{ "Event": { "published": true, "date": "2023-07-18", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-07-18", "timestamp": 1689724981, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "04a4c7fb-3dde-412e-a3c5-25b210e30901", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f63c8eb-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1689685466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685466, "uuid": "11e86305-256e-41bd-a19c-8b61146d21a0", "comment": "Malware payload (Smoke Loader)", "value": "ae895751360653ea6be474e7afebec22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685466, "uuid": "6108d4cf-08b8-4853-a2f3-3c68ec00ffdc", "comment": "Malware payload (Smoke Loader)", "value": "0307ca7c70207830a443f9354a4544e6f46cff1e053741902e2627e586639434", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685466, "uuid": "04e95e44-66e5-4995-a823-826f92c61cbc", "comment": "Malware payload (Smoke Loader)", "value": "99339aea0b30ffed4eb0ceefdec483b55ced2aad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685466, "uuid": "1a47bfc5-8c81-4c7b-83e5-029ebae4c96c", "comment": "Malware payload (Smoke Loader)", "value": "0fd4b1cc0b36a1ba92bcb783dd52716743e2546069c0766cb1d8be9fe642483a59308dd0a62b50cd2aa429f3cda972e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685466, "uuid": "9a930fa6-6c0d-4adc-94ab-c17255b30294", "value": "T12764954392E17E44E9268B729E1FC7EC770DF6508E8A3B696119AE1F04B13B2D1B3714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685466, "uuid": "f30209a0-a290-45b1-a7dc-d76d4578a710", "value": "1f46cd2f6fa2b68be3021a7a4bfd8efb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685466, "uuid": "69f005ec-bd46-4ec2-a68a-f6463ef53867", "value": "3072:88xpafpicLDu0K+BunAc3cpjablRrpvrqgH4NRSgJ3J6825CfCGFB6TR:8i1cLDvBrFYXvrPYfSgJZ685fCs6T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685466, "uuid": "d192ada0-4d0b-406f-ba96-46c7a96a0c12", "value": 331776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685466, "uuid": "b163f4f0-ca52-482d-8e96-2e99a8165ed3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685466, "uuid": "6acd3e3c-07f9-454f-a982-b1704cbbc845", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e9605d0-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641011, "uuid": "13fd6c0e-e78e-4fd2-9616-1f3a51db2636", "comment": "Malware payload (Mirai)", "value": "f417349ca9a757ea665edd41a5a3deb9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641011, "uuid": "de13aee8-cf7b-410a-b991-0ed0b9594e71", "comment": "Malware payload (Mirai)", "value": "037a6bf1d17156afaba29ee79ff1453a549cbed6fb3fc0e4f42fc11bc4e90119", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641011, "uuid": "5ca88622-82d4-4c4b-bf19-2026cb32f2a3", "comment": "Malware payload (Mirai)", "value": "86b61336911fcc05989d725f1c2a542ae2db2205", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641011, "uuid": "4021fac1-f284-4846-9150-38b14214e17c", "comment": "Malware payload (Mirai)", "value": "bc5a365b23471d621c61f14acbede4ef3bd64c708ceb74efbb9e54159bfbbcc6516ee6e6c2cdd70cc0ce2d7e873c861a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641011, "uuid": "374a6de5-fcab-41fa-be48-1bf65d86e7b8", "value": "T11EE2F197E372A042DDBC2AF5F96986CB6B7D4BACC27730631A155B2429960435F3C882", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641011, "uuid": "1476a900-26e2-4808-8452-80bdf083bf70", "value": "768:PoiWiO031vpAPbrVWZK3XVGxm9XVi9q3UEL5IY:Porm1vpALgUJZLr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641011, "uuid": "75902042-0ef5-4d09-b990-cfd4f6f75699", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641011, "uuid": "bc037d8d-9e8c-4751-bd53-2d9385faa6c4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641011, "uuid": "179d662c-bf15-4e8c-9305-3479e9346c0e", "value": "f417349ca9a757ea665edd41a5a3deb9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8045de33-25ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689719344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689719344, "uuid": "add08273-5e1b-43bd-828c-b739de3b3a27", "comment": "Malware payload", "value": "0e68879d73734af241629e88e1321463", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689719344, "uuid": "51517de6-c5b2-4bdd-b1ce-0709feaaf7e9", "comment": "Malware payload", "value": "047cf01946d338dbb132a5564269002b6aba1b0b2bf26b3199503b7d293712f6", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689719344, "uuid": "269ec402-d2c8-43a5-96a9-70ec8cd1368e", "comment": "Malware payload", "value": "347fa7e023d0e2af560fbe39679ab4857352469d", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689719344, "uuid": "6ccbade0-9794-4d85-8bff-49c6643def91", "comment": "Malware payload", "value": "a7d652ff7966923b6fe8529142f20306f5a949c3d04cb6a4337728ced043a10af76d7e2519f3e3bbaf219c28921c77e4", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689719344, "uuid": "4e8f23d5-3693-483e-b83b-0e4437509fb2", "value": "T12003E45EE79F12A48F4102B3271A1E89A6BDB23EB3545171746C933433EDC3E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689719344, "uuid": "7cb60ee1-5a15-4b5a-ab4f-34622d208258", "value": "768:KFx0XaIsnPRIa4fwJMeOsho2R4SrouWVmd8vZx5H8gjtxJv:Kf0Xvx3EM8aSEuemdox5cgjV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689719344, "uuid": "147c4aa0-eff0-4e2c-b652-f4f49aba9581", "value": 40371, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689719344, "uuid": "dcea748d-fe63-4cf2-831c-3bf4624d85a5", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689719344, "uuid": "4cae9c05-1e34-4590-bffa-fbcdce010f98", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.27418.11609", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83b3400f-2549-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689670816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689670816, "uuid": "bd06e322-36be-402d-b0cb-99c51e2b8b22", "comment": "Malware payload (Gozi)", "value": "6bddc7ac5daf41b61eb3641d804f49eb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "old_sample", "colour": "#215D8C", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689670816, "uuid": "e2000c81-2211-40fa-a212-1e84e84d1268", "comment": "Malware payload (Gozi)", "value": "05d1e45c65cc53e935153e6278089cb228cceffbcdc65067c30273265bc2ce9c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "old_sample", "colour": "#215D8C", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689670816, "uuid": "68fbdd7b-8ec1-446b-8d09-da010048ba1d", "comment": "Malware payload (Gozi)", "value": "6499cffa7ffdd633390c99f5c41df3c96d62f34e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "old_sample", "colour": "#215D8C", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689670816, "uuid": "834852fe-e6fb-4c3c-93c8-2406fd0491db", "comment": "Malware payload (Gozi)", "value": "39ae8d7c46e4049f1a0a7e34b253c339452849c8c9e949540a922a6c8e2e36f4f9d98d9ea0897597553ddd6b6e625134", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ITA", "colour": "#ADAD08", "exportable": true, "hide_tag": false }, { "name": "old_sample", "colour": "#215D8C", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689670816, "uuid": "374bc8ca-56ae-429c-9186-e5137ec41c9d", "value": "T11A137D01F6F94CF2D3A25EB02621FBF5A7FD8632227960419F13A9C91D60953E63D24B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689670816, "uuid": "9113940e-3648-4d3a-a93c-0ea3c7753847", "value": "ef075d26b728b78a932306e24062e80c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689670816, "uuid": "49f422fa-a94f-4099-8f5d-7166a91a3054", "value": "768:qIlgbBqM1JAVPsLHOORtxUKtjpdRP4zXmZSxCqO7gp/N7FqEj:qBTJAlsLusaKtldMXmZKO7AN7Zj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689670816, "uuid": "a9920500-b67a-41df-965e-4bb550cf0f27", "value": 45056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689670816, "uuid": "69d55fcc-6ae9-4ede-a8b1-f5478625da6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689670816, "uuid": "bd5b7346-49ab-402a-ada5-2c1168a35568", "value": "last_payload.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccaa2051-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694131, "uuid": "4fa76cc2-3054-42e2-a0fa-a4f908944dea", "comment": "Malware payload", "value": "5a1f238789c12be8021a8550eed02012", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694131, "uuid": "f145e177-0bfe-44bb-a4a6-4e451a2a8f5c", "comment": "Malware payload", "value": "067908d088c05b576bfb91916cf06ab600cff82e02dacc62d025d34a4919afec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694131, "uuid": "3c69f3c4-8daf-42fe-b427-0b6ee702f397", "comment": "Malware payload", "value": "1c97593fd48c7993eafa349a92b4cadf78050a25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694131, "uuid": "7ba1c0c0-6d92-45c3-a25b-4516b61808fd", "comment": "Malware payload", "value": "e611ac9001aa0575d98a14bc7c5b6f1b8bd1b8ba28d950b40f92a76d18238906427b7366c20d8d6ab8bf59efc9b07aa0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694131, "uuid": "03546e54-8613-40f8-afac-9a57b5b845cb", "value": "T11EC1B45297E84237EB368771ACB31B000371F7529E6BDFAE25D8521AAD27B400652FA1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694131, "uuid": "a1c636c9-f661-453a-b2f7-d0bf40c6a19e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694131, "uuid": "0702060d-9c1f-4f48-ba91-8d018528b131", "value": "48:6uu7c158v5VRYl2spIey1AlvuuEWNMKh95DLZcqzzaRgTzQlh4AsFapfbNtm:qulr1UexEzIUc+zNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694131, "uuid": "6dd66141-f61a-4fe6-8b45-d42d2ddbf48f", "value": 5632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694131, "uuid": "133797b4-e093-4a22-8bc0-38ae2557720a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694131, "uuid": "fecb9973-7717-49c7-94c6-7b9e6d07e09d", "value": "067908d088c05b576bfb91916cf06ab600cff82e02dacc62d025d34a4919afec.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "069ef257-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1689672324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672324, "uuid": "5736934c-34c3-493e-80cd-ff4f4840a12c", "comment": "Malware payload (RecordBreaker)", "value": "a2f979b364f6ac14455079cfb11d9378", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672324, "uuid": "9808c4d0-4fdf-431b-ba50-e0d39030bee9", "comment": "Malware payload (RecordBreaker)", "value": "071e9de15078bb820cb507eb135aed7ea4c4c0d42fe14ae205d20310e0ea89bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672324, "uuid": "e53e8afe-b81e-4cf9-8bcd-50b79e0f26fe", "comment": "Malware payload (RecordBreaker)", "value": "92f0e94e67fe3dc8de35f8cd4bf30143047df00f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672324, "uuid": "f2f78613-1a8d-4ad2-93cb-133c7a68084c", "comment": "Malware payload (RecordBreaker)", "value": "1993d2fc282275d377d6185b5623c0d525ff2ea6582180613631768aaeb08abfb5da1e1e62b1010c546893e1393caf76", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672324, "uuid": "4cfc8f88-19b5-4c0c-9561-1abbac9da235", "value": "T1867713D3A6D9A3F8C08349385182138770D1B4AEC5FDD65E3AC79C036862EB6498D7B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672324, "uuid": "2caa314f-9c45-4af3-bccc-d0e8da3e7875", "value": "ffd0fa11d62a03aa3299c02a14b1bf77", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672324, "uuid": "7d3ab9da-ab3b-46af-8692-043552fa4f89", "value": "393216:sV0pJXZqIOOHDvUmv4XOS5s41i7vP06D4sCLzhtxw/4JIvWZ:sV0qIbj8mgXL1i7lDqzhtG/Hg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672324, "uuid": "9fbb1565-d46b-4db4-bd1d-c95700fb0cb5", "value": 33751240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672324, "uuid": "133ff9bb-0a22-4fc4-a02f-9db8a859f926", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672324, "uuid": "2bfc583c-e891-437d-82fb-8477f1c69af8", "value": "a2f979b364f6ac14455079cfb11d9378.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edc1e5ea-2546-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1689669706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689669706, "uuid": "42a4a403-f902-4045-95cc-db8f00c70b65", "comment": "Malware payload (IcedID)", "value": "0212397de4791306b46d09aea354be73", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689669706, "uuid": "973e93cb-02b9-4c23-9730-a4d12271ae5c", "comment": "Malware payload (IcedID)", "value": "07858b5cf958e1e27f4c71dc5fa12122d79cabe63ea5a11b909718e4563ac606", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689669706, "uuid": "d0293e14-fd43-46a1-9cd9-13a0c0469e6e", "comment": "Malware payload (IcedID)", "value": "cadb087a7cc698cb13896b7137333295671f8512", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689669706, "uuid": "8a3d3ad8-4e07-468b-9247-a0733977f222", "comment": "Malware payload (IcedID)", "value": "8836c189eeb4c648fdb15a16807c0a384e82b327856125743863590bc4a689d1b6487d4554d6e5ad9cad928dc03a6fd6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689669706, "uuid": "f4c1e49e-936c-4412-831a-27a24bf52cd0", "value": "T107D3494E73B9505AE176937D8A924906D7F2B8200753CBFF05B193BA5E27BC0AC39760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689669706, "uuid": "bd877591-8a79-4857-9997-a418ba397f43", "value": "150c026d59899221bdd1d565da5f91bc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689669706, "uuid": "626e34e4-3a9c-4641-a429-77b59a1f674c", "value": "3072:ni/QhtPjMiqUyqEBzJvl+AKetjEA0e06OHFEGuWk49:3DjMdFJvUbuWkA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689669706, "uuid": "1c975aa1-0e32-404b-b252-f0dd28ad461c", "value": 139121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689669706, "uuid": "fde58213-dfee-4ec3-885d-379317c2c3dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689669706, "uuid": "6f3ad44d-3a11-4ced-b934-70c8fe176246", "value": "374059.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55ffcf46-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689685772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685772, "uuid": "a2a09611-fb02-49e5-8a5e-579c94af61bf", "comment": "Malware payload (njrat)", "value": "aea8093989b49b0e7449dfaadafcde4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685772, "uuid": "3eede086-4d07-437f-a107-15295fcb5de7", "comment": "Malware payload (njrat)", "value": "079ee1d5bfc9f7b51c26f721c3e43160f01208bfdcd67290b44dd0f53cac5ca0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685772, "uuid": "5d324f9f-5887-4f0d-8dc5-3b6d699704da", "comment": "Malware payload (njrat)", "value": "5a58969c99076116e833d9fbf7177a6f43cb0143", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685772, "uuid": "eb563b43-4656-4ada-a279-e7cb47ced652", "comment": "Malware payload (njrat)", "value": "144f6fec5719fafe045700ead87657c133da02040f2b67659afb174e1ddbe3656881a2f48cf396b2676849afe3e910fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685772, "uuid": "865024b7-dd37-4071-a2d1-770fd0a138f7", "value": "T133A412216D9EC727C05A3FF6601221BB839946D5B81AE3631C0DF1BAFB2AB4D4D51B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685772, "uuid": "ad213c06-7aaa-4c23-b87a-d9277d711caf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685772, "uuid": "ba04e0c9-b9ad-4082-b6df-24a1913d5cfd", "value": "6144:IyfzmAYjgzGSk2mcdbLAlREZlDxyFk9fxguWdZ5LejtHohxiAHwVY391d7dpwL:/7mAY2kcdbL4EfMFGwZepHoe8nW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685772, "uuid": "e79e9d0e-6e3f-4385-9c3e-04830172fdd9", "value": 475648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685772, "uuid": "69917e46-b9a8-4ad3-b5f9-9997954365e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685772, "uuid": "48586853-34b4-4646-9315-ffb690b55dbb", "value": "Hesap hareketleriniz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e6c2b45-2515-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689648447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689648447, "uuid": "b3731484-209f-4f6b-8286-f4382df4da26", "comment": "Malware payload", "value": "a25a987008a0014a858f879cf610ebd9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689648447, "uuid": "7fa90c67-b4aa-417c-bb7b-6c1cc497302d", "comment": "Malware payload", "value": "0963c3554c63a46c79fc03c813a6ae317b49deb47279e2e51cf339c801486756", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689648447, "uuid": "b21c77c8-2b05-477c-856e-770deec9c23a", "comment": "Malware payload", "value": "6a8795769baabfd47dc3e4cfa960db5f8d460974", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689648447, "uuid": "e179c105-ef83-4d56-8648-f7f7912b9b76", "comment": "Malware payload", "value": "dd06081e39334386d9f68d8623217810e697768b861ee4581111ce6ab8a718ea259d137f52a4d9e5756cb5865b1c2ae1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689648447, "uuid": "bcb37dff-77ac-429b-b018-74d5410440dc", "value": "T1A93623402B40F482E45D77B3D20AFFF1417B3C62E6CCA899A3E8FD23716ADD58A29455", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689648447, "uuid": "604f3f67-ec3a-4d3f-9bc1-7330b510d3a7", "value": "91f9ad425a017e0a68ccc49eb3d38a5c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689648447, "uuid": "7eea43d6-a665-4a6d-9361-08aaf2268568", "value": "98304:AGUFlFI8Fylp0h1j4KnXXlDEhdHP5LnfVhr5Id3rO3ja16dDG:AGUFlFIPpw12dHPFnfVF5KyTaQ1G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689648447, "uuid": "242e6043-88bc-4462-a0ec-d5ff29da791b", "value": 5235437, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689648447, "uuid": "6b3254af-65cc-4bad-a8ca-42ea29411887", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689648447, "uuid": "2a6f81aa-9704-4e90-a6ad-364657a59a0e", "value": "SY.