "uuid": "7bdac486-0249-4f4c-b706-63080c32a83c", "comment": "Malware payload", "value": "118ee7e85003002c6c7ce22954a0dbab6f680924e6ce3c3821f3939bde6d082c9040d7a133aa0edfc26dcb39e17e77bb", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501732, "uuid": "e5b583ec-9315-4f87-91c1-cf9c794df340", "value": "T1F4A3F16972A1D45AD5065D308FD0F2D3A131BC166FE28E4B3AD4B70F343AE816927B1E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501732, "uuid": "4ff64dae-355a-4e2d-b748-1850748b9884", "value": "1536:j7PbLBYHfEFLHS2HXTSP7WoTY4+zcm8lJoq3utbW1NnFzJGzGUioQx3x1w:j7bFYMFLHS2jUTs4ahsoq368LzJzFz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501732, "uuid": "66d57c43-1081-4d0e-b526-52d3b4be9a5e", "value": 104960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501732, "uuid": "cb8ffbf7-ae03-4ecd-9d96-4a62307bbf24", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501732, "uuid": "e4b3a915-3e70-4739-bac6-482ca5bc59fa", "value": "Application copy.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee016f4c-c8e0-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679510390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510390, "uuid": "04026e19-2a50-4b06-9c6d-efd68549a0f2", "comment": "Malware payload (RedLineStealer)", "value": "97dca130bc1947fdf506cdcf5525af20", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510390, "uuid": "bad25000-930d-4b07-811b-645953b79d3f", "comment": "Malware payload (RedLineStealer)", "value": "6e19909f321fa5127cad55679312d27224b1c9b620b9db503f46a9d9e107d3b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510390, "uuid": "73a10d0a-40f0-4b1d-b581-ea2d189e9df9", "comment": "Malware payload (RedLineStealer)", "value": "d57fa3ba9760edf32efd30f135132d27c727a4c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510390, "uuid": "ec614249-c912-4b72-a1f9-9226a3dddaf0", "comment": "Malware payload (RedLineStealer)", "value": "4808840be836796d8c0136e8400685145aa7bb4b75e7a2363f6ae147d3645a6644a778b725dfb4dfb9fb56d3945edaf1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510390, "uuid": "85baac62-4bbc-47e0-b655-43aadf522d0e", "value": "T190444C3A4AE18457F51CC23C5CE471F4470581BBB7A8F1CD2AC4B4EB7CA19E396B660A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510390, "uuid": "4b1a6723-75e4-4db4-95c9-198057e9456c", "value": "cf1b6413c528ef7f498e62f16d8472be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510390, "uuid": "d79192e1-d305-4002-94d2-839c63e53647", "value": "3072:xCTM3FTopry50bXCLTUP1Q16JqqM2uWrz5u5AbxaeMDDm8cXomAg0nJsT7R6HqZH:F1ToG0beUP1Q16JqPxWQCdkDF6WG7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679510390, "uuid": "c8fe0fbe-156d-4709-b617-7faaa56b94e1", "value": 264272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679510390, "uuid": "969bef9e-8191-44e3-847d-ac270532287a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510390, "uuid": "d62e13ea-00f7-44e8-8072-828bd01ad251", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b24c1a0-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679500641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500641, "uuid": "a4593c27-20d3-4b6b-86be-e10995ac77cc", "comment": "Malware payload (AgentTesla)", "value": "104576f8d8f9ed99f4bd6b9087e25764", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500641, "uuid": "289d1009-03a5-42ae-b5bd-e1466278b561", "comment": "Malware payload (AgentTesla)", "value": "6e324b2b3683876c9720324c6f2adece540f1210b1d46dc72b9f2c75659d65b8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500641, "uuid": "2cafd3bd-f58d-4e4e-be59-2315c6c06475", "comment": "Malware payload (AgentTesla)", "value": "d52f05fc046e5b4f54efe7affb4bea6bae6d981c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500641, "uuid": "0acf3f5b-9654-480e-bf41-c98960211808", "comment": "Malware payload (AgentTesla)", "value": "2a7cfe82b6d4990257a26a4b24f4fb2fd21e4f6db0b9616eae879201e553892ac5c7ce23d90fc5b1d4bc6d6aeb42c0ea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500641, "uuid": "407f55c6-efb0-4f09-b495-8dfd27c405f0", "value": "T1A2051206B3E1DB62C16C5BFEA5E6592403BBA38B2637E7052D8411FA1F52BD40F11B87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500641, "uuid": "dcab871a-ed25-4de8-8a15-0ca09dba2487", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500641, "uuid": "b56fa4a3-125e-47ae-906f-0334de1b30a8", "value": "12288:a0OHSEHMWu/Mvdujb/CCST6Qu+4Q4fcW+P4wx5lzs8fmcL38r:XOSyl8a8fCCg6t+4GXxzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500641, "uuid": "cd9c2603-0539-46ae-bd94-cc1d0415ac6e", "value": 795136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500641, "uuid": "0d23b079-e26d-4be4-9333-32c82c02114f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500641, "uuid": "c8d0369a-e4db-4e6a-8c97-1210b7d7685b", "value": "RFQ Number# 400013296.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee0d741a-c8b1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679490204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490204, "uuid": "a7732be5-1059-48e7-8aa4-a2602554d1a9", "comment": "Malware payload (Gozi)", "value": "ae0ae380b1707b948a4cbc8b3c4384f0", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490204, "uuid": "8654e7b2-15b9-4c8d-8614-a4b69b436188", "comment": "Malware payload (Gozi)", "value": "6e860515c58f9a90db038b974bd259580c5dc35d504085e9928ab7fcec56ec10", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490204, "uuid": "2bba524c-87ff-43a3-817a-f219a7286451", "comment": "Malware payload (Gozi)", "value": "f68a46f7f3d2a053da202fa0f8055094b7c3b051", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490204, "uuid": "586b5274-31d6-4f10-9eb7-9226f95e3bcb", "comment": "Malware payload (Gozi)", "value": "7004536cc3ad8c557c6f41430dd07af80dac561270acb5978c77a318db71435a6b2620eff70a9526b97c4f780ba46b94", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490204, "uuid": "34b1f107-64e3-456f-99bd-f07036ed232b", "value": "T185F059009A2E0B94E01A867889C1C120E3528C4AC49719F7A11A606BC80CEC6492AEC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490204, "uuid": "a2cf2496-42f5-4207-8637-10977527c546", "value": "12:5jSdKzN2mXD08G7FX8ULy7tTJpGQwKfj2mZxt3NsP:95/Dm7FXdmbHN6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490204, "uuid": "bc6e0ed9-41a2-46f8-9007-c71bb6e44626", "value": 527, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490204, "uuid": "58d990e9-ee3f-4413-9e3c-d06b72f371df", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490204, "uuid": "4ae8ae8f-87b4-4856-b8be-5d1a63bf9376", "value": "Agenzia_Entrate597.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bf52680-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679512239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512239, "uuid": "9b5a0f0f-ffb8-49b2-8aa4-455b99cc28e8", "comment": "Malware payload (Smoke Loader)", "value": "76b71b28ea416ad016d8a07c6666c7da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512239, "uuid": "3691c158-c24d-4c5b-b6f0-3c6ea51cf198", "comment": "Malware payload (Smoke Loader)", "value": "6f6b1424cc2e428a51edd10920d1defbf31b47976c6f55f1663e95e45d5b9c91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512239, "uuid": "65dec75c-487f-48f5-a851-0c360d6af7ae", "comment": "Malware payload (Smoke Loader)", "value": "e8feba37a699b372daa4d2beeed9caeab8af4147", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512239, "uuid": "becc65c3-db0e-44b6-b3bf-d9fc3c19d59f", "comment": "Malware payload (Smoke Loader)", "value": "4e7dd9b16dbdfc1a460e39d506b8d0cd3b2305038530ca05521f190e8ac2dd24fc538ab4daa67a0eacdc87a7eb65988c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512239, "uuid": "edcab1de-9b30-478c-a706-92bd55edf59e", "value": "T139C4073D6DA44E21F439D678CAD0E063A2509FE76BA28B1797D33E487E0185378CE06D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512239, "uuid": "856a0083-a04c-4669-b249-a4fe3ad1092d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512239, "uuid": "f0f9f20b-bdf2-45d6-a2ec-96fd42eba364", "value": "12288:Dhpo/cdjHmdTsj41i9eV/48jP7XpXgNGSD7QKN0W:Dhpo/cNHUYj41i958nXpXMMu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512239, "uuid": "c0e272ea-f865-40f4-80d1-6f6b49927412", "value": 592896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512239, "uuid": "873b1f21-0b19-439d-a22a-94be1fd192b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512239, "uuid": "24368213-3db9-423f-bb3a-9987aabb0326", "value": "76b71b28ea416ad016d8a07c6666c7da.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30b8cfab-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516515, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516515, "uuid": "fb90d1b0-8bbb-4d84-a8f9-1847d564a2e1", "comment": "Malware payload", "value": "49009e8976c566f7873fb9f8058c83ab", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516515, "uuid": "55af307b-7b5b-43d5-b3f6-b8463ddbb27e", "comment": "Malware payload", "value": "6fa7e30d6e264a815febbc153951ac6b10f7767ed91d551357ff556be740f42a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516515, "uuid": "caa8c462-6f97-481a-a635-4286f3870902", "comment": "Malware payload", "value": "e7a9e207545904b382d6fca87e20b0054baf33c3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516515, "uuid": "01398cb6-2ebc-43b3-a044-e783d32bbea7", "comment": "Malware payload", "value": "c6f90b7a8d228510c3ba676ecc36f50ecb686766f8523955d37e517c67b245ebd4da38a749cee2a08bc62d8159461973", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516515, "uuid": "bbab81cd-f1f5-4339-8631-e3137f88e178", "value": "T1DB035B61ABF40036F5F31B71A874982ADFBABC216472E45F87800EAD1970952CE3D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516515, "uuid": "cdcd9cbf-0863-463f-b8b4-148f0a1f2af6", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516515, "uuid": "85286af9-09af-4b11-b7bc-6c3e6815fd67", "value": "768:G8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoEj6BB9D3xvjHhx4eC7Xj8Qc1QL:J/6A0q5HDR4oXBx3xrBx41z8QcKL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516515, "uuid": "27b8d252-a4fe-4f1d-8fa4-39c6edb7c631", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516515, "uuid": "4bc74639-c5ec-4787-8697-73445013fbce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516515, "uuid": "4425ac46-be27-4e81-8a24-b267a4e0ad16", "value": "2023-03-22_49009e8976c566f7873fb9f8058c83ab_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6e3ccf3-c8de-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679509412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509412, "uuid": "d7ae1271-1696-4694-8889-a8f702162472", "comment": "Malware payload (RedLineStealer)", "value": "3b72de3a803d312297b7b8da68531f6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509412, "uuid": "991da2d3-9552-422a-8870-ff564425aa22", "comment": "Malware payload (RedLineStealer)", "value": "6fb609b7600b0a5554e4d8e93f48cfc7ef7d7bccd99fb4cf508ca96e0e86f2f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509412, "uuid": "25c43aa8-3fc3-43c9-b0c0-0e3c988f0438", "comment": "Malware payload (RedLineStealer)", "value": "718375906ab8b652b311b6a1dfdf2fc3ad075111", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509412, "uuid": "2e76374e-fd54-4d6a-ad92-26dd1fc411a9", "comment": "Malware payload (RedLineStealer)", "value": "45770398a8ec2742a58be897d3a10b79ee8223d4767ba7b6fece7c6de5c8e9bec2511d98b79cc98c3088cba26b8406dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509412, "uuid": "9ef268aa-26b0-4ada-bfdf-53aef4d90bed", "value": "T155A49E0253E36C20EF164772CE2EC2F86A2EBC619E577B6E125DEA3F0C751A1D562305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509412, "uuid": "67f31f45-4a7e-4346-a7e7-f392f22759fa", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509412, "uuid": "c2261709-3688-4fe5-9f6a-8d29c29daae7", "value": "6144:DuPbynOuhlAdg63gPQbTAnfMfxt6XmMzV:gbynHSdnaQbTKfMpt6WMzV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679509412, "uuid": "af4f4d6d-f7d1-4152-8105-df86f68d58bb", "value": 476672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679509412, "uuid": "972c8458-7402-4303-92e3-4fb896f97758", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509412, "uuid": "ff3e5346-fc78-4239-a8bb-aaa2b7273842", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5bbbba1-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520631, "uuid": "f0d9a711-8267-40f8-aead-6c15b68f3ffa", "comment": "Malware payload (Gafgyt)", "value": "31d0bf840d532f932495679aea10aa79", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520631, "uuid": "6c414e55-c4bb-4cc0-bb9c-047566cefea0", "comment": "Malware payload (Gafgyt)", "value": "6fffead081d25493e9c361ee664e1826e6fdb8b361089444bb085717a49b74a8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520631, "uuid": "38052484-6a09-4327-9d06-6504d3ae1cd5", "comment": "Malware payload (Gafgyt)", "value": "3635d498d507417afa9f48e62ce1b0d05135b0f9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520631, "uuid": "41d4612f-b6ef-4503-928f-27cefd67513a", "comment": "Malware payload (Gafgyt)", "value": "b46bfface4c4ebd777792de8258fbd60bf334142a8ca61f50c3b34784f87da0f484569a19c673553c444523c553d739f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520631, "uuid": "5a606656-f2b4-4789-90db-f28f18381203", "value": "T12FC30A44F901475BC3E327BAE78E038C77355E6857DB33156A38BDB42BE1B982D29260", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520631, "uuid": "6fd95fca-5475-4d77-a88d-cc3d38663a35", "value": "3072:H63VpNeuWDGeQf8sRCKt3DxkS2YmyVUQuiXfQd6W:OSuWQEcCKt3ZmyVUQuiXfQd6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520631, "uuid": "a68f2666-d719-4d50-b684-7fd3aff4d3a9", "value": 127723, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520631, "uuid": "7eb25c16-12df-4615-bbf0-bedcaab029fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520631, "uuid": "4d5507c7-e341-408b-840c-1377aa8ec8fd", "value": "31d0bf840d532f932495679aea10aa79", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e7b5f8d-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472837, "uuid": "804a5644-9ddf-4c40-9954-26c6a4371700", "comment": "Malware payload (Mirai)", "value": "c3ad7121f876bf91759db8522895d8f3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472837, "uuid": "0d4b6889-59e3-4f18-b063-3bff9c274e6e", "comment": "Malware payload (Mirai)", "value": "703348659b132d68d075fde30a0f326d5d9fb7640c745eb47231fce10834d262", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472837, "uuid": "5bcf6fc1-79dd-4d70-92da-0044efeb8f75", "comment": "Malware payload (Mirai)", "value": "96c6ff53b49f3937e0029f0822a63ab238b5c57a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472837, "uuid": "bc9a590b-ac74-43eb-b292-2cd4046339e9", "comment": "Malware payload (Mirai)", "value": "36f277d0d9ac9831e7ec27a98a748a321890071a3cb8c2a5b6cdd72188df9cea54ae98d37eb952a3b8a69cf62df238a2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472837, "uuid": "5ec7b883-c1ba-41ae-ba68-e1e682ee7171", "value": "T1380431251A26E667C4ABFFBAEFE53682539CF2030E89970371F0900D59F895D605BCD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472837, "uuid": "cb31d663-5254-4466-8f92-7e88cb5d1433", "value": "1536:s10kFrg5mQREu3PniWxxvd8T+zUL9gt+yk9fAAZc/Xq0xTLo1/rdhQzwcClm/:bkFORRPiWxv8TRrfT2tLGrdhQzwcCA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472837, "uuid": "629e595b-7e26-48ca-9599-14e9bbf0dd77", "value": 184248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472837, "uuid": "84eeae21-1abf-45cd-8aee-d40c65deb626", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472837, "uuid": "fcd43fe9-b882-475f-8d9b-0281077e50f0", "value": "c3ad7121f876bf91759db8522895d8f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4a9e09e-c8b6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679492336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492336, "uuid": "1917b224-2228-4170-a9ff-f31c463cdbf3", "comment": "Malware payload (Gozi)", "value": "25e762ad2877486c04a25445349db8fc", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492336, "uuid": "0657e583-9c62-4eb3-a593-209e683031ac", "comment": "Malware payload (Gozi)", "value": "714c9d8e64376bcc4cd7ed89b448e256144c40e1e6705a686dabf201d3bdfb74", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492336, "uuid": "4ccd6539-3740-4ab6-949e-ebac6afeae3d", "comment": "Malware payload (Gozi)", "value": "6662403f2eba78717fff8a7d135875daaeb3c4fa", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492336, "uuid": "db3772f2-0e65-4239-8705-bc7e4c263dda", "comment": "Malware payload (Gozi)", "value": "8b7ef67f5c9c121909a8a45fedaebc0e900ba817c0c5da055c3f5e913d60c6980cb299efde14234aa7d42a39f062f686", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492336, "uuid": "9292896e-adb7-4bef-9550-e8ad7a963c97", "value": "T171745C0252A36C60EF124B728E2EC2F4661EFC619D5B7B6E174DFE2F0D740A1D662706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492336, "uuid": "42e27803-1962-4d03-8eb3-aa55ebe774da", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492336, "uuid": "6f49de17-ebde-45b0-baca-39893b5fafe7", "value": "3072:5PydlH0r1a3j4YI/ttvi/fHPlWsGJmog5hmSzaNxAY1jJJ:g86I//EvlWso8kkaXAu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492336, "uuid": "9fcfc9cc-4873-4bc9-b8e9-b34195a630c3", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492336, "uuid": "8d0225fe-3398-4fc3-b837-66dda3c0aef6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492336, "uuid": "569b0702-fd69-451f-9340-d65e2309d941", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7f67607-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679511615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511615, "uuid": "5f14b5a2-e2ae-4337-b673-e3f2fc49f21d", "comment": "Malware payload (AsyncRAT)", "value": "02e24e9cfe0669ac85121b1b35f7a942", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511615, "uuid": "e7ce4688-02a2-42c4-bd99-df90b6fb3c83", "comment": "Malware payload (AsyncRAT)", "value": "7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511615, "uuid": "c2fec678-ff3c-4c0b-8db9-57b0bc206f81", "comment": "Malware payload (AsyncRAT)", "value": "0acb91424c9e6329b0966177cc5541f0bb2c4908", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511615, "uuid": "5b70c688-4db2-404a-8c59-0c78bbe31c4d", "comment": "Malware payload (AsyncRAT)", "value": "f63168b91377018d1039b29f67730c297c050bbd0a7aa5d477ed048935794b6e1e6a10997553b7e001ca751e5026a820", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511615, "uuid": "0928987a-90c2-4320-b779-5182729b9877", "value": "T1F8D4F102FBC288B2E5731A364939A72564BD7C701E34CA1FB3C4796D8A35191A635FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511615, "uuid": "b358f837-018a-4005-98e2-5090a9bf484f", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511615, "uuid": "248d6ffb-b9d5-41ed-9ff8-02ef79098566", "value": "12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511615, "uuid": "47550780-3c22-483b-9aa0-29c42c7fcce5", "value": 650554, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511615, "uuid": "93d38731-f814-4042-8f4a-fd4122c513a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511615, "uuid": "2c4daa26-e2c6-4bf0-bcb7-e9d7f867f916", "value": "Odeme3222023.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0988bd6a-c8da-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679507430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507430, "uuid": "5451e2d6-ede3-4cf7-8c7c-a5e5456b8f67", "comment": "Malware payload (Quakbot)", "value": "56340146e909e60cddad470b0a8221e2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507430, "uuid": "a6532597-e18b-473d-9aff-104a5a113d45", "comment": "Malware payload (Quakbot)", "value": "72cd276c2401474273fbcf1c7c6f7d1d9f540f490ef73ab98b8da9e3464bbb11", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507430, "uuid": "c4bf6c3b-f7f1-437b-b985-dd8fb43c8cd9", "comment": "Malware payload (Quakbot)", "value": "6d1b86faced75da239ae986183ca06249d044685", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507430, "uuid": "c448f8e0-f270-48cb-be4e-5dbf565874ed", "comment": "Malware payload (Quakbot)", "value": "b53ea9286d2d8e44996cc59bba1416c4566ec7c5c7ec91dfe69a95b5c00f6b25dc098eba2f87f3fe4cbab1d2f1f3b915", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507430, "uuid": "122e7976-624a-4d05-89dd-203cf9458feb", "value": "T165943B39931350B9CC4B2AB3118BBA5F7D64D705C4502E8ECFAC1D39F76A84069296BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507430, "uuid": "3817b292-a656-4023-a8f2-ed6885bf2575", "value": "12288:48T1Ee/IAHrWgnPwk7lUj6WJNZv+9UjQVMlFlup2rFWkWTHq1bw7YRvqwg97RxXQ:BEe/2RblFFy3RhShAGm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507430, "uuid": "e38ad146-8171-495a-95ba-c10715aca900", "value": 433664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507430, "uuid": "759e937b-978e-4878-bfeb-b2595427b03e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507430, "uuid": "83510645-452f-4d1f-b187-940c6e9b87ef", "value": "56340146e909e60cddad470b0a8221e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91163109-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679511953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511953, "uuid": "b6baad88-cb04-4999-8050-adeb0ed95e01", "comment": "Malware payload (RedLineStealer)", "value": "c074ee86e8f687bcf7456ab27e739e4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511953, "uuid": "6ada20fb-5a09-4d94-b37f-a11bc21b65ba", "comment": "Malware payload (RedLineStealer)", "value": "72e19666dc31db00097b34d0365832bc038908071659132ad9079377507c31a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511953, "uuid": "46f0fef5-a37d-4fdd-858d-e4d1ea6a212d", "comment": "Malware payload (RedLineStealer)", "value": "052fe0316c638f448edd12fae7ec7d8e2b61b0cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511953, "uuid": "f1083c88-53a7-41ec-b0bf-1254dac2a521", "comment": "Malware payload (RedLineStealer)", "value": "601ea21e9b7828c7e09f98d56d470cba1afbb2fcc25ecaa687392a9405f2bb391c4bec215fb2bbc590a0e28a67fc0890", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511953, "uuid": "6df7812f-c687-4d74-84f9-b48dcd244ff7", "value": "T1A0252356FAE9C0A3DDB01B708CF6038B2635BCA09DA4522B1788556F2C73A95283577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511953, "uuid": "9906aa8d-fbf1-441b-999b-d6d89b9ad63d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511953, "uuid": "653c6789-835e-47e8-8679-302eb579ff6b", "value": "24576:xyLo9oKZIc0jLYuZvazgqe1tn815Ki5DHw9P:kLemc0vYg71+1sie9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511953, "uuid": "390622f0-fceb-4dd8-934e-61ead21cab6e", "value": 1033728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511953, "uuid": "b8e8a916-6e72-4742-9764-e9e9d88d07f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511953, "uuid": "2b4d8955-5e18-482e-a3d3-c5a4b58769ba", "value": "c074ee86e8f687bcf7456ab27e739e4a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb2d2f99-c8dd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Tofsee)", "timestamp": 1679509097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509097, "uuid": "48bf6dae-9f4d-47bd-b579-1243c90c97bb", "comment": "Malware payload (Tofsee)", "value": "cc98311b2bfac15fc434d04619dc31b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509097, "uuid": "6172fff8-6802-462b-adab-e7460cae62ac", "comment": "Malware payload (Tofsee)", "value": "737c79bc5d2ca593911b1c8c5ae66908d2de7beee8dd2388bcd57a008e5169e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509097, "uuid": "88030614-318d-42cb-bf33-994de2cb6203", "comment": "Malware payload (Tofsee)", "value": "c395a4a92874cecaab8731be64d3617fe42669be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509097, "uuid": "55c3dc56-a80a-436f-9db5-007ef59627ca", "comment": "Malware payload (Tofsee)", "value": "04d3cf48e3d421fab60478b2c6111162609d5efec5a8285f9ee49ccad7ef5755c378cba5e08508adfb8a55dbf827eab5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509097, "uuid": "90435fb3-52b7-45d0-a4a5-3aef505153cc", "value": "T1EF745C0293E36C20EF2247728E2EC6F46A2EBC619D577B6E134DEA2F0D741B1D562711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509097, "uuid": "96ceb89b-eded-47f4-97b7-ba3cd113ca3e", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509097, "uuid": "ba4a41f7-6c35-4bcc-95a3-5100d6b3b077", "value": "3072:gudf0GP15PPRG7Qc+j3YFQM5guTeROmjzjxl8rfYlztHebSHDaqTV:guFjEFHaukOmDorotEiX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679509097, "uuid": "a1a96d1d-1594-467f-9098-0fd0b114a568", "value": 367104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679509097, "uuid": "bbfbc3b0-5be2-4d17-8fd1-5c5627013feb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509097, "uuid": "b71057e6-4009-4819-95ee-3698c27ff8ac", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "486e8be0-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679511831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511831, "uuid": "cf029c82-414e-47f7-822d-ace684ea1b84", "comment": "Malware payload (GuLoader)", "value": "cb652665b8cfce2990968456d23ad20b", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511831, "uuid": "11d46886-dd78-4121-ba8e-adbd4d4abd72", "comment": "Malware payload (GuLoader)", "value": "73b965297a91b42b3124e2a39f9e9aa9671a04e0ba42138cabb47f97c7efb169", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511831, "uuid": "9fdbb53d-d578-44fa-adc4-43a2fb54153d", "comment": "Malware payload (GuLoader)", "value": "e27a811529550e173ec1e1c90b99981031ca1986", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511831, "uuid": "af5307b6-1ae4-4eb8-a2ef-0135b09a387a", "comment": "Malware payload (GuLoader)", "value": "ec4f13ed85dc2c436d7248d8b5ecd32061cff4b924addef9bd134cf5b5928ad0de6464cd4ef6c116a55c3ee471cc94e4", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511831, "uuid": "1fe9d405-2cd7-47b6-adf0-fef706480699", "value": "T189153864EACCF5DE09CE27468B0E4C44C16B8D594132FC29DD9AC64D7D0A888E76B63F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511831, "uuid": "99799fa3-9f28-4caa-aca1-ec73d42962b7", "value": "12288:W+c5GwzIEkPNJ8pSyrUgZ8w5DQECfkCdNjTMGFk9WPnh9JM4Y2RMh:WH5MrTBZVw5DjCcC4G0WNRe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511831, "uuid": "fcc9fd2c-af0e-4a8b-b18b-e8afdfe17af0", "value": 931169, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511831, "uuid": "be2cbd43-bdf8-4631-9bfd-69995600f552", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511831, "uuid": "63189672-3675-46a2-8879-57d62562b59a", "value": "SAT BOGA N-1410 CATFERRETERIApdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02269a37-c8d4-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679504841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504841, "uuid": "e70819a7-37f7-4f70-ae44-51d928b770fa", "comment": "Malware payload (njrat)", "value": "b1e3a5e9b884c03eaecdbdba1f02dde0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504841, "uuid": "a6be7351-904a-438e-a12f-ad59b79a2dcc", "comment": "Malware payload (njrat)", "value": "741e8ee05169f46b6e86b9959320f13865aca2b3507f6bccc891af78e0bfacf3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504841, "uuid": "38f94c55-20a2-406d-97f9-812b97f23f5e", "comment": "Malware payload (njrat)", "value": "45ed8b37fe8def2f108ad846f3d5c480a54c06d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504841, "uuid": "94d37d36-ea33-4569-a317-f48959a3a80c", "comment": "Malware payload (njrat)", "value": "2507d6249b368d4f44f380fcc7cc80744cd408fdfa475404f025db9173eacca648e4459d01c84f9ff586146a737bcc67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504841, "uuid": "7227ad7a-a9e6-42ed-8934-a44d480876ac", "value": "T132E208067BE94215C6BC5AFC8CB313214772E3438572EB6F5CDC88CA4B676D04245EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504841, "uuid": "512d726e-6742-48b2-bffb-3e063584b013", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504841, "uuid": "afa6c78a-1f67-4f7e-b501-81f328d2fffd", "value": "384:10bUe5XB4e0XuOlnw0Q0mS03AWTxtTUFQqzFVAObbh:WT9ButC55d6Hbh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679504841, "uuid": "6deb14d1-6d9f-449b-9707-74a253620a21", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679504841, "uuid": "5592b622-0194-4685-ad99-2aad2ec835a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504841, "uuid": "2135ebac-4902-48ef-8cd6-75156619c17d", "value": "bKIJ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ea9de32-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679511922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511922, "uuid": "d11b972c-fced-493c-8728-dfc22ba69ebe", "comment": "Malware payload (Loki)", "value": "706b9a11de704e3237aceae1d0580f05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511922, "uuid": "ef8ee4da-f7e4-406f-940d-400b6235e46b", "comment": "Malware payload (Loki)", "value": "7473f0959c99ec6c3b133ebced71d1a38690fe12f4b9753b1e016545240cbbb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511922, "uuid": "f3f039a1-0e5e-4269-a7c4-023532e77541", "comment": "Malware payload (Loki)", "value": "43b4a80ae355b438dd60a537b17920a50468be33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511922, "uuid": "1aca8018-ae52-4ba6-a5c2-773d80637291", "comment": "Malware payload (Loki)", "value": "7baf4d208b21cc145180b45af98e49d666b1a890d2e2c8e0171a57e26ebc32bb044710c8b3213f3b65a7b1545536cb09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511922, "uuid": "2d4702c8-667a-4ee6-b869-f7f5c4a5926b", "value": "T174F41207B291DB22C16D92BDA4A2992443B7A39B6233F7491DC824D93F537E58F01FC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511922, "uuid": "4f003a70-87cf-41fe-a4ca-37065940a1e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511922, "uuid": "0fbffb40-06d7-447b-a5c1-d1d13dab0238", "value": "12288:vDSRgD5J4fWHi8MVtaOEDflSOxcoLMViGyQjU70/krF:rSm3C8aEDflBx1oUIM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511922, "uuid": "58f1d1e7-490d-4d7b-b13b-3943d447f76b", "value": 722944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511922, "uuid": "6702b4f1-09a2-43f6-86a3-152d3a85a69e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511922, "uuid": "e7723638-51d2-447c-80dd-a00788c75409", "value": "706b9a11de704e3237aceae1d0580f05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d4a928b-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471922, "uuid": "0c1d9da0-e5ee-4cb3-817c-9c42968cc9a6", "comment": "Malware payload (Mirai)", "value": "4bc1963fcd7dfdd41a54039bf22bf55d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471922, "uuid": "03f156fa-ba3b-47f4-a94a-5f1d0a54e14c", "comment": "Malware payload (Mirai)", "value": "757ef361f7b49d307fba03d45c0c53e39031f29a6acc2dd75ce5c7967ad9c225", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471922, "uuid": "e86dabf1-2314-4c5a-b9f2-6b5ac828ae2b", "comment": "Malware payload (Mirai)", "value": "3664bad1c2a66c4f46b46684ba4245f5fec9a50a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471922, "uuid": "6ee7d992-1d36-4e4c-9248-b96f31676353", "comment": "Malware payload (Mirai)", "value": "5d3774666b161c7d77151296a5d8393b9479ce468f45249110fbf6b3c7ea721d59dc9aea073a24d3ac0b26e5f7f54545", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471922, "uuid": "beaac663-ab03-4189-853a-cdda63a483ff", "value": "T11FA3821B7FA00EF3EC6BEC3799D92B49249D501A20987B79BD30D814F24B65E59E3870", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471922, "uuid": "a8b9d43a-eeed-4068-94b8-687ee1c47911", "value": "1536:MPnUY7yDr03iR+7TxhNKGALMmw9WfZNZXTytZAd:MPnUY7qr03JphNsZNld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471922, "uuid": "d3259b6b-62d3-4c0f-b539-54a7b1d91588", "value": 104576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471922, "uuid": "8c479edb-ddc5-441e-93b1-00194052e9af", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471922, "uuid": "2c8694c7-698e-4beb-a004-0265ea6b6fe5", "value": "4bc1963fcd7dfdd41a54039bf22bf55d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf922f96-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679472946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "24337862-0f65-42c8-b74a-5b6a66c5c1d5", "comment": "Malware payload (Gozi)", "value": "4c85e34c3dddedb3ea43bc2f30d36807", "object_relation": "md5", "Tag": [ { "name": "250255", "colour": "#0EFEEB", "exportable": true, "hide_tag": false }, { "name": "7715", "colour": "#CC90D9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "4a681f12-d5f4-44e7-a926-53d29aee3602", "comment": "Malware payload (Gozi)", "value": "75827be0c600f93d0d23d4b8239f56eb8c7dc4ab6064ad0b79e6695157816988", "object_relation": "sha256", "Tag": [ { "name": "250255", "colour": "#0EFEEB", "exportable": true, "hide_tag": false }, { "name": "7715", "colour": "#CC90D9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "d62f74c7-842f-4911-a65d-c6fe6839ee67", "comment": "Malware payload (Gozi)", "value": "99fd783176080941c5c55119258a594b5c18607e", "object_relation": "sha1", "Tag": [ { "name": "250255", "colour": "#0EFEEB", "exportable": true, "hide_tag": false }, { "name": "7715", "colour": "#CC90D9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "a5577e68-89da-43db-a689-9b67f3470501", "comment": "Malware payload (Gozi)", "value": "fcfcdea03901532d907bb25d7d0c8af627fef7678d410bcb178a55b2b4d10cde0285f7055f85ffb205ab9b9f4b5dd852", "object_relation": "sha3-384", "Tag": [ { "name": "250255", "colour": "#0EFEEB", "exportable": true, "hide_tag": false }, { "name": "7715", "colour": "#CC90D9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "ee99ef20-1bc4-4bae-91bc-bf609e407d7c", "value": "T1AE746DC253E06C60E6124A72BE1BC7F42A1EFC719E557BAF2359AE3F0870163D162709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "53c47e19-550d-4c18-a883-a1436e47cf45", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "00ecff7c-4768-4493-af5c-3193c833aab5", "value": "3072:7bcGlAgu/Imx4Ojua5grnmTvANF9q9aM+j/sVDIMpXBWiZDJxgwn0F:Afhrim2F9/bj/sJIEBWiLx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472946, "uuid": "11104601-3e77-4a58-b76a-d7461ab4e286", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472946, "uuid": "e108cddb-95c9-4c30-b8cd-4d3a52806d05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "1c3a751e-05ed-4855-ba41-a53d69eb0b5a", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7228f290-c8b6-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679492144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492144, "uuid": "5570e628-7486-4206-952b-eb3e72d6f165", "comment": "Malware payload (RedLineStealer)", "value": "cdb263830a47b658f33a5f2b3c622f06", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492144, "uuid": "7bc50c56-ba54-4d11-a2cb-f0dd32f0994f", "comment": "Malware payload (RedLineStealer)", "value": "759b8dc0d8cba648a223c434b21b6e3a4aad2c2a72b67b71248e29fbac249337", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492144, "uuid": "beec3ea7-1169-44ef-b430-75a2af071d24", "comment": "Malware payload (RedLineStealer)", "value": "7b170cd884dd698aea0ea0961160cd3d8ea0c8b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492144, "uuid": "a11958ff-c0fb-4c0e-be45-44e91330e77f", "comment": "Malware payload (RedLineStealer)", "value": "12217970cde03161ff51a58652aebc5f2e39460f819cc6f20b0c96992018efde098748b31afa9fc41c893436e06cf440", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492144, "uuid": "45bf147c-8e03-4e3f-ab9d-5b527b7185f3", "value": "T16BC41246FBE880B3D4F6277059FA03830A36BCA25DB4476B3B45696A1C736C0A53537E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492144, "uuid": "b0ebf23c-96cb-45c8-8333-89a8ff36d5f7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492144, "uuid": "f76e116f-4bf6-46b8-bee1-2e44047ec247", "value": "12288:LMr2y90RV+RpE9VNYhG34HYxlrdvZ6g7:Ny2IRq93YhG3SKrFZ6g7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492144, "uuid": "128f8fdb-f50a-4942-a551-c90064283fe6", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492144, "uuid": "c4dcafd4-cdbf-4599-8112-d27959d232c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492144, "uuid": "7c763adf-eb79-4ae0-8ded-1106b24571be", "value": "cdb263830a47b658f33a5f2b3c622f06.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ff1c6e2-c908-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679527386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527386, "uuid": "c867da1a-a998-4a23-9e01-07b136efda36", "comment": "Malware payload", "value": "a6cda851cc581c23275d4c4493a4a4ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527386, "uuid": "38c2a3c8-5fc3-455e-b662-c0c520c3421b", "comment": "Malware payload", "value": "75dcd35e2075ba809ba815c24ae84504661d29c5991ec7f151215dfeaf079998", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527386, "uuid": "2edb12d2-3b96-42b9-ba48-b0c438ae80ae", "comment": "Malware payload", "value": "2bf1ed2aa349e74ad4c72f7b250ee8e9195a8899", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527386, "uuid": "0cb9b1a5-510f-46a2-b648-74350381257f", "comment": "Malware payload", "value": "37ccd38c4614f81a2bd395aa89efe605fa5b910fde2cda559179eb2126d7a3b299923ce27f08f1c068de2eb9195e555d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527386, "uuid": "061e0bd9-a843-4c15-b879-9691a16b0005", "value": "T1EB848E0253E36C60EF2347368E2EC7F82A5EB8609E57BB6E175DA93F0D701A1D562305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527386, "uuid": "26e09a75-bc3b-4be5-8fed-61692123b52e", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527386, "uuid": "f09baaf7-0d5c-4e63-8830-63b7d77e7171", "value": "3072:1vNp8x5PIJ04xzNn1KsOCkdOuyckUoZ4jDsysymYY1v762UDIMa:ixaJrzN1ICkGcdS4zsyHt2CF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679527386, "uuid": "b0cd3336-8ac6-47ba-a4db-3c047c10ab20", "value": 397312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679527386, "uuid": "d13eb12b-0403-440d-98d4-b58b560aefb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527386, "uuid": "2c7fd590-3ff9-45b0-ab26-33cd0e5ce560", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ea59659-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679469348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469348, "uuid": "09074b99-607e-4387-8877-1931aaf26868", "comment": "Malware payload (Amadey)", "value": "ade711b147ffd3f1e38c60637fb5eb07", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469348, "uuid": "dcef8438-8d59-4356-85ff-204bffbe4fea", "comment": "Malware payload (Amadey)", "value": "762700acddc45986ebd5f67bb37512b8c388a1cc5cd2478ff1825ffc036508dc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469348, "uuid": "a56a83bc-c763-469c-9fe6-5105961fae75", "comment": "Malware payload (Amadey)", "value": "7b001fdd17b5b4ae8d3717bed42eccab9171a4dd", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469348, "uuid": "569e720c-9966-45fa-82e2-4475a9fd377d", "comment": "Malware payload (Amadey)", "value": "444c80c09fb92645b6cae4264e9b3a9328b9eb3699f4643dc091631b7544a5bc1ccecf67806634893858e6e98ee0efdd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469348, "uuid": "89d1a233-7dde-43ff-8209-36d84ec9cc5d", "value": "T145252321B7D88423E9F917B058FE0A430735BDB56EB8836B234559091CE2A98F53277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469348, "uuid": "ada01f4c-4b36-48eb-9cab-20f8ec3097b9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469348, "uuid": "f620ff94-ad63-4af1-bb6e-b1762b36b3d8", "value": "24576:vyxZMW0IsZB1eDi319obPQ0ye3yV2vvZdgR:6AzIej825wyV2vrg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469348, "uuid": "e9ee09e3-47a5-4fce-9bd3-0d6db7eb45c7", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469348, "uuid": "69410640-5f91-4f8e-8cbe-ae9e09cb702e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469348, "uuid": "95793c82-9900-4520-b30e-8d99254db08b", "value": "ade711b147ffd3f1e38c60637fb5eb07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e612e951-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679446382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446382, "uuid": "21be4a3d-5af8-4260-855a-0dfef634b9be", "comment": "Malware payload (TeamBot)", "value": "6cdaede49ef2e633127488885fb06030", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446382, "uuid": "fb9b403d-ea56-48ab-8629-806655822509", "comment": "Malware payload (TeamBot)", "value": "76543901ca581b06aca3299ed94e1819cb9cb3dab5ac8a4d26a00877aaad2492", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446382, "uuid": "d4b5840b-b4b3-47af-a1d7-8b55c2732ab0", "comment": "Malware payload (TeamBot)", "value": "8e4eca0cb14cc8561c9cb3824547f1e2b21fa0f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446382, "uuid": "8861bc64-97f2-4583-9abc-ef5d23d5659b", "comment": "Malware payload (TeamBot)", "value": "61f25eeec8defb60831b915f148341c7541b995d1786fdae7b4b0a070c663a2af5e495511b5d0e9fd8da58e7e11ea93a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446382, "uuid": "21b88866-93d5-482f-af2a-02fa089964ed", "value": "T1CA64C51383E23D45EA268B739E1FC6F8B74DB2708E497B6532199F6B14B0277C263611", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446382, "uuid": "cdbca2fa-764a-423b-bbd6-21ca25db97e6", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446382, "uuid": "81950b00-5c1a-49fd-b914-b02435bc7430", "value": "6144:9KWYLZSu9bwvQX5bKJtFF1n3eUoDwy4WAQ:9KWY1z9b8QXeFBfWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446382, "uuid": "6cd6af86-6cf1-4882-81ef-dae0a026db58", "value": 328192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446382, "uuid": "aab6369a-9a19-4185-b2d2-7a29fb5a4b60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446382, "uuid": "2a0c6cfe-2de7-4ff2-8f72-83b232f3f901", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec7a15c0-c8d5-11ed-88f6-42010a9c006e", "comment": "Malware payload (Pony)", "timestamp": 1679505663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505663, "uuid": "f16df160-c88f-43e5-bd58-327b3cda920c", "comment": "Malware payload (Pony)", "value": "12e88c23b53f7a01502f18df5f6c8005", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505663, "uuid": "1704663d-5595-45c5-bbcf-7066ba07d7cd", "comment": "Malware payload (Pony)", "value": "76599e9a381fd9177d79ad993fac09bf621b6f536f06c9373bf8a4b1f0dc8bef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505663, "uuid": "d3deb13b-01ae-4f3e-94fd-630d39a6061c", "comment": "Malware payload (Pony)", "value": "1152f74727b1fbc366886342f18f6a8db9769d54", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505663, "uuid": "49638582-1825-44b4-9f59-d7e3d86abcb2", "comment": "Malware payload (Pony)", "value": "07c16fb524f87753263b4d6a119ba3ccb9dd67f31c2076b3c0af13c468f2a6616bba76c12764ac6947c74ef9f10bca9a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505663, "uuid": "6a74b16e-32a4-4595-bb45-1148ae8d6686", "value": "T125D33B03B984F0F2C1A117717BC16772F3F99A78787A4D4AFF9C6445A9B6287BB02052", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505663, "uuid": "1c72c445-0b18-45ab-9e8e-c2ec1a68455f", "value": "d6cd9cecc12ba283fd2bf86a18ca964e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505663, "uuid": "e7f763bc-3017-4acc-bb47-ec4cee7d8f88", "value": "1536:6jdC2fu1Xo4qT74j3F+EYDsWq66SvuQViprHK3OfcHTvpkzkvNy/DxvZmqrgrPDa:2Io2H+EYDsW3TRVB3OfMv8/DxvZFW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505663, "uuid": "22b31ed1-1202-4f73-9e86-0d06dc8ec3fd", "value": 135168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505663, "uuid": "8f976907-a68e-4189-9d8b-b5132b165274", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505663, "uuid": "66c1157c-75e0-4c01-993d-8b24cf3b4e84", "value": "12e88c23b53f7a01502f18df5f6c8005.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25812248-c876-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679464527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464527, "uuid": "dc1cefd7-aa81-48d2-b30b-211c56668642", "comment": "Malware payload (AgentTesla)", "value": "e0453eb56d974bb704e7f537dac5853c", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464527, "uuid": "6ff68ad0-2355-4f7c-a446-49b1b126a19f", "comment": "Malware payload (AgentTesla)", "value": "7676ba6454dccd36def42032d399fe4bdc48802f9c2c40702638e3887b865fe1", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464527, "uuid": "9841bcff-ce99-46b9-b4eb-c4487ee65a82", "comment": "Malware payload (AgentTesla)", "value": "4f65f95d70d5f0d28752124692ad8438b0117f1a", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679464527, "uuid": "d289823e-317e-42c0-af30-c2a30d026b9a", "comment": "Malware payload (AgentTesla)", "value": "588a6ffc6663349e743c6f2332ddeabf5ef48e64d344d003917dada33494f6815fc3ea4ba38835b9a922d0491e349d9f", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464527, "uuid": "99835558-ef35-4970-a641-92061954201d", "value": "T1B1C42378332A2E60DFC58771261C09A0B477853E325F9CDEF0BFD510A46B6278E2499E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464527, "uuid": "c2ebd0d1-7858-4a30-9f7a-c2744f8a006f", "value": "12288:XX6kljAJS3VziBD7JgvDxgvSSDxmKyCs9eE:XXdLVziZCrxcs5CssE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679464527, "uuid": "f43b96b4-9b06-47bd-85d9-fa2aa0258dd1", "value": 544002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679464527, "uuid": "27cc1e83-91c6-4c1a-8f94-23e55139db01", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679464527, "uuid": "6126a227-2f7e-4b67-a493-c8320e40533b", "value": "Invoice Overdue_C0809-H03.xls.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6268529-c897-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679478917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478917, "uuid": "4bb2649f-b62e-4bfa-8a3c-94c5a0db988b", "comment": "Malware payload", "value": "ca1a4f9ddb791e12ef4b42d9184d3009", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478917, "uuid": "a49c176b-a061-49b8-a868-83025ebbc7b3", "comment": "Malware payload", "value": "7706c207e14d5553ff09b14fe7d1fefc90ade35bf30d6e18cb6739ba2592f377", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478917, "uuid": "b3bdd92e-e0a4-49c3-ba9e-4d741012e93a", "comment": "Malware payload", "value": "4c89fb2771d41338a8bc6bf6adac6ba56957f3fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478917, "uuid": "c13f0f2e-ddae-4538-ae04-01aa5b14362b", "comment": "Malware payload", "value": "7bd18f4b6c54e1efcb5e45f5dd68948dd7b007e39c2f04f0f39311362930d14e6eea95a6bd851cc592378b082926108d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478917, "uuid": "e7f96cf9-5634-435b-b0ea-387e2a682a05", "value": "T1C226336322E5E3BAC1B047379799B9FA6A02FD6121B4C6DE9920B3A3797053C14DF470", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478917, "uuid": "29d27e8f-301e-4942-ad58-9e2b035f0903", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478917, "uuid": "c0031baa-f45d-4268-bf67-a33ae0de6a5a", "value": "98304:YrtJFb6LdetLJ1EeGA8zfBWFnvesTLCTq238oqDEWBbQO:ctJVZ8z5WFvDTLCUJEXO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478917, "uuid": "bcffb3b9-58ea-4037-bdc5-625d0b9abd73", "value": 4510208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478917, "uuid": "8b7dc531-68fb-4ba2-b4ec-49d9077a5073", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478917, "uuid": "4b52c8ac-6ed4-4ab2-bfd1-787e67a6d166", "value": "635965506.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4280c4b9-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474025, "uuid": "068f47ff-9a3a-4b95-b60e-dd8eafc6b84d", "comment": "Malware payload (Heodo)", "value": "91f5bf56d064b02b7b1bd983f86cfd9e", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474025, "uuid": "87187ab1-66b6-4b31-94c2-2359c4925db1", "comment": "Malware payload (Heodo)", "value": "778d230125fbf6e03d2b2defae54e4bdcc8c6d19ca01c65b638e47b4b82df31b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474025, "uuid": "6b56f815-8bc6-4399-a488-d2eb80382ef9", "comment": "Malware payload (Heodo)", "value": "5a3de970623594c49aefab752a5db8a9773494c7", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474025, "uuid": "448e464a-7a18-4405-9fdc-f3ecaf99361a", "comment": "Malware payload (Heodo)", "value": "48e52c2158a68b45e4d2e9f54a1b1a43ad0c3473357b21971537d1f49f931a6c4c3b539ec25446ec2305119e4e39d708", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474025, "uuid": "3701b8fd-b1b8-48e4-abd7-8e0d5b03dfad", "value": "T1CC2523E059F82941CD0E0C35F92671BD92BC31666EDD15E633FC3CE5A90EF6842126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474025, "uuid": "73c7ed00-87c5-4188-9012-15ba8e0fae56", "value": "12288:xkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4den:qXzNdfKluvnRHthzfoYxJlS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474025, "uuid": "fc7e3d2f-cec6-421e-8282-2bd70bc2fdc6", "value": 995037, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474025, "uuid": "7f11f882-040d-4399-b1cb-40ae9137c22e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474025, "uuid": "81006bdb-52f3-4293-9824-a7428a755136", "value": "giPDtMJ.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcc15241-c8ee-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516428, "uuid": "0535e831-8c11-4d9e-a6c0-50c9e8dd9968", "comment": "Malware payload", "value": "98bae9d739d81e4d95077a57f414645e", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516428, "uuid": "4e0f0706-e57c-4f2e-8e72-4780cd55c2b7", "comment": "Malware payload", "value": "78909052298db898a719b30d28c7da6c01041c8f933737be145a196a19b54d01", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516428, "uuid": "1eef6d88-c58d-4872-b762-87d6ab5af28b", "comment": "Malware payload", "value": "aa533c96f687110a7bf3b99495221a4093864e85", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516428, "uuid": "5a0506e4-6c93-4a01-ae25-609c0942b5f4", "comment": "Malware payload", "value": "9bb72e11fe3fe106ad60b9f5b78fb0f20b9af501e5e905dc1e1114bbc3dbd9e92d8f11c3613b8fd4dff3eb1f15240729", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516428, "uuid": "b7a5effa-a3a9-4b49-ad2d-12731f870e13", "value": "T154135A56ABF10432F6B30A31A57444A6DFBEBC226477D4AFCB800E5D15B0915CA39B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516428, "uuid": "c381eb2d-0a0b-4556-9d27-297532a7d9c7", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516428, "uuid": "715d156b-69a2-473f-998c-018962373fad", "value": "768:28kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1gpQiwBeT:5/6A0q5HDR4oWBx3xrBx41z8QcGui+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516428, "uuid": "262b6220-bbb1-458d-b5b9-7c745be141d7", "value": 42496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516428, "uuid": "fc22637c-a0f5-4bbb-b5cf-bfba213680ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516428, "uuid": "d383e7e9-bd5a-4935-ac80-0a07c1f45280", "value": "2023-03-22_98bae9d739d81e4d95077a57f414645e_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38104593-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516528, "uuid": "23fdd800-a802-4712-a638-dace87c1c0fa", "comment": "Malware payload", "value": "c04257c3939d68b07db38739e111fa31", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516528, "uuid": "48d7da45-5f4a-4313-9f3b-4dcd492e998d", "comment": "Malware payload", "value": "78dbdc4d94ef91e49d74e01bd6259d8a31f488d440bc556e08e4582b6c39d845", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516528, "uuid": "aee1f21a-701b-420d-beb8-3a71456cb7e5", "comment": "Malware payload", "value": "d7d7ca095751778b5cfaa714eed1ab8a12ac2bb3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516528, "uuid": "b33f6c20-4196-4fdf-82e6-fea178ee3a08", "comment": "Malware payload", "value": "5fa059e558a01528f763e7cbc72df5c2f42ff88b120286f422237e8d33bb94dc343b24f4fdc73fd585a4e1fe51301dea", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516528, "uuid": "66d5b115-08c4-4ce9-97e3-1fd7bc55abe9", "value": "T128839F46F3A40752F1F20771A83A8EDABB3ABC709521D25E21D4E10F26B2F204977B57", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516528, "uuid": "2720684d-63a9-44b0-8a0b-e99680ca08d0", "value": "1536:gKBx3xrBx41z8QcTuJlL+5bU8QBNLQS0xT8EbllTAGSV4a:gKBx3xrBx41z8QcTuneI8QBNj0xT8Eb+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516528, "uuid": "6870b73b-9859-4f07-ade6-3d475a849394", "value": 81408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516528, "uuid": "e4a01e64-5adb-4c80-aee2-4c7374e9aba4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516528, "uuid": "87ce6839-262b-41e9-9400-ec6da21912bc", "value": "2023-03-22_c04257c3939d68b07db38739e111fa31_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcb903be-c84a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679445991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445991, "uuid": "0ef5dc34-6a28-4591-adaf-d7682d52da1f", "comment": "Malware payload (Smoke Loader)", "value": "660f3820c070efdfdb970ae42b17ece5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445991, "uuid": "f29be303-309c-47f8-bba9-38f44b3861cd", "comment": "Malware payload (Smoke Loader)", "value": "7919775d126446141fde43cf9fb0105b9a797198e3246ff666968936f16ad31c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445991, "uuid": "331c9243-259c-40f1-897c-4634f3fb6027", "comment": "Malware payload (Smoke Loader)", "value": "734a92378c83e4538ac12c3c875cd8aa4d97d4b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679445991, "uuid": "9d273988-bc7d-40c3-bc13-79826b838c4f", "comment": "Malware payload (Smoke Loader)", "value": "aa3948181293dadb9244ef6660ea992291187b2bcf9b2e71180985dde89cf45f8f0ca5266aafebc84760cccb937e2a9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445991, "uuid": "802fc7fb-60fd-4a4c-b02f-8d0c3bb216f4", "value": "T13444CF227692C473EA9B45788853C7B02A3BBC715B5D86C7278053BE9F307D19E3A346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445991, "uuid": "36478bdf-997f-49a6-bac7-f253031c8e01", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445991, "uuid": "5592f5f1-e279-4342-92e5-4368cba805f5", "value": "3072:OJ8sGMAASjqpYY3LiTb/1LyoCpfaR/ka5Ud7BaM5LOPzLi5s91ew2ZY:uAH/Y3LiTr1L80R/A1a+gbPew", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679445991, "uuid": "6676bfd7-5c51-4377-86b7-a9f6cfdad57d", "value": 257536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679445991, "uuid": "3f72541f-1a4f-4063-a1f5-7931ba42ceda", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679445991, "uuid": "c089f1a1-e6a6-4301-8cc8-89e44f0d2895", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dc94088-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471950, "uuid": "ad67eabc-e6e5-4eae-b5b5-54e54ec0a209", "comment": "Malware payload (Mirai)", "value": "34fcf94a4f021cdb6859737322535c27", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471950, "uuid": "f063fea0-c976-4564-9433-f01690e491a0", "comment": "Malware payload (Mirai)", "value": "79c036c39537416d5ef7eeae1e01ed9bbc37b7dc11413700a613743e99bc92e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471950, "uuid": "86e2322b-f30a-4905-86ef-25b9e4b4eb27", "comment": "Malware payload (Mirai)", "value": "58d34adeb8cffdbc1d5ef4361da7b150e26aca80", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471950, "uuid": "57c74e4d-a0a6-4a22-a2e2-67bd5e95438b", "comment": "Malware payload (Mirai)", "value": "30e35134f8dab65b24fd0734f49b01fb18619e59dba30eaa7626e80fbef8a1990bdd587a12be92028685a3455c6d0989", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471950, "uuid": "40e37d34-6cbe-4e85-aeb3-30efab14f765", "value": "T169F321215866E213C4E7FFB9FFE576C6535DF3468EC9A203A1A0104E0AF5D69642F8C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471950, "uuid": "329bbeac-f1cd-46e3-a175-1251c066de63", "value": "1536:70uaiFNbg2j75qMKwT5tDJ3p9N66MMQyZAeKUFYtMyOgOFzvddhQzwcC2Q:FFFNbgykveLJZ9NNAeDHy2ddhQzwcC/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471950, "uuid": "0be8e670-ac60-4c60-bc13-2a9cbd24f5c0", "value": 165228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471950, "uuid": "115c307b-c663-4ab8-9814-79b4a67d1a5e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471950, "uuid": "701f3c97-b644-4082-a1b0-3347db571778", "value": "34fcf94a4f021cdb6859737322535c27", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a056a17a-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472894, "uuid": "66bdcf81-f066-4d56-8647-ae75d23cca3f", "comment": "Malware payload (Mirai)", "value": "e0041ca6431ab04f006105c7920dc6ea", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472894, "uuid": "a19e6c29-272c-4f9a-a3b5-4c3e25e76bd6", "comment": "Malware payload (Mirai)", "value": "7a3f81e511b47604004f69071e524bcaea9eade6be4d15a61ee75b4d9bc81fe5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472894, "uuid": "599de57e-1125-43e5-9c05-21ba2d1f43a3", "comment": "Malware payload (Mirai)", "value": "258f1820ab5ecde78a59a2ab195c793861f11718", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472894, "uuid": "570de276-808c-4b4d-83a4-f7e19d693ebf", "comment": "Malware payload (Mirai)", "value": "911448f88deea8f01a424011ce5c88f8bb14a79c8c13cce9ad963faaac82227920c627001d171f6695785e205503ea5e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472894, "uuid": "4eb0e97c-2681-4865-ab96-a5a4abd0536f", "value": "T10383A51E7E218FADF76D823147B74E25A79833C627E1D645E16CD6002E6034E641FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472894, "uuid": "8869d360-ccc9-47de-b7fa-aad9a382225b", "value": "768:Gty6IP7s/kq0INRhPe92EI9tl/dOCV6YgHSRHsgI4Eo6gTVLTT+L/GG7HBv3LiyV:Bakd32EI3OC8G1TTVr+LdtSeIHMWprc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472894, "uuid": "8a01016f-58b4-4fe5-abc7-37e0387e79a8", "value": 84780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472894, "uuid": "4955455a-7f3d-4222-afa4-4826eaedfe5b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472894, "uuid": "82d23829-83ca-4ea0-a49f-61fd2893b658", "value": "e0041ca6431ab04f006105c7920dc6ea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66e42f4f-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469362, "uuid": "dc21b5a6-7939-4d70-932e-8d6c8fee7a6e", "comment": "Malware payload (RedLineStealer)", "value": "ab64460cd667c1964fc0ee034ec60d15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469362, "uuid": "75a556a0-a142-4a9d-b6dc-4818943ab273", "comment": "Malware payload (RedLineStealer)", "value": "7a762cd556ed7f6246e19b479783886714833f25e614e7ed922b2e1aae28e2ec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469362, "uuid": "0bfebe10-aa1e-485e-b4a2-6b2b8c4fb497", "comment": "Malware payload (RedLineStealer)", "value": "50aff9e5027939a6f3cb4d56dfa414f875e86f53", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469362, "uuid": "adb944c1-b0d3-4199-994f-2474f4033959", "comment": "Malware payload (RedLineStealer)", "value": "20a0f04693bf24c8ab2c883e8484b41b3eaef12ddf7e9614dd3782f832c4733303a551e7b6f55443d65198bb6e1d513c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469362, "uuid": "dd3079bd-c295-4266-9e9f-1ce1dfe78d8b", "value": "T13104D61437FCDD11D1BA5A3FA961A05086BF9802A842F75B76C367CD0E32B40F957AA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469362, "uuid": "44a714ce-8611-4175-9508-99ae136a68b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469362, "uuid": "b05b455b-fa2f-481b-9436-aacf745ece17", "value": "3072:IxqZWRZaPkOQ3rbep5FCh1XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+caH:2qZorYCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469362, "uuid": "26c35013-cc8e-40b6-bdf1-6044e809fe8b", "value": 179200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469362, "uuid": "f6270407-7243-4755-9525-e1efff239a4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469362, "uuid": "8c586465-ff4c-42c2-9622-12e68076ea4f", "value": "7a762cd556ed7f6246e19b479783886714833f25e614e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3505035c-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473573, "uuid": "1f9192ff-d8e8-431d-9f1a-11dd04431e9f", "comment": "Malware payload (Heodo)", "value": "fe55a6c6d8c858916984d55a14cafb5b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473573, "uuid": "050aa8cc-2b5f-4838-a6be-17b0017fba7f", "comment": "Malware payload (Heodo)", "value": "7ac3a5ac20d268c44e3361fe67d9360b88df8bf3d7e250b5ef13a8bf108e396e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473573, "uuid": "5f0c97db-deb5-43cb-9c97-3e53f9af3b98", "comment": "Malware payload (Heodo)", "value": "2da064c668253cf3c3d08cbda40bef0f71555404", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473573, "uuid": "2abe8de5-2fe8-434a-9372-0d507e3ad108", "comment": "Malware payload (Heodo)", "value": "3cca3891fb63e656b3e0cb04b19e1b1c65c07d1fe5ee9737e6d51794c940827884d8ca6c6544d2a2c0e1c1acabcefff2", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473573, "uuid": "8064f7bd-e8a6-4ba9-9f9a-6e0ad530b36c", "value": "T147052368C67295D1DE81E635B5321A09FBDE0791A8033CEDA5FD6C3D29F0E40973B922", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473573, "uuid": "eca3ee6c-a14d-415a-b4f5-9c92781cb15c", "value": "6144:LA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3N:k/fqmm2sObC7ezET7vh73N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473573, "uuid": "09fe8745-34a8-43cf-b4f4-d5ffc4f67540", "value": 870656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473573, "uuid": "7fea3d29-7728-4f88-8b89-b6703d8a8b27", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473573, "uuid": "f4ca64e9-ea2d-4a1f-8cb8-3621c5d25f46", "value": "TKK8yKdEvyYAbBE5avb.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fef24a2-c84c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679446479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446479, "uuid": "4d680c80-8143-485e-b2c6-26a1eb98317f", "comment": "Malware payload (Amadey)", "value": "a2ea709771ba905519c16b61a171ae14", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446479, "uuid": "00cfe8e7-fd6a-4a38-be17-2cabaef6e418", "comment": "Malware payload (Amadey)", "value": "7ae7605486a8b4809d05c25bc912ef667374d72a7fc39400fbdde42940db5b39", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446479, "uuid": "548eaa84-861e-425c-ad30-cd86d8b73613", "comment": "Malware payload (Amadey)", "value": "998ad4bb0a2ac2f33c22ed1cce984fa0dc541552", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446479, "uuid": "f8a6f673-1cc9-4dfe-b52f-a15a57aa106e", "comment": "Malware payload (Amadey)", "value": "2c80ebc22d20434e744bb46e0d9bfabf452b8b3232e4bd76ecdf02313407e77f9129da0e7eb96dd8d6f25272e49f375b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446479, "uuid": "7e400e48-8e3d-4507-b2f5-fb1b6bf66bf9", "value": "T18A64B50382E23D45EA168B739E1FC6FCB64DF2709E497B6532199E6B14B02B3C263711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446479, "uuid": "1ce4bce0-9aa1-4800-8437-1116b75877c3", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446479, "uuid": "78d04172-402b-4c21-a579-7d608809bfea", "value": "3072:n0t+7WULnoF70RcnaEVvTQIcbgAm3nHnOEf6/d5ZZUnWO8MyRDhGFpy10wZ2jQ:njWULoV0e5TQ+3pfeZ4WdsQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446479, "uuid": "7851f9fd-1bd3-445f-86fe-534f5f878c20", "value": 327680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446479, "uuid": "93fa90a4-516b-4fa4-b055-a48fa58039d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446479, "uuid": "598a0f92-d6ce-4cae-b443-621764a10678", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e720279-c8c3-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679497641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497641, "uuid": "5c0734f7-6012-4d93-a23e-818c0a734db8", "comment": "Malware payload (njrat)", "value": "5a9a6a9eb37c7b119e9677fee406cea7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497641, "uuid": "9c62df05-ef16-4cea-ab39-99d49f1f0552", "comment": "Malware payload (njrat)", "value": "7b60b49bb3a7c410268d4784ad66432b1d1599066f08eb4a352479f350b9a715", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497641, "uuid": "608c83f9-e83f-4d14-83d6-7cd20856f828", "comment": "Malware payload (njrat)", "value": "ea723a046fd79f89504cd1188dd0124c943431f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497641, "uuid": "10480d10-2dec-4405-bb16-49d9a3e66e9d", "comment": "Malware payload (njrat)", "value": "1ff9215ef91a20fecfcf3b31dd156ccce6b8d632df4ede04f69478e4e630517784b2f042a087237281df956751272579", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497641, "uuid": "b7390604-2a5e-482c-be50-0d7dcd257539", "value": "T16D734A4877F54A12E1BF0DB5897292221B36FC035D26F66D09D174AA5FB36C08A09FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497641, "uuid": "1e226eaa-1157-4144-9217-d1a857a30de0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497641, "uuid": "8737f505-be9b-4ba1-814f-d9b5ed97834e", "value": "1536:Slz+Zh7jDpLS5wpOk3JCK6pFoQTf6fOpd/9nEh9TGgHJxR:JQwpOk5CK6kO/9ESgHJx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679497641, "uuid": "7437ef6f-dad1-41da-90bf-89658e3d4c7f", "value": 79872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679497641, "uuid": "abc22d5c-5f00-45d9-a3cf-ef00b01ba3ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497641, "uuid": "aa18e0cd-77a4-40b0-82e8-0520c316e7f4", "value": "bKI4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef64dc3d-c85f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679454988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454988, "uuid": "9587e898-d093-4f24-8609-d5d3fc1b0a17", "comment": "Malware payload (RedLineStealer)", "value": "b5b01a188cd4e284e9cf66276bebed25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454988, "uuid": "6ee132a3-75f0-4fc7-86ed-ba15f630a783", "comment": "Malware payload (RedLineStealer)", "value": "7b807ddd2d28ab2d06c28846c5d451c92fd8a5850af2f7b9b27107c572437440", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454988, "uuid": "6bcd2ee1-24de-4217-8053-b98f516b6040", "comment": "Malware payload (RedLineStealer)", "value": "c860ef415518b6922dafdedad4b985a1d8f346d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454988, "uuid": "26047a6c-d9f7-49dc-94ba-ce427d93053a", "comment": "Malware payload (RedLineStealer)", "value": "a650e1ff5c2a6e90b049936c2492839c2f9e9bcd3afe5accbff941595180629290db4f779e33073d05976a4fde1cf796", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454988, "uuid": "1a071b80-c844-474c-b6b3-869ef7503792", "value": "T1A2442913311B3D60E4FA69B889DCF3865516E3710A6DCB5D73AF0E6A4E05DC38960B36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454988, "uuid": "b7c496d6-745f-409d-9556-acce7429a6b9", "value": "eb34989b8fe3c43ef88d833129f3453a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454988, "uuid": "946f0f35-6694-4cf9-b7f9-da3d267eda19", "value": "3072:gGpYZxZReEYMyHM5p8PHagLQuUFPpj6B9FDtAwHu40jzEO8lCwi6TlTXmv6txIxB:riq9NM2vMuSeFqwSjzxNwiWxXy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679454988, "uuid": "11c37298-dd67-42fa-b37b-01be67b77fac", "value": 265208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679454988, "uuid": "0d0abe7c-49ee-450f-9dff-84d552b7a3bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454988, "uuid": "e49d0745-131b-40d8-8204-e6d5b92555d2", "value": "Gta 5 Mod Menu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46b2521a-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679475321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475321, "uuid": "35366827-8fe7-4af1-a777-ea326eb82b05", "comment": "Malware payload", "value": "6987aabe3dc70105e0ac249f06e33f59", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475321, "uuid": "79812864-f06d-4fda-99f4-77da49e603f1", "comment": "Malware payload", "value": "7c337c5af34ea63f0da9e78e4d277b6c2243d949fedfeae4a88a91ac693e4458", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475321, "uuid": "3538adc7-13cf-46db-94ef-562f765cbeae", "comment": "Malware payload", "value": "b79952214b0716d363e34e369658dc61309ab718", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475321, "uuid": "7e074def-2dc4-4ca0-a859-ddcfb4b31b14", "comment": "Malware payload", "value": "f139d11281eef0da3d29f6d0d8df131b2f7327cfac776dc004c6b75de32e666cbe703e7d5664949775d8a47dd0b5ca1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475321, "uuid": "71d6befe-2752-4141-a4c1-af5ebc662321", "value": "T175E417809F59AA17D1BD5F3BA4F214108FB2F3129876E35E1D8C22F91A83735794C26B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475321, "uuid": "ad356c7f-5b00-4685-8dc9-e9d41314a35b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475321, "uuid": "6eb73e7b-d24a-4229-9606-5ce0d121446a", "value": "12288:xrvXCTzgDwxDUM1jv+RzexLhG85/Vu0i7iOr/GS:xrvXCADENjv+yLU8hVuNXjGS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475321, "uuid": "feb29244-7ca7-4b79-ae89-781e3c7d45ba", "value": 707584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475321, "uuid": "a25b9a14-86c6-4179-9ab2-7df070e9d560", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475321, "uuid": "cf5dcf6f-bfd4-403b-a029-a4a5e3004ca3", "value": "RFQ-20001123-GLOMACO,PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa712b1b-c8bf-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679496104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496104, "uuid": "18e498f6-8edf-4cbf-8d42-65d2f2973eed", "comment": "Malware payload (AgentTesla)", "value": "d5be84afe35f4bf9a99949fb0fa66f6b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496104, "uuid": "be2c66d2-b742-4377-ab19-55145adad6e1", "comment": "Malware payload (AgentTesla)", "value": "7c4ed8f01c97ad84245dc9b7407c05d1a60af53653cffb41d798e403289909af", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496104, "uuid": "1834a667-6ebd-414b-b36e-2e67a71b7f01", "comment": "Malware payload (AgentTesla)", "value": "c74a704bd3c5ee61fc941ba0d2cbd0072de74a01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496104, "uuid": "4e38ae8d-9779-49a4-b816-f36fda0a4df2", "comment": "Malware payload (AgentTesla)", "value": "50f88b3e10350149cd5b1cd3273f1d45edb9855a96c3450f06eb5eecc69a50dbd50c8d22704e86b06cf2379b3b77c158", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496104, "uuid": "a52d52e3-2601-4364-903e-35533e088035", "value": "T14384CF512765CD03E78142B84156E7BC8E266ED8BD16CF2367F8BCD7B914B27282E183", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496104, "uuid": "fa5db68e-2d7a-442d-9fb0-3614d82c28bf", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496104, "uuid": "17ac7871-08a3-4f49-afb5-c131381fe7ef", "value": "6144:ZspNjlsvCnvxZGVGGMrYfXcHQSiZvIQn1ItsWdOSxjmt80dyhPgYoDWUOtMXnEbw:ZcBwLR4sWYghlOYQMtOEJC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496104, "uuid": "cd985f41-bde6-4c6b-93a4-86d9fd1b39b6", "value": 384464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496104, "uuid": "a9e982b8-b437-47fb-ac7a-c778f65b2382", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496104, "uuid": "e7ce1604-4214-45b5-a0e8-cb66288a1ae2", "value": "rknotter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09f1b82b-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500559, "uuid": "170c6e3f-f921-449e-9486-7f261843d438", "comment": "Malware payload (SnakeKeylogger)", "value": "1308183d0a10ecb6c651b3cbecbd1cc3", "object_relation": "md5", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500559, "uuid": "da86b471-d9b2-4252-9774-38adf0f3d48d", "comment": "Malware payload (SnakeKeylogger)", "value": "7ce31e6b544440abdb2bce652942a8506fbac9d90c5a5c34668d55319c8ab0f0", "object_relation": "sha256", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500559, "uuid": "8709f0d6-1f50-49ed-805a-eaebfb56f37d", "comment": "Malware payload (SnakeKeylogger)", "value": "348df03b796ee402a799a1ad0a2f7c6773d4e92e", "object_relation": "sha1", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500559, "uuid": "aefb1fe5-6862-449d-8fae-f49dbafba3cd", "comment": "Malware payload (SnakeKeylogger)", "value": "204bfe1b36aa503cd03ce2920ff522b6515ae88e0023ee47053ebf9567e5703bd1b9c7caf0f2ec9707b5f95a993b62fc", "object_relation": "sha3-384", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500559, "uuid": "05e00b48-d10a-44b5-92a4-36acc25472d9", "value": "T18DB58C51FCDB24F1EA43553248A762AF2335A9091B319FC7DA447B7EAC736E00E32256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500559, "uuid": "c3b6776a-bb48-4de1-bd27-99c115e1811b", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500559, "uuid": "be2a07da-2260-4109-9d79-abbc93979441", "value": "24576:ENiFglLp8LdQcNR8DrzbVGP9e2qOvzejJLxtcD/kh0NTKUTZUiW7qDMWxvtxWYzd:E59zMNe/OkyTezYz1tZD1V5NQSrBnbx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500559, "uuid": "0f5660f7-56db-4a26-ace9-fd9b32cb265f", "value": 2455040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500559, "uuid": "1a04abc7-c604-4a05-83f6-34815e6a3163", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500559, "uuid": "e4950125-851c-4223-9d3e-19c54fc757a1", "value": "876543456789876.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "accbf132-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679448004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448004, "uuid": "289ac62d-48cf-4e59-ae58-3c16759f1fe3", "comment": "Malware payload (Amadey)", "value": "2e438ff38a0234ca54f55fab4c270a8c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448004, "uuid": "1b3f6685-9c75-4368-b6d8-20c048522b33", "comment": "Malware payload (Amadey)", "value": "7d886206269d2b22588d6ae73c73c983c5bd725d2ba9eaeba3a32a1351e5eafb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448004, "uuid": "45139897-40af-4a0a-96f7-15bdb9569536", "comment": "Malware payload (Amadey)", "value": "fbc32ae013b06d63c5039d44d519fd78109c7a5e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448004, "uuid": "86a4d875-cb9f-444b-a675-c284ddcd925e", "comment": "Malware payload (Amadey)", "value": "81145b4f624b828fbc9a998c6f5b097a2cfc4682d436960ee9663a37e6b885fa62f317163482487cd78be3d2b169a309", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448004, "uuid": "3217efd7-f016-4216-a605-cdfcff35dfa1", "value": "T12855E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448004, "uuid": "41b9679e-8b0a-49c9-82fd-3e93653696cc", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448004, "uuid": "e131ec37-a517-4627-826a-8b9104aafcd5", "value": "24576:inzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:QC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448004, "uuid": "a9032fcc-9457-44bb-a4f2-edd8414b5de8", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448004, "uuid": "21124be9-96c5-4716-b46d-c91250c61639", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448004, "uuid": "33763e87-cf71-48d2-a269-d6f2ffddfbfe", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f35e1c61-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679500521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500521, "uuid": "a3c8c14b-6bf9-49cb-9bc5-7d1df2c5cc37", "comment": "Malware payload (RemcosRAT)", "value": "9b999fbb6f2ddc5aabb1db294203c953", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500521, "uuid": "ca186496-7e79-4a84-813e-b1d5e63458d2", "comment": "Malware payload (RemcosRAT)", "value": "7e09b162052fa0f01f2d48609446e1cc66fea01afa412d5aee4cca9afa98fe52", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500521, "uuid": "8011e858-4a74-4344-bba1-fa21ad649f6f", "comment": "Malware payload (RemcosRAT)", "value": "0d56dff0ac076ee62a5239ebdabd5e3a59b5916c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500521, "uuid": "227f5cc8-9e63-4971-812f-48e7198890ea", "comment": "Malware payload (RemcosRAT)", "value": "04fd78550beaf50260860cc2e9bd11f1729936f61768f3fbc8fb91bc782d1af4c83980ff5317f74f055880bdaec11196", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500521, "uuid": "732359a7-1639-4a02-8877-109b74864518", "value": "T14C45121637998B86C2BC67BD14F2904003BABF3B2352EB4D1EC630DA517BB99CA51753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500521, "uuid": "96dfb997-43d3-4fa5-abe0-87c2fab8417f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500521, "uuid": "c08122fa-7593-4ee0-8b08-8c53fb34a785", "value": "24576:al06MFYr0PLhaX7nXdrj1IJNf+QQCwQZI5RHsHgZfW4l0:alL8YnzU+QtC5RHsA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500521, "uuid": "21456e0a-2dec-41e5-913e-2885c85a8d8e", "value": 1249792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500521, "uuid": "a359926e-b276-469b-9c79-803bcbd22fdd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500521, "uuid": "1d451748-e15b-4f7b-a7cd-ad11a37f710a", "value": "hesaphareketi-01.