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a62bc8c-2586-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689696919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696919, "uuid": "6276c597-a558-4b9c-b890-7928bd9caea7", "comment": "Malware payload (Loki)", "value": "e57b73fd8a42342092c88efa56202e5b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696919, "uuid": "c8857db6-fc68-42c2-8c02-b878dd740caf", "comment": "Malware payload (Loki)", "value": "099ae228ceee37ae3e7e245869edf7a4303d6d51f66f5ec9553d24247c2537ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696919, "uuid": "12a07c57-3586-498d-93f1-5b50761d18eb", "comment": "Malware payload (Loki)", "value": "ed8c59b1045b7388e93ae27ce531b89e48442fa1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696919, "uuid": "fa828698-55d1-4a59-aedb-ccfbf657e2c6", "comment": "Malware payload (Loki)", "value": "c6d11c5cba4bfcfd25c9d0ffa660e16da13c29ae7bbeb7b0c56246922620db010ffe900965af47ea76071705a770b78b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696919, "uuid": "20bdbccb-d0aa-4ced-a839-e37d2fbff16b", "value": "T12AC4128087E8C723C9E817B52372EBA043B5AF8A2405CB5D9F93EDCAF85E34016515E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696919, "uuid": "38fd315f-175c-4b11-bce9-bcf9c1c11218", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696919, "uuid": "1b600c23-3192-4dea-bb31-a5ebb9713fe3", "value": "12288:ZPYPfY7wEm6GIggwPFocZ2DX535+RA2X232ecGIh:ZPYPgmpg9X3URzaDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689696919, "uuid": "a1eba472-79f5-4342-8e9f-b326ba4feec4", "value": 562688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689696919, "uuid": "d71f268d-d36e-40f1-9e96-3f61538c08fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696919, "uuid": "76fb5eb6-2b21-426a-a67f-556eee460eb9", "value": "DepositSlipJulypdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e520321-25c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689723877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723877, "uuid": "058229c5-36d7-401d-b212-44dc66ad9dd2", "comment": "Malware payload", "value": "40c06a0a6cb71c6868fa534c959b69de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723877, "uuid": "57bfd259-92f4-4220-9987-cd6dedae403b", "comment": "Malware payload", "value": "09a5a5f19f772c8d753d9974681bd6f80b02ca049f66babe79e0d40a743ec75f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723877, "uuid": "ee87e71f-04cb-4745-aae4-fdd488b39839", "comment": "Malware payload", "value": "1a0d3cc94748fbbdeddb57a67f541e1b806900ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723877, "uuid": "5f1540f8-a428-4b2c-afc6-43cfd9f0ed9f", "comment": "Malware payload", "value": "fce19ebcd103a72377a542f9de83407d95c8923880acdb552ec7466265c2e6a63db2a73e4d0e376abd7c920139423ec4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723877, "uuid": "bfaa10ef-51e2-4250-b447-24c61167ec17", "value": "T169D56D2D6E874032F3721A3F5C3A969C68257D201E74944B3EA77A0C0EF5B41A8E5F97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723877, "uuid": "f2ad6c98-1f60-4360-beec-4d451c227e47", "value": "7811647a91f6ec071fe63551f2799423", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723877, "uuid": "269a0304-c7a6-4bd6-ad46-d403ea4d335d", "value": "49152:2ZAk31deIu6713qyVLDu6Q5MGGBD5JTd6Mq5sQuC:2ZAk3/eV6713qyNF5Z2uC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689723877, "uuid": "cef3a58b-dcf3-40f2-940b-9d1a152643d6", "value": 2950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689723877, "uuid": "0d714754-ce91-4f3f-8ee3-e57aee5bbbb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723877, "uuid": "e8e599dd-2edd-43ae-83b4-d9da346bbdc7", "value": "bakalari.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3699a3ad-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689685719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685719, "uuid": "813d1e6a-4325-42b7-9cee-ff7d852b6001", "comment": "Malware payload (ModiLoader)", "value": "a47a6bcacab11be59183b1fbc94034a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685719, "uuid": "53639fc8-219a-4cd0-bc72-bd8484b3b0bb", "comment": "Malware payload (ModiLoader)", "value": "0b212fe0dd1772af4629465b73343d7734a70b96cf71f6771ac314e3b0342894", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685719, "uuid": "1758b6bd-218a-453e-9c4b-8a9b6b140bc2", "comment": "Malware payload (ModiLoader)", "value": "3d516fb7a7dfe835a47dac0935aa25a29a3cb747", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685719, "uuid": "a43dba3b-4cf2-40ba-a8a3-358708cad189", "comment": "Malware payload (ModiLoader)", "value": "2e73b08bbcc838ac84a4bab55f976c9170cbacea999f202185ef7970987249c8f7598ac54745cb2d837f378fcceb0f4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685719, "uuid": "ee603a7d-883d-4ed2-a57f-a61f8d13bf9e", "value": "T15BE49D36B2AD573AC0F226FFD84FB269D81DBE701E1894458BCD3A2D2A751413C1A16F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685719, "uuid": "e122ef88-553b-4996-a7f6-2e8d2c0151bc", "value": "9e10928b8d989366a4bb46fb419f8422", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685719, "uuid": "efd67e1b-fb63-4a41-9155-c2a2415f5d48", "value": "12288:hhlRos7bQ9K8xBX9d7JD66ibw2zUoR+g2jm4QOU84RC7AQ2:hfbb2Bb7VRibwlg2jm4QOqo8Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685719, "uuid": "81968d2c-5981-44e9-af76-8cc06440e85a", "value": 715264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685719, "uuid": "10c50adb-6a11-411f-b257-7aa06d7367f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685719, "uuid": "900abb69-5662-47e0-a2fb-8d7a910849d9", "value": "SIPARI\u015e NO. 1691,pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "946801c9-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662254, "uuid": "16040c5b-add2-4dbc-8716-ebcebed4905a", "comment": "Malware payload (AgentTesla)", "value": "43c1aae80bab0e264e0f3bcbb24e2e02", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662254, "uuid": "13aee5cb-b676-419a-a341-4955aaea344e", "comment": "Malware payload (AgentTesla)", "value": "0bb46de35c85fdcf18501978947bcff14943162662f70134eb00442d837273e9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662254, "uuid": "c91af099-55bd-4fc1-b5c6-128a94c9e41c", "comment": "Malware payload (AgentTesla)", "value": "330eaf938384de8ea9bebef0647fa9d18601e97b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662254, "uuid": "6a68ac60-36cc-4633-b4d0-ec75e3f10b0a", "comment": "Malware payload (AgentTesla)", "value": "81f79c5856263720fc5bbb96c95a3b4f2e4081bb2089b2949264b47d9f22c7b3b67409b905bb9e31eda00327c81bca65", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662254, "uuid": "465d3ca3-c02c-4f3c-b11d-ba720b9496ec", "value": "T18FF4E000762D8F17E8BD53FD9110991853F92E5B626FD7484EC73CEB39A6F504A02A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662254, "uuid": "64d77aa6-289d-4a3d-a73c-9cdc25b8d02c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662254, "uuid": "d0f6c9a1-aac0-4c29-9f17-f70ff8c09bec", "value": "12288:jf+UJicW9Rotrfb/WT4UkuZFwaDYKiFLIqsCzNGbGQjGrRvwCUVsE/7XvIgF2grg:jGUicW9RotrfzW/ZevIBCzNwwrpasE/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662254, "uuid": "72a39783-92ce-4e43-9d2b-91d2dabecc1e", "value": 754688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662254, "uuid": "6caeb2d7-d07d-4039-b108-d8ab83542dac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662254, "uuid": "4bc83745-80ce-47ac-94ae-80e1232c0564", "value": "18072023_dekont.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e7110a2-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663479, "uuid": "98b058ce-3308-4edb-a657-fabeda2ed35b", "comment": "Malware payload (DarkCloud)", "value": "ba1ab875cfba0aafc6d8825874f31a7f", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663479, "uuid": "82648f1f-0f72-4eb6-a598-842e423c8083", "comment": "Malware payload (DarkCloud)", "value": "0bd93a3f99ba7af290a968f54e6aa9dd7f7d38dd59a033ae78afbee46a641e83", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663479, "uuid": "673a5b08-ba55-4361-9343-96f5364e2295", "comment": "Malware payload (DarkCloud)", "value": "8428f1510ed8f7fcdcff3eb9d7a7617b726abb46", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663479, "uuid": "aca54fee-149d-4361-993e-af162ce4baa8", "comment": "Malware payload (DarkCloud)", "value": "ed3f293538656de643c1d3ba10104ab6eb527ae6dbd0787b7eb83041e89c2aa13c7e1e01b8850d708d2cc95fa277202d", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663479, "uuid": "be39e83d-5928-40ae-8f5b-f38a58425c9c", "value": "T1F39423FAB88051DB57CCC0FB92DD27866EB254A7E89CC44E075D9B41D91A13A22F37C2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663479, "uuid": "570313e7-74f3-4ec9-afab-120a1c6da535", "value": "12288:VyhIMzYKfZ0rooQxOmV0ovcujraqtawSTv8mY84:krfWr9zmV0ovcAW2DSomYJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663479, "uuid": "cf08e4d0-d5a8-478e-93f4-69f883db8a52", "value": 419612, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663479, "uuid": "366f2e01-488e-4802-a17e-677b07f8a34f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663479, "uuid": "4f2c09cb-9064-4922-b73a-010e4976c1c9", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "965924c8-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689686739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686739, "uuid": "2724a787-a295-4e77-8de4-49e563b017a8", "comment": "Malware payload", "value": "055d849a5dfe135c7535bbdefa045f92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686739, "uuid": "6b513d72-9d11-4092-a624-3fe02c01a154", "comment": "Malware payload", "value": "0c7bb00419b2c6ef401007d45b83bfa2067da8aa59afdbe7a9bd2d0d7cf97c23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686739, "uuid": "450d7e55-1ecb-4fea-9dd7-a5193f3d45b4", "comment": "Malware payload", "value": "71188ca19b832de385eeb20724fabcd853f6832c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686739, "uuid": "77df0a47-344d-4e27-940b-a03c70fc38ec", "comment": "Malware payload", "value": "144b2910485be240a0f9110362dc5d2bf4c9530b09fbe9a9a44e4c3aada9cf8812a9f4c0d419e3279534cdf2e62d0ce6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686739, "uuid": "4a09deff-aec0-4fec-889f-f02123b3c3df", "value": "T14A85E6872E64CD95C9747BB38F963A1CB796B779BF63D31B10885F8B1922206DC04329", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686739, "uuid": "24796d77-d1af-472f-be31-2414058b896f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686739, "uuid": "e0dd77d0-53a2-48c3-869c-bc60a16d47f5", "value": "49152:WM1kqIuaTxD5Gm7bwXG4ltpe7xC4dCrf:WM1y4Trf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686739, "uuid": "34bf3f98-fb6a-4d86-ab19-1ff6b8f51950", "value": 1799368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686739, "uuid": "8c7bd061-1a0d-4d9f-9f9b-96628556a025", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686739, "uuid": "ace83249-31b6-4361-9134-5b7857fdc315", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39d375a6-2542-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1689667686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667686, "uuid": "ed0b8d5e-6200-410c-be26-0c1fbca1a69a", "comment": "Malware payload (XWorm)", "value": "b1a0b6a3bb1a37d65023436b177cc2cd", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667686, "uuid": "654d51f4-434a-4d0e-8d0f-c6a887817e7b", "comment": "Malware payload (XWorm)", "value": "0ce73837f6996bb92a46684b7617d81877eea6bc8f39a69a58ec29324a0cc50c", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667686, "uuid": "6fbe54df-1bed-4f76-90c9-a8d4ef29ee95", "comment": "Malware payload (XWorm)", "value": "399bab8653ca1caca8acc16c9ca77503b58a34f5", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667686, "uuid": "88e997c1-dd3e-493b-9a47-66a32476834d", "comment": "Malware payload (XWorm)", "value": "b4fa92ba1f48341ab22bcfe79aa248bba866c4cffdff44610037e1d636c2f38bc5a10ee54b9a4fa370d2c4f3fa2f7061", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667686, "uuid": "801a4073-3a88-4b77-9341-f5381f5cbc35", "value": "T128033D487BD48325CAFE1FB529B3611502B4E913E913D75E48D496AA2F276C0CD823E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667686, "uuid": "584a1c21-246e-4279-83ab-c265b54746c3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667686, "uuid": "6245d73d-fb24-4a3e-8477-ae26ae0bc9db", "value": "768:GyLKxAP+kxjytCDBeQHBrV/M8L/49BFo9VYYO3hBOMuy:zP+kxjytVQte8LwPFo9VlO3bL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689667686, "uuid": "402f9f6f-3921-4c5d-8814-cfbbf04ed8b5", "value": 38912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689667686, "uuid": "93e13d04-bfab-412d-a623-b2ec547a0e15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667686, "uuid": "841f029c-b85c-4c74-a2db-88b9d06025ec", "value": "1689667684c7d2b08b4894649ee5c0f6f287268202185eb1e18d9b2fa9d9b457f4db1b7c2a595.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac9ab22f-2582-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689695366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695366, "uuid": "6b7ffafd-839a-4edc-8e35-5b88887dd9a3", "comment": "Malware payload (RedLineStealer)", "value": "7a780fbbb30ed7f241d5c9dccd10b065", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695366, "uuid": "00c17e63-ac8d-429d-bb0e-966b8c62dcc2", "comment": "Malware payload (RedLineStealer)", "value": "0cf5912e01d61db285fb01b7b04971117fae86129a583cce83aee5482e844c19", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695366, "uuid": "3ce56d22-069d-4bd1-bfd7-c4249c3b5bc3", "comment": "Malware payload (RedLineStealer)", "value": "5c0e629984f5720e57e137abc4125da70b224097", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695366, "uuid": "99ca5f33-53af-41f3-b1ae-cab90cdea16c", "comment": "Malware payload (RedLineStealer)", "value": "b500f651e1bc81f50fb6bec1c9b60255f1fa19920d19494b3dbf5cd788aed8e2f1bd3022e62d9644ac67a59b16da84fb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695366, "uuid": "229f5624-0cd6-4202-9684-054b056c2d42", "value": "T1D394F84392A1BD44E9258B729E1FC3FC770DF6508E8E7B6A6119AE1F00B11B6E1B3714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695366, "uuid": "acec5d4a-bd94-4205-b155-2ecef0d7e98c", "value": "1f46cd2f6fa2b68be3021a7a4bfd8efb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695366, "uuid": "83d2d8f1-e7a2-4f7f-999f-20a68f2a797d", "value": "6144:5qfLNuSxCYYJ3Ol+98k7j/RQr2TI7u/RS4s6T:UfBuS1X46kqh7gTf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689695366, "uuid": "8f5c8915-1c6b-4ecf-b865-2f07228ec7d7", "value": 420352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689695366, "uuid": "a63a916e-6665-4deb-b6be-d976db88d8ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695366, "uuid": "59d087ed-1506-4ce0-9ee7-cfc1e4bd092a", "value": "7a780fbbb30ed7f241d5c9dccd10b065", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "211c28c0-253b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689664638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664638, "uuid": "e0ab8fad-7916-48be-a6a3-970ee633f4eb", "comment": "Malware payload (AgentTesla)", "value": "dce7edefe864dfa815a490fcd5188f89", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664638, "uuid": "14675df8-a080-4bc2-881f-7b5a85b65464", "comment": "Malware payload (AgentTesla)", "value": "0dc3f5a3e69ab8affb26f0f4b3a1c06124fdfcecc5db60b88f83cf7798053d92", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664638, "uuid": "0541fa7d-db62-4500-8e4e-93aa015f9b90", "comment": "Malware payload (AgentTesla)", "value": "fd8dc0dbe712d89d251a1de2cb381fceae1b3a6d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664638, "uuid": "2ceaba55-9173-4c16-b769-902c6b6403de", "comment": "Malware payload (AgentTesla)", "value": "1a44ceffc54ee68f603cea5ebdb0eb108fdbfbd861558d43745f3d8d61de6e41a83dfc92ff39a9e0b8d2351ccc4f23ed", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664638, "uuid": "31b5fa99-a873-484b-8fb7-4626bf5b5a4f", "value": "T163D4334A0CC0DEBBF3CE1FA919CB4E461C370BC3DB5C7B69D6E5859859D806B9D16120", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664638, "uuid": "03206b91-e4e2-4048-95f9-d2fcc96bf5d1", "value": "12288:L8r9wqKR8TPFWcFLx51LiJjI0Fbw/LxKKlfI0jRNB/tYT4KewrOCx83h:gr9wqKqdhFLii0F8/LxtI0jRNBKT4Ker", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664638, "uuid": "1f1e9af3-1f58-4232-bd69-ff0119c66b71", "value": 642079, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664638, "uuid": "993439c5-307b-44da-95a4-4abee594ae2e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664638, "uuid": "0d615f54-f6ec-4186-99ea-b18720823519", "value": "SOA FREIGHT SLIP.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0509518-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685601, "uuid": "894b0f9d-1b64-4f4e-8e8a-c78c07e2c5d2", "comment": "Malware payload (AgentTesla)", "value": "01904c3ee18f532f8c638794f2a23304", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685601, "uuid": "f9a17588-5991-43f5-b798-98aa3afe3ff2", "comment": "Malware payload (AgentTesla)", "value": "0e237994d381775338fd4641833583d589a8b85f8e38e7deeb0889ab638255e1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685601, "uuid": "eb18a33d-40e2-4447-97eb-c979287dcb07", "comment": "Malware payload (AgentTesla)", "value": "623fa31235d782a81a566098117a840178187948", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685601, "uuid": "efe08632-1c2f-4b22-9f3d-be42088c3a85", "comment": "Malware payload (AgentTesla)", "value": "9952c27d5193bd39ed505f0aa0d9f3d4fe54a2a9ca6fa8dcc5ea3f098f53adca97f28240efa075dfafb03ccbbdc020f8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685601, "uuid": "0ee24843-626c-4b07-9eb6-4215dc664dd4", "value": "T14345E003D8049BC3D40D83F47E530EE90F0A6F1AE899BDEB14537F8B3A71A62595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685601, "uuid": "01e6ffe4-03d2-47a9-8016-794e59551844", "value": "24576:Guu9V1ZyFw6VEAZyNw6VHQpbFcwTA5S8cNfnwLx:Guu396VEy56VyFjTBNfng", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685601, "uuid": "7b700a23-e060-4993-80ce-f29e0bff662a", "value": 1211392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685601, "uuid": "f1871132-c2c9-40c1-8520-f4167a195bde", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685601, "uuid": "8c9c6cce-72c4-4d9f-931b-6c325e9749af", "value": "SHIPPING DOCS RICDP3938400.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bb3e190-253a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689664172, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664172, "uuid": "0d1320a3-d977-478e-b9a8-d76e58fa2860", "comment": "Malware payload (GuLoader)", "value": "1482780bd41df6d1dfe68b2629c26d08", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664172, "uuid": "0bd88bce-c33d-42f7-b80c-9f2257ebfae7", "comment": "Malware payload (GuLoader)", "value": "0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664172, "uuid": "e4263d4f-4ff6-431c-8f8c-a3f0e6a3e086", "comment": "Malware payload (GuLoader)", "value": "17145bdc0f9beeea6f8cf5791210d0fd486818d1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664172, "uuid": "445fa8e5-9689-4980-9f81-1ebee563975b", "comment": "Malware payload (GuLoader)", "value": "de9a674dfcf4fd10e454f2799c837ea24b8c92cfb800ee76f57de57e472a0b3274938e4306905351f93820a31830b1e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664172, "uuid": "49d3b88a-37a0-40db-b8a1-7dd51e9acd72", "value": "T1939401283A41D61BE7D10B70EC78E2B617B4BE683D52860377E17FAF7A327E5840A151", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664172, "uuid": "421f9bd3-e3c1-4f19-838a-218c6d0f5317", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664172, "uuid": "43b590e6-6f8e-471f-ac5e-b9ce0bd64b91", "value": "6144:TPXoDQpcUz+TfBDma1bJzSvPRehOGYJmcKeNq1umGANGc8b0:/WDfhNWRgJ8wkFA6b0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664172, "uuid": "a1189c6d-6113-42f5-bc07-4535249ee92e", "value": 415896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664172, "uuid": "9b8babe2-66be-4d6c-b08c-fd1dca274984", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664172, "uuid": "bae691e4-76a5-4f84-a285-7779b2a07471", "value": "1482780bd41df6d1dfe68b2629c26d08", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da0069f6-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694154, "uuid": "c7db6401-a05b-4e3e-b4e2-f9785e65e9e7", "comment": "Malware payload", "value": "db7e942c9681ada760b5cf908dc6215f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694154, "uuid": "4b350f19-55a3-4b02-945d-e38d1ccfa49d", "comment": "Malware payload", "value": "0f9fb77b242603192ce7db67121d5d9dfb1a038c469cc71c209de58d04ec6084", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694154, "uuid": "b1a62ba8-640d-45f4-9dec-3b616a8742c8", "comment": "Malware payload", "value": "8216804fef77145c0b3ace1b3241437799248b62", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694154, "uuid": "68712fc2-1f9a-4b5c-b40a-1fd0d4e48050", "comment": "Malware payload", "value": "a73225767ec92bc4b8eec23fab6d20debf138f94dd2c6441cc3bb2037491271b8f44edaf2d6bdef153f75adebc88e8b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694154, "uuid": "58b6be6f-26bd-468c-bd69-c420345cee09", "value": "T145868C0AA7D445D5E46BC730C92AD733D7B0F8660731A35B1814E34A2F736A28FAB275", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694154, "uuid": "742db30c-ed0c-469e-9cf5-d800b71a173a", "value": "572ea895b3fe6d98c3f4f1f93481f81b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694154, "uuid": "886569d5-e669-40d4-b546-ab34fe9f47ec", "value": "49152:B8G/iI180eAi06mphwmDg9nhcudSPkOvcYSbk99pzSEhykcv82bHH7HUi6dFQuFN:Btm2U4HPJf8Dv8QHH734s+GST", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694154, "uuid": "b4ff08cd-ef70-45f6-82d8-1f796c585eb2", "value": 8594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694154, "uuid": "0b948dd7-69d5-4e77-b4ff-86a1c320f9f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694154, "uuid": "ddea59dc-67c2-4644-a0ce-d3d304785c8c", "value": "0f9fb77b242603192ce7db67121d5d9dfb1a038c469cc71c209de58d04ec6084.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40eccc36-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689662114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662114, "uuid": "a04ebcfc-80e5-43a8-a13d-bc74ad9814cd", "comment": "Malware payload (SnakeKeylogger)", "value": "1c06771aa25dd143897aa88d8f99bd1d", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662114, "uuid": "59a67ca5-aeb1-4832-beee-0216a9832fe4", "comment": "Malware payload (SnakeKeylogger)", "value": "11c3a0d1cc7a212c5a395241bec313edb5ecd4da981a7bb0cb68387594932e3f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662114, "uuid": "96a5c466-c3cc-4c2f-abb9-b4e0a80de42c", "comment": "Malware payload (SnakeKeylogger)", "value": "56c5d9ee91ab124be1403aaadb540bc46829722c", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662114, "uuid": "36247629-3342-45e7-98d4-4a2446991a03", "comment": "Malware payload (SnakeKeylogger)", "value": "aaabec8a9d2836155376a58156225687fab849f18a75aa388df4aefd75d0c91b3976eb87d12f14e15c05cd6e7ec9a813", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662114, "uuid": "627c8971-7f92-4f6a-8e7e-6fc4362d9a58", "value": "T1F0B4BF79503C87AFEB57CBB6D424255323F013962AF2D38C8CBA249F3E75724A5109B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662114, "uuid": "bc1394a8-11d1-42f5-968a-609a0c1495a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662114, "uuid": "4e6553b8-9637-4ff2-96be-4da8a1ac9c07", "value": "12288:Cj0l8phLwlFL5C0wLtDf0DT8fIQI/RAWoVqTrQaSejL8Z:IAAKlpRw5IDAnm4qTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662114, "uuid": "633c3a4e-3d84-44c5-8d80-f36033ccd903", "value": 529920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662114, "uuid": "52b9d06b-a364-419a-b84d-b8bb0128c669", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662114, "uuid": "7e92d502-7475-4622-bd7b-5b5f0a1e9f2c", "value": "DHLQ-00445321121.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9b3e416-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689664035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664035, "uuid": "54e1533b-6a4a-4c94-931d-6e5737b5f0f3", "comment": "Malware payload (Formbook)", "value": "ebaf766625370aa06f1cf4d95bb39a97", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664035, "uuid": "83530163-759c-4977-9c35-6f5a2311cd65", "comment": "Malware payload (Formbook)", "value": "11d59169f8afa0d0075256b6dce418dc7e6572bda8b0408c388224ed1ad18ece", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664035, "uuid": "99472c19-6cb1-40f9-8c70-f696fe40947c", "comment": "Malware payload (Formbook)", "value": "f941555a9732ba90cc68ca6ca3891d8c2f2fc15f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664035, "uuid": "0caaf760-cab8-479c-8a7e-526226606875", "comment": "Malware payload (Formbook)", "value": "4a4cc49a3eaff7f7c6809ffe8dcb2cc6deabb663fc08a56f46b846a8d48769afb4db20b2725434cb11d41e55e13c8be6", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664035, "uuid": "8ca6c509-1ca4-42e2-a57c-67a51c953fbb", "value": "T146342366291ECCA27F14B5A14241ADD1FE87E234473C3F75B84F60D47A8FE62CA21629", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664035, "uuid": "342dbbe9-4e38-462b-9288-865441812165", "value": "6144:QuxQDUOxFhNM8bDKo2nDkbUdSkkKovyIX6qLyFNWj6:rxQoOxFhNM8bDKowZ0X6qLyDWj6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664035, "uuid": "23670b94-5478-418d-9034-a4604cfe2a64", "value": 244818, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664035, "uuid": "f8fe59a7-7041-451f-bfa7-afc054fe2e5b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664035, "uuid": "f05e8543-c710-4efe-b1a2-210b735f0906", "value": "RFQ # 1045981 - MAA_D Plant Project r01.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0761e55e-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662018, "uuid": "505ca977-50c1-4eb3-85bf-2af568f3cffc", "comment": "Malware payload (Formbook)", "value": "ac33906d5ea3da6e12cfeb41e85585a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662018, "uuid": "9311a362-82fe-4f78-866c-6c3198e2cc57", "comment": "Malware payload (Formbook)", "value": "1318b406aebb8aaa85c86870409f2ea28dc40898afc2fc9ec84a9033f54541d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662018, "uuid": "f9d6faef-824d-48e7-a2b2-f497cf288571", "comment": "Malware payload (Formbook)", "value": "184d9e514987c64bc84e0aaf0d26a5842e2ebe4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662018, "uuid": "bed69a7f-e621-4d67-a01c-54da54812444", "comment": "Malware payload (Formbook)", "value": "1e7dd92d018e2eabac87c36e4cb918f8b4b7780964764c00240fb369ba9355517950db04fec73476bf51ac5d05b216dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662018, "uuid": "32180e75-2dcd-4727-b106-fd187e526763", "value": "T172E302227491D4F7CB721BB01A3B290CEBE686380051075FA7E16BC57E272D2CC1F69A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662018, "uuid": "89e91e61-d890-48b9-9a35-332222d30684", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662018, "uuid": "40415e6b-0549-4ceb-8b26-70168ce599a4", "value": "3072:+NzPHk9MpcQbTWuz8J8cLOk7gVZXJOYyEBptIxSBF9xkB5N4RO:+hRFCOegp8E9e+F9xkzNZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662018, "uuid": "201c082f-ea0b-48f7-a28b-2952e419156c", "value": 153052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662018, "uuid": "fd379e70-c5d0-4eae-930d-4172e4cae86f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662018, "uuid": "779c959a-7cc8-4854-957f-a1ed0a47f617", "value": "Hesap_Hareketleri_10072023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ff1b21e-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689684178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684178, "uuid": "8ab670e3-9364-4580-8336-ba693bcbcb76", "comment": "Malware payload (NetSupport)", "value": "0dfb4556324aec190bb1110b81d47fce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1.com", "colour": "#B5509F", "exportable": true, "hide_tag": false }, { "name": "savastijir2.com", "colour": "#E3C209", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684178, "uuid": "5148291b-0600-4592-afdc-79be807eca4e", "comment": "Malware payload (NetSupport)", "value": "131f1d61fc64dddba918c00b37db56f910436493a9eeb42b3a7018d6624d5993", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1.com", "colour": "#B5509F", "exportable": true, "hide_tag": false }, { "name": "savastijir2.com", "colour": "#E3C209", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684178, "uuid": "92df6528-2fdb-4aa3-89cf-e5337b0266b6", "comment": "Malware payload (NetSupport)", "value": "b8478aeb0e3241542adc3df2f819546e2de3dd36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1.com", "colour": "#B5509F", "exportable": true, "hide_tag": false }, { "name": "savastijir2.com", "colour": "#E3C209", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684178, "uuid": "a839e867-db42-407b-a5b3-715e791c35b7", "comment": "Malware payload (NetSupport)", "value": "0e781c46e27f4bc6aa397b1a8d29968ba6b7cd00e321f0ecb9094a726664b4a4af0579c9af34fa642370d5b81a07167b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1.com", "colour": "#B5509F", "exportable": true, "hide_tag": false }, { "name": "savastijir2.com", "colour": "#E3C209", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684178, "uuid": "7f34e903-8083-4122-807f-117a0ca96f89", "value": "T157863821F283C4E6CC7226F86B557364403C2933CED8783B7794896A3DE5EAB3525972", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684178, "uuid": "496555c8-d719-4b88-a932-2851e8325508", "value": "1dbbbcd79b879b270040089431be4013", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684178, "uuid": "a5145c88-a255-496a-942a-bfd51a707eb5", "value": "12288:2bi4AKzNIvHYBoapFVtzPHXYwgM6BEL8s1RATh73PzXTwnT1cQ47gDckpPWUNQVt:xV6ebapZzfUMq11L8+WdH/GPP7VknN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684178, "uuid": "e8e40eb5-69c4-47df-9bc3-1a6e6c1dd0d5", "value": 8431472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684178, "uuid": "99a39a72-0726-47d7-8d52-f869a6c26219", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684178, "uuid": "76c8af8e-ed8d-4a3e-947f-57a88bcab555", "value": "0dfb4556324aec190bb1110b81d47fce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2eacc83-252b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689658118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658118, "uuid": "1ead3c79-fb92-423a-9eab-fdf4110edf37", "comment": "Malware payload", "value": "af98065b1c60eb7710ba9166c8198361", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658118, "uuid": "b39ba6cc-117c-4d18-82c0-cd41a65ba51f", "comment": "Malware payload", "value": "1324e7654a144c20637820a022d49c449cca1ff1d2c7e040bf23421d52146e93", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658118, "uuid": "82f82eab-9dab-40db-85a4-259158f37caf", "comment": "Malware payload", "value": "5654858397a7c48ca4d51d118758f032f6d10680", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658118, "uuid": "65157b41-31b9-48c3-ab0c-3c7b723daaa9", "comment": "Malware payload", "value": "731f963dcb854edebd3d514d56196717770675f70c209bdb17a4af44a77bc9b81c480ca71b6732c8bec61ec3204bb3ad", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658118, "uuid": "d8e5cd13-fcfa-4b34-b1bc-165fd2150f4f", "value": "T15644AF023B713DD9FE17E4388C9A2855AF752EE71B95DF2611E1042A2C8B789E98CD13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658118, "uuid": "c7393daf-d02d-4e17-86f1-f4059462e57b", "value": "6144:oyU+8VVVOje4o64Kk4OjrpwibuNe1wOTLmw2AwIk5UerKM:oRp/OjTv4Kk1jNwauNe1wOTv2ACUS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658118, "uuid": "5fabcb94-384b-42b0-b693-ddf8ad741587", "value": 277001, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658118, "uuid": "cabe8a2f-1a01-47b8-b538-0f5e1b4edc17", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658118, "uuid": "5dabbbc1-2cbd-46c1-9fed-709dd6415e64", "value": "beacon.