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed405812-c8ee-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516402, "uuid": "08f5a997-bab7-4ae3-8ea7-2905177ee96d", "comment": "Malware payload", "value": "fe8296d57976d146ae9b88d3b658ea42", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516402, "uuid": "5c8b6dbb-0c4f-4049-a7ac-dc9814ef7116", "comment": "Malware payload", "value": "7e09bfc7d352248d9a22fe2c8e6c51d07436121e62cf58f447d6e69845eca6f1", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516402, "uuid": "7903602e-d0b6-4cea-8c2a-b835033ce2d6", "comment": "Malware payload", "value": "ddb7b032184fb126faefea90a901575dcc3931d2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516402, "uuid": "c382b3eb-1ff2-4520-b224-735bfacaef41", "comment": "Malware payload", "value": "190ac3bcc14aaac9f647d19b37d9ebc9e0f7eb7dca6b3f3a106c38c00fb10274ac7523058285ea1395dd085a04feb8e5", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516402, "uuid": "bdbeabea-307c-482a-b3f8-aa3d11e31f01", "value": "T1BBC2F71867FA4A35F6FB2EB92CB1214157B5BC63DD3DD75C188E004D0822B9C8DA0BB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516402, "uuid": "4acafff6-6549-4f3a-8352-d00843acc633", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516402, "uuid": "a5d3f514-1054-4c95-b095-745992140e24", "value": "384:3OgHsLT31RyzatgWViaQiMvJ3Kr91C0YbJQyTqahnQnE1Kr:3OgHsv2zm3FHMBar9dYbjTqUQnE1Kr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516402, "uuid": "ed789205-e6c0-49d8-ac06-f8cec94fc384", "value": 25976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516402, "uuid": "2f925271-88b9-4370-ac70-194c8a33fa7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516402, "uuid": "cba11837-de3b-4b61-afaa-c0dbd7f3d69c", "value": "2023-03-22_fe8296d57976d146ae9b88d3b658ea42_destroyer_wannacry", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab4ef444-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448861, "uuid": "cb0cb9cf-1daa-4bfd-98cc-7d94a17a1e86", "comment": "Malware payload (Rhadamanthys)", "value": "227b4da791aa53496c09ab4912378dbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448861, "uuid": "0bc55581-4fe1-45a7-874c-cb9914cf987b", "comment": "Malware payload (Rhadamanthys)", "value": "7faeb3f847830a2c52322565d8e73e07000003ccb54310790e10756cd3b2ff6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448861, "uuid": "b3f81e4d-f809-4de4-96c9-39bc158cf5dc", "comment": "Malware payload (Rhadamanthys)", "value": "c4d7d04ce92ea5c5df8307883e4aace820f3a567", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448861, "uuid": "2d02f0eb-da95-4f1e-9735-dde4c258ede2", "comment": "Malware payload (Rhadamanthys)", "value": "03981027d282b585dcd1bce82b8d843631efd1a07bdc7c0cb4349ff1ea435de70f661b6c9afae5addf880433f4ce7446", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448861, "uuid": "23d0ddef-cc9a-4296-b464-3c981b7fa039", "value": "T11B84F70383A2BD45EA258B739F1FC6F8B64DB2709E497B7532189E6B14B42B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448861, "uuid": "54dc249e-a71d-464a-9479-582be580a9e7", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448861, "uuid": "6cb23021-572b-49b7-bb73-a4d4fa500011", "value": "6144:s7tfBLWlkQ2vo8qNn9BikCCi2evZvOybJCpvpW5/Q:s7tfBCGQ2vo7N9kXdvXtC/W5Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448861, "uuid": "a8579013-972e-4c0e-820c-e495ee3dc96d", "value": 392192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448861, "uuid": "e46d3b6e-cc74-43eb-8598-91e6c63711df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448861, "uuid": "2f0b6fc0-f44b-45be-bc6c-8c9b500b9712", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cbef41d-c8ba-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679493906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493906, "uuid": "acbb42d6-66f6-4d56-bc82-253ab88ae6a8", "comment": "Malware payload (njrat)", "value": "629c0dfd3a9b0377cfe5f04629dc6b7f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493906, "uuid": "ebf9665c-e557-469c-b0cf-6f20e71e8362", "comment": "Malware payload (njrat)", "value": "8026b74f56f884cf8aa106f6263dafdcad5b2bd8b458578aea30cc397e0de7c1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493906, "uuid": "18d4de25-ec77-422c-9a0c-2d7bb53ab7b2", "comment": "Malware payload (njrat)", "value": "c4f7e46c7d2c6ee69d0747874a3a215101931751", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493906, "uuid": "e36cb243-8332-4427-a6a4-fe08907a9984", "comment": "Malware payload (njrat)", "value": "fbd704be6432dd0fe7454c0a419298bf8bfcd5fcc38898db6420efe3984e1ecea2ac1f910085f21385bf4e6d1983d8e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493906, "uuid": "6564f62d-6de4-4efc-ba69-0fb4d20574bb", "value": "T1AC03294D7FE18168C5FD497B05B2E01307BAE04B6E23DD0E8EE1649A37636C58F50AE2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493906, "uuid": "ad801c06-9d63-4d7d-bdb6-a107fec5e9b3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493906, "uuid": "f35ff3e3-d229-471d-9620-c4e04eeaffb5", "value": "384:DeLx1kit8Zf5W9cTYXyc/bBM0izvncnPMIurAF+rMRTyN/0L+EcoinblneHQM3ei:CLxKjjTYic/be0PM/rM+rMRa8NuH2t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679493906, "uuid": "b76c5e7a-8eb7-470b-b006-051b419401bc", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679493906, "uuid": "084767ff-c479-4c41-b9c8-f32d3f95bb73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493906, "uuid": "ac5ce7ab-6bca-49a2-bbca-543dd8c0f93e", "value": "h.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87dac468-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679511937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511937, "uuid": "d43cf289-801b-499b-87ae-0ce1f375ce35", "comment": "Malware payload (GCleaner)", "value": "3f360e06cab641849ccbe123e0bbe7ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511937, "uuid": "d8c99420-8336-4149-9c7d-de75bd396334", "comment": "Malware payload (GCleaner)", "value": "8109b95b342d5d5e160d4c80742fbab59e1987eca6ecbb083853551d87415e44", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511937, "uuid": "cf533537-2de1-4e76-b96b-7fab1e75064f", "comment": "Malware payload (GCleaner)", "value": "a7990f433ab8745c25ed8e2a6634f1b81d77d466", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511937, "uuid": "9d2888b9-8e8b-4d82-8082-4bd207c43360", "comment": "Malware payload (GCleaner)", "value": "8dcfbdb6305b2a77ff457ceb5f45ac20f5b521ca49cc62a71948379cf2f0949cb00a699ab4d1bcc539f2f4b2a622d9c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511937, "uuid": "91526973-0bc9-4320-9634-8b4b2a800038", "value": "T1D9A53347FEC24672D453D474AC9A83518BA97F924E2C40BEB5D8ABDCAF7F182C919310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511937, "uuid": "9e5deaac-9161-4cdd-b096-a17a1f7bfcaa", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511937, "uuid": "01667d39-9696-4489-ab45-d9ddffee53a5", "value": "49152:EGlJfskIIiXlZsE2EceOGQJLw3Y2oMgDBFQM0sB5dlLYp:5w1s/EVHYRMgNFQns3PYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511937, "uuid": "5203d808-48a2-43de-8221-5ec9c4298dbe", "value": 2202360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511937, "uuid": "27313baa-8720-4783-b5c5-cbca4abf7c89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511937, "uuid": "ca8904f8-deb0-4293-8f17-8c50ae0a26e0", "value": "3f360e06cab641849ccbe123e0bbe7ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b5b0766-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679473637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473637, "uuid": "5e5cda7a-782e-45ae-a201-8dba65bdadff", "comment": "Malware payload (Mirai)", "value": "5d4807617a61dfc3c2a49ff39628629a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473637, "uuid": "a9af6856-b3bb-491c-9e16-2e3aa5f14b6b", "comment": "Malware payload (Mirai)", "value": "818e772dd6bf9509f63e76d3757b7644a44315ad0762f1f5f7f30f776ca9f29e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473637, "uuid": "8dd854f8-a5a0-4200-93ac-58b59f0524c2", "comment": "Malware payload (Mirai)", "value": "d7976eecf982c52b283ad31eed588daea35a4ff8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473637, "uuid": "8af97044-2c2c-4c88-8b5c-aebaf23ff4d2", "comment": "Malware payload (Mirai)", "value": "0a6956315543ae6f2d9273038e8618a8c29fbaa109482e97a8eb9a9096fc76e95e721b377f5bd690b15149aa00b665d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473637, "uuid": "25f71054-78da-43d3-b375-b29c76fb3df4", "value": "T184E300215866E216C4A7FFACFFE57AA6435DF2434E898A1360E0104E4DF6D6C701FAD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473637, "uuid": "b5fd54d0-ef93-42d1-aa00-07ee79a5a27c", "value": "1536:XqNXIJQ+quKQ7z+vFpClC8FXmOlcCadhQzNQRT:XqNXI2bBQ2pClVlcCadhQzqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473637, "uuid": "9c43756e-d7a0-4da6-8a58-86083da879ea", "value": 153384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473637, "uuid": "e91039ab-8cc1-4838-9ad0-ae04efcf63dc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473637, "uuid": "8e489b72-bb59-40ac-88ef-b8fded0dc636", "value": "5d4807617a61dfc3c2a49ff39628629a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46363ae7-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474031, "uuid": "827f074e-b801-4d9b-bfe9-83b5c4404bd8", "comment": "Malware payload (Heodo)", "value": "664cbe7538fe6af745ff2215c42710b8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474031, "uuid": "640168b0-77c8-4da1-ba15-ddf4d4c5abf6", "comment": "Malware payload (Heodo)", "value": "8191369e73a40c93d1f133c14f9c351d90fbc7c7298ddd7c1f8d96c64dd7c6dd", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474031, "uuid": "87606aff-e7ec-46d3-8a95-065b9847d363", "comment": "Malware payload (Heodo)", "value": "c76bc883848ab8765bfd7a6393990683395cc31e", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474031, "uuid": "def7867a-e3a4-4340-8715-6f68a25597e1", "comment": "Malware payload (Heodo)", "value": "9ad4013d19ac6b1b1c4d94ff50a89a8dc59c12a95aadac003f3ab0d98df9b09629a6c63235a2b9a13a6dad1bc89a7f13", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474031, "uuid": "6b190572-21af-4f6e-8208-579e97cb5f4f", "value": "T1F12523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6842126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474031, "uuid": "1a419620-16c8-444f-8ee0-63584f25b76a", "value": "12288:+kf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deY:tXzNdfKluvnRHthzfoYxJll", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474031, "uuid": "c4bdfbaf-490d-4687-bdac-22769a18dbae", "value": 981826, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474031, "uuid": "46de404f-d4f4-40dd-ad13-ea7dc7e6ff0a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474031, "uuid": "92609300-325f-4151-ae44-2b51a9999bb9", "value": "hAv6jCxroyQIUlQoHH.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42630c23-c8b2-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679490346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490346, "uuid": "a2a36839-60ad-4763-940e-38a02aec44a6", "comment": "Malware payload (RedLineStealer)", "value": "102412306763c03bef223b653409a0f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490346, "uuid": "a8cb0ffa-d7f8-4e16-9064-66db258c4647", "comment": "Malware payload (RedLineStealer)", "value": "824f404bfac8afe50be9698a6edb1e4c345c03be242d8d870308bfb5645801dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490346, "uuid": "ac921723-ceb8-40c5-a862-9b3b08052f33", "comment": "Malware payload (RedLineStealer)", "value": "789a84977f75e235d5b4972c9e10a3b08f477958", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490346, "uuid": "5add535a-6c70-464b-9725-06622f925ac5", "comment": "Malware payload (RedLineStealer)", "value": "06d8586f0cb63f541fef888566dcd2d7012b37d4a94bf52a5da9c1034631b47e55996e82a280942c62b956e15a6aa35a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490346, "uuid": "d2b1e40a-5627-4bed-aadd-2c3488f9489d", "value": "T1FD252312B2E88472C5F967B01CF107870A393DE09971866B2B59F85B4C73AD29471BBF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490346, "uuid": "6baf4381-734f-4467-8e9d-2e457c7c842b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490346, "uuid": "8939fe57-80cb-4676-98b7-7c8fe1713904", "value": "24576:2yWptZ0XnPymulvpDFilam2Asyw3tBUJHRtXze:FWjiXKVDilamLyjUHRtX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490346, "uuid": "53cf379f-1dfa-4849-822d-47eded9123a1", "value": 1031680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490346, "uuid": "94e7d308-c2b3-4f9a-b383-bfa263c96b97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490346, "uuid": "9f4c4cc2-1e9c-49f7-ac96-4b1278569115", "value": "824f404bfac8afe50be9698a6edb1e4c345c03be242d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcaa781a-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679449427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449427, "uuid": "70d4ffd6-61fd-4705-a3aa-fcf8bf649e3c", "comment": "Malware payload (Stop)", "value": "22b0cbab935ead639b3cdb875b7dabbb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449427, "uuid": "c981039d-be89-4825-99e1-fd69c803cec8", "comment": "Malware payload (Stop)", "value": "82515bb4fb5f3c67b48addca1f08cc2465690f8fac991ea30c68ceceba22a1d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449427, "uuid": "31338d91-b8c3-48e5-ad5f-11b80dca1320", "comment": "Malware payload (Stop)", "value": "2b7ca913249c3d3dbaa6261a6b3c0a7802c7d268", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449427, "uuid": "543de33e-510b-48a8-87d4-d5ea6756c121", "comment": "Malware payload (Stop)", "value": "a169d443a635de463906525703bc683b24ef6a058351321195b002ce48eb213b5cf02c172e0824b4f091dbba2a3f9ff8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449427, "uuid": "52517302-3ab6-4ce5-8b0f-b4ae74098d31", "value": "T1CBF41221B692C0B7D59606B65511CAB06E37B8B0CB6E9EC77B9447BD4F303E28E31352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449427, "uuid": "08f03177-5256-490d-ae50-aa3aab194cad", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449427, "uuid": "a092c507-8150-40da-9199-ae3d481340e9", "value": "12288:chtstJumGmuJHWCzZacBG6pHdmGq54uaieaFr+ohZGE2KEmY/ZcWdrbxrGu3rGm:6CTumGmu1WCzZ//ZdmdWieaB+YZR2KEN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449427, "uuid": "ae90c1a9-46c6-4b90-b9a2-bbd5dc6840d7", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449427, "uuid": "6e01b563-67c1-469c-98e5-69102d1db452", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449427, "uuid": "ce1acadb-643c-4a0a-951c-ec91c77ef945", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5eb7df5-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501680, "uuid": "f3673c8e-c3df-426c-8904-e8e86805e6a0", "comment": "Malware payload (Heodo)", "value": "d16fb990f2db97fdf879610ade214aed", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501680, "uuid": "77ba878b-d4f3-42f1-b71d-df4b8441bb9c", "comment": "Malware payload (Heodo)", "value": "828a308d7e541fb96aa897cb5e0cbf35dee1b7d9df9556a1a3b8486954714c2b", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501680, "uuid": "0ae6ae6d-1d1a-46e3-b505-f368590ee67e", "comment": "Malware payload (Heodo)", "value": "dbd20110ac267dc54d93b73e4abadef995a87411", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501680, "uuid": "e146a5ce-d12c-4819-96d4-4f496796e0d5", "comment": "Malware payload (Heodo)", "value": "58fe762f1158c151372100c43517cea48008f0329e68145a85d59484560dbd385c6210767c475a3f7710a9437d267804", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501680, "uuid": "db1a9445-973f-4c25-8685-e62341916b51", "value": "T19134C352A342CE2FDB4241345D4BBFF6A31DEC984F2F85922045F2AD2D3ED26E362594", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501680, "uuid": "c4c283a9-8eef-44c4-8040-aa9af915bb5b", "value": "3072:Z3KeWtsWzAhUDz4+1ka6+31RsoF7OSg8TnSjetGFah:ZKeRCmolJhh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501680, "uuid": "cee83891-de06-4978-aaad-ea30a79e5210", "value": 234496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501680, "uuid": "b584eeb3-3017-4e89-b5e2-768233502ce0", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501680, "uuid": "c2f2421e-2b47-49aa-8f8f-ff9dc2940b09", "value": "2023-03-22_0821.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3679d0c-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679501756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501756, "uuid": "9a23bd33-9672-41a9-926a-daaee003a8b8", "comment": "Malware payload (Loki)", "value": "2d4ca2524ee082868a02d802186b8780", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501756, "uuid": "fa75464b-63eb-440e-b63d-f6f3533077f8", "comment": "Malware payload (Loki)", "value": "82ec1b1f35da672f80578596f0a328c279105ddf2b3c8632667333f0c0ba081a", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501756, "uuid": "f78b04c2-a477-4051-8c2a-8af1cadb51da", "comment": "Malware payload (Loki)", "value": "57b30e34b56bfaf268ef89dfe972128e4c8801ec", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501756, "uuid": "77302864-852a-4531-b148-511fa9e4dc1b", "comment": "Malware payload (Loki)", "value": "28be6e18e8312378e3c5fabe11dcedb0dd89c2cb3c50c3526af5052d6ef8c213f9294c4cafc7e5c68aae128755e9f8f6", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501756, "uuid": "b0057e21-9cf9-4b63-93d7-99bf679a5fc0", "value": "T17A351213F9848D46D48247F93BE37999131EBC626BD6A1C72748B70F6F78AE4860311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501756, "uuid": "7ee862f5-8177-4579-8498-6cfee7ddfa60", "value": "24576:ALKFWQmmav30x2+MXUu9uf3+MXUu9M3bVg+MXUu9z3bVruxi/6nLO6J:ALKEQmmQ308+MXV9I+MXV9M3bVg+MXVg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501756, "uuid": "f1d0e7d1-44f8-44f5-96b3-5fd2e4afa1a9", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501756, "uuid": "da4fab0b-ea18-457f-9dfa-c45483252ac2", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501756, "uuid": "b057163b-cf2f-469f-86b5-8a34079f8b08", "value": "Product List order 19203.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "565cfa67-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679473629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473629, "uuid": "97853f47-a44f-4f0c-8104-ae1e439954cd", "comment": "Malware payload (Mirai)", "value": "c358704b20ae990318514689f2989eba", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473629, "uuid": "e9d92f7a-29d1-49f5-b305-476dc4029d23", "comment": "Malware payload (Mirai)", "value": "83630d9cb3af68f5861ac518ceb4c3bdbee824477212c8ee1160a2adc15158fd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473629, "uuid": "3eb16e0d-7591-4fef-bb64-acfdb18a33a3", "comment": "Malware payload (Mirai)", "value": "257a7588b884c58a024d21b2110ce2dd9e651fbc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473629, "uuid": "c484989d-9610-4669-a50d-e9c4220a6f1d", "comment": "Malware payload (Mirai)", "value": "3c0612caecfcb2dbc0768fb2b1dda0924f155385e6c73be97c26ae1eb5802c4c1d7283f68dd19bb4ddb7ea4d6cc774c6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473629, "uuid": "e2f50ff9-40d1-4e2d-90d6-894296a646c3", "value": "T113638C66C1785DA0D144497076A8CEB44B17B900A2A37FF5CBC28F668407AFCF2497FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473629, "uuid": "f4992996-7685-4d05-b29b-a26196070efb", "value": "768:z/TIdRFvyayvzw9We9c0URT2DUIwHvFt1lCoDiPV44g5N2tS7IRtiL5QCu052D6X:z/EHByayJpJXvFFESsNs2UJalu8Czp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473629, "uuid": "6d0aff91-8657-4b77-ba24-66063c5e2954", "value": 70752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473629, "uuid": "33e182ee-ff71-40c8-a868-01f7dd48b2fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473629, "uuid": "b76e5709-4c5b-4d0c-b689-4e12a2e28b2a", "value": "c358704b20ae990318514689f2989eba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4da34e0-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472902, "uuid": "fe948324-22ff-4312-8b0e-b1ba770ca6fb", "comment": "Malware payload (Mirai)", "value": "f01eebfd87891ddcb0965d553bb64990", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472902, "uuid": "36b8cee1-11ad-4b39-a4dd-0ae83869cde3", "comment": "Malware payload (Mirai)", "value": "839877b31328dfe94b13132a2b52bc83872f036c3fdf7afc9cffc09d1ae1e27d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472902, "uuid": "459c3ce5-a07b-4add-9c0d-fd37c429c53f", "comment": "Malware payload (Mirai)", "value": "6bf93aa59ed67e55ae8cbef2f4f2bec97eb41835", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472902, "uuid": "a09603d5-ee9c-419f-9c66-82909da0f6d8", "comment": "Malware payload (Mirai)", "value": "17f5ffe3cbad494576af337b67db2be06703432b922c11ea23cef2cfd2748fa11a77949ec050cf16ca142320984c8a55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472902, "uuid": "2027e8c0-6ac4-4d53-9991-b5330a9c6846", "value": "T187633AC9A5C3F9F1EC040A39307BAB7699B7F53B6139EE9FD3D82563A901602D00265D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472902, "uuid": "dac591e1-aa71-4305-a492-93edefa15484", "value": "1536:m4/aT1T71yYlupXqMmJmBr4vMFnKi9IF2EsQ18H4cjWX3n5759gZb4RA:b/aJT7MxNpmJm94vMFnK9FrCH4lnF2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472902, "uuid": "3bc3d285-7a2a-454d-89a3-16ebed60b0b6", "value": 70416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472902, "uuid": "3e4d448b-819c-4c96-b7ef-858eea131757", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472902, "uuid": "a9220f75-70c2-44dc-bc72-d85a2a923492", "value": "f01eebfd87891ddcb0965d553bb64990", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cada5fa8-c84c-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679446766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446766, "uuid": "1da70854-9e07-4985-896a-34da9ac80706", "comment": "Malware payload (njrat)", "value": "8a367a4b0ea66006beefbd56e892c5f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446766, "uuid": "04f6cab9-83c2-49e3-a4c0-8ae2a7c4b8ca", "comment": "Malware payload (njrat)", "value": "83cb7493e69f355f1b855e1b102ccae6423edb86e7e58475e645b34c03ebac11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446766, "uuid": "292e454c-2006-4708-87e4-d8121e34f9e8", "comment": "Malware payload (njrat)", "value": "71630298d15d8e66c89d51bcdafcd52cdea82879", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446766, "uuid": "91c3f4ed-42ff-4287-b3ea-b5e063cd5fc8", "comment": "Malware payload (njrat)", "value": "c67a95be1ddf76ecdfd02b798017ae61abfd76fe5f6339541e503b0c283a090d48c0712b6d383b4a885065171c1a7769", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446766, "uuid": "ae54201f-da7d-4a76-ae92-9d964d1b576c", "value": "T16A031A4D7FE18168C5FD167B05B2D42207BAE04B6A23D91E8EE164EA37636C18F50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446766, "uuid": "41363635-557e-4225-948d-ad2e6b8ccca3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446766, "uuid": "149f5054-b4bd-4e10-acf0-0eae1dd175b4", "value": "384:XOQZQzCis/UiieQJExytPsjfXn9w6sZNrAF+rMRTyN/0L+EcoinblneHQM3epzXo:+QaYOJftPsjFlsXrM+rMRa8Nuge2t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446766, "uuid": "1dcf0e5c-e67a-491d-8b84-e807c1b6e572", "value": 38400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446766, "uuid": "20cc3e1b-163c-4904-b7c8-2f7fa3182eb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446766, "uuid": "2b7ecaff-657e-43e0-8195-9abc20f5d2cc", "value": "PRIVATE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9949264-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679482009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482009, "uuid": "e1037f49-0f00-466a-bd36-d424a17966b7", "comment": "Malware payload (Gozi)", "value": "efbf74507e9d74f3e972192b91e56b86", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482009, "uuid": "87f96f8a-6a50-4c76-8fc7-44170eca0764", "comment": "Malware payload (Gozi)", "value": "83ece9c5d6ffe0e99276becec96bc1c181a731ebd2fb95eaef329d2fbbec7271", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482009, "uuid": "3082e980-4d5a-4882-8140-abf173477a7b", "comment": "Malware payload (Gozi)", "value": "3f9f62850609b83da61dab3c35786e73fffb577b", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679482009, "uuid": "b24c2958-7252-4567-aaa7-60ef960f1d4a", "comment": "Malware payload (Gozi)", "value": "7df80088010a62f38e3d0b13bbd1df12fefabdaca3beb27f5da2fbe63c019a6eef7fa52d968baa09981b4031eb88f5be", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482009, "uuid": "46bb81b3-813a-4947-832c-bf5cf34c3270", "value": "T1FF746DC253E16C20E6124732BE2FCBF86A2EFC619E557B6E2355AE3F0974063D152709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482009, "uuid": "8758c93a-ebd6-4e04-8cfd-44ee195484a0", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482009, "uuid": "4ac6689a-ed0d-44af-9073-3a0a1820ded1", "value": "3072:9iPDl3kk8R4hjb9rDSi26AhZL9xFSjMfur0VZclldBYkKKu23hzA2gAgwn0JV:cZq2r+ic5xFSj3mMBCKTA2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679482009, "uuid": "cdff8b68-645c-4006-8d6a-5a715e57bb6d", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679482009, "uuid": "426db57c-59b4-4f18-ac4b-a40bf1096993", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679482009, "uuid": "2b170e8b-638f-4d0c-8084-e3042adc621d", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e82edd91-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520689, "uuid": "735b758f-58ff-41b0-9083-78b9a26778c8", "comment": "Malware payload (Gafgyt)", "value": "86b8a393e7909fc812c0d58a9a5fc32d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520689, "uuid": "bf3d51d9-b5e8-45b7-a091-13d6b0148da0", "comment": "Malware payload (Gafgyt)", "value": "84234be3fd3888b6ae1a6065c8dea01907c10fa17e07d084bcb79fc0e9ef8d10", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520689, "uuid": "fc7736f9-812b-4b33-812a-681374082e7c", "comment": "Malware payload (Gafgyt)", "value": "f1cca01547cd042910a3535ee451b0fcef439834", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520689, "uuid": "9caa3fb6-c136-45a1-908d-4007a597439d", "comment": "Malware payload (Gafgyt)", "value": "3de37cc72612a1d2e5678ce4793d3df91e58a6da5518011656d88aec3267a5fd27ac60f3936c183349d3f8ae2285fcaa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520689, "uuid": "071f003e-df0d-4b18-bfc6-816bc3441bcb", "value": "T12AA35B8AD743C2B3CC530AB2124BA66A4621FD3B092E9F49F7197DB09F374C97125B51", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520689, "uuid": "d78f3b50-84d0-44b4-ba7e-eed910e3bf00", "value": "3072:4WCjQrLpnr85EdT9Oa8vqbVr7Y/CEgmqAgcVyZIcBI:4f5EdTbpr7YWmqAgcVyZIcBI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520689, "uuid": "138859f6-8560-4c1d-908f-09fae13ba5c6", "value": 99084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520689, "uuid": "9b375c92-3835-420d-92e3-655574eb2aff", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520689, "uuid": "258c0f3e-6c86-4d69-82b4-f30352cd4eab", "value": "86b8a393e7909fc812c0d58a9a5fc32d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfef2229-c8c3-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679497858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497858, "uuid": "004f1961-e4e0-4345-b822-f66f877e488c", "comment": "Malware payload (RedLineStealer)", "value": "7afe947a0be437b8285a6b61556dfbb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497858, "uuid": "4c472b99-59d5-4d78-8b55-f0243eeb197b", "comment": "Malware payload (RedLineStealer)", "value": "84324cf3820f2f1c79abb7a110066a1e421d02abb5ffa11f17e8b03e72d1d0e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497858, "uuid": "7c6519be-4bdf-4d8e-bffc-7fbfd6225b19", "comment": "Malware payload (RedLineStealer)", "value": "3a8bcbfc0f73d8d379f65ab314ae378047fb15a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679497858, "uuid": "13cff03d-5bf5-41b6-bcbb-684b97bcb596", "comment": "Malware payload (RedLineStealer)", "value": "fb7084be65e04fcc37f8560a5d368ff250647192246930018e4678698bfb257a2a420887e3b37e11325988c6e0f1e1b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497858, "uuid": "b6d81d9c-1ddb-4810-88bc-f9602ce6c4f6", "value": "T1D744D8512ED046E7FAA38FB72322D56DB11A847E560F2B5AC369C9E1433434413B87BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497858, "uuid": "3524dbf1-a9e2-4628-8a0e-8d728c486fc9", "value": "4daca7182a967075c4a8cd470c438efe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497858, "uuid": "5f353d50-2a71-466a-a01c-0cdf5b1c82d8", "value": "6144:pYPI6nKx6r2OizDgQF5ujK+nwhW+flM7wO:pYRt2Oi3OK+KWEq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679497858, "uuid": "299a14f7-ec4c-45e7-8a0d-a2789c464c22", "value": 257536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679497858, "uuid": "be743404-3338-4995-a3e6-f90e5ef0e51c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679497858, "uuid": "4f5afeb6-3477-4282-b086-68e4a1ccec88", "value": "84324CF3820F2F1C79ABB7A110066A1E421D02ABB5FFA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "061c7b6d-c882-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679469629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469629, "uuid": "6a14fd3a-0c92-445b-8b6a-d0070a950889", "comment": "Malware payload (Gozi)", "value": "99c144042b4cdea7181c4e082f7172c8", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469629, "uuid": "bb721b2b-5268-4a18-993e-c2947d940bc7", "comment": "Malware payload (Gozi)", "value": "847b4ccd103040ed44a16bba6610627107821eedc8df816782c1d095d44100d5", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469629, "uuid": "3bd2e8bd-4de2-4141-88c2-df9dd18bb01c", "comment": "Malware payload (Gozi)", "value": "bcd5d80fd23caf9a5878218001e7c20d6c2060be", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469629, "uuid": "d6817817-990a-4f7a-ba49-b12bb2ca82f2", "comment": "Malware payload (Gozi)", "value": "f8f480f3eadaf321c97d2f25701f84bf44d23474ec6c9c85e4698f3a9552af996cb11ac29ad5cd862b740c303d81722a", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469629, "uuid": "6ddc4658-3cb3-4f97-8f81-e442b8329a0d", "value": "T1B2747EC293E16C20E5124B32BE1FCBF82A1EFC619E557BAE23596E3F0970163D152719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469629, "uuid": "dc2e16e3-4121-4975-9b3c-4fce495fbb37", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469629, "uuid": "2997c772-8392-43b9-8d33-c00688618d1e", "value": "3072:+VRilm8dar4jb9ZRhkNfAcLo04JyVnlT8M43xqwcnUi6JIUjixCUgwn0F:8RiD2OQVlTa3xB0UK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469629, "uuid": "7a348e4b-142c-432f-bf64-1a126801f2af", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469629, "uuid": "dd782636-8c0c-425d-9869-b63ff0b01a86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469629, "uuid": "3bb37c44-185e-4d1f-8a59-61fd3b48cb24", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3120b49-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679472952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472952, "uuid": "a6601a33-3d41-4a50-b034-c10ca4f2b761", "comment": "Malware payload (Kaiji)", "value": "bd8c65affa470f7065db06be0a623574", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472952, "uuid": "81b54e76-2c25-46a9-9f2d-922082b67888", "comment": "Malware payload (Kaiji)", "value": "850bba518a88aa16d6cd99e47ca5c090cb03db132ea735e3b08e85b6a57ce315", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472952, "uuid": "7ca572dc-a8ae-4823-8e1d-92542249f2e0", "comment": "Malware payload (Kaiji)", "value": "1117971925758354e4dc29d8ad2a381258c88a41", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472952, "uuid": "1331f47d-bd2a-45bf-a012-ddfdf5e9a59a", "comment": "Malware payload (Kaiji)", "value": "fe0423fde1bb2164a9c319f1631450acf025930fe377e7f04b4246cd991e74dff98635be42ee4aceb2968835355f4ca1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472952, "uuid": "a7e41c62-4c05-45bc-9181-652720414137", "value": "T114362A87B8824682C4E4367ABCBD81D533630EB9AB9752576D05FE3C3EBE1990E35314", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472952, "uuid": "c7e8509e-24ac-4a09-9ff9-c9f109e9e1bc", "value": "24576:f0hITSaxCsmLTRScFkLwYgib6kEVtQ2gLApZf3vrTXKWXDReUHxeR7j81v9oT19b:GsLSjzCX1H9qzaiKRFjhIlkK1VI1V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472952, "uuid": "527ceb78-727e-49e6-8b74-3923c726a052", "value": 5308416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472952, "uuid": "c4bbc581-f532-419d-93ad-a64a69a4c84d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472952, "uuid": "fd55b745-05e4-4b1e-a4ce-1bd31ce8019b", "value": "bd8c65affa470f7065db06be0a623574", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ce8bf3d-c8ea-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679514415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514415, "uuid": "287b7105-86fd-4fcd-8c08-b2531de91afa", "comment": "Malware payload (Formbook)", "value": "78a95a8cb18e37d6565520be5e8013c4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514415, "uuid": "0ba035ef-2be7-453b-b75f-c7a125aab886", "comment": "Malware payload (Formbook)", "value": "85259a321d6b1d54bae58397546222f0cf4584467240f0cbcdb7445577b66510", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514415, "uuid": "248f911d-29d2-4c39-9ae0-0b05623eacd6", "comment": "Malware payload (Formbook)", "value": "36557486465d9d133f2ea5aceaec9731f0663f91", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514415, "uuid": "968a9db0-305d-49fa-88d5-63cee3a18d0b", "comment": "Malware payload (Formbook)", "value": "9c3283b212277e0b77b53cca7162537c226bb4ca3c31373f428e14d93c22f7ac162c3e44275f013ea9d9addac67ee493", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514415, "uuid": "eb08e700-cf24-4d52-b783-f7790da9c74b", "value": "T1AB54019432E5E5A7D44241735E38C63F4AB9FE23AC285A1737D43F9F3A36A01D61A702", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514415, "uuid": "87b1d4f7-6e68-4163-ab10-124777c078d0", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514415, "uuid": "b52d46ef-c374-4131-be7c-2bd24987aab8", "value": "6144:AYa66rPn6SbiaFiPvZNU2tpErTwf4ceMXIECWoqgruCRnMti4oZQ:AYsrPn6Mia4PXU2tpswfx4WvCRwoZQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679514415, "uuid": "3c739ba8-5dbf-4535-b10f-9b2bc7af0b39", "value": 293451, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679514415, "uuid": "08596a82-e3fd-4228-b6da-0537deb06ae0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514415, "uuid": "054eeb1f-cd74-467b-81bb-ab2f97757cef", "value": "78a95a8cb18e37d6565520be5e8013c4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d723d20a-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679494890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494890, "uuid": "fe9be24e-523b-4845-a752-7272c0607ad3", "comment": "Malware payload (AsyncRAT)", "value": "a0ce182a26b24adf936411f4ea796ab7", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494890, "uuid": "bbcebbc9-252c-4f06-abe3-2624b0647f0b", "comment": "Malware payload (AsyncRAT)", "value": "85ca4cd1bdc0b219e0513bca055913d18debf0e6ef752a5814cb9b87af2bd646", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494890, "uuid": "5bdcb47e-e64b-4d1f-b3e7-206f5eec0fa8", "comment": "Malware payload (AsyncRAT)", "value": "a764ea86541665181d7080fe2a2c534a6acc6c5b", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494890, "uuid": "82f63443-a386-4d82-b2c4-70e4411c6f73", "comment": "Malware payload (AsyncRAT)", "value": "d24e8df9f9af19ae006aa274c8001ed7d899d07e262ce68e19f47d8acc4bda254fd79635da12f485f55c338a88ecc6dc", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494890, "uuid": "dd86e420-f772-45ef-9aef-9e0e1393d8f7", "value": "T13A04391437E81A19E3FFDBB8F4B002258B72F823A923D76F199458EE1D62345D550BB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494890, "uuid": "106d72e5-24f5-44eb-bb52-e6bb99987557", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494890, "uuid": "ffaa0252-1e91-4f8b-818f-f00b4145273d", "value": "3072:T+STW8djpN6izj8mZw24FBPBrL2eFcyZlVqIPu/i9bDq2cKk6+Wpn:w8XN6W8mm2anrL2eFcyvVXPSi9b+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494890, "uuid": "85c4509c-6821-464c-8874-be3df5b129d3", "value": 174080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494890, "uuid": "fb40b975-0bbe-461b-a98a-ea4dd7c1f7ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494890, "uuid": "cb1e035b-9da3-42fc-952c-c861bab0b25d", "value": "a0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "460fd747-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679471883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471883, "uuid": "cb12251b-1c14-4e0d-be8d-83700da29829", "comment": "Malware payload (Kaiji)", "value": "14c3f7347e916b67e735b01ca507f760", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471883, "uuid": "ba2a0ce9-8abd-40dc-816f-23fff17ed32d", "comment": "Malware payload (Kaiji)", "value": "868dd3b862d98d4d0433223dd22ace85e628a37f73d0c64e945dc4c43c7ac830", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471883, "uuid": "a6967c65-4c26-49b7-9bb2-33f00f9d923a", "comment": "Malware payload (Kaiji)", "value": "2393caf50a0c79433140d573001aaf9d501b55b7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471883, "uuid": "3b9a702f-cfe0-486b-897d-1b5a610dd5b7", "comment": "Malware payload (Kaiji)", "value": "3f3fe81d4f398be8f80b9951d9c6ee7c182f4c2ad8c02d696459d68cabd0bc79638c98ddd38651ce62fd26ff83ab4171", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471883, "uuid": "fbb7a42e-9b21-4b47-8691-305a78debca8", "value": "T11F364A50FECB44B6E9031E3154ABA27F67319D054B24EF93EA14BF6AE9376910D3220D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471883, "uuid": "37dd56e4-647f-41a6-942e-bf51370a78d6", "value": "49152:Xn7PeM/wNyWyHKjl6CKIWFNLTlPCM4So2eTXYymVrFKpZy1I1:XDNgCqjgCMtnte", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471883, "uuid": "8ecf7deb-a57c-4a7c-b3b6-1f961dfde9e9", "value": 5206016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471883, "uuid": "019b0bf6-ff1a-42b3-9d61-c461867ff83e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471883, "uuid": "523c32b0-1df7-4aeb-8110-7fa15619884e", "value": "14c3f7347e916b67e735b01ca507f760", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3160998-c857-11ed-88f6-42010a9c006e", "comment": "Malware payload (QuasarRAT)", "timestamp": 1679451558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679451558, "uuid": "0a28b9ee-ec97-4307-8c6a-4a885937e426", "comment": "Malware payload (QuasarRAT)", "value": "71169657cb236582044e817cb71eb4cb", "object_relation": "md5", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "Qusar", "colour": "#19329A", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679451558, "uuid": "9da35167-1180-4e50-a5b6-6acfeda463eb", "comment": "Malware payload (QuasarRAT)", "value": "869652f4ce69dda432588fe06fc5356cdf9dd64cceaca061a62bd5f977d66b2b", "object_relation": "sha256", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "Qusar", "colour": "#19329A", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679451558, "uuid": "960d58c7-e179-4eef-9939-ea711422e294", "comment": "Malware payload (QuasarRAT)", "value": "8a6b20d2e958de17bfed01113a6708d6b142a3c1", "object_relation": "sha1", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "Qusar", "colour": "#19329A", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679451558, "uuid": "b49c19e0-7ea7-4024-ad65-a11ecdb4cca0", "comment": "Malware payload (QuasarRAT)", "value": "bc58b76321b61483bb0c15a1b2239250024075ebf0c952ab11a5cc4a36d59ce8d7222c4e7aa11ce3e993c173c4bd7810", "object_relation": "sha3-384", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "Qusar", "colour": "#19329A", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679451558, "uuid": "0f17361f-211e-41fd-a915-034316f4845c", "value": "T15B2633A28F7AFDD557EBE76DC03B725D462A5B4C392500D292F7AB30DC0D2DA242B502", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679451558, "uuid": "cf2f7a85-a167-4408-96cc-73e8bb30a906", "value": "98304:b4mS4OV3Zq+CMmm5aAq8Sa2749VAl9BLEj1p+h0fABQHye00Jmb:jE3ZqAT3Sa2749c6rd7ye00Jw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679451558, "uuid": "59d4b0df-3308-4478-9b99-5bdb630588fa", "value": 4561295, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679451558, "uuid": "22de8dd6-12a0-4b03-b95c-8fc9863c8ec4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679451558, "uuid": "c301800b-1457-49d6-961f-44f6b1ffb065", "value": "1.4.1.0 Quasar Golden Edition.rar.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77b2dc66-c8bd-11ed-88f6-42010a9c006e", "comment": "Malware payload (TeamBot)", "timestamp": 1679495160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495160, "uuid": "b9483ea2-98fb-4e80-a110-85c5fe5d5c38", "comment": "Malware payload (TeamBot)", "value": "c8fcb26c39f2cdf2a32c82dc7f4d5978", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495160, "uuid": "c2f10350-9bde-4cac-8d17-c16841292d9a", "comment": "Malware payload (TeamBot)", "value": "8701cde179b479ac071a8daaf96e2637b1feb5110f95da7d0205895ffaef04ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495160, "uuid": "cb46a70d-7e36-45dd-b1d4-ee9c71d1d6b5", "comment": "Malware payload (TeamBot)", "value": "7f82cf2d7de23044e9ff4026be285881d0749069", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495160, "uuid": "b7a10717-7c19-4dbe-9f71-9079cad41842", "comment": "Malware payload (TeamBot)", "value": "76be425218d8741a2796f9e8d209c1d6daa432dd198b5439324b7e85f58d82dac68cc12e976c871477ed0919ecac861c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495160, "uuid": "975a8c1b-c59e-4dde-97a3-5f4b33d14301", "value": "T1BB745D0292D37C20EE1246728E1FC6F82A1EFC619E5B7B6E274DFA7F09741A1D162705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495160, "uuid": "6adcb576-cf02-473e-b3f0-2a2532b4e3e5", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495160, "uuid": "b68eb76f-eb3b-488a-9185-9a9579532c75", "value": "3072:TujR9lkQTPB9j4YkEqla/CMntT71feNQYvIILcjnOp/ovS5NtJJ:i66JkZLGtT7leNQYvIqczWAS5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495160, "uuid": "154fb078-5010-4959-b9c8-b230d5e2bdfa", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495160, "uuid": "3517a3ed-e502-47b3-9906-fdf40d2a9eaf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495160, "uuid": "ff8c207d-6d1b-469f-af6c-73a75b4e461c", "value": "c8fcb26c39f2cdf2a32c82dc7f4d5978.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1657ca33-c8af-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679488983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488983, "uuid": "0eea6e2a-40c7-472e-9a0d-008bf8c10742", "comment": "Malware payload", "value": "7c9e3c7548c89ce1c9cd3e98832fe879", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488983, "uuid": "2c109939-1478-435c-9142-a3022f41c2ba", "comment": "Malware payload", "value": "8766c825337f416dda386f67676deeaf2a4bd9a36408f4b4ded5c566e1cce63d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488983, "uuid": "6fc70493-0b9c-48c5-89b3-5cee51cf0a5e", "comment": "Malware payload", "value": "9d2091289914bbb9f4f0b52d0efeb776fbc78fdc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488983, "uuid": "2b13c825-5f70-4e27-9205-b7f06d9ffaad", "comment": "Malware payload", "value": "7f9de7a2fdd54577060d78af6e5a4bb47842f64a7730f57e38ad9f1ea697fd85f5c0cd3891b7c0718e97c2b7b89a3d99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488983, "uuid": "cfa461e3-4e6b-4353-b660-2169f244ce50", "value": "T10AB34B91BAE55220E7495BF9DBFA07499A39AE6F09F10F6F14E031C93F35570B023884", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488983, "uuid": "4b8cb8ec-5896-4f4f-9c64-be6ccabdb023", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488983, "uuid": "27297691-c2ae-4ab3-a849-1112b063a632", "value": "384:c6IMapb4TJZVhmuts+b92XSLJQEfnyWmTNKRwMF5cV6wwnUHTua+:c0jJsU6QJQEfnyWmWwMFIf5HH+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488983, "uuid": "6d34a0d8-326a-4fc6-b5dd-d3936cd54e96", "value": 114176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488983, "uuid": "8b96b691-4965-4ddc-8c65-7816290ec902", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488983, "uuid": "74cf87a7-42f1-4db7-a32a-4dc189b3ec0b", "value": "DeepL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28baba4e-c89e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679481713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481713, "uuid": "5567b99f-2dea-496a-a014-7448add4376c", "comment": "Malware payload (AgentTesla)", "value": "9f214899441389c775b45f0206a9774c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481713, "uuid": "a2580343-7cef-48dd-8e1b-a52f8a81641f", "comment": "Malware payload (AgentTesla)", "value": "877214a92b8905766960652d5aa0162fbaf0989af3513498ab87d5dfd8c790eb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481713, "uuid": "99e853a2-d878-4307-b457-7411b756d56f", "comment": "Malware payload (AgentTesla)", "value": "a62b5d302dae2fe63926bd8183dcb477e12d5033", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481713, "uuid": "85e8eb23-530a-483d-838f-c67c8219030a", "comment": "Malware payload (AgentTesla)", "value": "c364b37376bf583b162a39b8f67b86bd05cc7738b929dcefe6790bb002ee36bcfda2e3a935b80784d0a92cb768dc5538", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481713, "uuid": "ccb367c1-e15d-4f03-9558-4d504855508e", "value": "T1F015D260AFC415DE0FCA26568F034444C1AB8D592232DCFB5EBA169AFD07448E7AB53F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481713, "uuid": "b887af0f-66e7-40fc-a462-3e2418db2c36", "value": "12288:Ofj/XpXYo8SCrSuObyBKyOBnz/wm7whWunDGo4LwJ6FLZSnGFsUI:cruSC3OBzx7whdnQwtZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481713, "uuid": "36e9f73f-31ad-4e8b-aaad-43d2c45ab691", "value": 922804, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481713, "uuid": "60a70631-45cd-45ab-b654-9a94ef451c29", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481713, "uuid": "63dfd097-5a34-4e18-abf8-521679a0aa45", "value": "SAT BOGA N-1410 CATFERRETERIApdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49a93b00-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474037, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474037, "uuid": "871f8ebe-564f-4050-a4bf-0f2820c92fad", "comment": "Malware payload (Heodo)", "value": "6c39b670d4a2182ebb651b77f70426c5", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474037, "uuid": "7fc073b6-fed4-4353-b631-0b7d0e7fe527", "comment": "Malware payload (Heodo)", "value": "882a4c82a984b321a0955469d1ca2fbaa2b95965305c351800ed3ed7c1da6e9e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474037, "uuid": "70ef4c9a-d067-41a1-ad96-cac96db643be", "comment": "Malware payload (Heodo)", "value": "6f9d0dcb8f22ecf4b9716a7b12925f7a7d6bc321", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474037, "uuid": "f5086a59-8148-4114-a524-a4da3b2a954d", "comment": "Malware payload (Heodo)", "value": "f91500b68899b37385d23d8b8694677438e5726e5cfd54be5a5ceac4f3349059e5951c2b99365288820af93aeb165ec8", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474037, "uuid": "b57fd272-546f-4253-907c-82ae6ecd0cf6", "value": "T1812523E059F82941CD0E0C35F92B71BD92BC31666EDD15E633BC3CE5A90EB6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474037, "uuid": "094905d3-64ed-4716-8c74-f1a69ecd1f11", "value": "12288:Zkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deZ:iXzNdfKluvnRHthzfoYxJl4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474037, "uuid": "084d0a22-7595-4f23-ade8-6551f21e8bcf", "value": 975707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474037, "uuid": "03b2059d-ae57-4631-97ec-5b906274d8ee", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474037, "uuid": "b32588d5-7062-4fb7-8be9-cbcea8959229", "value": "ImqS6ywPHGtfEzxu2TYhitQab9uWZUE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a27eb34d-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679512411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512411, "uuid": "c8dabc7c-4348-43c2-b8b1-743459442249", "comment": "Malware payload (AgentTesla)", "value": "867f3356aa9b610025c903e669695dfa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512411, "uuid": "9e01e781-d245-4b7c-aae5-32f33c91bc22", "comment": "Malware payload (AgentTesla)", "value": "8ab437ed1b348f24d6a58965cdc27a3e23cfc82fef4456bd3623f739abf196a9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512411, "uuid": "bfd60fbc-9e29-4025-b3b7-3aabfa0f04c8", "comment": "Malware payload (AgentTesla)", "value": "82358cfdaad5a6b7ddb161f8092cf9064f72a002", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512411, "uuid": "9a357015-e263-4fe8-a124-e72199d92140", "comment": "Malware payload (AgentTesla)", "value": "7c91439294595b437e9407b8a39ff17b0896f77811d829057c7cb53ad8c87fa7e7c390e6510f249a64cb21fbb7f8d90b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512411, "uuid": "664ea0ba-fe59-48f6-a944-0cf379823640", "value": "T140051202B2D6D765C1ED5AF6D4A1052003B7A34B3663FB863E8415E62B12BF84B11FDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512411, "uuid": "251472e0-14b2-4151-9f50-c37b06c80a88", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512411, "uuid": "356e6362-0df0-4181-b258-b9c03cc7f534", "value": "12288:iqTQOM8aRnyOIh+KciczIcc/STI0mI0zfBe66+47o7Oh+8GFWu:59JafCczjc6j0z8zdcZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512411, "uuid": "62a88496-6a44-40b9-b2b9-a0dcdb55f026", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512411, "uuid": "9c1e2bc0-d0d0-43bc-9fcd-ca3a7af6afe9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512411, "uuid": "ca9a18a2-585c-4a74-8168-0af25a562cac", "value": "867f3356aa9b610025c903e669695dfa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef517866-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448975, "uuid": "3bb3da8a-dbe4-41d7-aa26-ede24307d905", "comment": "Malware payload (RedLineStealer)", "value": "87c69c536af17f8d4a9e0d57750cc6f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448975, "uuid": "ad613542-313f-4503-9efb-ec9227ecb0ae", "comment": "Malware payload (RedLineStealer)", "value": "8ac88ae271259846109827c9d51c495c6400e29df34fcb26693560ec6ebf2e97", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448975, "uuid": "c4ab2217-d0c0-43c9-90f8-6a098b71c5e4", "comment": "Malware payload (RedLineStealer)", "value": "dda5c3b4850568178277ba7870b555e1499f780d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448975, "uuid": "c1b7231d-dc94-49d0-ad92-e3279864c43f", "comment": "Malware payload (RedLineStealer)", "value": "0bba65665598569ed8bec2636f40b2aaa66433874c9729bc62ef5d2af667c2176ab7dee025887c0ca8f94364c2334a81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448975, "uuid": "ab7cb94e-0ae9-470a-ab38-95bc457cd1c2", "value": "T11E352316EAF414A6E57117F488FB1BC70A36BCA65CA8C337334578165CB26A4E93270F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448975, "uuid": "30211328-78f5-46ab-9949-5cf706d3024d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448975, "uuid": "7aad91d7-ae47-4c38-9002-d0a16175dd07", "value": "24576:9yIFZnTLDCfLWNJ4kmtEwydOmX/zAFUmq/XFdJA:YcnGTWNJ38JY/zAFqXFdJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448975, "uuid": "5faad0b8-3268-4188-bdef-13d0c1f23a03", "value": 1085952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448975, "uuid": "1c565ebc-1df3-41a0-8b4d-9d5f8d3603ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448975, "uuid": "8b3569a5-5e2f-47fe-ba17-d1798db842fe", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1a957d5-c86b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679460065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460065, "uuid": "0e28842e-ead1-413d-806b-e3263bcf652d", "comment": "Malware payload (Amadey)", "value": "ba218b60cb97c3532b8b9c796d954622", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460065, "uuid": "2ffe8751-3ecc-4947-8c25-3077722f6c08", "comment": "Malware payload (Amadey)", "value": "8bee3d713fc207a8ca82e8eaf85396b55fcd29fe9214a83ce9399fa48ac4bd4b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460065, "uuid": "5e82611b-1bba-49fa-9b66-0ee168bbc6ed", "comment": "Malware payload (Amadey)", "value": "ae18137fb0809f61797b7448bb139840d1f49e99", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460065, "uuid": "c5d7d6dc-6d89-44a3-8e55-c60b47eab47b", "comment": "Malware payload (Amadey)", "value": "5b52134528f897e083c157562d9315d1da26e02a9bb9c741d18d3c61eca3ae4b92b4461213333987cf5583c69cb1793c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460065, "uuid": "35f79f68-6685-4a87-95d0-3dbba7cbac47", "value": "T1784569642D932538A2467FBE45FF9BC78E5978233A034F0EA1141BB395A3AE75D12C0D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460065, "uuid": "58aa9567-6698-4579-989e-656980e1e5b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460065, "uuid": "dfc55173-fb07-4ef7-a6dc-a9cc7cbad5c9", "value": "24576:+DqJfHKurNTbvYkwdBd9BO3Oz1ITm+2Hd:+DIHKurdbvYDz5+2Hd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679460065, "uuid": "23cac3a5-13d1-497a-a963-c9b95638e6c1", "value": 1190400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679460065, "uuid": "82c376df-3428-4309-b467-58fef39fec98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460065, "uuid": "b9b091db-e8e5-4eb3-a4b0-2362a1e49eae", "value": "ba218b60cb97c3532b8b9c796d954622", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bbda084-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679465934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465934, "uuid": "7cdc23e6-f464-42df-abc4-d5040fa61d1a", "comment": "Malware payload (SnakeKeylogger)", "value": "fe05605a8065764a5ec8aba32db6e697", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465934, "uuid": "e8adff03-5f64-45e5-8bda-cc7d200039b7", "comment": "Malware payload (SnakeKeylogger)", "value": "8d13301deb6ab177620d38718648a0efb851eabf26b708a388abab7b7daf41d1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465934, "uuid": "1adee182-5456-4789-bf96-714dfdbd93e3", "comment": "Malware payload (SnakeKeylogger)", "value": "389a4e7840726f7a47573e3939c608739b68f103", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465934, "uuid": "14021cd2-ffdb-461d-80b2-909eba688e5b", "comment": "Malware payload (SnakeKeylogger)", "value": "e3b951c049fb9dc93714d3a7e9953a55d6871916701c08a95d607a9892c6801e1b2f79730e44cdc6fd6b1a0ef815f4a5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465934, "uuid": "e404d5ec-bfcd-4ff4-bee0-fc1eaf5e3880", "value": "T1101518412685E602C1BF9F77E8E161F88378EC52EF96E34F14443C997875B6A84A331B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465934, "uuid": "9a137b0d-56b9-4d04-ad74-f039a5cbd405", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465934, "uuid": "4190a629-0bba-408d-a569-7decf1a0f728", "value": "6144:qNr+2+AQu6rl4UE0rZU6dGwcJPv+sLQwMRe1ryQV5RZBxRwZZ0PDNQsQRjGgBUPv:qNrZ+oelflhIh5TxSHBUPyF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679465934, "uuid": "9f3c25da-f180-4289-9f49-18b9b88f736f", "value": 946176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679465934, "uuid": "cc0aef14-6f56-4b23-993a-811e4443cf85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465934, "uuid": "e28381b1-30c4-4900-973a-b39f970736d1", "value": "fe05605a8065764a5ec8aba32db6e697", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1595798e-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448609, "uuid": "cf94fd95-f891-4399-8116-e3a2bf2dcda4", "comment": "Malware payload (RedLineStealer)", "value": "8c831dc338b95766b9964c88326e57c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448609, "uuid": "0a468348-a80a-45ba-a976-11ed6f2f6bb8", "comment": "Malware payload (RedLineStealer)", "value": "8da86e3a2a398afbc744d25442a6c3b635e211b086cb98992c2d6dea0ae8ac67", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448609, "uuid": "18fa79ee-fc0e-401f-bd38-2aa932956e1b", "comment": "Malware payload (RedLineStealer)", "value": "a83fdf64b1cb40589a781ba5ae1a2742faac7ac9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448609, "uuid": "0cc603e4-748e-4c66-85d1-8bb9ae5dd045", "comment": "Malware payload (RedLineStealer)", "value": "2f58fd8ede5431a3ed9bbe5dc6a681256bb637d82ba315094dcb745b47a5eb0679a07a24479820821dae8054fc21973a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448609, "uuid": "f1449d3a-6d30-45ad-859a-75b630d42a0f", "value": "T111352302F7CC8132E5A1273858F546C70631BC918DB4872B7B1AAD5E4EB36D4AC3A776", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448609, "uuid": "d07a52c6-5e04-4aeb-81ae-f0d89c8458a3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448609, "uuid": "b3b9e4ee-45c4-4e2a-a275-14957573fe45", "value": "24576:0y53/VotnwyxaZBaYDvCxoe95UfqYPgp4zd5R2:D5/VoaZBaYDvCG6MPgpC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448609, "uuid": "d0060393-ea2a-45f0-9cec-18218bf9544c", "value": 1113600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448609, "uuid": "d611e272-48ef-4f8d-b9f4-ac85789c47ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448609, "uuid": "9ac5b3a5-7c90-438e-aa72-4787b8d3e1d2", "value": "installer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32e117bb-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448658, "uuid": "15047783-72bf-400f-af90-1d427ef08766", "comment": "Malware payload (Rhadamanthys)", "value": "426c37469c3bf42af22220365116b409", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448658, "uuid": "7ee6c352-9ee3-4ff7-a0c7-3bbc0fde3416", "comment": "Malware payload (Rhadamanthys)", "value": "8edb95278a741b198732491979296d5a98faeaf3ff7f9b13e7695b0cda8907d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448658, "uuid": "c9e8694c-7b46-4418-8451-2732bf6d945a", "comment": "Malware payload (Rhadamanthys)", "value": "11413922b3f89b4728e3799b2b8b728c576699a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448658, "uuid": "f1a9b56e-6886-44e9-b96e-792519258548", "comment": "Malware payload (Rhadamanthys)", "value": "51492841586a06b15bb5dae2030b52dfe4eaaa49920f416cde08534568519e2b4a9e4e4bacd94e51f9a05524b932de19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448658, "uuid": "634a9c56-fdec-4196-9768-ee77beb757f2", "value": "T1AC94080383A27C55EA158B739E1F96FCB61DF6708F493BA632199E6B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448658, "uuid": "ec0b8499-14cb-400a-a613-203cff361e3c", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448658, "uuid": "26fd28aa-27b1-4abb-ab33-7ad76e992ecc", "value": "6144:2zbbLRHDIXg7iCkXbHO5uKU2Lfr2QwjeBzzgWf4a:cbb1HDD71DZ3Lfr2PjlWf4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448658, "uuid": "b669b4a4-4cbf-453d-be23-4c53bf8978f3", "value": 430080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448658, "uuid": "aa0ea99f-098b-4ca7-9131-44e1e9f51377", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448658, "uuid": "7e1ff62e-7227-441c-beef-af227baabb7b", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea2d07eb-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679447248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447248, "uuid": "5d976884-57f5-46f1-8a2a-398cf2faedb7", "comment": "Malware payload (LaplasClipper)", "value": "5419d85dbbb8c57fb337f1490b3d6c21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447248, "uuid": "e5c0b307-708a-42c9-aa85-4d75afc2b591", "comment": "Malware payload (LaplasClipper)", "value": "8ee9f9bf18880afccd96ece9f1d4c384825b0de092b0ef6bd78d6d0276f67051", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447248, "uuid": "b89ec5d9-10d5-417b-9bca-05518498f882", "comment": "Malware payload (LaplasClipper)", "value": "780a46377db73dc921d3a7795412b4405ea290bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447248, "uuid": "282a713b-efbd-49fb-b19e-46de800613dd", "comment": "Malware payload (LaplasClipper)", "value": "8b1ff2bca51c602aa87ea30b6a3721e7d9d51e49dd41510becc9754f5362a2c50795241dfaaccc7f70a021dd4eec21a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447248, "uuid": "f271b9c3-270b-41f0-9303-e0704d43a2c2", "value": "T15F95010383927C55EA258B339E1FC6F8B61DB6709E4977AA32189E6F14B02B3C173751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447248, "uuid": "187ba594-c650-4980-b74a-98e8ecd53a99", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447248, "uuid": "7ab9a319-1f7e-4567-a675-87d9e9bb1e18", "value": "49152:d/P9nuxcamIidEoNDD1eHi8xvrRoHvVHQx2HylA5:dn9nMcaZidz/1eHBxvrqvefA5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447248, "uuid": "12255081-ebc5-4dd0-b084-d7e66eeaca0f", "value": 2040320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447248, "uuid": "ab9ea016-b4a2-467c-bd9a-409dd92ca6df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447248, "uuid": "4ae1c4c3-ce54-492f-b57a-c0e9704fcdfb", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7796dcd7-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471967, "uuid": "8d28e497-695f-405c-962d-490a3fe74bb0", "comment": "Malware payload (Mirai)", "value": "26fc4cf1bc77b35cce17ef0fcab587aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471967, "uuid": "def89926-1322-43f6-9f4b-c0c3710868d8", "comment": "Malware payload (Mirai)", "value": "90c00f8de98d00421796e95b344c152755200967f82bf877ba7df0c539500ac7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471967, "uuid": "4506aa47-ee25-498d-9b6b-77e1c111274f", "comment": "Malware payload (Mirai)", "value": "56a0d2100699e1ce16bc6c2dda9c3568059d1c93", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471967, "uuid": "085ddd7f-4cb2-4cdf-8aef-b83a3a34359d", "comment": "Malware payload (Mirai)", "value": "8890780cb43a002d2c65dfe7b7f8c74de72c9e0502dd0e23a4653b25f7ad990f719c318685e0b6f247c190012a9fda07", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471967, "uuid": "738f861b-b4f2-45b0-aba0-66e1f245d458", "value": "T1B8F323256866E227D4ABFF9DEFE676869369F2434E85820371E0104F4DF496D602FCC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471967, "uuid": "5bc99e0b-4e9e-4eac-9915-ad8fa5908280", "value": "3072:nBwnU3vpvx+hcDtrmjnaqUfNlEyQUBSMo2/8a:OnMvpvnanadfEyQO9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471967, "uuid": "a62bcb85-a290-400e-85fc-79ff5acbc618", "value": 172696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471967, "uuid": "ea19b604-5d89-49ee-8d1d-374788ac3701", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471967, "uuid": "92795cb8-39eb-4651-a806-dd33ab1469b4", "value": "26fc4cf1bc77b35cce17ef0fcab587aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce00600b-c8d8-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679506901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506901, "uuid": "f7b32038-1514-4181-91f3-d6626d46086a", "comment": "Malware payload", "value": "c101ac8a155aa0d50b72a47f942fc437", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506901, "uuid": "e384903d-670c-452c-bc68-8b00f8ae9916", "comment": "Malware payload", "value": "9106294718bf0c235dd1e1b487ac5ed1fb6df0f9be7f3aa2f59419a839f36168", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506901, "uuid": "1d73da46-6b5a-4fd5-bbec-f49a51eca06a", "comment": "Malware payload", "value": "b704f9018569a4ef208b9a530fc384a8f2fff2f0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506901, "uuid": "444c9207-221a-4c58-8bec-95ad39e83942", "comment": "Malware payload", "value": "84c18016ed32d092481dd6f2821d0a1e0708ea763ea1c7fd80eb7a73d0ba8d8848fd83f123a85fc918cb09d70385de82", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506901, "uuid": "d0cee93f-23e5-43b0-bf8e-3424ba1f62b7", "value": "T112237610895249226737BBEF5EA55C10F66D07634720AA07F83D7202BFFBA8CC5D59B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506901, "uuid": "524af833-0d97-432d-97aa-c87fcc349bb8", "value": "384:G3oeockcW+va7UwuCGXKO86VcTa6wXtCJ10ty6ox4jOeDF5Qr9wlBfV7R1VTDDcQ:G4eoJ7UwuH7cTMty0BjOeDOK1PxKeVP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679506901, "uuid": "15bb0bb4-97f7-4543-941d-ca9e41939bf4", "value": 46684, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679506901, "uuid": "41cbdc65-2139-4426-acd2-ca6c5f10883c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506901, "uuid": "822a7407-9e00-41e8-a3fb-14ea07ec1048", "value": "jC.dcbfb316-bf01-4d46-a7fb-0aedfab15fd5.FM.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1da2ae5-c882-11ed-88f6-42010a9c006e", "comment": "Malware payload (Chaos)", "timestamp": 1679469944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469944, "uuid": "5415b7fc-2624-4c27-8ef2-157f5be9fe1c", "comment": "Malware payload (Chaos)", "value": "361fae4aa3f862f912e2fc6642e36298", "object_relation": "md5", "Tag": [ { "name": "Chaos", "colour": "#0AB855", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469944, "uuid": "046c00d5-3108-478f-8487-55c46eb34ebc", "comment": "Malware payload (Chaos)", "value": "911f167964175de5b57c2a9650545fb6d7ef18072bc608af30d5fbeda3731bf7", "object_relation": "sha256", "Tag": [ { "name": "Chaos", "colour": "#0AB855", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469944, "uuid": "131a5182-9830-420c-96f1-e6eb99e50ede", "comment": "Malware payload (Chaos)", "value": "5f03efb20771afb73528b3d2c403280345f2e1ed", "object_relation": "sha1", "Tag": [ { "name": "Chaos", "colour": "#0AB855", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469944, "uuid": "6a09bcf3-6662-42df-9f89-ee51e10d6997", "comment": "Malware payload (Chaos)", "value": "02ff0d6b437ede05329e39dbaa29d362a3d52671694244f96033fc3147b606356c6499b70e55da4b6daf3f1a2ef403dd", "object_relation": "sha3-384", "Tag": [ { "name": "Chaos", "colour": "#0AB855", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469944, "uuid": "a9c68abc-214c-41a8-99a2-e09cbf7aee0a", "value": "T1A2869D50F9DB54F6EA031A3005A7627F27346E0A4B24CFD7EA107F6AEC73AE10936519", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469944, "uuid": "e671415b-b433-45e3-ad7b-fda33df21097", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469944, "uuid": "899665b4-1bac-4ea1-b9de-a6b3fbbc2bf1", "value": "98304:PsMhTgTfuJENBHvu4PxMC9RCAgTs7UHloh6K7jMy3MPm:kMxMuob9UI7Uw6KXMyY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469944, "uuid": "26d0c5d9-4cb1-4342-a430-eb0a83f949ef", "value": 8523776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469944, "uuid": "ace1b7a4-1475-4714-8941-ad1554faeb1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469944, "uuid": "9c2c5d04-bccd-4eb2-b042-cd82287b182d", "value": "win.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37752f39-c87f-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679468423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468423, "uuid": "dcc8981b-c37a-4ae8-b152-6761dd8eb733", "comment": "Malware payload (STRRAT)", "value": "92764f45d45e4df159ebd139e2c6619c", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468423, "uuid": "ff6bec26-ebad-4f91-b7de-044081175173", "comment": "Malware payload (STRRAT)", "value": "91bc3eed793940f46537c8690c61c496021d8e68bfb016d8d4c390eab8e0e4b7", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468423, "uuid": "80a173fa-12a0-43c9-bc8d-65f366523e79", "comment": "Malware payload (STRRAT)", "value": "7ef9907dd1c4b29df121133f0c31d720d806d0b6", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468423, "uuid": "85023fdf-e10b-4ad2-ae0f-30f3094d50d7", "comment": "Malware payload (STRRAT)", "value": "ebcbc3b5e2c8fdb619394480ab93995a8a5cbfd42dad8148390e6602a010bd8c65ef6decf71bc4c2bb0a17af9f808e02", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468423, "uuid": "71712180-c385-4858-aa61-ec354afce773", "value": "T19F846C8DA7802F2E5DE49804C0BBE31B819BAB075015D15A55735FAF8F1AFB8F46C34A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468423, "uuid": "16248185-f2f3-4dc0-9c06-a5461d476e6d", "value": "6144:GQrM9UP/tCo8jc9p2vrXoEyykCSghKHyi6NhPTstoHL:NTD+/Rkjmnio7Kor", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679468423, "uuid": "90b50459-6098-4d5c-a345-ed126ab8dac2", "value": 372689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679468423, "uuid": "bafc09e5-dc37-447a-aaa7-fba4cb851beb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468423, "uuid": "e7a5dee0-2715-4974-aeaa-51af299c285e", "value": "Doc49870477302203.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64c0898b-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679469358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469358, "uuid": "29e466a9-69a5-417b-ac56-5f45e6e94fe1", "comment": "Malware payload (AveMariaRAT)", "value": "ec7747b1553a2a538fcba76a35349ac0", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469358, "uuid": "4c4aa025-99f5-4bc6-a343-bca85fbce5ef", "comment": "Malware payload (AveMariaRAT)", "value": "91fb4e5b496496652c53cd78d0268338c5a822d863c46b34f82729e9b493f0ee", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469358, "uuid": "091ed290-42ee-445a-bd04-c0d004b5e89a", "comment": "Malware payload (AveMariaRAT)", "value": "f1ce7d16c1b4306139fbfc3897946145bf3a4f28", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469358, "uuid": "d214be0e-ab2e-4979-8cab-1f1e3a7104c1", "comment": "Malware payload (AveMariaRAT)", "value": "c826212c7ce924f6f786ad6d18cb68d5208e8d9cce8b32eeca8d934735416993221f49cf210a38e9aedd5ccb16e3faed", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469358, "uuid": "b4ee2d03-383f-4a98-b053-64256dd2657f", "value": "T145746DC263E06C20E5124772BE1FC7F46B1EBC619E59BB6E23596E3F08B0163D162719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469358, "uuid": "b29b84fa-cc2d-458e-8f7c-836f99e43e28", "value": "cc53b13062b266a67f6f160bc15b424d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469358, "uuid": "a7f8d17c-7a13-4030-971d-c2676c486ed5", "value": "3072:j2z/lzMPo9DjuEOmLgFKfx1DqLO2jfLzKvWh6r0gwn0F:qhBOmE2DqbjfX8W7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469358, "uuid": "0a6b9f49-e63b-470f-b964-b010ac812444", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469358, "uuid": "de30baf6-497d-4d29-8e8f-3560de3dfc83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469358, "uuid": "d977ef66-edc7-44b1-828e-3e6cdb31c536", "value": "ec7747b1553a2a538fcba76a35349ac0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60e747f0-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471929, "uuid": "d4631189-d870-4164-a197-2f7babc8fb86", "comment": "Malware payload (Mirai)", "value": "c98a8880183e2875fa6e5d8f6c4668b1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471929, "uuid": "bce7eb63-3647-47d8-b23a-fffc01477337", "comment": "Malware payload (Mirai)", "value": "921a87a6c9f5fab32ea71a7ba3c76d0d375d1a845e50da8e556d82f790311fe0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471929, "uuid": "d0023754-16f1-4fe2-aeca-0026c9cea383", "comment": "Malware payload (Mirai)", "value": "22c61ea5b3890377328422835461cf8e6109bbf5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471929, "uuid": "327f5e20-98a6-4dc9-bcf7-2ecc6010254e", "comment": "Malware payload (Mirai)", "value": "a230df6d7738460ad5b089cf0b87c9d04abf0c1e60433f0c4d9d006697f6532f100a13dfe88905f2dabc4a1512942d20", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471929, "uuid": "4b4a118a-0a4d-48a5-9e1b-611fa33760e6", "value": "T16EE34B86FA408A13C4C51B76FAAF41493322E755E3DB73068D186FF43F86A5E4E27606", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471929, "uuid": "e46fdf3b-283b-4aea-afac-4d48f365941f", "value": "3072:/7jG5CTH6OIP6tuGZEqt9ajXXEOav0YQgfyaE36M/9EFh6l:z8CT/IP6EU0XXEOavNQDaEqM/9O6l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471929, "uuid": "de84880d-9563-4ae2-a742-187a578aad90", "value": 152564, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471929, "uuid": "7225056e-ca38-44d3-9e52-d5766b6af7db", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471929, "uuid": "fe80038f-d4ea-4825-ab8f-979e9b453565", "value": "c98a8880183e2875fa6e5d8f6c4668b1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc9b4c2b-c8ce-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679502577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502577, "uuid": "462f9df7-925a-493b-94e7-de92ec8c6450", "comment": "Malware payload (Stealc)", "value": "80cd3c3c9f857655a2d0944246063de9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502577, "uuid": "3a21352b-60c9-44df-ac29-05341d0e8676", "comment": "Malware payload (Stealc)", "value": "92f0f57250f76ec5486dc7ef617f0145e4de09a1d5d95a4fe42cb5393678b7bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502577, "uuid": "e2cc69ee-ba2b-493f-b3e6-6845dc23cbd4", "comment": "Malware payload (Stealc)", "value": "4e2feec63c0b5806f317dca14ea73dec070b465c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502577, "uuid": "17d4ea03-5683-4d5c-959b-67eac70ffdbd", "comment": "Malware payload (Stealc)", "value": "0db250b2f265c6e0758873bbebda08d677b314a0b58c5a472f3a8484191973790aa68d566e2aab43b9c7bd763cc98ae7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502577, "uuid": "8fd1e492-6dd1-4dbc-a2a1-492bfabf0cda", "value": "T17D746C0293D37C60EF1246328E1EC6F46A1EBC619D5B7BAA234DFA2F0D741B1D162716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502577, "uuid": "1f9945a0-e5e1-4599-b6fe-f1982fcd7368", "value": "cd10f4930e443428517f91868d83e9a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502577, "uuid": "611f9381-c524-441d-a620-d0caa2cc7a57", "value": "3072:8L9jSPDtGeA/uBnDYISJsSt23ZivfSQ7IGSwZKBoqJJ:BTkJI0YJiv/PG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679502577, "uuid": "4c2fdbde-bcb7-42c7-920f-a1222c09ba59", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679502577, "uuid": "37770037-32be-4048-a672-cdcbfae63047", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502577, "uuid": "a9199c17-72c0-4406-9667-7c45057568a1", "value": "SecuriteInfo.com.Win32.Evo-gen.20497.11436", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79794c85-c8dc-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679508477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508477, "uuid": "81012c2c-e900-4042-9be8-07a13889c779", "comment": "Malware payload (RedLineStealer)", "value": "042b45f1d4efee470f9034dad7d4f9dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508477, "uuid": "5ffe96a0-f629-49a6-8f6a-6530321e5669", "comment": "Malware payload (RedLineStealer)", "value": "932958a2b1dcd14c4e5eaa195a4ec9b749b1dd05435616271c921c9eadf16d96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508477, "uuid": "27c171b8-4b93-4618-87ca-77e20064cbae", "comment": "Malware payload (RedLineStealer)", "value": "214bc2951850a1499c04081eb49cda6c11d988c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508477, "uuid": "e41f5dca-e006-43b2-863f-8acddfdf0d72", "comment": "Malware payload (RedLineStealer)", "value": "8ad01413c5227f73f2b98938492f67a250eed0b70d59f0e60f22f34d419c11706892798b0ac5147f58e961dfcffa19d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508477, "uuid": "c689c262-5236-47cc-948f-8312bd9c2f14", "value": "T137252341B6E58112DCF597B050F6135B1636BCE2497A933E3345E9AB0EB3281B13277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508477, "uuid": "3c1cebe6-3362-485c-8997-e3c2511123bd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508477, "uuid": "8b85359f-08ef-4931-a60f-d456939a0089", "value": "24576:Ly7svqiVbxVDRuQoNqFV/v5MAz46k5sjnt1KHH6EEr2Z1Fm:+7IztxVDkQoN6lv5Mm46isR1AP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508477, "uuid": "2c820d40-e75c-499e-b92e-7d004886720d", "value": 1031168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508477, "uuid": "215b9375-2f14-4ed4-b249-913835596632", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508477, "uuid": "13ce1547-d4d9-423d-bd57-02826a94492c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc7b956f-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679494470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494470, "uuid": "82871550-7785-4838-b818-38ea617f137f", "comment": "Malware payload", "value": "e4aeacf03592afe557aa84baced57f10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494470, "uuid": "3469e55e-898f-4956-9430-55595ab4494b", "comment": "Malware payload", "value": "93d8eb4963a678c63ebacaba3738f716d901aa18a2531f2761b378bae861812a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494470, "uuid": "ff10233a-9f17-4352-afc3-ee031088a729", "comment": "Malware payload", "value": "e6b2a73b46421c916768fa55ea5cbc772e9b0db8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494470, "uuid": "4d491763-f8ac-4cf5-b988-af6fa1f5b211", "comment": "Malware payload", "value": "f965054de3fc3c557b71b83f7044d01a138db46e3e2d9608167f4f38905098e4e4c3b022c156b69296ae12b56380b303", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494470, "uuid": "587db032-8dea-491a-b4ca-9ce3a1e2c72b", "value": "T1A4B55AB10293FEC4EB6F2D54C0042A80DC159C6B5A6C8358BDCA399B96F5724DF9CEB1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494470, "uuid": "ca5c238c-0bd7-4210-8831-65c3cce9684e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494470, "uuid": "59ddb63a-5101-4c6e-b702-d5ea06cffe59", "value": "24576:16IOwQ78u+zpGDJz7AY3x9Ot09OX7l348A5NyX37circNOreGwOTwOsGPNs4Qlds:b47MyTIceeosTerr5hqIdARjQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494470, "uuid": "2e047d12-ebc4-4f36-a590-6a793dd0a707", "value": 2399744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494470, "uuid": "b12cc69f-b7d0-4209-92ce-54ed236b4772", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494470, "uuid": "02878284-2d96-48a0-a630-40dc9abb0495", "value": "IMG-104741602223pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b798f2c-c8d5-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679505366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505366, "uuid": "5b9f00d0-aee6-4d21-9472-6cd1f0a686a0", "comment": "Malware payload (Quakbot)", "value": "8355f029151bb9eff8bd0d9fdfa0a704", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505366, "uuid": "59bfeae3-e7f8-4a5a-b157-d4e3604c9a59", "comment": "Malware payload (Quakbot)", "value": "94f07082929ffde19ca9958e1c80af21b4546b690fa7d98eb199b273098d6e4c", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505366, "uuid": "e442ac3b-ffc0-4629-aa32-025f0070a6ed", "comment": "Malware payload (Quakbot)", "value": "15122f40fdd949073ca660e0b6cf8bf776989662", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505366, "uuid": "8c505db3-70f2-475e-9002-d4c7bb57f6a3", "comment": "Malware payload (Quakbot)", "value": "75917f848604c72a78aabd6c7a922ddef2ba1794c0aad65915614c5b79e496b8c6d3bade74e6e2d7afd22752e253cf02", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505366, "uuid": "651fe1bb-8637-4f4a-b49f-1509277b9531", "value": "T18981FF2A0FD1F1A97E1143DB386D40F591C1A6711D371CA1A0EBCF6FB918124ABB6CD0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505366, "uuid": "76009c9d-ba24-437b-8b2a-51ded315d005", "value": "48:uxHKxYtU3M3hbqslKoAVSfXnQn0nGnInh3tHJIn6nE7nTnZYKtVIr+/dL2svKKMD:uxhtSynL9H+5YCdL2svteMC8O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505366, "uuid": "1dcbd354-af4f-4c17-b3b8-eee6e4106fd8", "value": 3982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505366, "uuid": "b9d73189-2922-4161-a20a-bc70ee3144a9", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505366, "uuid": "7b411d00-9e44-42c4-ae6a-5d4905779ff3", "value": "Perferendis.