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "563f5e3e-253d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689665586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665586, "uuid": "326e9135-954e-43af-9ef2-ad2f9a45c067", "comment": "Malware payload", "value": "f32a0a8276b48265c1d3fb002aa08ac8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665586, "uuid": "8fe4174a-8119-493d-8191-22cb22065c7b", "comment": "Malware payload", "value": "143b46acc04a2595fcd90ac934f9a6fafdb79eebdaa41f5f5443ddc0047d74d8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665586, "uuid": "acaaba44-fbf2-4e2a-808c-bab2c14b1497", "comment": "Malware payload", "value": "bdb88fc7f8b0f4fc0d8c4d7ac3f0018dd36c5a8b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665586, "uuid": "dbfd7ce3-e35c-4178-a515-f0bf4a75125c", "comment": "Malware payload", "value": "d56302eda51a13cb48f92ff35cb245d1fc0c6be26d16490f04a5a567605699b53d5e5409cd1d79697f4cdce6024abf99", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665586, "uuid": "f7240e06-bdee-4379-a5a0-95402efab8fa", "value": "T113324B7CA20746A6EE7E09BF66AEB44D4A352131031825E36642800E5E85FF3FA73795", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665586, "uuid": "96fdacc7-222c-4c9d-af19-587538e360b8", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665586, "uuid": "97b7847c-740c-48db-981e-5b099a09e690", "value": "192:DIZ7ONTGdoTtXiA3DqcS/7+ntLSe49q0:DK7SeoTtBSkLH4w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689665586, "uuid": "f9cf0b63-92fe-4626-8578-49dac5aaa048", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689665586, "uuid": "7bd89527-38db-49b6-976c-a40fa074242d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665586, "uuid": "9dd0ca62-7b15-44bd-b950-a2ab485ab4d9", "value": "SecuriteInfo.com.Win32.InjectorX-gen.15767.7045", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8ff102d-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685535, "uuid": "b51d5475-a0a2-421d-a343-d580b8d55e20", "comment": "Malware payload (AgentTesla)", "value": "3f5e1041a772ab1286cfe8fa8adc136d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685535, "uuid": "1e13c0ef-30ca-4394-8ab2-dc0e7b9be0b4", "comment": "Malware payload (AgentTesla)", "value": "1709bb50f3d76ef58a47f8b4af7aeff626029e01ab0cbe53936cfe1a79525c54", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685535, "uuid": "1eceeb22-80a2-4826-99b5-881f78406abe", "comment": "Malware payload (AgentTesla)", "value": "a7bd3f8edcc840719a16055637871c65e8194d34", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685535, "uuid": "c27fa618-271b-427b-b91a-c23503918947", "comment": "Malware payload (AgentTesla)", "value": "07fc5d5bfd6e5bc899702829247e0bd355b0d85a121529d2f4169230458d607806a4ecaef71907cba486f10b47d06e3c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685535, "uuid": "162761de-8038-43fe-9276-44e30b1b5bea", "value": "T169038F5EE79F02A88F911376231B1E89A6BDB62EB35051B1345C837433ECC3D46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685535, "uuid": "9bfa91bb-ab32-4142-8192-f9480d95faba", "value": "768:jFx0XaIsnPRIa4fwJM7c4oIGdlF2cKmg+l+4OEsDUcTp:jf0Xvx3EM7mIUF2r9++4OEsgcTp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685535, "uuid": "bad4c526-12fe-4879-bdf2-459aff137d74", "value": 41330, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685535, "uuid": "cb89375c-0191-4c0a-9340-e839214813bf", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685535, "uuid": "4c8c651f-4722-4818-9982-b0ef204ee514", "value": "3f5e1041a772ab1286cfe8fa8adc136d.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2751cac4-2563-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689681828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681828, "uuid": "55f16033-b81e-48ec-829e-188c27b9a3a2", "comment": "Malware payload (AgentTesla)", "value": "ab94de3b4ff4deef13c086712b77b680", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681828, "uuid": "37e66d08-83b8-44b8-9b6c-ccbbb15c8109", "comment": "Malware payload (AgentTesla)", "value": "177fdeb986dfc47c2ad514969947afdfbbe8e9243b720581c40e27ee1a9cd812", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681828, "uuid": "b6742dc0-0501-4079-bb77-5afcf8ac15fe", "comment": "Malware payload (AgentTesla)", "value": "2c6db038b93ca0ce8c2ffdc97aca930edd2688cb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681828, "uuid": "677577a6-103e-406e-b53f-4369c775650b", "comment": "Malware payload (AgentTesla)", "value": "049bfaec5fdaaf79870107d2445ed833e81f31d000399db57330f54214ee61763e08c2012463cfa23ec0ee734295e813", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681828, "uuid": "ca667bc3-0103-4c66-a7d5-6a522de89fb9", "value": "T1EE758D03BA9786AAFA4A1736D5A77C08C360DD8B732BD70F394A335645133A7BD41683", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681828, "uuid": "add51c2c-0d14-4de5-acd5-6abd2cfd1dce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681828, "uuid": "5f6ab32b-6b32-4f16-a53d-2761d398b8fb", "value": "24576:rJvxrNiY4sdORxr4Z+Bd1nZc5dSRdZFqPqFjJ2y9veFlkKYukYsfxa:PpE+Z+Bd18MRdmyFjEKyl7YukY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681828, "uuid": "df0a547e-ca9c-42e8-9d41-f73bf3114a3e", "value": 1625080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681828, "uuid": "30c665b2-d21e-4dff-8da9-342513c3a4e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681828, "uuid": "faea2ef4-709c-468d-ae04-5db46ffa79d5", "value": "IMG-2507894100PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0663f67-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712123, "uuid": "d6c55d4d-dfaa-48c5-81cd-2d793a03922d", "comment": "Malware payload", "value": "81fb0d4bb6bb2081eba4c9cdbc63ff39", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712123, "uuid": "5996304a-c0f7-42f4-81c3-93ce01b9c620", "comment": "Malware payload", "value": "17c38669d795041d570650acdd426b0e0bb8b6019b0b9c43e55f368566ea20ac", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712123, "uuid": "8f5159f0-f340-4622-839b-dbaa39a224a7", "comment": "Malware payload", "value": "6464807f275c2d4b761ab4bc9735c2952be65285", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712123, "uuid": "74dc6b8b-f08f-43aa-8d39-1440bf7eaca0", "comment": "Malware payload", "value": "4192a265cf5351e129940b31176b08862e1f5b0682e155051795352c153172631a9a2f0d08c82bb204aaa1a5f3fd693b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712123, "uuid": "9cea7ca2-e459-4c53-a1b9-f47bb6c61e40", "value": "T1A335236E7B50701DF4D6A1B105AB476C5320CD658C522B2BA136388EFDFA350AD3A7CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712123, "uuid": "bc80cfc3-b7d1-4e30-b23a-80969bfa2678", "value": "b02f84d2a160389d5df24ecbedc8df73", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712123, "uuid": "1a38df04-7dca-45e1-83ca-d1d2250a99a9", "value": "24576:ewR4A8WDC1b3dP968RkNV5pzvnenYErjj8PdvK/:eW4AvC1jdl2NTpSnYKjjSC/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712123, "uuid": "af4fa005-7ec9-4e0e-9bc4-9faca27e11af", "value": 1123058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712123, "uuid": "9d065f33-2ba1-426a-8491-154dbbe44343", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712123, "uuid": "48c85c3e-d2b2-4248-bfc7-e55bb1c1518b", "value": "SecuriteInfo.com.Trojan.VkHost.6856.22372", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f9a0c51-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LucaStealer)", "timestamp": 1689663911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663911, "uuid": "4acb6bb1-8ff5-4175-be8b-85592df03d16", "comment": "Malware payload (LucaStealer)", "value": "94d1bb33b8c22334e339d4462d4c0636", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LucaStealer", "colour": "#E93A1C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663911, "uuid": "c291fd53-db69-4748-9c1f-c05d0057ac56", "comment": "Malware payload (LucaStealer)", "value": "1816f609045e9bdeabc08ee94ded8ba9123aa36c592bef7772c437436a88643c", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LucaStealer", "colour": "#E93A1C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663911, "uuid": "06d21c60-792d-481e-aac8-cbd9b30660f3", "comment": "Malware payload (LucaStealer)", "value": "c47f3f362b28b57c287891043984743f44eb80dd", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LucaStealer", "colour": "#E93A1C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663911, "uuid": "b3f45567-cb17-488e-8935-ab947366bf3c", "comment": "Malware payload (LucaStealer)", "value": "9b9303c88d7450ee6d84b7da83662a1aac3677932f2baa7a086eab7e2c9db2fd6680e49bf8b4b4635e5656e60c1c0520", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LucaStealer", "colour": "#E93A1C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663911, "uuid": "b9033192-5937-4e73-9bbd-815cdc210df9", "value": "T1B5E52360E90B1CE8F486BE78ACF7C692AD7C1A6D591DE4FF36E41E489FB1D971085200", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663911, "uuid": "1e731999-d7df-41d8-8db9-c2cdab7159b1", "value": "4a8089c2c09cfd483e4279c6abfb675e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663911, "uuid": "e84ad961-255d-4947-aa4d-61cd5ef76229", "value": "49152:L4XigPUFDotZnjagK7TB/bxTxZt9FAxp/R8A3a2V4nEsKpXc1b/r8NSMqmgEI/K/:j0MoHrYhoxp7BV4EXpXcWNSMZVnIY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663911, "uuid": "04e8d8e1-3b47-43fd-9b9a-3c6df08ad1d3", "value": 3104256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663911, "uuid": "3d14420d-9770-4914-aac5-ba66f9bdaa6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663911, "uuid": "04933845-a453-4f32-aab5-cec1c9ecaefe", "value": "94d1bb33b8c22334e339d4462d4c0636", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f824088-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680070, "uuid": "1395549a-73fb-42f0-ac6c-c405aee4c119", "comment": "Malware payload (Loki)", "value": "fddd39c885152788edae6609380d7aaf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680070, "uuid": "2e32bc39-02f9-48e4-b60e-b0d2c607abae", "comment": "Malware payload (Loki)", "value": "182b232a8e351f61a8f5c87aaeb3f445720f2818e566b4204db321a2e9291696", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680070, "uuid": "3f36752b-540e-49c4-807e-14d59c58a08e", "comment": "Malware payload (Loki)", "value": "4002cfeb2ca3b9d127c1cba77141f6bc6148099c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680070, "uuid": "d6e7da1b-bfa7-4cbb-80a3-95413e6b45dd", "comment": "Malware payload (Loki)", "value": "a723543d37b5b3a48f418a6de22cdfc923f819f6c302642c6b2bb45d1b13e31ec561121697efd70e29e8b3fea2936fc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680070, "uuid": "02ad94b4-f08a-49e4-87a6-381e1f7b541f", "value": "T18FA4BE39503C87AFEB43DBB6E430255222F013A25BF6939CCC7A655F3E7A238A1545B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680070, "uuid": "d5fb4ca6-d2c9-4e11-827f-c2cd95dda06c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680070, "uuid": "c80cab44-4552-40e5-8163-70d4e5b75c1e", "value": "12288:cqTrQaSejL8Z3sexyEG7Q/HyQnUjOdXjNDZnfkVCtm6EbUVz1HE3azSjvf:cqTrQaSejL8ZcesEX6crZDZfKCtmHe1C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680070, "uuid": "84877aca-0f8d-4cfe-9a4d-ad12e9d63061", "value": 470528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680070, "uuid": "d7e484da-557f-4adf-a554-1a3688b6ac07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680070, "uuid": "dd479460-ebf7-476c-bd35-c2e8cc8feee6", "value": "000-CM-PO-029(ALMMG).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe5f2374-2597-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689704523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704523, "uuid": "44b2f914-ec07-48ae-a3f3-c8404c6cb6ba", "comment": "Malware payload", "value": "88516963dfcc0b016996e3731259c9bd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704523, "uuid": "a2a17d98-e9f3-4245-8c71-82201f73b207", "comment": "Malware payload", "value": "18eae2672afac0420b867971413ab38142f3a1623b9462d36dbcfa5b98d859f4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704523, "uuid": "c203646b-6325-42bb-b038-0237dfa2d89a", "comment": "Malware payload", "value": "19c33715e2c04557bb9c339895e46d089439ca1f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704523, "uuid": "ee201e78-bf9b-4278-871f-a5e14825f6c1", "comment": "Malware payload", "value": "605b4d568e10876f5644138afaf62f023334529e19de79bd06ffcb13f05514002feac4d46aa36a638000f316be19592f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704523, "uuid": "44350c04-0c8a-45da-a49c-d4cdb61c69ac", "value": "T1A3D3494E73B9505AE176937D8A924906D7F2B8200753CBFF05B193BA5E27BC0AC39760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704523, "uuid": "62ed9d08-611b-485b-b90c-e136c53cc7bb", "value": "150c026d59899221bdd1d565da5f91bc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704523, "uuid": "e055dfc3-cc9d-4dfe-b4d4-3a8901573255", "value": "3072:ni/QhtPjMiqUyqEBzJvl+AKetjEA0e06OHFEGuWk4l:3DjMdFJvUbuWkI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704523, "uuid": "d52edc85-65d3-4598-a1a7-3cf599da6ae2", "value": 138771, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704523, "uuid": "e8fd143d-d617-436d-b941-2724ac043d70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704523, "uuid": "d76c2ab5-b15b-4bcd-8040-c8629ff8ab0f", "value": "706000.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1b90a42-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712125, "uuid": "3f187b36-7db5-4962-b392-bd89b4ae3153", "comment": "Malware payload", "value": "6c59f414c4c042b81e1bd9856e9efc6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712125, "uuid": "710463e5-dfcc-4b17-9e49-df03b8d8104c", "comment": "Malware payload", "value": "19e6a31367d882b7704c00a13d20743fdd2b4d099a8700bfd9d6dd6b1c27ec4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712125, "uuid": "689022ff-9fc4-439c-8246-0093f81be662", "comment": "Malware payload", "value": "b9fdfccca4053b3b2504763734396b4acc809ed4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712125, "uuid": "1a6fd643-eef4-4f22-970f-e54737113dd4", "comment": "Malware payload", "value": "7e2b91ca3d9951da5a93f90cc8b55cc5adb62a9210482758f7503c6b6011f0535706f76e7f49024751ac19aa1a9082a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712125, "uuid": "2cc57333-fd0f-4e47-850d-ff8a76c6e5ec", "value": "T190F1756B7A80C039E64C007016EB9BA6FAABE6790338DA009FF1B85E89705D07F2C555", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712125, "uuid": "f7bfaabb-df99-4f95-8b2b-8c610e6bafa7", "value": "bf269512e4b6322264ce4aa9782cf8db", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712125, "uuid": "77a72038-5dfd-41d2-a535-7f19bda20782", "value": "96:nP7eZPoOcR5Qa93shO2PyJV4HkdkafxEml9l9lOkWdSIlHREl:nyoOcROa98hOcmViwxEmnnMkWIwG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712125, "uuid": "dc5c980b-98dd-4614-a6aa-25303b35c654", "value": 7808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712125, "uuid": "92b0dd07-417d-4b76-83ac-a2f00f5c30f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712125, "uuid": "a70acdd2-c578-4181-b586-5d83f838d8ce", "value": "SecuriteInfo.com.W32.S-9486086b.Eldorado.12700.10588", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be82d18f-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686806, "uuid": "892da0cc-d853-448f-ad34-66de20701baa", "comment": "Malware payload (AgentTesla)", "value": "ea83b0db7b3030a818b412479afe2bc2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686806, "uuid": "de6682f8-4097-4d4f-bdac-60f186ebac02", "comment": "Malware payload (AgentTesla)", "value": "1a02d7fa71451609f38cdd2cc9a62c9254c4772316dba90087ccdfd2d2a7ac5a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686806, "uuid": "66550f7e-aa88-49f5-a03f-41356a68f1a3", "comment": "Malware payload (AgentTesla)", "value": "61df33baf8ae6b03b8781870351ea58c088d1f47", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686806, "uuid": "50d56f42-b2f2-431e-be15-3aa9e3772538", "comment": "Malware payload (AgentTesla)", "value": "dddd4af1e8912862c5caef2f7de3f5cb56de8855b1c4bf56e2022998e0381154ed2d9c175756d68cecf3c3fe219b90af", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686806, "uuid": "aeb4dd70-4e47-4520-96f4-1c49410fe701", "value": "T169158D1B39D02A47E42E426E547C6E6CEBEED50D426FD968342CC2A3B2F664C1D4D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686806, "uuid": "eab9e963-7064-427a-8d2f-f8b6395423e1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686806, "uuid": "ab461e4d-593a-490c-aee0-52d9b0b2cb80", "value": "12288:uqqWmS2h/m9NcTrE1Mb20wpbjFBcIZj6mbIs1pzzU4VFGQIut7D2G5JKT5b4jN:udrS2hucTg130wZFBrZjDb7Tz76x4J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686806, "uuid": "5a4974ab-3e93-4451-97f5-d864edcf9144", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686806, "uuid": "a21a8fc3-d70f-43ef-b59f-b3c274eb6a3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686806, "uuid": "b9f70b89-ebf6-4517-8da3-1818c81bc186", "value": "ea83b0db7b3030a818b412479afe2bc2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e62d36d7-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661103, "uuid": "3ff83977-41af-43ab-a6c9-9786f1d651e1", "comment": "Malware payload (SnakeKeylogger)", "value": "a98aa67fd1dac16b5b508baba142fb48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661103, "uuid": "37d09265-d045-4ce6-80bf-176853b398c8", "comment": "Malware payload (SnakeKeylogger)", "value": "1ae20a0508bf375447bef3b1ddd5bcc294aeae294ef9257124aec21442627c6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661103, "uuid": "20ba961e-d1aa-40ba-94b6-6211aba52fb2", "comment": "Malware payload (SnakeKeylogger)", "value": "d7babd5fe8eda7382b37525d6d4688174368198a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661103, "uuid": "37013c48-af12-4216-afda-05e0dced6a7e", "comment": "Malware payload (SnakeKeylogger)", "value": "2cff8b3d6b05cfb9c4c576d69200f412d50366319b1e544e036b320fc2d1822c253838881050ee9792026bf851cfca6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661103, "uuid": "00b12954-44bf-4f1a-807c-b3ab921c2b23", "value": "T106C42385898C542BD1D512BE63B3FB8101728E88188DC68D8E6BFD55F9E7F91931328F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661103, "uuid": "890df00f-c260-4bb2-be59-ccd7d1cf3587", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661103, "uuid": "2cbc33f7-22e2-40f2-a993-3c6e9208a05a", "value": "12288:afb/WT4UkuZbwwuE7dRKIhDHt251M3l4nuLTpUWqmd6C3DknUTmdOl3:afzW/ZbwHelD2G14nqTjd6fUS8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661103, "uuid": "3ca4ea3a-ab2c-41a8-88a8-266de5e051d8", "value": 563200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661103, "uuid": "464994a2-1c5f-449e-bb2e-4227223cdc55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661103, "uuid": "ca3176f4-ced2-4c19-97ba-754ad8e4df42", "value": "invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2780c6d0-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641026, "uuid": "49529f69-6b60-4ce0-b9e3-1043e5fb275a", "comment": "Malware payload (Mirai)", "value": "16a45b42298b87f3967060ba25240c7d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641026, "uuid": "97e5e0e0-80eb-400f-ba87-68eedef0b5ab", "comment": "Malware payload (Mirai)", "value": "1ae6809f8fe8f59b1a16e0d0dcf7f014e8ffa0a737edf62326ac8e57c11e6055", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641026, "uuid": "7077e2c3-a198-4b4d-85c9-720048c6895e", "comment": "Malware payload (Mirai)", "value": "80c1e521b31d19d639faab0e234d13cd282b7b6a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641026, "uuid": "f3fe2248-6e44-411c-af8e-feb364969703", "comment": "Malware payload (Mirai)", "value": "e4e9754ad963a87b7db2a5398ec36aac49b46d10d277c28445647c0462835438be1ed85f21d2e338583d133c03712188", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641026, "uuid": "a56415c3-5e24-4aa6-9a71-75c9492e5dfc", "value": "T1C5D2E18876D353F68C8D8ABEB61F4036309E34A976B29323B306D4534776181E652E8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641026, "uuid": "0768dcda-f741-4c1a-b4eb-c3eef37e8aa8", "value": "384:MId/PxEDLd2TwULzm6lowYcEaqsp9qC450LQixBfE4jdlz0lewZ90BKPoM/nNyj:blxKd2FLPxEnspd6IHE4RlY990SoM8j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641026, "uuid": "2caa9b5f-1f6c-4684-830c-71f385eb2fa7", "value": 29456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641026, "uuid": "71d4dff5-2147-4a51-aea8-ba460904b3e2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641026, "uuid": "d39ebccc-ad38-4289-a43f-1e59b1691874", "value": "16a45b42298b87f3967060ba25240c7d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae4743fe-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712119, "uuid": "c9e4787d-5a20-4e57-b588-5f1e634ad238", "comment": "Malware payload", "value": "959f8c102c3fdf3833661f5e6069c42a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712119, "uuid": "6ce4b9f7-13ed-4236-a536-43a9a7abde42", "comment": "Malware payload", "value": "1c425c04d55bdea48e0fe6e8b066fac7f2cab6ef6a36daeee0e4fd4abd57528b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712119, "uuid": "06caef99-8a66-4f18-b833-48eb0862719a", "comment": "Malware payload", "value": "3c1671eea69037a1c402b0fb1bd8f5535238198d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712119, "uuid": "c20b0754-228a-4bae-8529-0c323af47b8d", "comment": "Malware payload", "value": "d53fe11a1a971483bd1903fb6c1c17818d3cee2e5222920da9cdd954b07c8df02103e4ea608ad9d9e36579f5a7b4e6cc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712119, "uuid": "8988b683-e012-4298-ac42-219aa2403e5c", "value": "T15D55331582D2BE06CB4D393FF4A76628928325FC6419935D317823EE318A6643CBE6F5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712119, "uuid": "eaeff1b0-1423-4ab4-8f38-b6f4eb50df15", "value": "a887a2659477cffe2d7d84ab2c586923", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712119, "uuid": "e75a156e-229c-4dae-878a-446c5989c77e", "value": "24576:GLc/A9JMCu3g8+ruf8Nf7cojcP7odk0+p/8W69fmZpb7ZTOay6WPCVBzo:BA9JvuQZrO8t7PAPCkFp/J69SP5apizo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712119, "uuid": "5b6b59a3-4c28-40b9-85bd-4d83b49a5bcf", "value": 1322496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712119, "uuid": "33c98ea8-657b-4093-9680-ace7c8585236", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712119, "uuid": "2f6b8a43-82aa-4881-91a2-024fb4b4a70f", "value": "SecuriteInfo.com.BScope.Backdoor.Bifrose.3179.10046", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e351c881-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "0a423b59-2c36-4b4d-b8d4-50c1a03d7c24", "comment": "Malware payload", "value": "a0cacf9006231166df5019cf126b0de8", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "eabf56fc-2ccb-4630-a8b8-2c91c0ac64ac", "comment": "Malware payload", "value": "1c50888a51f41d9baa927cbdfd6a517f9473793a134fe842428eecbd7be5fcbc", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "d92a3d48-238a-4d32-99f4-a6fc10872cda", "comment": "Malware payload", "value": "bf13add3c69f8fd7359b54b282631df9b2c72804", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "b6b2ebd0-cedf-43a3-a2c2-871e8da08bca", "comment": "Malware payload", "value": "4cdb383c5000b07f2e79b50f4e6fb6a5871d9fe66cd3c014fc498605c4e7003626ed5dec776dcaf3185b9f5ed28dec9e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "49b1f8a6-a1b3-4ba8-b6ef-da62c0dff4cb", "value": "T1F5D423FC37EB293B67CE2166B148442481A671CB892D35179F91CB28DEBD2E615EF900", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "b8292132-d2bc-4d70-a529-25c99e6453a9", "value": "12288:DeNCHVlCXK/WfdGzDTwexiEx84K4Jb6Jsoh376+LqVzZ2bwp2RodUDAmpe3:DwaC4WfdQweU+8mb6JTZGVFFp2G2Al3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680426, "uuid": "88427c08-394c-411c-99a4-032b2a941d23", "value": 632514, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680426, "uuid": "f8a79c76-12f3-46ef-92b7-c413e1de6663", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "bbf5b8bf-777c-41b3-84f0-2c7885244e77", "value": "documentos despachos.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e494ec69-252d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689658953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658953, "uuid": "cc065d3f-ddd9-44b7-89ca-69f04384c961", "comment": "Malware payload", "value": "bc4915dd472d41ab5aa5bb7d64a6be86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658953, "uuid": "ae4dc5cc-68fc-47bd-adad-b6fc013e1eaa", "comment": "Malware payload", "value": "1c7dfa1e4b1ab71105b75c8a75af52317e901f7160e28765303da7f7988fa8da", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658953, "uuid": "e0e94cf8-bb93-4f7e-95b6-e2fcf0ea488f", "comment": "Malware payload", "value": "f5892a4ea271ed22c391efe41473211165db2b70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658953, "uuid": "ee5a69ab-9972-44ce-b25b-eb6ff5bf9a84", "comment": "Malware payload", "value": "72bfce38ca4595c027fefce67cfbcb4c59f15b29468ba8207feb3c2e906da42da6736d99cd94747dbb92a4247db68171", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658953, "uuid": "bf328168-fe94-47cf-9b80-e3af6a590b28", "value": "T1D62723863DCB80FDE5801970861B27DB13F2A5B78DC588287BC57846A461FB7706FCA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658953, "uuid": "7c312fb0-daf1-4c37-93fe-3ec92131106c", "value": "91f4e0cc7a687a97a003ff6206e2edfb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658953, "uuid": "94e2a1c3-b2f2-47d8-a5ee-dfa45bb84b56", "value": "393216:2kJvkICSBwFjNiiFz62aBUyx7Whgt6sS1RT01snRzP9pzXo:ZJsICS8JrzhaBLJWiUsEB01snt9pzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658953, "uuid": "6a8b6814-9c61-4344-98eb-335f5c38ec91", "value": 21014344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658953, "uuid": "66e58526-535e-4709-abbd-cbda824549b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658953, "uuid": "102b0e40-6f2e-4b89-ad26-002b51a0d136", "value": "AppInstaller_11.6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0fed10d-252c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (BlankGrabber)", "timestamp": 1689658464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658464, "uuid": "de429db8-43d4-452e-8934-512a8d03aa94", "comment": "Malware payload (BlankGrabber)", "value": "092b7f1a2b67de290da755f676763279", "object_relation": "md5", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658464, "uuid": "3634b9df-86e1-4525-9c86-b5bb3f1449ad", "comment": "Malware payload (BlankGrabber)", "value": "1ccc641022b3e95b4eaa3339f8d980bf1b606ca8d4f529c98f8d7d2762515b85", "object_relation": "sha256", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658464, "uuid": "dbd521e6-861f-4a8a-ae8b-e7f8e9ef6590", "comment": "Malware payload (BlankGrabber)", "value": "1d4e9780b0b5f4a74176bff38ee80815c9eceec1", "object_relation": "sha1", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658464, "uuid": "560063c1-2d38-4f4f-a475-3e2efa1a0d58", "comment": "Malware payload (BlankGrabber)", "value": "97173b10db22c5ceba0fa3a51d91d552239e3c41057a74e0b59b013400d44af7a67ea6e546d1ac528f661e6d25bdae94", "object_relation": "sha3-384", "Tag": [ { "name": "BlankGrabber", "colour": "#21B759", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658464, "uuid": "a956db48-3cd4-4fde-9282-1eb2773b21a2", "value": "T1DA76336966C249E8D577823EC6D24A0ACEF074175714DD8B03B466FA2F13BC48DBB722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658464, "uuid": "370c490a-df24-4535-94e3-5dd6a59c9552", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658464, "uuid": "65027b10-2cc3-41e5-bf66-5cd18f8d19e4", "value": "196608:mQ7iQsGbT/9bvLz3S1bA329OqtFM+ehUNiYrvV6/:4GbTlj3S1bO29OqtFHehUNlbc/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658464, "uuid": "f4f4a2df-d63b-4194-a42d-cd0305e22c3d", "value": 7346934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658464, "uuid": "b255fa25-4528-4427-880f-80e70946fffd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658464, "uuid": "a014e01d-761a-41ba-8ff0-d382e8c53fd2", "value": "2k23ballinhoop.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd64bf5a-2521-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689653787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653787, "uuid": "b962d320-4fbf-45c2-95a1-c1d94af377cc", "comment": "Malware payload", "value": "212fb84e57c4d34e1fbd05e88d96a0c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653787, "uuid": "b9737b51-5b36-4af4-b5aa-54ddd272348f", "comment": "Malware payload", "value": "1dd6de293d509069ef2cf96696eee10a56e0d672dc52d49029a55db5ca9c6f54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653787, "uuid": "43fa1e29-1e18-412f-b87e-da85f307cad6", "comment": "Malware payload", "value": "b2b903c8861fb8ae81ba0baf1960da3230bdd0ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653787, "uuid": "f7cfa8dd-426c-4b8e-81c1-9d032502998f", "comment": "Malware payload", "value": "b9b42c89ba46fe621d4d7a61cb9eb9d9750da18beac67060a2a7b18a32bbba53eedc5a3ee84b411587ca098096b06731", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653787, "uuid": "996ba369-9229-45e3-93f0-ab116fe6b7fa", "value": "T1CB965B1AB751D837D5234A399C0782D89426FE513E28D9873BA93E0CBBF87903639357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653787, "uuid": "67dcf957-c89e-470a-8be7-10f38e1cde4a", "value": "8201d69e3efbc23f3a095bea47df5c41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653787, "uuid": "90a505a5-0c65-46c6-a1fb-9f9178aec071", "value": "98304:jUEaBPCNXH5OcwTnCbAqyfqspljN2sV6e022vxi2C7dwMLb98YHntyIZEAlunq:gEaBPWHGrzqspljN2ko22DiHc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689653787, "uuid": "6ff96e44-065f-49cd-9a72-160028c00043", "value": 9211904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689653787, "uuid": "28c7a0ef-6701-4944-bd49-79878d0fe30d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653787, "uuid": "3ce83714-6140-432c-b5db-1277cfc00474", "value": "rCIR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "898fe83d-2527-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1689656223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689656223, "uuid": "5ba6169e-df20-401c-b1b2-4b4cdf737a73", "comment": "Malware payload (QuasarRAT)", "value": "fd9c28b0b6458abe4a6ccb45e3a34cab", "object_relation": "md5", "Tag": [ { "name": "45-134-173-182", "colour": "#1B0788", "exportable": true, "hide_tag": false }, { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689656223, "uuid": "d60ca951-1d06-457c-9ca0-999e4d7965c8", "comment": "Malware payload (QuasarRAT)", "value": "20633717b608c0d4b45f5d3f3bb670d0de9bec4ec346175deaded094acf0eba9", "object_relation": "sha256", "Tag": [ { "name": "45-134-173-182", "colour": "#1B0788", "exportable": true, "hide_tag": false }, { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689656223, "uuid": "07149c2d-01a0-474d-876a-26779a69eb21", "comment": "Malware payload (QuasarRAT)", "value": "c1ae7ce6d9ebac243fb25035a872c2e1c5c912f0", "object_relation": "sha1", "Tag": [ { "name": "45-134-173-182", "colour": "#1B0788", "exportable": true, "hide_tag": false }, { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689656223, "uuid": "29caf898-234a-4644-8b69-32d59b58c442", "comment": "Malware payload (QuasarRAT)", "value": "b8a5ba1a0322281b572f608d4199036bb786212e2513bc0c221a18acae1ab3b30b50c302db58777c02d9627fbd192432", "object_relation": "sha3-384", "Tag": [ { "name": "45-134-173-182", "colour": "#1B0788", "exportable": true, "hide_tag": false }, { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689656223, "uuid": "aa017e90-6bd4-4563-814a-6b4f4b1d492c", "value": "T11575237C5F9A8DE0AFFDA33D30EE3E4D3E59C9808509E78E08693116519FF21015B96A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689656223, "uuid": "98b1f6b4-0c2c-4169-b382-39d03c387e18", "value": "24576:7Uw4frWw0l/BCa7TrgxP0Nzhs0XmBW0SXLu9s2Jw8RSZrtyhtEbyrStjz1:7cWEP0Nzhs6Ra9saw8CROrM1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689656223, "uuid": "426f88cb-1f3d-4ee7-a705-2c0b5a6d99fd", "value": 1658057, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689656223, "uuid": "0719ec33-3e4f-4c49-b37d-d501796f3ce2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689656223, "uuid": "77a68aad-09e5-4d27-8b83-c87f70153f3e", "value": "Anthraxa.