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60e1945b-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469352, "uuid": "a0fedeb2-850e-4f0d-95f7-fdfc078238d9", "comment": "Malware payload (RedLineStealer)", "value": "442116bf76b22c85d2c232e28f364ee7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469352, "uuid": "07cfaba0-cfbe-4b28-928b-af646cca037e", "comment": "Malware payload (RedLineStealer)", "value": "96652b83e84f1dbdc188029495b409734ff8c93037df89a045c7032a126f6b5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469352, "uuid": "e33626d9-a33b-4bfd-8b8b-029ced3b39cc", "comment": "Malware payload (RedLineStealer)", "value": "d9bfe5bf972d178cfff56d5c9668a228c77f0b1a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469352, "uuid": "4db29ec0-f8eb-40a1-9300-58d00742d57b", "comment": "Malware payload (RedLineStealer)", "value": "240ae2195e49066f766abe09760a03a5cc0310236219c6b311f51adcfded1d51a2b004a576e6b63d3596ecc0247282c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469352, "uuid": "1cd4f791-34c2-468a-b792-beeee4477e44", "value": "T173C41206D7E40432D97A1BB069F507831F36BCA15A78C33B3315A98E5DB26A1993133F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469352, "uuid": "032c7635-781d-42f4-8620-be5e6ab8ab34", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469352, "uuid": "d736be4d-dceb-4381-b7d4-424c4076f61f", "value": "12288:yMrky907PWm49WX1NDVOb172DFWqbxyuKqNaT2IgVa1U8s:6yir1NDcb1aFWqbxRjaTJZls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469352, "uuid": "d83c59fe-9893-4794-ba8d-8ad9cb984d2e", "value": 558080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469352, "uuid": "432a339c-839f-45ac-9c9f-c36ff6ca846d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469352, "uuid": "8335dacf-c6ee-4e19-987f-57c97f804a75", "value": "442116bf76b22c85d2c232e28f364ee7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "229b6aee-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679511767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511767, "uuid": "08d3a91b-9901-4260-b549-6e2e441eeefe", "comment": "Malware payload", "value": "24844d172bd742b7592278a6ddfaeae2", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511767, "uuid": "5292725f-315a-4ad5-a56a-6f9929a73ec6", "comment": "Malware payload", "value": "96f90f57107289f00f447da22c906c6e4e3e9e8e9a785c794ed4cfc027b27cc4", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511767, "uuid": "0c5e357b-7370-4be7-814f-afea9dc11e04", "comment": "Malware payload", "value": "724e4a9351c2ac0876a2d927274408c0ff3c6e07", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511767, "uuid": "72dbd478-dcb8-4b04-b27c-6fc0c38d4078", "comment": "Malware payload", "value": "bf855ab1175aa94671b36960ec0733aab007b38ef918f69e1ecce55bf4e6c470b598e211e8355bef9d972bdd6b4925b2", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511767, "uuid": "4a61336a-8559-4227-92a9-5174d4adbe8f", "value": "T11BF4AF57F7C7FAB0E6BE827A86B2851C527674520360A78F674072896D23392493DF0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511767, "uuid": "b2f4164f-9023-4754-b6db-19fbf876db81", "value": "a31761b5a590c4c499d5f4a347d75c12", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511767, "uuid": "0264269a-c332-4103-b728-d81bd1b04e65", "value": "12288:5n/zDvGHAykHSzLW/4+8bzbBSreMdLvlsG2cxf3mgFK/UqW53:dzbGHAzHAjX1sWeocL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511767, "uuid": "925b3f2f-9574-4ca6-886e-18c057ab9be6", "value": 735744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511767, "uuid": "dc4f901d-508f-4169-801d-22e7db78b5dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511767, "uuid": "73f44466-a33c-4031-9db4-aee785a18989", "value": "Logowanie21032023.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbae27a5-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501716, "uuid": "199e6814-ace6-4f51-8bdd-2b626600f541", "comment": "Malware payload", "value": "911de487b4820a0cad0c866bfd1d844b", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501716, "uuid": "eb46152b-6d81-42d2-b408-8f67a22d6fe9", "comment": "Malware payload", "value": "96fa4ff7fcb6dc7dd3311e6a1d4482ea10487c6c57048575f1bfbc0253066dd1", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501716, "uuid": "fc7d075d-906c-440b-8bc3-0e0f69c95837", "comment": "Malware payload", "value": "ffbccd25a9ce1d414ed5fed4de0cd8f4add4a4c2", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501716, "uuid": "a8528696-c03a-4a2c-a18a-ca9ede216186", "comment": "Malware payload", "value": "37dfd55e20b7717828b136e6e4e95f55423bf0f64e4214c3b26f89642310c724d43b4aa55ce7dc06739e00dd04e7805b", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501716, "uuid": "02cf0449-03b8-46c7-99fc-bbffcd4c4802", "value": "T1B835BFF875047DE6267F576BCA96ACED13A626639ACB94CC80647BC305A3335FE02C05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501716, "uuid": "806f8064-e1e0-487b-85a1-58f3783c8593", "value": "24576:D7yAF0LI725LoSbGHRduVqgNA/7NDa3Cl1a+/OXdI9MkCTp:+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501716, "uuid": "cd30f9b3-01ff-475e-ab23-988665092c73", "value": 1068535, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501716, "uuid": "726971e9-ec43-4e9e-a38c-910414d14ec0", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501716, "uuid": "3a75a9ff-e72e-4722-98ec-b2938e4d3c1e", "value": "Need Price No.34 21-03-2023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba074961-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520611, "uuid": "4c27c583-5aa7-4f5c-9e71-709fcf6da8eb", "comment": "Malware payload (Gafgyt)", "value": "10bc8f79fff527e1062572859f7e2c46", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520611, "uuid": "004e3540-6a11-4058-9aee-b44f4dd353ef", "comment": "Malware payload (Gafgyt)", "value": "970254e514bc7075f6299bbf9f26c15011c612ba626a4f0de591fd203a571f55", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520611, "uuid": "e3a58a13-4e83-48e0-aa52-66cbbb58e8d3", "comment": "Malware payload (Gafgyt)", "value": "2c70df69dcee3389dec3bad0969dbf4210dbf6c2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520611, "uuid": "3aae016c-11d9-42b5-9d91-c7a56a6c1af2", "comment": "Malware payload (Gafgyt)", "value": "5789a2a4e0772cf2f3161b89664ee1621053c8cf735099580d31c5b40103f91a730f11832e46e6cca7662c3898f94c84", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520611, "uuid": "05bc4129-ed48-4f08-831c-c56f820f9793", "value": "T190933B56A780D5B3D14305B316979B620033FE7B1A5EAE0AE35E7CF18F3A0987221B5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520611, "uuid": "7ad1b044-325a-46bb-83b7-b31b0ddd29f0", "value": "1536:msqmQTbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emyGMUNLe5um7WAgcVjmZIcBI:msi2UVUtBUI8GwPfHkk8rUeLesmqAgcr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520611, "uuid": "57bded25-d97a-453a-aa54-fc3734acf3e6", "value": 96268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520611, "uuid": "96d2c721-2649-48c4-8be3-0e5266122b0a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520611, "uuid": "856592f1-c601-4bda-be5f-c7c4e5c331f9", "value": "10bc8f79fff527e1062572859f7e2c46", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f01d096d-c8b1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679490208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490208, "uuid": "d637ced5-2d6a-4ab8-ad7a-3fbc7bcc74f5", "comment": "Malware payload (Gozi)", "value": "ecd46cdc9dbe7430391afb524d2ee2ef", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490208, "uuid": "6e57ff3e-1c4c-49bd-a0bc-321563439cbb", "comment": "Malware payload (Gozi)", "value": "977bb6a4ed4d96674a9194be41d969b178b639c3c04266a0f0e99315d9b84fe9", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490208, "uuid": "cd671a70-fe5d-4d79-ab72-4d0b2ded7846", "comment": "Malware payload (Gozi)", "value": "35ae9dca0c22afeb19b541145e61297f6dc260bb", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490208, "uuid": "797ad89c-2edf-4a79-afc7-3236221c7373", "comment": "Malware payload (Gozi)", "value": "9a1fa9520a3b669f44908be9f223fc57ee6c85d5915ba77e3110f545fe7b046a61780ab76aab3cfa4acf922178d9a435", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490208, "uuid": "c4a99310-3102-4902-8f30-21d0b08bb0c4", "value": "T159F0A3087F0F401EC117CF3ED6421715D31D9E4B1A926D77209C14924828EE9CE0F1CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490208, "uuid": "63231d4d-41a9-4e11-bf40-36dde7b954ce", "value": "12:5jBj8jL0Lphe2ocbMHmijltF680jLTJRkw+P:9h4HmC0ul", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490208, "uuid": "448cce34-f517-41ac-8422-27cec97764b5", "value": 479, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490208, "uuid": "ddefdb58-26d9-4773-a509-2d300b893760", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490208, "uuid": "00ae29cd-4bf6-4741-a5e6-d1f9de5f3f39", "value": "Agenzia27.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "952a908f-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512389, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512389, "uuid": "be63b2c2-7b68-4ef0-8f29-e1f69ed3fa0c", "comment": "Malware payload", "value": "2c5d7dea4e49612cc6f6ced27463c465", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512389, "uuid": "76a36c88-a657-44fe-984c-f21e64ee1067", "comment": "Malware payload", "value": "97bbbbc732a346b08a7b217931091dc43026b58edad8a393ce3e6a1a0e66e0f4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512389, "uuid": "43d78639-72f1-4635-b902-9ed040a89a6d", "comment": "Malware payload", "value": "bee746194b6a7ab7f5108b7e14aba0b44c57c6fb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512389, "uuid": "61b626d4-f8c2-431e-ab34-46577449e0f9", "comment": "Malware payload", "value": "f62457242e7dad95ce8bf9421ff84a7791c7996814ec6aee5acc38144bf92ad277d88e9c211ef71eec07183d4a9132a9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512389, "uuid": "bd73a413-38ae-4d07-9d30-bb0b6bf9cf60", "value": "T12546B6E720C667EDC816C53B8353FD7FCA8FB0364926D8E3A168E2225D25C483656E1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512389, "uuid": "2b1e141c-84a6-49e6-a170-b458940053d5", "value": "49152:eQPxTmeVholeh5L9qd0iFH4oVmTYMapID9Ypjzm1I6D:TxCQhrApYaIepjzm+6D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512389, "uuid": "02eec226-4e03-4c67-8699-11132f6c43ae", "value": 5764014, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512389, "uuid": "e5eb16e8-e03a-4d4b-9569-ebe38c607423", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512389, "uuid": "9895a028-1fd4-4acf-b697-8ddfef0e7e00", "value": "2c5d7dea4e49612cc6f6ced27463c465.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6db71aa0-c87c-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679467226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467226, "uuid": "136d7952-1068-4952-9c32-4090cc471e93", "comment": "Malware payload (RedLineStealer)", "value": "710568b21a2c7f5c7bd86c62cdb43683", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467226, "uuid": "b7441d81-d9ab-4c57-a6dc-967834c93602", "comment": "Malware payload (RedLineStealer)", "value": "97c883d8a0c071f9cb24f5fbd232ba088b2af79a04ee091073cf38701a1fe44f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467226, "uuid": "17128b0f-b809-49f2-979f-234f99ea0665", "comment": "Malware payload (RedLineStealer)", "value": "c9e5566aaa8db753c4a8216f11b8430f09c4e869", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467226, "uuid": "7fd75621-1cbb-45b2-9ffc-5036d30c4c96", "comment": "Malware payload (RedLineStealer)", "value": "04b95bf6f82cac0036390b5d854bdbcd401a6bfaedb26eb3b02b27861052d564ac96fd342e782df24252a2c2f308b921", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467226, "uuid": "7d743147-d919-4aa4-b90e-377697ac95aa", "value": "T1C935230BAFDC5432DCA517B008F607D31E3A7A614E7C816F2762D51E4DB22C0A57A76B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467226, "uuid": "18135233-7c19-4ffb-8af0-17ff7296458f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467226, "uuid": "a5ced312-32eb-4694-8131-2e92bb2083c9", "value": "24576:6yVt9q24LNwXLAbhLKSlHNPZkPosf7J6Q4UWS7Sud2+9:BVrq/xsAbhLjNuP7JaUz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467226, "uuid": "c62a54c6-eb1e-4b0f-9bc5-c4e776a4ef17", "value": 1118720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467226, "uuid": "375b2117-77aa-4c3c-8b47-47560a37747d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467226, "uuid": "3b465ea0-bc50-4cce-b07a-0adf8d79d94c", "value": "710568b21a2c7f5c7bd86c62cdb43683.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f42040d2-c8a6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679485490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485490, "uuid": "b0bddde7-e12c-473c-a790-0aff945c5636", "comment": "Malware payload (Gozi)", "value": "78b4ac76b3261a6ac4a94a868e39ac25", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485490, "uuid": "cdb13fa3-64c6-449c-998c-32917e9ee8f4", "comment": "Malware payload (Gozi)", "value": "97fcb2199876005f3e4db6aa7280b15cd59dfe0b99c1fc0e722adb31f0d2e6b4", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485490, "uuid": "ba9cd05e-969f-4c3e-bc04-1412766d187f", "comment": "Malware payload (Gozi)", "value": "0ea51d3d2032630bf53252657f0ff856ff0ee690", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485490, "uuid": "fac93a78-0204-49b3-8e1a-a59651c08bdb", "comment": "Malware payload (Gozi)", "value": "d5f85fce12b0277fa5c35a441508b82bd0f70d3c65b5cb52a240d9e72c0ff01b2c701d51f022f03e67c6cd829a46ea61", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485490, "uuid": "d1f0be22-592e-4796-bebc-ac25154d8bd5", "value": "T1FF747DC297E06C60E5124732BE1FC7F42A1EFC619E597B6E2359AE3F09701A3D162718", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485490, "uuid": "5ac0dff6-f80e-4233-b879-8342cbe6504a", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485490, "uuid": "b19b8273-c1a7-463c-821f-5ef2075e4c91", "value": "3072:jyjrlS0bY/04BjuajiKAOSAjhKmj03oXGjyaFgE92ZP+4Ysd8BAmgwn0JV:nV0am9efOyad9L4Y3R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679485490, "uuid": "79c1873b-ef24-4fc9-bdfc-e2fd3978701e", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679485490, "uuid": "07701d7a-ab7d-47ff-b29f-811cdcb31516", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485490, "uuid": "3ea55df9-41d0-4fbb-be49-cf5540f97654", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7785124-c86b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Cutwail)", "timestamp": 1679460075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460075, "uuid": "ef0d49ec-fa2c-4c23-b151-bb0f9aa77aa4", "comment": "Malware payload (Cutwail)", "value": "9faea65cff61ad64e4bc4c3913c336be", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Cutwail", "colour": "#ED0EDF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460075, "uuid": "efc155ab-49f3-4b55-935e-a441b35253b1", "comment": "Malware payload (Cutwail)", "value": "987204ca82337f0a3f28097a5d66d5f3ecb11d43d82f67cd753d0bf2ce40b7a7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Cutwail", "colour": "#ED0EDF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460075, "uuid": "6c318db8-c2b6-472b-ac1e-f31434c96e67", "comment": "Malware payload (Cutwail)", "value": "4fac3a2b3e76ee1b31a369ed53d145218952a340", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Cutwail", "colour": "#ED0EDF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460075, "uuid": "fe962362-6822-415b-bee6-573f8272b416", "comment": "Malware payload (Cutwail)", "value": "0c103207f116a96878054699cd98cc1bf27494e5f76f0c52e5db051c563fe49b24edecef41fbd6efe29b84287d26bd1e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Cutwail", "colour": "#ED0EDF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460075, "uuid": "b27dd882-13fa-43ae-94c8-a6a2a82b4561", "value": "T1C6444B18DE73AC75DCE304731052FE7AF1799E824B266B91F7849EBBE46286D70042D8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460075, "uuid": "807e4231-01f0-49a8-ace7-1ba5b572c699", "value": "6e82b26469ac662e23ea9fbbf84e95db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460075, "uuid": "a7b655cf-e37f-422c-a838-421fa7f9eb50", "value": "6144:UYf6pfKeeeeeeuPUn+AQTGTDFNDlzZID9+K7JPF:T6pieeeeeeupIDT7II0j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679460075, "uuid": "0fcb8b3a-597d-4d30-8af4-ecf0315ebd86", "value": 259072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679460075, "uuid": "98f0189e-4ddb-463e-8c26-1aee8fc1de7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460075, "uuid": "cbd21295-b2df-4b9d-8d02-223a9efacd17", "value": "9faea65cff61ad64e4bc4c3913c336be", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a21de739-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466025, "uuid": "f62365a1-ff80-42f3-b01f-fc1a6d5bb40c", "comment": "Malware payload (RedLineStealer)", "value": "846e73c55581b33bc2b22411c40272b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466025, "uuid": "a3823ae8-f860-438b-a7b8-bc0a7a5d698d", "comment": "Malware payload (RedLineStealer)", "value": "99f037b3c8a5f7bd36c4704da2922dd2ca898000b6268be4a9da60b2c74384da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466025, "uuid": "f50fcafb-5fdb-4aa2-be7d-e49926f4816c", "comment": "Malware payload (RedLineStealer)", "value": "0239aaaf7ccb628d51e22bb37748d3f306723344", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466025, "uuid": "1669c64b-5cd2-4e59-ab0c-8f06a7c5f9d9", "comment": "Malware payload (RedLineStealer)", "value": "315257e0121b6940ec7cb07b05b9b1da7bcf72886313e70e6b3f9494a7e39308f038afcfc37c8b3ce99f176200a2285f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466025, "uuid": "baa29cb9-1843-401b-8220-496bf9c9b719", "value": "T169152356A3D88533ECB53B7059F602631332BDA32D3C87636B58941A68F33D494B276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466025, "uuid": "fe7b093c-207a-481c-9ee8-9d10db8d0fb9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466025, "uuid": "2bb685fa-dc70-4718-89d9-5634d0d6e76e", "value": "12288:GMrPy90ACpII4Ssg5qL/TIyKGVWWkBYB4+9NExisjOT/tmeEnY27BuHaYb:pyKKg5qL/TIyBkBYyONEhOBm9L7YJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466025, "uuid": "158c4262-c859-4ec0-b95a-e2ae65595cf6", "value": 929792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466025, "uuid": "3359b08e-c5d1-4905-b6fb-67fdbd1ef8f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466025, "uuid": "30ed72b8-6be7-4a52-adf2-71cd93d34291", "value": "846e73c55581b33bc2b22411c40272b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "968b4701-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679469012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469012, "uuid": "205351c5-659e-479b-a211-71c0a5985cf4", "comment": "Malware payload (Kaiji)", "value": "dfb3df19ee04f5824b127c8456c07252", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469012, "uuid": "c80d68c8-636c-4e3f-b41b-f964204500b2", "comment": "Malware payload (Kaiji)", "value": "99ff76e8bb8150bc141c7398d1fc9ef3584a21d56f8878e3f37ea7e48d3203e5", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469012, "uuid": "b164aba7-6035-4ce1-9dfa-77815c553283", "comment": "Malware payload (Kaiji)", "value": "bcb4920b4eb1e8049aae88f60115ba5e2fc8c056", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469012, "uuid": "6a9e3cbb-aeab-4dac-b825-307c88718f00", "comment": "Malware payload (Kaiji)", "value": "fc6cd83bc101882729f93e9a29b3a6a0b01e53172a7f7ca7eb5f635931b4d16591918850dc1b357d02af839d52660a4a", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469012, "uuid": "186d02ae-69b0-4d3a-9045-ed8a63b6a6a3", "value": "T1A1463903F85195E8D1AAD130CA6282A2BB717C895B3023E33F55F7B82F72BD45A79354", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469012, "uuid": "90c616ad-d43a-4965-b98c-c72da027f61f", "value": "49152:36YAazFaGdD95S9rb/T0vO90d7HjmAFd4A64nsfJSNi2nYr3miNAbBlrqlTMcN7L:ldvpJYrjA6ENL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469012, "uuid": "34ffc3d5-5548-4d97-84f7-bf215fcbeb21", "value": 5398528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469012, "uuid": "d0c619cc-aacc-4866-866c-b3d2bf605c16", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469012, "uuid": "f8178171-d4f1-46df-a64a-445863089a31", "value": "linux_amd64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55f93892-c8d7-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679506270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506270, "uuid": "dfdd4800-b76f-4750-bf47-78eaa1e3e557", "comment": "Malware payload (AgentTesla)", "value": "2baf4e88b5b8d134a331930d9fb02cd0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506270, "uuid": "1a983471-ce4d-4334-ab59-0fcab2348d56", "comment": "Malware payload (AgentTesla)", "value": "9a9f33ffa79b97476aa9b6b7ba5f16a03cf332bea8ce0ac80dc67070d183ef08", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506270, "uuid": "454dda05-57fd-46ce-9c85-62b884109883", "comment": "Malware payload (AgentTesla)", "value": "85c7c23dc089cf217b4e4d4815dfceb70327509f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506270, "uuid": "4d1fa530-04e9-4d02-b7ec-292740cb2649", "comment": "Malware payload (AgentTesla)", "value": "c1c00c76e6cc480fb73db52644c46761f37018cfd708493d315d72e4e8f5acbc7b0dbc11f6446ad2e4459a4787f86115", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506270, "uuid": "539241b7-e390-42de-aea3-fa5c71a7a2f4", "value": "T18C155B41EFAA6461F110447A216BBD5FCD51A88E98EDFB6E150FEF31F5E220D1C82E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506270, "uuid": "1b6f7a2a-2831-49c4-8625-f4cee19535ae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506270, "uuid": "9c92ebb9-6fa7-46b6-9b71-3fedc21a0209", "value": "12288:Skkr4gwDw/vDfD4V/V7axNbEjQj57IqCxlimehmzW0RvxiLATAGn3WtNmBNa4OCM:Skkr1X7D4lV7aPEQ7MKXmy0P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679506270, "uuid": "b6788ec6-e764-4ebf-af1a-71384c41bdce", "value": 950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679506270, "uuid": "680056ff-10ec-4f9f-be6d-4ff9aa4c7055", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506270, "uuid": "435da3c6-0c35-4c8b-990e-f1d01cae17ee", "value": "z29oR1PpHWgNwQPEiG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1744437a-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511748, "uuid": "481e3183-8c59-4f24-ba77-5df86f664ddd", "comment": "Malware payload (AgentTesla)", "value": "c88f557c9e9935393805e83a7d429838", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511748, "uuid": "649d1ae2-a30f-45e4-b8db-f9a456e0f0f0", "comment": "Malware payload (AgentTesla)", "value": "9b33661773d15950915dc3344a428ea6334f25d5c30c05cf07c8bff60dd9f9be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511748, "uuid": "357ca692-ad51-4a78-a2a3-a4e20350e494", "comment": "Malware payload (AgentTesla)", "value": "d7bec7686f95cbce8c744496baaf29f3913e1d62", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511748, "uuid": "2f7305d5-c3a0-4897-96f6-9e8c7bfdf7a7", "comment": "Malware payload (AgentTesla)", "value": "47d352a63c6a2fab4ba379207ebdce4e5318a934c195e7aefb21bff01a7db03e0ab3903a5acfc4599ccc4e5fbe049ee7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511748, "uuid": "4e0512f8-c30c-4470-a2cd-f0cd3c17f956", "value": "T12255121133B09F14F6BA57B04466E69563B3BE26F633D7089DC410DA3DA2B804B09B6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511748, "uuid": "6f7feab8-e405-4e9c-8343-93747df2e288", "value": "24576:3yJ3XVcHvhf81Kd3EZKTV111VD+7AB7L+KgyrrrrPrF0BMnlE6A:61cPhf81Kd3Es7ykODyFBnK6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511748, "uuid": "037a0799-3601-4661-8329-e059d6439aeb", "value": 1317888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511748, "uuid": "7e0b4351-de6a-4355-adab-7b5f3ecf7f4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511748, "uuid": "943b64ab-cabe-44b9-8b54-a38a4dbdab14", "value": "DHL Original Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fbaa8ec-c84b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679446157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446157, "uuid": "efdacf2b-5443-42a9-88a1-0b913c96b3ce", "comment": "Malware payload (Smoke Loader)", "value": "399e067dd7dc6a972a2a09ffbe8252d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446157, "uuid": "7fa28b68-1758-4b9e-8dee-a2fd58ace431", "comment": "Malware payload (Smoke Loader)", "value": "9ba06874f9c210f41047c7cbc9118caacdb1d549fccc9b5a912efd48cd3e7f8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446157, "uuid": "94ffa2a8-ccf4-4155-9b83-65c8c8ac195b", "comment": "Malware payload (Smoke Loader)", "value": "27df4c536341db3d908b540d50cf85edfc9187c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446157, "uuid": "d5823428-c56d-4b80-b997-a9a13d8c5639", "comment": "Malware payload (Smoke Loader)", "value": "2d0e7c5ad2823cc27c09eeb26c0939acb2b1bfcecd949a08e2003c6af431221b11ef1e2502f2925083458cd4021bd0fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446157, "uuid": "a56eb822-1a7c-43f6-9491-771be16fabec", "value": "T1E974C71392D27C55EA258B739F1FC6F8B61DB6708F493BA632189E6B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446157, "uuid": "9c672f73-23e9-43b5-8a07-31b8f51f394b", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446157, "uuid": "c899fdbd-a51e-4453-a535-fe1ac6d2cf9d", "value": "3072:iM7v/loawCISL/coAncBQfKFF2C+gwYNYxtClsweHHc5z9fWOunRDhGFpy10wZ2T:DbISL/joSQfKuC+ONYXCGweHHK9fWD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446157, "uuid": "d17aeea2-969c-4e2e-a2f6-616f4e93a5ed", "value": 364544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446157, "uuid": "ee4577f4-912f-427e-be26-911df48ebe6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446157, "uuid": "1c28bfd6-f8ea-4a51-a493-03620917fa57", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2ed4d16-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679496977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496977, "uuid": "596c043b-1c57-4046-b3c1-3ded2478a85d", "comment": "Malware payload (SnakeKeylogger)", "value": "15764eb449397a0c0a56c093320f4322", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496977, "uuid": "7e80d5c7-06ed-4b38-a5fd-6840927c64d4", "comment": "Malware payload (SnakeKeylogger)", "value": "9c6a4cf0c130672642be43795905b612d9b351278654c4bfba3cf935e127fa91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496977, "uuid": "7f433c0d-bdde-44df-9b62-a9027e4072a7", "comment": "Malware payload (SnakeKeylogger)", "value": "09f2d740790c48d4af8da373ae008567a11ad46d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496977, "uuid": "b4354105-373a-46af-a09a-09d2eb99bad8", "comment": "Malware payload (SnakeKeylogger)", "value": "eed63e30eaed5896a722ea89a10957e970d68996577229595d43c55cc5187ec594336763b6d1337fe2c5b4ccf662abab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496977, "uuid": "4fd2a0ae-c4ee-430c-9462-3ae0e92a8a56", "value": "T14FF41227B2E6DB62C16C9AF58893592007B7E38B2133FB492D8451EA5F577E04F01B87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496977, "uuid": "a2049e72-5c41-4408-b2ee-1bf3ecf429b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496977, "uuid": "da16b973-91a7-4191-8b80-36524023d0c3", "value": "12288:6Bs8Lh/l7aeukNwEx7l+ruMtCEqSKbYncyTBfszq4oqtQH76NKF5xb:yzPukNkqMgMKsnX1Uzq4DuHmkF5F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496977, "uuid": "40f4c34b-ad44-4a71-a255-df3ef9a898df", "value": 753664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496977, "uuid": "57013e80-6f9e-4a31-af33-388362e95649", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496977, "uuid": "00d26a0f-de8f-4e2c-861b-d06723b3be30", "value": "PU Request Form Hardware.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f54de08-c8ed-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679515708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515708, "uuid": "a374547b-e48c-41a3-b9fa-3e54c2cec219", "comment": "Malware payload", "value": "6c63dd590d567662375fed22e625c9ce", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515708, "uuid": "40fb5454-26aa-4e6e-a3c1-60011943ab85", "comment": "Malware payload", "value": "9d4810171930cd3762bff169c8b82a0e8afa79f880d39bb0b99b36f33933feb2", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515708, "uuid": "cc3979f8-df23-43ff-bf3b-52b80a4c9972", "comment": "Malware payload", "value": "526953080740a278c41f8f4cc89ecb94182885f1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679515708, "uuid": "3cc0c2e2-1dca-4b0f-9f94-94a9eaa29884", "comment": "Malware payload", "value": "0a9bbcda0587cccdd2f852270e76b7909d0a89431db3ae0d361967cb03fd395517426f94cee8ef32e44a36f444894767", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515708, "uuid": "aa302729-9dfc-4fb3-9fff-155413e05ecc", "value": "T183F4123036B0C0F6D5AF543D4462EBA42A3E79312395CD873694677D9E34780AEAE32D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515708, "uuid": "2b912b81-c04e-4d5a-bd19-9205fcd200a4", "value": "d1d84efc3e3e2f98146d74fc81d5e201", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515708, "uuid": "325ee88f-ed24-4774-a549-6c0491da6b02", "value": "12288:8FYM2bYNFDm4YiKkK/N5PWZo1FUU6aIzPsIXpM8RBDnB+FFcC:QP5FLYioNWa1FH6hzPswpPRBt+ncC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679515708, "uuid": "2fccb6a8-5923-4963-860f-8975af9856f7", "value": 733184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679515708, "uuid": "244f759d-23ce-4c09-bcd4-b6e75694e84f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679515708, "uuid": "9bd3b9c9-8c97-461b-99ad-ac04217b5dfe", "value": "2.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "926aed47-c8ad-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679488332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488332, "uuid": "83dad2aa-6e9e-46a3-8724-b07c601b7ded", "comment": "Malware payload (GuLoader)", "value": "3b470c8160ee9a2a50e8601d7564dd81", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488332, "uuid": "98a607b3-2a7c-414a-b543-c3c6c5da349d", "comment": "Malware payload (GuLoader)", "value": "9d6ade22b62a5d364270ce940dd46e8afa09e899c07141a531586dca83378983", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488332, "uuid": "8e50d8b0-5085-45fc-a237-ec9449cdb203", "comment": "Malware payload (GuLoader)", "value": "d7dbd89dfc035d83b3f4e0de61ab3ed434717ca7", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488332, "uuid": "b03ad571-8270-4305-8738-b99577f7129b", "comment": "Malware payload (GuLoader)", "value": "1b38a52df89d11270561fe99b2c7f248eefa07478d6425395065fc80e2bac65a2c495d2bddc02662efa3d682732a276b", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488332, "uuid": "f58eec9e-4b3c-4d7e-87d9-3b903184a854", "value": "T1D7156BACBEA41C55093A36B6C843C4408DED4FDE0532F83B5D9D06B935C6498AF7AA37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488332, "uuid": "156203fc-d095-4cca-bf3d-7258bc25c63c", "value": "12288:tgbCI1o9ZIp72ss5pYnxOJJK4YqgdaZSMy6eBLkP+PBMzZf:G+rJAOJJ/YDYlCBJMzN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488332, "uuid": "ad62392a-4d8b-407d-a74b-d9c032f08905", "value": 938920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488332, "uuid": "81ee5244-f63b-40e2-84ee-946461047752", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488332, "uuid": "d7b4afc4-3420-4c23-8aee-96b83882a56b", "value": "5573_Confirming_685738_Permiso.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38482633-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679449097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449097, "uuid": "022bbf69-a749-4c7d-bf24-0a4090d00b89", "comment": "Malware payload (Rhadamanthys)", "value": "4b1b8d826af29ffedb77d48e34ce9494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449097, "uuid": "65d9b851-ebde-4185-b263-867334cdb112", "comment": "Malware payload (Rhadamanthys)", "value": "9e068da322450ae34e33254c3bd919c1a38c5387f10f99ce4305bc63452acea6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449097, "uuid": "81c5f7a5-a8ff-4ea1-b19e-3ff68d1f4771", "comment": "Malware payload (Rhadamanthys)", "value": "c90c4aad5975c0be4a2c25240367874af1218c6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449097, "uuid": "a9333817-bb9e-44dc-89c3-9977a57fa8e9", "comment": "Malware payload (Rhadamanthys)", "value": "af97a33427dc2a5ad88734f3e163993b92724df27450d942b34ee9e71c02b91084f2f44e5904c0f3fb5277f3144f6380", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449097, "uuid": "25040296-aeb3-47cb-8e96-ce9db67e7cce", "value": "T11B84F74382A23D45EA258B739F1FC6FCB60DF2709E497B6532199E6B14B06B3C263711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449097, "uuid": "3599ab6a-cdad-4859-989d-ff7f9b79502e", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449097, "uuid": "094b28cc-c047-4a2c-821b-31c5058a29f0", "value": "6144:06fBLWLRZHJ89DSqbbMyA3MQZkqo56vffqzgMcWML0pWYGQ:06fBa9H89DSQbv+MQZkP43qpcGWYV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449097, "uuid": "a323b97f-d7d8-42e3-837c-cab32185f1d3", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449097, "uuid": "ecd0a79b-1065-4808-a416-0f6f7ba937b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449097, "uuid": "b3308c1b-8522-4727-9aed-8a351d545fb2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37ab0a6c-c89d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679481308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481308, "uuid": "d332f995-db13-41c1-a67a-b11d1f0b079c", "comment": "Malware payload (Gozi)", "value": "c251ceceb7a32f7ff839635b18c0c97e", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481308, "uuid": "6229b3c4-c0e3-4d68-b655-b05b5004b2df", "comment": "Malware payload (Gozi)", "value": "9e33623ce66d8c4154af374dbea6ad918d26f7aef0a0bef9591ca79351c68542", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481308, "uuid": "43deac14-172a-46b7-b55b-599f248616ac", "comment": "Malware payload (Gozi)", "value": "5ef4bd64808926101c1de5c4208604584cc69b2b", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679481308, "uuid": "e1b5eead-0ea6-4ba8-bae0-adf4cfc91404", "comment": "Malware payload (Gozi)", "value": "55b8c6b184e502bd140796f803eb864431e43a4df3bf7c7e12ae4184692de046ab7111ff0a82782db14d30616300d8f7", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481308, "uuid": "dd99501b-2d2b-4701-986b-5985d6a807f6", "value": "T170F05532E06A397AE03AAA7B309702E1A3B0738FD4C2344745085F01BDAE5729903F86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481308, "uuid": "8d2cf963-a0d5-480c-b3a4-b3082a3f28e4", "value": "12:5jezvZKOkG+sRlTcfjbssQVxX6UKBIPWTqhQKB7kl4J/:9ezflw7QHKSOTwz/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679481308, "uuid": "f6f00f9c-9c4a-422a-983f-9a1da5e7ebd8", "value": 485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679481308, "uuid": "6b0360dd-43f8-4254-a10f-11f1c128ebe9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679481308, "uuid": "f80996e9-6155-4d28-bfe3-6bf8da05160e", "value": "Funzioni237.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4910426e-c87e-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679468023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468023, "uuid": "c76dd7b3-e60d-4d9c-87f7-534714fa127c", "comment": "Malware payload (Mirai)", "value": "154a9f065c4a90de7eb879afae049b4b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468023, "uuid": "605fd0d7-d4d2-4f77-8c9b-b3da72c28bda", "comment": "Malware payload (Mirai)", "value": "a0ede4b9d54a197d970f9322813d69b247e7b597772c2e289e9dcaca42b76451", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468023, "uuid": "3a1bc293-bb61-4f80-b174-8ebb50435b25", "comment": "Malware payload (Mirai)", "value": "f34999366d4bc66ba2d11b95b2db5e15ceffbbd6", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468023, "uuid": "d23119e1-8786-45ee-b9b6-2b2af00116d7", "comment": "Malware payload (Mirai)", "value": "ac38f6036bd79168e2eebba1fc8a29e03e508ceb9e808d75c721ae701a0c6cd54522f0a7f032d344da6c12f2cba24317", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468023, "uuid": "5d36a27e-c461-41c0-a08a-9212b9a8015a", "value": "T174E3FF255967E267C4A7FFB8EFE57A92835DF2174E898203A2E0104E4DF4D59602F8CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468023, "uuid": "1b9acee1-9c2b-47ee-8b0d-8a1b2638422e", "value": "1536:jRjhzkaODVwhFVBvXbtVxoDncuXd4/iQeLqdhQzmcC3c:llzpOahTBvLDxWc6d46UdhQzmcCM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679468023, "uuid": "b6e9f42e-9740-47bc-a78b-d760f14e7024", "value": 152720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679468023, "uuid": "5d8ebe45-efb0-412c-aae8-84a315a70985", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468023, "uuid": "fe14dddd-4ba7-439d-859b-8b324b47b228", "value": "Blade.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1582c15-c89b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679480707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480707, "uuid": "94e8f478-9e43-4473-942b-390b76337aef", "comment": "Malware payload (Loki)", "value": "ca62a1b8f19765c9dab034741c463aed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480707, "uuid": "f1367952-368f-4dc4-ab27-8b453b158c5e", "comment": "Malware payload (Loki)", "value": "a0ef0f452724443925f9eaadbdedbfe2f8b4726083dd64339b6fe5b61ff8b640", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480707, "uuid": "d2e66d3b-3f1c-4321-9cb7-74298b0df9ed", "comment": "Malware payload (Loki)", "value": "89112e4a36b02c11d13796f3782880732ca93173", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480707, "uuid": "3e194d6c-3a64-40d2-9b25-3acd8cd7d0e5", "comment": "Malware payload (Loki)", "value": "0fb73671c8e640d8b2ead50c9de4a061c31040a125105bfc10ab27cad92f59bb980b833605cb0bbb50945a2f1aa201bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480707, "uuid": "84e15e90-5285-4462-98ac-646a5ab964b9", "value": "T194041218A9E6E4B3ECB217326F3B8565A7FAD41224A0935F27505F9C38239D1C58F723", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480707, "uuid": "12e6cb92-a311-49c4-ba81-789f0112e863", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480707, "uuid": "a6dd47f0-ac8c-42aa-9f71-2bec10cb22d1", "value": "3072:XfY/TU9fE9PEtuQbeJKuup0mTayVew0cZckNwcrMh3AQcgBOxb9b+nZ6Gi2KgeWY:PYa60QKRp0mTdeojK3og0x9aZ6Gi2Kg4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480707, "uuid": "61cb9193-cbed-44c1-b225-447e8bd04030", "value": 173717, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480707, "uuid": "dbddc1a8-1aed-440c-9f25-c3f9b1b9a338", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480707, "uuid": "d40f703b-3b55-4264-8f7d-fec9eabc5e28", "value": "ca62a1b8f19765c9dab034741c463aed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c0c9aa1-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679496885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496885, "uuid": "76ea3268-524f-4ba5-9afb-ed1d00929598", "comment": "Malware payload (AgentTesla)", "value": "5d92acb577c55789b9976d4fbe444604", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496885, "uuid": "158a3fdb-63c0-4107-9601-9912fa0abb1e", "comment": "Malware payload (AgentTesla)", "value": "a14fa25efe85279e3ef24087729e0ef7d662fe67555ce876b52388e5d3e3d35c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496885, "uuid": "7531d928-a377-4f90-83e5-f13d585d1fec", "comment": "Malware payload (AgentTesla)", "value": "48e517df5a8695b59093038569b8258a907f0fb9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496885, "uuid": "4e53ae98-a277-4ba8-9732-1a244afd51ab", "comment": "Malware payload (AgentTesla)", "value": "96d6aa60e33bb503b468a625da5b59d407ed896bca2f36a0b77c722b43b6b97d064bf4a75ab244692351943458497c01", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496885, "uuid": "8b1eb9d5-d76e-4697-a42e-73f4b9bfa346", "value": "T199A423123A9AAB22E23DB3F8853C664587F872333954FBC12CCD92D47D51B525908FA7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496885, "uuid": "65d47f47-abb3-4f3a-a48a-f70a383ba4d5", "value": "6144:BqB4vex9CQubH+oSd5zMPcAfjvgp+NB34zor/8E3ZmH+RU7o/V1VUX:BqR7CvLSbMLj4pKIzs9pmeRU7Yjm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496885, "uuid": "9411865c-ae89-4ccf-ac46-fd657180a84c", "value": 468480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496885, "uuid": "9c4432a0-5115-4dd3-98d3-1720941d3764", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496885, "uuid": "26f7dbaa-4b7e-41c1-85c6-a099a18f4087", "value": "Invoice_0629.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26b2a824-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679512204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512204, "uuid": "bbff9c2d-e9ce-439b-b827-cbb27772de0c", "comment": "Malware payload (AgentTesla)", "value": "e749459aba6384348147825deed0a033", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512204, "uuid": "e9472ac1-1109-474a-ba9b-1f621239a38f", "comment": "Malware payload (AgentTesla)", "value": "a169b28aef17ec40410b335f295192681dc0eaaaa1b9f870f87efb009a83447f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512204, "uuid": "76e9adf1-1059-46a4-9f03-ac75196a65aa", "comment": "Malware payload (AgentTesla)", "value": "3f79e748a302623218deed97c65770f2a851b2c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512204, "uuid": "127a8876-aee5-449e-851c-2c55e9812f97", "comment": "Malware payload (AgentTesla)", "value": "2b5ec591a1428d8024ba749124533e93514f806f2ac56bf8c32032f7a6659a9359946937faf721f3178083433103536c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512204, "uuid": "c501e936-62dd-4ce7-a61f-a816d272f30d", "value": "T1D505230E719B8453CA790FF5052273C153B49B12A913EBDD1CA1508DDA93BA39392BBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512204, "uuid": "0fb32628-928b-4fff-af79-8b2305477523", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512204, "uuid": "9752f7e1-a48d-4bdd-95f2-ad588d76b4ab", "value": "12288:MhcsqYhckZ+7r9Dz/SxCfhf5GK0gDYGk5/SChIW+Try2lotjU2z6Hk:ojWNzR10W8SChI3eRG9H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512204, "uuid": "330912e9-560e-48a6-ae85-ad44010833ea", "value": 841216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512204, "uuid": "e815f0ef-c4cc-4450-8b73-cab9b10a876a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512204, "uuid": "f7db4fb4-7050-4f8f-bfbb-ed1869e62ed9", "value": "e749459aba6384348147825deed0a033.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b60333bc-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679500848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500848, "uuid": "2eecfa42-cf36-4cfb-b63c-28b23a75701b", "comment": "Malware payload (Stop)", "value": "c0836237f57db0801abad3db0d3e9311", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500848, "uuid": "8ea15eb5-ea7e-4fdf-987f-65cbdd196911", "comment": "Malware payload (Stop)", "value": "a4e4ef5a186e4f30828cfd2cb0b385785836b6204ad6c5e889ef22f611b39fd1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500848, "uuid": "2f0a91b5-ddfb-42bb-9995-3407afbd43fa", "comment": "Malware payload (Stop)", "value": "57e6a0c81b7ed624d44b0b33fc0f7b4ed1530144", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500848, "uuid": "9cd31a80-d0a7-4468-b2ff-20ae3cb7b260", "comment": "Malware payload (Stop)", "value": "4b3c913c4e79024228c5e1486dcca3d6da28ecdf5c7b8314a1a58e989d465a8f0c8964d60277c2fc63c712ff47b713e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500848, "uuid": "c76b60c6-587b-44d4-9019-e62bff730a83", "value": "T1D515F10253936C60EF1646328E1AC3F8566EFC619E5BBFAA264DED3F0C701B1D662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500848, "uuid": "a0b3895e-156c-4ea0-b89a-93d56c8e4644", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500848, "uuid": "ff3e9102-e382-4cbb-92a7-7aecd934d30b", "value": "12288:J0NVVxnxT8Bt11RaFO1yBfYKgDq7U1tOFKe5vOgZJ6FXq:QVxxT2Dz1lBD/OzOgX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500848, "uuid": "42068138-92dc-4045-8a66-9c92f3c0bfbf", "value": 888832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500848, "uuid": "78c787cc-90af-43d3-a06e-6d97b5583553", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500848, "uuid": "ccb703b8-349c-4297-8623-8fd076713c60", "value": "c0836237f57db0801abad3db0d3e9311.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdbd6cc7-c87b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679466930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466930, "uuid": "e547ffe1-30c7-449b-9b0e-8a3c955f1ff9", "comment": "Malware payload (Amadey)", "value": "a222b7ced5cb172c3d9f6fa89a49109d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466930, "uuid": "19d0434d-ae1d-4193-af67-494a32f6e275", "comment": "Malware payload (Amadey)", "value": "a80e2ed74f1fb737911e5ea2b1aa2747b6ed375ac6ce0c34a952c2396fb6b838", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466930, "uuid": "7453090a-62eb-41ed-9d7b-54839045aa24", "comment": "Malware payload (Amadey)", "value": "dcf993e91f15774971ee2da50bc73d4b1e164662", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466930, "uuid": "1ebcb1e0-9cc9-48b8-9fd1-4e27c62617e6", "comment": "Malware payload (Amadey)", "value": "6006ae7512b08dc0888820efb5941a7923961e1fce5266dc2634db6064a142ffff0fe9a4d84ba355c9e47774d0e2e3f3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466930, "uuid": "b0346751-a102-4d6d-bc10-39266806be24", "value": "T128252302EADAC473D9F5473068FF16930B36BD701D3C531B62829D990C73A89697A36B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466930, "uuid": "0a98ab25-2647-4202-b9a5-a93fe7c267f3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466930, "uuid": "df21dc60-3d31-46c5-8f79-bd8330bc0029", "value": "24576:ay1unrzIuWc3uhkdFHHtc4aykU49y0Qi:hIr0uv3uedVHtLm9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466930, "uuid": "b8622677-99b7-4ce1-9f93-b6bb4630b2ba", "value": 1032192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466930, "uuid": "2138494f-1fcc-4f47-b146-df9db7f2fa5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466930, "uuid": "3b400e30-ea4d-4bc9-b791-2d168d2ba123", "value": "a222b7ced5cb172c3d9f6fa89a49109d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12c37b82-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679449034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449034, "uuid": "20703c72-2cc9-4033-81aa-a63f63d23306", "comment": "Malware payload (RedLineStealer)", "value": "340490a57f8721238c86e736f86312c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449034, "uuid": "dec00e42-04af-4a88-9c0c-e9a04e00c3aa", "comment": "Malware payload (RedLineStealer)", "value": "a8548f20f5d65b11e68755717bc0536c0021f3cd0ce1fcbbafd67a64ad226d96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449034, "uuid": "cc8ca3ef-9adf-4893-946b-2d6c71409e05", "comment": "Malware payload (RedLineStealer)", "value": "5fd48040d74b4782af1f246e58587828bccbb0f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449034, "uuid": "555821bf-4c78-4016-98e5-0443126500aa", "comment": "Malware payload (RedLineStealer)", "value": "f92ee3a8004725ba6e071858627e20aab59b8830c02f35238fcd8738f6a8f2878024c845c3394283ca82f92700da803c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449034, "uuid": "110c7ee1-ba7b-4f6d-83cc-59b91bbcb599", "value": "T1DB352312DBE89572E4B5077198FB169B1B3A7CA2EEBC431B33429D674D724C0A532327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449034, "uuid": "bf872b6a-8d33-45d7-97f3-234b064c4288", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449034, "uuid": "d00a4ef3-d2fc-41e0-b36d-1fbb79a42ef1", "value": "24576:XytF6vLruy0pNhDX9oipRFgvF8QR+E0+UX:iz6vR0vJoY3U81Ep", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449034, "uuid": "d7fc404c-9410-497c-a8e8-38b487534088", "value": 1085952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449034, "uuid": "42694e87-4338-4ba5-962c-4930cba967af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449034, "uuid": "52ca325c-67ef-4153-b3b2-57cbbbc4abdc", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b946044-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679486630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486630, "uuid": "b1e8b310-7f9c-4cd0-a667-ddffb790ab2d", "comment": "Malware payload (AgentTesla)", "value": "4fd1740156a27fd09621f5d58684099a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486630, "uuid": "f0d839e3-556f-43d5-a86b-2e1aa312c9e8", "comment": "Malware payload (AgentTesla)", "value": "a95ec8327b950ca7895addb70ef50f2e28bbb982a1fd706015bb3f35ef476257", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486630, "uuid": "016c25c2-5793-4b5e-9aab-72f481aa7037", "comment": "Malware payload (AgentTesla)", "value": "f4f3f84687e7e01ba906734f15212140251e1725", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486630, "uuid": "b1878bab-9cc5-461a-8b9e-ef6bd7aba395", "comment": "Malware payload (AgentTesla)", "value": "48f5410f46f1a8549fc83564c7eed608e4f14934a5abd0dd13c051d83cc7c6ed982ce2fb380e76f0c925d3969b927a1c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486630, "uuid": "91d2b4f5-7ec8-4e2c-8aae-40ad853e5075", "value": "T108F41246B3E6DB22C55D8BFD94965620437AA30B3233FB093EC815D96B237D14F12B86", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486630, "uuid": "90ac390d-4aa6-4248-9a6b-5db4c025027e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486630, "uuid": "4e4100c2-283d-4090-af78-1d2857446c44", "value": "12288:y6O2gK+eMj75wTi0RePV/P6Eo6tIHkvUUk6OWSx:C1D7WnCV/bo6ugk6O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486630, "uuid": "081b2bcf-16c4-4bfb-85ab-a2ce0f996730", "value": 794624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486630, "uuid": "c3b44a55-3df9-4792-befd-242530fc7c2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486630, "uuid": "d011a007-f7bd-4cac-b057-82b920a2253d", "value": "4f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba8449dd-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472938, "uuid": "c982039b-8d41-4ed3-8a5e-c416600ad25b", "comment": "Malware payload (Mirai)", "value": "00bb1c0fc6fe1eecbafb593fc0f4d085", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472938, "uuid": "bfc4ec22-4b8a-413f-8282-dddaf7413658", "comment": "Malware payload (Mirai)", "value": "aa11b80842d078caaebab8a34d183abbd83d68e5e68d9aee885c534564c5cfc2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472938, "uuid": "c8020f94-03bf-4d8c-a664-1f11f85a20bf", "comment": "Malware payload (Mirai)", "value": "462d5a8e2d4ae075102412e4483aaaf33780d8ff", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472938, "uuid": "307c4177-297f-4841-a874-f731d257a6b9", "comment": "Malware payload (Mirai)", "value": "7c6d0984895221481361965f5a26bd901113dde2ff4f8d70a101626a56c9868b9d806f0ea681797c54977c3e081b6653", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472938, "uuid": "4fb84e33-7c04-4751-af12-b14ae4450ea1", "value": "T13F633A31BA760E1BC0C1987661E74B25B6F143CA26ECCA0A3DB10D9EFF71A446547AF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472938, "uuid": "07b5815b-38e6-41d6-8399-28d3b51c0429", "value": "1536:DYv6nCSadV5rgepRgXg+dXLKQSE/75aZvtIty5:DC60wBv5gE/V7E5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472938, "uuid": "1a509e33-bd6a-464b-86d1-f4e1f7e0d84a", "value": 67288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472938, "uuid": "cb40a68b-38db-4178-9f76-5c549fe1c74a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472938, "uuid": "c30dd48d-743b-49b7-b2ea-dac4b0c99194", "value": "00bb1c0fc6fe1eecbafb593fc0f4d085", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c5ae646-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679508052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508052, "uuid": "61015b97-4ae2-4cf7-bd0c-3e73739184a7", "comment": "Malware payload (Amadey)", "value": "492782f21aa42df5d6d2b7539925cec3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508052, "uuid": "a6f8b323-04c5-4b3a-97da-dc2bdf9a605a", "comment": "Malware payload (Amadey)", "value": "aaaff5c19dee1617fec4dd0815fb8568f95e8cbb2a8e12aac679439b76efaf7a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508052, "uuid": "8512e581-d527-446a-b873-9fcdf7da5704", "comment": "Malware payload (Amadey)", "value": "cf510bbacbc4fce89dd8e96545ed8a1544cb4cdf", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508052, "uuid": "0a40e776-e3bc-44bd-9bc5-ae56627b4b45", "comment": "Malware payload (Amadey)", "value": "9a59971fb21f315a0c3e6b0ade678008b79259b83a21c785bc1ee3fa3f7ac9b01c69a4b5d3ab15d6532e53a73137b3b1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508052, "uuid": "8395fdbe-ef77-476a-9344-33f562c80583", "value": "T150252343D6ED8072E8B137F01EF216D30E36FDA05978A74A3751B85A1C73984B93876A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508052, "uuid": "e03c0fd2-9842-4cc6-9b7f-aaa032069a4e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508052, "uuid": "67b0e8f5-4c82-4087-91e8-f9e39678c09c", "value": "12288:4Mr+y90IfmwNOh/eILUeJtPF6b9bEy5ic2e7rUnJGUtdVm7ArKpU5w4QMFFW8x/u:myiws5vCzL29XtrPu4QMFpUL33", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508052, "uuid": "54d99879-8291-4625-9e56-f481ddc703d8", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508052, "uuid": "0e4624a0-0484-4422-b337-23bb4729d030", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508052, "uuid": "74dedf66-661e-4e83-8a00-25f458dbfd23", "value": "492782f21aa42df5d6d2b7539925cec3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d202d8a1-c8c5-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679498747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679498747, "uuid": "2049ef21-e5e5-4815-a02b-547f893c1751", "comment": "Malware payload (RedLineStealer)", "value": "a9ead7bcf6d275e2ab23e2b662b0ec7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679498747, "uuid": "eeac4fda-bdd2-4681-8dd7-c33669277631", "comment": "Malware payload (RedLineStealer)", "value": "ab1e80d3d72e9c8a9efdf80e953f8f5238a763c2fd24b2a7d2147ec335cc55e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679498747, "uuid": "a0753163-e41b-4cc0-9068-0609b90829e4", "comment": "Malware payload (RedLineStealer)", "value": "a2e4e915fcd183790f12314606d195786319972c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679498747, "uuid": "69739e67-0c56-41b6-bc26-2e42c68ccc0c", "comment": "Malware payload (RedLineStealer)", "value": "c2c75521e573f299a08ecb009d4a7a48434adb3230cfd253b74963535ce2b6a8eb0ef2fcb2a04a1b4285d378fc6679d4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679498747, "uuid": "81a2727d-727d-4da5-a59d-fa1665d6b0fa", "value": "T15D252351A2D94032DDB667B018FA07C31B71BDA199B8476F33469C4B2CB3AD5A43273E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679498747, "uuid": "9860b855-5a30-42bb-a52d-aef157455bb0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679498747, "uuid": "d1b6cba6-1fd5-450c-8da1-e026da8d8bcf", "value": "24576:MyrnHrHVAAL2JgK45LNKj99fmAsupwiTH3hJ/HaTCF:7D5AAL2GK4pNQPsYTXP/H9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679498747, "uuid": "12b45356-8965-46e0-ae41-f1aeb8f327ef", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679498747, "uuid": "66ca25c5-1c53-460c-adc2-1df9c78011fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679498747, "uuid": "ad2f8728-ff31-4bb2-9638-1f1e6df14148", "value": "a9ead7bcf6d275e2ab23e2b662b0ec7b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "389a63a7-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679511804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511804, "uuid": "0cde9ea1-e633-479a-9523-d5dd638f737f", "comment": "Malware payload (AsyncRAT)", "value": "f6bcf841be92d6f3dd70342ac47d7656", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511804, "uuid": "fecdf29e-aa3f-48b1-9102-d1ca894174f0", "comment": "Malware payload (AsyncRAT)", "value": "ac9b68f6b0036e76adad58e6d1fd4c2d043e9ef53ac516ca38945bdfa3283312", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511804, "uuid": "5443b5ce-1fbd-4674-8c87-a7b43dea376d", "comment": "Malware payload (AsyncRAT)", "value": "8c45f916b43b3f689f290a3a340432d06c10e317", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511804, "uuid": "1aeabed5-91e7-40a9-a35a-04d4cdf2a925", "comment": "Malware payload (AsyncRAT)", "value": "922a4f15f3c95c415cd1f17d8f7c657dca48a75dd80db271b03bb1bc883f45f245eac3cee9ea438ced6200933e12d367", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511804, "uuid": "7143dc70-3b41-4742-ac48-7a44d403e172", "value": "T10A935927BE675E52CD2808647E6B082EDD7435AB1BE184F5EC9287E12CD914E3DC6CB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511804, "uuid": "97c87c48-fe9f-46b2-875b-7b31b0f5a3fd", "value": "1536:xkkkkkkkkkkk+kkkkkkkkkkk4Wkkkkkkkkkkkekkkkkkkkkkk6kkkkkkkkkkk56O:xkkkkkkkkkkk+kkkkkkkkkkkrkkkkkk0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511804, "uuid": "c3dcd29d-e233-4e3e-8850-3f2d07c840f4", "value": 94589, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511804, "uuid": "19a1b3ff-e5c5-4a52-b421-fdb5bfd7426c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511804, "uuid": "c5078dc2-6796-4f59-9da1-850e83a9f51c", "value": "DHCCI202851.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4968329-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679467828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467828, "uuid": "8cbf4e20-a5cd-4532-b830-a51ffd6ec41c", "comment": "Malware payload (RedLineStealer)", "value": "6491daa598209714730edb9da73b62aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467828, "uuid": "bd8c0958-42ef-488c-8b65-5e9fa4a92265", "comment": "Malware payload (RedLineStealer)", "value": "ada0daf8bbbe642128e08007e38829907a160dd703fff0bf27c3839b60a888b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467828, "uuid": "5b120fb5-640c-4e5f-822b-1d4f91695e37", "comment": "Malware payload (RedLineStealer)", "value": "f22f17aff74672797ba269b5ada8f9cee589ef2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467828, "uuid": "dc625f75-cd21-4915-98e3-f483685246d7", "comment": "Malware payload (RedLineStealer)", "value": "c345b96cc42c8ec808f2bfb875101a68c9063e40861ed62d6cc421fe681a66a8bbaf477578543117e5a71d59a6770b44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467828, "uuid": "6f723e9b-b051-417f-9205-a619c7b18a8c", "value": "T18E152306EAC9A023ECA967744DF503D70F35BDA158B4832A2B267D1A0D73544E932B7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467828, "uuid": "4286c3d0-042a-44db-84b9-91f9b1c63d15", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467828, "uuid": "49933338-9375-4b81-b06a-b4feb3a3578e", "value": "12288:QMrvy90OkEK4Jc5lWoWU2ZZqOKlzAXDJsqQgQ/DSoOYWznXtAIyGfKv/R4sHB3Y5:vy7pB0DWLZ8k6WqeoH/i2pY4KzJB41K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467828, "uuid": "a98faef1-71e7-4d64-bd8b-7fc9965af47a", "value": 928768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467828, "uuid": "bd1f8cdd-61f8-4f1f-8de4-c7622e42ab36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467828, "uuid": "eda74e5f-8f46-47e5-a23a-bd88b13de140", "value": "6491daa598209714730edb9da73b62aa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dc8959f-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472809, "uuid": "a5fc27eb-7245-4fa9-89ee-7e10b8064e22", "comment": "Malware payload (Mirai)", "value": "ab05e1425b067af1d00d8bced2ec3c96", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472809, "uuid": "0aaa6ba7-45d1-4760-b3e2-239d9c2464db", "comment": "Malware payload (Mirai)", "value": "adbf486336dca130204104a39fbebf979a0f9986e8475f1391de4e27ab574777", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472809, "uuid": "78c66675-336b-4253-96bf-5c27cedfcd84", "comment": "Malware payload (Mirai)", "value": "1846a5d9d267e07e35724cf1f5b60fb9114f2d49", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472809, "uuid": "dbf253bf-2041-4855-b066-9075f55774ae", "comment": "Malware payload (Mirai)", "value": "4c87cd7967b5306d88d07d03b7e5dcb91e47d9aec1e2c65298416173ea9ad5504ece4e2b364cb2b3c518ffebe0c9b9ec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472809, "uuid": "1a33ea0c-dc1a-45fe-86ea-ed42aea4e087", "value": "T1C0731882BC81EA16C7C01777F96F108E3311A7D8E1EA32469D255FA07B8AC1F0D6B756", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472809, "uuid": "0a6b3994-604d-4181-b973-4f69750bb594", "value": "1536:BwyXK8Nt2JUQo76pcZ8VoHswNjHNV8t46sv/cHJBz6:BwuK83x6KZR9B784Lv/SJR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472809, "uuid": "30794d23-6c71-40ad-ab51-975f29f78958", "value": 78896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472809, "uuid": "760a4efd-99d5-435d-bd82-69b76659dcf7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472809, "uuid": "59539fe7-0855-4c24-93eb-735a45211deb", "value": "ab05e1425b067af1d00d8bced2ec3c96", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5824ba30-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500690, "uuid": "b84a777f-8dc1-4d5e-b6a8-61b8503b5a1c", "comment": "Malware payload (SnakeKeylogger)", "value": "8aacae5a51a2ac27f66880c442b3fa9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500690, "uuid": "51140733-6001-4d1d-b7f6-f8c0a650db54", "comment": "Malware payload (SnakeKeylogger)", "value": "ae06f16315bf567f7ca9539d13a3742d06aefedb553863936ba56a4efd2b4aed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500690, "uuid": "c7659f72-aea2-4511-8269-64963f67b474", "comment": "Malware payload (SnakeKeylogger)", "value": "774e620234cc6a004b41d71a1c0092dab6a146e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500690, "uuid": "a65b63b6-9035-43dc-9efb-fa4ccd51c98e", "comment": "Malware payload (SnakeKeylogger)", "value": "0c879e1d40c92e04a06e715ed72c22911c86b1a262af92e9784e21ca8ccd1acaf1f2cdf21d114963949aacb6e75d8db3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500690, "uuid": "e341ae71-ae58-42dd-82ba-99a4b81d94d1", "value": "T13B341230E6F0D1A3D6A213311FB367771EF6E62171AA260B2760436E39375D2D52E722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500690, "uuid": "396c723a-2d1d-4a68-8ced-9e7f833e5d66", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500690, "uuid": "913242ab-fb5f-462e-ad11-db43357496e0", "value": "6144:ZYa6QXkIlSUiSQbZcWxhwadT7sM7aH9Vi3HdhFdr:ZYCkIgUVCKWx6ah7DaH9Q39hr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500690, "uuid": "300611e3-8439-4b6d-9ada-8ef72cb7ee73", "value": 236608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500690, "uuid": "d941f1f2-f444-49d5-ba49-55ca552b1e6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500690, "uuid": "03a6a69f-b8de-4070-a53f-730896b36cf1", "value": "98654345678.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ea98642-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500567, "uuid": "bff17e45-394c-46b7-8bdf-d10937c46fe6", "comment": "Malware payload (SnakeKeylogger)", "value": "b88d7af5995cdcb6d9c8f0b6c634c1c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500567, "uuid": "425a4ea8-94c3-4de9-95e8-3af8d95eecd0", "comment": "Malware payload (SnakeKeylogger)", "value": "ae6b298cc88d9741e1a6fa8032f1d759a41d2aa63992edcea5056719a1aa7ead", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500567, "uuid": "33e67497-a84a-4d53-bd94-141b6fefaf10", "comment": "Malware payload (SnakeKeylogger)", "value": "6d775460150657cefc715f49283bb6c4eeef0a1f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500567, "uuid": "f83fbcca-a195-4ae6-ac71-3b63b0d97428", "comment": "Malware payload (SnakeKeylogger)", "value": "a847968b5fa60a80b79092b3a7f5a85cbb9a1a1bef5f18563e6cecd0f0627fc27c5dcece9a6c72b1194cdffa4fbde338", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500567, "uuid": "028cac72-b50d-4461-a63c-e6802b45d9a9", "value": "T1923402E07EA1C85BD8E78A710C3ACBA657A5BD2A14E4824F27907F1F7432253991F316", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500567, "uuid": "54722b7f-0f73-42f1-8954-e3475d2167eb", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500567, "uuid": "80728886-ad21-4973-80e3-a1a937206a13", "value": "6144:KYa6xnzwTEdQyrFPwOcI4AmaG1Y8q9/aJ:KYHcTpQFP9chAmP+P9/a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500567, "uuid": "a31df2ce-3cc8-4ebf-a59e-2d7a6ad47736", "value": 248663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500567, "uuid": "6ea53f1c-680c-40bd-a4ef-3d1f729bf85b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500567, "uuid": "09c6ccfd-8847-4b25-b5fa-a86d56e7dbd7", "value": "PO_030523.