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91b3b91e-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662250, "uuid": "f3b55243-5ecc-4e9f-b9b5-53a2240104b7", "comment": "Malware payload (AgentTesla)", "value": "151b06039687b904aebd43793c5592af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662250, "uuid": "feda6f72-4b8a-4acc-9e59-b0890e90e45e", "comment": "Malware payload (AgentTesla)", "value": "210cad4931d03a1a6e0fccf0663dd281072ad75a46a786ba62f8ce40452f765a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662250, "uuid": "34df8d35-0ad3-4619-90a1-313c72c6bc7e", "comment": "Malware payload (AgentTesla)", "value": "c352763558fd71c2d2a9aba4a461d3c8d3c4e47b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662250, "uuid": "55e5e550-3f96-4d77-a570-e4357d002f26", "comment": "Malware payload (AgentTesla)", "value": "4466f33aac51f557be9a57ee41cf070c991eb126b656dac3a748837509f0ffc6b650ad0f3f45bbe1d4a7d2825f60210b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662250, "uuid": "55cacf97-4c2a-4826-8f3f-3b697ac8b63c", "value": "T1C384990267EF514CF1F33B455ABA54E84F27BEA66A39C45D508C1A0E4BE3E408D61BB3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662250, "uuid": "a32947c2-bbf8-4843-a1de-16c56b3a7e77", "value": "6144:+n79MxzakMxjJnuOYXyXqXqXhXPXjXUX2X+XAXmXTX9XUX9XQXfXbXIXLXsX2XRA:4MxzakMxjJnuOYXyXqXqXhXPXjXUX2XY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662250, "uuid": "c5c50115-6f8b-42c1-90a0-990b4fbffa6a", "value": 383504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662250, "uuid": "46324d77-54ef-4513-bfdc-f1ce81270cbe", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662250, "uuid": "ea6645ce-e871-420f-ae07-9cd345aea43a", "value": "00933400cotizaci\u00f3n.pdf_____________________________________.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c160193d-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694113, "uuid": "819fa48e-2f8c-4540-9c6d-faf087294670", "comment": "Malware payload", "value": "3ae27b845b197c7530bc9fbd79cba897", "object_relation": "md5", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694113, "uuid": "d856a508-8d5d-449c-8ec2-701a099ff1ec", "comment": "Malware payload", "value": "21b827ae808d946c912def40a406fa8dfb92ab4943400ccd7f37f8259fc4d4f3", "object_relation": "sha256", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694113, "uuid": "3805130a-4b27-4eea-bb62-5696b917383b", "comment": "Malware payload", "value": "327acfb33affc68abcd9066036492630b9a29c78", "object_relation": "sha1", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694113, "uuid": "303d89aa-7c41-4257-a01a-e55868699d9b", "comment": "Malware payload", "value": "02afafbc222eaf1acef17824a5f82b9770ff4efcb65c3874ae188b9bbbc909b03693165dfc0d233faa7cfc7904156209", "object_relation": "sha3-384", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694113, "uuid": "044da231-5501-4986-84ea-31c631ff6f00", "value": "T176F05928667DC74D4EBE527CE184ADD3F419609A212752E4E78CC20C25A281087BCBB2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694113, "uuid": "8e074ca6-8c26-474b-bcdd-7e98d2a35f50", "value": "12:s+qsPAupJycfjdUz5lUdOnMpo7Xj+4Ml+l:ssouBJUdGdOnKo76nQl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694113, "uuid": "c74363a7-be1d-4706-920a-aa54e12e2459", "value": 502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694113, "uuid": "722a9431-b19b-4e70-be59-a2930ef77e69", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694113, "uuid": "044957c5-9bfc-4cb0-af0a-e0a9be9716d8", "value": "21b827ae808d946c912def40a406fa8dfb92ab4943400ccd7f37f8259fc4d4f3.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9966058e-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689685456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685456, "uuid": "df4c82e4-58d0-4a6b-8a1c-c3b17a4043f2", "comment": "Malware payload (NetSupport)", "value": "dac8b809738c47f44b5615128cae7909", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685456, "uuid": "0adb9628-4f7a-438d-8bd3-9da2f83f34ec", "comment": "Malware payload (NetSupport)", "value": "228132dc49ec13150b4f75418e2d665246b1aff4f52d85f660f833ea4e11bd1d", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685456, "uuid": "6243581d-3e59-4e5d-9d15-4834d790ae5d", "comment": "Malware payload (NetSupport)", "value": "713014457ac9d90d5eadf8146a6897f4cff9f552", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685456, "uuid": "1e6e1065-58a4-49a6-ae11-e6da645ae8a1", "comment": "Malware payload (NetSupport)", "value": "6a4b1f207c5bb4bbf1fed83009e9d29b430de201613a179d4a1989464cc2bee191d50b0593331cdcc27e109a12d0fd73", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685456, "uuid": "7712704a-8348-419b-a5eb-51ad392134c4", "value": "T127A5332529E505F3C0F3C339049A1582292C77E39EE717BC136C6B52756FABB8B5488B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685456, "uuid": "7e3b0f38-554e-4af5-964a-5ab9c02245f1", "value": "49152:XZjQXorDcQhg7dMnEBJCgkh3V/4msgea3DQuMlVe5PWZ5FvcBC:XqWg7OEB1kh3VucDdMbAP+UC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685456, "uuid": "f3293521-6520-412e-9b31-a79450e64130", "value": 2234348, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685456, "uuid": "08f720ad-43d4-4385-bd40-d20bf8c9f6d2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685456, "uuid": "33c30270-ea41-42ab-b1f1-b3db3a7e17ff", "value": "07_03.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45ecb1ab-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689662123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662123, "uuid": "f759d05b-91c0-4b78-a867-028747c562d6", "comment": "Malware payload (NetSupport)", "value": "6757f09fde7c25be502dd96903616373", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11-com", "colour": "#5FD45D", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662123, "uuid": "16f855cc-43f7-4294-9185-4bb264f2f237", "comment": "Malware payload (NetSupport)", "value": "233019f7f2464732ec93ec2b01b360363a9c5a387c1f392c4ed92c90aeb5505f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11-com", "colour": "#5FD45D", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662123, "uuid": "b7fe3185-a0d5-4b3d-88e8-70d8316b9c3e", "comment": "Malware payload (NetSupport)", "value": "9473c0fe323dba82120b183cb5534adb15712f21", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11-com", "colour": "#5FD45D", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662123, "uuid": "9454fa65-d301-401b-a911-221bb0958c7d", "comment": "Malware payload (NetSupport)", "value": "97cf222fedcbe1364e945e8efb7af669de68d5c6c285b5e124f9107bd0ba27557c601559949f412fa2e89635f66041ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11-com", "colour": "#5FD45D", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662123, "uuid": "071274ab-2269-471f-b3c3-e648a334ac08", "value": "T171B52363AD9CC0F5F85F98B4899CA254D489BCE03E700517BB713F6EE930191C626B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662123, "uuid": "5537eafe-098d-4e69-8502-497ca8439d16", "value": "3eaa732d4dae53340f9646bdd85dac41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662123, "uuid": "7bb33f91-94b8-4fb5-8cf5-308ef0e6a06c", "value": "49152:wBXgSB+D6dg357ao6rSFL+Nu6WaS0101whW0tZiWNuTWa:k3Btdg357grSFE28x/ZiWNuh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662123, "uuid": "80b5f307-5aa1-4751-b840-21480b6ec601", "value": 2494964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662123, "uuid": "c0e2b338-647c-479e-81c9-56c561dd6f07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662123, "uuid": "4427a854-00c1-497a-95ca-5f3bd83072a8", "value": "PurchaseOrder.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e43e736-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685732, "uuid": "346225d7-9bd3-44f7-bd58-e8fa24c32c89", "comment": "Malware payload (AgentTesla)", "value": "983943faa278ff496dd4f72a7dc5b033", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685732, "uuid": "3e3a2f93-5094-4297-8321-2450e944ac3c", "comment": "Malware payload (AgentTesla)", "value": "2541397123d3770ea0337b302bea46f39c46689bb463208af4406d6d76dbab07", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685732, "uuid": "67bf0e1d-306e-469e-9140-fbfc7c62d8d4", "comment": "Malware payload (AgentTesla)", "value": "5d4d4d03b0a78cb278a28d1fe6235a8ff3d59233", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685732, "uuid": "d4ef0d30-2667-4b88-9551-8733cb3e5311", "comment": "Malware payload (AgentTesla)", "value": "0fdd131a64b545edb7b4947893c4997772b64acb29285c7bcc9b2ae75c3aba4acc395b4e785aeff83118d8c8541cb1ed", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685732, "uuid": "a0f09453-97dc-442e-99b6-9dcc67b5bf9a", "value": "T1CCD40283F7544BE1E4BD5B7180B6491107B73E1B8A95D20E9C98B9D90AF33A016A7F0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685732, "uuid": "6dde9592-2814-43a7-b98a-03868f621c60", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685732, "uuid": "3f244ab5-fb6c-4e70-ae0b-113b6d50901b", "value": "12288:C4gjFxNm1rC5X3NCCnCUJq6MO1HN/icGo2H+OOZjsGmVeD:VgcZAXdCC4611HN/i7o2MV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685732, "uuid": "a4849008-4324-49be-b9de-d0e1c4c5cbae", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685732, "uuid": "6d104725-2fba-4298-bf66-d7d6d97d981c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685732, "uuid": "59216c32-69df-4850-9430-a0481abd69db", "value": "Halkbank_Ekstre_20230718_080954_114612.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69ef6463-259a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705562, "uuid": "df3b2587-36ec-4d3f-b807-8b82449ff6a8", "comment": "Malware payload", "value": "d133c67a65ecda50460d03b090d115e8", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705562, "uuid": "a14a9d40-a1cd-4bdb-9b7e-b3440b3dcfdf", "comment": "Malware payload", "value": "2558b746c17b40792cf3a0a7a068a76534dbb46d2fa2ee22aa1cc19b3e2dd83f", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705562, "uuid": "5352a76d-dd48-42c5-82f7-7bf150512203", "comment": "Malware payload", "value": "b04459245c250eaa30c4da34fd88b3a0daf3a211", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705562, "uuid": "9de49470-db64-42fe-a576-97e4d59b97d2", "comment": "Malware payload", "value": "075f24604dbc14cf7da9393cdba99abce7106971a0a635bc131dfa09b35e6a92d05d16d3a971f224b32b9b6fb94b5b39", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705562, "uuid": "2187dae7-a933-4c14-9355-4d8010fbf986", "value": "T1644265B81E32BD8504AAC25C820D16096BAFA9FEF543F6F745C1691703361E1954BFE3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705562, "uuid": "64135474-7cd0-4bf0-90fd-4ca247349e8a", "value": "192:ezdWCs/DAbYWDr+548hrF+tLgwXSJ/5lZqgi0PmqI5qlYG7ULhJI/0:e1U2+ia4tLDe/tqgiUmqI4YQUbI/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705562, "uuid": "b9c73e6a-f328-4e44-bf95-e217163c318d", "value": 12602, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705562, "uuid": "26d91385-7e13-4e95-93c7-588df832b265", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705562, "uuid": "5dcdd413-9a6a-4d11-9f65-80d08e850938", "value": "William_blake_Tax_2022~pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af16ac67-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712121, "uuid": "f72ba68c-2920-47aa-bd1e-c44aa4493638", "comment": "Malware payload", "value": "f464bdc6661ac1dec981803377f9a4c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712121, "uuid": "b2f158d3-8986-4475-b106-a6dc32728646", "comment": "Malware payload", "value": "25f351532a3200ef58dcfefd713ccc3532d53572bf117e468b654ed90af7f7a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712121, "uuid": "1faa9bda-aa11-4da9-bba2-0065ad21d4bd", "comment": "Malware payload", "value": "c1b05dabd9caed0aa7d8e1c4861779a50b36f278", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712121, "uuid": "bb0bffcc-3c8e-4e7a-83bb-03845de93674", "comment": "Malware payload", "value": "73c7fa072af4405eb2a0ca222a398d1bd835d5c08323b60451f6072088a740b2edffd7242b15bdb01afd20a5ba04b737", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712121, "uuid": "99bf3b98-da39-4edc-8d85-a620a41c92e1", "value": "T1007523B37790C9E9EE2C9E35B40F9B121719FC5EF0E1239620D6B62C3E24442BA1BD55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712121, "uuid": "472f7d77-ca85-4a8e-8f8a-34b1114b9280", "value": "f582512500c7dd8e23adeb2b6ca56681", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712121, "uuid": "b10cc8f5-1cc9-4122-90a9-dab6913294d5", "value": "24576:7j5Br4D8PanH6AMrFVuzj/8+j4QxyFo1VcUQHK+nPV27hJDjTYqmxMsh/P1mGcWT:b4DlnaAFzQg/qo1WBn+UEsh/P1mGriDG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712121, "uuid": "165f29af-dfa8-41d6-a4f4-e11cd6619f6c", "value": 1552896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712121, "uuid": "4f99de53-5acc-4f36-812d-57f750c835ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712121, "uuid": "a470654c-4b1f-44e3-a901-4c91ec619528", "value": "SecuriteInfo.com.BScope.Backdoor.Bifrose.31895.28446", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a5883cd-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689680249, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680249, "uuid": "ef61534b-4414-428d-a51e-92a6da8a1e55", "comment": "Malware payload (AgentTesla)", "value": "61ba94bce76b9c0831ab24db03ce145b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680249, "uuid": "9be76c8b-48a3-44b2-9cbe-1d4e52ff1c9e", "comment": "Malware payload (AgentTesla)", "value": "26cb0acf3e5bfb42e29d311119fc56c4a8b55efd08453826cee4eab3ea3eb2b7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680249, "uuid": "20b389b1-a6ba-4a8c-b594-3ed395174d36", "comment": "Malware payload (AgentTesla)", "value": "ca3c3d7f33e5e1f62c3b7e45fbd8969727971092", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680249, "uuid": "044590bb-b94b-4322-8084-80745f60c6c5", "comment": "Malware payload (AgentTesla)", "value": "f24ccd1a08ece708cbb3be5e3d17bb1552882c8b8ab56abe9e266248541b33575c46f7e8b4adad7a9c36bcd57495dba3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680249, "uuid": "670aa9bf-216f-40f5-9bd5-768a38c634f0", "value": "T170D4127965791B22D7358BF90458233083FB85E67863E3634EDF70CE2960F064E98A57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680249, "uuid": "0cb7087f-d3fc-4e0e-b921-9aa5e17a9193", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680249, "uuid": "673dfdca-45b2-4a31-9567-2250a8a190e9", "value": "12288:abPLF7/J0rv6dUIfxoJZ3vg7CgpRrGLfxFRuSDNrDVbLtqJj8zO13ro:gLV2OdLoJZS9z2ZRJr5V3Q3s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680249, "uuid": "67509497-46a8-4892-b538-a3255628aa28", "value": 621056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680249, "uuid": "6f5ee92b-9d1d-48f9-9716-bad23b8398be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680249, "uuid": "9a252dd5-758d-4bb0-95b4-e43e7ddba1ea", "value": "8093652110937447028.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a926f003-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689680328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680328, "uuid": "1fc9e0cf-be1d-4762-bc08-700253a71af7", "comment": "Malware payload (Formbook)", "value": "264ac914464c96f1066428b6b9b4cd22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680328, "uuid": "3e284d7f-6adc-4c63-9c2a-df23ac94e0cd", "comment": "Malware payload (Formbook)", "value": "26d19c11d0884404b8a69fbb2ebf3c86741104a1a4d3b1f586023c45d5e33257", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680328, "uuid": "93406a35-8632-48c5-a6fa-e5fad21d7d64", "comment": "Malware payload (Formbook)", "value": "304071d5f362964e9423f0219703bf4aa1371f68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680328, "uuid": "06a16467-7aa9-4332-8a1a-ce574eafe907", "comment": "Malware payload (Formbook)", "value": "dd16b337c27fcd9ed350c413cfc795b0c8e5d4b1a09cb8b268520e375ba859404f68bf2090ca20d352086fc5a8cbe4e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680328, "uuid": "eb99e6cf-df0e-4f56-9287-f0f1b043490f", "value": "T1455423557BA5D8A3D4BB8930AD71152ABFBBEC1911B61A1B13609FCE3A73141CD0A333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680328, "uuid": "d851bc01-edc0-45a8-96ff-f1c26c9544fc", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680328, "uuid": "a40ed2b4-a7a3-41e3-82d6-7caa84bd2ab9", "value": "6144:PYa6lIMh+ByeMMuOFjQB6MVoXofqA8ksKu2E706dSoCRtL9DqF9:PYXThwDQckBVu6vzEBdCX92F9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680328, "uuid": "fd96cd57-db66-4c12-9c71-2e3a5263baf5", "value": 300175, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680328, "uuid": "05ce3ad6-19e8-49a6-a825-4709983ba7df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680328, "uuid": "3bdcb1b5-af88-41f7-aad8-b70b28154de0", "value": "HBLAWBP.LISTCOC & INV.