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a107e5be-c8d6-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679505966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505966, "uuid": "3ec92fbb-1da0-4358-a192-64a14165f8df", "comment": "Malware payload (AgentTesla)", "value": "047f4584d2662d20bbb4c7b48cb1523a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505966, "uuid": "e9586ad6-4b7c-4eb4-aead-48ddbc07c447", "comment": "Malware payload (AgentTesla)", "value": "afea34e46effbcdb07cb6d420111311cbcd0038b5e1c5c8329201675cb59de34", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505966, "uuid": "f872bd71-7c90-45ea-8871-2c7ebb567c41", "comment": "Malware payload (AgentTesla)", "value": "bf33f11b7b62f4c3a399e21d4dbe7bc6c6844235", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505966, "uuid": "7f091d26-7200-47de-bfbc-026870336688", "comment": "Malware payload (AgentTesla)", "value": "a5a940654c7faa535fd4bd9556bf094d130faef2c16351f7175fc11b40554f10853e58caa51cca79d603e6b226095756", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505966, "uuid": "7625e314-5130-4089-a223-890428c92eb6", "value": "T10A1502173BA95B02C1B89BFC54B691805376BF6E2257FB4C2ED230CE1637758C992A43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505966, "uuid": "563ead8e-7361-4fe2-82e7-93fe5b16772a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505966, "uuid": "f620d568-3164-4cd4-b6db-c22d0e4a6eeb", "value": "12288:+c1JUg6hjirFS3POkppesgwJ3TTSqYO++cofCBJ4w5SJYFCNfuXSOX7xzl06/Tgc:VxS/bpUHwJ3iqYO67nJFulO1l06MF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505966, "uuid": "3f0b5b9d-f719-4512-80a2-a4b71264ccc8", "value": 931840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505966, "uuid": "d83a287d-8ac3-4ab6-8cbd-45203a069175", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505966, "uuid": "6ac6fb6c-8cd8-4a26-9b02-ca715bc0588e", "value": "047f4584d2662d20bbb4c7b48cb1523a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fd909df-c89a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stealc)", "timestamp": 1679480141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480141, "uuid": "a3319b75-d779-4cf5-b47d-9fa58169923e", "comment": "Malware payload (Stealc)", "value": "763c3550f4e0a97baa4ebd6fc8c61996", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480141, "uuid": "6fc060fd-ad6f-4765-87f1-d0a5ab9554da", "comment": "Malware payload (Stealc)", "value": "b020c34a3b2b4bc4fbfa0ac4d3ca97283e2fdce71f737e1103bd638ed8f6647a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480141, "uuid": "dcf7a1d5-35ca-491b-b7f4-0789d7b95fa6", "comment": "Malware payload (Stealc)", "value": "6bd5ad845b130d2e4ae6b8acc08d9d782cf1276a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480141, "uuid": "c015a4fe-d828-43bb-9a39-f65e607264c0", "comment": "Malware payload (Stealc)", "value": "283a838c10f3693bf9aa0576bd4886a2f23e4d98cecccace44090b3aad14e74914d4e8c76e2c9fcca3c61bf35f724ebc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480141, "uuid": "d441cbc9-b071-4584-ab25-c92533071060", "value": "T1C0746DC253E06C60E5124732BE2FCBF82A2EBC619E557B6E23596E3F09701A3D153719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480141, "uuid": "ae8d9fc5-dcba-4435-9141-6d5cbf01933d", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480141, "uuid": "399224dd-620b-4165-87d9-cee6a65b7d66", "value": "3072:a9pgleMk/6KojuaEN9MEJApzAJ6EhzgLBSpVF8YdyTc5x/cMlFSvgwn0JV:iZ6VSyaJ6EBgLAVFe4f/ckSv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480141, "uuid": "acfd5626-e74c-4a48-ada9-cf4ccd72cb57", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480141, "uuid": "2f2a3fef-ec83-4aef-aa7d-6bb1fbac245b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480141, "uuid": "a568dc4f-ca01-43a0-a685-0345a40bf52e", "value": "763c3550f4e0a97baa4ebd6fc8c61996", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34e85989-c8ce-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679502349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502349, "uuid": "f9cd32e0-25d3-44a1-a9f8-a7da7939cdf1", "comment": "Malware payload (RedLineStealer)", "value": "0b606198b58f6e0a9b7bbec610e44b2f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502349, "uuid": "fb39c77a-9079-4f45-857e-408c61223e57", "comment": "Malware payload (RedLineStealer)", "value": "b081db709288a6c01c9b05907d2b724f87b0efcc8c1567819639e9006861e405", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502349, "uuid": "4222d167-98cf-4e9f-a805-b05447aab16d", "comment": "Malware payload (RedLineStealer)", "value": "1d09e2ee9ffab0c4c16f64c70e2560c9b2d513b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502349, "uuid": "1b963665-31aa-4477-af95-2e72224bf5e1", "comment": "Malware payload (RedLineStealer)", "value": "4b837076792ea6facc0c9c8c1c5ebbb1cea56d0d1fbeb3850fc7a57256b4b3a8d59a9c979e5803d9495dc1bb85d67e0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502349, "uuid": "aed4b169-766b-4eb8-aedb-f44d7a1fd937", "value": "T148252352BFE88032D9657BB018FB03971436FC405E36AB6B165A586B2CB3294753237F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502349, "uuid": "40071fa2-ca91-4a0f-b9fa-2d8bedee5ab9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502349, "uuid": "84b2868f-1ddb-47e8-a13b-14ca5009b5c0", "value": "24576:/yhc8DjYa22lrc2SeR8IH9fVWuAmR3XlxX:KvjYad7ZR9HaeXl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679502349, "uuid": "69279e20-f218-489a-a4cd-069757f2d9bc", "value": 1030144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679502349, "uuid": "e2cd8a0e-71d2-4893-92dc-1d94c87bb6e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502349, "uuid": "b35c58dc-8024-408d-8120-41ed7f027fad", "value": "0b606198b58f6e0a9b7bbec610e44b2f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "742648dc-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Phorpiex)", "timestamp": 1679511904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511904, "uuid": "170d0e91-71a4-4186-813f-2767d990586e", "comment": "Malware payload (Phorpiex)", "value": "1e574d0ba2e8033d03424486abc62a3d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511904, "uuid": "0c4d106a-b09c-4f1a-afd7-68e378d0ba6d", "comment": "Malware payload (Phorpiex)", "value": "b09663d3fd327fb84cb3aa1ffef1f57916cf1ac0f4c7cc18c6e27ae052e7c5ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511904, "uuid": "6407f9e2-d21d-4bdb-96f9-62da774ea77f", "comment": "Malware payload (Phorpiex)", "value": "356a63fce573a44c03b2e5ac026e35b1f04f75b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511904, "uuid": "1608351a-0a4f-4899-bdbd-9191be96907f", "comment": "Malware payload (Phorpiex)", "value": "a570056ff6897863c0a0910118d9e893f0394d7e40de482a1f63d446b68b0f2afc46939151c17e786999b65b4c371e7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phorpiex", "colour": "#C56AA2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511904, "uuid": "cfb90d37-de06-4cde-b9f2-06ceaecc888d", "value": "T1E3731810F6D0D136F4F380FFE2FB01AA592CAFB4534698E752D5689F9B209D1A932463", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511904, "uuid": "63bc8c85-98c8-4fa9-a32f-f22e2c5b3ba8", "value": "2ffdf0a1519d1adada787fd4df5a5fec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511904, "uuid": "ea046922-3fcc-4f6d-b3fb-c2caff1f317a", "value": "1536:w3Mz8A02sxcLhBCIb1SKwrIWvE3pCoSQMpfFmeeeeeeeeWeeeee:7wApLhBCIb05rIz5qQMpfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511904, "uuid": "29023b93-c5d4-4ed3-adc4-5b863628169e", "value": 76800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511904, "uuid": "211947cb-169b-4ebc-9785-bcf6f09a7d7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511904, "uuid": "18d3246d-cd61-4f83-9daf-181db0b2718b", "value": "1e574d0ba2e8033d03424486abc62a3d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64fcf31f-c8df-11ed-88f6-42010a9c006e", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1679509731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509731, "uuid": "e245016f-6e20-4b6f-acd9-d70906619e19", "comment": "Malware payload (Adware.Neoreklami)", "value": "2b94eef46142cf08da81bc25c62a4187", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509731, "uuid": "11baa4a2-3cee-4579-b8c9-1c1496cebad9", "comment": "Malware payload (Adware.Neoreklami)", "value": "b0a939a62109bf92a1768ee65443a0936e0f401a00b87f29ee66203b082726c4", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509731, "uuid": "2833a342-8da4-45f2-96a9-e8a5e068d95e", "comment": "Malware payload (Adware.Neoreklami)", "value": "e7157e8268ef6526480352d13d6e72b9707c349c", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679509731, "uuid": "787c18b7-eb60-4b52-90ca-3c719bb3023f", "comment": "Malware payload (Adware.Neoreklami)", "value": "d8f669603230e629ca5cef0707d4f84c1ccab1b759829fe2be50589397b21b71c104038638a414a5b858f86b89487fb4", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509731, "uuid": "e78a4762-9908-46dc-bfe4-061e0dd4be41", "value": "T1A47633AB7BD589B6E403D63186D6B744A1F1E309CF5109AF5BC8A85CBEEEB405434C2C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509731, "uuid": "c85279a4-7d3e-4d71-8096-cb5e434a3998", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509731, "uuid": "0c67c7fa-63b3-4603-81ae-8a9b133b3e71", "value": "196608:91OS7vjLmRQ4EvN6gxo8RCKJjjg/MlHaD4qs/uTl+FH:3O0vjmqogx7CELlHa9sj1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679509731, "uuid": "a963a42a-be20-4c58-95db-faf3510521ce", "value": 7599380, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679509731, "uuid": "068c85d1-099f-478f-9c44-303063a7c32d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679509731, "uuid": "86fb5bf3-0b6f-4eb8-a8fe-c3c975cd80dc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0af9e60a-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679500990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500990, "uuid": "638cffc6-1118-4359-8388-96adf61154db", "comment": "Malware payload (RecordBreaker)", "value": "7f824bae00b691911713124c17659b7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500990, "uuid": "162bd9e3-db44-4155-8979-7525fa92a629", "comment": "Malware payload (RecordBreaker)", "value": "b10877ced7ffeeb08b622256fa794208d62e92a02005a45bbbc6823ec4fff40f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500990, "uuid": "7f2259eb-8153-44ce-9c5f-7b5446519ac7", "comment": "Malware payload (RecordBreaker)", "value": "be8cd878a2d5faf15f83d78addf376cc6138f501", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500990, "uuid": "10dc3289-f594-435b-b193-991aa4ce7421", "comment": "Malware payload (RecordBreaker)", "value": "f6aa0a087cea4a62f5cea0cb85508748979b29fde0ab68a5f821e0d67ff1dced85f6e69ee70c07f42c9b2e839ae1ca0d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500990, "uuid": "a718c6b3-c3fd-4df4-88df-7d05fd4f194f", "value": "T170848D37FAD08437C1732A7D9C5B9B68AD29BE512D2824463BEC1E8C4F3D7927425293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500990, "uuid": "c87553c3-e2aa-4b23-88ac-d012ee288e03", "value": "bb01e27ed4be9aa6364d00583f04f149", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500990, "uuid": "f5af8b20-6590-4a46-a0aa-0d557e9a1a40", "value": "6144:cLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXoCP:I+u9nx2GjMY3XKfd/H/9PXP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500990, "uuid": "f5c80fd4-47cf-4a28-bc7a-c24486230a20", "value": 407040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500990, "uuid": "c4cedc8b-64a2-4ecf-961f-9c56e9f6cc69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500990, "uuid": "1fbdf404-c2c1-432d-98fa-95a02d70ca68", "value": "7f824bae00b691911713124c17659b7b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43b7a2c6-c895-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679477893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477893, "uuid": "df304d4a-5f62-4c3f-9fba-bf7d17c76ecf", "comment": "Malware payload (zgRAT)", "value": "5daf0d24bc4e8ed167d9a1b11e862d23", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477893, "uuid": "dda85bd5-2647-42af-8346-a4a0ab17806f", "comment": "Malware payload (zgRAT)", "value": "b153cca3bac87165e94ba9851a895ee316e0b9876795c1216388715a01b45674", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477893, "uuid": "361ebca4-5a4a-4e0a-a593-845a482e6a40", "comment": "Malware payload (zgRAT)", "value": "5b5067b3ac8fc0ff1efc40adb7b4aabbdeb32dcc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477893, "uuid": "df6840f2-ec47-4877-96cb-87077ba600d3", "comment": "Malware payload (zgRAT)", "value": "ce14263306b6e4ddc74f4b0df6936e56f88e300cb054ba47e414bb1a16c04b7f5e8ac70c15a74a3990cd1be67540500e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477893, "uuid": "73a82238-4d7b-4499-a3a8-f7335b3c8cdf", "value": "T19815F15D7251F6AFC41BDD76C9982C20A761B16B431BE347604315ED9E0EBEACF022E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477893, "uuid": "f2ee7775-921e-4a7b-bc66-8d42961f4c6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477893, "uuid": "50776eaf-dfc6-4d48-ac91-2e9d234689f6", "value": "12288:b6wuUNFqjZpKGUr6cnbAk6tVYgHPhiedTtvonvbq1cXln57j9ZbFGmOAiHGd:8tjZMfNbA3LYeM+TtvoDqOXFF3b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679477893, "uuid": "c4b92ff2-8bb3-443d-9337-1f029ed3d3f6", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679477893, "uuid": "658fc4a4-23cb-466e-b7dc-6cc6ee83aa84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477893, "uuid": "cfffeea2-ae93-4399-af1e-e339b72b4fe8", "value": "Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37ffa298-c909-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679527694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527694, "uuid": "fe2e49e0-6b60-42c3-bd1e-9bb8b7c6a9dc", "comment": "Malware payload", "value": "94182aa5ba83eeeef09bf73b8e117c17", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527694, "uuid": "8d09d746-6023-4593-a01d-f27d90aa74eb", "comment": "Malware payload", "value": "b19fec54a702dacb91010beb2da912d77d354e3ab01304517dc200dc776ccc60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527694, "uuid": "e5202f71-b473-4a80-bdd7-8bb0307e90da", "comment": "Malware payload", "value": "b17a43fdc5f7f9843d0639d660ea8aa7bdf54c30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679527694, "uuid": "b333f3b6-ea4a-45c1-b64d-f078c180a507", "comment": "Malware payload", "value": "1615e087ef26d718058f4c4c89ed1889c494b7cf8d3cdad4e0ce4ba9b62e39be98e2c3e39752a2bfaf3be75f2addec02", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527694, "uuid": "d8bcf37a-6e9d-4bfb-97b5-474ebb301494", "value": "T1C4847D0252E36C61EF2347728E2EC7F82A5EB8605E6B7B5E135DAA3F0D701B1D562701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527694, "uuid": "08061564-c72d-440f-b0d1-cb000e0db64e", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527694, "uuid": "fd770668-45cf-400f-bd49-27da065c894a", "value": "3072:yiwp8xVPxZ54xzsbVoRnCEIOjD0Ju7w6YyMlS/My5OcYTYQvKavmxHMa:jxTZwzsJ8CEcu7w64SfYvCavmC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679527694, "uuid": "1e812236-9e36-4cce-922f-444716821ffb", "value": 397312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679527694, "uuid": "b4d8dfbd-c345-4daa-a7c8-e342d0bb880d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679527694, "uuid": "e4a76237-8aa2-4a4f-a839-3dfc9b6cf366", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5bfe5ac-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472930, "uuid": "eb2b7283-825d-4ca1-b2e7-b1d9ea9999ba", "comment": "Malware payload (Mirai)", "value": "407989dcbca642f5dcb6f2a4a41b868f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472930, "uuid": "cf22a817-f783-4a29-ad06-7b1b8e748259", "comment": "Malware payload (Mirai)", "value": "b1f8173ae201f812e22095c89422d609afe0ad6a23163419711a2d3b6590dbfb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472930, "uuid": "00258e7c-65a9-4f3e-ac25-7d3a1604803e", "comment": "Malware payload (Mirai)", "value": "4a9d3e069fda5e37dc908bd607fc076351364361", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472930, "uuid": "e84ed60d-9adc-45d8-9a88-32859be3dc9e", "comment": "Malware payload (Mirai)", "value": "3b9fc4980f5659b8d93a8a9cc4022fa879bec4efc67bafa16924c7bb9bbbea2434ccbfe07055b3ce201ff6bb5a800d8e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472930, "uuid": "5986461e-a0c5-4836-bc27-0f8be3fe4b3c", "value": "T12373F885F4CB41F9C507493461ABF33FCE32E97A807067ADEF9A9F22DA37641511224A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472930, "uuid": "803722a6-de8f-4cee-967f-0245ccd469b7", "value": "1536:2NCP5tA9LI+6Loe9dvsZivwJyWov+lnXcEwDbCOT:2UM9U+6Lf9CZzysXcVbf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472930, "uuid": "0b9826d6-9c07-4d9a-894e-1d61199fe7ae", "value": 79632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472930, "uuid": "34943e18-b078-4dea-9184-526722379905", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472930, "uuid": "cc77b221-61a7-45c7-bc98-abaf7255fc9e", "value": "407989dcbca642f5dcb6f2a4a41b868f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17d90786-c8b7-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679492422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492422, "uuid": "d3dfff0f-eeac-4feb-ac4a-9a1dafb5253f", "comment": "Malware payload (AgentTesla)", "value": "bc8579d75cae5223ed53f34e037b2eaa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492422, "uuid": "d251baad-a0b6-4c81-acf8-32b774bdf272", "comment": "Malware payload (AgentTesla)", "value": "b240115fa9b02dd5ef8234198d48bb6c588c1337120fca9b5fb3849768ca955a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492422, "uuid": "918362fe-418e-438a-a890-c60dc38a351b", "comment": "Malware payload (AgentTesla)", "value": "0dbceda6c2f7f1e427ad6ef92e6c4a73d227f6a4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492422, "uuid": "09d72369-4214-4579-81b4-40aefcea4dec", "comment": "Malware payload (AgentTesla)", "value": "9923da0d85557b3894bf65bc1c24df9dbc951e170623d815a23f6ef3e720ebfb8f71b858c1e27d07bcc9b0a3cec97cc1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492422, "uuid": "4509d47f-2ab3-48ba-bb19-5848444eaabf", "value": "T12A15121633A55F52C5BC9BBD08B2A28013B97F3A3716EB4C2ED230CE593B74D8A51653", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492422, "uuid": "cd2eb269-d646-4431-8176-eeed8e3f122d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492422, "uuid": "0fba90d5-72d9-462c-b116-a2830ddb67f7", "value": "12288:ywvJU8zl06/TgTU42TYPuNGp6RvE7NU88rZHVnjb8AKRtOKpAiZQGmrVXSAfGPqt:vl06MF2iu8cRNJrznf8AKRB/ZdmrNT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492422, "uuid": "788ca8e0-e7b4-401e-b204-d9fcd5be8afb", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492422, "uuid": "797af79c-1100-42f3-838d-0270318a144d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492422, "uuid": "951130d2-74f1-4537-9dce-023f88ff79bc", "value": "Packing List Commercial Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "463b189e-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679511827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511827, "uuid": "32cbd8d6-8d44-4f3f-b7e5-3cd20195257d", "comment": "Malware payload (AsyncRAT)", "value": "c9d2d5758ea0bc1c82bf466b68fad4ee", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511827, "uuid": "b4348915-7de8-4ff0-894e-984ceeaf62bd", "comment": "Malware payload (AsyncRAT)", "value": "b2aab26d36c289c0922a8cde64767571c9fec6daa765caee23a9b2c1fe7c0b17", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511827, "uuid": "8d8363d8-9ec8-4c72-9938-cbb26d123af4", "comment": "Malware payload (AsyncRAT)", "value": "30daf976e08feb0ecbb6a10958d09a6e2da2bcf8", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511827, "uuid": "8ad7846f-cd71-4c63-8c35-83326f2f2d9f", "comment": "Malware payload (AsyncRAT)", "value": "cbbdfb5131feefdda061d5c2ab92d621cb6cbbd744fd9f8cdfb143869efcb0d376b9410ffae9a21de182a654ba3ed412", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511827, "uuid": "9e48725b-c127-4065-b328-9fd55981361f", "value": "T108C3141BEED7AC92EC2908521EFB082DED38292F51E454FA9C8553C86ED504D7EC9CB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511827, "uuid": "82f0a9cc-61af-4b4b-aa01-a43c99c90f6c", "value": "384:xXWXWXWXWXWXWXWXWXWXWXWXEXWXWXWXWXWXWXWXWXWXWXWX0XWXWXWXWXWXWXWZ:i/dNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511827, "uuid": "2b7c8838-5603-4017-bb4e-cdbae528d6b3", "value": 123561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511827, "uuid": "b08ed70d-014d-48ed-9506-a05173ea80b1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511827, "uuid": "cb5c0c14-1913-46f7-a714-a8ee3136603a", "value": "28-55-63-12.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc2b5acd-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679494845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494845, "uuid": "59a2d69a-c58e-4890-8c36-a89ac18efcba", "comment": "Malware payload (RedLineStealer)", "value": "88db3d069bfc9b5155593c0d2c1ac0e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494845, "uuid": "7ef6d212-42ad-436f-bb86-16d69822a4d3", "comment": "Malware payload (RedLineStealer)", "value": "b350cd0950e3e91de6999d408a6a1cbd1005cf123abc08d69b05c99328ce0421", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494845, "uuid": "f055aa56-2ed2-4e79-bd5a-6b5108d0835d", "comment": "Malware payload (RedLineStealer)", "value": "3b0c658d43f94e1d251eb536a448dc3019d8c369", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494845, "uuid": "ce5eda9d-3954-4406-852f-2d64a4668c87", "comment": "Malware payload (RedLineStealer)", "value": "9afc76246cd0fa84c0c78d0a445c73e937201db72028fb5afc4a4ba3562176ac3a5d2efb98ef3e9dbdc02c2862cdd708", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494845, "uuid": "eb83b15c-2d8d-40c6-9abd-c812fce0a318", "value": "T1E7C41213ABE54072D9B417705CFA03C31A7ABC629E78879B6785ED1B0CB3990A43573E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494845, "uuid": "c812e394-77fd-44b5-83ee-66188974cc30", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494845, "uuid": "f58fff85-fb4e-4580-a01e-02178442e611", "value": "12288:OMr4y90xYNla9VDlbtd6TaCY51IpuhjdU/ieV:yyRNla3vd6TajPIpajNeV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494845, "uuid": "1eaa33cb-ca12-4ff8-9570-e4bb595b99a6", "value": 549888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494845, "uuid": "af4b1ab0-8d81-4a79-bc6f-39d646a37df8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494845, "uuid": "2148ca6a-aafd-4894-a83f-41325d87c4f5", "value": "88db3d069bfc9b5155593c0d2c1ac0e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed08ad96-c878-11ed-88f6-42010a9c006e", "comment": "Malware payload (STRRAT)", "timestamp": 1679465721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465721, "uuid": "e7ea5b94-b799-4b2b-97d8-dbcd322c3aff", "comment": "Malware payload (STRRAT)", "value": "36086a4b5a65a11055a02bb582925eff", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465721, "uuid": "854aa661-cb40-4fe6-b12e-739ddc603d36", "comment": "Malware payload (STRRAT)", "value": "b369b834577480c54a798437952296d38f213e926fb52043500f1336260b9481", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465721, "uuid": "f0a1284f-a2c5-4827-9279-b27ecb635b25", "comment": "Malware payload (STRRAT)", "value": "1a699ef99a9fe3650b61917d5cccf94da20742ee", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465721, "uuid": "5976b846-5f24-4d30-a442-757a508ddcee", "comment": "Malware payload (STRRAT)", "value": "27ee8995923db73c1e8d9a839fea2db35d27d7be097619eb399f468cb0e6412d72c3f57c4f07341d5d942799e263e2db", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465721, "uuid": "1ecee7c4-667b-4eb7-a1cd-aa1b94ec95d7", "value": "T187749E59B8442A2587B81008CCFABAF787E8A70950D4D85FA6F66F4F7F2274841FB14D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465721, "uuid": "8af4939f-ac71-4713-bc27-01c7545e975e", "value": "6144:GQA7npOsnDfO4xY7cr+aVxQhADSP1eWs/j1gHRucNZv3O6EvLKz:NEH7ZaaVxQhAu4WsqR3v3XKe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679465721, "uuid": "ea09091b-b2c7-4012-a83a-75a7f6dd5c38", "value": 346859, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679465721, "uuid": "db67d9f5-3906-400f-ac19-1f87d9672e62", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465721, "uuid": "90f9b2fd-a986-424d-8ff0-ffe360f9a576", "value": "Payment Prove And Revised New Order PI.300611.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edce1796-c8c0-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679496646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496646, "uuid": "4a6e1a43-c5c9-4519-96e6-fcfa3dee88c9", "comment": "Malware payload (RedLineStealer)", "value": "2c24b89ea9d2a85f6b53a374f0357d29", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496646, "uuid": "add42a3d-8003-40bd-8740-57cd1e737e26", "comment": "Malware payload (RedLineStealer)", "value": "b4b46332e669a930a94e76c39c293c9c651383820124174c16578705e483f094", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496646, "uuid": "390a400d-845c-45b2-af32-5b7e589ebc1f", "comment": "Malware payload (RedLineStealer)", "value": "bbe5b00465d35fac6ac76d6f4d9d97a580d4ec23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496646, "uuid": "8176e0f5-ea29-47c6-a355-5aed04021ba6", "comment": "Malware payload (RedLineStealer)", "value": "4f21bdc8dedd76b8480ee2c22909decaca88e24357dfb50b321c95d0d97b327c97b7a360850fa75c201ab7504026fd8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496646, "uuid": "61a8727b-ccd1-4b6b-9cc3-4771beb9443f", "value": "T111C41216FBE45432D8B61BB088F70383063A7C626DB8536B2754A95B0C736C8A93577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496646, "uuid": "ec6d5d43-7a4d-4cb3-9150-086c869ad629", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496646, "uuid": "225f034d-23c0-44bc-91ab-154e081ce343", "value": "12288:EMr+y90oFdiPoZ+hRKvaAU4Yhj3bS7VlAC9Eh9OFYG:iyrqY+h8zjYhj3W73AqA9OFYG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496646, "uuid": "ee000173-3132-4a0e-bf44-14b9d11a2b88", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496646, "uuid": "562a422e-800c-473f-bfff-d427c6dbd95e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496646, "uuid": "6a3fb607-459c-483a-b498-db1dd4267fe7", "value": "2c24b89ea9d2a85f6b53a374f0357d29.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17693b49-c8d2-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679504017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504017, "uuid": "3a9f13e4-8eac-4013-9fb6-174bf785ff74", "comment": "Malware payload (RedLineStealer)", "value": "f0a2d9e0876b2de2d5f5b7936a299e9f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504017, "uuid": "7d21248a-a546-4101-8071-97bc9f5055cb", "comment": "Malware payload (RedLineStealer)", "value": "b58bb6c824428bcd5c0aa524de71455f92fb2d063eb94a86b74b99c39e151a0c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504017, "uuid": "255a4854-5f7d-4938-93f6-718e06754cb7", "comment": "Malware payload (RedLineStealer)", "value": "1b55b7a5c97e180d29dd884650ce7b54db1f2ab7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504017, "uuid": "cd42241e-c2ce-4e8f-84a9-3be00d95d682", "comment": "Malware payload (RedLineStealer)", "value": "53786f2883b40d241e3bfe566d24dddfd9988909ee4160ea38cd1206caabff660b7f55cc5889be1d38787657d5f14a41", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504017, "uuid": "8fa9bc7e-34eb-472e-a9c2-76cb5e8aa981", "value": "T1C2C49D0393D13D59E9364B739E2FC2E8B70DF671DE597B6932189A2B04B11B2C163B81", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504017, "uuid": "6db170b2-6914-42fe-b04f-93b4c2af571e", "value": "9c97db954c6eab8dfde4a4fd207d98cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504017, "uuid": "64d6d94e-c684-4262-9085-f3cf39174557", "value": "12288:e8WG7Smm7vPfLEzGljR+prwvpOXOJUzs+Qr:FwfozGlUmxO+JlD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679504017, "uuid": "29351526-e270-4078-a18d-84ce089b06a7", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679504017, "uuid": "c8daa8a8-8e93-4a8a-be40-29f843f5b08c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504017, "uuid": "6a81afbc-a21e-4953-a9f2-521dcd02fc3f", "value": "f0a2d9e0876b2de2d5f5b7936a299e9f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89ac069c-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679472856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472856, "uuid": "e6fdccc0-7439-428a-b102-71cad56e88ef", "comment": "Malware payload (Kaiji)", "value": "bc89db6524c44d6e92e174b04642abd9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472856, "uuid": "9b27f528-b7da-4f04-8812-75b31ffd9079", "comment": "Malware payload (Kaiji)", "value": "b5eca8baaf470281a3d8387b3f3536d2a741947ff9410ed4ac3f40477866874a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472856, "uuid": "1a2ab154-ca9d-4733-8a8f-2f00cc00f576", "comment": "Malware payload (Kaiji)", "value": "49d870c7be3c4f697e10de10c1a63f495584b3e7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472856, "uuid": "954a3cd0-a0b1-40a8-ae07-fda2e3960c2f", "comment": "Malware payload (Kaiji)", "value": "0d449c6f2bb5c22ed84166dc7444304a7bc4362a4e0c92fa6ce90797de9e07614fbbe290c07b2c185526d77c393d1acd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472856, "uuid": "7370de7d-8ee0-456e-9f5a-7f1fd819650e", "value": "T19A562913BE18D71EC62522345EB2CEA4672A1C8A86D6A517B345F309B8F10BC5D6FCF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472856, "uuid": "744b84a4-a41d-48c4-b0e0-2c9d73632a60", "value": "49152:vj2ikDKMeT6zKjTmB+dGpawj/mNGZWtaan757Hhu/BQ37A78dWLilulp73RbGog2:LuLiWBPf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472856, "uuid": "f6845526-166d-4fe7-a1a2-53b01d6921e4", "value": 5898240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472856, "uuid": "367a23b4-6b18-414d-b421-7c70c5b79d08", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472856, "uuid": "9e788ba2-d66d-45f8-8970-b93c662f6898", "value": "bc89db6524c44d6e92e174b04642abd9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3151d9f1-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516516, "uuid": "e3bdcb0c-1471-460b-8ecc-a7393f18d57d", "comment": "Malware payload", "value": "071e842a289c9c442ad80017240758f7", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516516, "uuid": "a3fe5239-629c-4877-a39c-bc470e22fcd5", "comment": "Malware payload", "value": "b602f1cca82a72c0b910529f83dcfdcdae76cf3a3b6d3408ef986b4fa3d27145", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516516, "uuid": "765a3845-c69e-4e3b-9460-4cf32ed1aebc", "comment": "Malware payload", "value": "2345bb4cd25b0970e71a6be96be5866c4909be93", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516516, "uuid": "8dfc22c3-61d4-4f26-bde6-00f57541c74a", "comment": "Malware payload", "value": "ff287c0be3c107b2533407e813da5c96bc1c713889c58c896588b989ebb166951366a25d11ca5ab59368cc764f80fa91", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516516, "uuid": "b094f137-8c07-4aeb-8521-7c1bf65bd32d", "value": "T167136A566BF10432F5B30A31A97448AADFBEBC226477D4AFCB800E5D15B0916CA3D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516516, "uuid": "70088063-ac91-4583-84aa-85484eace11b", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516516, "uuid": "6a3e35b6-a1b7-43f5-8f53-8929e21b1d98", "value": "768:e8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1GwQiwBeT:R/6A0q5HDR4oWBx3xrBx41z8QcAHi+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516516, "uuid": "ad9ae8bc-63bc-4167-87f2-09a9f14e8730", "value": 42496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516516, "uuid": "0285cb76-bd67-4851-ab4e-5ef53705a120", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516516, "uuid": "311510ab-2a36-4c16-9b9a-a2dd0766dfbe", "value": "2023-03-22_071e842a289c9c442ad80017240758f7_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebd52dd7-c8e7-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679513393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513393, "uuid": "273fb060-be9b-4719-983a-824dcda09255", "comment": "Malware payload (AgentTesla)", "value": "457989b1ec782559b83fe4e1e71a623c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513393, "uuid": "8b8e8574-2a6c-4315-9c26-7c6afff415ea", "comment": "Malware payload (AgentTesla)", "value": "b6567f8e657603d4cd5b53d13a603a609a97bc32726757bfb88d805fdfeb4e1a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513393, "uuid": "1ee2ed3b-c81a-459e-85b8-6fe95212ea57", "comment": "Malware payload (AgentTesla)", "value": "64d31b445f45d533bf8077d1d6b4982efd08a34f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513393, "uuid": "60561f90-94a9-414b-aec1-e0575dadc9d3", "comment": "Malware payload (AgentTesla)", "value": "77b0e700c7ae9d27904a30e6f0aa32ebe768b80822d423048bd62be4a040ed75deebb1d0200b7e5fd61c267364e30901", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513393, "uuid": "d084e49a-8348-4ba3-8131-87396de1accd", "value": "T198154A41EFAA6460F11144BA216B7D5FCD51A88D98EDFB6E150FEF31F5E22091C82E32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513393, "uuid": "9d655787-ad0c-44c9-ae97-b06ad7a7713d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513393, "uuid": "6a773589-ce6b-4a11-9d74-46afbd8a37a9", "value": "24576:1O9QKz4bqudpiuwXfEi3DQNqXaOwoMBbcb:1yzcqS5wvxQ0woMBY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679513393, "uuid": "16062d97-1353-4794-9dee-33da66306f4f", "value": 950272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679513393, "uuid": "99e80805-4de5-4825-b603-e5b88ae2fb60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513393, "uuid": "b448cf38-e1ba-44ec-92e6-f9e06f393693", "value": "SecuriteInfo.com.Win32.TrojanX-gen.20490.11518", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d2343bd-c901-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679524267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679524267, "uuid": "d4aa5d94-33ce-46f3-b21f-26d247a2c7b3", "comment": "Malware payload (RedLineStealer)", "value": "032d8f1caecf3c0fbc5042cc58f01cc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679524267, "uuid": "cc1121d1-a9ad-4475-814e-110f33996130", "comment": "Malware payload (RedLineStealer)", "value": "b6968227413ec29f05f304db416a61a4e33aad4c9eaada0d3eaf906b8beb1ad4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679524267, "uuid": "b79be41e-9d1b-41db-bdd4-7ebe8a76c4f5", "comment": "Malware payload (RedLineStealer)", "value": "7f7313f9ac10f6518a5b4dc5e517c008094d6d3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679524267, "uuid": "347b0d28-c2ef-4e8f-abe5-ade7da91d071", "comment": "Malware payload (RedLineStealer)", "value": "39903d70bb62cde0fe749f68ff3b0b11090047c9239155c0fa5d8dc07985e35058772585417cb04c1a553ab452dc6920", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679524267, "uuid": "70d12943-490b-49d9-8d15-15e5ea315ec5", "value": "T135A35D3067AC9F19EAFD1B74B4B2012043F0E48A9091FB4B4DC154E61FA7B866957EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679524267, "uuid": "817758be-25ce-414c-aa2a-65afede60ef2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679524267, "uuid": "d16eee82-0202-4686-8fd2-25e8f19fb051", "value": "1536:9qsCXqrzWBlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2ltmulgS6pY:rIgzWHY3+zi0ZbYe1g0ujyzddY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679524267, "uuid": "d9de7e9f-ebe8-4caa-96f2-40fe59fccf08", "value": 97792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679524267, "uuid": "c1462560-ebc1-4df6-ae77-86f1cfc16044", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679524267, "uuid": "e37a1890-6eb2-42ee-815e-de95dcff52d4", "value": "032d8f1caecf3c0fbc5042cc58f01cc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfb6622b-c851-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448922, "uuid": "3a5abf53-0444-462a-9adc-59930b036ca3", "comment": "Malware payload (Rhadamanthys)", "value": "9e4331b496f6a4f1aa89055fb535aabe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448922, "uuid": "7a953960-0d9f-42f3-8687-4ad99f04fb81", "comment": "Malware payload (Rhadamanthys)", "value": "b6fb589ad00fe12ff513ce95b756326ff3f0039fdfe29a27ec48f5b6b14e4ec9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448922, "uuid": "8af33c78-c4bb-49a0-855b-37943f29a528", "comment": "Malware payload (Rhadamanthys)", "value": "8d37c6bf63e55d379f68e4e2a6581701a1367bb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448922, "uuid": "ae767dd6-41d5-4ee2-be13-f8dbd07702b0", "comment": "Malware payload (Rhadamanthys)", "value": "1e0cf1269c69037acc29ca5c590a3145eb2f3f0029c782d49c30ab3c1e7e684f0295d925a49d8ea475182f609f72203e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448922, "uuid": "137a7703-7f91-4def-8bc4-1904844068a2", "value": "T12684084383A23D54EA258B73AF1FD6F8B60DB2708E493B6532199F6B14B02B3D163715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448922, "uuid": "ecba3aca-d19c-495f-896d-4d7700fcfdfa", "value": "a1987c4dfef703391c65547d45eb7acc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448922, "uuid": "8a4675a8-342b-4a45-a0b5-27fc7c0269df", "value": "6144:qRfBLWLE2CDQtvpIGpkze4aLPQOoRfxpWEgn:qRfBawlTe2e5QPBWf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448922, "uuid": "8e1df03c-2e19-46f4-a477-5bd9ceb79214", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448922, "uuid": "c38e6fc8-d8e2-40fc-9c26-2f7317d226ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448922, "uuid": "451b2b3d-1059-4f84-b009-37ca74abce30", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31f5badb-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516517, "uuid": "65afe3a9-60d8-4375-959b-6fec60d0bf41", "comment": "Malware payload", "value": "60377c6cb61917280be59c57bead76fd", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516517, "uuid": "a98ffc69-0b0b-4176-9d9d-07b42757d9af", "comment": "Malware payload", "value": "b7b41a91f39a45a41c9b099506d2d311418f4cd18657063800fb4e76b45b141d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516517, "uuid": "fb9cf287-9c90-41a2-b670-b73fef39f410", "comment": "Malware payload", "value": "a7a21bc13d286d01abd960ac8d1ad0d10a73f11f", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516517, "uuid": "57b77707-d029-48f6-8038-fb4320eb8e87", "comment": "Malware payload", "value": "572c283183c545035d5a37345625bb4b340291ca1dd7364460d2b9d53ea6773065ae0fd0a1819fc1402ae78b8b5a1fd8", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516517, "uuid": "5931f90b-1a83-40c1-bc01-5542dfaec29b", "value": "T12FA39E49D7D20435E97D073948326DD58A3BBC319871A27B8392FB9F2CB06409A6DB1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516517, "uuid": "048eb4b0-bfc8-4ace-9a62-da84f366d7ee", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516517, "uuid": "bb1533af-cdde-4c55-8ea3-a606a0553ef7", "value": "3072:+6G5HOoWBx3xrBx41z8QckUUKI9zojT/I:3GpV1z8QgUKFQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516517, "uuid": "6b3fb29d-f630-49ba-a149-84e5a671c6d1", "value": 101888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516517, "uuid": "89b8ae25-6b41-4289-a308-2293a4bd6b5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516517, "uuid": "19d5cf9c-c6d6-417f-aefd-8ebd413f3113", "value": "2023-03-22_60377c6cb61917280be59c57bead76fd_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2593501d-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Adwind)", "timestamp": 1679511772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511772, "uuid": "bbc8bdaf-c23e-4f1a-9a64-71d4f9d98715", "comment": "Malware payload (Adwind)", "value": "66054f63d4a48886cd03fd7915eed7f6", "object_relation": "md5", "Tag": [ { "name": "Adwind", "colour": "#4B4813", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511772, "uuid": "0a6450dc-27d7-4e13-a0e9-9a80114fab09", "comment": "Malware payload (Adwind)", "value": "b7f46caa4c8a8bdc972cc75781ad43cf8d8436a8640e24b03d34f02560643b70", "object_relation": "sha256", "Tag": [ { "name": "Adwind", "colour": "#4B4813", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511772, "uuid": "fdcf77b6-43bf-4ca7-991c-1e433f0575d2", "comment": "Malware payload (Adwind)", "value": "b2024714631ce5dd5ff2e5a45b58b8c689d2c8c5", "object_relation": "sha1", "Tag": [ { "name": "Adwind", "colour": "#4B4813", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511772, "uuid": "e7f89dde-dae8-4827-a7b3-ee94980064cf", "comment": "Malware payload (Adwind)", "value": "4be0b3267ffc1751ccbb956178239ad8fc1eab5ea476e661c4cee30951d534fe34a866fbe64494d7bdef425be177fbd2", "object_relation": "sha3-384", "Tag": [ { "name": "Adwind", "colour": "#4B4813", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511772, "uuid": "9a62507d-c469-4f30-b544-33d69ef0934f", "value": "T1AF2533950B9166E95D253308893662FF7A6DDA8F33513B6F36C420B584EE825BD00FEC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511772, "uuid": "c402eef7-5f8e-4e19-9d72-7bdcca22307f", "value": "24576:pSd+wLAE4ZpkJKmUDvWtArQUEqMgSvNriU:lwS39vWaqqMNvNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511772, "uuid": "24063e9e-c7b7-4e3a-8b53-0e84a1c916b9", "value": 983105, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511772, "uuid": "b1bcbe19-3ea5-4f9a-b5d1-c5f213182bb1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511772, "uuid": "97719fa3-3c13-46b3-8730-cfda74d55538", "value": "PO_007836547-DCAG 001_PDF.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc9c0ad6-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500537, "uuid": "bcbc30d3-6f73-4d05-b403-6cbcd2606ad2", "comment": "Malware payload (SnakeKeylogger)", "value": "0257e1a7017955db41e80512c5cf20e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500537, "uuid": "8dda4b42-cb73-4ec3-8ab5-91f0dd8c6ca6", "comment": "Malware payload (SnakeKeylogger)", "value": "ba93dd9900252c127a49b902ded6c53e6ec43d6e6607dae9103d767c241a8023", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500537, "uuid": "bd765163-a36d-4878-b9ee-6d4aed32909c", "comment": "Malware payload (SnakeKeylogger)", "value": "b2689d28dec3b5bed84f8d6683e0bb9fa8deeb6c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500537, "uuid": "52ae3b6e-803b-426d-b30b-9633104a738c", "comment": "Malware payload (SnakeKeylogger)", "value": "e3bb4b899ede752aa7bd7090b8c6171b551293d84a359e2486f0249055ba46ef55a5f8eb7afdd9e4e73bde0caba01041", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500537, "uuid": "53965abf-87c3-443d-9905-e322ad616a66", "value": "T1A3D423296374C0EBF4D1877217551A26EFFBD6043A38638F4354AA0979522C7FA9F321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500537, "uuid": "5abe2ae9-ff15-4fb9-a4a4-3be9c1b63c39", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500537, "uuid": "85894ba8-9bd9-403c-b35e-07a90438da70", "value": "12288:/YfI+pEGEO+XwWA9Iq89fyf0a4gn/w2YQaLwmjU/Wk2QX1Dp20nl:/YfnpEMX99ILvgnIxQaL1av2QX1Tnl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500537, "uuid": "e8ab40ce-4899-4156-ba8d-1bcd6b00c203", "value": 618837, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500537, "uuid": "7a1f4484-3ade-4be2-9311-4d21f6b130b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500537, "uuid": "32f507a4-ffda-45b7-8e05-a3d08f0a27e5", "value": "InterMetro PO 2300030351362.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b918614-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501179, "uuid": "5d26549f-a13d-473f-bd02-580af8da3284", "comment": "Malware payload", "value": "faf3c47c4d784d20688a8cfd37198518", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501179, "uuid": "60cf04d4-ae08-4315-b3a4-aad391c89940", "comment": "Malware payload", "value": "ba99e2163f2a673708f5f6f4c8b6ba6e739ec852c25f239b10b1eefcc41d0022", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501179, "uuid": "54ab3d1a-b4c8-42a7-9f6a-bc434b5d191a", "comment": "Malware payload", "value": "70eec20185e813526fa9f08ae37f4b89e3b86907", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501179, "uuid": "16c3fd0e-26fa-48db-a9df-7c74ba8a29a5", "comment": "Malware payload", "value": "6b2aff33c8acafb65f9e0cd5a8b9658ef55bd0133669235b6248cd1f1bb2f4a9dd3ecf03738a7a7e3e8d6d89f31e8752", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501179, "uuid": "8f5d5037-93b9-47dd-bbb1-622ff9622db7", "value": "T1AEE39D1276D1C0B0D5A6027158F9AF22567EFC360F748ECBB7C45A8E5D302C16A36B9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501179, "uuid": "a4188205-23ee-4c74-ba2d-705ffca29a64", "value": "3eef63a9074cade023a62e2ebdf31860", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501179, "uuid": "04f7ad95-80d1-4225-a933-05c1b120fe9b", "value": "1536:ia0dkJcE9FWrsyZK4aUkJ+sMpQCrIULTRN9EQQ5gci1fnGaBsWjcdpvJ+qHf7Uio:x0+HAaUO1C9dNaph+EUidlq3W5DSh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501179, "uuid": "50524220-6b90-46b5-b707-f32bf2a5fc96", "value": 148992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501179, "uuid": "4025aaf0-fb10-49b3-820b-afdb384df293", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501179, "uuid": "07574379-55df-4beb-8d4b-c817fb2baa9c", "value": "faf3c47c4d784d20688a8cfd37198518.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11cb8ac5-c8a7-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679485540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485540, "uuid": "6f65d608-fc98-47e9-9003-0de597b7a14b", "comment": "Malware payload (RedLineStealer)", "value": "84bf3c5570261f79561710ed21c92e36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485540, "uuid": "c6de8810-47bf-4b45-9670-1487e8457604", "comment": "Malware payload (RedLineStealer)", "value": "bac237b70e906e98d871a9308a7d761614e527c449cad28f6d2a9132f5f93c11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485540, "uuid": "eec0a3b3-d2e9-46fc-bec7-a9c29900d161", "comment": "Malware payload (RedLineStealer)", "value": "b84aa964259ec34c669ab8202cb4d93fcc174330", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485540, "uuid": "5ffa5da7-77dd-4807-ada4-71d005938a8d", "comment": "Malware payload (RedLineStealer)", "value": "f6667cdf35eb17f30b03eea5f0ebbb5a32bea1a197611aabcd3438a1283f737272236514ae351ab8c19ec2146fcea6bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485540, "uuid": "f20d9f62-d046-4480-9ce1-644b12ef9c2b", "value": "T1EFC41202AFE99132DC7427B048F312970B397CA19D64D36B6395B88A1DB3B90A573737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485540, "uuid": "fec8853b-6511-477c-ad9c-644e565329d5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485540, "uuid": "235ded8a-19a5-48bc-903a-fe59202e3060", "value": "12288:oMrYy90D6pfe1yS3GvDXZBfrRMOrFabw+p7rmk:AyC+e3GvDXrzRMOFAwWCk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679485540, "uuid": "5c11ec14-e818-42bd-9e9c-260578b0a13c", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679485540, "uuid": "343f22aa-0168-4e06-a919-13b9873e98be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485540, "uuid": "7890de1b-7d32-422e-a058-b577abfa0b0e", "value": "84bf3c5570261f79561710ed21c92e36.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91ca9d99-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472870, "uuid": "e52d9e38-968f-4318-9766-ef841d20e034", "comment": "Malware payload (Mirai)", "value": "eb004e607b938f07ee5945bfd8519a32", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472870, "uuid": "4b462c50-a375-45a7-8349-0f850a13e190", "comment": "Malware payload (Mirai)", "value": "bb38ef4d7b1fce9699aef8a7cff7c561c8be55f8408ee1609c2f683ab4fe37ab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472870, "uuid": "2c16409c-6ef7-4b63-956f-6f03a9303473", "comment": "Malware payload (Mirai)", "value": "93130b85fb7bb36a10bd246385413bec3700c397", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472870, "uuid": "9d8f481b-4ca6-457e-9182-c2044e789e36", "comment": "Malware payload (Mirai)", "value": "fe00d62a4a7ce833f697be3d5b8e0bc0957a831c0eddb744c707274ab7627d0689a8910e72f7b6c20e5ba56046739205", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472870, "uuid": "3588d611-d3ae-4901-bd21-5a734963f3a1", "value": "T11B833915A83A2A27C4D4A63E11FB8751F2F5370E14B0866D7D760F8FFF10680B94A2B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472870, "uuid": "b9ba047c-cd13-4fcb-80e8-a360faefe9c9", "value": "1536:bqYxTT5sgc9tds+6RhHKIUyaOuq3VYBge0ZaQEiLZ6CHt:+Yxn5BgIRnb1VYBgeqaQEiV6CN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472870, "uuid": "3a93d675-187f-4b36-a95f-86b08924e6a7", "value": 82952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472870, "uuid": "6d26c30b-470e-44c8-90fc-a58c76917edf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472870, "uuid": "6607530e-ea65-44e5-be0a-5e0a0c34ac43", "value": "eb004e607b938f07ee5945bfd8519a32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6959bd1b-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679511027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511027, "uuid": "ba0d1a45-dfae-4f56-b4c6-d1929c140c79", "comment": "Malware payload (Quakbot)", "value": "c797fe2fb393465b3be44d6b1939285a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511027, "uuid": "ef5943b7-6be5-45eb-8af7-31add2bcb4b6", "comment": "Malware payload (Quakbot)", "value": "bbc25a40115747c5b2e9d0fe04ba868803357573b77d2e9549c76f11c8721719", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511027, "uuid": "f0ea087c-3455-414c-86c4-c1255205dd8e", "comment": "Malware payload (Quakbot)", "value": "5add986e45ac16eb42b044744c1e4c91b1a11ecb", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511027, "uuid": "ef2ef101-a6cb-43f5-9d80-cf8f9bae894b", "comment": "Malware payload (Quakbot)", "value": "1f23dc51f446bef7fe195a568f06fd5a54b4476fcdbfe4cadf4d2c1cfbc9a5b38faee408437d76392c9f4325ddb739bc", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511027, "uuid": "c38ca1a5-443a-4d9e-9230-af1a60088a18", "value": "T18E6371A40E02161A179FE922A66C6060DF79091BC284B58BB88F7251FFDF95CD5E07F2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511027, "uuid": "573c4a52-3a45-462b-8036-1307c5cc58b4", "value": "768:NIANXKw8ppP54V/hy0TyRruuG2puiOamTtYMuRbdL94DNZOO9JQMAPk1n6Bs9u5l:O6XVWL94D3OyUPk14S5uIqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511027, "uuid": "15c2e16b-cea7-48a0-ba73-de98d8830e30", "value": 69424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511027, "uuid": "989227e8-a1a4-4e69-a572-bbfcabbebe10", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511027, "uuid": "b2c0da34-6570-4a69-8aac-c53a5360baf8", "value": "qoz.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76bdc99d-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (ManusCrypt)", "timestamp": 1679511908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511908, "uuid": "858e6738-dc36-42c4-9dc6-a0f576b2dd82", "comment": "Malware payload (ManusCrypt)", "value": "50793b3b016fe3d7042a286e70c8c2db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511908, "uuid": "4f12f977-9617-4321-9986-37cc3f5edc62", "comment": "Malware payload (ManusCrypt)", "value": "bbd550a356ad847fbec4080976e7f7d72b3d431d923df772b65880b7a5cc7254", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511908, "uuid": "fafaaafa-a3d2-471c-b9bc-744068c85bde", "comment": "Malware payload (ManusCrypt)", "value": "636db5add1b385fdbe8f01a097a39aa64591fc8e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511908, "uuid": "d49209b2-6f6f-4546-9d35-10dadd476634", "comment": "Malware payload (ManusCrypt)", "value": "4d9154898d4c04d26d7c6389174c73091adbae875957704a0d856795bc2e86d9fb6e822521f23d3f0e3d8780cdd6d931", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ManusCrypt", "colour": "#3BAA55", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511908, "uuid": "a2735739-238a-4493-9c2c-1552d056e259", "value": "T10A150AE62190F177CB2996F1C655F8F608FC3C24EA1C22D751A33E64743ED26C92A16B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511908, "uuid": "ed88e39b-d7b1-494f-9626-dbfe12d1fa6c", "value": "9d7d0119149b87d9470a48af373560eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511908, "uuid": "18930c20-c131-4fd9-85a1-910f7355e521", "value": "6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FU1d43wUmDm:nz/9ja2ieFYp5R+I7uY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511908, "uuid": "30469039-8510-49e0-803f-4b8580efb7d1", "value": 901120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511908, "uuid": "9b312e7f-e1b0-4ee0-b5c6-139d68850578", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511908, "uuid": "4e51360d-a1b5-4a8b-9f6e-da32ccbda936", "value": "50793b3b016fe3d7042a286e70c8c2db.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d59eba1-c87a-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679466285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466285, "uuid": "2038d627-5c70-4525-bde0-2a01acc154ab", "comment": "Malware payload (Guildma)", "value": "47cb18bda8c9c1ab5e58c9785e177a4c", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466285, "uuid": "7beb6bde-e157-4c0a-92fe-64664eb9b1ee", "comment": "Malware payload (Guildma)", "value": "bc0a57898135a554f13898e69a0f8ef01b17210bc3b4f84138f90a50316dd1d5", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466285, "uuid": "89d14034-9b38-42c1-a3f4-b4647a75b05e", "comment": "Malware payload (Guildma)", "value": "79b4af6729dea31300838829e804d0901ad5e101", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466285, "uuid": "d1344dfe-314f-4910-b28b-4d5e58e18883", "comment": "Malware payload (Guildma)", "value": "baca3b552f922f107da967cfed4aa65046616368474d1d8500946fd83198b2cd110056a405e605f747374c55e285900e", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466285, "uuid": "fdb161a1-2173-41b6-97d2-c89ea03ea849", "value": "T1EFF0AB9FE0016FD0C01C443A491A07901D8C7C4B9F18909A065D4A5898A14CC5B1F7E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466285, "uuid": "c6e65f75-dd77-4c2c-a969-0a6c9519de9f", "value": "12:8rflM8OBE6ZGrgKfICFPkEWjdDLHPWOm5m7qjrnHjTbpr6:8loGrTFP/W5LHuOim78rnHx6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466285, "uuid": "9b039e25-79c3-4d56-970a-ff6bb327544a", "value": 491, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466285, "uuid": "106e0715-12d2-495f-8582-860bc6990294", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466285, "uuid": "c191587e-55fe-4047-8366-e4c652317e80", "value": "96480736_618.24639411.520960.48671.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d64e20b-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679467493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467493, "uuid": "eb209579-3876-412d-9c2c-ce3c504321e7", "comment": "Malware payload (AgentTesla)", "value": "569d86839920600f3e27d9060891b9f2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467493, "uuid": "3ce89052-31df-47ee-b942-f4642067ee0e", "comment": "Malware payload (AgentTesla)", "value": "bc16d3bbd177cb05ba8951e898d56c2c1f8969274579e9f33e3b0c76b8ff9c7a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467493, "uuid": "56e8fd6d-2edf-4968-9572-d021ed4037f6", "comment": "Malware payload (AgentTesla)", "value": "5a515e25976db8854c866a2cf5861c4099ec9ee0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467493, "uuid": "347f1857-3c35-4f4a-91ee-fcd65da0646e", "comment": "Malware payload (AgentTesla)", "value": "dbd8d68e3c4fcc9519b93e707b032445d59ba98d4bec0b2b838e25a1076a80012b3da167c67b49fdfef56a7ad1527fad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467493, "uuid": "e52bacd7-2fc2-484d-b04c-ca0a40aaadc6", "value": "T1489423FB3D30647E52D461851EF2A735363D291E39EF8AE19D9A71DB6138BC00A70931", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467493, "uuid": "219dee5f-1327-414f-a03a-678fc3445a2f", "value": "12288:V9Vv0gUO0EuTICaXPc3DxK3XGbXZ0gDcVGDVHZ:V9R1Ug1X+sCp0acVIV5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467493, "uuid": "0a9be02d-8be4-4822-aaad-26f0498d6455", "value": 441026, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467493, "uuid": "86aff1af-8a13-4cc9-97e8-414df1ac9b27", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467493, "uuid": "f4456391-c8cd-423f-98a6-b9a969ea0ddc", "value": "SOA 9206174.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea7abd01-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679511673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511673, "uuid": "0487648c-0798-437e-b752-65db1f3d18c4", "comment": "Malware payload (Loki)", "value": "6161586cab6dbbe35b513f84486e8d6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511673, "uuid": "e2aac6ac-7426-482c-99db-080a696c141e", "comment": "Malware payload (Loki)", "value": "bc8a12bfd7a792586d78f4fac22f22ac9d2dfe31452d2e99b7cd47180bd4b295", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511673, "uuid": "eff03db1-37b7-4a5d-a3da-b888fc6de262", "comment": "Malware payload (Loki)", "value": "4d0918da815050a31e3df4d299e979f5972064bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511673, "uuid": "dbc7ddf5-a9a7-4f83-a8e9-7344aab2d92d", "comment": "Malware payload (Loki)", "value": "86c2df9aab9dea95b9097ef80780ca3af5f480a916de69d0e600e76cb4da9f66874e1cf9cc643aff1c5a50bf1324a1af", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511673, "uuid": "193d788f-d1a7-4820-a044-954bf090a972", "value": "T11C05121577A59B52C2FD9BFC08B391802379BF3A2322EB4C2EC534DA1A37758C662553", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511673, "uuid": "dd22d4b3-f45c-40b9-bcb0-0fc0fae5350e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511673, "uuid": "eae337e9-4bee-4238-be9a-b37891649fd1", "value": "24576:fhl06MFkUpkYXjPg7v1dNE4zrV5u50cXkJ:5lL89tTI7Lm43Pe1M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511673, "uuid": "885dc689-2a1e-4f0d-a7ff-7af1a3a9172f", "value": 859136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511673, "uuid": "ee77ae44-7c04-47d2-b66e-117f88f0af80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511673, "uuid": "21536872-ecab-4bcf-bf91-2d38140feef4", "value": "FedEx Receipt_AWB# 771596460800.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c114824f-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520623, "uuid": "04c8a91c-21d9-4ad3-a46d-e91e115473c6", "comment": "Malware payload (Gafgyt)", "value": "0d750b1f2e750443387afe9634f9f5fd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520623, "uuid": "36ae1ecb-8bb6-4ea4-abc1-ea13e1ce77c3", "comment": "Malware payload (Gafgyt)", "value": "bc9231575b7c84d1df6fda4dc759ef47da284841aa101705ec2fe31a6f1a5d00", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520623, "uuid": "6472c064-abf8-4e78-b186-ed1b0c9573f6", "comment": "Malware payload (Gafgyt)", "value": "3b9bd12206a1d8f7f758cbf6d229628b73272fa9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520623, "uuid": "961f5f93-38aa-45b7-8c61-323c4a5cae49", "comment": "Malware payload (Gafgyt)", "value": "f2553dea583d26c64ba9d8af33259083371c3bb0d6cd44b5aec3dbda49c2839432547f7ffda2f6ee56c2a8899cf341f8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520623, "uuid": "9903f426-c5d9-4c34-9a87-1aebabfb77bd", "value": "T1F7C3093B7B270A23C0D9507102E31332B9B9DE5938BA43D7A9D07D9C6F3A58834567E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520623, "uuid": "5cbbfd9a-7723-48db-baf2-ec5286953b88", "value": "1536:ctrv5GE2dFg8aI0DN95P8tf7PJtAzRdc0sfm7ypwYujl3IdnuW:ZP0DNPAG5sfm2pwYux3I5uW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520623, "uuid": "d987b9f8-1d2b-4812-83d1-759dfc8c1eab", "value": 126446, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520623, "uuid": "12856d3a-b99d-403b-8f2b-546e27b4fc38", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520623, "uuid": "de6a25da-03dc-4b3b-9c4d-16dc1568ec9d", "value": "0d750b1f2e750443387afe9634f9f5fd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13058182-c8b9-11ed-88f6-42010a9c006e", "comment": "Malware payload (DarkComet)", "timestamp": 1679493273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493273, "uuid": "87eeddc3-2217-48e6-8035-d3099d77db14", "comment": "Malware payload (DarkComet)", "value": "e0c3dc6e59f800b7aa184427011774c8", "object_relation": "md5", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493273, "uuid": "c0a0851b-8e29-4d40-a3d6-5b554444e236", "comment": "Malware payload (DarkComet)", "value": "bd58067c39932b971f15ac3f3dbbd8d9ebfea5629f058e919535ca02b89f0389", "object_relation": "sha256", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493273, "uuid": "74e5938f-f1af-4fd3-b144-785bca75ff30", "comment": "Malware payload (DarkComet)", "value": "f62e83280567470861088a148083d5a601032c76", "object_relation": "sha1", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493273, "uuid": "f952b43d-fd98-4059-a598-d664147f3590", "comment": "Malware payload (DarkComet)", "value": "924068b16d6dbd33bff8779d683e225752334647806e350eb8ee27aa17ff7616928ee341a79f4909e26e0d6ad12276cd", "object_relation": "sha3-384", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493273, "uuid": "789ecf35-54d9-4a58-bdb8-38647ff96537", "value": "T1A2A4AF281EDAF94DD3621C7C55E9DA2E71BD59222D0B4B029F726A88DF31FDC7E80244", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493273, "uuid": "9b8b69c9-e079-4818-94f8-bf4bf50df60a", "value": "a38ad86d74cafc45094a5085e33419e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493273, "uuid": "5c92eb3f-f036-4476-b8e8-f0f7a3102042", "value": "6144:fcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL374xe6GfAGgpkie2n1IKsei4R3OQ:fcW7KEZlPzCy37IbGww2a9eiAPiPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679493273, "uuid": "abd6cd1c-9fd3-4fe0-9337-a55408996dc5", "value": 464896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679493273, "uuid": "e3a66756-6f99-4137-8988-cba3f09be448", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493273, "uuid": "bd26c0e8-ffdc-42a8-9b3c-e26874f72de5", "value": "Arken.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9c7cf38-c8b7-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679492667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492667, "uuid": "bed704d6-3c38-4dfa-8763-eb5badb47c1a", "comment": "Malware payload (SnakeKeylogger)", "value": "d26e9a9ca834081f9decb5cdb0c10065", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492667, "uuid": "c7ecc03c-02d8-41c1-9f46-35d32baa101d", "comment": "Malware payload (SnakeKeylogger)", "value": "bdf329c1001b540fffb7ad110b6cf460a89c3408fbd62b15e7c55d8cdb55380e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492667, "uuid": "74b507c9-a6f6-4ee5-99fc-21d5a42c694b", "comment": "Malware payload (SnakeKeylogger)", "value": "47288c7b56bf798ab620f8e1c7d2d952f0a6cd3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492667, "uuid": "ee28b1a7-a81b-46b2-9b25-3f2f88027db1", "comment": "Malware payload (SnakeKeylogger)", "value": "db120a613badaddfdd1c2a52d9271237182f376b395a0d5d359ed04065113e85e85ba7a4f5bd4facbb9106d53175999e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492667, "uuid": "4d346988-2d5b-42e3-9335-25f1e9c3afd8", "value": "T16CF40206B2E6CB65C15D5BB9A4E25D2003BB6F932A33F3056DC430E92B377E50B45A87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492667, "uuid": "fa7a78f0-c472-4fdf-b74f-37580091a2db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492667, "uuid": "189388a6-1295-4322-ad96-5a68fc933419", "value": "6144:4tk1AtYVa8jW4VUKz0VvDMj6HffXKmT1NidpqXTg6MXCmWxZ+m4FHNcLHuD9aIFL:hj4bMmHVTIpiM6MXCmY+mIch33qvt1C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492667, "uuid": "d4aaae48-56be-4a08-acf8-f5d24ca577b9", "value": 753664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492667, "uuid": "728c22be-4152-4a68-8cf4-a11695933f88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492667, "uuid": "c95388a3-1ad1-411b-90cb-48a6922fb6fa", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0e111ef-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679501725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501725, "uuid": "f56ed4b0-6268-40de-bc78-57bf96ad3122", "comment": "Malware payload", "value": "fcd193ad8b074929a72c8bf3074f7512", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501725, "uuid": "c949647a-61f2-4c43-a0ee-5345fb40f0f9", "comment": "Malware payload", "value": "be6d659859b45aefa296523172ca9a6c42b007763f776666df389fbac6592d21", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501725, "uuid": "f0b8c8b9-1edb-43a7-9dfd-1bda224c4c3d", "comment": "Malware payload", "value": "4b9e953fbc69b65591d74f143ecaba7ea2de1c81", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501725, "uuid": "ff927ad4-e383-4140-9eac-ad4bf0ee4914", "comment": "Malware payload", "value": "7327d25bffc160b706fdff4e102cc6b855a2e20e763cf95ded7e5e20080e1f0f1b3efbb6f0600328227c7cf83658530b", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501725, "uuid": "dcd652a4-8fb5-40f3-ac44-73d7d0d37688", "value": "T126350213E9C58D4AD44247B96AF37599232EBC227BD2A2C72344770F5F78AF08A4311E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501725, "uuid": "f16c0726-98a3-45d2-b18a-7313709f23ed", "value": "24576:fLKq/WQmmav30xU+MXUu9/Mh+MXUu9L3bVK+MXUu9Y3bVJBMUdloqnfdiM:fLKquQmmQ30++MXV9m+MXV9L3bVK+MXe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501725, "uuid": "1cfb6bfe-fc43-40db-97f3-7959e1732bb4", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501725, "uuid": "f0ee9cf5-d28f-47e7-aa66-4d4cf0749b63", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501725, "uuid": "826d965b-22b1-48ba-95cb-493104c07e91", "value": "Draft BL.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36507405-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474005, "uuid": "dcc865a9-9922-4811-8335-0ceed4963988", "comment": "Malware payload (Heodo)", "value": "1c8f810aa373aeecb2485849a225b892", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474005, "uuid": "55ea3907-4e32-4192-8923-6d11cf98a3fd", "comment": "Malware payload (Heodo)", "value": "bf3e274f13f368c4b1aa9589b865b3e8f3f247f501f9f251700d36c7d654d204", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474005, "uuid": "2f17c3a8-c9ea-4738-a700-2005790f1f97", "comment": "Malware payload (Heodo)", "value": "bba3289cd863bba8b1d9348e7a08c15ced29b859", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474005, "uuid": "ae04f87b-a6c4-4f59-9bfa-e1c7d01ea594", "comment": "Malware payload (Heodo)", "value": "787af9a3e66c6a93fb590d88d54d1f4bc4c8785100875abe4936c0cd1a5d6b3ebfdce8064c55f25f38d67640a4362bf6", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474005, "uuid": "00aab1d3-61ef-4da6-a941-15f020219ce0", "value": "T1AD2523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A91EB6C42122B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474005, "uuid": "043c21d8-9fa1-40c6-8519-3e603b9ca590", "value": "12288:2kf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4de+:1XzNdfKluvnRHthzfoYxJld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474005, "uuid": "7819a6b5-cca8-4437-b4ad-bab366285459", "value": 981784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474005, "uuid": "b8f7a406-0062-4599-adbe-d08f236e695f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474005, "uuid": "5f16877a-d633-462f-a819-f941aa8d8b83", "value": "3YL1AuCRP.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "099fb207-c8d2-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679503994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679503994, "uuid": "450c6787-80b3-4a2b-a970-b6e4bca79cd7", "comment": "Malware payload (SnakeKeylogger)", "value": "43919d10c09cc339e383f3b62ad9b311", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679503994, "uuid": "77f211f3-33d7-40fa-84c0-12c0b2682f71", "comment": "Malware payload (SnakeKeylogger)", "value": "bfc51dc1a4d05287a8935713fd2875a76960b63d6dd852be6664b6aff198a4a0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679503994, "uuid": "a7c1671b-ff30-42e2-80f7-46df65bb107e", "comment": "Malware payload (SnakeKeylogger)", "value": "8df3327bf214705a925d13e1c6216e9d019095c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679503994, "uuid": "f7594ea7-0ae8-4207-82c8-4c8473e26aa2", "comment": "Malware payload (SnakeKeylogger)", "value": "913f1b8bf2c46f64439b66168f41af5b923d376cc4411826013cbb1b5a9a0eaad9b768c1b8f306f0f3dbdddedff6fe9a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679503994, "uuid": "3a1a6399-f4d3-4002-ad9e-3a961c4fdc3e", "value": "T1F8457C00BFE48737D2AF57B199B243566BB4E488E3D2E39F0E5811F42D823586D153AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679503994, "uuid": "426d4983-22f2-470b-bf6f-fffb41a91d76", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679503994, "uuid": "779bdec2-1926-4354-95ea-4ef17ab4bdfc", "value": "12288:oMCkI09GC5+mpMM6iM8ZSArLmMczCCnwqRkQ7zIz69rUv:RIkntMTPLALGCUwRQ7x9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679503994, "uuid": "5d4bd32f-0ac8-47fb-a90c-9df672bf7f07", "value": 1178624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679503994, "uuid": "af926356-a2a8-4eb5-ae3e-d98aa717baf1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679503994, "uuid": "d647c4fb-9e5c-45cd-a518-d5325a0b849e", "value": "43919d10c09cc339e383f3b62ad9b311", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90e7b5aa-c885-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1679471150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471150, "uuid": "484b10d0-bc65-4850-ae12-0c8be7254271", "comment": "Malware payload (Gh0stRAT)", "value": "11a5b746ae01a002a8740ff805a0da88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471150, "uuid": "6252f0b9-2a37-40b8-bd8e-406817e1706e", "comment": "Malware payload (Gh0stRAT)", "value": "bfc673b442809a22a48e4c70d5027c925c8eaa56caee77ff6f896d480d78dcc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471150, "uuid": "3b5292fb-7201-462b-9d51-6b51cc4e180f", "comment": "Malware payload (Gh0stRAT)", "value": "4885a9e1ba0a9816446aa196120fee575cf4eca3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471150, "uuid": "405f0484-443b-4d5b-84af-a5111e9a1987", "comment": "Malware payload (Gh0stRAT)", "value": "5fe5efa8537c401fe8694d737bfca08cf36128da34f45be62ad03ff13ca435ecf9e05acf2006408e316ece288fe050cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471150, "uuid": "1d376d9f-b5e5-47df-9ace-a995ed303809", "value": "T1D4A4AD1233E0C877D396B1B4C9C297F5A265AF011F2599C36FB1370E2D721ADAA32E15", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471150, "uuid": "2daf5a76-291a-47d5-8934-7a370dd4fd0c", "value": "77eef4e097d1e4bdf8b3e7692e2593aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471150, "uuid": "03ef46c6-747c-4e73-bfc0-67904957246f", "value": "12288:bkXOs/EQaS77z/t705Hux7xGTjCbqWd+YGMU:c/EQaS77TR05OxdU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471150, "uuid": "0e50b974-dac2-4792-a329-b9bd18969157", "value": 458752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471150, "uuid": "5049c1b0-b412-4219-98ef-c1d8097f3605", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471150, "uuid": "dfbbfdd1-15a4-4be4-89fe-ce760dd3487e", "value": "11a5b746ae01a002a8740ff805a0da88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb04cb2c-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (CryptBot)", "timestamp": 1679512560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512560, "uuid": "59059ea2-35c8-422e-974b-69b36c19ce26", "comment": "Malware payload (CryptBot)", "value": "2dd9a2b06e2612ae5264b6f5770909ef", "object_relation": "md5", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512560, "uuid": "cfac6bec-1f0a-41ac-9f3c-55f27c7854a8", "comment": "Malware payload (CryptBot)", "value": "c00cfa33f9810d7332c7f184d5bc0b3733fe47bcd076787b01a82e11ee457815", "object_relation": "sha256", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512560, "uuid": "9e253a99-0775-4f4f-ba8a-1f24daaa914e", "comment": "Malware payload (CryptBot)", "value": "57ba2ebc6f49d513066bf3810acbbebfea93bd6f", "object_relation": "sha1", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512560, "uuid": "2b1e4a8d-3428-44a9-8221-fb6437512cac", "comment": "Malware payload (CryptBot)", "value": "660dc453af4300411780edde4e777966c545aa5ce10ab78a487afdb795a999158ac4b413ab771c3a6d06016505a8469d", "object_relation": "sha3-384", "Tag": [ { "name": "CryptBot", "colour": "#EB0B67", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512560, "uuid": "2548db4e-3a61-418b-bd2d-53b4fec94f16", "value": "T1376623A7765802C5C4E89D359923BEC432FD5F768ECCEAB4398B77C22B32590C629543", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512560, "uuid": "a2a86448-0fa0-4260-bd95-9042666057a9", "value": "36d75ecd818f0c5cde41f4ee2b1e9296", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512560, "uuid": "12cfcc3f-6e02-4be3-9ba7-31814bee895d", "value": "98304:1w+Gs1CprmJ2Iv2v7WH/Rl7fqfe0Ni6Ik2iVAwfRQBLgzSbsvB/BURkYnrY/MXJZ:i+Gs1jJXv2qH/vzqfpiXaQkdZ/W222R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512560, "uuid": "1dd4d88c-f323-49a3-8aaa-32ed171417f7", "value": 6857216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512560, "uuid": "a38f2ad2-af19-4368-8187-715e3821296a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512560, "uuid": "12f86dd4-0ec6-4d87-8cf2-dd69347716d1", "value": "2dd9a2b06e2612ae5264b6f5770909ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d704134-c88e-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679474956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474956, "uuid": "1b4a7704-1570-45ac-bc49-d80392b36f51", "comment": "Malware payload (GuLoader)", "value": "89c1af7470bf3a699a914a62a7a37c1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474956, "uuid": "11ee1a2f-03c0-4c44-a900-9822cb47a040", "comment": "Malware payload (GuLoader)", "value": "c036bf9593241c5ba0f2a7d38b6ff8099344e4b17a758ff64b145f2329256415", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474956, "uuid": "c50e9d8a-829f-4876-9ba2-4f70fe62d638", "comment": "Malware payload (GuLoader)", "value": "75112e7df02461e8dc0266d6a147959b2ae3701c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474956, "uuid": "eb1906bf-bdde-487d-9f4d-581f498ebe60", "comment": "Malware payload (GuLoader)", "value": "a1dfe9a85ba30a92fda8c9cc9cd35f657379830ffba5192622fa5e81ff1db246b996240f91efca9bcec5da18122a0f12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474956, "uuid": "b555a582-0655-48f9-9cab-3075b11762a9", "value": "T12464F1C2BA51C1E9FD7D8930F06F95479AA5BC7A5A980CD933987B4C88F21018E1FF25", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474956, "uuid": "4b005e4e-e8ea-4cc2-b7c2-1211da9885bd", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474956, "uuid": "33e639b3-2306-4f82-ae07-107ff16b8237", "value": "6144:nQ606xUAK/TxV595DDV6v/bGj5Yb7T/lZNG5isZ/UTUNsKn8sFLZJFJJWkFx:k3LJZ6HbGjQLZiU1sFdHnWkFx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474956, "uuid": "62797d64-e18a-4a45-b957-3d5cf5f299b3", "value": 331889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474956, "uuid": "35d0e384-85dd-49d4-8293-8abcd53bf63c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474956, "uuid": "6dbe686d-472c-4040-bc91-6458041a0dae", "value": "Justificante de transferencia.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76a81fb9-c8c9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679500312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500312, "uuid": "5d6e705f-cbc9-4695-be77-540f0937296b", "comment": "Malware payload (RemcosRAT)", "value": "df9c4e5c71f2f5984ac07d4afb319f16", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "UniCredit", "colour": "#2198E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500312, "uuid": "8352de47-1755-4fba-900e-b16c7170c70b", "comment": "Malware payload (RemcosRAT)", "value": "c047f1c914f98de8cd4b9ecc0252f3c906489868194a7dd7324073fab2782b37", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "UniCredit", "colour": "#2198E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500312, "uuid": "31efb419-0c77-469e-88bd-5342900d3b65", "comment": "Malware payload (RemcosRAT)", "value": "3d0b51d20f722e8c290b28ea242c710d5bc112c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "UniCredit", "colour": "#2198E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500312, "uuid": "43594a14-c7af-4ad3-806e-9e046b9d3142", "comment": "Malware payload (RemcosRAT)", "value": "e1ed2e923d6dd52f5ee7fa56113c2a3cfb0e46edcfda5da9eb9f76c43481112e71d9922ec00e0a90ef0ed60686436818", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "UniCredit", "colour": "#2198E0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500312, "uuid": "cf9a8aca-9c15-4f1a-a73f-31d096ad5f3f", "value": "T10BF4288523995A51D0FFAFB798F0A244C3F4EC10D79AD70E108538AA9C66BB359B071F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500312, "uuid": "5e649a78-a447-4a95-85d0-2f06dd307dc2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500312, "uuid": "7b7f66a1-d241-441d-adb3-2bbdd684f1ec", "value": "12288:UKrZ+mQ/I4Tj19z3/X1g43fim/ZVgXFgzoywEAmD:Vrd4Lz3/X53fim/L4Szoyw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500312, "uuid": "b49385d7-96f5-43eb-bc0c-debe7b158c48", "value": 727040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500312, "uuid": "a1d346bf-e018-471c-8736-1c9baa7b07e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500312, "uuid": "6b8a54b4-9578-4471-916c-9b983efb4fc6", "value": "UniCredit_Documento di Pagamento_Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b0d2b2a-c898-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679479247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479247, "uuid": "c792783b-6bfa-4f77-80d1-24cc32df6c5a", "comment": "Malware payload (RedLineStealer)", "value": "9a7de4fff1bbf032a128a54a47fe6e7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479247, "uuid": "818ecc95-f576-4e25-a2c8-334265058a9f", "comment": "Malware payload (RedLineStealer)", "value": "c065da3889c76e095021eaf8a4237b1ecee2596af6ac11a32158e96721dc6bac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479247, "uuid": "2622e567-569a-4a37-9c80-d29ed1615ede", "comment": "Malware payload (RedLineStealer)", "value": "eea629d7478321046e43e11589e9d8b17ec20b45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679479247, "uuid": "42bc2b78-d071-4221-a8b5-b8481afb3ca2", "comment": "Malware payload (RedLineStealer)", "value": "c0ad293a723c0a80603cd7ea6814d22231c8492e6de0ad9eb4215c06a0320418db2b8df3f1faa7f6ff0e0d06c463bb8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479247, "uuid": "995fff41-6818-4146-bc39-084b960969e9", "value": "T11BC41202F7E98062CDB517B158F702C30B32BCB1AE74536B2395A8491D72791E97A73B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479247, "uuid": "901583f5-31d5-4ab6-9b2c-1e743397b90e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479247, "uuid": "3c7005eb-f529-48ef-87a8-5727a02bd638", "value": "12288:PMrPy90MXcwXmk5hYvlzmQExYqGm6MYv2Rx8/L6:gy6wXD5hYtqxYqkGx8/G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679479247, "uuid": "cae5e1bd-6056-45ac-b9b7-7fd25f738a75", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679479247, "uuid": "4adda84a-2260-4e07-9c77-8d36d45d91dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679479247, "uuid": "760e6ae3-473a-4f6d-ad40-66aa7f9c9d50", "value": "9a7de4fff1bbf032a128a54a47fe6e7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca9ec1e9-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679469529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469529, "uuid": "c3f9ac39-d9d8-4751-9e3a-4b648d0a74e7", "comment": "Malware payload (Gozi)", "value": "de4ca12df2e6fddf8e937a160f401e30", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469529, "uuid": "65f80c16-e711-46f5-833e-4d50f5c1c774", "comment": "Malware payload (Gozi)", "value": "c0b94c66db218563d8c9ef86ea86d49d86a364d02f5912c3cfc48adad91993f9", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469529, "uuid": "496a79bb-4710-4e24-b976-2a0449c6a10c", "comment": "Malware payload (Gozi)", "value": "21b22b7acd90e54ccc9c706ef9f1ef0ea0d774dd", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469529, "uuid": "c0eab704-943d-4ef3-8b6f-9c06bbe07386", "comment": "Malware payload (Gozi)", "value": "4d5fd0739077b01055cb685a3576c83e292cef21a58673a9ebad4f6a5199f78df6ad6d8d761f1755bce401053f48e4b8", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469529, "uuid": "3270641d-1ef7-422c-bc43-b9c72a338843", "value": "T1A2F0E524C60F6200E42D597852920A51EB348757C071320B2C8A79D23EE2FE68B59BD3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469529, "uuid": "732c2a1c-7916-468c-892b-faaaaa9f916f", "value": "12:5j8/Pfm9F1+FyLyDjPrMIqJt/qItSPw/9ZlPay/qP:98/XrmyDjwIqJt/qsSPw3ge8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469529, "uuid": "d4e28d2a-a440-4eae-8cae-04b68334aa0c", "value": 491, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469529, "uuid": "ae19a73b-c54a-4e28-a654-3e1a5d8b72cc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469529, "uuid": "32c6ed29-e5e6-448b-b349-12205616805a", "value": "Normativa37.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a698e67-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679466012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466012, "uuid": "2655971b-5c9f-4d01-b984-053dc6ce30ca", "comment": "Malware payload (Formbook)", "value": "a31bc094279bd65f568076d2aece6c99", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466012, "uuid": "040bd39f-c059-4f6a-b1e5-5d386695d161", "comment": "Malware payload (Formbook)", "value": "c0e30a346b311fc900cf4092286d1aebd5c4f028f632405a10bf6bedfa8a100d", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466012, "uuid": "7b094545-8132-4faa-8624-36682d75a35e", "comment": "Malware payload (Formbook)", "value": "f0c00be99eb2999943beca70488872146227cf73", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466012, "uuid": "4b98850c-f7ce-492d-9eb9-95b8ff9b285c", "comment": "Malware payload (Formbook)", "value": "0358bdbc91e90705fab369d72bbe24b8adf90fff49777fa50f9574092ba9e1f4c4e6a2611fb528a562881a96108f6e76", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466012, "uuid": "3cf02a8f-91c0-474c-a0fe-8168bdb247c4", "value": "T18834127EFBB2082BDF22B9B9997B781151EC44C2208F1B6876B7B569231043D9B1F245", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466012, "uuid": "ae652bb9-f04b-4d4f-8d1f-425fca0a374f", "value": "6144:8avB1JevjktZwm+1W2iYcBm4AP0urYEDAKGKebKAy7tFmLXjz5:5H8kLwBSAPxYEDAB/bKAkt+X5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466012, "uuid": "3b939539-df1a-4473-8b12-cfdebb03e182", "value": 241801, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466012, "uuid": "820c97c9-3047-49c4-a575-72085115d9b6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466012, "uuid": "60dd827d-1e0a-4570-8224-b334f10b19c5", "value": "Order Inquiry_pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f185eac-c896-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679478475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478475, "uuid": "453db264-0dbd-4aa9-bd29-5c12b01b5192", "comment": "Malware payload", "value": "7cead57dbc81c6f87f49fc8afd8377bc", "object_relation": "md5", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478475, "uuid": "5f312b57-9e02-46a5-999d-703d3e272225", "comment": "Malware payload", "value": "c108c720c87d501cb88b41494d98d2c73743e2fdac7197ed9e917d01622032ae", "object_relation": "sha256", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478475, "uuid": "27ec0f4c-030d-4232-96ba-8a7f546b1a2d", "comment": "Malware payload", "value": "e06b40a4107639f2d7477ad97eb0908733736cd9", "object_relation": "sha1", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478475, "uuid": "2dff00cc-d277-4c10-a7b9-2608a21b6088", "comment": "Malware payload", "value": "10df353ea593451173d0030d9ff4457a3a7487d6b2a9e1ce24464002621caae93ab0b2409b71cafd800328df6375ecdb", "object_relation": "sha3-384", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478475, "uuid": "4588fe92-bf21-4655-994e-b64e43540893", "value": "T1CC65AE3A89B3FDEE372D280894081D170D9C2B5717665A6CDE8A467D2CC9322DF9D4BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478475, "uuid": "4f129894-ade2-4e25-be23-216b0edc566f", "value": "24576:SEkSRrtp14uJN2s84KJu6StFiFMZwWwWrNszOZR4zHNpsoW4nra:+2ZdOSPrQHXvW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478475, "uuid": "13f1b654-5d7c-4ab0-969e-726e00574f99", "value": 1504457, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478475, "uuid": "2ff29104-f0ec-4787-a6ba-a0441c423852", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478475, "uuid": "cdfb3663-1ff2-4038-ae88-b2eb02b3e0d8", "value": "doc_Factura.cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62954916-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679465918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465918, "uuid": "3d8d6bf0-0b28-4a32-9d09-be39b04924a6", "comment": "Malware payload (Gafgyt)", "value": "82415e8838d0e36c3e60d300dc1f9fd3", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465918, "uuid": "fde284cd-5fd7-4c6c-ab40-68cc1f008267", "comment": "Malware payload (Gafgyt)", "value": "c12bc6a7b13591a732b61146d00bc1cb483d7ae95df007cddc0112ab835339d7", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465918, "uuid": "b7cfb597-dcf2-4cfb-aa91-4a4a7e3d4f7b", "comment": "Malware payload (Gafgyt)", "value": "8aabdf5e7d068d40797af6698ad293014010bc07", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679465918, "uuid": "7d829fe7-e4d0-48ef-a55b-33f4f7bbb4c1", "comment": "Malware payload (Gafgyt)", "value": "845fa7b89fd1505706605d86caa5e9fa85f38c52f55c0b862a418fee33eebc8ae0c7434b1dc268cd2b784df70e899540", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465918, "uuid": "2676da9b-4076-498a-9fac-0cd8c4e566ca", "value": "T1F0A33A1BE643C67AC08366F016DBE6519823B1BD0B72720677A8ADE12F158D91E6BF40", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465918, "uuid": "1baa0e8f-d86f-486c-9789-f7a6d0c8c772", "value": "3072:QBpHuN9/36Z+pjtwiCphagC1yg9luJ2hgYZiSb:EpHs/3hgphagC1yg9luJ2hgYZiSb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679465918, "uuid": "00562d10-ccc9-4378-b976-a46052019bc1", "value": 103131, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679465918, "uuid": "9fa814d3-d995-40b6-aa96-f1fc0f948375", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679465918, "uuid": "ba2ddb23-e47d-4d64-972b-bc507d5e8d79", "value": "82415e8838d0e36c3e60d300dc1f9fd3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "182f3fef-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473525, "uuid": "88862f2f-4d7a-4e5d-8708-aa2e1b2bd6a3", "comment": "Malware payload (Heodo)", "value": "6bd243b17185f5519f58a5bb7cad92c1", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473525, "uuid": "dd452c20-203d-4139-86c0-4e9321f1e232", "comment": "Malware payload (Heodo)", "value": "c14df890baae1c81d9ca06765e776c4e3003cee0b3aabfbb9c1992c4c903d48d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473525, "uuid": "92f4cd8b-5234-4228-9eca-3f2a3b54f163", "comment": "Malware payload (Heodo)", "value": "84153674b861bb180f12d18a3c8559351fddca73", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473525, "uuid": "57b453f9-e5af-4a86-b58b-85f6c1c22560", "comment": "Malware payload (Heodo)", "value": "ddbcaf4ef7ca047379d03abd64618737f78f93fa2355a23d31f747e6574746882f945eb39f90738b3b0293229989c3b4", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473525, "uuid": "588898e9-b265-4d84-b1be-a54dd5a83b74", "value": "T1B1F412E0C98E4584C5504A7DFD242699377B36BC78DFB0CC77775EA6823A6A81C423B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473525, "uuid": "0cc138cd-ff89-4180-b8e5-e4285c3b1548", "value": "6144:UP/mYiuwND6sXVrg561q/bqdjn4qwZwBg:GMhtV8Q1q/bCr4qwZog", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473525, "uuid": "3718a08b-4818-4b1e-9fdb-aef84f2d78e8", "value": 723449, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473525, "uuid": "e29ca68b-b0bd-4da6-a2fe-48e4f9146fa0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473525, "uuid": "c77ab1a9-0b24-43a4-9bc4-d7a563c2ee9c", "value": "Untitled_608.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35028c45-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516523, "uuid": "e42dc0bb-f2f8-47ab-af66-4729f7328933", "comment": "Malware payload", "value": "2adce734b54909e8c33f7b1ce14ca91b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516523, "uuid": "bdb49e12-6572-48c9-aa70-0d20e3b3e73e", "comment": "Malware payload", "value": "c15b4e7cee3272e6f99f07021152650f7345ab8f4cbc8773f4088d2a682a3c30", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516523, "uuid": "3e0f09f8-ddc4-4f6d-be01-55e62bb80521", "comment": "Malware payload", "value": "f5a85394179a2e61239682e2bcef4f842dcd23bf", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516523, "uuid": "bd888462-3374-4555-8fef-ee2b73a41e29", "comment": "Malware payload", "value": "ac35487884e5b108188a7a46af260cda5b4c331db165493fe218cc92c08208c3d1a4621a850f19f8818e358d234be5b7", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516523, "uuid": "df5d9a13-931b-4029-b302-56d1ca79fa5f", "value": "T14D136B56ABF40432F6B30B31A938486ADFBABC206477D49F8B900E6D1570D52CA3D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516523, "uuid": "54ed7595-53be-4309-a564-5d19bed202a3", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516523, "uuid": "b0474333-b967-49e1-8040-9cd7dbbea0f2", "value": "768:k8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1K0QiwBeT:P/6A0q5HDR4oWBx3xrBx41z8QcMLi+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516523, "uuid": "1e437b90-813d-4197-96d9-17b72ba65b31", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516523, "uuid": "3f138c76-2a15-40db-9058-2461e98c9c00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516523, "uuid": "e6a5a23d-689b-4a2f-9d14-af3373ed5466", "value": "2023-03-22_2adce734b54909e8c33f7b1ce14ca91b_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a8619dc-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471945, "uuid": "37d4a1f3-1576-49da-917f-74735bf35ab4", "comment": "Malware payload (Mirai)", "value": "d469ceae02e4a17fd7a7809be4378bdc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471945, "uuid": "d71476a3-6a5a-4c6a-87d6-eef15d72fa53", "comment": "Malware payload (Mirai)", "value": "c160875a3352e58f0332fc03f5145e53707944eec3066e5e183633a7f28d90a5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471945, "uuid": "e3d41bfd-c58a-4806-9908-79121321eeea", "comment": "Malware payload (Mirai)", "value": "b153de2482047d66cba190bc6b71456d051d84c0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471945, "uuid": "ca0a73af-5c07-4c75-b921-7691a5528b4e", "comment": "Malware payload (Mirai)", "value": "35f30f3259cb44dbc474d3c80383bc7c10baf33c475139f78cefc18e59a84c519afa64adf83f88b6cfbea4b5068cf7fc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471945, "uuid": "912858d6-53be-4c59-99fc-82dcd18edfe6", "value": "T16CC39825586AE217C4A7FF9DEFE57686935DF2478E899203B0E0104E0DF8D6D642F8C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471945, "uuid": "8685bff5-5e5b-42ab-bc9f-ed2f679e2d52", "value": "1536:wVCMQFNk1Z45Lc5kS5dqCyjdhQzwcCyL:2kFNDGPSCsdhQzwcCQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471945, "uuid": "9bb1366c-3c07-48ea-b953-1b7f27e68e1d", "value": 125668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471945, "uuid": "f1718fb2-14c5-4d03-a1ce-085c80b1469e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471945, "uuid": "f2e8f3fc-8fa1-4dfc-9068-19c07eb26f16", "value": "d469ceae02e4a17fd7a7809be4378bdc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3989e467-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679473580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473580, "uuid": "a035a607-8aae-4026-b999-0762d3bff128", "comment": "Malware payload (Kaiji)", "value": "0e44f250b0a55b45bbb2b8235b65ea48", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473580, "uuid": "569dade0-8ef4-4da7-ad05-a4c5334b7074", "comment": "Malware payload (Kaiji)", "value": "c3b14d37257f072590e4481c01850935b77d9cc3e9f9cdd7e2619b126124d8b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473580, "uuid": "e4fb88ed-adef-443f-933c-6f281d461d47", "comment": "Malware payload (Kaiji)", "value": "b95edcd82e0014a00db7c150bc10e35cad2ef0be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473580, "uuid": "cd73933e-2238-414a-a797-75319f097cae", "comment": "Malware payload (Kaiji)", "value": "9d5dfbc607946211a5e9c9e6c4a6675bd6fca01fccbe851a4611027b215850828dd278af8760592a9129db11b84b6db8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473580, "uuid": "817f40ab-7e54-4b45-b912-0543707b3111", "value": "T1A4363C5BB8824A82C4E4367ABC7D41D473A34EB99B9713666D05FE3C3EBE1990E35304", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473580, "uuid": "9914f929-e891-4c97-88b5-7d4036ca0848", "value": "49152:oQdGkSpsqkVpXGi8TEeK1camdlr0wSHyeVI18:oQYzpsqkVpXXeKCu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473580, "uuid": "3e1f0ac8-0207-479b-afc6-1a48d596a04b", "value": 5242880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473580, "uuid": "e544b728-eac0-4eee-9173-944008444cef", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473580, "uuid": "4f2743f2-14c0-47c9-b709-63cd47618cda", "value": "0e44f250b0a55b45bbb2b8235b65ea48", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6037ea7-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469038, "uuid": "c3676756-6341-4b5f-8a93-01b07cad075f", "comment": "Malware payload (RedLineStealer)", "value": "6b00a92bd42d78ed1dc3908bbaed6aa2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469038, "uuid": "979a6b89-7b3c-4c6b-bb3d-ff7585ec2aab", "comment": "Malware payload (RedLineStealer)", "value": "c3f7fc2cdec64928a57e07d082cb7b746cf357b764dd8d2523ba803f19a0d244", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469038, "uuid": "804f52d6-fc07-4937-8f0b-81a42be2bc35", "comment": "Malware payload (RedLineStealer)", "value": "170ac8bb887b6d8b1ab3de6de3121d168a72ddc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469038, "uuid": "970080d7-bbd2-4b30-ab8b-fe096a386c38", "comment": "Malware payload (RedLineStealer)", "value": "55e73cbc829edbfbc7cb5f7d753cd94941624806986dc23c8f2724a719728efb05995b4114d7c2a17bd27775a2b0a9fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469038, "uuid": "ad4034a9-3c60-4cd9-8a1f-117ab128368e", "value": "T18BC41227B6E48172ECB5277049F607D30E32BC621878C2272749E8DE1DB2698A53577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469038, "uuid": "43cdf9dd-1f09-4902-9b50-6aaaf0ed1562", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469038, "uuid": "2a7a4323-0363-4f03-bcfb-60ce568634d2", "value": "12288:sMrMy90okox6xC5WhVObJfWDFWH9jGHhl7EuPm:gydX6C4cbJ2FWH9j8hlwuPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469038, "uuid": "693a6688-99d4-47f8-9357-3fe5ce593f8e", "value": 558080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469038, "uuid": "b9c947b0-fa4c-4332-ab4f-3ac6d244939f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469038, "uuid": "5f7482e0-40c8-4fe9-bd75-6f92ed44446d", "value": "6b00a92bd42d78ed1dc3908bbaed6aa2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c87c844-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679473559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473559, "uuid": "fbb3fb77-66c5-4665-bbfc-ecd0da083f88", "comment": "Malware payload (Heodo)", "value": "62c2bee7cd48bcf468d73999e67aae9b", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473559, "uuid": "f262790d-9048-4fcb-8a7f-0ded5c385b73", "comment": "Malware payload (Heodo)", "value": "c463fa42ee091a310f67cbb7e8462775b8d531d272a9b846af7184d81d8c9676", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473559, "uuid": "679337e3-36f3-442b-b519-4d1ee77689da", "comment": "Malware payload (Heodo)", "value": "2a4a230e12f65e3741d8f8f364fbe31aba5f7147", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473559, "uuid": "ce4c0492-4509-4724-9e67-83e1acdb2bf4", "comment": "Malware payload (Heodo)", "value": "76d81e61c08b62541f8f1bcef0abf7ab72edd7230b62ef5c52a4d6f041926966cdd96adb5cd0efcabc06dfe5456bc947", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473559, "uuid": "824abea4-158b-4474-be97-40323d21f9f8", "value": "T17E052368C672A5D1DE81E635B5321A19FBDE079168033CEDA4FD6C3D29F0E40973B922", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473559, "uuid": "386aa687-9ecd-4269-98cd-3cb7196db275", "value": "6144:GA/fqQLsh2uoOObj+gmM424czDPECwRAc7cDA08yuMol3Y:X/fqmm2sObC7ezET7vh73Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473559, "uuid": "9d4f792d-4c96-429d-9159-7b3c8be4680f", "value": 858441, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473559, "uuid": "ab5d99d8-b66b-4b85-8664-971ff3188963", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473559, "uuid": "f023c07b-054a-4062-af05-1c823f621534", "value": "6AfEa8G0W8NOtUh7hqFj.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf1f2306-c8b5-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679491843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491843, "uuid": "46917d6f-00ba-49d1-a990-6ca137c2d610", "comment": "Malware payload (RedLineStealer)", "value": "89bc53abcdf94419282902255ee7ab76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491843, "uuid": "cff01582-c53c-47d0-af04-e20dca659393", "comment": "Malware payload (RedLineStealer)", "value": "c4c04417034c62fc28c75188a8ebc0aba2fba5489c483bec611852d06679e522", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491843, "uuid": "1026aa6f-ab4b-4ca9-bff3-f9e59955a971", "comment": "Malware payload (RedLineStealer)", "value": "49088ce5520029ab470b0bcf6be9d8a23e129e71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491843, "uuid": "ed39d24d-33a8-432c-a304-93b37da6f9b9", "comment": "Malware payload (RedLineStealer)", "value": "068c604c5266c038cec0df0365c7d0aa09bf774aa22329de3a14b9ccddfc8a4312145e60b8a229343cac902306159661", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491843, "uuid": "5a75a64e-24bd-4123-a538-984462daaef8", "value": "T17A252303B7E58173C8B567B018F742C30A367C619EF4626B2751D5A60DB3AD2A434BBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491843, "uuid": "c5a433e7-0497-44c1-abca-a7882b305b4d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491843, "uuid": "7d58e3fb-8a75-45a4-a709-7edcb2cd07eb", "value": "24576:SyZit2lNvgigg7Tc19u+F8u4QN3OrQfP1c1d:5ZiglNkgc19u6AQFzP1c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679491843, "uuid": "c0d27f20-fd18-4334-aab8-63d2f4003867", "value": 1028608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679491843, "uuid": "cc5aadb7-0b7b-4433-88ec-dbfcdcf47921", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491843, "uuid": "4ebcf9cc-9489-4182-9bdd-d4660748f487", "value": "89bc53abcdf94419282902255ee7ab76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63360fc1-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469355, "uuid": "3829cb5a-8ff2-4697-9d87-6ef1795b581a", "comment": "Malware payload (RedLineStealer)", "value": "5072c7564e49e382eb887b70bbcc6a51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469355, "uuid": "fc2f62fb-5639-401e-b9e4-0531518d9370", "comment": "Malware payload (RedLineStealer)", "value": "c4e346eb796a4d9c384439739bba0dae00fae62dcaf02025d022ff9ddfdc0a45", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469355, "uuid": "13a9000f-a6cb-42ce-9472-92d39d2a7bed", "comment": "Malware payload (RedLineStealer)", "value": "6f3ffceca94b623e912d580d6db909a5675cd691", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469355, "uuid": "7a723cdc-dace-4e52-8365-71f1950e1368", "comment": "Malware payload (RedLineStealer)", "value": "96d79091aad53803a3c7c879c7fd5bf4ad32faed3edf24b428bedaef04a0bffee021dd04e6d44cf8c66eada34314b891", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469355, "uuid": "b330d7c2-b9d9-45f9-bad6-0202afbb3a46", "value": "T1D215239687E90075DCB5177089FA93D32633BDA29DB9876767829C4B1CB31C490B0B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469355, "uuid": "a5880c9a-40a1-40db-b957-3fa1691f3868", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469355, "uuid": "449350fe-fbd4-4053-a841-64631d8ad35b", "value": "24576:wyD1LYXMk1FogVWyFeAbfByEJaC2CkFcxWc:3D1LYXzFmyzbZYLCC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469355, "uuid": "0e9ed29d-baa3-4c64-9773-342293083657", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469355, "uuid": "f7110e2e-5c36-454a-8804-4555011a5f18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469355, "uuid": "3de7bfe5-efe5-48b2-aae4-ac3afa1872a0", "value": "5072c7564e49e382eb887b70bbcc6a51.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3793f74-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511608, "uuid": "5883ddbd-4d3c-45f7-8559-0bcd902ab198", "comment": "Malware payload (Formbook)", "value": "2803989c03d0d864c20efb1317b157af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511608, "uuid": "9abb51c9-2c12-4c7e-ac03-d2e0169a2b6f", "comment": "Malware payload (Formbook)", "value": "c5963a1865a79e63cf6c451a27db54911fe38cfda287fbf537eb15878666db89", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511608, "uuid": "5a4831de-54d3-4d53-b375-6d7a684852a0", "comment": "Malware payload (Formbook)", "value": "85899fc6132aeedba1eae771a3f74a641b741cf0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511608, "uuid": "e024898f-d6ad-4c85-8ef6-fdaf9dc6756b", "comment": "Malware payload (Formbook)", "value": "558d6c18a1f35c1439ff2ccf3ede1687602bd87fc730f61de8a9983b8b2e6ced1e679b0622c3e6253237e917acca9482", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511608, "uuid": "49977d0b-eef1-4d4b-9fa1-bc74f2f6a8a6", "value": "T10405121973AAD777C6AD14FA50A2010053B797267633F7CA3EC424E92F83BE44E05AD6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511608, "uuid": "371625ea-1bd0-4e5e-9baf-387c84e908d7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511608, "uuid": "b864c151-10df-4a04-80d1-90a54156b9d2", "value": "12288:KnXTcAmWc6pl3i3fkuzxrB3VqJLPo6e1OrsxVRGyTWBwLN6aAsI++HVeRjLwbYW:goAE24jNBEkKsjIDDsM1Jc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511608, "uuid": "2c981176-433e-4b74-9b4d-ba87fdaada65", "value": 816128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511608, "uuid": "4bb54735-a262-4fc5-86a0-187baeb6a1a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511608, "uuid": "cf36a792-9a32-461c-93de-60ab05c8f7e8", "value": "elektronik odeme kaniti Swift mesaji_20230322_TL8755450.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f4049e9-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679447901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447901, "uuid": "9240dc14-250d-4041-b03c-e1c23ec22b37", "comment": "Malware payload (RedLineStealer)", "value": "6839f296ff037319ef6416efb0bd7844", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447901, "uuid": "12c17980-0e54-40a8-b0d3-51c61724e211", "comment": "Malware payload (RedLineStealer)", "value": "c5b196efa7ba1fc273f22080202cfc367801b9cf87317cace1d559578bcf5904", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447901, "uuid": "ace3d8cb-a096-4f5f-9bc0-b307efbb6785", "comment": "Malware payload (RedLineStealer)", "value": "cc763b4386da4cc23464931e190a7f01ff1db3ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447901, "uuid": "223e95fd-1dca-401a-aec3-7bf3e2b126aa", "comment": "Malware payload (RedLineStealer)", "value": "ea0841f52df3a49a609b34b4d67fd8e1d89f21e3d72b086f13dd53548c1debf6e6fef95e2563cb1fd9c2d79f00d125b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447901, "uuid": "86f32372-1c41-47ae-8c72-a573730228ac", "value": "T1CF55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447901, "uuid": "4c24d1e5-8c9c-44b7-b330-43e942e4381a", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447901, "uuid": "e195cec2-201f-4f67-af8c-cfe75701d883", "value": "24576:UnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:CC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447901, "uuid": "01a38c50-3b4e-4539-87b5-f7db29a19412", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447901, "uuid": "f072da85-9a7a-4c2c-9946-44848007b8ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447901, "uuid": "c352b33a-7dac-4ed6-8e63-85513e535028", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a774440a-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469040, "uuid": "9e765a32-0361-40a0-8f18-9cc5e38c5780", "comment": "Malware payload (RedLineStealer)", "value": "8ae4935db4f62d37de2b6042e0cf6bc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469040, "uuid": "5aac7c9f-38b9-4375-a3bb-28d9b12ebb9a", "comment": "Malware payload (RedLineStealer)", "value": "c5badb433b146fbe6b0fbd710052b1fb3eefd1d589abebd38033ad92e30ab17f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469040, "uuid": "b9c2227c-82dc-49d9-b172-ab2a1d9e249c", "comment": "Malware payload (RedLineStealer)", "value": "cef358d1a7b3c1ae670ea613f390301cc6f42a31", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469040, "uuid": "bfa19027-8434-464e-ae1e-82491c962f30", "comment": "Malware payload (RedLineStealer)", "value": "d2c9cc4582b3edf04d50e31ef14910762803623573956c6db43fb0b04f5e60bab378750b4e733c5c56da558ccdc02673", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469040, "uuid": "1fc46fa1-dcc8-44e5-8b31-17a7ff666b0a", "value": "T15CC41202FAD55133E8F267B06CF617D70F32BCA1A975822F2645685B4DF3680A57232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469040, "uuid": "8945310d-11bc-4a80-b844-ab4ece999fd3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469040, "uuid": "fceeda48-b758-4325-b7b9-660b263b7a07", "value": "12288:7MrUy90q/AjUNgJiKrpYLC2vFZ1FW2FeyiNMgZThNd:nypTNUiKrP2vVFW2FevOgZl3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469040, "uuid": "fda474be-fa82-403b-a562-5b40a0b1074f", "value": 558080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469040, "uuid": "6427895c-b8e8-4c09-9087-dccc46edfed0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469040, "uuid": "57259c50-3956-44a5-aee5-a7a363692c72", "value": "8ae4935db4f62d37de2b6042e0cf6bc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62f28eb8-c8e2-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679511016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511016, "uuid": "d15225a2-b8bf-4d9f-837b-42e2af806fc9", "comment": "Malware payload", "value": "1a6fe6df0d6642b1d395df02ef7aee11", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511016, "uuid": "3c7064e1-d5d5-40ae-ab61-e45d6fd11058", "comment": "Malware payload", "value": "c5ccbf1ac2135bce068936ac5c596ef093d92e20cf89f6781a5ba908923c22ad", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511016, "uuid": "32c98eb8-05e6-4aa5-9151-033f307a0da5", "comment": "Malware payload", "value": "d4fff1bed93ccfab7fc2956e6f0d54cfbc28036a", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511016, "uuid": "9433ca88-2701-4b33-b132-f07f42946b70", "comment": "Malware payload", "value": "1649f591e30b4fb57aa012c6a0b3f0d0daeef52e1b2cae4ff5ea5660a2df19124f26d562ba58d68af15d815c060a4496", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511016, "uuid": "6ede0251-6663-4ed9-8ed4-c3c0c3bde215", "value": "T1755363940E021229174BE9269A7D9024CF7C1A1BC788A54BF89F7251FFCD58CC9E87F6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511016, "uuid": "c7722efa-e980-4a0e-84b5-779b360590c2", "value": "768:pdp1RTdn4qquJk5q5hBgTNU9CY3DEte51vcNisaOurGU6eNYAWoukwr2XQnPs9t3:pPvTeqqFvkujurIRkw7ufPK573VCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511016, "uuid": "50cffdee-f7a4-4fa6-aa96-1f8674580c2e", "value": 66088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511016, "uuid": "5e754aef-2f08-457b-9223-defa1be5f020", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511016, "uuid": "ca3b5bce-7711-456a-b002-d9d2095b4f4c", "value": "OT.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd0bdd6b-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520643, "uuid": "5bddaa5f-f6c2-4f41-b58f-b282c9b198f4", "comment": "Malware payload (Gafgyt)", "value": "2f9f8795bef1ae37f1be01504dc29f69", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520643, "uuid": "fd54eb54-39bb-472c-a030-320b266ce16e", "comment": "Malware payload (Gafgyt)", "value": "c63e45349f6c45759f4d710e2c1f139800f10564fe0f1f536df8d504226946e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520643, "uuid": "5bc9e1ab-4f8a-4fb2-bbfe-85751394d536", "comment": "Malware payload (Gafgyt)", "value": "fb598b3c64ad42d0cf8bbd757f497433c5c176ec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520643, "uuid": "d3dcde36-57a1-42ff-b946-ed3cacf5c98d", "comment": "Malware payload (Gafgyt)", "value": "14569af8b0fe6de00d50efd728e699cd7a3c6614a5818aea5cfee8c91a4dada7aaf88bec4300bdc68041bf2516377ed0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520643, "uuid": "ba50f4d3-a1d7-40b7-a966-e1ef0502f9b1", "value": "T125D31905F460875BC2D217BAB68A425D37231F7893CB33256A34BEB42FE1B981E79531", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520643, "uuid": "4f6db976-709e-459c-908f-5b8a515d0ae2", "value": "3072:Sdf+fvEqa9FazYA7IboRhne391CErktmCQA9FX9aH:ifWEqa9FaNhne3DrktmCQA9Z9aH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520643, "uuid": "3d61f6ac-3dff-414e-8ba2-f8ea435b351d", "value": 139585, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520643, "uuid": "506ce178-23d5-471b-9917-958472c010be", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520643, "uuid": "d3e59ce6-1d0f-4a53-adf0-a3e900b102c6", "value": "2f9f8795bef1ae37f1be01504dc29f69", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e5408ea-c8b9-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679493426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493426, "uuid": "5ed5ee64-0fa6-4159-a681-abbe3435dcfe", "comment": "Malware payload (AsyncRAT)", "value": "7f42335561e2adb6a744f1dcb02b1505", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493426, "uuid": "3bf4dea2-fdec-4328-a7f6-5d9464e570f4", "comment": "Malware payload (AsyncRAT)", "value": "c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493426, "uuid": "653ddbf1-fbf5-4c9c-8a14-ffc81923b63a", "comment": "Malware payload (AsyncRAT)", "value": "415e34780b8e144c28995e611117d7d0182f3b22", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679493426, "uuid": "e6fef5a6-942f-48e9-83bf-ada9cf40ec67", "comment": "Malware payload (AsyncRAT)", "value": "e0c47ec92f8aae96553b7453b647f43dedf8237f350737bc680b3f778b967e2c48f44d52a4632399a6d0cf9dd2813b89", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493426, "uuid": "79abe855-2ff4-4ab7-9539-6175780111ab", "value": "T1452420696346CD9EFF4A6747E67CFFA0213172A3ADCB1920132C5008CAE5BB52E4D45E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493426, "uuid": "676b5954-8766-4e55-b33f-a8c73dc6c8bf", "value": "3072:RO2MjmUvLcSRr0zELowmGcAK3ApfJo74Pda:RpMjbYYowmGcAK3Apxm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679493426, "uuid": "87f33bbc-366a-4eed-9b7e-ea3a3ca3e215", "value": 211297, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679493426, "uuid": "47fd833c-90cc-4455-8e99-560a1c3eab98", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679493426, "uuid": "90e79db3-0dc1-4f7c-9346-fdb51c49c5b1", "value": "390Z21.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dba3dbb0-c8b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679489744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489744, "uuid": "f8f597f8-f286-497b-a410-572ea263a94a", "comment": "Malware payload (Guildma)", "value": "14ae337cac88ef7daa8da4465ea5378c", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489744, "uuid": "a13c9ac4-9ad5-449a-8bce-133bd6aa0161", "comment": "Malware payload (Guildma)", "value": "c7abadaa4f3e9cb734fe374459a1931d54ef5a5b111a8418fb1d5a4cf66121ae", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489744, "uuid": "e4d02b21-b929-42a2-b030-5497b72ad9ae", "comment": "Malware payload (Guildma)", "value": "6cc43ae0b0cf92c935924509c53f3a4c29b7ec4d", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489744, "uuid": "32dbed1c-da41-44d8-9697-0d31d24c1c3e", "comment": "Malware payload (Guildma)", "value": "3c48ecaece5425967a736b8cd0795d736ae1ef8e7b72c1861e875e61ea539d5a72851a1f60a1bb1cd07e81858e55d9ee", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489744, "uuid": "30060b31-1094-4bfd-a2f8-332b442ee2af", "value": "T10BF0A34DF1752F83D07C25374C2E2F44C86D3B5B0F6560535E8E47D94A24D0ABE1D464", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489744, "uuid": "66007a34-f663-4afb-9b64-8394c815bcd5", "value": "12:8rflM8OBE6ZGIWgkutMojd2tLHOm1Qm7/zB9jlubXTcQApKw1:8loGIWFutMoMLHOFm7/xGXtk1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679489744, "uuid": "a63cc654-3fe3-4985-b95c-977e7e93454c", "value": 505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679489744, "uuid": "c5c40f00-5783-4cf6-b3f0-ca937c7bf33f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489744, "uuid": "ca152f51-8ef4-479b-aa68-0a52c562ed0b", "value": "notaNpadua3015548.042790.62825.lNk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a931744-c891-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679476079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476079, "uuid": "45de3654-c434-4fab-be01-a53bd4a2e885", "comment": "Malware payload (RedLineStealer)", "value": "02b87d3f53c5cbdc2c18cc6c0e6836d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476079, "uuid": "24e7c28e-115b-4104-9719-b3db8f745542", "comment": "Malware payload (RedLineStealer)", "value": "c7d7fe67014e4b96abd6b5215ade5a86ba18abeca44cd6416586d142281a2b7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476079, "uuid": "7c009660-cda9-47d0-b987-76aa368628b0", "comment": "Malware payload (RedLineStealer)", "value": "ccc7236e49f8bf1e437fcc9ec9539d9bb78b6f3f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679476079, "uuid": "be8ef692-b1d5-41b1-8ca6-c8709fa8e41f", "comment": "Malware payload (RedLineStealer)", "value": "4bc8caabcf5ae0d4d816f28630b972b4efa7216db07c0fa428fdd1b129efc3359611df310642d3524872b35c727ef307", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476079, "uuid": "a3c6210a-6ab9-41e1-8a81-64f5d98a8e16", "value": "T15B441895E0FEE9B3C211C03DA468EE861D2C21819870E53DDDBBA6C90633AEED4D4DD5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476079, "uuid": "fed1f963-b271-4921-9161-612b31f92d16", "value": "f553b8ac04465266a97d8a15318f0208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476079, "uuid": "014cfe47-98eb-406b-be4c-8708815bdfef", "value": "6144:GTaVWjAfT2UEfO2uwPlyR3EsGY/uyRvm4UPV:oaVWjeIfOJR3EsGYWyBs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679476079, "uuid": "f5bb3be3-86f3-479b-b94e-35b00913d5e2", "value": 256952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679476079, "uuid": "b2f894a3-7d8c-4b16-9240-dd0007b749e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679476079, "uuid": "e77916a9-482d-4043-914e-b01339ccae3d", "value": "Installer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32737547-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512223, "uuid": "482fa51a-7f2e-4378-8c05-8c19728451f7", "comment": "Malware payload", "value": "cd46b53882d04f2315c904c557d8a103", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512223, "uuid": "66fff8e6-168b-4a9f-8d88-f4d834dc318c", "comment": "Malware payload", "value": "c817bb3609f89b4260ac79aa5a9932f72d9a9555aae4bce2cbb4585f5f5b4add", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512223, "uuid": "ad20d6d2-2eb1-4aa8-86ab-7d8aa4dc1573", "comment": "Malware payload", "value": "c336fd4054a639dda2b2d073e93478d7bbd30867", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512223, "uuid": "4bf9360b-88df-4ec8-b8bb-a3b218d883e1", "comment": "Malware payload", "value": "460334ef560797ca54e7fca8f8dff6b427d55bbb49a597d20cfb402d871584b912b0fb48363b5dc108ba4ef6e833453f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512223, "uuid": "bbce0df6-608e-480f-a8a8-c2945c49c4b5", "value": "T17334125183B2F767C2094035ED967CBB53B0E627C8D57B42AD04B4DC6D9EB29FA860D0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512223, "uuid": "2ed1c431-a3b8-430a-b996-796214fd3128", "value": "e9c6ece0d4fde432853679567de5e50b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512223, "uuid": "f3b79731-8b9c-400a-837e-2ea48a9a8adf", "value": "6144:39KSV7GYsKltwhdPTJ6l0uLo5P/Icf0ah9RNdNT:tKSBG5K7wPTmI53Icf0ahn/B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512223, "uuid": "a6ff9be5-825b-4065-b9dc-440fb15c8eec", "value": 247296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512223, "uuid": "c5f18164-04d6-4805-9a9a-354830889062", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512223, "uuid": "45da241f-d302-47e9-aaea-0fbc3aac9307", "value": "cd46b53882d04f2315c904c557d8a103.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59d8c780-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (CoinMiner)", "timestamp": 1679512289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512289, "uuid": "42fbf1a7-2d0f-48de-be37-dfd868e4c79b", "comment": "Malware payload (CoinMiner)", "value": "f6c0a564af56a4cec661af5a6bf499e4", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512289, "uuid": "36697bfc-275a-4068-911b-b76975af81e1", "comment": "Malware payload (CoinMiner)", "value": "c922b1a425986c6236c93851e4dc507ecd68d6bb4fbf82b13fb26175ad504265", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512289, "uuid": "4ad6f6ad-0326-4418-8047-b161b2ec6acf", "comment": "Malware payload (CoinMiner)", "value": "1da691435512f976a21f06e6bab2a11df2e18834", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512289, "uuid": "0e393e70-f2de-43f5-8422-3de84ae2eac9", "comment": "Malware payload (CoinMiner)", "value": "1bc888dc16bcb1e006be6d5d9e435dbbbbfa9f9d1a58227895148b3675f8499fcc594921249a9c4222fbac140442e12d", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512289, "uuid": "6e7b5c40-d25c-429a-b57b-52a0d21cb75a", "value": "T17E6533E929B16E46EE3E4230552054B60526D3791CE9C967F87C10E93FE37D0B63C2EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512289, "uuid": "4b603c13-0066-4118-8035-4090666972ff", "value": "4e7985092d46eb55f0c6d62c8dfe0bf5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512289, "uuid": "74a5f818-6b6b-46ec-a4e4-283865a60ba1", "value": "24576:8PK2rFv42rkotEqqaOspa7ce99XL5Vl2Fgb5048cXfoe8UPV:8PK2b9tWaEVBL5Wyb5LdfCI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512289, "uuid": "28f553b6-b8e3-415d-b199-bbc0f575d197", "value": 1526040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512289, "uuid": "247b506e-6bcc-4e4a-8c86-ec9df52a2a47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512289, "uuid": "a89d3385-f512-481d-b7c0-d3d77773219a", "value": "f6c0a564af56a4cec661af5a6bf499e4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a39576dd-c895-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679478053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478053, "uuid": "5c151634-c8b9-429e-88f4-252c5bbf0f6c", "comment": "Malware payload (RedLineStealer)", "value": "8cbc0a4f5cef847991299925586cf9e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478053, "uuid": "e3ecb5d8-17a6-45ae-baa4-3ca4d6ab7830", "comment": "Malware payload (RedLineStealer)", "value": "ca46e8135f5461fdfe0735682189f06496bc2224bb67d2df01b29f05171a9aba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478053, "uuid": "5d21f7a7-672c-49b2-9507-2dc9bcc6fd3b", "comment": "Malware payload (RedLineStealer)", "value": "2d9e3c11c01962d66a58cb1626a2e4b665b00bd9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478053, "uuid": "310e3952-1e01-4d7e-8d9f-1e71992fe212", "comment": "Malware payload (RedLineStealer)", "value": "e54785f69bc46d03120a894733604ab930df3290ce20b96b44f81397fcd6d4f9cfba909a452829265b8c062a9d2e9186", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478053, "uuid": "8d3429d1-60ef-4e46-8501-ac3e77a73310", "value": "T1BF444B3B4AA18457F41CC2385CE471F4870581B7B798F5CD3AC4B4EB7CA15E39AB6A0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478053, "uuid": "3391a3ca-1b41-4bc2-897b-c8dadfabfbb7", "value": "cf1b6413c528ef7f498e62f16d8472be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478053, "uuid": "4aaecc4b-36be-4dcf-a39b-5afb7c9474ba", "value": "3072:0T169O6SuUWym/6xjZM+jg4KpSe+TXfNSLadM7Qvuf9Q+UnZ0hJpadV1+OtBd8CV:58uPaZtjg4jXfNbM5G0hjg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478053, "uuid": "ddd61c87-00e7-4ce9-b7b3-acdd8771a233", "value": 261712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478053, "uuid": "3ced3aa5-6bef-49d6-9a7a-fa3cd3d57962", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478053, "uuid": "d44bece4-dbe9-475b-8817-631b20430621", "value": "Kiddions Mod Menu.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55a2340a-c906-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679526456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526456, "uuid": "092ce812-218a-4f38-af56-d274904c3c98", "comment": "Malware payload", "value": "93931e093dd9a3d26ba4143dda1e2e39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526456, "uuid": "2658cb2d-bd52-44e2-bb83-d6baa88d4b68", "comment": "Malware payload", "value": "cb49c9ebae5f19093ff879409ad00fbe0beb69505058ef97654241451429b6fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526456, "uuid": "10272223-9561-4c6a-9521-593d83245dba", "comment": "Malware payload", "value": "59e46ef60ebd06b2f2dfdea9e908409e05e5d545", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526456, "uuid": "066610f5-a338-4343-abbb-54411f46eae0", "comment": "Malware payload", "value": "0b39ff0de8d03faa49f761a6b3a35a9e37e43cbc75c8baf7f692dd5998635cd1a8a092bb84d9d1f6be7e85bf3faba978", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526456, "uuid": "671a5a3d-f4ea-4898-80c0-c1c502354aa6", "value": "T144B4AE0212E36C75EF2307328F2EC7F82A6EBC615D277A9E169DA93F0D741A1D561306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526456, "uuid": "9b43aba1-b1f2-4edb-8031-12b9c29da415", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526456, "uuid": "d4b6d8c6-9e23-4282-81d0-3455803dcf51", "value": "6144:fxNMja3NmKZkh64FxkPK3lytUiH/9dTYZEoR90CPYPy6bLreqJ:fvMja3kKAdFCPjUq/9SZ/RU/eI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679526456, "uuid": "9ba419c0-cb49-4e32-a100-805bb278389e", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679526456, "uuid": "939a0d11-e16a-4b65-b463-d9d7c554cbdd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526456, "uuid": "6c8e5672-d10f-44da-a9a7-2b8c5a529e3a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cd68871-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474042, "uuid": "bb74f2d7-406e-4b99-b285-7a1374bd516a", "comment": "Malware payload (Heodo)", "value": "1a54fa6ea1dd921c9f02f3db0a6cc72e", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474042, "uuid": "37676a9e-227f-4958-953a-41fd1b933740", "comment": "Malware payload (Heodo)", "value": "cc7ae852e04b022e8f823ba3a9bff79ea1906a1e7cd94a526272421392e29081", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474042, "uuid": "5d2ae448-5a44-45c0-a711-2ded4d982970", "comment": "Malware payload (Heodo)", "value": "1ae44f34436dfe6db68ea448ef6a6cdc1651dfab", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474042, "uuid": "0a4efcce-d333-41e9-a11b-b04d56ce1317", "comment": "Malware payload (Heodo)", "value": "d69a2d4681e2ea0f80280fbd658519c413132d6cca7f976517d8a0dfb417e408dab8d14c226b3b885d14654916c56513", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474042, "uuid": "f9688062-9673-46a0-b614-a8fe5d818f63", "value": "T1C72523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474042, "uuid": "dfde589d-0306-4117-bb8b-6c9427ff5610", "value": "12288:kkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4dea:3XzNdfKluvnRHthzfoYxJlb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474042, "uuid": "fe49747c-2c0e-442b-83d5-363ebc65263d", "value": 1007211, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474042, "uuid": "e2e19ad9-0415-4232-a8d8-6e4e3804a5d5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474042, "uuid": "49d8ad86-f5e1-48f2-b25b-8b6310f4e550", "value": "NSivJymUhSU.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "932a3bbf-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448391, "uuid": "4cd2f29b-b2b5-41ca-abc7-f0d3c1f77126", "comment": "Malware payload (Rhadamanthys)", "value": "f8a7e957c634411010c3d0702e306a4d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448391, "uuid": "81b3422f-f5e5-4f53-a26e-8862d5d68c80", "comment": "Malware payload (Rhadamanthys)", "value": "cc830ff08b6c66fb562a8e90c9512cadd6dbe715eb31d09e7d6afcc0e9fbee68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448391, "uuid": "5d22e036-bb7f-45c5-8d20-e8a949ba0e51", "comment": "Malware payload (Rhadamanthys)", "value": "d3dddcc931761934a7e9b52a943758ce55e24e6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448391, "uuid": "b242efdd-b899-4283-8a7d-9756094de11f", "comment": "Malware payload (Rhadamanthys)", "value": "b074086780bbdce9a77f354115c19ded389f205430c58a22aebdb64f7d9bb3ac263f21ede6197ef75e40a4f657287a41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448391, "uuid": "852a1ea7-1c51-4483-bcf8-1d26dfa420e0", "value": "T10264DF22B792E072E59601384921CBB5AA7F78305B158AD73B84E77E4E307E1DF36706", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448391, "uuid": "429a9481-c5c9-40b7-990e-61c7a9bde0b8", "value": "4da11709050bfbf5b2e3611a91d52f69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448391, "uuid": "a21c1942-9e3e-44c6-a201-91b44bca4d08", "value": "3072:AF8Then/cee5qUcLUL6ER7G25aHeKc/XuTw1uBF+MFPKNCHgfNyFeWQiPC2mnUca:PUvw4LUL6EZGWaHmfl1uXFCb5/BU05I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448391, "uuid": "09a14c11-33e5-4765-9c63-31e2ed115058", "value": 321536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448391, "uuid": "90b47a39-8198-414f-a093-89859a48f402", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448391, "uuid": "86335195-7d48-498f-9faa-5d03b8e718b2", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fe7b14c-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471900, "uuid": "35f0a65c-cf7f-490c-aef3-3d2c53d2bdd6", "comment": "Malware payload (Mirai)", "value": "19eeec65226affbc4c3c6775a3402e2b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471900, "uuid": "115895ce-7988-4310-a11f-0c8ec588518e", "comment": "Malware payload (Mirai)", "value": "ccc073a4225f5bbdcf333969d1cbdcae96f57372cb907ce750b338453bc739c3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471900, "uuid": "014c4e7f-d8ad-43d4-b0f9-fee64da33077", "comment": "Malware payload (Mirai)", "value": "cd3528f46a756e1bb8974f12480cb29168cbaaa9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471900, "uuid": "b38009ab-c707-4ed0-984e-1312832884aa", "comment": "Malware payload (Mirai)", "value": "cafca3b765d44f9b44dd58693aa58923aaa26fd3201f596cb51eb05f18c1b3dd84b841d5fc4dd6a2975369ab5a272b97", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471900, "uuid": "3f937a78-ffc2-403e-b0f7-658c893a7bde", "value": "T1120402251D26E326D4AAFFB8EFE67A91835CF2470EC58243A1E8504D0EF495D602FDD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471900, "uuid": "9447950c-fd55-4d96-b665-5d66d754158b", "value": "1536:DrcL5kmdrk2xU9AOff6NL969KpVyeKkQXdhQzwcCOyN:Dr5KU9l6NL96MpVjQXdhQzwcCNN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471900, "uuid": "b3d51f6c-8d28-41a1-a8af-4313e64818fc", "value": 183816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471900, "uuid": "f2db2a70-3c8f-4d77-a418-fad0678512f8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471900, "uuid": "bcf950e3-c1ba-406e-9b0f-93fc8b38315f", "value": "19eeec65226affbc4c3c6775a3402e2b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48a69dc8-c8dc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679508395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508395, "uuid": "feb5fa96-2b4d-4c53-86d3-9ec695963abc", "comment": "Malware payload (Quakbot)", "value": "30fc96e1b14e130e2413f6032960968d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508395, "uuid": "290d00c5-a920-4fd3-95ea-334df7ce7092", "comment": "Malware payload (Quakbot)", "value": "cdf04ce70a7d1303b77cfa25eae0d0e9b114bdec69c15774bfb6745319dfda6d", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508395, "uuid": "404b71b7-d638-4edd-a65c-b32a71c7a308", "comment": "Malware payload (Quakbot)", "value": "576f50fc1f64a07f8cd2abd197fe009c484d7ef0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508395, "uuid": "86003d06-54b4-475a-8c08-ffd01eebae92", "comment": "Malware payload (Quakbot)", "value": "4f82fe5fd6682adaa5dc0c85e3beed1973860438dc6e004ae051d210be48c77687b1f57151424cba461f9b7c55d751ff", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "qbot", "colour": "#ED7622", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508395, "uuid": "a01dda19-d07a-49d1-802d-5b0b0d595896", "value": "T1583373509A815812AB37BB6B4E954C10F62C17530790EA57F83C6142BFEFA8CC5D8DFA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508395, "uuid": "97f2c10a-c0c1-41e6-8fd8-a131b01e8feb", "value": "768:4tblGvwyCadXP1Q9q1uvvIAY7qyXRgHS7VInm45UHDuiOa7S6sX5WCYH:4tbovw1adfNQv2KcVDuilcPYH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508395, "uuid": "29748342-bdab-4d7c-97f3-ac63f0ead285", "value": 50492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508395, "uuid": "a0da0b9d-0165-4723-b576-9c6274a7f4d8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508395, "uuid": "1625e692-0bfe-41db-9f85-ffc24182ea54", "value": "Nt_fa24628e-573c-423d-8c6a-8b2fb5f5c75b-ysA.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "469defdd-c8ea-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679514405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514405, "uuid": "589bfb58-d2ad-4859-86c7-4389f0d7da3d", "comment": "Malware payload", "value": "8be240ea9814810a1c8a8754595b28b5", "object_relation": "md5", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514405, "uuid": "bd904f4d-c3aa-4276-9789-296a1c863aad", "comment": "Malware payload", "value": "cdf4664c93b698fdc7ccff8589a27bbd4b1ab01b33c44fa6a1ad63747be7e108", "object_relation": "sha256", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514405, "uuid": "43ea9cf7-e8ed-446f-b2f9-d2e05ae9e0ea", "comment": "Malware payload", "value": "4d8132422f25ce550f38901ebc462df5aa2a2268", "object_relation": "sha1", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514405, "uuid": "8c4bac1d-93e8-444d-aa1f-6ba95972b788", "comment": "Malware payload", "value": "46adc2b4c0f58c573f1c4f300e1e21dc5e82aad9d1d9048b26e70b46072667eabc9da21c66d414c551fc4f0449655ddf", "object_relation": "sha3-384", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514405, "uuid": "8bd2c8f6-567f-48c5-a3a7-40eade5f8b56", "value": "T10D1252411BCD98F2D3A8E133826A850909BDF67E355727E9B8CDD48637BD10C19F81B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514405, "uuid": "f2abfddc-fa04-4332-9050-04090700cac3", "value": "192:QQk9J9TleNbiB1OTDq1CP6+Cwe64L/pZ+w7P5YvbKbjZIeYP5C0fUZx1:b65auBUq1CSr6qZbtYmbjZIeg5C3x1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679514405, "uuid": "c37ce882-6f2c-448d-8f5d-af4e7c6b4049", "value": 9432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679514405, "uuid": "2384087c-faf2-4cb1-81f8-fe2754ad9e13", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514405, "uuid": "e7c51c69-5c38-4e60-9355-19d6a442bb9a", "value": "8be240ea9814810a1c8a8754595b28b5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3bdd7c6-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501703, "uuid": "1dc89b9e-2a8a-4b2d-8c1e-ad7acc605de2", "comment": "Malware payload (Heodo)", "value": "bbe88ae0611387f29af2651582441e72", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501703, "uuid": "3e433e3c-b27a-4427-a0cc-b41453b407d9", "comment": "Malware payload (Heodo)", "value": "ce13efb65d134aae87b36ae9433d5f51e50bffe024cf80c9c4e0bfba6491ef5d", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501703, "uuid": "e803900d-c742-4a5c-aab9-049110c5e44b", "comment": "Malware payload (Heodo)", "value": "10997a9f041aa7f8beb75c80db1bc3c092793567", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501703, "uuid": "707415ac-ceee-408d-99da-0ecb71e8a58e", "comment": "Malware payload (Heodo)", "value": "c9faf15462f43b84fa9807d9b5ffd4de8a35e430e202580870978d0fefd240bbbc81c0ebc410830c97b8a5dfef10884a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501703, "uuid": "cdf6721e-6671-4f00-91ee-08ce2461779f", "value": "T16254C2426342CE2FDB920134590BBFF5A30EDCA85B2F86D22454F2A92D3FD26E3655D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501703, "uuid": "8057352a-5c01-4874-ba54-fbad731b0843", "value": "3072:JPO2nw8TvYbnIrmOPYPMbZEg+wVlDz6dOK3PtoQnRhPrr2ZswO/ON1:hOlW0oREwD/yPtPRhPrUs3U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501703, "uuid": "5dd90ddd-a0ea-48e1-bd2f-2360ef9021a3", "value": 286208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501703, "uuid": "fcaf19bc-86d7-4022-960b-7a7de0b386ee", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501703, "uuid": "153e6e4e-2c37-4e49-aa63-f3822118c329", "value": "Sogawaluggage.co.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "029578e5-c8bd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679494963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494963, "uuid": "860e76d2-ffd7-46b5-b273-184f68fb65e5", "comment": "Malware payload (Quakbot)", "value": "47e80dae04c667b89bf896b4b91085e8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494963, "uuid": "95f76a5b-1519-455d-aacf-0b81ca3ac5fe", "comment": "Malware payload (Quakbot)", "value": "ce37f8e2131fe8cd08974d6e61c46a0922a4ee7d414496bb755d56e1e3704d42", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494963, "uuid": "cb458fd0-03c4-4667-9229-63df30929fbc", "comment": "Malware payload (Quakbot)", "value": "13d6354db7fcc5a7ee93611f5a3d4a105c08a138", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494963, "uuid": "f1934280-1114-408b-840f-885b7db89267", "comment": "Malware payload (Quakbot)", "value": "deddaa0f6bb7eaf9acfdc651e63ec2ab7359ba48022494d2c7681f6cf4b241705f937d87710dde9bf9067bd165ff5b57", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama245", "colour": "#05390F", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494963, "uuid": "509dfeaa-9c86-4f30-b5fd-0a3cc7263f04", "value": "T101943B39931350B9CC4B2AB3118BBA5F7D64D705C4502E8ECFAC1D39F76A84069296BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494963, "uuid": "db34c3c4-a993-4426-a7f9-327ddaaa4399", "value": "12288:48T1Ee/IAHrWgnPwk7lUj6WJNZv+9UjQVMlFlup2rFWkWTHq1bw7YRvqwg97RxX3:BEe/2RblFFy3RhShAGm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494963, "uuid": "39d53295-fc48-45d1-b08e-98fee714fb0b", "value": 433664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494963, "uuid": "82b01d84-26e5-4022-875c-6268f20ab5c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494963, "uuid": "fad673f8-50cd-4c53-9000-99398212cdff", "value": "lJkDbdp.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df3fedc2-c864-11ed-88f6-42010a9c006e", "comment": "Malware payload (RecordBreaker)", "timestamp": 1679457108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457108, "uuid": "fb6613b5-749e-481f-bb69-90fbe62626c7", "comment": "Malware payload (RecordBreaker)", "value": "445ece9d1b4ad3e9a727b70ea3261cf5", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-proton", "colour": "#9CFB4A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457108, "uuid": "7cae712c-fba2-42c8-afde-ab3b3f34885a", "comment": "Malware payload (RecordBreaker)", "value": "cfa90f3234aafff7fba524fcbfbded7d1699fe1114845bb393edb374918322ca", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-proton", "colour": "#9CFB4A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457108, "uuid": "0aa97845-05d5-4da7-a69a-7dd5a1a15988", "comment": "Malware payload (RecordBreaker)", "value": "1263c42b65659842b35b2d637c9cbb801be96f86", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-proton", "colour": "#9CFB4A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457108, "uuid": "cc0b0238-e4f9-4efa-95bc-7685136940bf", "comment": "Malware payload (RecordBreaker)", "value": "63ddc5ca719e2802d8fc0590a9c745d018944013f74ed6316272c5aa25993d46fa36edf66c272ac82e33afd9168cdaaf", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "pw-proton", "colour": "#9CFB4A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457108, "uuid": "ae2b910a-376a-4eda-9367-83a1fecfb5fb", "value": "T1B9C6332E626EA1BECCE2BE6208DF55A451C2460E5E9F56AE010B730953921CC707FFD7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457108, "uuid": "66fc59ab-f39f-45eb-a11f-4b357388c0eb", "value": "196608:+CoGeCQWJqQPD0uBV91Km2LKFZvrrZwgdeUU2s+REnv3e6iDPN4+eUKe6v5:/e+EQLnJKm2ivrrdHhEn8npKe6h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679457108, "uuid": "e10b2d4a-1a31-44f3-be1d-68e3f94f758c", "value": 11871534, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679457108, "uuid": "cbfa0f42-c9e5-4685-a4fb-1bf1048659df", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457108, "uuid": "3c453f23-4c24-4bc0-a3eb-9f2c6d522737", "value": "Proton VPN premium.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c84b1482-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472961, "uuid": "f12f2057-04dd-4bca-a4eb-3967927a78b4", "comment": "Malware payload (Mirai)", "value": "a6829496847f39a2e650c5fa2e4b8d8b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472961, "uuid": "0b910556-0773-4660-9674-ec4285a49652", "comment": "Malware payload (Mirai)", "value": "cfc1593c447aa322cee5bfb75891ec37645c0f0acc75cea7e280fcd94aff0bae", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472961, "uuid": "9699f2e3-2a37-4d6c-b970-ab8d5775c284", "comment": "Malware payload (Mirai)", "value": "42c43fd4d11c1dcdf6357bf1d0d3e8e96b4a4bcc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472961, "uuid": "f6737289-ddfd-4411-bb8c-49e53ff9ef8e", "comment": "Malware payload (Mirai)", "value": "112fc22bdceb74dc81b62c654d4cc61522657e9d25a3ea64e2a8c058f8649fac75ddf9fdc548d8ef1a127e0da3052e8c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472961, "uuid": "ba81ce36-70eb-42b0-a874-6fd986f6bf53", "value": "T129637EC9D287D8F6FC1705702036E73BAE71E0AA211CE646C778D5B1FC86942A117ADC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472961, "uuid": "7d24c827-a69e-414b-b4ba-2c05baa6c73e", "value": "1536:bnUQJZdRlDAXO6QyQnD0QT2DxChZHAJ7RvsuIr5bhZfX:bnUQJ7RlUXTQpnD0QTmxCbHg+uWbX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472961, "uuid": "e9e82db6-a213-4e63-a17a-71870414f31d", "value": 70736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472961, "uuid": "9e976e86-fd4a-4e72-b242-12cee344b0b0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472961, "uuid": "88d8f984-9981-417c-ba94-6b19bc9a2547", "value": "a6829496847f39a2e650c5fa2e4b8d8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "603cec03-c8b4-11ed-88f6-42010a9c006e", "comment": "Malware payload (NanoCore)", "timestamp": 1679491255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491255, "uuid": "ef47696d-9721-4861-a704-6da291a47df2", "comment": "Malware payload (NanoCore)", "value": "7673ff8e90adce44dbd6b0d1c355fd13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491255, "uuid": "c371b369-387a-4699-babf-5465cc1e07eb", "comment": "Malware payload (NanoCore)", "value": "cfee0fb48134e7fecf10d360e537299729b365a47e813c89aebbd167467cd35b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491255, "uuid": "ad913f03-a471-4b12-90c3-202ccd35c037", "comment": "Malware payload (NanoCore)", "value": "b66e9945d069b0c273318bf12aaab6052358bf87", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679491255, "uuid": "b90d8846-c6ce-4f35-ada3-90ced803bf50", "comment": "Malware payload (NanoCore)", "value": "79fdf0e9a71814e36db2e0101cffa2fd44c46891c73d5e5bdcd1e208ccb740cf16422b52f0d2fe27a847265b5e70d6ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491255, "uuid": "56f3295d-c085-4cb2-8da5-fe810c926b5e", "value": "T18C051206B2D6CB73C56896F5C496491003B7A7072633F3852DC811E92F47BE89B5ABCB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491255, "uuid": "da40424e-a1d3-4751-aa41-ad5d7e572422", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491255, "uuid": "c8701305-6435-49ba-b188-bcc49a0608fc", "value": "12288:kCbgpteoqTcOQp9IMjsqSxE+anZZtOz9XxBqgGzJ2nY42yEml/:FgPvOR1brK29Xx7GF2JDB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679491255, "uuid": "8146e9c7-68f7-48c2-a59c-ce25120e139f", "value": 838144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679491255, "uuid": "ba45fe41-e367-4bcb-a71f-8c2d8d0f401d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679491255, "uuid": "c62d2973-10d2-4a62-b779-198dee8d34b3", "value": "certified true.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bde3d6d-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679511917, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511917, "uuid": "e518ed8a-26a7-43da-9838-18dd8613a33a", "comment": "Malware payload (LaplasClipper)", "value": "01de3421f64391850c58e0c731b28d15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511917, "uuid": "812b36e8-4c36-4f35-8eb2-8b9c0a50b824", "comment": "Malware payload (LaplasClipper)", "value": "d0510da2366e0ffc6a3a085a69d6d395d3f99b9090da13b956e03fa50273e064", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511917, "uuid": "74ab7eeb-787f-43b2-b9b5-1b6102b911d4", "comment": "Malware payload (LaplasClipper)", "value": "fb99726ce94bb8f37beed814d8b1ca1ccf57aa2b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511917, "uuid": "0a3fbd6a-07ae-4e2b-9804-6b300b67cb47", "comment": "Malware payload (LaplasClipper)", "value": "06ac53364dd98067159e57f066e2349a586b9d8d092fb15960c2c211662011962f97eb3584e3533c57aeb15ea96f04ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511917, "uuid": "f7e9e480-9cd1-48de-b0b7-14daed8def48", "value": "T1CB747DC253E16C20E5124772BE1FCBF82A1EFC609E597B6E2359AE3F09701A3D152719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511917, "uuid": "4924dabd-4b9c-40e3-b3d1-c1c9852e045d", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511917, "uuid": "774b4d33-6e54-43ca-a356-e9fa0410a127", "value": "3072:tMHAtl1oLm/DsrjualZAjPnAvbki69Cb3oNRZerEbB6+UsaFyugwn0JV:cyzDM/owj69+G1Zyyu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511917, "uuid": "2dc10fc4-6d76-4df6-aa0c-39de4fa4aa54", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511917, "uuid": "cf172b7f-3c8c-4d43-a1c6-5ff067e9200a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511917, "uuid": "e9aedbc2-a733-4cd9-ac60-2f298f49e4ca", "value": "01de3421f64391850c58e0c731b28d15.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14af9fe2-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511744, "uuid": "361b62f5-99ee-4131-b42f-2e8790f80aa4", "comment": "Malware payload (Formbook)", "value": "c0478e87046e77c0c5c59db94a64d57a", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511744, "uuid": "328bfcb2-6ce7-462b-b9c0-abc60245ea56", "comment": "Malware payload (Formbook)", "value": "d073f24c0419d1e919056070192b480bced67c468707f1e5fd038f950a2ccaed", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511744, "uuid": "59e941d0-85cf-4373-bf26-60950fc33227", "comment": "Malware payload (Formbook)", "value": "e9c620f5afb01282d6ad956dca3ca56d1c46df99", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511744, "uuid": "f354be0f-000f-4003-b4e5-a910053e26d4", "comment": "Malware payload (Formbook)", "value": "65dbda953b28201566798b147c2e979c3b74ae56df19ffb9843444d574a661e621ca436d4f7750df7377cb87ab75b313", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511744, "uuid": "d8644ff3-31f8-4d69-b969-76eac7ca72b6", "value": "T1A8E44AE1D68088E9FD694BB6A8339C3615677D7EB9B4601D661EB6312B732C30077C0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511744, "uuid": "ab702d39-f729-4efc-bca3-988e56bbd03a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511744, "uuid": "50c32548-982b-4d94-86bd-5c5d7fe09976", "value": "12288:4YGGr4VVVVVVVVVVVVVVVVVVVVVVVVVVVVVHUIAGldSSXiWtv8HdY:4YeUud/XiMYY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511744, "uuid": "17aa62f7-8c0d-4f65-90a9-d29a0110d29b", "value": 687039, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511744, "uuid": "68478671-887d-49f0-911d-f797a28002bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511744, "uuid": "71b810b4-53f6-4790-b935-eb8c8f5e29f9", "value": "DHL SHIPMENT DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e06ff4d1-c8f8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gafgyt)", "timestamp": 1679520676, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520676, "uuid": "238845da-1a85-49c1-8da9-598b96a76f59", "comment": "Malware payload (Gafgyt)", "value": "a7ca1d0da01d54b5fbf0517ab254bcc8", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520676, "uuid": "abe2f000-e1c4-4c28-bd79-eea1b00b1a82", "comment": "Malware payload (Gafgyt)", "value": "d158d0e5f1e521fc2d8c34cf2d0cb5444b5c5a61b69edaee31d2f4e95dd103db", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520676, "uuid": "76fd75b6-382d-4646-b630-f53b959339fa", "comment": "Malware payload (Gafgyt)", "value": "ee36e630040fc63b7f6717a8ae99df4f0c3f5880", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679520676, "uuid": "ab77f46a-9de1-4eb5-8d44-c59e03a1d532", "comment": "Malware payload (Gafgyt)", "value": "fdc39abb710678bce94bf40911fc4c731cbb2f3d31f143d0dd71844a10f0d50c3efa1d9b9811847053a9f0b0633eb216", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520676, "uuid": "2efe61a9-17e4-4d9b-a516-f922ce867f17", "value": "T1A7B31813B7B1DABEC08252B12BDB92F19423FD7D0732622B33957DA51B388D96D59302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520676, "uuid": "16e53b0f-8d7d-47bd-8829-8cd966d5f9fc", "value": "3072:od0w4SAewzi+Xn+8Uhw6W+aP3JmDk1c8xF6KjW:zfO8IBOJmDk1c8xF6KjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679520676, "uuid": "39d847ed-5768-4cea-b3e4-02b8513e43a2", "value": 114825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679520676, "uuid": "2b3cc874-0c3a-4578-ac2b-789aa6548b07", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679520676, "uuid": "09c8217f-5988-4513-9c06-574bc164d835", "value": "a7ca1d0da01d54b5fbf0517ab254bcc8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf269ce9-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "3469ac75-0059-49ae-bb46-16db84702865", "comment": "Malware payload (Mirai)", "value": "c2043fec65c9fdfe61a39e1a68fe1aaa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "4e0c8f07-855f-4ad7-aa4c-6e05f56f7aaa", "comment": "Malware payload (Mirai)", "value": "d17b7e70bf8bbdf26510a58d9cc66f70c28f2ae09c69bdfdb3c0f4159f4e4885", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "fd3683f5-af08-421c-97ce-6f61d6af5fd0", "comment": "Malware payload (Mirai)", "value": "8102f836a24ac33356661c108a9ccd2949b1fa65", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472946, "uuid": "852abe6e-5066-4792-94c4-f1ffe72ca776", "comment": "Malware payload (Mirai)", "value": "84f53e7445ed6bc1013387e100fd7d1883175827d7c4888b7812e5aa5fbf7059f51550af1aa1a8e44e722ee8794739df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "4f08c183-86ea-4182-b3c6-7954f8857920", "value": "T13A03F851BC828A67C2D1237ABAAE4A8D337163D9D2CF7217DD214B207AD651F0D23F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "63958635-4f7b-467e-a7a4-497dc3f7cd1d", "value": "768:Qg1oObUkG5XliO1nCJAxftFFWnwjmv9ZAvt2j5FburImA2/tVrofXe/NrwW:QObrG5XllCJAtbfQEi5Fi/4e6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472946, "uuid": "cce5017a-aabb-49e1-88c4-73ccace15443", "value": 40700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472946, "uuid": "4bbf2777-1073-4154-a994-10674cca15a3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472946, "uuid": "7387b5be-7241-467e-9d20-25443a2c1b5c", "value": "c2043fec65c9fdfe61a39e1a68fe1aaa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34243fdf-c865-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679457251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457251, "uuid": "c4472752-2fc3-4610-b92f-4bcd5efb9b29", "comment": "Malware payload", "value": "fa0e319484845c1333e5c1e621659027", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457251, "uuid": "94ab32ff-e53f-41a7-9c5c-1ba0c666fbc3", "comment": "Malware payload", "value": "d3d00022e02c57c638d7738e661be715aa74866d8b7495e74b72e0c0f75695dd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457251, "uuid": "16d83c35-25e0-4750-86f1-0d85fd194eb0", "comment": "Malware payload", "value": "16c33976ef8a5aa1114f2bef9feea5007fa7491e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457251, "uuid": "8b8d4023-9f6e-4dcd-a26c-624811d234f2", "comment": "Malware payload", "value": "2e91ca3c6fc085ff4eac27354fa9a90787a8dfde1f413617b34825386bb6366e8eeabfab3db3e8e07000b0fb3e6ecc7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457251, "uuid": "e72846b6-ba39-4289-9f1c-d7d2c47f9077", "value": "T1058633A5098FB3E9EF4418F1109BDBA1348765251A53F23D8A1DCD628D376F2DA13E0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457251, "uuid": "1fa065e6-430c-4c13-9b2c-bbc884a6e5e5", "value": "edc7ff2be90bee2a9c10e50db94e3c46", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457251, "uuid": "dbd36fdb-5033-4f1d-ae63-07976c407d21", "value": "196608:zLBJsvAF7+ftEtuzyeXprQ9z2y6EZaAF5XfpXXIBQQ:zLB+vA9ytEtIJXpGzJzQMfpnIB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679457251, "uuid": "6a93abc9-a715-47ef-9219-3d0aba93c000", "value": 8085504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679457251, "uuid": "e5829a46-6c78-415c-a25d-7670b113a17c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457251, "uuid": "b01b983d-39bc-4e22-8e0c-d6abd3430bf8", "value": "Clip1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d93dbb1-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469319, "uuid": "dd1db6e5-9855-4dfb-adde-dcd4d80c9435", "comment": "Malware payload (RedLineStealer)", "value": "a631f66eb7c5e6e476ebac0baa5b0dbe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469319, "uuid": "50fd4e2a-e48f-4c09-9889-304bea21029d", "comment": "Malware payload (RedLineStealer)", "value": "d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469319, "uuid": "59fdfaee-6f1d-418a-92e1-46b33678b7bc", "comment": "Malware payload (RedLineStealer)", "value": "3ec553f7caffff701451fad841a7b0d38f538895", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469319, "uuid": "ebe74945-b7d3-4b80-8bfb-db89fa432f84", "comment": "Malware payload (RedLineStealer)", "value": "a8b6699fee4bde17ffb44a0bf087370d99a54df771d94c0871d14bbac6e7286639b9850e55657a532e0352c56c574a57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469319, "uuid": "5b8b5cee-e0ca-4416-a336-e55a37f1991c", "value": "T1A885D14CB783947AD22E64F87E56E20FA5859FF8915809B1636D314864BF7C3F8E070A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469319, "uuid": "68841da3-094a-440d-baf8-210e770668b2", "value": "c5a7e4f34dfab55f40efeb58a4e8de0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469319, "uuid": "2613f3f5-0aa9-463d-a7fe-a1382aa47e3e", "value": "24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469319, "uuid": "4335579c-0dc5-4061-9401-14734a45d855", "value": 1846200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469319, "uuid": "abee06f6-8944-4956-aabc-c0cf7dc41425", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469319, "uuid": "3eddac66-73f2-419a-8c97-27e8421a2053", "value": "d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eee1fc5e-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679501802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501802, "uuid": "2bea3892-959a-4b51-99e7-9ec008ac9677", "comment": "Malware payload (Formbook)", "value": "9f09dc362f818749658cf3f551e425a7", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501802, "uuid": "e00326aa-0b2b-4943-81fc-3da4ef818521", "comment": "Malware payload (Formbook)", "value": "d47dd202f493c4bf8ac2e95ae134064ec838d3189c12d4ae20d497bae92a5023", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501802, "uuid": "40453847-41e0-486a-85ad-4fea3b0cb2f8", "comment": "Malware payload (Formbook)", "value": "d5ae33f90f4dd4d8fe64cd47279af641b2c860cb", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501802, "uuid": "988c02bc-4a2f-4dbf-b489-817e2e17b354", "comment": "Malware payload (Formbook)", "value": "08bebf9093bd5f3eb46acdfa24cff1fe7a7f566587e3f96953a4aea599492a4d457014eb0ba83c2ad0706e59081d2c98", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501802, "uuid": "d5dae636-03d2-4f82-871f-b96ba0cc88e9", "value": "T132350217F9C44D46D44247B96AE379D9132EBC226BD2A2C73348B70F6FB86E0864711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501802, "uuid": "e98a6318-f43a-4c06-b222-c816d8c450b4", "value": "24576:JLKiWQmmav30x1+MXUu9/WN+MXUu9L3bVW+MXUu9o3bVr8GWipaPzbw:JLKnQmmQ30v+MXV9Y+MXV9L3bVW+MXVb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501802, "uuid": "06a16126-6ae9-4a9c-9cab-a6794076b12b", "value": 1149952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501802, "uuid": "f0da5387-7d04-4693-a709-945151bd81da", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501802, "uuid": "2f06727c-1fd1-4d51-9c21-e70fbef8b296", "value": "P722U15 \u10e8\u10d4\u10d7\u10d0\u10d5\u10d0\u10d6\u10d4\u10d1\u10d0 7 \u10d9\u10dd\u10d3\u10d8-\u10e1\u10d2\u10d0\u10dc.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bc330b4-c8a9-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679486442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486442, "uuid": "b5ed848e-879b-4dad-895d-f2c06ed370d0", "comment": "Malware payload (RedLineStealer)", "value": "70f462f2f8b597dca5475c4fbd97ce55", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486442, "uuid": "c381554d-f504-4c23-8fbe-ca6ff41cd053", "comment": "Malware payload (RedLineStealer)", "value": "d49d3e69d3106f4d4d755c9642b16197474145bf56c4957f3697a2d75dacea3f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486442, "uuid": "967b6094-3785-4969-bef1-26d596116adf", "comment": "Malware payload (RedLineStealer)", "value": "b84c1d1f7cab4deb97970991902a5784a167ffef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679486442, "uuid": "c7b05dbd-ffd4-4bbb-afe7-37155e36bb67", "comment": "Malware payload (RedLineStealer)", "value": "1d70e0c0cf3327e057a62ec30a9cb63b00d5c0208b2e7bdf0c33686efcc9f8f63ce8b58734c5359eff9fcf5e7ca5b034", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486442, "uuid": "5c70b15a-667f-4472-ab4f-31b3f3a989d7", "value": "T129252363F2D48172D6AA07B018F713E70B37BCA15D24D367234AAD6A08F3960997477B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486442, "uuid": "9edb2cce-9314-4f5a-b75e-97664c923ddf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486442, "uuid": "507849f8-eea8-41eb-be68-3fd9c41c3528", "value": "24576:vyKJnz2RAOWOi9bNuGNg6ZKhVlpa++HFG:6BAOO9bNu+ZKhdWF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679486442, "uuid": "f13ef462-6409-4f00-9e0f-7fb77f6bf4a9", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679486442, "uuid": "de02f228-752a-4dac-b23c-09c937301281", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679486442, "uuid": "8783f102-690e-4c30-b404-6bd7d17daa14", "value": "70f462f2f8b597dca5475c4fbd97ce55.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9fee003-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472910, "uuid": "191ab8ce-0f22-451b-a326-3da86ca47f2b", "comment": "Malware payload (Mirai)", "value": "e867f4ab671b36dd9054e8028d7e19d0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472910, "uuid": "74f5b884-7b00-4713-aff6-a16cbf76a414", "comment": "Malware payload (Mirai)", "value": "d4bb4bf2432a775b10c3d248d74fd8dd3c051f605436f4a87cc3c368a3258cea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472910, "uuid": "91c90958-3b8a-4898-b0d9-2ce574d9493a", "comment": "Malware payload (Mirai)", "value": "bd4d39a318040559f3784a6c20d3361816c3494a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472910, "uuid": "8c116f7f-69ca-410d-84b8-0ec2852b2368", "comment": "Malware payload (Mirai)", "value": "d3ef9fc98811ecec5b9ded3dca8f44bdb13f7ce13d3c9d2ddc449d577220806f7ed92d5581d172c5be2aeafcc739e0b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472910, "uuid": "056b24fa-0974-491e-9625-b94aec3204e3", "value": "T1A3534B02B31C0A17D0A31AB0253F5BD197BFAAD022F4F684651F979A96B1E365182FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472910, "uuid": "36a47f2a-5d8d-447a-b4c9-9b3da811ca86", "value": "768:BZ5fcgyo15Ry/RTPe/7CmZCjY+wUy2I09/ia9yyDFavyFNwxNwL6FV+tQqwWSIY:XPUd7mZgwUjhw0yyZa6FNwxNie+ajWST", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472910, "uuid": "4f7885ca-ee94-4f83-b669-10d0ae408933", "value": 62964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472910, "uuid": "d20003db-16b3-40f3-91ed-29ae0189ef38", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472910, "uuid": "d0612c3b-3483-4f92-bd06-21a9501a9e8e", "value": "e867f4ab671b36dd9054e8028d7e19d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b11e693-c87e-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679468134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468134, "uuid": "77186c80-2c1c-4f32-931c-ad133af1548d", "comment": "Malware payload (AsyncRAT)", "value": "4101ca6880258f103df2c744efda4cde", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468134, "uuid": "13ccac4d-bfd5-4fed-973b-a0d002a9ca29", "comment": "Malware payload (AsyncRAT)", "value": "d50074d48914764b355b89e387636cfbc2d5f5daf17b8afee1490c176afccfbf", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468134, "uuid": "908570fb-5ed0-46f4-9888-424472dcef2a", "comment": "Malware payload (AsyncRAT)", "value": "90aed0f7474acd6321af277d6f9f81cf0674405d", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468134, "uuid": "e72fed91-0ecc-4dc9-a931-84297356904c", "comment": "Malware payload (AsyncRAT)", "value": "62a627f889c04410e73d70edf367311630e5453a39b3bb519074dc2ea035d3ddc2b0604c4091a4f32552fa0a1e5862c3", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468134, "uuid": "37bcd703-be4c-4b08-bfcc-d016834d07b1", "value": "T1E2A47B30B1FDC2C5D1A93938ED1BB0F95994EE21D8608C5F3E987E0A34716A2F93525E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468134, "uuid": "28b6e567-c865-4c25-bc9d-0236bf96cfb8", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468134, "uuid": "14af9f38-c3a4-443c-91db-8fb46a2b9afc", "value": "3072:IfY/TU9fE9PEtuoRbtv9BAthLEMw5m4i9zgngzRtunMK1L4PQw/ihbceYSgOt:+Ya64D1Mw5mZgnqiEPv/somt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679468134, "uuid": "fb1a0286-a8f6-42d8-8bc4-0fe0f420a475", "value": 472877, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679468134, "uuid": "0124f33d-986d-4011-8580-6ef74695937f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468134, "uuid": "7db7e8ec-bf27-4aea-b731-c762663e4e14", "value": "AS000456879.