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d9a49cf-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686751, "uuid": "90a988b6-b6d9-421f-977e-c044888601b6", "comment": "Malware payload (AgentTesla)", "value": "2903aaebebed8a5e0b746ef28c34cd79", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686751, "uuid": "96898e3a-a76a-4fa3-9d5b-6668bbd6f280", "comment": "Malware payload (AgentTesla)", "value": "26d32f64e3ae6e01d62458970aabbfc4277ae575feb738b436049caeb923b11d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686751, "uuid": "dfb49e77-91db-44e6-8697-05e931aff64e", "comment": "Malware payload (AgentTesla)", "value": "61b8fae177dee47080f3390e579f58dc40d28f32", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686751, "uuid": "e31a9cf8-7b35-40dd-8050-7ab2c419620c", "comment": "Malware payload (AgentTesla)", "value": "e89feea4f44f379b1b5514cd26bc01e78ca82eb1fef5cdb42f6c8dfdf865747b14ee3e93f8fca1af459773c5d0ea57dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686751, "uuid": "b44f452a-7f8f-484e-a2f1-3352f8f63953", "value": "T127D4221A6CAAA72BD1671FBE005176F512725BC5B021DAD60C0BF1B3FF6A70D8810B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686751, "uuid": "06581d28-d4f0-4786-9a81-2f91f0196118", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686751, "uuid": "82121aba-3c5b-4242-b473-dacf9ddf69f4", "value": "12288:5mAY2kcdbL4EflX710UNxMCO51PLNEO2ihK7e4QXDjA++k0S2:UN6GEfN76MMtHPLWvihHfJ01", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686751, "uuid": "f8cc71cc-f915-45f7-a4c2-6e4fdca0366e", "value": 626176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686751, "uuid": "1d7edbde-dc7a-44f8-a10b-313f8644df1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686751, "uuid": "6acf5424-6d5a-4621-bf00-fa67ebe05240", "value": "2903aaebebed8a5e0b746ef28c34cd79.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c448fcf7-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705284, "uuid": "03fc4e7b-e2aa-4b65-a6b2-a1058d5d4ec3", "comment": "Malware payload", "value": "f484be870cfcf7aa0699e52320d62c9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705284, "uuid": "b30345af-725c-427d-9002-9345cb858c6a", "comment": "Malware payload", "value": "2742148f16a138218cc03322bfdc622361f424c767de16badec3f569450d738c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705284, "uuid": "ca3895a2-42ff-4480-ac89-c416b8a6faa4", "comment": "Malware payload", "value": "eddf21ac8267c02e78d9a99bbd7a7094e0da2d1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705284, "uuid": "85bfc4dc-3953-4ccf-9ece-e90dc134fdde", "comment": "Malware payload", "value": "7ac1ba55c4e8050e60e3470105f3003fdfd34d9b94a18df91003fc84c8bdd1e31eebc7f84e4d44ff7b0b085d8c2e1f90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705284, "uuid": "09c0b3cd-a2ab-4659-90d0-5f86e0edf65a", "value": "T1DA7523527BC98AB2D4721933152A5F20B63CBD305F368AEB9388645DDE321C077357BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705284, "uuid": "8bfc099d-dd64-48e4-8e41-3ee375b81bc3", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705284, "uuid": "b6d76c2a-4fa8-44ef-9425-ad214da70124", "value": "24576:WiIy60hvWIUiQjUo7qRb+YSqs18b6H9vOWQx1WvxE1ENo0fbSSvC4PnUue6VIsmg:mb8x459mWwwvxEKoyvCWUuexH7PCWi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705284, "uuid": "4fd6692f-50d4-4796-8ea2-f8b3ee6f4f75", "value": 1664327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705284, "uuid": "c27faa4a-8581-4fe1-ba72-8f2b78946c9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705284, "uuid": "1ee8d181-7f25-4328-b32a-3108a1c815f7", "value": "SecuriteInfo.com.Trojan.Ciusky.Gen.6.18859.11778", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46b11e98-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689663412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663412, "uuid": "1c400d84-dfb0-4b3a-87ef-a043a9b4e795", "comment": "Malware payload (AgentTesla)", "value": "de506e178279f35a8d7c1ba89700803e", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663412, "uuid": "3569a587-73fd-4987-9bf0-bfd2067da61c", "comment": "Malware payload (AgentTesla)", "value": "2804c7fae5f403613673a2c57206dbfb0c4f70936970965875f8c3ae6b96d24e", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663412, "uuid": "fb0a17bc-5adf-4d06-b926-dbd02863087b", "comment": "Malware payload (AgentTesla)", "value": "a85541c7fc6e9eb8bd7f7a702262573cbcb59e70", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663412, "uuid": "9446df62-be0b-4b74-a35d-d289a7349af2", "comment": "Malware payload (AgentTesla)", "value": "62bcfdb34c8cadb698844311f83f4b0641fe19809311a33b09c5c8ded9ba58220b69b261ba7c5edd495c42b114511d0c", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663412, "uuid": "6f8fd2be-cdf8-43ae-ba33-212d5f2d9c58", "value": "T199C423991597D9168F53E4A05B7EEBAC3B2C630392B600126897B2FC7C47ACB5C2704F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663412, "uuid": "f42758f2-16b2-42df-8946-aa9f082ce783", "value": "12288:27dDfG96AklsroYrLGwUY8+Xs9SdNSZ8Vd0kYpGXTqH:GdDlAtMY+YL89SQ8VyV7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663412, "uuid": "c3453984-c940-468b-903f-1ba02900e6f6", "value": 548647, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663412, "uuid": "4acbeb01-1eca-4f6a-9977-b4d2de1f2a5f", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663412, "uuid": "caa444bb-5e93-41c3-bc60-ef2eeccfe5e9", "value": "Invoice_HRD231022.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef08eea3-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689685599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685599, "uuid": "e6522d65-b5e6-4114-9151-03dce711159d", "comment": "Malware payload (Formbook)", "value": "a8d3284aa16a97a6d03042d9c564d98d", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685599, "uuid": "752de733-ca1d-4740-b883-f8730074a8c7", "comment": "Malware payload (Formbook)", "value": "2a4753214a9117017f1c932f7c4619fc0e6298f3cdef9fe5b857efdc38dd0e34", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685599, "uuid": "3dd7c76a-ce99-4a93-84ed-f704a8996388", "comment": "Malware payload (Formbook)", "value": "19e70c31f6c477eec84a87cf45f6817cb518a64b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685599, "uuid": "e4ea3d6a-9066-4413-9d31-e17a7fd7407f", "comment": "Malware payload (Formbook)", "value": "194bce589c28501eeeda8ab2e8987c8676e4e343cde8e62a25acd827c2063bac3db6e5659f77ace547aa1dd1517a98ca", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685599, "uuid": "7525cf2a-da2f-4468-9568-60e524de8efb", "value": "T13013D31AE38F02A58F521276131B0E88A6BDB23EB35544B1346C937433DDC7D466AABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685599, "uuid": "ea945bba-205c-4164-84d2-4a1b908099a6", "value": "768:LFx0XaIsnPRIa4fwJM2QBGZuVtPKjtgY3n7WTNA4BaU6V/Z:Lf0Xvx3EM2nZAStgsaT64BaUIZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685599, "uuid": "99c7456f-a3e2-4d0e-b613-ff8415632937", "value": 42755, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685599, "uuid": "c57fe84f-89e3-4d49-99df-f9da4bc7fcbc", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685599, "uuid": "fd1eb229-7dfb-454f-b5b7-16db908474d1", "value": "a8d3284aa16a97a6d03042d9c564d98d.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6499289b-2577-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689690521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690521, "uuid": "54db2251-ee65-45f8-84c2-6c7596008571", "comment": "Malware payload (NetSupport)", "value": "eb83ece8ae9ddaf44885b48c50347c06", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690521, "uuid": "2d73fcc9-1eb2-45f5-ad9c-cc8a1a537b2b", "comment": "Malware payload (NetSupport)", "value": "2a4df621bdd95c811944e5ffeac28e77cef8cf62988f36985bbf26aa65342533", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690521, "uuid": "a99cb354-07e2-4b51-9b53-c47aa460d9dc", "comment": "Malware payload (NetSupport)", "value": "8b12a21fcbde288fa478df9f2fecf245b3447e9d", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690521, "uuid": "0da8633a-dbaf-46f5-ab2f-64f28b7c7209", "comment": "Malware payload (NetSupport)", "value": "a973238f0fdb5bd8e230d0abd7a6486f30adb6250d70e855b32db67506b88a6f4634a58392768a8f5780127ef944c2d3", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690521, "uuid": "70af6239-2fd4-4750-ab36-bdd1ff7dbc7d", "value": "T190C0804347D283694B3340DB0B71638CC068C91C3F96274DA700C16D90A5C5D769F380", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690521, "uuid": "00cfa71e-cbf9-4aba-9b0f-61914e4986a3", "value": "3:CxK6OWR2IkVViE2J5xAIfRlNhfFngXK2G6TNiILfDZkREwFMB1IkVViE2J5xAIfQ:CxBR2Bn23ffTHfF5z4NiImpMB1Bn23fo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689690521, "uuid": "3bc53a33-0d73-4b8c-8f7b-fb499a0f590f", "value": 173, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689690521, "uuid": "cd05a33d-0a5b-40f9-a957-a0fda54bcb77", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690521, "uuid": "01256950-76f5-4f1d-a7ff-c8fe7e8ede95", "value": "2.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0e3413b-2564-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689682462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689682462, "uuid": "9cb77009-b9fa-425b-986b-055a6cb188fb", "comment": "Malware payload", "value": "cc78f4d5c74374b756a2915e7e9b84f4", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689682462, "uuid": "af351c51-b142-4cbd-97cc-8ac68bfd48cd", "comment": "Malware payload", "value": "2a91db7037929c584d42566510b079943bea81f3ed20b6f9383629bfa091ff8f", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689682462, "uuid": "580f274d-a4ee-443c-bb84-02efa0c3376a", "comment": "Malware payload", "value": "bc561a352e435c5c57c3de0fd6474a549065f9fd", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689682462, "uuid": "03dce790-66e7-4e7a-af4f-6b7f7d7dea89", "comment": "Malware payload", "value": "e780e5dc4d8e5ec90481eda2e67d0bf2ef3b04bae48e0ff199029bbe2029663cc48a61db444eae38e636edb7b6807b54", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689682462, "uuid": "008c7566-82cf-4352-9139-0aeccc0d5984", "value": "T1FBB40001368CDD9DE68257FD79B6B58E404CBD7336C4A1C36AC8B70B8876FABA217411", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689682462, "uuid": "5c34593c-722a-406a-9634-fbac0bfe2387", "value": "12288:BOZioWQmmme6v3QLQuEZUWQmmme6v3QLQuEyBOMWY5vYdnW0vR+qXm:2WQmmav30xzWQmmav30x/BZWYRx0vRb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689682462, "uuid": "b51e89d0-6c4c-4492-8a2e-e24d74182f4d", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689682462, "uuid": "c314fba8-62bb-4140-8d45-d7b658c7292f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689682462, "uuid": "e8c55cbe-5014-47b8-b725-8486dec9a0c0", "value": "PI-ZY202307050010 .xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90a39d01-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662248, "uuid": "6bdefb51-ae73-41ed-81df-3bc7ac498a8d", "comment": "Malware payload (AgentTesla)", "value": "b9b25811e0120b00b42f0d7dd026eeb3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662248, "uuid": "604b1236-7cba-4bc8-9e97-2bea1a986685", "comment": "Malware payload (AgentTesla)", "value": "2bafbf56536fb81cdd2d50c892013fc97849f69f22026fb7afc1f5974ad80af5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662248, "uuid": "b9d5bbb6-be5c-4073-919e-90bb7fd858e2", "comment": "Malware payload (AgentTesla)", "value": "597433d857644501b264f6bc88cf678d3f85fa76", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662248, "uuid": "136e784c-6107-4d84-9611-c56b05a1d2fb", "comment": "Malware payload (AgentTesla)", "value": "f971415b1df0270a52c4e0c9ebe3f46ff263f78f7448d025cf344b9c2e0d0ebb08ad1c54f7e0c31190f8f2daa66e11a9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662248, "uuid": "dfdfd4b0-668a-44d1-8dbc-551e80bf444b", "value": "T1BC24E242ABFA1108B2F37A586D7A45784E37BDA6693DC55D018C290E0FF3E448D61BB3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662248, "uuid": "d6a9fb66-fad9-4ebf-90da-a32ab14bf8cc", "value": "1536:v6qpRhNVz/VGSCMxzakyd53FNP+GInC+DtJLpavs+rm8qv75noe4Mi3mI2hb7KZj:HhNVz/MMxzakWFXvspGeBQh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662248, "uuid": "51128481-0da3-47dd-a9db-1b0f3dcd97d5", "value": 213650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662248, "uuid": "331c9c9e-e156-47c1-b2f1-bb0db838144a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662248, "uuid": "6bc8de5d-149c-45cb-a7b6-125495481e49", "value": "..00933400cotizaci\u00f3n.pdf_.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf723780-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689697975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697975, "uuid": "7fa995e7-8185-430f-989a-098b9e757454", "comment": "Malware payload", "value": "88458b040d22133a43a3a19bec74c90e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697975, "uuid": "86c7c30f-bb8e-4ef9-83c8-c25f7af6597c", "comment": "Malware payload", "value": "2bc7eb6d6d335e200fa0fa2f0b17765831b301ef2cd4f80a44426a19268fca6d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697975, "uuid": "8fb21f03-9f7d-432a-a04f-fd10bf9a2b87", "comment": "Malware payload", "value": "dcabe2cf69e1e9dcae561f7123f52ccfeb579808", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697975, "uuid": "33585011-3621-4909-9980-3afc5a79d279", "comment": "Malware payload", "value": "3462aee5aa4d7906e8e04e33c058a319f410c3d5c54dfbbcab5b19a790aa7bc64d8198ac2ba45530f1e37f33ce5e5763", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697975, "uuid": "15419bae-5d9a-46e1-b4e6-c1d0296910d7", "value": "T18884084392E13D44E9258B729E2FC7EC730DF6508E8A3B696129AE1F04B11F2E1B3755", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697975, "uuid": "cf3a29ef-228c-47da-b1d0-4bc090e6d319", "value": "27fc32a4f2d64c87064bcd60b0964674", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697975, "uuid": "3007a98d-06ec-4023-8ef3-11fe718e874b", "value": "6144:+UwL7evLXlQMZutA2XNTR7z+dsZ6I9KX6si:mPevLOfzXP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697975, "uuid": "84be09c8-4c3a-40c6-9c7e-fb955c52372f", "value": 397312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697975, "uuid": "14d3897f-f0e1-4b80-818f-43e64173a311", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697975, "uuid": "f1bb2ad9-b792-4a0d-934d-b7ae5b11d694", "value": "88458b040d22133a43a3a19bec74c90e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7c03afd-2561-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689681319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681319, "uuid": "388b2dfd-f4b2-436e-b357-4e36a12f822d", "comment": "Malware payload (AgentTesla)", "value": "6077f4963f210d1f67dc3ba4c5e46126", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681319, "uuid": "bd82f11a-bdd7-4172-873c-ecd88550c93c", "comment": "Malware payload (AgentTesla)", "value": "2c4d72ac436fbd83a5e3138bd493bee423663f054dfbbc55c5cc50e13f5723f2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681319, "uuid": "e0c66752-da0e-4234-8503-ba2105a13345", "comment": "Malware payload (AgentTesla)", "value": "56b716cc716ce1928e9b29d7424df194843c5224", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681319, "uuid": "b2025fec-8fcc-4fbf-8310-e279eeddfa5e", "comment": "Malware payload (AgentTesla)", "value": "82e0908711056cc276fc4641442e273d14fb3033df6ce21673d623b3f01dc899503d0c1f617cc82645260cdadba921b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681319, "uuid": "e1fd4a82-34b3-478a-9030-9d78d54e24a5", "value": "T1EBD4236D1D5ADB2BC11B2FFB000167B10626D7E6B416C2A30C5AF4F6EF2AB098D50B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681319, "uuid": "0c8f728d-567d-455e-9d83-e828b0b0ebb2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681319, "uuid": "f63ffef6-7026-4ef1-904c-27d1a8600870", "value": "12288:1mAY2kcdbL4Efs2EU9V2Q5ie7vdI2kWMWbjB6wD14ED7WLSKwfv3:AN6GEfsO9gQ4EvkWJ9hD2EDA/wX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681319, "uuid": "e4cc9b51-f349-418b-b324-dd1b7dadfe23", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681319, "uuid": "4ac282d7-5f8d-4faf-8834-682acf9cfdc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681319, "uuid": "f0c42387-3dcf-4176-8476-1877d9935dcb", "value": "obizx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "792e2166-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1689661350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661350, "uuid": "bd31a64f-0a61-4f2d-a699-182ce65ca616", "comment": "Malware payload (Smoke Loader)", "value": "85424ae863f19ddb4922278e1d27f09c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661350, "uuid": "35b73e10-05fd-40f1-9365-00c68b9e5f9b", "comment": "Malware payload (Smoke Loader)", "value": "2cc7483f686c00278ce3dcda694baca322bfbe70e8cf4ec5dd8ec0f31a955625", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661350, "uuid": "507c02ab-45ef-49f9-8fd0-61885a5fdf2a", "comment": "Malware payload (Smoke Loader)", "value": "64b71a18fbce4fe299aacb203decba7b89b6388e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661350, "uuid": "cd6faa64-0750-4468-92f3-e6a6171ccc49", "comment": "Malware payload (Smoke Loader)", "value": "590af02c08f2241d9cacd5d387333e75f5fd19855f0c6446c2e860c8ad67b5da67d286c4f166918e8b1ce48e7342fcfb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661350, "uuid": "c3183676-c825-495f-bdca-0af1a17ce8e1", "value": "T1BF44CF2237F1C072E4A759301974D6A16BBFB97107B586CB37A4173E1E70BC09A7839A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661350, "uuid": "7efa27b9-1748-421b-aa57-170dc7139d48", "value": "c1faaafeea493fa6a83d7c193e85adf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661350, "uuid": "e24e8a04-875b-4d52-89e2-480058411661", "value": "3072:6yzBkxSOYKLdFzWfW45aL4frVyEV6hWxD7DTbuyRnpJLmOMT:Zk3LFX2rVyEQhWVjuyRnpo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661350, "uuid": "ef9e758e-cb14-426b-8d59-f650fe73adeb", "value": 256512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661350, "uuid": "20f7cbec-cbc2-4bb6-9d8e-81b5ae704e9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661350, "uuid": "343d713d-f661-49cc-bce6-9ed3d31baa45", "value": "85424ae863f19ddb4922278e1d27f09c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a76d400-2545-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1689668949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668949, "uuid": "79bb7380-6bc9-480e-9647-047fb63e50ff", "comment": "Malware payload (CoinMiner)", "value": "055eaec478c4a8490041b8fa3db1119d", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668949, "uuid": "7262955e-4732-4792-9aad-ec6f1122df63", "comment": "Malware payload (CoinMiner)", "value": "2d4adb8e894b22d6c60c3877995ba5e9845ec6005fc95382c395396eb84b1e73", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668949, "uuid": "4977041f-f14a-445b-a3bc-b00af4a325f1", "comment": "Malware payload (CoinMiner)", "value": "f0ed5c7d10daaec6f8866e307538e169a2fe6c5e", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668949, "uuid": "43dee1ad-4dcc-49ee-9c91-8106f219cddc", "comment": "Malware payload (CoinMiner)", "value": "bcbb092ee8d7c08dccea1a3cf6005345443c2c82a3a9dcfa1420e58a905b243a61e92f036134e642e2c7f03d43710b87", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668949, "uuid": "e1d72837-4c16-46b8-90f0-3cf5e724980b", "value": "T15D86337B06DA36ADFF9E863374DE1E6028FC3ABBE4613843859D6108DC1E7A24433955", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668949, "uuid": "87549611-7614-40e0-afa6-5813e94766bb", "value": "21e7596d2b02d580d9a6679904cdb8d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668949, "uuid": "344630ae-6c81-4f70-b414-b51198ad1379", "value": "196608:83OKhONe8nIO7AEXz+992YhlXPBaPS0yc+PfSWUQpdiRNC:83OKIe8eEq99Xhl/BuTQpdd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689668949, "uuid": "519eb467-53f6-496b-b288-d16934cecdd6", "value": 8091288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689668949, "uuid": "08ef8907-4cac-4cf6-9029-e71168def123", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668949, "uuid": "b955314e-2c90-4e3c-9f5c-29fe9489c596", "value": "SecuriteInfo.com.Variant.Application.Lazy.335746.4116.13433", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea0c399a-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689664116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664116, "uuid": "2ff905cf-3c10-40e3-ad4e-1a7d52991aa8", "comment": "Malware payload (Formbook)", "value": "9d37e2f542495a1e8d8cce75e80f81ab", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664116, "uuid": "8985c388-55a6-4086-803e-48379431cc39", "comment": "Malware payload (Formbook)", "value": "2da802a0c8418820dce1a8c52fa48fab709d89d575f2c12f6b8fdcb0ce50baa3", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664116, "uuid": "f7b1b8b5-9e8c-43de-af18-3206c9081569", "comment": "Malware payload (Formbook)", "value": "7baf4e101ba2733e3bffb8a7690c3881d7aec538", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664116, "uuid": "c3e214fb-098e-4ceb-8737-2d2b60ad5c74", "comment": "Malware payload (Formbook)", "value": "ee665cf9bce86f2c4044f3eb4cae1fb27c2f36df00db7f2b7dfb0851ce57a408c9e98f9d2b1d1bc6f901f962f7ea64fa", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664116, "uuid": "5e5a1e4a-0795-43f7-a926-210137b731c8", "value": "T12DD4232A5AC58978C7B45DBB3DB2E20D927FFB4D3941F3D81925001A438AAF5CE05E0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664116, "uuid": "7ebf54ef-ae7a-48f2-a92d-88bdd76babf0", "value": "12288:HnNWagFplb+OVPwyxyAR0zCLG2Z7y0LrP+Tb2rLa+7RtEgekO69r1frN:HNWfR+OB5yAR0zX2y02TbF+7RtXzO697", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664116, "uuid": "3232673a-bb27-42b5-b44b-15f747e43d72", "value": 636199, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664116, "uuid": "0a938bfd-3ce2-4a9d-bf5e-92f80c910354", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664116, "uuid": "6250dea2-63ad-4050-9f6c-9625976f0a2c", "value": "SWIFT Transfer (103) 022FT10230717045.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98fd2cf3-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689697910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697910, "uuid": "3bfbfca1-8177-41be-b725-9ea283ace92b", "comment": "Malware payload", "value": "81645f19426feb8cef198e042710cf15", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697910, "uuid": "082a2ff9-bec0-40db-9c93-dafda2c03063", "comment": "Malware payload", "value": "2e57a524f3da47467fc1abce82df02f2f4b16406480dadf2d48e7d992b89aba0", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697910, "uuid": "e748c39d-1032-42d2-8edc-4b7f4e8a50c1", "comment": "Malware payload", "value": "864554e97313c0d6c8e38008ebf92c6a215ac56f", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697910, "uuid": "c29db53d-8952-4573-a360-8d1cc9450e0e", "comment": "Malware payload", "value": "0735b755bae10a6e9ab3ad7799c699879a5afb5c458611d116d077195be3d4c729984cb3ca5ad3d6f53b3677a8d5046c", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697910, "uuid": "9fe969d9-6c83-414e-8c4c-dd0895e40ad2", "value": "T149C08C804000422AB98709223EE0208CB4200CACAD8126A185009C240049648339A781", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697910, "uuid": "5fc300e7-4e85-4846-b04a-6c36388a7d4e", "value": "3:3J3OE8IbU0MjNn6S6MQRFoIkVViE2J5xAIt52A+X3x6QQFIzUv:3J3r82LUIS6RjoBn23ftu6DFW2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697910, "uuid": "546facd8-5b94-49be-a6e2-7c446b72170e", "value": 141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697910, "uuid": "75707570-c250-4b7c-8060-8788c51f99db", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697910, "uuid": "8f0113f1-6423-4bd6-a3b6-118bfe8c3e99", "value": "explicabo.m.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b1e2636-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689662239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662239, "uuid": "4ac297ca-387a-4466-b8ed-a0d5175756a4", "comment": "Malware payload", "value": "2e04e30e84330682ce129e9507218df0", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662239, "uuid": "2114a8cb-59a0-45b3-a0c2-6e734776c958", "comment": "Malware payload", "value": "2e7838ba836380b3214473c57b001db3f66521d0a221d1d0e549e8f139f74b64", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662239, "uuid": "6b776cab-8340-4f65-b855-bb3250a76126", "comment": "Malware payload", "value": "8f07807d279218e800f3d2c0e65fe5c30060e3a8", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662239, "uuid": "f0ee747c-34f1-44bd-983c-f91bf416419b", "comment": "Malware payload", "value": "471adad7212d3cdcb16784127d323232d6a1d7630b5c37f152570f62478685c381f12ef1685b8b0d0d4729eb428f2e1a", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662239, "uuid": "44d3c80d-cf1b-4810-b7ed-5f4df58764d5", "value": "T19142352172F5BCF4F1BBB8F699EBC442A333B051A63D090E4056C64AB6A10A7C527F59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662239, "uuid": "8f89a3a8-4f7f-4dcb-a69e-c60a83066d73", "value": "384:iWq4qVqKqJqHSq1qKq8qXqhqgqzqVqnqCqHqxqFq4uqkqiq+q8qgqlqFqQqCqAqN:rXWRSJGBTI6Ps2I5AqW/urZ9zvOW/Zvc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662239, "uuid": "1624cc43-066a-4b8d-80bd-2561d8b832d9", "value": 12853, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662239, "uuid": "43184cee-08af-4a50-b057-5fb80af038bb", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662239, "uuid": "f6045292-bebe-4f59-9f7b-356761d40eeb", "value": "BUILD2LN463322.pdf.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89e5f324-2598-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689704757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704757, "uuid": "e6609a3b-6f89-48ea-b1e4-41e5a3441316", "comment": "Malware payload", "value": "f7d5b67899a9f3dc337f86122b639a5e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704757, "uuid": "af8c4de6-91c0-4bc9-b78f-bf09b69955b1", "comment": "Malware payload", "value": "2f2c5ef0fb2db3d362fcb5ebd1ed82b5a73cd36c9c0ab4ae18dd26f225bb3e63", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704757, "uuid": "042002b3-1749-42bc-89d2-f6e3d7d5e86b", "comment": "Malware payload", "value": "9265d7b41e5267b83d7d76850c46962efe601d2d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704757, "uuid": "7381eebd-9dea-4e75-8c72-d23f725d59ce", "comment": "Malware payload", "value": "eac5a42da5f1a1467f3a9454403684d0fe473d444237661c2669fcbaa4270a283ae0c0f71575f03aa4731db82cdfa9b7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704757, "uuid": "8d55e573-f96e-4094-ac52-19143914ca22", "value": "T1F1158D0B39D42957D22E823E947C5E6CEBEDA20D016FD529302CC3E3B2F660C695D75A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704757, "uuid": "385f52ad-14a5-48f2-9147-19054578924e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704757, "uuid": "e8472faa-e145-4892-a10a-960e80f0adba", "value": "12288:CQwq4WmiY4oQk7Xvxzx+yNzWOIMGQIut7DVVbG5JKT5b4j:YNrdvX59+zNMz7Zx4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704757, "uuid": "5ce193d2-5269-4ea8-8756-f04c00f9b558", "value": 926208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704757, "uuid": "b4ddfd0f-bf34-44ca-a302-b868f3e68a5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704757, "uuid": "34a70224-0171-4adf-85f2-d3cada0595bc", "value": "SOA FREIGHT SLIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad9500d0-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712118, "uuid": "e44ef059-dc42-455b-8f79-9b9b788f9d01", "comment": "Malware payload", "value": "c2474d40783f2ece68c3326267757865", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712118, "uuid": "62b9ced8-7c8b-47f2-8fab-f32d2d7dcd2f", "comment": "Malware payload", "value": "2f6ede5041ca25239d7d55cbf513a3c28e8a20f310df31181ea82060d2930a0d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712118, "uuid": "43856cef-8132-4748-be36-575755e7b35f", "comment": "Malware payload", "value": "3aea2129a7ac050dc6636d1be68dcbcef79cf694", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712118, "uuid": "34e634b0-a1e1-453c-ad96-cb2f6d69699f", "comment": "Malware payload", "value": "d7069136175de4f3897a48005924ce650c807d9fb335594bebbe8fc5400b57f3febf54fd164caebdb03664bd6c357a53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712118, "uuid": "984b593a-2f8b-4956-87e2-565fea7d3022", "value": "T1C662B04AF6D54C4ACC44117696835EE63A68E80C32BF8213489CC2BFBD9E5F5EDC8C48", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712118, "uuid": "e6e08e16-653e-40b9-b3c8-b57b32c2bd1a", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712118, "uuid": "0500243c-f6f6-4518-abcd-fcbba98d2bd3", "value": "384:XyyBYp9g3VIBdDnJxj2VNXzBVFYaEBgtZ/9:XtIu3VSVxj2j9wHgtp9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712118, "uuid": "be474323-f45e-46d9-98f0-50376ceb4e04", "value": 15175, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712118, "uuid": "fc7b91e6-9004-4ef7-8947-5417deea4868", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712118, "uuid": "4a46b1f2-6d82-4b05-9bcd-bbdd3c8f8e1d", "value": "SecuriteInfo.com.HEUR.12482.23510", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7273531-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684244, "uuid": "068ab354-b331-4b88-a8cd-3ef571c2a86e", "comment": "Malware payload (RemcosRAT)", "value": "a19d4319549200aab5b787321afc28ee", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684244, "uuid": "1c4eb8b4-1b9e-4166-9bc6-dd1841933fb8", "comment": "Malware payload (RemcosRAT)", "value": "2f97ffedeb715868ad8e2406401074a3430c1e1c7371200e82dc76bb1611e605", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684244, "uuid": "605e8fde-3b22-46c2-a566-5d761ea1c8db", "comment": "Malware payload (RemcosRAT)", "value": "58a740793b1cf9a043e51be8af6e4770c44cad50", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684244, "uuid": "29787f5f-79ec-4583-8f4a-efd9ac2ace38", "comment": "Malware payload (RemcosRAT)", "value": "6edbb9feb1e0d221047f13e86e8cc3d5b9961b6ce5592c80e630e3bbdffabad3568c6b6364e944d6bb413e354f6f1b0d", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684244, "uuid": "4410768f-1942-4212-8974-88d15c711999", "value": "T15505010169668762F7B5767150F2E42CD7E5301F1723C26AEE687DC8B2663A088F1F1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684244, "uuid": "467a4d8b-66a4-40b5-b553-5aea026a1085", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684244, "uuid": "20c68b24-39af-425a-92cf-b45265a328ca", "value": "24576:8cZAXdC8PHcbFpYdOhAqYewTC6oB0s8hhhhh0eo5:8cVY0idOhA2wTCR38hhhhh0eo5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684244, "uuid": "580b91b3-4583-4086-ac46-0fb788398a00", "value": 852992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684244, "uuid": "f85d1f9e-e786-410b-a750-b8e347c08a25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684244, "uuid": "df048d96-0487-4ae3-a0ae-4faec043908a", "value": "\u0411\u0430\u043d\u0446\u0430 \u0418\u043d\u0442\u0435\u0441\u0430 \u0411\u0435\u043e\u0433\u0440\u0430\u0434 \u041f\u0430\u0438\u043c\u0435\u043d\u0442 \u0421\u0432\u0438\u0444\u0442_\u0446\u043e\u043f\u0438.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba1734f-257b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689692385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692385, "uuid": "7bd697d4-b003-46e4-8110-f4e9b7849b22", "comment": "Malware payload (RedLineStealer)", "value": "df7a39c6a0b49b73bb6acd435f073166", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692385, "uuid": "510fc570-e448-4558-82ad-27ee71c160e0", "comment": "Malware payload (RedLineStealer)", "value": "2fa67b1856ac00a4e234816ba09e5339d7649e8f56b42c554b14c7e85e07bbfa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692385, "uuid": "40c4faf3-e159-4999-b176-4ef0c4e70130", "comment": "Malware payload (RedLineStealer)", "value": "14a36078cb1b9263e43274d9cb3be93fcc56ef5e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692385, "uuid": "14842f21-4f28-4269-944c-a0290bf06f79", "comment": "Malware payload (RedLineStealer)", "value": "eda334c5da9ba62d640169b9dff4bf21031fa7440229e227d74eb6a016e6467528a824562b065e5d977c21ee598c3120", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692385, "uuid": "f38ab618-156e-4d75-93b8-f9d1e441644b", "value": "T14004D5983647697EC97F483D9C600CE06B7CACA75246A7079C8EF0E8393B7919B051F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692385, "uuid": "b4a2ac0c-6868-4890-b1bf-d20eec80b065", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692385, "uuid": "78a2ad50-c6be-4881-9823-870c3723cb33", "value": "3072:VjDidCJhNPwF6VNwLxNG6SwXOPyhBee8e8h7:lDd7PxVqyJPyhBee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692385, "uuid": "9f502064-8a9b-41e3-9a31-b928cdf723fc", "value": 176640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692385, "uuid": "97b0769a-79fe-4f3c-a264-1713a4b7555b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692385, "uuid": "de698329-09ae-43a1-b282-471fc7b55b9a", "value": "df7a39c6a0b49b73bb6acd435f073166", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ed65e0b-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662111, "uuid": "ac972859-4380-44f4-bfc6-179b65567930", "comment": "Malware payload (AgentTesla)", "value": "13b48202b691580cf73f3b2989c3c30e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662111, "uuid": "8b6b9974-2091-419a-86c5-9236314f28f5", "comment": "Malware payload (AgentTesla)", "value": "2fcdf9b821