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f6208df-c890-11ed-88f6-42010a9c006e", "comment": "Malware payload (Loki)", "timestamp": 1679475657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475657, "uuid": "494f6c1d-ff08-4aff-a670-c8936bf9c5a1", "comment": "Malware payload (Loki)", "value": "e0bcf1099c4d15468214dbebcce628aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475657, "uuid": "54af2fdc-9bf3-496a-9586-ef689231a5e4", "comment": "Malware payload (Loki)", "value": "d5546c4ce65f892b4fc83398f5c45957f03a647c0bcd81488218da710475eae2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475657, "uuid": "fe6fbe87-d40f-4108-9bc5-4421cc2cb182", "comment": "Malware payload (Loki)", "value": "bd39b68eb4406e803f4a626af3f5432eaec40445", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475657, "uuid": "6ece7730-f306-41c2-929a-811078ac59fb", "comment": "Malware payload (Loki)", "value": "5909fd3a4ed4fae788902c86c62cd631a0fbf17be65a4de71fa82b7281fad2fe953b04c0df9b528326da727fb1f180b5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475657, "uuid": "080d647f-5642-4d61-9689-c53834b2026f", "value": "T1D93512D29921D6EEF83EC63B89315CF80EFF3DA646B19816E45132E32633951D53A312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475657, "uuid": "84e35ac7-1bd7-4ef1-90db-2c20c2767c3d", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475657, "uuid": "55726b7b-61d8-41c8-af35-519ac195ebbf", "value": "24576:vcbsfXQrcT4QLWW91C4TrrVKY1YT0dt+Culxbzn6wN6gCaXV:/XQr4KKo4TrrQY1YT0dOlxv6wN3jV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475657, "uuid": "ebbec02a-5529-41f6-a7de-d6282652ad30", "value": 1077200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475657, "uuid": "d7f8f841-69f8-43ac-bf5c-24484daa16cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475657, "uuid": "1c8160ac-f64d-4756-8eaf-05bc128bb51f", "value": "AXIAN catalogue 22-03-2023\u00b7pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11ec50e8-c8d2-11ed-88f6-42010a9c006e", "comment": "Malware payload (AZORult)", "timestamp": 1679504008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504008, "uuid": "02cf9a08-a5b8-4015-8c91-30b6664edaa8", "comment": "Malware payload (AZORult)", "value": "5c128e469d5a71bcb5bee16147ad407b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504008, "uuid": "cfbd7726-b5e9-45ad-9995-ddeb60cd3d01", "comment": "Malware payload (AZORult)", "value": "d5554f475d95ecca88e05af06c1d66ab34c8db6f18f43496bc535fd89be4808a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504008, "uuid": "1db29a6f-af7f-4206-9c49-f13d002f46a0", "comment": "Malware payload (AZORult)", "value": "153527e59a49afb100e44e12b8089259b4c3e2a6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504008, "uuid": "6fd84254-c532-4c42-8d7c-0065d849b311", "comment": "Malware payload (AZORult)", "value": "40ebdf44b03c2ce8e12826b7e576d4c32e4534dcf8cf0b43b959a76b6b4688e2cc2bd904cd942b2c1299ed904e0145f3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504008, "uuid": "fc905a29-23f8-4e8c-8bbc-951305e6d67e", "value": "T106F41211B299CB24C16C57BEE9C2496007F7A34A3573E30A3EC906DA6F167E44B11BDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504008, "uuid": "7cdab356-0563-4438-b7e1-6322879a0034", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504008, "uuid": "d3c8813b-31d4-4df2-bd5d-bb5d3459d3fc", "value": "12288:cTnUmCnfM4kA7BgsRb8feoaEgmcGZWGHt9JNTMVzcBCv6oNjvSkeKh/xU/:oCnkEdRYmKgOZWGBmVzcBCbNjvDnU/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679504008, "uuid": "05114563-757c-450a-af61-1a1f3c97b86c", "value": 742400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679504008, "uuid": "43c377b1-2042-405e-a440-a8bf4d05a2db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504008, "uuid": "054f7f4d-7d3e-48d7-94e1-13b7f7528df8", "value": "5c128e469d5a71bcb5bee16147ad407b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25c7ebdb-c8dc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679508337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508337, "uuid": "473f74b3-4b7b-4044-89cf-978b51675bf7", "comment": "Malware payload (Gozi)", "value": "fa8e45f17526900cf61b6fb9cd4df00e", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508337, "uuid": "1c954fb3-2b83-4351-94b7-0ccaed4dd493", "comment": "Malware payload (Gozi)", "value": "d5ad49b4519f7c8d63ac988b81d615ab12a4d5bc64a691681ae6161b141a37e1", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508337, "uuid": "b0a3d4c3-287f-4e9f-b903-804de0ccd717", "comment": "Malware payload (Gozi)", "value": "397ca530ea109b371813bfdcd369afe6eb2799aa", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508337, "uuid": "a7649984-6c6d-449f-886a-d949ff7bb997", "comment": "Malware payload (Gozi)", "value": "1e73c15efdea6ad28be60d4b389c702e21a540a1e7838ea0c7c030629f30e858c69107ffb236bad05f820b446f04e9ca", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508337, "uuid": "a2035fc9-4d9d-4103-ba1e-69b5c5e4437a", "value": "T1A4745C0253E36C20EF2347728E2FC6F86A2EBC619D5B7B6E124DEA6F0D741A1C152715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508337, "uuid": "d5cccd4b-31bc-4634-9cf9-8d021365cd3a", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508337, "uuid": "3bd1a08b-dfd3-496c-bfa3-bcc67492f537", "value": "3072:YudYUiSjPQFG7xcej3YPItYtuTew0NsE97ZidnUJE8DYGi85JrnlV:YuIOkPycuONfsii4Jr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508337, "uuid": "b693dbb9-ca28-4f4a-ae3c-c285e62c1457", "value": 367104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508337, "uuid": "9a1b58f5-43a3-4616-8118-0c43d4c2ba3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508337, "uuid": "7c2ffdc1-715d-407c-b189-015d3369bf0e", "value": "server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41cf3ba3-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679475312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475312, "uuid": "a3fa024f-978d-4d4b-b22b-154ad11c01df", "comment": "Malware payload", "value": "d65363a42c87c8b59eeb68f0da5b83b9", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475312, "uuid": "34424deb-1759-47ee-98c8-5932837c8bc6", "comment": "Malware payload", "value": "d6169ee048b8317aa866d5acef226cce3ed7ecf2b03f83dfba9a4034942dd921", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475312, "uuid": "04b1d3ab-41da-427e-bf80-c799ede37b89", "comment": "Malware payload", "value": "e85b6c6014b1bb5ba22b3d23792821199da8e7d4", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475312, "uuid": "da7c5d97-cd12-4438-806f-1b695ad0aa78", "comment": "Malware payload", "value": "210051a272467ef8a4ca058aae45c95fc6c2efd5f9b40c7b8604e48df689b9e3fd068717cab07fd6247a355f695a2bcb", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475312, "uuid": "8a955641-625e-40a3-b15b-df2fc47f1c01", "value": "T1252423034AEDACDEDC23C3B69D376811B41A1A8D7A4250B9FF4D3A7DB9388B8D6C4415", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475312, "uuid": "a6ca0254-e909-4bf2-a085-7d332e8b8edb", "value": "6144:39+YZ1j82XgGTmZinsnaFnF48s3tmzn9+51z:3RV82X5CZoswF1s9mzn83z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475312, "uuid": "021a394b-c78f-483c-bac4-aa0bdc74fd94", "value": 224042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475312, "uuid": "5563aea1-9cd1-4387-ab95-ab2f035a5775", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475312, "uuid": "49f18921-2cfe-4b18-ac77-b243400f8529", "value": "RFQ-20001123-GLOMACO,PDF-pdf.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19c4bd91-c8e9-11ed-88f6-42010a9c006e", "comment": "Malware payload (AsyncRAT)", "timestamp": 1679513900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513900, "uuid": "17e04eaa-077a-44b0-88d6-168d4ed59c90", "comment": "Malware payload (AsyncRAT)", "value": "5df47d50e52c1cdb011c12bfe2ed1203", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513900, "uuid": "34bc575f-d5bf-408f-8c39-441d6e89b41a", "comment": "Malware payload (AsyncRAT)", "value": "d623550382d57e1f3b8a521f00d4f05179da3073ac07d4ccaf4ced2999afc18b", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513900, "uuid": "65a5b972-03b5-45d4-a0a2-a8c7a0707ba2", "comment": "Malware payload (AsyncRAT)", "value": "587b8357692cf1801a4aed650f5965ed5ee7337c", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513900, "uuid": "3aa260ea-0372-43a6-9434-9dd3713d64a6", "comment": "Malware payload (AsyncRAT)", "value": "26dcb3b94bbd662377a1e0472384cbbf3586a5c6e559d0d0ea4c3e1a3c9170d88acc04834a39612085505d6c15515930", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513900, "uuid": "9c1999dd-d0a2-48e6-9df1-a96ee50ff08e", "value": "T191E4375207851BBDF68D0EC9C94B345B20F2D8677D251298EBB36EE7BC3B9845430A36", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513900, "uuid": "68ede97c-0ab1-4202-a93b-e1215fd33204", "value": "1536:zJ7guVMqP/wdjeE4+vTrDLq4m/R6p0mZEWF7L9nGuWsMwAZJffqWyaUUhmQv/2sy:a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679513900, "uuid": "90015af8-80d3-4b3e-9594-a95072a1d0c2", "value": 705927, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679513900, "uuid": "c60ea271-7f4d-4e58-96cc-4f23b232d4bc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513900, "uuid": "890a12eb-cc3c-4c9e-b38f-fa67f32cdc28", "value": "moos2.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a546c921-c8e1-11ed-88f6-42010a9c006e", "comment": "Malware payload (Smoke Loader)", "timestamp": 1679510698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510698, "uuid": "482c30b9-069b-49a8-a03c-14c4ea144a2c", "comment": "Malware payload (Smoke Loader)", "value": "39301482aa35c5dad8e6fab842109cca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510698, "uuid": "3783ec4f-2789-4b13-bb09-66d5ff13a133", "comment": "Malware payload (Smoke Loader)", "value": "d6b06f7b07cd71f55091d9d1c36556538dfe3fd8cd3b40bccd29d6ea123fb334", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510698, "uuid": "767cf155-d91c-42b5-b510-2d35a734281a", "comment": "Malware payload (Smoke Loader)", "value": "917092a21b22f6e11f932b176e93b536e84a4130", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679510698, "uuid": "20e66386-1f00-4906-9e33-8108b9bc8e77", "comment": "Malware payload (Smoke Loader)", "value": "c66ee83595d41c34b3616f0c4e275c14c2344672415081784848ee0cc978f16a7861cb63dff10c64c446e4818bb13096", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510698, "uuid": "e2c5961d-7d17-45f6-a292-2bb52b2d5d7c", "value": "T119745C4293E36C60EF2346328F2EC3F82A1EFD619D1B7A5E124DEA2F0D741A1D562715", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510698, "uuid": "1dee49ad-4db3-4828-90a4-af44fe10aef1", "value": "05d87b5aa905cc75972feaf183240d59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510698, "uuid": "c0438767-454f-4002-95a5-d50f46ef9a3f", "value": "3072:KXsF7PoVHsPM2jXO2N1BDeZ7fGIKhggw4m8qPjGDe53RUoV:GMq2v+TGZgu+yDe53q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679510698, "uuid": "0fc6860d-417c-4f31-a37f-bd8c42afbbf2", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679510698, "uuid": "704c61f5-5a87-480e-b6e6-f5321ad81386", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679510698, "uuid": "ee79b8db-8e1d-4f3c-bbfa-6fdf37eb21c2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9262a555-c896-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679478454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478454, "uuid": "2c7d9e85-a39b-4b4e-b3c0-af71865719c7", "comment": "Malware payload (Formbook)", "value": "e66d6f5532594ddd9ec4cf105bf0604f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478454, "uuid": "416af6f5-6a7a-467c-b034-50eceea3a61f", "comment": "Malware payload (Formbook)", "value": "d6cb7358c0741c5f1e50c5d8fef2423d960345a59e722a88d852049a9226811e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478454, "uuid": "f3b6a366-d847-4cf9-b4af-646eef328f2b", "comment": "Malware payload (Formbook)", "value": "977c34a809bc4a5709e4e9a5d593f1b7aab304a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478454, "uuid": "c1127242-1739-47d2-a06e-bdab4c91d981", "comment": "Malware payload (Formbook)", "value": "4aa92fc72d4dbb8769b8c0b6f09ff062b12d9fd8f7dc8d06ef0b64b713e53a909dc481cd450c764cc5f39eef5e8f87fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478454, "uuid": "136f17f0-428b-44e1-842e-43af5bf6863b", "value": "T1284512027EC19872C1B31D326E797B21B57D79201F658EDFA7C04A6DEA229D0CA347B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478454, "uuid": "c49d3a91-339b-4e98-ac38-46058dbd639e", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478454, "uuid": "675b9ada-714e-40ca-b98a-19691d29cc93", "value": "24576:NTbBv5rUanRE0kd8HdMKMIyTxxmm/FpXwF+XgOPo+clHi:HBjcdAd3kV/FpW+XgOA7s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478454, "uuid": "9c316d8d-c0b6-4507-b4e6-6e79b587afd8", "value": 1183966, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478454, "uuid": "75fd2d27-7c22-45da-af61-6b7e1e5ba175", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478454, "uuid": "c5abb56e-9b4f-4450-9af6-a9dead677201", "value": "qoutation2103.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b0eca73-c881-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469342, "uuid": "275f202e-9bd0-4f53-b719-477a2ba1581c", "comment": "Malware payload (RedLineStealer)", "value": "fe68b4f2aa3c588454e0700137f78211", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469342, "uuid": "e12f6b0f-522c-4f3b-a957-4f581e1eccfb", "comment": "Malware payload (RedLineStealer)", "value": "d6d06ef971d0bf53f64a4bf558a331bd4da76589ca6d94d010e54b79590cc534", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469342, "uuid": "7e5dc218-19d8-4df8-bf89-4b377b849b72", "comment": "Malware payload (RedLineStealer)", "value": "498434dbb7b61fa98cc5e92fd3c8cb950d8276e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469342, "uuid": "a7e75d5e-6ce3-40eb-898b-89cad24b62e6", "comment": "Malware payload (RedLineStealer)", "value": "fe5139c5f285bfca608bc4e6ac7cf246b2482ac16426c01c2c781fad920d75bd4dced00d17596831b21a63fbd03a441d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469342, "uuid": "c6e25c8f-77b7-4f26-a9a5-961af7ba8ce9", "value": "T1DD252302A7D98076D8B12BB10AF613D71E39BDA2AE79831B4794D11D8DB33D1E631327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469342, "uuid": "161de8f2-b048-4c39-8b18-c78389658c9a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469342, "uuid": "a09489ad-a978-4959-aab4-5967ff6e5814", "value": "24576:WyE2PEuAPRgiq5cczaJJ8n818Bno0milRUFLt6OWzUE4eK2P:l5PE3POJccAn16o0mU+b6OWk2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469342, "uuid": "da711b0d-cf76-4eb6-8a72-a9bd27069f48", "value": 1047552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469342, "uuid": "bc953fd2-5d26-42ca-a619-f4fa71dca782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469342, "uuid": "e85e1cce-19ea-4716-a8e2-0254fc33ccff", "value": "fe68b4f2aa3c588454e0700137f78211.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8382987e-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511500, "uuid": "65aba736-9c1c-4a6b-b3d8-bd96434d8f38", "comment": "Malware payload (Formbook)", "value": "eda174e3f27c80dcd19abfb5400c50d9", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511500, "uuid": "db02151b-254b-4d74-991b-c97c079c27f1", "comment": "Malware payload (Formbook)", "value": "d6f3694d7c009f73f53fa28d77a65eafd3ae19c9d219982a71f150c514a86584", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511500, "uuid": "e845ea38-641b-4a23-bb8c-9f6615ca536a", "comment": "Malware payload (Formbook)", "value": "14002d710bb0fc29a8103d3909c542e680020f63", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511500, "uuid": "08eadfcc-1c5a-4e85-bf18-0f2f5bad44e2", "comment": "Malware payload (Formbook)", "value": "35f2278a35dc4325d3bb49d843fa5c0b2ebf6443175ca48c7e31e2700feca17d297145a5f67c738cbfd9a0fb0b6823f0", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511500, "uuid": "4fc62757-2864-448c-afca-2017af85a28e", "value": "T11595BFF876047DD62A6F576BCE96ACDC13B61A6399CBA8CC806477C305A3375FE02805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511500, "uuid": "237cc20f-7127-4166-b5b5-3532345df971", "value": "24576:oyNh+vkSpIGa2e761oZziemHIYQGohgxg3je6H3qPwHDaw/oKmDJ9QZEpJqiLq38:y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511500, "uuid": "cee571da-2fff-45dd-b0c0-48b748ff8a5f", "value": 1880338, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511500, "uuid": "a7aee62d-6675-4c8c-9884-0312bd38e5e3", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511500, "uuid": "0a846d08-999b-44ef-b91f-a0a952f6aba4", "value": "1 payment cash Deposit.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "288c114f-c86d-11ed-88f6-42010a9c006e", "comment": "Malware payload (Socelars)", "timestamp": 1679460667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460667, "uuid": "c3801458-fe14-4d12-9eab-339d8ec3efc1", "comment": "Malware payload (Socelars)", "value": "54f8a4c3864f17466705a15a2ef2a06f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460667, "uuid": "e7b75289-cffc-400f-9774-58b9937279ed", "comment": "Malware payload (Socelars)", "value": "d7140018b6ca4711fc2630b815d6aa869dcf472b12ae67d588738eba1765633b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460667, "uuid": "b358629b-5f39-40da-8ce9-213bc3cc4433", "comment": "Malware payload (Socelars)", "value": "db53ec7eaf2928f8b627f36766ccf7c293bf910f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679460667, "uuid": "06585f03-6c59-4e53-a64e-1ebe37b6c24f", "comment": "Malware payload (Socelars)", "value": "8e4acbad46a5618527f9dd633e2d2311b764b0bbf512a96fd6bb8cdd4f89c52a12e07695bf1452814575a1e45302c6f8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460667, "uuid": "a7843cda-e475-4c6d-a2e2-108253e67ba3", "value": "T1DC658D21F7C26032E8E310B745FF66BE9D3C6A11470894D7D3C81D99AB614E27A3B61B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460667, "uuid": "9dcb74be-4041-4097-b6e1-2b88a7d42e00", "value": "b1e867ef87efb215fbaa4877aa8fac3e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460667, "uuid": "a814c2e6-8c2b-4fbf-bd08-cc7d2eed155b", "value": "24576:AGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRbr5hMS6S:bpEUIvU0N9jkpjweXt77X5yjS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679460667, "uuid": "5b5b0c61-3af9-42ec-90dc-becc22707b8d", "value": 1511936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679460667, "uuid": "b720d2a3-e6b8-40e1-80e1-2cc7f4fb9b2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679460667, "uuid": "e6a947dc-25de-4f29-b4c8-13d07f808dce", "value": "54f8a4c3864f17466705a15a2ef2a06f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99fff3d8-c8ce-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679502519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502519, "uuid": "ee1c1540-7d85-4ac1-9cb2-eab5eb62fb64", "comment": "Malware payload (AgentTesla)", "value": "11fae257afc9da107d08c18e6378bbbc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502519, "uuid": "f2a17e11-e41e-4a16-a792-28c44c809153", "comment": "Malware payload (AgentTesla)", "value": "d74ab47d8a9609a9a1f341e007629ff6bc9e1f578dab012e86202ee9dc6b1f34", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502519, "uuid": "9f598b22-753a-42b1-892d-29af9688f0cf", "comment": "Malware payload (AgentTesla)", "value": "458cfc61bd19d6e01b23279495e680f11bc58be7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502519, "uuid": "5a994e84-1775-48a1-aec4-c6d43b0cdc49", "comment": "Malware payload (AgentTesla)", "value": "97d99649c3d94b92c8719c34e805e180227db270bb96d8a17cbe17fa1378bbc33e5728db330e168a2c99725b81de9679", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502519, "uuid": "0dbc40c2-b308-4689-9319-f16d1ace3c78", "value": "T1CF051202B1D6CB32C59CAABD5492882043B6E39B1233FB492FC411DD9F06BD55E26F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502519, "uuid": "09810524-3fe4-43bd-a39d-cacde48fbd40", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502519, "uuid": "95eac706-53c5-4f13-a2b2-47d578678b30", "value": "12288:QL2xcDOzOlDl42PihQo19N2gADhbHo9shINPyLkR58zjjhKRYDFQqJ26:aoBsDlrPihQWNeISINPy6ajjcRC26", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679502519, "uuid": "38b210ae-6130-403b-afc5-0f8cb717c447", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679502519, "uuid": "6a887ef7-39c7-4357-a0e0-d33fe6e7477b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502519, "uuid": "e4db9c0a-d581-4609-a2cf-7b343fdc1cba", "value": "Solicitud de cotizacion.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36dbb32f-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516526, "uuid": "a2e05fc9-e856-4859-86e6-fe4bb0f74fcb", "comment": "Malware payload", "value": "5ebd72c4e4fbd3193d602a9c71f499f3", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516526, "uuid": "86ceae15-0ddc-42bc-8131-2359f002ab6f", "comment": "Malware payload", "value": "d77d66d73ffe22b3cf6ccb3b955c6619d8c6123301ddfe99f85a12f46545790c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516526, "uuid": "027afeb2-9ca6-45c8-81d8-7d27b3140d05", "comment": "Malware payload", "value": "e9357417fa02072e3f16d1c53d13811c9e869e9a", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516526, "uuid": "d88bd07c-674c-4c4c-a958-ac59ece7911c", "comment": "Malware payload", "value": "d0f2e1db56f6e4fe9042faabfb9a810baeed6b974369f99b6a9bfd2ec548aa6c013a9a8c83fa983f4cbcffcd80928935", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516526, "uuid": "5a6b7016-a35e-4eaf-a420-11cc87537f89", "value": "T189135A56ABF00432F6B30B71A938586ADFBABC206476D49F8B900E6D1570D52CA3D727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516526, "uuid": "52e89b59-78fe-480f-9d2d-9808463dde62", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516526, "uuid": "c725d898-fbc5-4c21-b8d8-e471402a1c3c", "value": "768:k8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc18CQiwBeT:P/6A0q5HDR4oWBx3xrBx41z8QcCli+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516526, "uuid": "c0d16ccf-c131-4ab7-b11e-3061b83140e9", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516526, "uuid": "0feb025e-2f07-4ffe-8d3f-d443d5b6197a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516526, "uuid": "8f24c555-cd72-4cc1-a371-729b45038d59", "value": "2023-03-22_5ebd72c4e4fbd3193d602a9c71f499f3_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4239aca6-c886-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679471448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471448, "uuid": "b6f205d5-8f22-4f6e-8136-23d030cec4e6", "comment": "Malware payload (njrat)", "value": "0e47b5de5fd3f5b101d85f0010df6158", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471448, "uuid": "8c565367-fd53-42f5-8fec-3f08f2a9ac2f", "comment": "Malware payload (njrat)", "value": "d79a36eca6234e2aafe266a6887135f93fc076f9aca00571a5012884b510c873", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471448, "uuid": "449104ed-d100-4552-bacb-ba532a14d371", "comment": "Malware payload (njrat)", "value": "ec4d791a218f09e2d9f5427524f69ee61d801d5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471448, "uuid": "3228e9a4-d014-4011-a091-9e1ac7907536", "comment": "Malware payload (njrat)", "value": "605c9a48155e069e506dc382048dfe81cc6bc126c068e376962f5207be7cc6985bc5b2539f2302334e892919f1d6c643", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471448, "uuid": "39f7e638-f597-4b13-8fbd-7236f808a2aa", "value": "T121B22B4E3FA98856C5BC17748AA5965003B491470413EE3FCDC964CBAFB3AD91D4CAF8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471448, "uuid": "de15480a-4edc-48c8-95e3-87f21c377943", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471448, "uuid": "b1a689b9-bd15-44f2-8d6a-6c9f87f9d26b", "value": "384:OV8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZXm:OG589tXvRpcnu1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471448, "uuid": "3905e15a-a042-4747-8879-430dca9a4289", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471448, "uuid": "49d8140d-7749-4cea-b467-961c26b21d01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471448, "uuid": "8a078073-1708-4833-81b3-c959ea5bbd87", "value": "0e47b5de5fd3f5b101d85f0010df6158.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db5f98c9-c8b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1679489743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489743, "uuid": "3dd8fd69-2f41-4e0a-88fb-dd4e102dca9c", "comment": "Malware payload (AveMariaRAT)", "value": "342b7b918ef45ddf23dc3edd945cbdf4", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489743, "uuid": "d1f9640c-b0d9-430a-8644-f45da4856867", "comment": "Malware payload (AveMariaRAT)", "value": "d7d591a6319a5a32fc15ad3689e433b728d93de8de788e5bd75cdc9a10c511c6", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489743, "uuid": "f7ff44ac-72a1-4699-92d4-3412118cd710", "comment": "Malware payload (AveMariaRAT)", "value": "9d235ff74fbfcc497333fc8113459bf996c5ab87", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489743, "uuid": "07e847f7-0cf8-4f54-aece-e31dcee49b6c", "comment": "Malware payload (AveMariaRAT)", "value": "406f50402bdffcc0b5692a3e309f358ad1378092b05810b520266ef578b692a51feebec1131bfae92831a8fb5d5edc7a", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489743, "uuid": "4493d248-de0d-4fe3-8022-b646969e854c", "value": "T191745B0293D36C60EF124A728E1EC6F86A1EFC619D5BBB9E134DFE2F0974162D162705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489743, "uuid": "d4935b3b-803c-4cdc-8923-2e368b8e6cf7", "value": "314565592a4a5f015f9741680eeed0ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489743, "uuid": "625a0e2f-26bb-4107-a7ee-0cddaf5de312", "value": "3072:FWy5XlgoPSJ5j4YDpGBv/MhinMtgrzvk3nSNLJHzO6rZExJJ:CT9DsGhinMtgX8gJTrr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679489743, "uuid": "d76150cd-9015-4bb0-83c2-b441f08bb5a6", "value": 367104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679489743, "uuid": "392a7a27-620f-47c9-beec-055558bb78a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489743, "uuid": "bccd7623-05a9-4973-8ada-32407b44fe1d", "value": "342b7b918ef45ddf23dc3edd945cbdf4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a2b34eb-c8cd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501848, "uuid": "7d895cef-25e1-4f29-9495-deac1f6cfd39", "comment": "Malware payload (Heodo)", "value": "1ed1a8d46dc3e3d89fdbf5eb00f42edb", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501848, "uuid": "efb1bb3d-786c-4531-87e1-c9f53d9a3e16", "comment": "Malware payload (Heodo)", "value": "d7e01bffc54e99f8ead1a8499dae9d51fa259a4f18062f2d5312cd3ee09394ad", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501848, "uuid": "16517374-4bf3-471e-8595-e85f40d7b78e", "comment": "Malware payload (Heodo)", "value": "1b6e2c9ba31d58d4e330874314e59a7fce33dad5", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501848, "uuid": "4520d8d0-aae5-4a31-805c-dafe4e4fe72e", "comment": "Malware payload (Heodo)", "value": "e043cfd1a484748ea4d265a47d4600d0f6409d1715dca56fabbdccba505c60747392c00ef522a373c29689db71e1a5f2", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501848, "uuid": "0bd72dc1-bb8d-4820-9843-dff0c6e42346", "value": "T18C54F502A342DE2FD79501341D0FBBFAA31DDC285B2F86A22059F26D293ED25F3665D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501848, "uuid": "ad6e8562-9d45-467a-b223-c7a5e72b3762", "value": "3072:2IdQGckpM56QDp+SBTA8ku4afD4Ka1Rvl/4Wbqzwc7vanLubTvjVwKVi3yJuq6r:x9HkpzTTfD4KuNbqzryKvmKV8yJor", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501848, "uuid": "1d05874e-c79f-4683-84f4-57594b0181c6", "value": 290816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501848, "uuid": "e2fd3ca3-1e75-46da-a582-a533c24542ef", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501848, "uuid": "48a8c07d-5e0f-424e-a15c-4741226db29e", "value": "SPE930231839KJ.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d98a5b62-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679500907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500907, "uuid": "dcaa1cd6-f563-4ce6-9da3-d38d16dc7fd3", "comment": "Malware payload", "value": "77d8ff584c4a6be6e927107aa7aa813b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500907, "uuid": "ebee7d22-89aa-4cf6-9bf5-c8d1bf3b2e84", "comment": "Malware payload", "value": "d8163bf2b105cf122924ad6d1e0e03331bbf8e9f4b8f81688f210d825587c141", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500907, "uuid": "7444b9d3-aedf-44b0-9b92-7224cb75f53a", "comment": "Malware payload", "value": "4e2f8c4adcf14327899dfe1e85de18a1bee9c2d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500907, "uuid": "2c5a980e-646d-4f46-824a-75df92eb8c4c", "comment": "Malware payload", "value": "aba6948be569d3d53a08365bb77ddedbf99412ef300c1a980920c6a9f7c58e476aea7fcf4b9207054c43566bee0a16f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500907, "uuid": "a553ef09-f07f-4270-a5cb-cdb8453dc95c", "value": "T15633F61A3C53C073E40249B5C6D686C16FFF6D1336E3A43FEF9805495AE129C49AAAF4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500907, "uuid": "937f3af4-abeb-46c9-9497-49ea2700a6b9", "value": "aca77bb36f4ee9dc931c40d10b8cabe8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500907, "uuid": "3c87763f-0d80-42c3-b024-19bcf8d6071d", "value": "384:SGdNcvxQvum6teBIUaHe7+j2Hk94IdcbQuqTZRUJM4AgRFgYjPlJf7jXOuoBqz6d:SacvKbBz7+pdOM3TCqNWPvfv+VNEtQ5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500907, "uuid": "b61d1be8-5b96-4beb-a4c0-1545c96abe9a", "value": 53248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500907, "uuid": "d305fccb-be22-4222-9c79-8b063cadcaeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500907, "uuid": "00c70157-378f-4e15-ab0d-38fa3373f755", "value": "77d8ff584c4a6be6e927107aa7aa813b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf6e5fe5-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679501749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501749, "uuid": "02de8064-b1ad-434f-947f-fa0cfad8fd9d", "comment": "Malware payload (RedLineStealer)", "value": "e41b64b640e369a5f531187013288693", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501749, "uuid": "e6dae165-9d87-4eae-b136-6c15442b1203", "comment": "Malware payload (RedLineStealer)", "value": "d84914a17d7b20d9fcc70bf714f87c4a39879d9dcda0e3c058ceae1b8cab4bb7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501749, "uuid": "a86779d9-b0b7-455f-8c9b-2a427069f161", "comment": "Malware payload (RedLineStealer)", "value": "10aa65afbd26c872dad85ffdbe37950e5bd974ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501749, "uuid": "3b2e8cb9-bf3b-44e9-beea-88d78d0cc38d", "comment": "Malware payload (RedLineStealer)", "value": "41ad1e3875e862a6ccf7fb40261cbb8e322e975b0cb3d347276ffa6ecf6295353312b31e1fdad761c946d769ede22cdf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501749, "uuid": "3ed9dcc0-8296-41f6-a3e0-cff1492e3270", "value": "T164252347AFE49032DDBA1BB009F647871E2ABDD19D74831A32455C4B6C326C0B8B5B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501749, "uuid": "c39a9650-2bd8-4b3c-8281-c7e34c5bcb64", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501749, "uuid": "c31466b2-7093-420f-b4e1-69d8263eefef", "value": "24576:iyWA4j/49IbbPF8TiXj1KNMSR5LQbsPAj:JWXsGnPm+jgySR5LUsI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501749, "uuid": "8d0816c1-4557-462f-b98b-4ff049077631", "value": 1030144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501749, "uuid": "4dc6d497-359e-4a87-b790-050703232756", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501749, "uuid": "00bfce78-73aa-465b-881e-ae5344e7f8a7", "value": "e41b64b640e369a5f531187013288693.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26483928-c8e6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679512632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512632, "uuid": "a37f3c41-cd88-4ffb-a0d1-4d750cd966a4", "comment": "Malware payload (Vidar)", "value": "26dd92feac1784ff3f12909b08670ed7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512632, "uuid": "f50f3440-457c-4939-b91a-0d455967ef74", "comment": "Malware payload (Vidar)", "value": "d86b56fbb2ae739877ad2143f719b0c60df88b6d773c9f837f8490fb157ec165", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512632, "uuid": "dc6ac980-e068-4023-9790-413d804965d5", "comment": "Malware payload (Vidar)", "value": "35a394fa59c20bb287042ca3ffeb04790f326adc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512632, "uuid": "0fd2d48d-7a59-448b-b453-1a956394b931", "comment": "Malware payload (Vidar)", "value": "4fee77bf1ba9ad08e0981b77dcec3168d0b44f400dce5e99f28effa1a7b237ef9fee99d5907e78ed0578e82f4dcddd57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512632, "uuid": "0e4ee0d7-6182-4229-9d4f-d9569b2eb8c8", "value": "T18B94E06A2AB19062F84AC23C4CF471E0476592B7E394F2CC1AC575DB7D714B3A3BA20D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512632, "uuid": "43b051a3-effd-4f2b-b6c9-216389cdb8a2", "value": "cf1b6413c528ef7f498e62f16d8472be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512632, "uuid": "475d9cf1-91b5-448e-98cb-e09142e31250", "value": "12288:TYJwxoVwcezd5BsKWc0ULs9AilN5gfpDx+:TCVwTd5mVc0ULs9AiuhD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512632, "uuid": "f637198d-5a21-4443-8dcf-2ee3bf4257bd", "value": 422400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512632, "uuid": "5d266861-e453-4115-949c-68db04521dbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512632, "uuid": "5840cfdf-df6a-41bf-b7cb-0f9c44d230ce", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2ac7649-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511579, "uuid": "e769b47e-c38f-44e9-b38f-36ef60b11758", "comment": "Malware payload (AgentTesla)", "value": "beed1a2996a4c5f185b2a8116f887f17", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511579, "uuid": "cadc2f56-ab9c-4a4d-8d41-8486ea17f22b", "comment": "Malware payload (AgentTesla)", "value": "d89998b7e237e5376f634168ec651eafe1dd40e3eb0470fe6350559fa4c78e23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511579, "uuid": "b2eafb34-6883-429d-b084-45fb378a9b87", "comment": "Malware payload (AgentTesla)", "value": "616679095bf7a02a08684ad4ed6b14426c4eb4cb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511579, "uuid": "503b4acf-f9e3-4f9a-b18d-4ee941671ff8", "comment": "Malware payload (AgentTesla)", "value": "4189697d0bc6e435c515aec38b2c93fd482dd897ab94bdc6c8943d35034407d582243541789bdcb03e148a9c3898dc0c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511579, "uuid": "ca49d39a-5bed-4c98-9aad-5e4127dd7d34", "value": "T1DD357ED1F150CC9AE96B05F2AD2BA53025E3BE9D54A4810C569DBB1B76F3342209FF0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511579, "uuid": "3344df71-6d2a-4852-89f8-b697c358656c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511579, "uuid": "f1e8a569-8bf1-4583-a83f-10cc33206cc2", "value": "12288:dDBIMZ8eexLlW3Qw8zPWQDbMdaPgi6wZDPAkdyPkL5BCTCR:pZXkL43QWQUdaPgi6mDokEPHC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511579, "uuid": "a8677399-198c-4ed0-9e99-5fc5c20dc6c5", "value": 1076736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511579, "uuid": "e90fc3b8-30bf-4f8f-b53a-c1aef5942d6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511579, "uuid": "5ca8cfac-114c-4d6f-a1e8-65105cf23937", "value": "yeni sipari\u015f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "085b0fd9-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679494543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494543, "uuid": "5cfe7107-3142-4a99-9a6d-4e463c6e9896", "comment": "Malware payload (AgentTesla)", "value": "ce4746052080b8b8785514720cf78df6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494543, "uuid": "13510ed5-d2dd-4a48-aa17-64aad0410910", "comment": "Malware payload (AgentTesla)", "value": "d9056cd85676ed69320256a938ed4fe8c77ef484e4ed95f73801f22e46d67734", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494543, "uuid": "6764af6a-153b-4da7-a4aa-69392cd448d9", "comment": "Malware payload (AgentTesla)", "value": "448ff27b5e1eb401a6d6db0e4d9fa5e043c9fdb2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494543, "uuid": "46ebb677-4d24-4763-b8d1-d0b663f3f6a3", "comment": "Malware payload (AgentTesla)", "value": "2a9dadbcd15e1ae79fc338e07004f472c8af852e066affad0fb8801f5b77142ba6e8fd7defeaeeab1e8a10eaab337cf6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494543, "uuid": "506ce135-3d9c-4cb6-b3fb-ae6c6bb8d2b4", "value": "T14D356C424DBB51C6E8B70F5C547A76980B39E966FDC8503B3CC9B66A8FF9A0360063D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494543, "uuid": "29b7ff9f-08f5-43b2-9157-1e50cf43031e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494543, "uuid": "ce0fda08-2e1a-48d1-9607-8803b958df76", "value": "24576:I6CI20nYFnQXWJoBg6yX22cAP3ydqlxz5ErJUatE2:a70YJr0gJX22cQyqlxzKZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494543, "uuid": "abe7adc1-ffdd-4610-820d-dd553d586804", "value": 1128448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494543, "uuid": "0243bf93-2cea-4de3-8869-5a3e3a64c329", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494543, "uuid": "d104e2ac-37f2-42df-9cd4-5ffedee352a2", "value": "ce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea555440-c8c7-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679499647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499647, "uuid": "7ead845e-a05b-40ed-ab2d-649688089129", "comment": "Malware payload (RedLineStealer)", "value": "050b40891a558f95827474fabc258014", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499647, "uuid": "3c1f241f-44a7-4300-964f-8cf095a4686e", "comment": "Malware payload (RedLineStealer)", "value": "d929778233f593baf83209e2afbf2a00a328e8208ee94e9e92d6ab40491faaab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499647, "uuid": "5309c6c2-941f-4e9c-a81f-4982dabe1106", "comment": "Malware payload (RedLineStealer)", "value": "c3bba51bcbcd03355e641fe25eb5b77a2e0c7e20", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499647, "uuid": "6f40eb60-dc4e-43e3-8f1f-52408894209e", "comment": "Malware payload (RedLineStealer)", "value": "69863d3af04e636bcafc9140337eae2e4ecdbd05096ad7aed7214a01de3a1263bcb887155efc04dd0d84246d8383d601", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499647, "uuid": "32c1dd78-5204-4a35-912d-1fd3e9433cba", "value": "T12DC41227B6F88023E4B627B05CF703870E75BDA15D78832B2B95685B0C737C4A5357AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499647, "uuid": "d86fd11f-0de2-46d5-81bc-4c8799d46cbe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499647, "uuid": "fc004a2a-af20-4b32-a291-65a7337c9ae5", "value": "12288:3Mrfy90JrXsZDMCUdj380Sv6sYAU3Ckk3LBOyRnVbk52:wyusW380SvXYAU3XcL4yRC52", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499647, "uuid": "e6f52312-db07-4f77-82aa-b20989ab9fa6", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499647, "uuid": "5478beed-2f3c-4316-845f-c1a1c859c24e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499647, "uuid": "bca2eb54-1380-471c-b631-4f7bf3f8134c", "value": "050b40891a558f95827474fabc258014.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "069df545-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679448155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448155, "uuid": "e064cc7e-aa57-4139-8150-c55921e8f372", "comment": "Malware payload (Amadey)", "value": "814ee15921a105bef52f1b58f99827e3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448155, "uuid": "b40feb6e-1a7a-41dc-82b2-077db56b264d", "comment": "Malware payload (Amadey)", "value": "d968027240e2177413bb65480b9352c868c6a0b43b2da413d7b3d991261edf5d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448155, "uuid": "e0a9b50c-9e8e-45ba-b78f-20ffc18ea021", "comment": "Malware payload (Amadey)", "value": "ff68ba2afde4d1ba3bcf5625d812f77434ace8ee", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448155, "uuid": "4d22cc3e-45aa-4c52-bec1-92ce8029e6c6", "comment": "Malware payload (Amadey)", "value": "07e41dfd49fcb11db4db6f91450d771d618ae5a958e731f7c29e25d2592f7b6333b2ef122e3211e5def1b241c767028c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448155, "uuid": "83901f4e-4c42-423e-96a2-3f174bb3080d", "value": "T1DC55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448155, "uuid": "162b359f-0963-4909-8923-39dd67c5691e", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448155, "uuid": "bbc2f883-749d-4a22-a30d-e41aca253e1e", "value": "24576:MnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:aC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448155, "uuid": "502ca781-9d08-440e-bbe3-7f5243f6e394", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448155, "uuid": "9b580330-9219-4cd7-ade1-6c3e559a7ca6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448155, "uuid": "b653938c-3522-4975-bb45-b6eab03513ff", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5ccdf30-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679511585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511585, "uuid": "ecea8ed3-9eb4-4a62-ac5d-a53c4e08b2d1", "comment": "Malware payload (SnakeKeylogger)", "value": "72364a62dce0e518809382ed9aee681a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511585, "uuid": "2043f581-8093-4feb-989a-cb719d20a33c", "comment": "Malware payload (SnakeKeylogger)", "value": "d9c35851a578222df21273255d16f3fc4d6ccbf3b6120bf7e1fe1ecbfb534b8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511585, "uuid": "7d9bf0b3-11e2-493b-9641-3f510c51e221", "comment": "Malware payload (SnakeKeylogger)", "value": "a6e6ffb32b11084a2a9207e6af3ecbc06976bf5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511585, "uuid": "351f44a7-6a22-4b6c-81b3-0e734f64cf88", "comment": "Malware payload (SnakeKeylogger)", "value": "192aab9483a5eaa0cf8da859013d988cee1f40a881e538dec406f45ea22745a8a3dc45c9e9aec571fb88a0eb31fcdc86", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511585, "uuid": "11751583-de33-46e5-8811-24cf9f2c8358", "value": "T17774F1D27600D1FAFD7E8930F4BF98479666BC764A441CD62398BB8888F21114E9FF25", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511585, "uuid": "23f869da-9598-4905-bb5c-ffd0efc8e33a", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511585, "uuid": "39bba241-c7b8-4c56-8a52-b9b8fa250686", "value": "6144:nQ606xUAK/TxV595DDVHMv/qruuksCeo9OShX9/IJaBYx1CJFJJQJFR:k3LJZsHqiTJYSht/IJpxMnQJFR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511585, "uuid": "21f933b7-5ee9-483f-8e7c-f5b97b219df2", "value": 352638, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511585, "uuid": "6071e9aa-de14-4b87-8fbe-289022cba9bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511585, "uuid": "01a601fc-8ec8-460d-9266-e151e2b08dcf", "value": "Fatura \u00f6deme 2023-01-17 ACTA JGO EDIFICIO TORRES.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40a3c6ed-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679507952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507952, "uuid": "d3d20f87-1d8d-4eba-ab56-56d85f79aa70", "comment": "Malware payload (Gozi)", "value": "004a3656327f7debf451baac0b8c6c53", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507952, "uuid": "0214aa73-237c-4949-9374-ac96b855efe2", "comment": "Malware payload (Gozi)", "value": "da0c185245dfd3703d3af4b0a7e4f7ee5553c47eb2ef42b3864ba585e73f5dd8", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507952, "uuid": "a60cd035-357d-492f-bb23-bffcc259a5de", "comment": "Malware payload (Gozi)", "value": "e854702a3c4dc6da2ed4e6f7fed0dfd6a911198e", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679507952, "uuid": "9fc41f6b-9d51-40fc-9baa-4e5ea5a34d80", "comment": "Malware payload (Gozi)", "value": "395a9dbb9b9a4e7bbbff4ed80665076020cc24d68add0a229313a2774971029287ea020ed9fa9326d63eb7f7fb34a055", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507952, "uuid": "d0daf0eb-92ac-4b24-890f-170d32466813", "value": "T1EAF05500F30D69FDC2639F79C49153A0F67BF65385DB4213104D64282E96BE30719AA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507952, "uuid": "5c738139-7a4f-45e3-a535-a09aca6f5fcd", "value": "12:5jEu9oX9mZYuH/7z5R/9n/RHEQf9mvX1HP:9Eu9oX9mmufP5R/9/RVf9md", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679507952, "uuid": "a27b5b79-6fb0-4398-9184-0e0b2b28f26b", "value": 479, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679507952, "uuid": "8824432f-2229-45ec-bc8b-645b93360eb7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679507952, "uuid": "ead25324-673e-46cf-acac-83f9dc55c440", "value": "Cliente888.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4a3e7f5-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679494403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494403, "uuid": "1ba9dee9-4112-4e9e-a390-d2dd44eaa13e", "comment": "Malware payload (Gozi)", "value": "67d129623e8aafeb27037020a79b6713", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494403, "uuid": "77532060-dfca-40e5-9c4a-79c57403e43e", "comment": "Malware payload (Gozi)", "value": "da10d106e209213ae89126328383a966c6878089b93b2fe597a353b0a7b121da", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494403, "uuid": "1333e7cb-760d-4cb9-9645-98fb7ffdb0e6", "comment": "Malware payload (Gozi)", "value": "247bb003201078c30348cddd0c90a93fba2da54b", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494403, "uuid": "9326998a-5767-432c-ba29-9ec9e6c68c32", "comment": "Malware payload (Gozi)", "value": "14e575570232ce7659cea37d1928c428317353bae4471e87c3150cabbb9869b311e3d56da6195b461bf7187a2581bb2e", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494403, "uuid": "240f712f-e876-42e0-aaee-0dea02ca213a", "value": "T199F02B209E8E5B4DE2978F31F04411F5D12ED3CA29289157DB54E1211936AC68F15FE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494403, "uuid": "75defb9b-bc91-456a-83aa-34df7c6eb5cd", "value": "6:5j8mzuHI3BFTUj7rVGLXULCGZNa400ajRNWrvIomdt0mK9b6E6nBSX3M4GMu5lEm:5j8mDgx7CqazjYvIQm0x0L5yoP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494403, "uuid": "448c6e3b-6b01-4553-92c2-f9c30c2129a6", "value": 479, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494403, "uuid": "75ff5175-d727-4eb0-b782-6e7607268926", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494403, "uuid": "dc4ff251-04d4-4151-a1fa-0d50f3b14998", "value": "Azienda855.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3bc3929-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469034, "uuid": "9e04c95c-c13d-40d1-b495-478846357443", "comment": "Malware payload (RedLineStealer)", "value": "4719a592b90ddf033ed24ac3a0bd0bea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469034, "uuid": "c14056a2-44f1-42ef-9ff7-781b538614bd", "comment": "Malware payload (RedLineStealer)", "value": "dbe215f957251e03d0c24cba4916050fccbad3afd1938132eeb3d4a715220597", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469034, "uuid": "ab4c7fe2-5e78-47df-9197-e8d07dcd1912", "comment": "Malware payload (RedLineStealer)", "value": "07438f5e9ec762ef1a9c9614f96c11f57c5ab396", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469034, "uuid": "dc79d5af-2500-420e-9cac-5b017e734db5", "comment": "Malware payload (RedLineStealer)", "value": "1dbb4255fc88969f5b314a2b4cc8a3c3cb89a1ea1a76a1e4fa8c5722736b1d2308975e1a97ec48a1e51993e9aae515b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469034, "uuid": "7b71deb8-9e63-40bf-aa3f-fc066e5e070b", "value": "T1D355E00382923C55E6258B739F1FC6F8B65DF630CF497BAA32089E6B14B02B7D163651", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469034, "uuid": "e44e0fb9-9627-4376-bedb-9a75cf513c85", "value": "abf9812c144b37aad537ff6f220c83df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469034, "uuid": "c6adcb04-e736-4dec-821e-c77a1d72198f", "value": "24576:AF7kbWMH5bL+ZmZhqNrZ8fngYq8u2iXhKsfMe+MVL538dWW:ACKE5H+ZmXqNCna8z4DlVL5O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469034, "uuid": "741a6122-b9c8-40bd-811d-5b84a05680a0", "value": 1367552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469034, "uuid": "cbd9492f-66f7-4765-a34f-6b9324875b63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469034, "uuid": "fc523e50-2964-4531-a631-a458d010099c", "value": "4719a592b90ddf033ed24ac3a0bd0bea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2521715-c8eb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679514988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514988, "uuid": "f098b30a-70ab-479e-baa5-4e7ce065b8a5", "comment": "Malware payload (Formbook)", "value": "92be4d14e97f691d1a23454035deca30", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514988, "uuid": "827eabee-4f65-45c5-b32b-cd4e23765c07", "comment": "Malware payload (Formbook)", "value": "dc2f8a85b52e8562ada16c2ee6cda9770a3c010f894901844d0104476bae67b3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514988, "uuid": "a34c9661-7694-40e5-80a2-2cbf409914db", "comment": "Malware payload (Formbook)", "value": "8bbdf36c4f273c1a0925a19115cdf914d759f1cf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679514988, "uuid": "690d57f7-dfcb-4667-810c-50820e981b57", "comment": "Malware payload (Formbook)", "value": "e5bb1b32ff38e5992cab7b061c8914d0facfd1bceb853b14d1efddf64f7902f689258d8bb12549f80884187b9b977c52", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514988, "uuid": "9c2697e1-10ae-45e7-9658-18bd8cf04b17", "value": "T19B54135987B4C9FFD7E301B34B3663269871E8220974474F3B9068ADF126891EEBD391", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514988, "uuid": "a33491cb-9dc4-4622-a928-3602f8b8f81f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514988, "uuid": "b4bd2ddc-38ba-411a-8fb0-f697c1c7abfb", "value": "6144:PYa6BSfFwfFmDUQy6jemta2tm/HrtkScKbrlPTpMVbNAvB/h:PYrm2fviaRkScgBPqU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679514988, "uuid": "13f40887-95e5-4b55-abb3-71040364c62b", "value": 279448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679514988, "uuid": "8c2a3f7e-8f2c-41e7-9f9f-3c1203eb24ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679514988, "uuid": "d3128d9f-788a-42a0-bd2a-a0ffe32e3d21", "value": "92be4d14e97f691d1a23454035deca30", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84a018b6-c8c8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679499906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499906, "uuid": "c61d3fa5-cf68-4da5-82f4-8dffff3d7dac", "comment": "Malware payload (Quakbot)", "value": "811e54858c18d606797b7519985faab6", "object_relation": "md5", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499906, "uuid": "1f2c5b4d-65fc-4837-bd83-06a86df9764e", "comment": "Malware payload (Quakbot)", "value": "dc57e0080257203ba3d4fd1e13883429dc1a7d1e543b77cf1c11d04a693fc30d", "object_relation": "sha256", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499906, "uuid": "283f12bf-33c1-44cd-80e4-a06f20ade5c3", "comment": "Malware payload (Quakbot)", "value": "416c12efe203f204f7efb8430937e4e1b303f0e3", "object_relation": "sha1", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499906, "uuid": "7db7d2d3-1123-4bab-9ec4-3acd79b826ab", "comment": "Malware payload (Quakbot)", "value": "14033afe3d79d87ff24bfd6dcd9d4b80198241252ccf3a9e83f664ce2de763d92a6b3955dac55a0a140dd12abd6171a1", "object_relation": "sha3-384", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499906, "uuid": "cf588e11-c4c2-4bce-bbe9-fbc5daee68c1", "value": "T11B942B39821350FACC4B2AB311877A5F7964D705C4502E8ECFAC1D79F76A88069297BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499906, "uuid": "97ab58ad-f53e-4993-9875-592363536325", "value": "12288:e8T1Ee/IAHrWgnPwk7lUj6WJNZvf9UjQVMlFlup2rFWkWTHq1bw7YRvKeKnMF1Bn:PEe/2RKlFF+MFAWs0w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499906, "uuid": "485c7f35-e957-463b-83bc-99964786fd5b", "value": 445578, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499906, "uuid": "d2d19bbc-3f17-4c37-85be-13c77fae691e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499906, "uuid": "7862bf43-13bc-46fd-a393-4fef25cc4d44", "value": "SplittermanRuralness.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73cf4a3e-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471960, "uuid": "d7767fc0-8372-4a49-8a1e-1655dd1a1cd5", "comment": "Malware payload (Mirai)", "value": "86334733b155a1040d46b194c057beac", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471960, "uuid": "c344b8ab-671b-485a-b6f1-98b096c4d785", "comment": "Malware payload (Mirai)", "value": "dc62710ab21ae2ab15255745f9728be33595ce1384c54cddd3eac977910f6704", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471960, "uuid": "a1504c99-9e8e-4938-a3e0-82cb9255c615", "comment": "Malware payload (Mirai)", "value": "42edc596787a4d6c9134d1c287ee09281b1be08d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471960, "uuid": "3feb4ef3-d9ef-4328-bb08-c276a90f89f4", "comment": "Malware payload (Mirai)", "value": "bb9d32fa4672d003bf59ea355d34d625c8c2751aa87bfa3365c8388ed5db461b60d2777721d654c383f9c410a42f3480", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471960, "uuid": "8b56475c-7870-4ffa-ac35-4cb492d0e6f4", "value": "T17973F756F8814B12C5C512BAF92E128E332317FCE3DEB2129E246B2477C696B0E37D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471960, "uuid": "af349c80-c790-49f9-88bb-647496fc1b30", "value": "1536:WlngjFJNDCYSmAiXyvEwC3PDXY2JuaXR0sIniIOLEv9Gs75SYIWM:/FTDFsG7Y8uaKOLEv9Gs7wRl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471960, "uuid": "fc929fb2-2abb-447c-8ddd-4beabad5fa8a", "value": 79160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471960, "uuid": "6a4abece-89ff-4404-acbb-ca7a35ba16a5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471960, "uuid": "378232a1-30df-44f5-ad3c-249c5c8c9b43", "value": "86334733b155a1040d46b194c057beac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9f75b85-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679501713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501713, "uuid": "cd275a60-c8dd-4a62-87d5-5c79f2fa42c5", "comment": "Malware payload (AgentTesla)", "value": "73e5dc5eb9bcab948112ba6cb4dc4e62", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501713, "uuid": "1b60bf38-d465-4635-a55d-7cca8015b651", "comment": "Malware payload (AgentTesla)", "value": "dcb68c92e49907e08f62a5da87dac15200430adbc705c818d5b346ec54510003", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501713, "uuid": "db64857f-8b64-4bff-8505-0f8f5b9b1fc4", "comment": "Malware payload (AgentTesla)", "value": "a067fbe9786d029ee44da49057bc8a9fcda6b42f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501713, "uuid": "722a6aad-49ca-42ae-b7b8-694354240e1b", "comment": "Malware payload (AgentTesla)", "value": "4e9412f1d373ffd5f1672020a3eadf4f484866f4560e0f76f899a14aada5cae694635ec518665ff3b5243cf77e3caff5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501713, "uuid": "968bd673-f9f8-484a-8c52-7acefd695dcd", "value": "T14E350213F9848D46D44247F97BE379D8231EBC666BD2A2872344B70F6FB8AE0464711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501713, "uuid": "11f89b79-97bd-451b-bc8f-3b7072491c1d", "value": "24576:SLKIKWQmmav30x++MXUu9/bw+MXUu9L3bV0+MXUu9W3bV6bt+V8wyfN:SLKIvQmmQ30k+MXV98+MXV9L3bV0+MXd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501713, "uuid": "8d2c84e2-8179-4edf-a4bd-513f1f93a202", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501713, "uuid": "ea1d6194-3493-4705-a9d8-61c086f544ae", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501713, "uuid": "d6512b03-6cc7-40a2-afd6-304a478cb0c2", "value": "PurchaseOrder and sample.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d55fc44-c90d-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679529368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679529368, "uuid": "56a90316-6121-4f81-ad1d-6b9ee31728db", "comment": "Malware payload (DCRat)", "value": "1fff5ee9044814883cfa8d76e281284c", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679529368, "uuid": "0c70579d-51e0-4778-9da9-6f1536ce3359", "comment": "Malware payload (DCRat)", "value": "dcca5dae3518d25030ca6e89ab90cd5631ea028b8376e01a8d2a151eff2a744e", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679529368, "uuid": "0dbfed20-31cf-4d72-9e0d-c4dd7612f9c7", "comment": "Malware payload (DCRat)", "value": "519f65b397de210f1a69c95d8d6b4aebccdf6cee", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679529368, "uuid": "2765280c-83a6-4669-8c95-9a67a9f931c8", "comment": "Malware payload (DCRat)", "value": "f15addb7845036be1b69965fba2eabe4084e354969f2a379364c0c411c6d0f864f6cb7178bcabbea75a15b2d6410265a", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679529368, "uuid": "f0db902a-c90f-4ecf-9d7c-6fc94c2cca07", "value": "T1DEC5DF027E44CE11F4091277C2EF464887B0A9916AA6E31B7DBA777E65123A73C4CDCB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679529368, "uuid": "d231672b-f61f-4cf9-a199-8707ea6ec861", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679529368, "uuid": "ee316891-1274-44ff-bf0b-f1cd8fd3c71d", "value": "49152:jFhevimCMPQCEwTnppuDhWwBar79vwS1o5SGAY3A6S02Gb7RgtHCw9MP0:ZhrRwtkNqhwSktStGvRQHi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679529368, "uuid": "9d20eea1-cca9-4550-9daf-8b5c54a002f1", "value": 2613248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679529368, "uuid": "b0f3b812-5c37-4910-9270-f6775f33d01d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679529368, "uuid": "618a8bad-1c26-4710-81c8-f1100556faab", "value": "1fff5ee9044814883cfa8d76e281284c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9eaf0410-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload (LaplasClipper)", "timestamp": 1679512405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512405, "uuid": "8507eee0-a241-4b13-bee7-dc26d30b864d", "comment": "Malware payload (LaplasClipper)", "value": "6b4854e6cad19b61eda6eb5e68dcfd80", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512405, "uuid": "d883527f-e8a9-46d8-a018-e91ddc834d40", "comment": "Malware payload (LaplasClipper)", "value": "dcd60ec48ce671c27c2dd6abac75f015e64d5eeb1fdefe9a85bb706e99f2071c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512405, "uuid": "8f4b2749-70bc-4438-a69a-d036fb807a00", "comment": "Malware payload (LaplasClipper)", "value": "f9d95d56f4a68a997154b2e9bc7a362cc1a1dc36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512405, "uuid": "a5dd4056-c48a-4e63-a0af-17f75f0f97bc", "comment": "Malware payload (LaplasClipper)", "value": "e31bd0820ea00c7803ff413a263947d186d40047511b36d4ccc3e7f860307a6eb39f3299925e8ee16b96597bd380c46a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512405, "uuid": "f3efb1a9-688c-467a-8a8a-70db101d9f58", "value": "T1E99522C253D07C64E1129732BE0BCBF8722ABDA1DE59BF5E3154AE6F1A310B3D152219", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512405, "uuid": "3ab31552-afa1-4ccb-bb68-e69f05bbd55b", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512405, "uuid": "0cb38603-ef09-4c11-b1ce-1b533cfc6a19", "value": "49152:ockHSWlipdOYnk04IoVMWPxpCP9I8VYiFFTMQheFE06PXqQ:RkHSWlaOYk9IoVhPxpCP9I8JFFZh3a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512405, "uuid": "7c2994f7-9d54-4088-8dcb-77ec826c08e5", "value": 2037248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512405, "uuid": "43b22ac4-6ab2-4dc5-b68e-41de2585022a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512405, "uuid": "a18dd86b-e89d-4368-af55-25073ca3bb30", "value": "6b4854e6cad19b61eda6eb5e68dcfd80.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "239c7fcc-c8d3-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679504467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504467, "uuid": "429abf0d-e582-4911-aa92-f3ab05bbcf82", "comment": "Malware payload (njrat)", "value": "0258f6262873cbc3e440d20bbd78f23b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504467, "uuid": "b1bc50ca-c4b1-4e7a-8def-78b0b99d19ec", "comment": "Malware payload (njrat)", "value": "dd50128d3b167ad7bc5970a95f9dcac2870df3adb3da48c849d0af9ddc410b24", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504467, "uuid": "844e2824-49fa-4ebb-8a1e-748f64334f3a", "comment": "Malware payload (njrat)", "value": "440f32206b9cf333feecace85c9d1924ea7fc95f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679504467, "uuid": "b1889a47-4dcf-480d-831e-d8ffc7fcb587", "comment": "Malware payload (njrat)", "value": "fc6c33afc657d524a2c486068ac5283592221f0e5c90c8db4d34126a478c195865be352bc69b9715eaa8aa04d82f043d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504467, "uuid": "27277c46-9794-414b-85ba-c6aeb5c2f51a", "value": "T15B032A4D7FE181A8C5FD067B05B2D41207BAE04B6E23DD0E8EE564EA37636C58B50AF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504467, "uuid": "8176a57a-508d-4300-8066-77130b5def22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504467, "uuid": "1bd1f625-9634-4c80-9b29-db4566346a3d", "value": "384:qmO/0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3c:0mdGdkrgYRwWS9rM+rMRa8NuEgbt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679504467, "uuid": "527701b7-f068-4da0-aef7-5d1904034f29", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679504467, "uuid": "70b113f0-247c-4310-ab72-988d05cc16b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679504467, "uuid": "57be33c1-9a22-4a7d-b326-011f448d6bb0", "value": "0258f6262873cbc3e440d20bbd78f23b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b6a2434-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471866, "uuid": "3f3032ce-dc1a-41ac-b62b-1ae6babe907e", "comment": "Malware payload (Mirai)", "value": "1d802f056e49caef7e08fba7df1be5db", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471866, "uuid": "9f6859c3-43a0-4cd6-9902-d3956728eaea", "comment": "Malware payload (Mirai)", "value": "dd9c8a08dcc86fb9e78972009a2f66efadf4e30d7c91ce789d4b292bf1a72c98", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471866, "uuid": "9291226c-c175-496c-9b1c-2689ae3fa707", "comment": "Malware payload (Mirai)", "value": "540cac48cd2dd0b50438c63de559daeb7ea19d74", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471866, "uuid": "0f924619-5431-4a7b-a44b-002de48b180c", "comment": "Malware payload (Mirai)", "value": "7e0d961a8adfdb701388b774f4da3ad7f9fd4db1e0fa9a414f9d75fa66ba056ba41546b71874b9db850f91cb55b873db", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471866, "uuid": "b95e9151-5416-467f-8875-8f75f14376a7", "value": "T171633981B8819613C6D0127BFA6E02CD3B2613E8E2DE73179D225F203BC692F0D77A55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471866, "uuid": "7ee5c7e8-f695-48b4-94c3-9c84ea350078", "value": "1536:yVZYOt70M/6RRXs4plKSKIV3vz2LwzjZ3w7qvmWh:yV0RQfY3vz2Lw3t/mQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471866, "uuid": "f2800c55-4b1e-49bf-ba5d-34c86505401c", "value": 66876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471866, "uuid": "f2c04060-ccef-48ca-ad0b-39a06def2d97", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471866, "uuid": "5436d0be-1dec-4ea1-abc4-dfe8ec005690", "value": "1d802f056e49caef7e08fba7df1be5db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be5e77bd-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511599, "uuid": "bfc780bf-ef7b-49f1-8184-e3944ef7d6f5", "comment": "Malware payload (AgentTesla)", "value": "1b94a8e627c381a37399d45618167b8e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511599, "uuid": "7bdebd46-753e-4b82-a4f9-15f707f54f90", "comment": "Malware payload (AgentTesla)", "value": "deb6aedd0f43684c17b79ed15ce83535a06783b817f029a1507ff3dfea0e403c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511599, "uuid": "537875b5-bf83-4457-9bb8-b032def36fee", "comment": "Malware payload (AgentTesla)", "value": "e06dc525c5dbddbf4db7ea36298ed460190e7d0d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511599, "uuid": "0bb0739c-5841-47d8-81a6-19ea0a32bd32", "comment": "Malware payload (AgentTesla)", "value": "29a084819e907032ec5f50c7677bcbfd180db0058ab15127b2f78753a066bc87caca2a4bd085f71996d9907446f18749", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511599, "uuid": "0c7665b6-b1c7-4508-8f49-b065065757b9", "value": "T137F4230C27974375C97AABBA14AF6B441770C7BA4337DB8E5E6630DD96623B00B12BC1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511599, "uuid": "a71f26bb-3260-4be9-bf6b-189d5560146e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511599, "uuid": "95118e33-9e8f-403b-a889-5942d2569daf", "value": "12288:FtqYtzl06/TgTU4hLNsgnPHAt9ggtxUk6U8Jr6RSNbMjBe7M+N9c0tEIx1MKJv0:rl06MFjsKF9k6Nr6gRK9+NZtVPJv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511599, "uuid": "fdf311a3-77f2-4d48-9237-392b7989e486", "value": 741888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511599, "uuid": "83372b84-1ac1-45ed-beb5-70907cc40922", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511599, "uuid": "2daf0b12-7e47-4259-a9d0-53303e6137df", "value": "Ordem de Compra 5002981471.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a89ec55d-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469042, "uuid": "17b16a36-1fb4-4224-8564-f54e96542146", "comment": "Malware payload (RedLineStealer)", "value": "8101bffdc72b0111607b440ba53f4d8d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469042, "uuid": "415671f0-46a8-4019-9b1f-d86e22e9dcdc", "comment": "Malware payload (RedLineStealer)", "value": "dedaa14b1444efc6d9ea602c03a3a48c4c4509ffbf35285d9801fd4ecb5d308b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469042, "uuid": "e2407d32-872b-4cd8-b81f-d5b396eb233c", "comment": "Malware payload (RedLineStealer)", "value": "a124529300b8623f9dad2f67c028e0e55cc2d024", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469042, "uuid": "2b797edd-adcd-49c5-9a90-8f8622b258de", "comment": "Malware payload (RedLineStealer)", "value": "94d75332fd6cfa444142e0cf7ef6c98f35fbab266e93f10ac14a9b6edcab8866047135137591e60c1e3e36ddb9ddab1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469042, "uuid": "78dc3bbf-29ba-444f-860b-4c0123cda34e", "value": "T140C41246EBDC4233EDB81B3058FA02C30631BDA14D38D72B2796A85A1872954BD7277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469042, "uuid": "ca3a5acb-00ce-48dc-a18e-5e4e36d9dac6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469042, "uuid": "5bbb0db4-c148-4696-94ec-fbcc006b6ba5", "value": "12288:2Mrfy90D90WxqFxd+4FqW2FXjdm8AU8kzOzERy0d+y/ZGLeWAsz:lys0eqFD09J38yOvIGeWR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469042, "uuid": "89a7a662-9450-4936-9b89-3361149c845b", "value": 552960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469042, "uuid": "36ef8ffe-02e8-4c36-a49b-1b0beda4c169", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469042, "uuid": "c983da07-07c6-409f-88db-5b4b18e82a68", "value": "8101bffdc72b0111607b440ba53f4d8d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de5eee4f-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501774, "uuid": "e5f8f11e-b3db-4a21-aba1-48ed9848591d", "comment": "Malware payload (Heodo)", "value": "c8898ca0af2861682e1fb970ae4cdb7e", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501774, "uuid": "0ea7a433-cbcb-49cd-8d90-1e10f1877af4", "comment": "Malware payload (Heodo)", "value": "e054fee8e166f73b9213cbd2c4fb5b22ce158d7cc913878049ba3dbe70158592", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501774, "uuid": "7c1cbcc3-b8b7-4032-bea4-27946e3ca089", "comment": "Malware payload (Heodo)", "value": "d58c7c6a2a86b825ca042c6b1493ac60e1d85c89", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501774, "uuid": "a16cbb50-8e89-4b3f-b21a-86594b9266be", "comment": "Malware payload (Heodo)", "value": "1b4c45f1eb91ad4652fc3f715565dd3658ae4ed893b498ff22324e6f23b557aba8efd9c5b668e0d28ca5ac02143135c5", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501774, "uuid": "717468f6-a0b3-4ae0-a636-02ea1ab5929c", "value": "T18444F5426342CF2FDB5101345D0FBFF6A31DECA81B6F8651A448F2AD297AC26E3295D4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501774, "uuid": "55a19555-6766-46a3-a76e-d79f5eb8be2f", "value": "3072:FKQlkhFVDQxhkDzo0qT5e/UDrpgIAww6MVikUiAageLXQcXhq7P3PfdyY:FK+k5DQPkPq5pRO6ezw7P9y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501774, "uuid": "87d584ff-6cc5-47b2-b020-b90916d00a2b", "value": 276480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501774, "uuid": "79e984ee-4df1-46fe-9a69-2b675056513e", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501774, "uuid": "9079f02c-240b-404c-9b4e-848d72e7b45b", "value": "896596943605538321105519908.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6345276f-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511876, "uuid": "90aead0a-4ab3-46bf-9e07-fafe0ee4dcd3", "comment": "Malware payload (AgentTesla)", "value": "f4d52d5be74aabe60d25252cc701c692", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511876, "uuid": "73e8bcd5-60cd-4718-befd-6841d3642018", "comment": "Malware payload (AgentTesla)", "value": "e1075db21ec06c9a0fbf86d85a8c9d3c5cbbd47384ae8a527ff9a4f5c7197e4f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511876, "uuid": "a7fa9119-156f-4afb-b180-12078d8de474", "comment": "Malware payload (AgentTesla)", "value": "4006caa504d140b41c2989e5e4df5fc680a25f61", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511876, "uuid": "bf1415a8-0795-4e13-9ce4-5660747bfc55", "comment": "Malware payload (AgentTesla)", "value": "78e544d04ce094e8874a1e00cd4f35bbfd840b86210fb45f45ebec98bd88b8e312ed32373f34c551ca7f99af9ae2d8bd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511876, "uuid": "5816226d-861a-4565-a0d0-2047145103c3", "value": "T11D64D998B4EA020E1AE9F9438F47FA9D57B7E9D684381E5588CC094B27DD501FB023E7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511876, "uuid": "1202ae01-6c6c-4512-97c7-210b56937a90", "value": "768:SHqVFOeg9ktLucLCimdmxqs1i5Vdl2zlLeiarB:SHqVFaktLucsmxqsszsHarB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511876, "uuid": "9ff96664-fa33-4c96-b8b7-8dca755a8eff", "value": 325948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511876, "uuid": "67455436-22d4-495d-859f-dcdb81562ddb", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511876, "uuid": "f99ce61f-7d6d-4bfc-a878-7d0f041092c6", "value": "cotizaci\u00f3n.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f35f614-c8e8-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679513453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513453, "uuid": "f1d56bf9-5d33-467d-8c7a-844d41d5f9e6", "comment": "Malware payload (RedLineStealer)", "value": "63a6473c6d82013e32e9c4c34b36e30d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513453, "uuid": "dbce38e7-75e8-4f7a-9adc-45becd49f80e", "comment": "Malware payload (RedLineStealer)", "value": "e16603e1fe186f97f2830dbec4a1648733640e0de586771935fd8b17cc1b1704", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513453, "uuid": "72e6754c-a286-46ca-bf6d-e0ea8571eb62", "comment": "Malware payload (RedLineStealer)", "value": "b2675c05fb23dc2289095e8efd4c41cca1c84207", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513453, "uuid": "5ec1b97a-a9a2-46d7-9b16-090d89ef83ab", "comment": "Malware payload (RedLineStealer)", "value": "8b2f58dee8fde318ed41db9d062863e6dc6347e8df08e25969431072b3bcb637507beebd7be500031a5fa87f43199670", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513453, "uuid": "4d5467cd-6f46-4f31-a5b0-5c4a3e26f86e", "value": "T1D7252303AAE91022E476A77014FA4AA31A36FDE25D70437B6795DC1E0CF35E64A307B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513453, "uuid": "862c096c-2c04-4dcc-98d9-19ace76008d9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513453, "uuid": "195c5126-bf44-4abb-a395-3f699535f8f5", "value": "24576:Jy7gMP3lrhHysPQr9eT7mToeVD/jUYsO+2:8735tPQJKCoIzmZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679513453, "uuid": "0edc2834-4399-4293-804e-cb3591efbc93", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679513453, "uuid": "9434c8e2-f03b-4e14-9886-69df2468368e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513453, "uuid": "d207d2d8-22c0-46b1-9912-cc7cd210dd99", "value": "63a6473c6d82013e32e9c4c34b36e30d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24f168d1-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448206, "uuid": "9dedf8d1-3070-4321-a61c-c33d942c2f59", "comment": "Malware payload (RedLineStealer)", "value": "91a42b6b3c41517947bc371b0363cdf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448206, "uuid": "f4aaacca-a827-4732-aed1-7ac58f34146b", "comment": "Malware payload (RedLineStealer)", "value": "e1ad2dd670663e00e0e7f1697279b1a5b07605267a09668a72906aadb2a1e6b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448206, "uuid": "40047518-cb84-46de-867f-838d82a2228c", "comment": "Malware payload (RedLineStealer)", "value": "962851502b7f479531203a12860932acd9364484", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448206, "uuid": "ce71b624-8286-43d8-9c5c-e41c45dd93af", "comment": "Malware payload (RedLineStealer)", "value": "645903ff67e73f797e5ba2ba885a0679d134af0bceb2a35af371404255800485d76b2dd1ae3c727eeaae5fc0605120da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448206, "uuid": "92c1f2eb-82bd-461c-95fd-a7c3c7d882f3", "value": "T13D55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448206, "uuid": "f977953e-e248-4c2f-b952-83ec35cfb345", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448206, "uuid": "411c89af-50a7-4b12-8955-6c9b3ed1db02", "value": "24576:SnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:AC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448206, "uuid": "868a92e7-9c79-4ab7-a5fa-9b87f1ed6125", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448206, "uuid": "49c3a5c7-70a7-46cb-a3c0-d1660c3e0473", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448206, "uuid": "a0916c4f-731b-49ba-aed9-658261e96b02", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3775ddb0-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516527, "uuid": "0911f0af-a3ac-4616-ae45-3a34f179a15d", "comment": "Malware payload", "value": "b8f8d551bfca69c438ab128974750cf4", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516527, "uuid": "9ad8e702-57e7-4bf9-962b-82be56b1d17a", "comment": "Malware payload", "value": "e1b78948fb2a0f0316cb5b87f9b7ea6ba67d1c30cc6bd7070b62f16cdeff267a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516527, "uuid": "c66dba58-1e25-4b8d-891e-ce4b029129c2", "comment": "Malware payload", "value": "24d7628e508f4b586d41e52862c9b63d79e7238b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516527, "uuid": "693c6f81-79fb-49e3-8506-409f9f6447df", "comment": "Malware payload", "value": "652f0b094a2e28170fb1c074f23eefcdd7ab2534d4ab0f17e194cdcbfdaf0ea86abc7fd8adb25ad122dea90db24e22ab", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516527, "uuid": "3fa67e39-9829-4e35-9e69-703610f100bb", "value": "T185136A16ABF50432F5B30B31A93448A6DFBABC216477D4AFCB900E5D29B0951CA39727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516527, "uuid": "1b3d5eed-0879-4844-a129-9cb21a551aaa", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516527, "uuid": "c05d7df7-2a3a-4e7e-807d-a09df8e9c889", "value": "768:y8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1rPQiwBeT:d/6A0q5HDR4oWBx3xrBx41z8QcZYi+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516527, "uuid": "16eec97d-19c4-4d8b-96e3-cd120f485c37", "value": 43520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516527, "uuid": "111b900f-f668-4da3-9204-6d70517738d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516527, "uuid": "c7ef92f0-7859-4796-92a6-57b58a81bf96", "value": "2023-03-22_b8f8d551bfca69c438ab128974750cf4_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54026626-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471907, "uuid": "f4cbd110-c776-400b-bbcc-e46a0afe7e28", "comment": "Malware payload (Mirai)", "value": "337cd8a01a355d51873debbd3d21b6d1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471907, "uuid": "d9854471-f1fb-47f0-a99a-79b3b930e880", "comment": "Malware payload (Mirai)", "value": "e2489b5b4bf49e1794fdb6bcee5df12a31a4d73d916059843121a0b29ee410bb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471907, "uuid": "54786bdc-e491-4fb4-8c63-0f143887d2c2", "comment": "Malware payload (Mirai)", "value": "0ef33aa5f970a2c9eba05478ff05dab40be19058", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471907, "uuid": "513769b7-53b0-49af-b7ec-4c14cf6f86d1", "comment": "Malware payload (Mirai)", "value": "3fd6198947967d49377f5fafd69efc86d9264e0ebdae07d14eb8ef32dfe401f7a38a9d9a8e911375d96e9f8456d2a1e6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471907, "uuid": "dfa0ff21-b905-4ad9-92bf-d40e0435e670", "value": "T1C483D606BB510FF7DC6FCD370AE91702348C594A22A87B367634D828F65B24B59E3CA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471907, "uuid": "3fed00ab-d44f-47fe-975a-eaf11c7d8b3f", "value": "1536:iVLy4lRKGe0j752dC+Ru1m80ZlDQfkJ40Y/Wh:iVLya42FeTRus1Dd+w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471907, "uuid": "13c2df23-1596-4dbc-b656-2c43a5389585", "value": 84780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471907, "uuid": "e7ce31df-c31f-468e-9569-bfdd1cf6b90f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471907, "uuid": "3d4386dc-da0c-496f-8a40-e60af34c1435", "value": "337cd8a01a355d51873debbd3d21b6d1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d696cb4-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679508054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508054, "uuid": "7147c111-f6d5-4c5d-b9b2-a38b4700c06e", "comment": "Malware payload (RedLineStealer)", "value": "3572c9b19e8c36dd9d0307b08511c0b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508054, "uuid": "5c176018-5ecb-41e9-8ec0-ec09fe097864", "comment": "Malware payload (RedLineStealer)", "value": "e27f343d59451541202e9e87a12b98b7a6d8ff1f2031a014198b6312e6e8c5ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508054, "uuid": "91fdb258-373d-4015-8865-3af4657891aa", "comment": "Malware payload (RedLineStealer)", "value": "af40874ddfe51ca33ad35ee32a84908ede90dcf1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508054, "uuid": "02226683-50c9-43c4-a2bb-58c272a262dc", "comment": "Malware payload (RedLineStealer)", "value": "7af2dcf76811545d57ca58d2b717e2054ea287cda3ace8732d77736c9bcaa104a9f38f93397af1496845c9e292c7095c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508054, "uuid": "2f144e77-e48d-482a-b4bc-0277164b09ab", "value": "T182C41282B7D88173D8B11770A8FA42471B39FCF29D75822B23845D9E2C72694A93573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508054, "uuid": "b4e61179-d54d-4e75-962f-d70b0dffba71", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508054, "uuid": "e0a54153-1076-4834-995f-7eae9674cca2", "value": "12288:BMrsy90vu8UorljsOp35Dd/D4pHK+AwYt1M9wdiJyO09RWMUFK:FyChl11r/Drdnt1QwdJTUo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508054, "uuid": "058a6a8f-4225-43b3-b972-8ef715e5c426", "value": 551424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508054, "uuid": "2a9268e9-478c-48f7-a614-395cbf5cfd4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508054, "uuid": "5f2e31bc-f1cd-417e-b2e1-371ad2f7e5bc", "value": "3572c9b19e8c36dd9d0307b08511c0b1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a3d3c22-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679501069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501069, "uuid": "2e1e9340-390a-4be8-9105-92d168c53907", "comment": "Malware payload (Formbook)", "value": "f6347a5f4e1774ac215ae9e03dc57f46", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501069, "uuid": "1581e26c-cb9f-4c27-9d2f-d2f659d205c0", "comment": "Malware payload (Formbook)", "value": "e2837aa05d8286bfc53782d9d36e120630e0118890813575966a5f6dccb02ae9", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501069, "uuid": "9cd70e6c-add8-43a0-a6b8-4aec54a14b2e", "comment": "Malware payload (Formbook)", "value": "774785015b6a51623a5d1fc2cf224326002b97f8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501069, "uuid": "1dc699b1-6f66-496f-9892-ae74edac2e57", "comment": "Malware payload (Formbook)", "value": "efad2c8561ba4f8458bd79c8ba07f078c59d6128961a99564ba8be03208307bd8a4b85a43f8918bc5008919ea30bd617", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501069, "uuid": "7c856d45-cc5a-4949-96a8-01c11f1cb554", "value": "T18E0533C968DEFDC3549F75E18258E489189F0DE8C4DCCA78022CBFE5678A417D42A6EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501069, "uuid": "9444281b-7a70-4ea8-8f36-225393204278", "value": "24576:nEjz/sugtOmVaWGTkRBxaMIH/umeeOe7rvGYf:ez/2tvaWWTMceeOePvGYf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501069, "uuid": "846dc803-1ecb-4117-9999-54d0181438f2", "value": 811432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501069, "uuid": "68fd4f1b-2840-4a67-afb8-92ecc541e8ec", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501069, "uuid": "ee4f21fa-9085-460a-b063-ec515fd4a501", "value": "Shipment_notification.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "395d232a-c8cd-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501927, "uuid": "ae6456c1-f3bd-4104-ac72-1ce98eabffda", "comment": "Malware payload (Heodo)", "value": "113a55bb02adefcc77f9d5569dacf6dc", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501927, "uuid": "662ae924-af98-4306-a45d-ddfea7662a85", "comment": "Malware payload (Heodo)", "value": "e2ea5af25c4e1942320c3893fadfd80955d059cd9fa0e9e8bb4e5b78f2c2576b", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501927, "uuid": "df6bb371-10e6-4d73-ab95-afdb6648652b", "comment": "Malware payload (Heodo)", "value": "60d9d3c06a0dbaf92dcf535556dd0a8fd5ab49d4", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501927, "uuid": "560e26a1-34da-4e3e-837f-0abd443d0971", "comment": "Malware payload (Heodo)", "value": "aeb61931bfbdaa08cbf138aa8f4c763223f100f964ca2515692a60222053287a72bcd02eab48a6ed8e34645765213af5", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501927, "uuid": "c1d1ded9-9331-4ce6-a464-a722ef4d02ac", "value": "T17E54E5426382CE2BDB5600341D0FBBF5B31DEC685B6F86A26048F26D2D3ED65E3655E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501927, "uuid": "1c6f2dff-cc3d-47aa-8581-58bb4ea13edd", "value": "3072:1zRMiEMzv9v6Pag5j6O3/Zdz+ABtm36eutCQI7siRs4Kfbd1E1s1s:PxdWaI3bm3JutC5giRIZ1Emy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501927, "uuid": "1b1d0a33-ff9c-4086-9a2c-8b6de83c6fc3", "value": 280576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501927, "uuid": "8d567cd2-dd19-484e-9b5f-9bd270ff1c79", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501927, "uuid": "53b7187c-a58f-492f-9fda-1440d40eeb74", "value": "Electronic form.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e1b874e-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679496781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496781, "uuid": "ffb5390f-fced-469a-a9f6-26d410a03ce9", "comment": "Malware payload (RemcosRAT)", "value": "ba053f0069a5e1f112bde79b8460c07d", "object_relation": "md5", "Tag": [ { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496781, "uuid": "aa48e5df-aedd-4552-93d3-f8e218aea9d4", "comment": "Malware payload (RemcosRAT)", "value": "e303ae23d963f2247b113f3a228b2b5421bd9dd563a286db2bd88c4e94d2b1e1", "object_relation": "sha256", "Tag": [ { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496781, "uuid": "b72fa455-fdfd-4b20-b03d-23b7eab218e0", "comment": "Malware payload (RemcosRAT)", "value": "6c928e440da5067ded65078ac1599f999f5576b7", "object_relation": "sha1", "Tag": [ { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496781, "uuid": "ec791c8e-bed6-480a-b464-ed29644eeb7f", "comment": "Malware payload (RemcosRAT)", "value": "25b41cb105598a3c019d58f93fc243e8fb50db40558cd3221d9b7ba4873322601d678143caa0c7aa00c96ce40c6e4ce4", "object_relation": "sha3-384", "Tag": [ { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496781, "uuid": "050cb8f7-7429-492f-870b-56d47a50a6bc", "value": "T13CE563F8C1811D7728B3C2925D0A91DA7ADA52D02601112C7B8E5E9EFB0D66FD3F274E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496781, "uuid": "b0d8de92-4e02-4c60-867d-2f016f32bf23", "value": "12288:Y/9F/E/F/E/9F/E/h/9F/E/F/E/9F/E/h/9F/E/F/E/9F/E/F/E/9F/x/E/A/jjh:euTiVoAC3FxQTXPsw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496781, "uuid": "f6aaedd3-eef9-41cf-a54d-ca34918c310b", "value": 3173218, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496781, "uuid": "c917742e-8314-4b3f-b65c-a22c9038925a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496781, "uuid": "252774be-3ace-4a41-95b8-2f17675231d5", "value": "Photo_Jessa_Rhodes.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02a69d0d-c8d5-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679505271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505271, "uuid": "73345068-7fc8-4feb-ad28-d81683337724", "comment": "Malware payload (SnakeKeylogger)", "value": "c0c359300612d9461aa517a963259d58", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505271, "uuid": "c5d3a250-adb4-4e81-aa08-bf7ab3b59d1b", "comment": "Malware payload (SnakeKeylogger)", "value": "e373c9158dd1c3dee8e680362ffa9e2e755ac6664b4785c06e5b7e207678f9b3", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505271, "uuid": "c5c45d5b-d1c2-4430-9c1d-0b5fe1f4966e", "comment": "Malware payload (SnakeKeylogger)", "value": "1c0150ee52c12ff1191d3283287ad42e1150b1ae", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505271, "uuid": "4fb6cd36-e71d-4006-924b-f1a2ebc8a6c9", "comment": "Malware payload (SnakeKeylogger)", "value": "0d485bceec1c429fd9e7749c8e8efb96566a1594ded881566d38bafe7ce7cbf7d5ba229c4d09513ec58e43fc7da958c9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505271, "uuid": "a3599f69-d201-4548-9243-05c01447d750", "value": "T15C226D3CD701FC16C121047CE04982F0EB2C50A7EA52BA2D219A72AD47916C7DBDEE9E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505271, "uuid": "11e9e86f-2305-4da4-a1f2-a90d1bdf5269", "value": "192:ScIMmtP1aIG/bslPL++uOrj6l+CVWBXJC0c332:SPXU/slT+LOruHkZC9m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505271, "uuid": "64c0f9e7-2af0-4df5-94c6-5070ecf25b90", "value": 10411, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505271, "uuid": "88837df8-5b78-46ac-ad9f-66c604335f6a", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505271, "uuid": "32cfdc01-381f-450c-a89e-93ec0d8a251b", "value": "SCREENSHOT SWIFT MARCH.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0980d4c-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472975, "uuid": "02fd1db4-9705-4bbe-9b55-13d890c0705b", "comment": "Malware payload (Mirai)", "value": "eb32aef193268d3df54f4351c341ae94", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472975, "uuid": "1453fbf6-8c85-4fa3-b202-6477fcb95a37", "comment": "Malware payload (Mirai)", "value": "e3ba5ea3a2fdefa86f583fa170fd75440de2ef7ed01ddf9bff0e6f6e008613e7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472975, "uuid": "8a9654d7-d6d8-4985-bfcc-9d0bc69e261d", "comment": "Malware payload (Mirai)", "value": "de92c43ccaa23191d03e6d0f447e6e8dd947def3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472975, "uuid": "ea91af47-4348-47df-9303-b6d5ffc8ae66", "comment": "Malware payload (Mirai)", "value": "6dd99bb10e11a382503d90e1396d2ad648ecd248f94c877209a91e246cc49746a5359f8ae842c8e605a014c475053a18", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472975, "uuid": "9ebf1c5a-ba9c-4702-8106-18b2f6334601", "value": "T14C630982BC41A72AC7C0177BEE6F109E3310A7DCD1DA3656CC254BA47A8AD1F0D67B46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472975, "uuid": "6250e7a1-8bac-4372-84ce-f9c19665f6ea", "value": "1536:kUQvfA0QbM/zpUiUXeVEHw6mCV8t46Rb4T0u:klvfAS65QTu846bK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472975, "uuid": "bc9e97ec-1f95-4884-ac67-58a9b654a834", "value": 70888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472975, "uuid": "497c0774-ee14-4ef7-a94b-f5f442bd6a73", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472975, "uuid": "39ffe2d1-53ea-4e80-97a4-8c7592b5fa80", "value": "eb32aef193268d3df54f4351c341ae94", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da0cae01-c8d8-11ed-88f6-42010a9c006e", "comment": "Malware payload (PrivateLoader)", "timestamp": 1679506921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506921, "uuid": "4eb0d312-34e7-4b58-84de-5d1d2543e69f", "comment": "Malware payload (PrivateLoader)", "value": "466cf46bc2f81af9e63cbb634d3e55ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506921, "uuid": "5b81452d-396e-4f74-bfe3-f2543be7e835", "comment": "Malware payload (PrivateLoader)", "value": "e4631aa9b2da8d0905003113c7901d4974b6580fe6bf51109ff95b9e595933c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506921, "uuid": "bda4587c-dcd6-4c55-ae6c-e758cf20b818", "comment": "Malware payload (PrivateLoader)", "value": "459420cf58238638fad7098eca696964ce3425e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506921, "uuid": "a0f93550-e7ec-4b27-885d-e50912fee253", "comment": "Malware payload (PrivateLoader)", "value": "a432ca540d267afe9b20bbcfb061a96dba655e022c7429899d5f408fce77f93ebf4a1bb0776070e61b6afb69556f625a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506921, "uuid": "32b3f324-49da-49ab-912b-c85bc578a2f7", "value": "T1E94633B321AAEB1ACD043A361325472B3E617E54FEC5C01C729D6D8B6B345A46335F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506921, "uuid": "eafbef68-b0ef-418a-80bc-3541ee409299", "value": "496fff7f26eb25a135e9d530fa8ef62e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506921, "uuid": "7de19487-abc6-4e07-9aa2-28fd7139d401", "value": "98304:KJ4EhVbeQ9RgT0KmM8m1AhAqNs8rJ1vxB69JpMy3amKmcg5LAO:Y4EhYQY0RWGWp8rZBoN3amKo5LAO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679506921, "uuid": "4c72a798-7a8a-4069-90b5-11392039897b", "value": 5872944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679506921, "uuid": "b3801df5-e955-4764-9299-4ba228d31074", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506921, "uuid": "073df056-0f96-4113-8506-9de8cee1808d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e38411f6-c8b0-11ed-88f6-42010a9c006e", "comment": "Malware payload (Guildma)", "timestamp": 1679489757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489757, "uuid": "25746259-d750-4916-aacb-cab3b0ff2fbd", "comment": "Malware payload (Guildma)", "value": "ee1cde48d543626059299664bbecd2bb", "object_relation": "md5", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489757, "uuid": "42031503-c03d-4fbd-8b29-4b5979fac74c", "comment": "Malware payload (Guildma)", "value": "e5040f57fa5b660e104d3ebcaca3ac85b90c883c0ccea2d343d2aa0d40bd4f80", "object_relation": "sha256", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489757, "uuid": "17c4a537-f3c0-47a3-9d91-e57025750aeb", "comment": "Malware payload (Guildma)", "value": "6fcc6a04dc9294360bd5b64e5ed536265060ff22", "object_relation": "sha1", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679489757, "uuid": "a3ccbfa3-e917-4b3e-a303-0aca9e821481", "comment": "Malware payload (Guildma)", "value": "fa3b2fc69bc6326422caa8dc31c45ce4ef1a5625a57b7b7dee4d08bc87e07da1d9c7bc349243d149e4f26ef628af6bbb", "object_relation": "sha3-384", "Tag": [ { "name": "Astaroth", "colour": "#7B57F9", "exportable": true, "hide_tag": false }, { "name": "BRA", "colour": "#74570A", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "guildma", "colour": "#DF8F77", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489757, "uuid": "fdb6bf37-895f-4941-b41d-124a64ab0ecc", "value": "T1FC92BE9D330114576A3673A9B7AA37C6F30046B1EF11D58CF68906D0BCF1DA872E299E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489757, "uuid": "587e78cc-d916-4ba9-8b7f-15d46edb900b", "value": "96:I70cx2FmWIghMUikeuL9+8bH1W6B36sSMV2boIFHx4uX+Vfo1p:I7StIXYZ+886Bq6pIFpkG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679489757, "uuid": "1a10eebb-9384-4720-85c8-03ed92295df8", "value": 20052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679489757, "uuid": "31926a3d-aa53-45ce-804a-12692e304016", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679489757, "uuid": "4e66f552-8364-466a-adb0-4d23f26a39d7", "value": "payload.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c5cf348-c8b3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679490846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490846, "uuid": "9222eccc-ebc0-4649-864c-24dd3e1aa08e", "comment": "Malware payload (AgentTesla)", "value": "3ceb12d482abce9954bdc42d559ffa5d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490846, "uuid": "d3e9df99-b630-4b0d-9f4a-63d4fd087c12", "comment": "Malware payload (AgentTesla)", "value": "e6aef7da0a06992b6e228cd6d7755c320e215fb65f9aac53f64950657cbf3749", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490846, "uuid": "dd3b9aa9-0216-4ef2-ae6e-7f2bf050d016", "comment": "Malware payload (AgentTesla)", "value": "d325764b6ac1082cd97d9b6001c8f20c72b6249e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490846, "uuid": "aa8eac5e-55ef-410b-b75f-374399f8bd2c", "comment": "Malware payload (AgentTesla)", "value": "74b006fec2aeb3184d59346b17c9d99030493a6aff8c3b0a510332f9b7149861bfd54e25cb3c3869663e9d4dc9b27b42", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490846, "uuid": "db3c948f-a92f-45cb-a224-5f6d0c638cd1", "value": "T11B44126831B4C667D47086391ABA46A2FFF6BA120934D61F1B301F557A627C0A39F363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490846, "uuid": "ea8629b0-f2bb-4bcc-a579-b383712f71a4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490846, "uuid": "14ab5c4f-54b2-461b-ae43-6e1970df1672", "value": "6144:PYa6SSkEbWQmFubfsNugHVafjis7p2RMqvC0FFDSnHOJ:PYsSp7s4fcuy29pabvmuJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490846, "uuid": "f0619958-d077-4f9f-8d4c-266e20174139", "value": 274322, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490846, "uuid": "6e8eb09b-dcaf-4bbb-b465-728b19359b5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490846, "uuid": "f4578abc-cf00-4a8c-aa52-c0f9234706ef", "value": "Payment Advise 24570.453255.10.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23295404-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679473543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473543, "uuid": "f8141a41-91d5-4464-8606-ae61d5f63ddb", "comment": "Malware payload (RedLineStealer)", "value": "22c7d29f1d6690594ced1e14c05fc92c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473543, "uuid": "ddc94636-71f8-4d18-beea-07af47c55f58", "comment": "Malware payload (RedLineStealer)", "value": "e7199e0037b030c55386096999274e5725d2032e79b72c09302763616961fced", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473543, "uuid": "5a9c4c77-cccf-4f76-9360-7c89db06f148", "comment": "Malware payload (RedLineStealer)", "value": "b9b3cd4d1cef3ff3c7b70e74fbb16806f1f026d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473543, "uuid": "0b428eb3-8b65-430f-a7dd-1942403e1409", "comment": "Malware payload (RedLineStealer)", "value": "9021c38ce08dc07d54ab6c36018bf81c849c5fc3a99e2e1c50cb2371c2b00c2e0a8bb9c9a0440b41df2b1396f410ef21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473543, "uuid": "934fe34d-9aac-4f02-aa94-600697282f34", "value": "T199252251F7D54133DDE22BB094FA02D34B31BCA15874975B27A1E8EB4CB2988AD3173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473543, "uuid": "9f90525e-cbeb-48b0-9f21-113557057baa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473543, "uuid": "8f7fcf2e-e40d-413e-8036-9fb541c133ad", "value": "24576:kyu/8gCsTLwwpbBet178Eb3Yg9xCm4C//tAZP:zurwmbQ38QIRa/CZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473543, "uuid": "656e0c5a-fb0b-4159-b554-0f834e67bc94", "value": 1028608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473543, "uuid": "322655e6-457d-416a-ba13-885b0b23db8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473543, "uuid": "3b770b9a-e7f3-4837-99dc-c079886415b1", "value": "22c7d29f1d6690594ced1e14c05fc92c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a6097b8-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511861, "uuid": "a95b5de4-e256-4eb5-a442-45eb63f64b77", "comment": "Malware payload (AgentTesla)", "value": "4bae24165084e46f7dec015e975a59a1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511861, "uuid": "9915d202-ffe3-4f1f-bbb8-be6b028de5d5", "comment": "Malware payload (AgentTesla)", "value": "e8a6d88684bf14f2275975c168ee2fec3bec64b1d8bd5309fb34270f61e4baae", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511861, "uuid": "81205542-f9fa-4347-ae80-fd48f049dec4", "comment": "Malware payload (AgentTesla)", "value": "2d71e21fcfd96213fedaf70ac3b059776263898b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511861, "uuid": "1da25b06-aa20-401b-93bf-4ba5cb9bd0a9", "comment": "Malware payload (AgentTesla)", "value": "58cb127961cda5fd8967353a4b64f564ce965f368c287a54ebb140236facd9cedb0f5354440832f324c6a2dbe0dd15c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511861, "uuid": "e4d02604-74f5-4037-9041-3e76607c45ee", "value": "T11A640278B4F9002413D5B56B8FCBFA6D9B37A3DEB4389EB694DC294A13CD51168823D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511861, "uuid": "1d80e15e-7042-4b8b-8f2f-76a679904db0", "value": "3072:2CxxxxxkxxxxxTxxxxxTxxxxxTxxxxxw9xxxxp:2G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511861, "uuid": "65ea60b2-9b10-4b52-a8a8-4bbc31ee56d2", "value": 334166, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511861, "uuid": "31c2bdfd-f367-4602-8576-8c797db71e87", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511861, "uuid": "977b6605-d249-428b-b103-f9a5762e0fe9", "value": "Copia di pagamento.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58902f3b-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679449151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449151, "uuid": "058805a4-ce0d-411d-8dcc-3edd6e8dbd4a", "comment": "Malware payload (Amadey)", "value": "6112002443d9922ae1a8b03ac13971dd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449151, "uuid": "65b3a7e8-a24b-430c-b3ce-34c0a2e5331d", "comment": "Malware payload (Amadey)", "value": "e927cace4ffb1e65eee9184832b649b35854f72f55e5732ac8839c5d4f37ca55", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449151, "uuid": "8dd50ebb-2072-4a16-aae5-f7740622c85d", "comment": "Malware payload (Amadey)", "value": "79315c58d53491d8d2311abcec7b8889d6775b32", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449151, "uuid": "dedb6556-cf47-4c1e-91fd-d171415c62e2", "comment": "Malware payload (Amadey)", "value": "e6bb20776f9e375b26d885d096e06476ff17a0cc52844885066596489d4f2c669990b6ccf0e3d3cc7f00bee7c5f84615", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449151, "uuid": "47f487d5-3cce-4e1f-883a-62468deb829e", "value": "T1D53523A39BD44562DA762770AAF602830A363CF1CDB4CA6B2756A41D1CB3DC4B43573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449151, "uuid": "c2477494-2ddd-48f9-860b-dac39edb4ce7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449151, "uuid": "6ec458be-c4ba-450a-b7af-106e40da7ba1", "value": "24576:fyKr//enPSMEpj70w0loxM3I1sUqB/VTdxGESI/Q:qkXea90loKIKB/vxC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449151, "uuid": "272d8b05-356f-440c-9a60-40e7dc01e6e2", "value": 1085952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449151, "uuid": "94416a95-644a-46fa-9a82-26e493d4a353", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449151, "uuid": "1d7dfb91-ff5e-41eb-a356-e4b1a0772f23", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcb1d509-c87b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466929, "uuid": "bedcbd09-12aa-46ab-93a4-ed766578fca3", "comment": "Malware payload (RedLineStealer)", "value": "ef33920ceed623996778460476b2c9e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466929, "uuid": "e87f6a93-0b2e-4ec5-b90f-8efda65e63b6", "comment": "Malware payload (RedLineStealer)", "value": "e95328f12f0f1f0edebd212a31375958612a36264c928da2ecf38e4c2f85d54a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466929, "uuid": "c7cdc006-ad71-408b-96e6-d6ab7b54ed34", "comment": "Malware payload (RedLineStealer)", "value": "ec861e97ddefa32d91b53864c4b94ea490f69d91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466929, "uuid": "dfeb5c3b-2c83-4312-aa35-f67a2e198cce", "comment": "Malware payload (RedLineStealer)", "value": "023ed6f82119de4022e22012b8008a9f2b6f8331bd35974f9af31d4ced75030cee6a589b9c5f28a5c8f2a3d18165602d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466929, "uuid": "9d5b85bd-5ba8-4a10-90ed-c8c7cb2069ed", "value": "T153C41266F7D9A033DDB50B305CF902C70731BDA25A38632B67866D190CB3695E072B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466929, "uuid": "ddb48b08-a4b7-4e0b-af1e-5dcac9af1d1d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466929, "uuid": "76ac4239-219f-4b53-9aa9-a536578b494c", "value": "12288:5Mruy90Dg5S1M3rcA58Yx2p8OhkzOLk3YUmp/:vyLFNpgDhyOLk6p/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466929, "uuid": "c8c6fb67-0b0f-4982-8163-c3000ea1f134", "value": 552960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466929, "uuid": "f26ac852-7693-4104-b290-03d952bf0b59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466929, "uuid": "627069a9-aa77-450b-ba40-9005654b68b9", "value": "ef33920ceed623996778460476b2c9e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b511f821-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448447, "uuid": "6ff7cb84-085d-4073-8754-1eecff3a2716", "comment": "Malware payload (Rhadamanthys)", "value": "166d22ed93c723326a6d5fead162fdd3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448447, "uuid": "658d2a9b-d737-48d9-b1df-100516a56665", "comment": "Malware payload (Rhadamanthys)", "value": "e9879548658614428c01bc7c4878bc87d0e2ad57b3621a7aa614e89c32c388e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448447, "uuid": "1d53e0b8-e502-44da-a63e-61520a42da7a", "comment": "Malware payload (Rhadamanthys)", "value": "17cfd9649a4f68ef90c72689820876dbe4ca22d1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448447, "uuid": "d366934c-ab78-40f5-93d1-bcab84138e16", "comment": "Malware payload (Rhadamanthys)", "value": "92f8b73a4248dce660df34bda74665149dbc06c7d3056f2da95a8caf55298e3bf85d4184de3ca9aed253aadd44801a37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448447, "uuid": "c48b5941-fd42-439a-8bb0-36ed6de7411e", "value": "T1BA26085383A23D44EA258B739F1FC6F8B64DF2709E497B6532199E6B14B02B3C263711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448447, "uuid": "bbd9a6f6-fb30-4da1-9079-20af4f65c3d0", "value": "86f73ba4a5b0bd6d0633bc10b0ac18f2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448447, "uuid": "914d1095-4ee9-42fc-bf80-86efe9ef13fb", "value": "6144:5WC6Lf8HuLk5z2TPQIonfaFi9G0ei+jvbalhZV9W71:5WC6DiUk5zq4ffaFQG0qjvWPZW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448447, "uuid": "5bb96543-f0bc-41ce-8c71-b3be3ee87055", "value": 4586496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448447, "uuid": "760c7791-c6ec-437f-abd1-67d64134cde7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448447, "uuid": "ba4dcf38-6402-4067-afbc-126ade670114", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38048f08-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (Amadey)", "timestamp": 1679447808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447808, "uuid": "ba3ddea5-c837-4de2-9831-d0c43f89fe8b", "comment": "Malware payload (Amadey)", "value": "ebac3a70f24fa0d6c300dd90d6a45932", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447808, "uuid": "8fd7a6d1-ecf2-466c-8573-64af2c19e092", "comment": "Malware payload (Amadey)", "value": "ea7c1c5934c6e4b20724075a15e6ca7361f8cff1d18e30c8f3659a5687703449", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447808, "uuid": "94221112-8680-47ff-8c9d-1180f79dbf51", "comment": "Malware payload (Amadey)", "value": "9a0f1325348c57715792f0a100f075da8e2dd183", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679447808, "uuid": "b3cd4d9b-b3a5-4df4-84a7-96b9a38f8c71", "comment": "Malware payload (Amadey)", "value": "d4bf5c66d720ffa02f165cca2519484ab772aa182e48775c0b9f55c840c4cbebd8de188010b2501e59e01f94c0447c8a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447808, "uuid": "169d8bdf-06e3-419e-9968-17d7a1433ac0", "value": "T1FA55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447808, "uuid": "6e3e156d-00c4-4d2f-bb28-3ed691a61859", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447808, "uuid": "9d2a74d3-3bb4-4a31-8577-55032f0ce682", "value": "24576:unzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:UC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679447808, "uuid": "dc2ac4aa-9674-438b-bcec-94da872330d9", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679447808, "uuid": "ed47e3bf-2a0e-4d41-9592-d7844089a372", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679447808, "uuid": "2d11bbc2-1090-4d7d-89ff-2b6f0cb73f00", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed6aa845-c84f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679448112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448112, "uuid": "ab6defdf-f94b-416d-9110-e2cae96848de", "comment": "Malware payload (RedLineStealer)", "value": "669ceb730c33c174d45d09fdb1fe6e04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448112, "uuid": "e1464ecb-347d-4956-8a05-6a88e8b83ac3", "comment": "Malware payload (RedLineStealer)", "value": "eb597be8a2bac8820cf92217ab9e210473c4c16a666c6e75271e5dc20ec5d24a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448112, "uuid": "7e6ef150-b8f1-49fb-bbcc-77c444bbccfc", "comment": "Malware payload (RedLineStealer)", "value": "9308d06e2254a64e87027c5565a7233af4b82b3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448112, "uuid": "6a0db1eb-d161-47d3-a9e4-06efaf4db9bd", "comment": "Malware payload (RedLineStealer)", "value": "e4e92066c21867a90c56e954c5ce8d4dc6e44cba9c78bfcc2eb8279bf87db81f98eb3a8d1c57e17a1d14d396522ff493", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448112, "uuid": "3d70b732-8e0d-4095-b9ed-e541d8b5696e", "value": "T17D55E14382E23C55EA258B739E1F86F8B64DB6719F493BA632089E1F10B12B7D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448112, "uuid": "cae6a073-1b8c-43c1-83e7-c0292c40c669", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448112, "uuid": "5f7817b9-d17b-49cf-b5f5-624b7b5e2771", "value": "24576:WnzPcbD/h1btFFh3DEYckeYbP1a3S3zLXGowWuFV3EQ1LQi8Pti/STV88Av:cC/hlVhFcYbw3SjLXGoDuvEQ1LQBtd61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448112, "uuid": "303e48f7-8ad8-40f5-8c57-b425ab81e7f6", "value": 1368576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448112, "uuid": "16c38176-bcf6-4409-b8ee-b9630eaefa93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448112, "uuid": "e01ef51b-e4b3-4cd6-b686-c9b8ff002eab", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f4a52d5-c896-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679478288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478288, "uuid": "bfc36701-0a9c-40ef-b458-1ace5a574987", "comment": "Malware payload (AgentTesla)", "value": "52119e15b34b2908550bad2e441db454", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478288, "uuid": "81ba8c73-c183-4454-8db7-d1967211e6e0", "comment": "Malware payload (AgentTesla)", "value": "eba2a7a9c4a6c3a2c3f04431312a94ee76bd6d23ed3014e940cd07911a726ff8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478288, "uuid": "b7b190f8-8192-4d44-8aa0-f3a5da17c74d", "comment": "Malware payload (AgentTesla)", "value": "d60603d80a74c44f484ae35bad3f58d80662972e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679478288, "uuid": "14179c63-d154-41b2-a8e9-4f3251204bc9", "comment": "Malware payload (AgentTesla)", "value": "2f69c805f73e55066f88cd3335223c4b86249a67795c7ab751aaae796dffc6dbb6696db2ec3a23a0f8edcbf5c234eefa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478288, "uuid": "7bbdbc9b-59c7-4a21-b926-9116b509e29e", "value": "T19E55022533B05F15F6BA57B054B2E55163B37A2AF633D708DCC420DA3DB2B804B19A6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478288, "uuid": "2783f2dc-ce9e-4d6b-a7a1-76fd0ab56669", "value": "24576:wGwX9orGfSa0KjO111VD+7AB7L+KgyrrrrPrF0BMnlE6A/:wGSoCffBUykODyFBnK6y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679478288, "uuid": "53fe003c-17fe-435a-b53f-86dd998aa733", "value": 1322904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679478288, "uuid": "bb4e153e-897a-46e1-b969-0fbae2ace19d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679478288, "uuid": "d2b5f3e5-2a60-480f-adce-db6a7f96c68a", "value": "Quote_3500001277.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c6a8ff9-c882-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679469666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469666, "uuid": "d0640d4c-260a-40a4-a2b7-4ca17ba59f00", "comment": "Malware payload (Gozi)", "value": "7223cc1975393443d4d161492d0f932e", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469666, "uuid": "be46858f-fc14-470d-90cd-c54ab58585d6", "comment": "Malware payload (Gozi)", "value": "ec178c6a29aa42213ac7287e45d8378632e145ef650dd5734f247129bd364dbb", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469666, "uuid": "0b08b8fc-6f7d-464f-902b-6edfac7557dd", "comment": "Malware payload (Gozi)", "value": "2fc8c648559e862b3191088450781b5d33debd5f", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469666, "uuid": "85653a01-76f5-4c07-b3b8-cccdd1f260fb", "comment": "Malware payload (Gozi)", "value": "86aeda2cc0585d42814fdc6c5cbdd810fd25cb8a34629f40970c9011cd2498b6cae5a7563ce408cda41af98f22f2f5b5", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469666, "uuid": "848ea1ad-5ccf-4efb-9ef1-873073a08143", "value": "T14BC022048A0A806AC242440AE068BD68AD0EF0081CFBCA1C22C9E987AC804C5CD04ABE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469666, "uuid": "81c14a1a-ae09-44ec-91a9-9d4ae21f3d42", "value": "6:HRYFJb5bsZD68Skkj8UNIvyc1yc54vVG/4xHy:HRYFJ268+8UCvhy3VW4xS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469666, "uuid": "b3a4e818-894f-42f3-81c6-6f3d538834e2", "value": 194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469666, "uuid": "636e8b58-540a-4681-a234-b9b8bea12eff", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469666, "uuid": "c3373d3b-d819-4945-84d0-ad402ea3ed5f", "value": "Normativa url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70affa21-c887-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679471955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471955, "uuid": "b96c2cf0-95f2-47be-9485-97ae0f6ce595", "comment": "Malware payload (Mirai)", "value": "bc09634f3db305831e2ca38fde884b49", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471955, "uuid": "4eedde82-b777-45d7-b70e-39da1d890ccb", "comment": "Malware payload (Mirai)", "value": "ec1d7657de29ae59fa3add391dd44c4950f895ceb19141f44b59dec8867b4503", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471955, "uuid": "12acd0da-7803-447e-9ae2-482a6441ee6d", "comment": "Malware payload (Mirai)", "value": "8a9b5143348465a04d032fbd2e59c3f18603145f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679471955, "uuid": "aa83f3ec-42f1-4e06-8df2-b0d47aec8337", "comment": "Malware payload (Mirai)", "value": "f5538c1af23073b26d9a340359a1d6ff2c2e81150c4f025febf1ea65fdce95d10d8cb6783b5710f0f067e6d98acd4d49", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471955, "uuid": "99479ef5-d415-41fe-86aa-4698823674e5", "value": "T138F3FD25596AE217C4A7FFE8EFE676C2935DF2434E899203B0E4104E49F4D69606FCC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471955, "uuid": "b4445144-512f-460b-ae43-bec8f1bca19b", "value": "1536:KHQHMQOASlSxqaLZLgp/90Ih9mI39o2t4dhQzwcCgE7:KUbSSxLZGF99z35CdhQzwcC97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679471955, "uuid": "8b587354-733d-4d1c-b6a6-73ffa8666421", "value": 161852, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679471955, "uuid": "15426808-99a4-48b9-8165-01b549f8aae7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679471955, "uuid": "13a7439e-874c-471c-ad1e-03727096a98e", "value": "bc09634f3db305831e2ca38fde884b49", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fefeed2-c87c-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679467229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467229, "uuid": "6a42cb01-cfba-437e-bf79-4ce27f93e976", "comment": "Malware payload (RedLineStealer)", "value": "79082cbce2cd0f1e1c8149b4dbba1ab9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467229, "uuid": "8f53ff64-9293-441b-ae88-34bb744368a2", "comment": "Malware payload (RedLineStealer)", "value": "ec375b703093f1f1f71397aa5d6af4b7e4924f4f10c73cafe1246009296b9a26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467229, "uuid": "f500a9e3-1ca2-45b5-8611-362e258202ae", "comment": "Malware payload (RedLineStealer)", "value": "1f1e0935b1d4a3963eb418780ea1538984a36785", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467229, "uuid": "45e57c72-9796-4fea-a761-303e6d7fa714", "comment": "Malware payload (RedLineStealer)", "value": "bd8d78ef1d73c0feff446c4085e44649ea242614d5a46b6e757d8bb94c07ed9f5a0680e7bc80c524208fa6cd27b9cb12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467229, "uuid": "a899a113-a6e0-41c0-bf84-19d82426717c", "value": "T1E4152303ABC88076DDBA1B7498F712C31F767DB24DB8467A2381A55E09B1AC465B432F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467229, "uuid": "04e59999-2b14-4830-bd08-ce543b57b65f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467229, "uuid": "088106ba-ee0d-455a-a2f7-9a42791f832d", "value": "24576:JyH6ZLivRpfXrYRK4sjeaGq0vmz46PvIX:8ahif75GpURPvI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467229, "uuid": "1417ec4e-7052-4868-a804-26f466919467", "value": 929280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467229, "uuid": "e61e80f4-ccf8-451e-8157-b020ce3fb363", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467229, "uuid": "8b971ca7-e8e8-44d2-9305-475f79ffa303", "value": "79082cbce2cd0f1e1c8149b4dbba1ab9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32e8cf70-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679496762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496762, "uuid": "ad600cc8-7d6b-48bc-9666-7f3b98856d00", "comment": "Malware payload (AgentTesla)", "value": "977fd08091a4881814e03e2269005e7c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496762, "uuid": "e8cfd3e3-bfb1-46f3-9f31-c7d16fa5018f", "comment": "Malware payload (AgentTesla)", "value": "ec5a5c203f55f4c1d2ec73e84d692b8da1dccacb22c4f86f60f7c07c74173f01", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496762, "uuid": "e9bdb381-2db6-4445-833d-b07a776ac517", "comment": "Malware payload (AgentTesla)", "value": "d7a5d5ab498963fe9a4de136c4c50a1c384c9269", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496762, "uuid": "edac3a3a-1286-464d-a9ba-271a2e333df5", "comment": "Malware payload (AgentTesla)", "value": "8343346181151cdb963d2386b71cc329d227255b87810802535a76375d0535594a6656b46757a32055f234ac1d8357af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496762, "uuid": "a27a112c-aac3-49ef-a164-d0a0819b8e28", "value": "T128059D3C2EB84D26F5B4EA758FE0C133A27197C3AB558B186BD6071D5E118563CCB0AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496762, "uuid": "0b27ccfd-3e97-48f0-9792-6b40533e4d42", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496762, "uuid": "661b05af-125f-492c-8bde-a86647d6486a", "value": "12288:ZkzWeLngNGSD7QKErZQeCzjl9q1Fr7pTz/WQPLUc1Ta4kk:ZNeDMMbijnsTyeUc5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496762, "uuid": "ea818bb5-3cb9-4b93-898b-7b53b8ec79ee", "value": 846336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496762, "uuid": "3dd9143b-5328-4a55-b6df-351500e2091a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496762, "uuid": "460ef59a-9e1f-451f-977c-f05f064c2673", "value": "chinese.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "332da3b3-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516519, "uuid": "0486d8db-4cec-47d0-8bc0-1e181bcf4e04", "comment": "Malware payload", "value": "a4f1dac57e64443c9b2ad86f7c9eb904", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516519, "uuid": "59340a33-b070-4e08-84d2-27811f15d939", "comment": "Malware payload", "value": "ed115f25a76a710015df55b8930e4b8533394e426caa0b173599f44e19593093", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516519, "uuid": "6ff47d85-89d4-4e34-8802-aef72ded3f56", "comment": "Malware payload", "value": "d1464c0292bc873317ff5de308bd66ceb44c89c3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516519, "uuid": "1df0029d-f59f-46c5-b729-6018aa427c48", "comment": "Malware payload", "value": "c477b93a4d80308f3448c67aba0afd70f27a0e8dfb47f1fe05c9389c927544994e9794374e69e64f73cb686a07c10dbe", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516519, "uuid": "0b372d88-c882-4479-bc71-df9bd9a108c9", "value": "T183036A55ABF40032F5F31B71A878886ADFBABC216476D45F87800EAD1970952CE3DB27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516519, "uuid": "39893869-f993-410f-8c31-68c183ca97fa", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516519, "uuid": "33a54d6f-2970-45f6-9854-05452090f515", "value": "768:O8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1El:B/6A0q5HDR4oWBx3xrBx41z8QcKl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516519, "uuid": "86951654-b92b-488e-911c-d03d575a568b", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516519, "uuid": "f3f3089e-34f3-4fc3-a40a-8c902499c42c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516519, "uuid": "50982245-1fe0-4580-8588-51e8097bef4a", "value": "2023-03-22_a4f1dac57e64443c9b2ad86f7c9eb904_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a2ce703-c90b-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679528664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528664, "uuid": "decf10cd-2aec-4255-8875-b6e553d7f54f", "comment": "Malware payload", "value": "fb6012ff52a5243efefdd8983fdc3199", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528664, "uuid": "bf5df577-8c33-4fa3-a616-1a80468b5d89", "comment": "Malware payload", "value": "ee15356d4e199b8a5d7ee0554a3cec7b8199a2f29b673a2e75668e0805cfac96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528664, "uuid": "cc694417-6647-44fb-8ded-053876f71fea", "comment": "Malware payload", "value": "b290ab1f6e065b38e75fd3808629c7764fe2615e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679528664, "uuid": "888678a7-ab42-4072-a65a-8dd114cacda2", "comment": "Malware payload", "value": "ff9d5222a4f6e3b82e9cc3e8a71a6da576bc837c164b6fd49e856325fd463577ba0498e365efb657f70c9e3f82034e8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528664, "uuid": "a0182684-a858-4aed-aa38-9f375f78bd5c", "value": "T1E3846D0252E37C60EF2347728F2EC6F82A5EB8619D17BB5E125DAA3F0D701B1D662705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528664, "uuid": "957e10f0-bb18-4fc2-a6dc-aa5c815151db", "value": "18027003e68ded455b288db03553d6d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528664, "uuid": "04a05b58-d14e-477c-8e67-ded876cf1737", "value": "3072:/vxCChPnVZHQuxpK4RnPaPO9WpQ+G8zaOcFClw/TKQUh3pMa:L1VquvVnPhWjnuOcFa+KQUy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679528664, "uuid": "e4b73062-110c-48e6-82b3-37c6bfe0c2d8", "value": 396800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679528664, "uuid": "93d62ab9-954b-4124-bf77-27b4dfb5c4e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679528664, "uuid": "671d04fc-b768-4633-87a8-1463961db0a0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b2097c0-c8db-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679508050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508050, "uuid": "7dead62f-647d-4cec-8d12-1979e2144f76", "comment": "Malware payload (RedLineStealer)", "value": "526ed71ae365bbb0947826d60f3781c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508050, "uuid": "fcdff56d-fc94-4484-98f1-e91c7fa1427e", "comment": "Malware payload (RedLineStealer)", "value": "ee47bfacb2c4b799439414b5a67e3c9222e3d5ed9cf003d45212cd90c7a70f95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508050, "uuid": "20f9b47a-586f-46a3-8332-67d73723ed25", "comment": "Malware payload (RedLineStealer)", "value": "3d0ade7ccc24053f7e4086e6288cf9d029dc4d0a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679508050, "uuid": "56933a5f-3e10-45b6-a03b-7225e535e9d6", "comment": "Malware payload (RedLineStealer)", "value": "f291156d34c739cb3f0dfb59f58aa5e2381c30b77ff75fdfa2cb57e2c76886db32e8c1a524be2629ef80383203c073b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508050, "uuid": "7e8e20ca-e0c8-4d7c-85d0-2d320e215522", "value": "T1A9C40207A7E99032CE7127B459F702A30736BCF1ADB8472B27459A9D4CB37D4A43136A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508050, "uuid": "c6e94659-d455-4838-bf63-245044585167", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508050, "uuid": "5fe6bb97-d1a9-48c9-8c22-a3ddfc885ea7", "value": "12288:/Mr+y90VMrl3MnAv3gmpRuBh3FWnm//JB1Ir4biuW:ByGIhTvBmrEmnJBCr4bi1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679508050, "uuid": "c79e38f1-e968-4a0d-b081-7c090dd4af91", "value": 550912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679508050, "uuid": "abfb7beb-0bb4-4df5-9633-c0eb8fbd3a8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679508050, "uuid": "a01bc72a-7862-4a91-877a-33ef1c430513", "value": "526ed71ae365bbb0947826d60f3781c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75ee85f0-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679494727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494727, "uuid": "44c83637-12e7-4b5a-be6d-cc9e7aab8862", "comment": "Malware payload (Formbook)", "value": "24a9db90c650de29f53ae8097593f956", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494727, "uuid": "24acd789-4a09-44ea-a0e2-ee3a24a085b4", "comment": "Malware payload (Formbook)", "value": "ef2967d3d123dfc575f3b565943fc7354bc76ebade5256392073d1383a317d5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494727, "uuid": "4ca7b89b-be79-4c08-a433-de208f681e2a", "comment": "Malware payload (Formbook)", "value": "c60328e82e5aa581d1dee9bbfec4540fc6187f95", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494727, "uuid": "b45c3192-57e3-48f2-81b5-6c5a454a1cf6", "comment": "Malware payload (Formbook)", "value": "63fd969899221bea98e2e6fbdd4ca8622746248992be59b524b58642ec587cd0f96f37e4fa9b37f13db4e503149ef405", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494727, "uuid": "abd2d2a5-07c2-4d14-a0a8-7484c216b30e", "value": "T11F15021677A64B52C2BC97FC08E2A08057B57F362727EB0C6EC271CE0577B58CA52A53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494727, "uuid": "a7de21f0-6687-414b-9757-a398178e6e1c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494727, "uuid": "aba5a7a3-4c9a-458a-8172-9f0d451527e9", "value": "12288:lcyJUzBB8s++Ijo2bdurZb9xBfM5yScBuerx3SBNsXt5LZNTlfPSzl06/TgTU4Ws:W8s++Ij5epZMZGxWsFvSl06MFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494727, "uuid": "2052ef7d-acd6-49fe-9e26-05098d0584dc", "value": 956928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494727, "uuid": "b82149fb-6762-4c42-a3bc-3464ecb9e50b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494727, "uuid": "3ea34ce2-f818-423e-8bd6-c9a61accb939", "value": "Payment_advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "218fd29d-c87d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679467527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467527, "uuid": "d7ca87da-b408-452e-be03-9f5d8f4cd13a", "comment": "Malware payload (RedLineStealer)", "value": "1364be7f046fd24452bdc674fc038461", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467527, "uuid": "45d5ce8a-930e-4690-86ee-aedd535a3bbb", "comment": "Malware payload (RedLineStealer)", "value": "ef68a22304ddf73eb1febb1fc662adec5780af1be0cc47be96aa18d3a55bcf79", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467527, "uuid": "90452a9f-6cfc-4113-8d4b-0ede4b3a0235", "comment": "Malware payload (RedLineStealer)", "value": "829ef710395d8cd373d5daa752a8aac98fe12779", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679467527, "uuid": "223b24f2-c368-4407-92ef-ecdef10c85e3", "comment": "Malware payload (RedLineStealer)", "value": "d542bd39dc999e1bf8ec5560327f5f661d35298d4e9771700f0ed34ed1a4fbd65af9298a36ade16d614169f913c8f1d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467527, "uuid": "c4ddfff3-97d1-4767-9d50-b662d2caeba2", "value": "T124252313A7E55036CCF237B06AF617831E367CA68878812B239A795E0DF2285B17135F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467527, "uuid": "f4c60a44-6c62-43b7-a93e-764a4d75fff4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467527, "uuid": "bfa69c34-58d8-459c-bee4-0d172a904808", "value": "24576:vywPC/AKJPYzs0QMQTyzHNwXW86JGRBPer3gadlqaXPQZ:6sKu1uyzOXW/JSPmRXP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679467527, "uuid": "5e287009-e083-4682-84bd-b8197538a175", "value": 1048576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679467527, "uuid": "a022cbbe-9c5a-467f-8e7a-dcf4ea1a9b04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679467527, "uuid": "766c29c6-110b-4d39-a97e-b48b2ed310d4", "value": "1364be7f046fd24452bdc674fc038461.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a83e9d5-c8b2-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679490306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490306, "uuid": "15925c2f-db8e-49a4-915d-16124b1fd179", "comment": "Malware payload (Gozi)", "value": "2e3efd45e12ebbb0307c66f9846db315", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490306, "uuid": "516550fb-828d-4ceb-b949-ace60b589801", "comment": "Malware payload (Gozi)", "value": "ef74e678ded46b0d5f69622154c95e5ea9f053cc9d0d47e10ca7b19a2b3e5981", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490306, "uuid": "f5610446-2857-4f12-9d0d-65b2a5a9e519", "comment": "Malware payload (Gozi)", "value": "ca9308c31a6bf36a784f6cf52396c7c66ae4a2db", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490306, "uuid": "6312656b-6de3-46b5-9ad2-78ec88cf085d", "comment": "Malware payload (Gozi)", "value": "78df5dac6071a93fc34796561c4361c9784c428ef3b842be7ec271a6057ea8e28c2939ac32ad7ee1e1f8ba07967cfa67", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490306, "uuid": "5944b2ee-4660-4ad8-83fa-1ffed05159a5", "value": "T1ADC022048A0A806AC142440AE068BD68AD0EB0181CFBCE1C23CAEA87BC808C5CD04ABA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490306, "uuid": "0c27c2c6-7771-4015-bc4a-adeb56fe10bd", "value": "6:HRYFJb5bsZD68SVj8UNIvyc1yc54vVG/4xHy:HRYFJ26848UCvhy3VW4xS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490306, "uuid": "874c06b8-6ea6-47e1-8c83-6921c85ad086", "value": 194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490306, "uuid": "b4134050-038f-4a11-8a62-06ad5886315e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490306, "uuid": "d4d71959-a5bd-496d-ac86-3f2f0394165f", "value": "Agenzia_Entrate url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec368abb-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679500939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500939, "uuid": "3dd5a3e5-3852-4184-9d48-9c4096583637", "comment": "Malware payload", "value": "868d1a8a97f64b9ad66a46c0da7be00b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500939, "uuid": "3d6a6846-67a5-427a-bdce-74d731d9a17c", "comment": "Malware payload", "value": "f10b5c5dc905e04e1421f0add6ebeeeee28da7c77c17e2c5069c04c5e8189c20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500939, "uuid": "4a969828-9362-41e1-8841-f6231947e790", "comment": "Malware payload", "value": "4c7aec10f056ede4e6c966437a65891056bef2e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500939, "uuid": "16015908-dbb8-4da1-9ae8-b420423be3da", "comment": "Malware payload", "value": "75e40e756c08d0d24d69c00aa4b71a193946986fc9ad229d12856db709ed1d5b85737203f348d7e1fe9cc3cca77da70c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500939, "uuid": "726a5daa-f1ab-48b5-a58f-870bcd88c3ed", "value": "T1153412A190EF6643D803B0F9DD6F85B40D9824D7AE17C5186ADE3D2B2EB74EC9047C68", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500939, "uuid": "5b20e153-ecfc-412f-94bc-3cb952e863d7", "value": "db9ce7669ada7616b83424ad4b092bbf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500939, "uuid": "c8146595-94bb-4ab2-8a95-81937c09336a", "value": "6144:4S1Tqid2nWaoOw8i3cqRBKLHtp43G+gQ5hcgM:V+ZRY8i3XL6taWc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500939, "uuid": "8bff89ce-d9e4-445f-9baa-621a13008222", "value": 243712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500939, "uuid": "b928cde3-acb2-41b2-84a4-f4a046ac68ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500939, "uuid": "b8a9bd4d-78c1-472b-a9c7-818229fabd8b", "value": "868d1a8a97f64b9ad66a46c0da7be00b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4943c444-c8bd-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679495082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495082, "uuid": "cdf19d93-7f4e-414f-82a7-9f350c551c99", "comment": "Malware payload", "value": "b7e18c2bd28b183d183056206617b0fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495082, "uuid": "ca22b5e7-8943-45a0-be5c-256fc732be70", "comment": "Malware payload", "value": "f15f09320b4f6645a3d46709b4d1eb9f5326d863e46483d61b4488df18065ae7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495082, "uuid": "213afda4-b676-452d-b18b-ffdbdbfa6cd1", "comment": "Malware payload", "value": "91972f42781f096d6b693d65129a71be54971c86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495082, "uuid": "3cbbf4a3-d2cc-4044-8f14-b881cf7835e5", "comment": "Malware payload", "value": "999929fd735363489f1725a755ec6465689590f0e82faf5535e670361f1c52897aed3ba3f17e3f06ac4ed72abc05e431", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495082, "uuid": "f04744a7-1317-45c5-ae4d-6886908d7efc", "value": "T1A3B63328752CE9F1D7F236384F64C2319762CDBCB806C74560D56E9B74BFE0B4AA0A94", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495082, "uuid": "13b9ea9d-1e01-4c00-b957-8dfbdab9e5fe", "value": "196608:9j4EX/KRRxzaQe/LrhSZ8Phpe1QPnxai6NOffLHQD8o7s6kb5tGNIOY:9j4w/kU3hKkhpgQPnx36Af7070vGGB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495082, "uuid": "cd61674c-8504-4db7-b177-911046a809c2", "value": 11195661, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495082, "uuid": "403f5549-0854-463a-85ea-3eb62e5eefb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495082, "uuid": "f00ce340-b48d-48f1-afdd-7e9151dbd940", "value": "b7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "462472bd-c8e5-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679512256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512256, "uuid": "7cd6bf9b-226d-4d6a-b6a2-12a22d41a072", "comment": "Malware payload", "value": "0e205aa5e4926b3fe10042db5db5f6f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512256, "uuid": "87f170d5-7a08-4023-bc23-b8ae45d9537c", "comment": "Malware payload", "value": "f187219737bc5ab2a2bdcba67f7a254a230d3880d4636ce52302f0645d746911", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512256, "uuid": "271e7628-9e79-4953-982a-4c0b5eb75dc0", "comment": "Malware payload", "value": "72f11049ed1e4532ab9674cb1e4b6079e2fc83ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512256, "uuid": "6b630384-9723-422f-8671-9c4bfca12496", "comment": "Malware payload", "value": "29d5a2b1265d16913e886bf7892426bfb4cc2d40c54003cb2061d99eeff165910708a44bf0c8506e617e4419b45226b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512256, "uuid": "bb6c783d-f3e7-43ae-a8d0-c993aed5b244", "value": "T11E26337416B7D9D6DC0B39BDE48A86FBB37A0A7B7617C277001483D3EA249B09D4490B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512256, "uuid": "757f2d2e-cd36-4fe2-8506-acd872f17b8f", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512256, "uuid": "715799fd-b526-4179-8fd0-ce41c13b0341", "value": "98304:qF7hyg5WhFE5Y0FN9hO8U71zIbDEmWAyy+7:qF7eYzFN7O8m1dmW5p7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512256, "uuid": "e6d3a123-f0d2-4fa1-ba65-bea3eba7e27f", "value": 4511232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512256, "uuid": "d3ef1514-3655-4a1d-ad4e-492e2935d186", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512256, "uuid": "8a82168b-0605-4f88-b271-b7951788fbc3", "value": "0e205aa5e4926b3fe10042db5db5f6f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "567c5786-c88f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679475347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475347, "uuid": "51b2477d-622d-47a6-a6a7-701e9511b07b", "comment": "Malware payload (RedLineStealer)", "value": "92b6c15ca00d6cea5db32f254065850e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475347, "uuid": "32083f03-2bec-4767-89c7-eae4446c2ac8", "comment": "Malware payload (RedLineStealer)", "value": "f2532e8d299661b92f626030afdb15a0f737eaf5b0b30f0a429931d5550d7760", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475347, "uuid": "f39ce3bf-5593-45c7-92ed-d38273adea6c", "comment": "Malware payload (RedLineStealer)", "value": "cfc6872b5b4dea480a02bd5ba7a8ce79af079966", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679475347, "uuid": "01101ccc-c84d-488f-8b83-f360e7846736", "comment": "Malware payload (RedLineStealer)", "value": "9f28e6a54b8757d53795c206db8d55eab28b1392de9faf0e41dd94f0ef358a638c98f95033b1a5f5d8a9c52b88a895e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475347, "uuid": "de05cce1-6da8-43dc-a0a0-d4403a68c8c4", "value": "T113252311A7F88437D9FA1FB048F7524707323DA19D3887DA2255989B18B3E987835B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475347, "uuid": "c3b3f012-cfb0-459f-bf43-fef1dae524bb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475347, "uuid": "f3629f7d-7ef6-4bc0-8b39-2bf29e151013", "value": "24576:kyat5/4FZ/EfPwnXp8OihZ1Lsqo2xXL6Ps/UZDoE/Xqm:zUwnXuxhZ1LsOxuEiDoES", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679475347, "uuid": "f8766873-75cd-4f27-b1ef-4940acd80f8d", "value": 1029632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679475347, "uuid": "2085bc3e-d26b-4fbc-a202-ac5f91cf94ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679475347, "uuid": "0053e0eb-fc99-4be9-b0f6-99d174226825", "value": "92b6c15ca00d6cea5db32f254065850e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b32cfeb0-c8e6-11ed-88f6-42010a9c006e", "comment": "Malware payload (njrat)", "timestamp": 1679512869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512869, "uuid": "d77a770a-bc22-4596-96b8-ec76c94e81cd", "comment": "Malware payload (njrat)", "value": "1232537c161e32f904ce36d4f29c71d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512869, "uuid": "2a362b77-02ee-467e-9d7c-e165f74d48d1", "comment": "Malware payload (njrat)", "value": "f33af993fd18bb47b931e031b68dc5e030dbea7118ed4746183238066336f597", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512869, "uuid": "69ddf894-30e8-4a54-b716-abd00cac364d", "comment": "Malware payload (njrat)", "value": "1bc2fdc280628cebb4a3f0104a642df02e98b27c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679512869, "uuid": "74c345a7-5045-4c08-ab71-a7320a187149", "comment": "Malware payload (njrat)", "value": "ff710d09bf0fe610ccf26dec2bc408893946bb14129a21e66991b12bb23a8d171090707a6292082ea72cdd907f59249e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512869, "uuid": "f38e5ce5-1793-46ad-8cc1-98384383e6da", "value": "T104F5334139CC403BC5B2037164FD93871BB4BCB251F9934AA0C951991EA64A1BAFBFF5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512869, "uuid": "1fa5bbbf-5ac2-413d-82a7-9358fb156246", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512869, "uuid": "f14f3700-d57d-47ea-be53-685970da46f1", "value": "98304:uviz/27qWGq/TzuqCDl2Ptao7jk8zatt1N3:uviq75/TzufvpN3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679512869, "uuid": "c038cffd-2dce-44e4-ac37-1937040763a1", "value": 3424768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679512869, "uuid": "bb7834b5-1ca3-48dc-a49e-bee637bb919f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679512869, "uuid": "45cb2c6e-4bc4-40b3-aa7e-eefc87ed2381", "value": "F33AF993FD18BB47B931E031B68DC5E030DBEA7118ED4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e285b7cf-c884-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mekotio)", "timestamp": 1679470858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470858, "uuid": "d292801e-ed3c-4cbe-be52-9351ae10ffe8", "comment": "Malware payload (Mekotio)", "value": "32b29de93b7fd2a52da9b5ede896ca31", "object_relation": "md5", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470858, "uuid": "db23668c-0569-445d-9adb-f455c87d7afd", "comment": "Malware payload (Mekotio)", "value": "f341fae5d857a9a7171570142632c0ee5de5b8c6b5f38bed57979a046910882e", "object_relation": "sha256", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470858, "uuid": "6ef31ba7-1873-4dab-b12a-9b6954b32000", "comment": "Malware payload (Mekotio)", "value": "17aa23016bbbdbc6ea3466abcde03320bd441461", "object_relation": "sha1", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679470858, "uuid": "ec1adb26-5082-4f50-baa6-65af0c8d8a78", "comment": "Malware payload (Mekotio)", "value": "ef869dd43242ffc11ce8e2c59dca14afbbc287978bb5fcd140f5de911fc4b2b5b31b29b59c52f7899abeb1de7eaccf37", "object_relation": "sha3-384", "Tag": [ { "name": "Mekotio", "colour": "#6237B2", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "sospeso35158", "colour": "#B42E77", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470858, "uuid": "e25cd3ee-99b0-4052-ab17-0b86e8ce0cf0", "value": "T1BC46136371A64226C1B9CE74192FFFE535F22625076254FB12C96DCF29729D0A233E83", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470858, "uuid": "60ad4a61-d2f1-4aac-8dfb-6c39e08e5723", "value": "98304:UYnB7YHduKT/GkUgUZpBoMfDM6NpQm9CKcgxqEarrkIzvDDulI+lEj+28+xwitMg:vB7YHduKqhrM6Qm9pHgrkKDD9Xc+ui", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679470858, "uuid": "0c278857-9ebb-4f31-a739-bd3b4cb6e112", "value": 5802496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679470858, "uuid": "a4ebfd2f-61ea-4835-8e5b-93affa1b407e", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679470858, "uuid": "bdaf3bbb-47f9-448e-8068-0e9dacfccf53", "value": "FACT641ab.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5762163c-c8c1-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679496823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496823, "uuid": "6797aa1a-052e-4960-9917-aac5799ea1f8", "comment": "Malware payload (AgentTesla)", "value": "770c4f7511bb74948bbb226a57245995", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496823, "uuid": "b687fc41-3cb9-454a-81a9-ab63dbb304a8", "comment": "Malware payload (AgentTesla)", "value": "f36671e9b41db95b719b3e90f8948ca8de5531c9b51b5a4fa5d0d507368507e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496823, "uuid": "7897243b-e38f-4d18-9b1c-3b899c88eeba", "comment": "Malware payload (AgentTesla)", "value": "23206053d941c102a099fcb95b44b18352fcf211", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679496823, "uuid": "dfadf1b7-ba9d-4b8c-a205-7555daf9cb67", "comment": "Malware payload (AgentTesla)", "value": "d2689fe75fdcb2d4baea42a8e29519ab451389f2f1a8a3707484cf60aff373ce4ef2ec67b5370f58172f2345f854f23d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496823, "uuid": "080c252a-785a-415b-acb8-8677e1049049", "value": "T1D254136077D4E142E5361B31DE3A1269BBB7A23A0C640E5BD7101E9DF5AA782D40F3B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496823, "uuid": "75399a5a-6818-4ad1-9ad9-6d0fcb2822b4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496823, "uuid": "3653fea9-5d5d-4ade-b240-b6b23371ac77", "value": "6144:/Ya6Xas3fQOvAWGZ5i7U+UEd/O+X/lc1iTi3iIfFxNSw41SDSUVpu3Jts6MF:/Y1jTJGZ5ZzyxX/OTVHSSDSsAkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679496823, "uuid": "a60fb02c-7508-473a-847b-bcbf1cf03b94", "value": 297017, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679496823, "uuid": "0bd053fb-76b0-4d0e-b324-141db5fcd882", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679496823, "uuid": "d4f9671f-845b-4772-83f9-adbb9cc59e91", "value": "PO_230322 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df6d74e0-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679449377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449377, "uuid": "31244b46-9a6a-4159-bd99-debd6b04ada6", "comment": "Malware payload (Stop)", "value": "5301e7cca8af762091bea49b3eaf0e90", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449377, "uuid": "bb4226e5-28da-484b-bf43-4a9e88badd93", "comment": "Malware payload (Stop)", "value": "f3917bfe3837372f34af459f01c0af768a616fb9c8a20c04994237695af925fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449377, "uuid": "71be7572-20af-4367-b06b-859efeadf1ef", "comment": "Malware payload (Stop)", "value": "512e576300845f8ae2347186deea346b4ac2c2fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449377, "uuid": "2c819efc-2d21-4d84-b61d-bceddda83e41", "comment": "Malware payload (Stop)", "value": "9d78a9c99efac80c06ac2f5ad1dee0e027cebda2894a1b2caa6aa5e9d7d198cdce4bb539c2184af30940b6206a80737a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449377, "uuid": "d6587ae5-49dd-49ba-b26a-00b3b868dd5e", "value": "T1AEF41220B2A2C036E4965D394461D774A93BBC355FA88BDB33444ABD0B347F1DEBA346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449377, "uuid": "d1f19d1e-6fa0-4c72-9529-e1ef39f15302", "value": "a4559d1602669b68de352c9c26c5d967", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449377, "uuid": "802dcea3-5001-4b2b-a7d8-a8cdc0d50e7d", "value": "12288:uFhAxstINA+YsMnwLTtM1NpptFcEy3mdK/32ezKLR16PtJAZETbhdPXVfZeSMNAg:k5j+koqNppzcEy3mdK/2ezKlQVQK9fcO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449377, "uuid": "f7d9146e-ee9c-46f9-82b6-1e23a35fc1dc", "value": 769536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449377, "uuid": "4e226ad8-9293-4f3e-b272-3a0088ae0140", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449377, "uuid": "cd349a8a-76c4-46bb-8e9c-0fa602798bf4", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c2f511c-c84d-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679446983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446983, "uuid": "15cf7878-2a3a-4bcd-b3bf-b5f0a0e74386", "comment": "Malware payload (RedLineStealer)", "value": "1f0174e2d02b28db502c569a2fb76a51", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446983, "uuid": "4d06ae01-c072-46a3-9c9b-269e8e8957a7", "comment": "Malware payload (RedLineStealer)", "value": "f398fa0c9e5e3256f3f654b6cf87b7893a648f472d745e48a3521fc49fe0ae36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446983, "uuid": "7eef53ec-8d20-4ce5-8952-c6c71d860073", "comment": "Malware payload (RedLineStealer)", "value": "ae31c40d998421c5a70038be8902562045f5040c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679446983, "uuid": "96916f33-9154-4dfe-b2bc-fc4edddfc2e3", "comment": "Malware payload (RedLineStealer)", "value": "4607d916af855b1b80138a9649507dbe706290c625590b413592189d3318ed3c0fe4b3c0a286bb3343224bb561f3b875", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446983, "uuid": "c24d4776-e0a8-4018-94cd-480191ee176f", "value": "T1E8840152FBE88533E9B5277018F603830B357D609DB4932A37C9A85E0CB2794A67177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446983, "uuid": "6bc703a5-12bf-4119-adc1-723dc27c6e64", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446983, "uuid": "e97eb493-9cdc-4993-96a9-5f51467120f6", "value": "6144:KLy+bnr+Gp0yN90QEyU9s3ePRj1RlXMQCbGFYjwOh46iGGkyPvX0z3ILTqFx5dQW:hMryy90NsOl8QWslSyk7NFx5dQW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679446983, "uuid": "82ec90ad-510f-464b-a227-1ceaad8a8510", "value": 384512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679446983, "uuid": "9ef758be-2606-4063-b684-df92a32b358d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679446983, "uuid": "0c9c029e-7d6b-4124-ae82-1bbf23110097", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6979b9c7-c8b7-11ed-88f6-42010a9c006e", "comment": "Malware payload (RemcosRAT)", "timestamp": 1679492559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492559, "uuid": "2b7db691-c09a-47da-a242-09ffe228feca", "comment": "Malware payload (RemcosRAT)", "value": "d759962c3a20c3552551519467370d78", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492559, "uuid": "512ad029-9832-4d51-ad26-90a14f7f2ce2", "comment": "Malware payload (RemcosRAT)", "value": "f3c280a30bfcb13a09179451fc8a2885ea9a95258ee5b52bfd24a1caf7896e54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492559, "uuid": "a90259ac-4481-49e4-82f8-dfd326b14323", "comment": "Malware payload (RemcosRAT)", "value": "1d4707360041d977f52a3d5c20b9c5b6d9040e4f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492559, "uuid": "4fb85679-f98d-47d5-b5f5-8b2bb68ddbaa", "comment": "Malware payload (RemcosRAT)", "value": "841666f58fc2b898e96845a312e7a1f3c6a6392f05c668a05332f6a6693609c702db9017cf072ed726c03c95378bdbee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492559, "uuid": "a63a2ca9-f205-4f19-b4a1-03f904901956", "value": "T1FA35220272E5DF35D41C6EF9D4E28E2053B2B34B2633F7512D8810EA5B5ABE89F01B91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492559, "uuid": "e7d5eb7a-d4c2-4bb3-879f-fd3d7fe28898", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492559, "uuid": "29264b09-3467-4894-8f75-e0eebbbe4467", "value": "24576:PvKTjt/DH/P74HcMA1d521GsmB7mUY48kv06pO7/2F5:PvK9fP74JAzFmRc06A/2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492559, "uuid": "e2f7a2fb-12a6-48b2-92a8-29dc69ca20aa", "value": 1115136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492559, "uuid": "0782e574-f5d8-4375-a6ee-2fb61bc24782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492559, "uuid": "9946a67f-8292-4eb2-9893-f4c0728062a6", "value": "RFQ-064845 2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "441c7d65-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679511823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511823, "uuid": "9c029651-1fb9-48d7-8806-2ade11e05257", "comment": "Malware payload", "value": "70fb61e4da384dc4bd69e0e3de5f0d03", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511823, "uuid": "39854116-39a6-4ec5-a2dc-f56c4916cd9d", "comment": "Malware payload", "value": "f3d11767312676ba55c151aa3e4b602abbe5b5181883b81fb9c29f178bb5bfb2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511823, "uuid": "d90dded2-96ab-4dcb-99d8-7b2d92751df5", "comment": "Malware payload", "value": "34d99b6d1bbad7896dcef64a22bd7a61ca70734f", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511823, "uuid": "04371534-5bce-4358-90ba-0aa55e8a253c", "comment": "Malware payload", "value": "032c1b372d9e26b4dbf96daa2a36a5e16621b727126b1500a6d195641646c90a410a33f228325f94dcdfca45c8df1c27", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511823, "uuid": "74a5f44c-58f4-47e7-b180-b33210140606", "value": "T11DE26F07E227B963CC601D592F7B08BE5D35359F0DF294E04C6A8790AC86259BEE5CF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511823, "uuid": "ad6ad382-6264-4033-99f7-d9a9f5173f3f", "value": "96:taXaXaXaXaXaXaXaXaXaXaXaeGrGrGrGrGrGrGrGrGrGrGrBaXaXaXaXaXaXaXap:iGKTVaN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511823, "uuid": "65188436-f1a7-4c58-99b9-41442be115fe", "value": 32265, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511823, "uuid": "634a3773-2adb-4948-a6eb-3e226b951118", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511823, "uuid": "44daa2b2-34f9-41a4-b85d-b2612bcecbfa", "value": "84-63-12-10.JS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ee46357-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679500701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500701, "uuid": "385297be-cf0c-4c42-8c6d-17e8033137d5", "comment": "Malware payload (SnakeKeylogger)", "value": "ec2772cbe3a0b67375f629d9b72c2557", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500701, "uuid": "d02d4401-3dfb-4510-a48d-eac861b5a151", "comment": "Malware payload (SnakeKeylogger)", "value": "f481d6e8b3ce13572fb8fc54ea0204497350dcdad12e06d2e47afc04ab02d5f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500701, "uuid": "df11ed61-a4b2-4db1-b0fc-f7cb64b7a508", "comment": "Malware payload (SnakeKeylogger)", "value": "3981c13e637871ca2e8d0eb66fbdc25e1a2863e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500701, "uuid": "1d8eae11-552a-4120-bdf5-499f8429a1ad", "comment": "Malware payload (SnakeKeylogger)", "value": "bc4160dd8b22daba8c09e684d4b16bfc4a08308f934e38b803e347bbe3506f51928a33b770b769f3ff874434fd2006f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500701, "uuid": "d350fff5-2caf-42a6-aa3a-92f64b748961", "value": "T1C7341250BBF4C613D5F74A310E3917639FE9C62626AB223F03C06B6935A3981EB4E751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500701, "uuid": "02f398db-5960-4a2e-be86-0479fe4041ca", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500701, "uuid": "4fc40d94-83e1-4bf1-97d8-f2eb0dbeb3a4", "value": "6144:/Ya6isEtril4ZB4JZBNY2H9089v+ZNJDaWrBcCnn4fbMlg9w:/Y8sUril4v6nY2H9N2ZZHZlg9w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500701, "uuid": "593466ff-3652-4856-a36a-8f299c5e37a1", "value": 234652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500701, "uuid": "a5fd3bff-d1b0-4c9d-a911-cba12390bd4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500701, "uuid": "0263e8ca-b71d-4b75-bcab-acee267cafa0", "value": "payment confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e1612b0-c8e8-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679513451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513451, "uuid": "51081efc-2207-4713-82ca-21c9cfbf040d", "comment": "Malware payload (RedLineStealer)", "value": "1e0a9a6a6dbc719a4326c333ee95bbe6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513451, "uuid": "7083b62f-aba6-4d9d-b637-f2a50183288b", "comment": "Malware payload (RedLineStealer)", "value": "f4aef4e4264c997d4475ab1f26bc08d64cf1a7f4a49d44a651b4a5f6474179d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513451, "uuid": "2f2389fe-dc56-4f9a-8a7b-b4adb91abc84", "comment": "Malware payload (RedLineStealer)", "value": "8c440628251c732a94c8bf0fe700578eb0a00477", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679513451, "uuid": "40a7eb96-f144-4dcd-b7fc-327b9a075777", "comment": "Malware payload (RedLineStealer)", "value": "cca4a75c1609cb9db62120818e381d4b490aeab2ef66c5d50fe8ecda25a4c2599a35dbe8ca87c0e9b3fca1c4f58c93f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513451, "uuid": "a3deb2e2-fd87-430e-8fb5-11d4d23d370c", "value": "T1D1252302EBD99433E8B0177089FA12C71F34FC92EA75866623519C1E59B2AD4D870B7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513451, "uuid": "912d2175-b745-4356-886f-d088cbc5b13b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513451, "uuid": "2f743d04-ff20-4544-a240-d8725af70a76", "value": "24576:AyzUhB8R5d6QMYqrwgKCkP7ewkaGyUbg30BIr:HYhM5UZYq6f5FGM38I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679513451, "uuid": "b0c686a9-4177-4284-a8ae-ce10b92d5b1a", "value": 1038336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679513451, "uuid": "4a092c27-a480-4245-8040-aef3d9e6af28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679513451, "uuid": "20ee40a0-7573-4781-9e40-d706faccc994", "value": "1e0a9a6a6dbc719a4326c333ee95bbe6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8eec5860-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (AgentTesla)", "timestamp": 1679511519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511519, "uuid": "86ccdb4a-7546-4011-9127-0c1304a6d179", "comment": "Malware payload (AgentTesla)", "value": "24a3498d1eafb3d3a54b7613abb6224d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511519, "uuid": "ccc354ae-4d62-4924-bffb-92b0773b76a2", "comment": "Malware payload (AgentTesla)", "value": "f4e6a61d2e8cd7651788e61c8b5c9fb36df48373adec1b1e875ff10adca28b90", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511519, "uuid": "ff70b2b4-fc77-4487-8c89-aafa314c6dd1", "comment": "Malware payload (AgentTesla)", "value": "0ef31555c3a8f914d97da32895402ed84ee98e22", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511519, "uuid": "17a162f2-525b-4b31-ae68-e4f0bd8574b0", "comment": "Malware payload (AgentTesla)", "value": "659c69b6a3d34db2b19d62aca01744a82d57b1a6ebb525bc427dc0322a87d34b2084f74790c1f26af8f2a62d2fc6fccb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511519, "uuid": "ab7cdffd-e8b2-4c37-a3be-fa7823673704", "value": "T1AB358ED1F190CC9AE96B09F1AD2BA53011E7BE9D54A4810C5A9D7B1B36F3352209FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511519, "uuid": "d6dc53e7-fc86-4e21-bb63-d3ba6ccc1100", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511519, "uuid": "47eb47d1-080a-41d2-9825-3fbe49e9ef2e", "value": "12288:pcWAYsHRlYf4iZFntEXrGAef9iMmx9Akm5fvuoKKyPJlSECfad0E3qAw:oRlNiZ9tEXo9s9Akm5XhKBCEcad0E/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511519, "uuid": "5654edba-cba1-416e-bdc8-cf6459895790", "value": 1077248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511519, "uuid": "6c5c5188-6c47-4499-933a-aa2e6e549c7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511519, "uuid": "3d18f2e5-3af2-4d99-84a3-fd916342fc6f", "value": "yeni sipari\u015f111.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a422a41-c8b8-11ed-88f6-42010a9c006e", "comment": "Malware payload (QuasarRAT)", "timestamp": 1679492963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492963, "uuid": "c907dbc4-8bae-4604-b864-b6f5d7885a41", "comment": "Malware payload (QuasarRAT)", "value": "d97ddc7b19a4d617fc29a5a5668e7d8c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492963, "uuid": "38ebc46e-8f72-499b-b985-c52bff550dbb", "comment": "Malware payload (QuasarRAT)", "value": "f548d4d3dd4866eac8b73b912b2ec15abd29afd8377dbec57094689e306b196f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492963, "uuid": "f2f70b1b-7875-4a74-9105-995056666ab0", "comment": "Malware payload (QuasarRAT)", "value": "50ee3af6f652391bc2dede82d3480781cf95ea03", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492963, "uuid": "7df65b73-1d91-4587-b07b-87d09ebeb9cf", "comment": "Malware payload (QuasarRAT)", "value": "2e3a7c9f3901ccf27c76a2e4dcce83aa2894567edf0acd27c910955b522d72c21f20bcc885407c8ac8252e806eab47f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "VoidRAT", "colour": "#5449B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492963, "uuid": "9baa9d25-fb4e-40d2-8fe5-8741e3a3cd23", "value": "T1B8748D1337A8E53BD1FE173AE43245144BB0D9D3B716E39B5A6856B92C133868E903B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492963, "uuid": "a4e3bc89-3a50-441d-97ac-7e24c39b94ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492963, "uuid": "d55ea3b8-923c-43e7-ae08-7a3bc364d283", "value": "6144:H2NHXf500MNWV6koEq42LAbaSB9tojmlD8WfWiAx+S:Wd50efoEx2LCtoylZfWiAx+S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492963, "uuid": "3fa53080-b3a0-4b99-b81c-8ff5242c0614", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492963, "uuid": "535a5ad6-84e5-44b9-bbc4-25d6abd0cba1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492963, "uuid": "eb38cc2a-e15f-4422-b62b-7372a30fb44b", "value": "x63a3bC9GCzb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bae58686-c8bb-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679494413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494413, "uuid": "b247a96a-2052-473a-9674-ab63ba234265", "comment": "Malware payload (Gozi)", "value": "49aedbfcc0ff7e49b58d1719747c156d", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494413, "uuid": "5895ae06-e6f3-43c8-aa79-fc65606f46ad", "comment": "Malware payload (Gozi)", "value": "f58000b14afd7288504223e79d14d760e924b319f6694da27bfc62e67e65622c", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494413, "uuid": "4f8711e9-dcd2-48bd-9660-401464171ae5", "comment": "Malware payload (Gozi)", "value": "84b317ba141312228d3e9829cc0f27aa75cc5c12", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494413, "uuid": "6c392817-4405-45a4-8941-0ef5b32ec23f", "comment": "Malware payload (Gozi)", "value": "13f9c03c89611533c15ec1f10686194bbbf6daff3124acd6af97083966e0bc90d9e3f5016439c82d9d525f06a59e3873", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494413, "uuid": "bbf48249-4d4f-43af-bc5f-1b11eb237e43", "value": "T166F0A31C850541DBC1770F7750A656BBA030C2CF10D17303111D76D60C016877F1E4CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494413, "uuid": "43630386-1f39-462d-8c47-fcb4ee6da5ad", "value": "6:5jyGhNoMbW7hfuEpUgF0GLTRQZKNin8Vs+tMartaGtOqnd6nBS3KbW7pvzF1JNt:5jfEsWVGgdQZKNi8GKtfndcWl7JP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494413, "uuid": "428b21e5-01fe-4f8d-8452-25ee5579ce99", "value": 479, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494413, "uuid": "fcd4b75f-0319-427e-8dbd-0e68d75cc3bf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494413, "uuid": "707eabb2-b960-4e59-a1a2-97b435334bfc", "value": "impresa696.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba20624-c87b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466927, "uuid": "3ab323ff-fea3-49a4-8440-1b652297f65b", "comment": "Malware payload (RedLineStealer)", "value": "edba9a3c7e7519fdf720871f320d01c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466927, "uuid": "40f6449b-4195-4e2f-ab4e-a6316895c617", "comment": "Malware payload (RedLineStealer)", "value": "f589c043590b90eb7055f4fcc28530ef50693503bc69eb17904ccd7a97e2da9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466927, "uuid": "e35b418d-7c1a-45a2-9b5a-72d58c98df86", "comment": "Malware payload (RedLineStealer)", "value": "41aecc2c9077df061621bc9a858f2f0b619e9838", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466927, "uuid": "cef7cfc3-ddb3-410b-88e4-9289fa57f19a", "comment": "Malware payload (RedLineStealer)", "value": "4bafa325c7d62c5de3362aefcb216a9f7db5f95a02284f57ca328f6e32ecbdd32273ee425218db193018e2b6b3036eaf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466927, "uuid": "11fb7d7d-4974-467b-a786-75cb6cebcbe9", "value": "T155352213A7E54673E9B62B7064F705E30B3BBC221CA846AF63E0D8591CB26C4657533E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466927, "uuid": "29faca28-53e4-4aec-9410-491093e0faf6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466927, "uuid": "c93f0112-6b75-43df-af6d-b692596e7dfa", "value": "24576:Vy33twTFmeXheQ2JB8URhHc/YaCEC3Ucj70sTamsSNb/pwiX7rOwBB:w3Mme4JfJc/Qj70sTaa7rDB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466927, "uuid": "e5b223a6-e6ed-42dc-9913-2924ffbfe119", "value": 1118720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466927, "uuid": "bd720da7-1bd5-4fe2-bc24-dc7c3bac5dac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466927, "uuid": "15cbfe69-c29a-4666-9eaa-e6ac2e00779c", "value": "edba9a3c7e7519fdf720871f320d01c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a452112c-c879-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466029, "uuid": "7278e257-427a-40f8-84e6-4dc21ea1002e", "comment": "Malware payload (RedLineStealer)", "value": "f0ce8d19e8b1f4d1f657538af765dc53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466029, "uuid": "be4d6de8-36a5-4e9d-bb62-74bb19e54db8", "comment": "Malware payload (RedLineStealer)", "value": "f5f37d4e669c0fc4b5d07b349ac4e78f12b0eec49d6e3e65100e40fb166e013a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466029, "uuid": "b9e605dc-6d63-4d82-83cc-0deb5e887bf1", "comment": "Malware payload (RedLineStealer)", "value": "96def7352a266e958612f800ac6934ec944bede9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466029, "uuid": "0c28516b-3a19-4d6e-b8a4-2d422dc790b9", "comment": "Malware payload (RedLineStealer)", "value": "9bcf180f3b18b75dcc59d5c061be58e640d3983fea1f415fe196bb58c125f498e9c8ccf035d9600c8827fb65306ffd35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466029, "uuid": "b2bb156e-10f3-437e-ad56-0010cb3b1f66", "value": "T175152212D7E49472D8F533700CF526C32A36BDA19D7C4627279A580E1E32294E8B47FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466029, "uuid": "cc45858a-8767-4c53-a245-960a6a889a81", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466029, "uuid": "f3c5c679-019e-4966-b9d2-060cd0bc1456", "value": "12288:2MrTy90OKa00rLc0cXwilLmLLI2HmPMLbQWMQm2ANo7nLkSE53/Rja5/pWA+G77x:9yS0rLBilCnI2HnkZQnLk55FavMRS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466029, "uuid": "5a931217-0402-49bb-8896-6a1e1bc2e725", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466029, "uuid": "ac4633ff-4328-4a97-960d-ac30d2c86d57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466029, "uuid": "8bd819c6-2ce5-44b6-8724-1b3bfff87483", "value": "f0ce8d19e8b1f4d1f657538af765dc53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "131abfa1-c85f-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679454618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454618, "uuid": "ab9fb288-b5fe-4deb-91f9-270cae3773b7", "comment": "Malware payload (RedLineStealer)", "value": "e1255d4e49d1f19dcc9d223e104c627d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454618, "uuid": "7a270edc-5402-41f9-be90-87bce4789dec", "comment": "Malware payload (RedLineStealer)", "value": "f6538a9257c4773bbd68b402b015aa3424732ef932b9c86caba4af0ecb3bee1b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454618, "uuid": "af5d43b6-cda1-4744-a787-332087f687af", "comment": "Malware payload (RedLineStealer)", "value": "1f151c3d440405d667522b0f7155ec575c31b24b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679454618, "uuid": "0b3989c5-960e-4b23-b6d0-db4914306f48", "comment": "Malware payload (RedLineStealer)", "value": "5701fb74d50b0f0a117c4515b9687aa40fcbfbca6cc38dbb450a7933d3c30e9d99dbabe75661c52bae1a7930239381c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454618, "uuid": "57bf13b7-0dfa-417a-ba70-050d97747f3f", "value": "T1A5743289A4EBD492D226C13DE558EF815C1C16869972E13EEEFBE7840672BDEC4C0DC1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454618, "uuid": "56d24d8e-b9d9-49d3-add5-11bf66656125", "value": "f553b8ac04465266a97d8a15318f0208", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454618, "uuid": "207e0fa2-4d89-4ed0-9439-2526d18b9e93", "value": "3072:Lt7mj6Vgyw5AjC0RslSRFBFlnGxGENRYEXyAy8sIm7DSevx0cQgas:LIuIAjdRs4XFlIpxsdXJ5V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679454618, "uuid": "62c07167-c05c-48d7-9c67-8dd89238c9b2", "value": 338872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679454618, "uuid": "c527f6f8-5bca-44d3-ad54-259163e1c4af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679454618, "uuid": "fc0b787b-6f60-4187-8fc5-c2de7ccf8889", "value": "Setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41598790-c8b2-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679490344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490344, "uuid": "6e5844a3-3cd6-4aa7-8539-7e7f251dba9a", "comment": "Malware payload (RedLineStealer)", "value": "a6e5fb5a88a7b309d04ff9886af7a944", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490344, "uuid": "716b3d7a-452e-4aba-b96a-b162fa7dccf1", "comment": "Malware payload (RedLineStealer)", "value": "f667e3d38a16f838044e2855d23a7d1a069bba969505d41d5a3d4ddfc33e7db1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490344, "uuid": "ca4bbb59-1445-4ee9-81fd-9d573c124fd9", "comment": "Malware payload (RedLineStealer)", "value": "7afc3120c066fb9292ea4004c27dbe45b5913241", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679490344, "uuid": "7362e3d7-11a3-40f2-81c6-650cb2ac99bf", "comment": "Malware payload (RedLineStealer)", "value": "b2445fc51e847589e6bed330614ce7f5bd867eaefdac386d0479332a44852bb377fb7ff3fab08f728cef2216381d9181", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490344, "uuid": "785764e6-6c32-4b67-9daa-79a484593a5d", "value": "T13E252347ABE88072DDB66770A8F506831D36BC91A974D7AF2704AC5F0C737896131B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490344, "uuid": "00ed4dec-d812-4d44-a58b-68f05671baeb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490344, "uuid": "6927de3c-2130-40b8-97ee-3426e9c004d1", "value": "24576:nyKg5GgvX7S5hjagqY8TuLp3M1vIPHdbE1C:y95G+X7S5h7qY8CLZVPHd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679490344, "uuid": "18454afa-644a-46b8-be7a-9558bf46f2cb", "value": 1029632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679490344, "uuid": "7d65f5fa-631b-4a9a-aa1d-a7c1c68171d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679490344, "uuid": "8d3d5bef-97d2-4793-bfe3-d787fefaab17", "value": "a6e5fb5a88a7b309d04ff9886af7a944.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4aed3165-c8e4-11ed-88f6-42010a9c006e", "comment": "Malware payload (GuLoader)", "timestamp": 1679511835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511835, "uuid": "574d047c-0ef4-4021-b8a1-6a61422ed78c", "comment": "Malware payload (GuLoader)", "value": "82f06501103917bea56d43a59fe9770a", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511835, "uuid": "af3f18c9-8c58-47a5-80cb-0ee506abded4", "comment": "Malware payload (GuLoader)", "value": "f6f4a484aeeafdc47151c68c6f28c7774e177c24990c0a656e09f8e88b9af3e3", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511835, "uuid": "24293355-fbd5-4b1b-992c-decf914445f9", "comment": "Malware payload (GuLoader)", "value": "7db4e02882fda0aa98f7455b09633fe9bb7138a0", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511835, "uuid": "e9db23f8-77bf-4308-a3ea-036446a862d9", "comment": "Malware payload (GuLoader)", "value": "1c91fcc075db666966da3d2b90434d9cd200ed036091fbafa4741190f9dffee0c45fed7b131aa8e2f2582b446402c4f3", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511835, "uuid": "63c2852a-4de2-4c25-9947-746b1f080aa3", "value": "T14615E26CAAB41F06090A2657C8830C43CC6CBDF7253218B55D9D3779B2C619C6E69BFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511835, "uuid": "e2503f4a-4a45-43f3-bb11-c0f738f41cb8", "value": "12288:MTw7mmfpxHQ0xTBZ423NWmnlMrkJoFCSg2vP27Qy9E49pGL:77HL117NBMr5CPke7vy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511835, "uuid": "10108d0b-dc07-4931-a430-fd21bbd01377", "value": 945783, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511835, "uuid": "51bf2191-cb60-4ea5-8bd4-6d71e1a197df", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511835, "uuid": "fdd871dc-7ed8-42a3-8f9e-946778d138a3", "value": "Justificante de la operaci\u00f3n realizadapdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64065dc8-c8a6-11ed-88f6-42010a9c006e", "comment": "Malware payload (DCRat)", "timestamp": 1679485248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485248, "uuid": "6bf839c3-42c9-4dd1-8716-3886969904ac", "comment": "Malware payload (DCRat)", "value": "e0ff15080f824d4bee0ffc707c74dbf3", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485248, "uuid": "d09285cd-245c-492a-9495-8e077ccdb44d", "comment": "Malware payload (DCRat)", "value": "f72bc7d9b93a9a7f57bf8d3de0d2ea84b5822d3b6ae8b75b4523792adcc08f3a", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485248, "uuid": "6b9af02a-f60d-4a44-b4c6-954cae164f9e", "comment": "Malware payload (DCRat)", "value": "691c7843ae70f848a4214bbb7fe44411ac7df552", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679485248, "uuid": "fc9ea659-66ff-487d-a2d2-083178b617c9", "comment": "Malware payload (DCRat)", "value": "77355545b3fe537847376f525ad9b3ef44ed7f1ddf6f4213ff9bd1d27618ba2d61b1b99ba21448e1d2e41e4e939dc9fb", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485248, "uuid": "0025dd9a-3c59-4e0b-943a-5ad65718d03c", "value": "T107747CC253E17C60F5124A72BE1FC6F82B1EBC619E597B6E2359AE3F0870163D162709", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485248, "uuid": "f4fb606c-3154-49a2-af5d-c4364cfb76cf", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485248, "uuid": "14db5857-c728-4555-b29a-5cc9668edd4d", "value": "3072:xsA3lVoo/WvnjuayZbDk2APh+aCbFn9UiyhQ+n3CEAunYDlogwn0JV:vlWRofiQaCbFn9U9QCyUY6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679485248, "uuid": "5208c257-aaf0-4534-833f-44aeb0bd0f16", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679485248, "uuid": "a923143d-b571-4ec1-a1ac-9d758b29db1b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679485248, "uuid": "1ae9e8ab-c6fe-4f1c-9cec-afe42fa20c10", "value": "e0ff15080f824d4bee0ffc707c74dbf3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dce14a2c-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679501772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501772, "uuid": "2aee6c03-8c3f-45cb-8245-edc824ed8813", "comment": "Malware payload (Heodo)", "value": "ca35c5ec8c75acc2c9ba7c19076ade0d", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501772, "uuid": "800c5c85-d226-4671-9be2-fcaba3a07ab3", "comment": "Malware payload (Heodo)", "value": "f72c3339a6ce6a8ba0fe430773d99e890d19d54357d14e838501bfea0b1cb2f1", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501772, "uuid": "9919c2be-6d6d-484f-b908-ae56ae185168", "comment": "Malware payload (Heodo)", "value": "ca31df8e4d94ed1d9648f103462f11988e87e77b", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501772, "uuid": "cadffd74-8e8b-4cfa-8636-61da5f414f60", "comment": "Malware payload (Heodo)", "value": "dd65f7884b6e4399e758452f6fdbfb43dea47ce31a5441af43f0b52312aa9b5246046a997dbd2a91273c199ac4a957f9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501772, "uuid": "cfa1c528-4feb-4c6b-b5e3-818cd43d37e4", "value": "T18B249F42B792DE6FDB8640340D4BBBFAA71DAC954F5F81926104F3AE2C7ED22E351580", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501772, "uuid": "7b11e109-9707-4b15-8754-7b56e57d442c", "value": "3072:r43Tj6XFk1R81XNvvMGSsLyVwy+WNX3pMwwrnYD5LPfF:r43T2N++WF3KfrYD5LPfF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501772, "uuid": "309fa3c0-f7f2-47bb-a7a4-e397001a1983", "value": 211968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501772, "uuid": "ebc14124-09a4-43fa-a39f-b1db8d1165c9", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501772, "uuid": "9c244685-fdd2-4997-8d98-3bf06747571e", "value": "2023-03-22_0820.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fc4ee3a-c8bd-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679495146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495146, "uuid": "1d8b6fde-2438-4648-9fc2-93fa077400c2", "comment": "Malware payload (RedLineStealer)", "value": "0a493748849a38cdcf59f4d86b331d24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495146, "uuid": "468c53f9-701c-4029-bb22-f6eb6513e9fa", "comment": "Malware payload (RedLineStealer)", "value": "f752942dcf2f993051df435a4ba643787a03fb2684bf168652027ae5cdbba823", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495146, "uuid": "43f3a9eb-4f50-4b08-8218-7f856c2788db", "comment": "Malware payload (RedLineStealer)", "value": "efee1b64218e2d2e16d16731c3831b9951761ced", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679495146, "uuid": "2887d313-ded5-4099-87e9-7758eb3bf99f", "comment": "Malware payload (RedLineStealer)", "value": "5e49e5a800486d765c79506053580063a343ee2e9f0f03596538ccfab16768434e7760347163abe532398445f466c465", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495146, "uuid": "f03f010f-953d-4151-9df5-fa615ddc9779", "value": "T17525236392D40431E9B5A3718CF711430E3538E249F88F3B27929DAE6C72686D63277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495146, "uuid": "71432024-d51e-43fa-8a5e-6b7b03822660", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495146, "uuid": "e7b6094e-912a-4b5f-8390-d5e81d266b7b", "value": "24576:Jy+K5TWumlMVkc8/aACnBXiX43lj4cQsWH7aF:8+KtWuEtDqCH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679495146, "uuid": "83d93c1a-8e9d-4766-acde-54b56c8f3ece", "value": 1032192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679495146, "uuid": "3e224577-222f-4218-a4ee-cb5fe30f718c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679495146, "uuid": "67029682-054d-46aa-84be-b6796cfca4d9", "value": "0a493748849a38cdcf59f4d86b331d24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "408b73d0-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679473592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473592, "uuid": "84ec17d5-dbbd-444c-9e39-48f1a30f1feb", "comment": "Malware payload (Mirai)", "value": "c90651af661bcac94afff9f88effb591", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473592, "uuid": "bb72f293-ac3e-4788-98e1-bbb9d3d08d01", "comment": "Malware payload (Mirai)", "value": "f760d646dd18886baff0630a2e2cace5cb6c652242d9a9a74cc5b0d8df67f13e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473592, "uuid": "979d20aa-13ff-41d8-a091-859ed88afb0b", "comment": "Malware payload (Mirai)", "value": "6f27d7964802ee5849678b8d98dc95a2ca838bf7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473592, "uuid": "35343570-ef0f-400f-84f6-3e1d01d6fe96", "comment": "Malware payload (Mirai)", "value": "78921f24f73332fa1585c9bf2930d95a4a0b1e08d4f76e7e8bfa1980a3a6a48b5ebb4166e299b918c145bbb45e780b2a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473592, "uuid": "ad3e044b-3ec1-4ca1-a6f3-08b80e9c394c", "value": "T1C30430215866E212C4E6FFBDFFE576C6A35DF3468FC99203A4A0104E0AF5D69542F8C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473592, "uuid": "8818e250-bc39-453c-89c4-f1cb777e63f9", "value": "1536:uIngFeFNzU5Zg5tF4Q3UgEaI79wQjML2iZSXj3nz58zwDmYrdhQzwcCXF:gVsCyUgEaIEhSXj3zbCSdhQzwcCV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473592, "uuid": "efba0a00-55e7-4499-a0d9-b9449db24541", "value": 173476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473592, "uuid": "4e26e845-8d15-48cf-a173-0959e115eafc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473592, "uuid": "d6e381e4-9045-4265-a605-af09d07a8e9c", "value": "c90651af661bcac94afff9f88effb591", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c4e3e3-c8ce-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679502347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502347, "uuid": "abc60141-290a-46fc-8a1d-2f0fa79441e9", "comment": "Malware payload (RedLineStealer)", "value": "26f3a0227869bd747a26e324c6946e24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502347, "uuid": "67ce5394-37cd-4afc-a960-c7cfd4ab4df9", "comment": "Malware payload (RedLineStealer)", "value": "f78e22db8c8f2170bc4de67019c94f26fd53be10a904ccfedcc771f4c1571deb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502347, "uuid": "6c39b505-e275-4b0c-9a6e-03fdd7ad08be", "comment": "Malware payload (RedLineStealer)", "value": "4bc82abc7783d64514bb77c9a768203f1ad40236", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679502347, "uuid": "8cfbd052-3d38-40ee-b03f-18ed489dd945", "comment": "Malware payload (RedLineStealer)", "value": "de51e78322f854d9b4f90dd5b3a0b1448f974303e33da76bd28f95299c20237f9b7fbe7351aa6ce1f5ca21076b28b3d4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502347, "uuid": "77c0438a-4823-4602-9372-5db9999c1d2c", "value": "T1CEC41203A7D89533D8F523B01CF607930B36BCA18E785B5B7742A99A0DB3490E57672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502347, "uuid": "fd776d4c-0b30-4e14-9b33-b100e4f93175", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502347, "uuid": "8553b938-71d7-4b77-8e5a-35df4b249008", "value": "12288:LMr6y90jcZFVw4wSQnHGCRVHEfHwcn1ep/x+xQNue:JyscZvfaHTRmocn0p/x+yP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679502347, "uuid": "cc16dde4-e418-469c-be9b-ab25ebcec5be", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679502347, "uuid": "a1b1ea59-f4dd-458d-981f-a663bb1ae1a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679502347, "uuid": "4e8e5c43-cf63-4ca1-b3f0-91dace5f100b", "value": "26f3a0227869bd747a26e324c6946e24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4946f36b-c88b-11ed-88f6-42010a9c006e", "comment": "Malware payload (Kaiji)", "timestamp": 1679473607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473607, "uuid": "8d4d8003-19d2-44c4-b91e-d0d707bcba90", "comment": "Malware payload (Kaiji)", "value": "ce55fb19ed7ae2838b279822284f8314", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473607, "uuid": "b5b88837-e20d-4a17-9008-32896498c8c1", "comment": "Malware payload (Kaiji)", "value": "f8f33b02bd8a6013ec38d4258e86ad4ab75b9eca272ebb8e87bfd59f369f5aaf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473607, "uuid": "c45666f8-f61b-4889-b453-084670185149", "comment": "Malware payload (Kaiji)", "value": "655d569509d3b193123528fc156b65b0dfb45cd8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679473607, "uuid": "3c8b5cd4-edcb-42b8-b626-cf0237e7accf", "comment": "Malware payload (Kaiji)", "value": "2fc5c8177abe69a190628dfd60d966fa6338dd27b6a820be62e476e55a32b0cd3607f9099594e2e157d6d36c2d78eb93", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "kaiji", "colour": "#928985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473607, "uuid": "030329a4-e539-480b-885a-a4a21be2dba2", "value": "T108364C87B8924682C4E4367ABC7D41D473B34EB99B9713666D04FE3C3ABE1A90E35314", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473607, "uuid": "3c3ac005-4726-42cb-a033-19cb026e29d4", "value": "49152:94hW9DuzBB1Lf5bQN4m9DkWLkmopv1ktVI1h:94hW9mB1Lf5K6kc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679473607, "uuid": "53433977-f7fc-4116-ae02-87112f2f1bd8", "value": 5242880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679473607, "uuid": "5d35df91-48ff-4f18-b31e-ffd707bff47a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679473607, "uuid": "6dd64a07-073f-4938-99ff-2fd4ea6c9a3e", "value": "ce55fb19ed7ae2838b279822284f8314", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e7c8938-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474018, "uuid": "1b0a33db-ad87-477c-b374-9d70f50ba4f6", "comment": "Malware payload (Heodo)", "value": "2985c799c7003232db589deaccc4fb01", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474018, "uuid": "36588278-9baf-4fe6-b125-a87f3cf3be5b", "comment": "Malware payload (Heodo)", "value": "f969708f4a3b2e0756ab8a3450d98c520e868103ed897d105791c7cf5f755313", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474018, "uuid": "133b0804-1b04-489b-a624-75a8a1782172", "comment": "Malware payload (Heodo)", "value": "6f30e63efb787775e0925ead87df920d6fc649de", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474018, "uuid": "5ce3d4e2-0e3b-46ec-963f-94eab82ccc55", "comment": "Malware payload (Heodo)", "value": "e615317353af74c90477409442335bac76a6af669bc09274b40ef146fdc749132e1f44082758eb8d7ebe1ccf36bb96d7", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474018, "uuid": "f93361d0-440e-4c9e-b17d-37e90198b518", "value": "T1082523E059F82941CD0E0C35F92A71BD92BC31666EDD15E633BC3CE5A90EF6C42126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474018, "uuid": "ebda9df5-3692-4803-9068-4a1e119b0b74", "value": "12288:pkf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4del:SXzNdfKluvnRHthzfoYxJlS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474018, "uuid": "195d64cd-965a-423a-ae87-ac719b5b7e38", "value": 1000106, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474018, "uuid": "98d2b880-0737-4d26-adee-b25070512c0c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474018, "uuid": "351ccc3c-f5c8-4a64-9218-d21775936eff", "value": "DYc799eVFYPLwoJks5i1UrFdGyW.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6075702c-c8d7-11ed-88f6-42010a9c006e", "comment": "Malware payload (GCleaner)", "timestamp": 1679506288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506288, "uuid": "3a1156ac-980c-4dea-b3ee-27632ca544c2", "comment": "Malware payload (GCleaner)", "value": "924044a0c017c9db7063917d9d2744a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506288, "uuid": "6b7e150c-cdcb-4eeb-929a-0fb3931f0b7b", "comment": "Malware payload (GCleaner)", "value": "f9757bc4b64757aade6871dbdcb59d64ad51a7dee7f30834e27c6bda5f3b201a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506288, "uuid": "440368bf-c8c6-403d-898a-fdaeb637e891", "comment": "Malware payload (GCleaner)", "value": "95c64f07afab572fcad55902340ca574b05ed856", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679506288, "uuid": "ba890514-2e5a-4430-b17d-bd8631fb6d2d", "comment": "Malware payload (GCleaner)", "value": "866ddf07bd547718d022bdbdec66c087b4257715703a0879ba6db168acf5d9327f6458e57340966a8287e83460513369", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506288, "uuid": "8b0a171c-ba2a-447b-b050-40da4fa606d4", "value": "T1BBA53306D1958D22D95389F15EE9DA019F3F72062F3828BDA2CC679FDF23796CD4A240", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506288, "uuid": "4546a0a2-2bc4-4a06-9375-9f09f753bdd2", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506288, "uuid": "aa0eee07-58e9-4eae-bdaf-ca47896db311", "value": "49152:EGlJfsyzcvr+ddPYqxDVCc4Z4HZeveyHniTQsiU7gdi5dlLYp:5hzckPYqxRCBK5emyHnGpPYp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679506288, "uuid": "6d38be03-f2da-45c0-b6e2-7e2bf3f2ef20", "value": 2251741, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679506288, "uuid": "0ca64ca0-b1a1-48af-84e8-5fb2cb831275", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679506288, "uuid": "73441715-37a0-4024-9a4d-340c885f818f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e754b21-c880-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679468891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468891, "uuid": "5dca0413-82c1-4a6a-8817-9b6cd40d7fe6", "comment": "Malware payload (Mirai)", "value": "44eb0cb1449f0999f7feba7acb314a1d", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468891, "uuid": "d546812a-87dc-4f3e-8a83-6bb9f925b627", "comment": "Malware payload (Mirai)", "value": "f98377592d2cdfab2622caed3dec518ccc35763a10b35f04c451ed3f312abddd", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468891, "uuid": "a9793d7b-1fd2-419e-91b5-beefb52e18f6", "comment": "Malware payload (Mirai)", "value": "462b74b0821f040400769e21a7400577eaac293e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679468891, "uuid": "98c40732-308c-4fcc-a433-7a078264bc83", "comment": "Malware payload (Mirai)", "value": "29cc4ea0d37174d0a858ec07d857eb4afa99a994759b0e7b3a8eb34d4ddea9154a93a8bfe5255f665eae4f48e488651b", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468891, "uuid": "c1d9d41d-1b15-4de2-a0b0-66e131cc87a2", "value": "T1AC534B17B54280FDC09AC1744B2BBA3AD93775FD0378B2A67BD0EB262CA6D211E1DD44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468891, "uuid": "6c96c102-55b2-435d-834c-8b19939303eb", "value": "1536:rpmbSQ6U3q7cCBT/lZsK/wPiQMrCupimfFoktCeHJYEQMv:YShU3q7cEDlCK/wPEjpi8Fok0KJYEQo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679468891, "uuid": "fd514fff-04e3-4a4f-803f-24c03b6ef09d", "value": 63296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679468891, "uuid": "42da18b7-fd93-46b3-b41f-387f7c67a4a9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679468891, "uuid": "470b36e7-b010-40d6-82c0-4c56c6c9c305", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51682932-c88c-11ed-88f6-42010a9c006e", "comment": "Malware payload (Heodo)", "timestamp": 1679474050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474050, "uuid": "5e35aae9-adda-4dc9-bf04-f55fd2e72405", "comment": "Malware payload (Heodo)", "value": "63ecc3f2d0c1f9d628ff7262d204fdb8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474050, "uuid": "d21373d7-1dea-45ca-a6f5-a6cddd871886", "comment": "Malware payload (Heodo)", "value": "f997316e2e3f3acd7725682a8f24640b31e4182ac8048df05e07378589892ca6", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474050, "uuid": "06aeaf39-b71d-44fa-acba-7de12b595a89", "comment": "Malware payload (Heodo)", "value": "9afa8848f83742905b03fda0ce15fdbf2735025f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679474050, "uuid": "cb77c236-2731-41b1-ba95-9da5031ef1f1", "comment": "Malware payload (Heodo)", "value": "51d81137f32213273a40bb0dad50df806a89d17672c2ed8bdaac1c00539257aa28d37464a1b2de2fed4ce95c899ac6ab", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474050, "uuid": "4e930155-aa70-4c7d-a144-7720dd6c98e2", "value": "T1C22523E059F82941CD0E0C35F92B71BD92BC31666EDD15E633BC3CE5A90EF6842126B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474050, "uuid": "e61d8be7-635d-4c3b-b1e8-7c6be4fa78ea", "value": "12288:Ekf5dOzheNdckFRKluvnRHXdhbDHfXZX1EKdxKmSTH4deM:XXzNdfKluvnRHthzfoYxJlD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679474050, "uuid": "ea6dc396-3f94-4546-b3ce-3bf918717184", "value": 989919, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679474050, "uuid": "f8c674f6-1980-45d1-9c72-af861a86614d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679474050, "uuid": "414f3648-91fd-4e7a-a116-0c494d81a4c1", "value": "RPjhcgoVxMsWSbUUyQP7Y4.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d50a6b8-c8d6-11ed-88f6-42010a9c006e", "comment": "Malware payload (Vidar)", "timestamp": 1679505799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505799, "uuid": "cc0a4d31-557a-4019-b88d-9d8d72fb7af3", "comment": "Malware payload (Vidar)", "value": "2f5308161b80f440a3dac5162bf06457", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505799, "uuid": "27bbc755-3f8f-4e0a-871d-27cd6c55ad30", "comment": "Malware payload (Vidar)", "value": "f9c8db0be751dd549139156a8f523ea9d47dbe4693282da1818352333ebb7e1a", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505799, "uuid": "17380e94-773e-4c5c-9050-282c0c60cded", "comment": "Malware payload (Vidar)", "value": "fd46eebda82cf066c0af7681c0a483865612b4a1", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679505799, "uuid": "66ae29ae-e46f-4564-aba3-9b982eb78c2b", "comment": "Malware payload (Vidar)", "value": "4743a78d50d233daa8e1f62e6c3d11f3a05e090e9ca6ddd007fe847e6758c05e35ef2989b1730dcf41ec737526af499c", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505799, "uuid": "7841d8a7-ead0-4774-8b06-b251621eaaec", "value": "T1A23523AF9288586DF4664231C4814D33DF5DFC65DF2A5EAF6E0588F48FC3402076DAA6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505799, "uuid": "d67ad4ad-5c8a-4142-aac5-471a3cbe3db8", "value": "6144:qSaBIb3XdYhYLdQ2Bg1sD4pBOjGnnWSNy+ZI5Gsnbr+Os:lh0YLGl1scpoGnDwKwbrhs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679505799, "uuid": "943486ec-5869-442e-8a41-b6fe8aa1c6be", "value": 1119268, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679505799, "uuid": "0bd2bed8-e2b5-4d54-9053-64708dfe912c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679505799, "uuid": "e225d1b1-6af1-419c-abe0-a34b87857b6f", "value": "setup.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e66a38c2-c8ca-11ed-88f6-42010a9c006e", "comment": "Malware payload (Stop)", "timestamp": 1679500929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500929, "uuid": "45818412-607b-487a-8f59-23e2b20e67a2", "comment": "Malware payload (Stop)", "value": "ffdab25bdf8f3900e2541b47317cf1b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500929, "uuid": "474c0cf2-1bfb-4adb-a5dd-207d585e6489", "comment": "Malware payload (Stop)", "value": "f9e39fda7e23f3da023a95b72fb59924d487a8594c34291e4b0ba1873bff3076", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500929, "uuid": "519dd8c1-fafc-4b42-906e-813a407b6e31", "comment": "Malware payload (Stop)", "value": "a594588b07d67da39b20fad718c6fce6d75027f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679500929, "uuid": "c8e96d0f-f427-425e-a074-90d91cc8f05e", "comment": "Malware payload (Stop)", "value": "bc13085cf205b56be2f337c7fd4d670bbf3a81ef0e3c136417fe618c99d677e2204df90f8b926478e43830cbec5e9bf7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500929, "uuid": "299e90e9-36d6-41b8-b083-2793535685c4", "value": "T1C91501C253E06C20E5134772BE1FC7F42B1EF8A19E55BA6E2359AE3F0970172D262719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500929, "uuid": "55496517-7dd0-4f59-9a74-cd4b09bed957", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500929, "uuid": "17a70a9e-dc44-4b82-afea-775682f9c5b2", "value": "12288:cXmhIaODep4dsdfqXOu64RkHKkCIqG/2up952jPiexJTZE0Op8l2zZ:v/bpjdkBR8KfIq82uR2jPie3ZLG8l2d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679500929, "uuid": "565d0be6-470c-48cf-ac07-e7326828fe41", "value": 890368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679500929, "uuid": "4687553f-6c57-4653-b9d5-fbbb6f9c8636", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679500929, "uuid": "28e436da-e611-4241-9416-6c4ad89ead73", "value": "ffdab25bdf8f3900e2541b47317cf1b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba49a0f7-c87b-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679466925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466925, "uuid": "99898964-9168-47dd-9969-344113df94e9", "comment": "Malware payload (RedLineStealer)", "value": "d5ba7e786412f9d686e4377de5caeb8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466925, "uuid": "bc9ca89f-d415-40aa-b6bc-a33dfeb945fb", "comment": "Malware payload (RedLineStealer)", "value": "fa4035914b8deeb30943f7bad0ab9e48512ebce220bf7d366e492289584dcac7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466925, "uuid": "965f269b-86de-44de-9d67-fcbb358e45aa", "comment": "Malware payload (RedLineStealer)", "value": "00ddc056178956d46dacbfaa40fa779b28867e00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679466925, "uuid": "58b55a5a-d9cb-4fb1-ab5f-ced3ea14e83d", "comment": "Malware payload (RedLineStealer)", "value": "3379334d2b2153151661084f76a3215ed8acb2f722fe23e74446ba3c096ba63421da835399497d1d622e2cb8c97cb5bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466925, "uuid": "ece7677d-5835-4168-a3bd-d02d4e7f7336", "value": "T14D14C002EBD89033DDB527B058F707930B36BCE15E74936B2785A95E1CB3684A93136B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466925, "uuid": "7b137e92-1fab-4716-8fc5-e10b4e859e79", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466925, "uuid": "515c7472-6b95-4012-967d-ad877683933b", "value": "3072:Kgy+bnr+O1n5GWp1icKAArDZz4N9GhbkrNEk1uTEqTuBppc2Feo7:Kgy+bnr+cp0yN90QET6Brh7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679466925, "uuid": "a754ecdd-c622-44f0-8931-518836018b9a", "value": 196608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679466925, "uuid": "04361567-deca-4334-b87a-a9632204ee7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679466925, "uuid": "a30ff5b0-e48a-40c7-8110-33d562572564", "value": "d5ba7e786412f9d686e4377de5caeb8f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f80e0f6-c8bc-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679494716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494716, "uuid": "e0fefd55-a291-45c5-bcfd-fa55eabe0d76", "comment": "Malware payload (Formbook)", "value": "0d692d1e9c4616adca7c5e04a9cac687", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494716, "uuid": "8c0a5da9-bbb7-487c-bce4-9738c31b5163", "comment": "Malware payload (Formbook)", "value": "fa6ee052c639fbe911409fe71bec0303d0c676863471f37ca192273470a8e04a", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494716, "uuid": "8e0dc718-6e94-4a6a-9f39-2e586243f598", "comment": "Malware payload (Formbook)", "value": "65f7e38e0d5516dec9481374f01840e17d8c8546", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679494716, "uuid": "244873e4-7078-4973-be69-3c15b2d156de", "comment": "Malware payload (Formbook)", "value": "2dd45524481a8bab1cb8baf714aca41503cdb318a8c5f02508015409954c34465a20985f5063c558b10bb7eb2f9fa30f", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494716, "uuid": "c650e3b3-e026-412b-aaed-d9bc623e179d", "value": "T15C0533C968DEFDC3549F75E18258E489189F0DE8C4DCCA78022CBFE5678A417D42A5EC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494716, "uuid": "bd8b5b91-b330-40d8-ad1e-ab5d19d03391", "value": "24576:4Ejz/sugtOmVaWGTkRBxaMIH/umeeOe7rvGYz:Zz/2tvaWWTMceeOePvGYz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679494716, "uuid": "4168dd51-6e6a-42a2-bdcd-a3809cff7891", "value": 811418, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679494716, "uuid": "a1c18494-bef1-45ea-bf25-671c7955529d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679494716, "uuid": "40fc5ebd-69d8-4e40-b8d4-573ce7e4e02b", "value": "Payment_advice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ed3b03d-c907-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679526766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526766, "uuid": "cc18eb3a-044f-4e6c-bd25-cd97de5e4484", "comment": "Malware payload", "value": "7045ff38c49bc6e697b450f072dd042a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526766, "uuid": "e849f7aa-59e6-4610-8643-3f1870c551c4", "comment": "Malware payload", "value": "faac177dc34abcf373c928520bdad6b88d861465a7c92d76d2025e1582eb51b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526766, "uuid": "8e1e81cb-9623-4403-989b-d46d15e3924c", "comment": "Malware payload", "value": "31a374deafed7407ee69ce34c856c366f725d95f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679526766, "uuid": "cdf70bba-5a53-442b-805d-f377adaa2937", "comment": "Malware payload", "value": "0ef5586df86523c203053cb4ae4408b7f433d21c27fd9b28dd3e374d54f7dbe557a532eb23c03537bb6427f207431dea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526766, "uuid": "2ec34cb8-e4f5-4034-a748-d51a8d3d5d9d", "value": "T112846D0253E3AC60EF2347328E2EC7F82A5EB8615E57BB5E125DAA3F0D701B1D562705", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526766, "uuid": "5ddc9fbe-57be-4f9f-baef-3470a281d6e4", "value": "8800deabeb7a145ec7133669ba643dcb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526766, "uuid": "8170bac9-d4d3-43d2-a931-9f4e88a8fc7b", "value": "3072:0N9p8xUPrEj4xvok8LsSoBXOfBFkGRHQXdQHn1KVNfGywmNgWyg1KMa:xx2EOvoBLoBidwXdQkVNfGyoWyg1z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679526766, "uuid": "39f1445b-e955-4209-86d5-407f1bf2ac68", "value": 395776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679526766, "uuid": "e5c95a1a-123c-4d61-831c-dc9effd323b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679526766, "uuid": "26818388-e582-4bb5-a28b-dfa43315fdc9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3c7a22e-c850-11ed-88f6-42010a9c006e", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1679448553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448553, "uuid": "96b568ce-438b-4522-937b-b3c6067f46cb", "comment": "Malware payload (Rhadamanthys)", "value": "2c2cdca9662a751a5c3261728710c44c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448553, "uuid": "89e833f8-10bc-4d84-97f2-ce1fba5521cf", "comment": "Malware payload (Rhadamanthys)", "value": "fb499f15179226fcf53aa3030ba278712e85142b8dfe4da2bae3832626f58862", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448553, "uuid": "c7454cf7-9754-47e2-ad30-cee2c2da461c", "comment": "Malware payload (Rhadamanthys)", "value": "2b67b25f5f8f9f1960340a4e59048504959651f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679448553, "uuid": "dbcb1e0a-0eeb-450d-a8f9-4be7214e3df8", "comment": "Malware payload (Rhadamanthys)", "value": "371aa15b18e3d97c33ec887431bd6d1279cde8404483fab9c221062809f84b8e741515bdbefbd3f95c67b835cedc5fb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448553, "uuid": "0cf2929b-1a25-4ade-a5a5-dbde7c581526", "value": "T18D94090387A27C55EA158B739E1FC6FCB65DF670CE493BA632189A6B14B02B3C163711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448553, "uuid": "1e56c78a-647c-4ccc-98e2-534c745c6a8a", "value": "5fe0b073d2bf262b2cfd9470524e0ed6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448553, "uuid": "250f662b-46cf-4b89-9524-7cf8f1a0ddcb", "value": "6144:fujd735LYLSFW5lffthTQdBbHLYo7WhblLJdyd6VgPWpq:K35LYmFWXfrsT2LJsIVcWp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679448553, "uuid": "16b80332-06be-48e5-990b-47273df3e958", "value": 431104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679448553, "uuid": "defb1d45-7438-4dfd-b221-a27812612af6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679448553, "uuid": "602129ff-b75d-4fdd-a5ec-7d799c8c8902", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3c8dffb-c8c6-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679499153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499153, "uuid": "1ef1c2f1-6f7c-4acb-9bac-0df61e189223", "comment": "Malware payload", "value": "7a9591ea875e16484c187c9befb83ff7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499153, "uuid": "27adf75b-560a-4f01-b6aa-c91d5701f770", "comment": "Malware payload", "value": "fb49dfb03a100aa249257bd1ca510569a1afd2d032a1c554a2a60cad2ebdfea9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499153, "uuid": "00d4c62b-4d5c-4264-937c-561e4cad805a", "comment": "Malware payload", "value": "558d79ee37ead57c81b7be295cfcb306f7de7e39", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499153, "uuid": "dd3a183f-3470-465a-bef8-13085c741b8b", "comment": "Malware payload", "value": "0b31b7e400d7f63f1ac5af548a6ea0bdb5f887a57dc687b8bfa32fe0a3a67bf9212951af8e3ab1a8e0c1967b521edf27", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499153, "uuid": "96931c8b-bd5a-475e-8328-5420b5abee45", "value": "T1AAF41207F3E2DB72C1595ABED5E2092413BB938B633BEB4A3840017A1F527E95F15781", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499153, "uuid": "fe34aba4-a599-49b7-89e4-0e66ad0f403f", "value": "12288:1OHSEHMWu/Mvdujb/CCST6Qu+4Q4fcW+P4wx5lzs8fmcL38r:1OSyl8a8fCCg6t+4GXxzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499153, "uuid": "1e71cc8d-0685-475d-a6ff-41c666c65aa4", "value": 724575, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499153, "uuid": "b7dbd763-e3ba-4d7f-96d3-1aacf6b9a45b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499153, "uuid": "11865b9d-829c-45df-b511-60beafb4c0ea", "value": "SecuriteInfo.com.Heur.269.1657", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7326fb3a-c852-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679449196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449196, "uuid": "0274ee6b-09a9-4edd-944f-b77a5741bcec", "comment": "Malware payload (RedLineStealer)", "value": "8c0138c4df44bb5a52a4f0bfbcdbe200", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449196, "uuid": "34cdb42f-401a-4d6b-8c3b-d8df5504d705", "comment": "Malware payload (RedLineStealer)", "value": "fb805377f70ff7b51f71c775cabda6fd28576b9f3fdd2d9abca22b91a125b931", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449196, "uuid": "54e83093-5487-42c7-a404-5cb767afe846", "comment": "Malware payload (RedLineStealer)", "value": "b336009b5aa44ace0bf6bfcb42b9c72ffc0eddb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679449196, "uuid": "e3621d25-8f02-4c72-b707-5f3d407ab251", "comment": "Malware payload (RedLineStealer)", "value": "7d0477fc18414668e17ebd69133a42c8e843ad0719ef06d35b9cbb90475c2cc8391439d599e9b6de7212bfe4ba353a30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449196, "uuid": "c0bdd5f0-9203-41d6-b198-e9f9257daac5", "value": "T17E352317EAF80136E9B453B088F5029B1B39B8618D7483272356F89B5CB3ED5967037B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449196, "uuid": "9ec86fde-0552-439a-bf7c-5adee8b94700", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449196, "uuid": "f281c8ec-b4de-4a9e-96a0-0c51388ad7fc", "value": "24576:8ykl0YwzfLOkyTu7cSDstTvyFz4fFGnTMW:rM0dR/YftTKFz4fFGT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679449196, "uuid": "61954683-e002-4a77-937d-104dad811c6c", "value": 1088000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679449196, "uuid": "c3a6ef5d-6915-4232-b13e-b02133a109e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679449196, "uuid": "7b56df48-995d-491f-b784-f3a3fd9b29ee", "value": "setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5819024-c8e3-11ed-88f6-42010a9c006e", "comment": "Malware payload (Formbook)", "timestamp": 1679511611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511611, "uuid": "b6c33289-d1e0-4da8-8bb2-b4bd999b4c83", "comment": "Malware payload (Formbook)", "value": "f012f4e4f4bc3d5989ec7e74574567d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511611, "uuid": "c390733a-744b-4cb9-a736-787ca8c45ba4", "comment": "Malware payload (Formbook)", "value": "fcc1683097894f7f965dcbb2abcd28e98f4ab15e925ceaa75ae35bcf0c88f372", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511611, "uuid": "78ad4f95-8035-4ae4-8329-99414bd0cab1", "comment": "Malware payload (Formbook)", "value": "c130806d7f968656825c6357a01b9809bd586637", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679511611, "uuid": "bb85f707-74b3-4fdc-80e4-e3f927b9900d", "comment": "Malware payload (Formbook)", "value": "1c38531bd39196465a4f695f6bc9c0d57a06fabdaf7bb0d50f290ce8be217769b7fb5cc7afbcb9dd1fe1df46427bdfbb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511611, "uuid": "b617f93a-eca9-47cc-afb4-55b0909e58d6", "value": "T18E0512567296DA73C79888FD84B244141376E32B227BF7C22EC414E95FA3BD50B41B8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511611, "uuid": "cc051767-4231-4f10-8f39-da95f903e735", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511611, "uuid": "e9858566-00a7-4401-a7c0-7b8b0aad9921", "value": "24576:FZHsZLj9epRclsNQ5Vzd1LWOqNt/w4Qz2Dw:FhsZLBepRclLHLOxw4W20", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679511611, "uuid": "f5ddf84a-6145-4300-bd64-9f7468496e2d", "value": 819712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679511611, "uuid": "134ee7c9-91c9-4ce5-a6c4-1e8ee55ed8f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679511611, "uuid": "9d89e356-bd54-452c-9ffe-6d57ff5e64b8", "value": "Elektronik Odeme Bilgileri Swift mesaji makbuzu 20230322_8755450T.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a9b964a-c89a-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679480159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480159, "uuid": "01c1de04-45e6-4206-933e-f7b6302593ff", "comment": "Malware payload (RedLineStealer)", "value": "7901990febacdd6d9f94ae1d575b8763", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480159, "uuid": "f88bb4fd-cc98-49bd-a9d5-6b4878067928", "comment": "Malware payload (RedLineStealer)", "value": "fd27a0d8a325e152b38c31c9d66102e6356b4c7773740e509e03917f88543b5e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480159, "uuid": "666cbd3f-bbe1-4f2c-b3f9-d72ffae9ae26", "comment": "Malware payload (RedLineStealer)", "value": "afab34b092ca2ec69e17fd19c7ff5c2417880b54", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679480159, "uuid": "ffbe9009-43b9-4eb4-a34c-30cbc265d380", "comment": "Malware payload (RedLineStealer)", "value": "617b0d1d9ce973bf9edff401390be215ad6f436bd4710cec22746ee3e0bef7d3ae346ec834a47e24d319c7d4664c1612", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480159, "uuid": "603c40ec-b0fd-4620-8c46-c8eedb82a922", "value": "T13BA4AFD253E07C60E1124A32FE1BCBF82A2EFC619E557B6E1759AD3F08701A3D122719", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480159, "uuid": "8fffc549-0383-4890-a419-a736fb7657ae", "value": "c3df3d0d993bdeac73a0f5fd62093e4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480159, "uuid": "88a6746c-fc35-4e53-aeac-76fb9742d00f", "value": "6144:6M9F0Mt4F97uFIbT2uJ5KxLaPpbOzzhB5yrF:6M9F0o4/7eIbTEJau5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679480159, "uuid": "18cb012f-c1a5-4cbc-bbb3-33d1d5a587df", "value": 478208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679480159, "uuid": "8fca1f0b-437e-4fed-a2ca-eb62a4f8422e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679480159, "uuid": "2ec67b40-3b13-4629-bfef-4671b8f4acfa", "value": "7901990febacdd6d9f94ae1d575b8763", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "346a31e0-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516522, "uuid": "bb01502b-2c1e-41a3-a0b4-511ac2f9b8f3", "comment": "Malware payload", "value": "27220bd3bdf4b86279f092369e819037", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516522, "uuid": "8bd91e3f-1c86-4555-93a0-de1cd1e2799e", "comment": "Malware payload", "value": "fd48d461481e059144e11872c3db21fe8e7dd7fc5e5b6133bdc6ae920dcd7023", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516522, "uuid": "fbd081c5-0f80-40b9-9b88-adf62efadae0", "comment": "Malware payload", "value": "aa685925909d9f2fd23713553ff0d9e719091d6d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516522, "uuid": "1d704e5b-b506-459d-b363-ed4a842dd2a3", "comment": "Malware payload", "value": "182f68deaeb6c47646655d37f3744b9ead73550f8ca956011a7342b1e117f57531a19b02db51bc7646056f2a1c69b2cd", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516522, "uuid": "9a716c9b-8442-4b41-952e-c6304f6599c1", "value": "T1D8135A566BF10432F6B30A31A57444A6DFBEBC226477D4AFCB800E5D15B0916CA39727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516522, "uuid": "a3f97a07-8851-4785-9ed4-00c02a780cb2", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516522, "uuid": "f2935810-d79f-4868-9b81-d0b1081e610b", "value": "768:I8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1OQiwBeo0:L/6A0q5HDR4oWBx3xrBx41z8QcTi+RS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516522, "uuid": "bf46ec11-ccd2-4b18-bbea-5242a67517e0", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516522, "uuid": "d8ce8945-4092-486c-92aa-c4886f32fa1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516522, "uuid": "ba93ccc7-30a2-4463-ab7f-2612504dedae", "value": "2023-03-22_27220bd3bdf4b86279f092369e819037_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e15798e-c895-11ed-88f6-42010a9c006e", "comment": "Malware payload (zgRAT)", "timestamp": 1679477883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477883, "uuid": "fdd3e519-fd68-4c14-ab99-4555e2695c74", "comment": "Malware payload (zgRAT)", "value": "d1b89485286a6c6d69bfdd84f2a28533", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477883, "uuid": "a93fbb6e-1405-470d-8131-b6fb6cf221da", "comment": "Malware payload (zgRAT)", "value": "fd69359a2620691c4409432dae20bcc957c9ba1f69f824b6eb36c3f5cd052d98", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477883, "uuid": "ab044b4f-6a6b-45bc-98a2-e7debf3f62d5", "comment": "Malware payload (zgRAT)", "value": "5add2d926ced0c6b21f408fbee02875367c31a47", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679477883, "uuid": "ec9953d3-dee8-4c38-b456-9b450f360c7d", "comment": "Malware payload (zgRAT)", "value": "ff1bf835a28248f121a149aa2c264ca81457d9ef1ff439fb61740fbbc44b1956d4fd8bf899881a42357f9c0b3d74f5e5", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zgRAT", "colour": "#B7C2AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477883, "uuid": "561a28d4-5393-437e-96dc-c0e57666d5ac", "value": "T19DF43323A60E5D35C88349425F28A8E30BE44DE1A071D15DF2BBAE78B823D7C6DD4D6C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477883, "uuid": "3aba14e4-36e9-4c47-b4e7-cd896da77c8c", "value": "12288:vHkjFmWIhrqTGj7zI9l2ycKRsKYXel9aMkHbdc/BzgP7ERh08LVo06j3CqOx3n9B:vHKFmWIVR7EnvckshXyazb+/BqIhVrb3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679477883, "uuid": "e24f5dee-ac93-4495-9494-e430f73bf51f", "value": 767364, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679477883, "uuid": "9c635f20-fa4c-48c0-b5f3-6badb4174822", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679477883, "uuid": "ab89a1c6-60d0-4205-b507-ffdb6af2f25a", "value": "Documents.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3613fa58-c8cb-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679501062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501062, "uuid": "6118f5fe-b24b-403b-ad17-8a0c604f6121", "comment": "Malware payload (RedLineStealer)", "value": "cc7799c084b875aa338bd8ec21f523cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501062, "uuid": "6d70ea48-b5ae-49a2-9326-3a74317fe464", "comment": "Malware payload (RedLineStealer)", "value": "fdd765ae46119908577dc7f8d3c944af9564318c70a6e05163a55c3d3dd8ab5c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501062, "uuid": "705f18c6-4702-4278-bbd4-b45ae1c02646", "comment": "Malware payload (RedLineStealer)", "value": "bd8f1c79557aadbc70820a25f948909db2ed468c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501062, "uuid": "a35ef971-ae94-4a56-8c94-258414aaf323", "comment": "Malware payload (RedLineStealer)", "value": "fa4bf2984266f95d1d8fcde1236849e473864e7c8fad9a1b77730c6040a905df9030acf4bf371b885dd8f848211bf84d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501062, "uuid": "fbf3385c-3823-4e99-b042-05bd8883faf0", "value": "T1C6555931B5D2CDB2CF293036C9A1F5B54C2AE962CB66D9EB479D0B6BCFA3141B120345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501062, "uuid": "91f85699-cff8-4e6f-bfcc-aae681f94075", "value": "bbd31484e281b8cf8f2202c9b7b07f3a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501062, "uuid": "4814aa10-7834-4bf4-9506-86c6d8e4ea93", "value": "6144:/UJewSfr8RMOkEZBYN6IMAOi9RYLk0DmIarRXic0VEq4IEJKp:/UJewSfw5eCiuOFXic3LK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501062, "uuid": "704f466c-d094-467e-b132-89d43e7da316", "value": 1300992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501062, "uuid": "49815e28-6d41-4166-baf3-dc8a9a5f98db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501062, "uuid": "9673e8e1-ed8f-4929-89d2-77a2271d947c", "value": "cc7799c084b875aa338bd8ec21f523cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "329356b2-c8ef-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679516518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516518, "uuid": "93ddf782-ece0-4011-af6c-c7a95b2f756d", "comment": "Malware payload", "value": "4ec61b3ac43000eacb36ee2a4591ccca", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516518, "uuid": "524797ca-eaaa-4c24-898d-14aeb330c967", "comment": "Malware payload", "value": "fde2830540b959d805635814c12cbf7b64d5d7370d293a29da35d51b369eb1dc", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516518, "uuid": "3ffa9f42-3fee-4c5a-9acc-43c2d1d5945f", "comment": "Malware payload", "value": "6bb4b15f0047b0957b961187b492754c9190ff91", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679516518, "uuid": "04821d59-ff41-4e0c-9f4a-a941f0c7311c", "comment": "Malware payload", "value": "b1c211a2f1f6406bf49d3d3852d5f507c475213ce02bafc64d03326310ae621fd3e295224edf031b5774401b617151da", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516518, "uuid": "5e236b3b-3276-4ccd-aee3-82a62791c24d", "value": "T115F239556EF24033F5B30A71A57444A6DFBEBC2264B6E45FCB800E5D15B0942CA3DB27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516518, "uuid": "3f414548-d07b-413c-b5d8-28131bdd64c0", "value": "f5e4c8acb92fb1c8223cff431020dba0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516518, "uuid": "987d5632-0456-4e62-a06f-89f316b4f545", "value": "768:m8kr2D6AKlLO+SNhBgCHDck4MV0ggv8KoETBB9D3xvjHhx4eC7Xj8Qc1k:p/6A0q5HDR4oWBx3xrBx41z8QcG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679516518, "uuid": "1f22e317-94c8-41e4-860d-16b23f1032e0", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679516518, "uuid": "5b7bffb2-2f76-4b9e-86e6-da4776a9abe3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679516518, "uuid": "405a6c10-b9a7-42aa-98fe-c6b1ba1f01b0", "value": "2023-03-22_4ec61b3ac43000eacb36ee2a4591ccca_lockbit", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2010b6f-c8cc-11ed-88f6-42010a9c006e", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1679501727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501727, "uuid": "b6bf591a-5f61-4257-a5f2-31b419bba6a3", "comment": "Malware payload (SnakeKeylogger)", "value": "d744cb68c75dae96285404744979a800", "object_relation": "md5", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501727, "uuid": "4330d6b4-59d9-4b6c-96e5-3771e19ee16f", "comment": "Malware payload (SnakeKeylogger)", "value": "fe1398dd4e70ada5940722af7d943df9f0d3905ee8e322b19898511497ce1923", "object_relation": "sha256", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501727, "uuid": "d23a9ea5-df09-4d54-827b-a133206e205c", "comment": "Malware payload (SnakeKeylogger)", "value": "7788d7c06e055a6d574abd5030188cfdd37e68fc", "object_relation": "sha1", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679501727, "uuid": "128d838a-0cac-4e10-b07e-2985b02dd37f", "comment": "Malware payload (SnakeKeylogger)", "value": "52499ee9f6c427feeb39a3b204a352e535e0cdccbd4893bc44c7595f65cb4079bcccf2760888bc2ee6428dc4f33536cc", "object_relation": "sha3-384", "Tag": [ { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501727, "uuid": "bcf1673f-69d6-4c18-9dd6-334a8b276ce7", "value": "T1BE350217F9C48D4AD44347F96AE37985132EBC226BD2A2C72748B70F5FB8AE0464711E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501727, "uuid": "56a24062-b72f-42f8-9d2c-64bb18fd22c1", "value": "24576:XLKFWQmmav30x1+MXUu9/6U+MXUu9L3bVq+MXUu913bVpC3zpoqn1DX4:XLKEQmmQ303+MXV9H+MXV9L3bVq+MXVE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679501727, "uuid": "b8157a91-2f81-4750-a423-fd8393c64762", "value": 1149440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679501727, "uuid": "f05db9af-095c-4bd2-9f6c-d715ce9eabd4", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679501727, "uuid": "f49e29b9-162b-416b-9cf4-96a86a87630a", "value": "NIRMALP1_GBPOUNDLAN_JHT0575275.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fa81a8a-c8c8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Quakbot)", "timestamp": 1679499897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499897, "uuid": "fa049609-c946-4c51-a2b0-79ceb4a3b2c8", "comment": "Malware payload (Quakbot)", "value": "59714171adf8784eaec2a3f24d6da76a", "object_relation": "md5", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499897, "uuid": "ceac8e63-799e-4783-b61a-546a121ab337", "comment": "Malware payload (Quakbot)", "value": "fe254e5c76bfafc9b4f700566eb1aa263b62eea8b190fb1c402d4d88d541f290", "object_relation": "sha256", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499897, "uuid": "9174b4f0-c001-491c-8bcd-0d50443f7257", "comment": "Malware payload (Quakbot)", "value": "b0df11b1b45203762b38732d3755ddebb4ff7ea8", "object_relation": "sha1", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679499897, "uuid": "3ba6da03-75f2-4cf1-bf12-d73c0060fe31", "comment": "Malware payload (Quakbot)", "value": "74531c99f0de6a6d8f2b24358d7a9c28dbb81d7311da40ac5f4624868887e74ad75fb3c0ed40de9b6945027bd250145f", "object_relation": "sha3-384", "Tag": [ { "name": "1679481679", "colour": "#44CB0F", "exportable": true, "hide_tag": false }, { "name": "BB20", "colour": "#14B7BD", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499897, "uuid": "5fc6808a-5e41-4a32-b8e5-37c11620d3fc", "value": "T1AD4371604A4226294B8BFA27666C9050DF780A6BC694A457F49F3311FFCE52CD8F43F6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499897, "uuid": "49e410b6-f0da-4d33-ab35-aa115312cdb0", "value": "768:Iq/W1N+04Oo1Xh+C3kKADD7dcDP5SYSf9RFASazTlEOM8GtRWfPpvdMIldBEviGd:Iq/WrH1olhOVUK9RSNKt30pvdMcBMld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679499897, "uuid": "9bc90cb3-bc0e-409e-8f5a-6d324b23fd73", "value": 60355, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679499897, "uuid": "033ea6df-22c1-4543-a63d-346d1e0ecd5a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679499897, "uuid": "82117df4-515f-4a96-8204-55b257fd3561", "value": "NmDO.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8aa8e3b-c866-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679457929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457929, "uuid": "312dd019-432b-40b7-b3d1-e467e96c058d", "comment": "Malware payload (RedLineStealer)", "value": "4f6690da2e69f402ed08c4e329977561", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457929, "uuid": "06f9b035-7c8f-45b3-86d5-87b6a98b7089", "comment": "Malware payload (RedLineStealer)", "value": "feac7af75fa515159b6cf1bef946623932aba9dd0fae78fcfc188bcd123c942f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457929, "uuid": "4c017c1f-88bd-4cad-8bec-643ba92c8a7b", "comment": "Malware payload (RedLineStealer)", "value": "4f3505506596b5435f3c9d8f64c3d2b256bb7ed1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679457929, "uuid": "62de3881-2737-49ac-8ff8-a2973a77454b", "comment": "Malware payload (RedLineStealer)", "value": "a6d057cb90ab9a5e1e79251e9ed7f25924092a04bfbd2b7e7edad4a3ed8932e7e06060de4385e5b5bd4e67b2e8bc996e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457929, "uuid": "ef881e4f-3962-4c33-8ba4-4cb6e2551e2e", "value": "T15BC58DF04A92BF80D7EF2D5090EC1A909D982B57879DD248BCC81816DAE9750EFDC7B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457929, "uuid": "524ca9f1-788a-4e27-bc75-ce8045c6d887", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457929, "uuid": "6bbdc733-9ab2-4008-b33a-f1a6eb047e53", "value": "24576:8DS3dlU8zjXp0sDzdLTIx9V1TtOUS/cInWxplUo+sPPKER9PPVg3rVTofklNbCkM:Hk8zdJDzdLyxkXWA+wtLF3esi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679457929, "uuid": "7c2f8392-a665-4834-b070-f23929f8fd13", "value": 2635280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679457929, "uuid": "be7b6c30-7d5f-4675-a568-aec03fd413cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679457929, "uuid": "e3cc5887-2898-4ee6-a4aa-3eb769edc1b5", "value": "4f6690da2e69f402ed08c4e329977561.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e727b70-c882-11ed-88f6-42010a9c006e", "comment": "Malware payload (RedLineStealer)", "timestamp": 1679469643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469643, "uuid": "d9b6e4f0-183e-4705-ac19-396d451b71a2", "comment": "Malware payload (RedLineStealer)", "value": "a896f1696e17908b35191251050dcbf5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469643, "uuid": "0c6db407-2321-42e6-868e-19b4739a8051", "comment": "Malware payload (RedLineStealer)", "value": "feedf9abf801043ab45f78a7ce7f66e37fe869ed9fd14a1e63dfc85d454d0ffc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469643, "uuid": "60db967d-3d89-4951-84c0-0e6d230ccb0a", "comment": "Malware payload (RedLineStealer)", "value": "e1b07085f821a1f2ddce2ba292f600c4d00543d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679469643, "uuid": "0c3f317e-7a9d-4543-acff-2e4ea5cb55e0", "comment": "Malware payload (RedLineStealer)", "value": "973ac2313cf0a84d386aacd4535761338b0eeb2d21ab4d170312332d10038758f7a54a74877362490f8178b95582c44c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469643, "uuid": "1ea5568c-28ec-4745-8b26-83a785ec470f", "value": "T158352317A7C4D836CCB523705CFA02D30F397CA26D79931BA665961E0D31490B1B6B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469643, "uuid": "c8533c72-ce55-456a-a801-e43f6c72df8f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469643, "uuid": "5d51889d-49e7-4561-980e-f2158bd48321", "value": "24576:GytyomGtGYl2fLhZpPDKa7ihtbzyejWLfBjMfeZKtFqe:Vt3OLD9Potb+ejo5Mfes", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679469643, "uuid": "6770b40e-5bdb-4a29-b999-ad2b001dbbec", "value": 1118208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679469643, "uuid": "ba122a42-93fa-4101-b050-eff747bd805e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679469643, "uuid": "ff948b65-afae-427d-8a1b-45ae60d11188", "value": "a896f1696e17908b35191251050dcbf5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01215966-c8b8-11ed-88f6-42010a9c006e", "comment": "Malware payload (Gozi)", "timestamp": 1679492813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492813, "uuid": "9b772ff1-97a2-475b-b77f-4200a80af00c", "comment": "Malware payload (Gozi)", "value": "ff6827258d208260240eea53b31013a3", "object_relation": "md5", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492813, "uuid": "f0894dea-4925-455a-bb90-9b31f97f4ed7", "comment": "Malware payload (Gozi)", "value": "ff60f197ec9751e4a6b6116e90a3076b613fd8c6451aa102605fe0f769596d45", "object_relation": "sha256", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492813, "uuid": "d0471b77-6e7d-499f-b68d-35f3558c30b4", "comment": "Malware payload (Gozi)", "value": "27157bdf3a15e0186a789502f1bc036d167640be", "object_relation": "sha1", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679492813, "uuid": "768abb8b-75e3-46b6-8d0a-2ab096ad9494", "comment": "Malware payload (Gozi)", "value": "c5d25c0307cd9439ba93cce1f9afd85f4e8c1629c31173cc7e504afcc6f6954af566799dd0697d10e90c85f9a5cf53ff", "object_relation": "sha3-384", "Tag": [ { "name": "agenziaentrate", "colour": "#B3FDD4", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "MEF", "colour": "#034353", "exportable": true, "hide_tag": false }, { "name": "mise", "colour": "#B2AF41", "exportable": true, "hide_tag": false }, { "name": "pw-Agenzia2023", "colour": "#3DF0EC", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492813, "uuid": "9416d0b5-7fd3-4f13-a5b4-4a5824fef9ac", "value": "T1E9F0AB49460936F4C04DAE3A528243B67D318E6F70A87B07078E51321D856F54F0C842", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492813, "uuid": "22a2340a-702c-4f38-88ed-0994d9c4ea6a", "value": "6:5jgjPhCHAq5a33ENvapCoGktaBdCSjcN1dl563BC639+tojoN/5P6nBSH//KGiNt:5jWPeA1EdMtHUIyoNRRSP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679492813, "uuid": "a5e655d2-efd8-4fbe-bab9-e6dc288874ff", "value": 479, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679492813, "uuid": "99fe000f-2832-41e1-9067-344cebefe4f5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679492813, "uuid": "fbf362c2-7fd3-4e72-8c1f-94997edb5478", "value": "Servizi598.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97a3481d-c8ad-11ed-88f6-42010a9c006e", "comment": "Malware payload", "timestamp": 1679488341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488341, "uuid": "08aaa442-7509-4700-aa4c-6e6e2d15a879", "comment": "Malware payload", "value": "1c7de18b984df2b3320ba0ce06df8e30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488341, "uuid": "fc88c1ed-f959-48fe-a07d-912cccc5b0b4", "comment": "Malware payload", "value": "ffb9192afd43da5c2c43792c31e9595a7c277d8302a3159e9a9935d36b5ebb08", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488341, "uuid": "336e0214-fc80-4374-b5fc-4c8e9ba8285e", "comment": "Malware payload", "value": "5f78b3fa731cd1290d7fc462fa49073e2e1987b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679488341, "uuid": "72f5c819-b994-4080-8c0f-508bf26c8338", "comment": "Malware payload", "value": "8e9157aca222b739198f05e8dc1c6c1186265997a76fe79518fec6f156f0a87da7e1cc8822d4ccb68ca4bfc61bf367b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488341, "uuid": "1ad5bc9d-8003-444f-b143-202165b21be8", "value": "T12574F1C2BA01C2FAFE6C8931F4AF94078A59FCB95E610CD52358BB8848F22514D4FF56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488341, "uuid": "fa8aaf93-433d-4539-a026-dfc16bffce46", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488341, "uuid": "91a70af1-40c8-48fd-a92a-de359a92f975", "value": "6144:nQ606xUAK/TxV595DDVryH6v/b0Ez2AKfIjkNjP/i2wgBl+uqtATiFJJWFh:k3LJZryH6Hb0Ez2AKf6GP/rBwnnWFh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679488341, "uuid": "bc1e6a2b-8840-4703-b313-fdfd38f33904", "value": 359217, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679488341, "uuid": "3c7857d0-6816-40ae-bc78-04dd9191c4ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679488341, "uuid": "c1e23add-7a50-45f5-b091-61395408fd78", "value": "20220830_ProtecoPTE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7542e85a-c889-11ed-88f6-42010a9c006e", "comment": "Malware payload (Mirai)", "timestamp": 1679472822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472822, "uuid": "579c3761-d69b-4cc2-9199-952c7a084b56", "comment": "Malware payload (Mirai)", "value": "bb35e16c2dd6ae53d949763035efda39", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472822, "uuid": "f0cf7687-a070-4b6f-b70a-de5a4e118ea2", "comment": "Malware payload (Mirai)", "value": "fff884847e8eea4f3f8cf61d98fc15379eaeedc2220babf20cbf2b4995df498e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472822, "uuid": "558f334f-b22c-4b6a-bb9a-e1852947bcf3", "comment": "Malware payload (Mirai)", "value": "3027df200c636faa06b2d8bc8f0038cfded17d68", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1679472822, "uuid": "51f7346e-32c4-4443-a8e7-2480862d4403", "comment": "Malware payload (Mirai)", "value": "552ca7d2bd8a447186f0a2d5cc30bf079a946d2d57bc227b99c31fe5e14df5f66b2a2946cdb3ec55b5eca190a6ad3d42", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472822, "uuid": "9d002684-f2ca-49c2-8b64-d0ef9d3ad566", "value": "T1CE438D37E96E1E74C04641B074748EB56F23A5C883972EB71AAAC2795483E9CF504FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472822, "uuid": "6e0f60cf-41db-42fe-8621-dc0214b8ee9d", "value": "1536:Vaa0brW/Od9hlCRY0uiCKYXAKEpNxDCMF2+Wx:Vv0brWGd9XX/ilYCpNxDc+w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1679472822, "uuid": "e2d420c1-051c-47db-8299-b3354396caa0", "value": 58740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1679472822, "uuid": "762db649-1c6d-4db0-91a6-b6c71304d1b3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1679472822, "uuid": "271b6113-7fc3-4228-a17b-c132d40d2f34", "value": "bb35e16c2dd6ae53d949763035efda39", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }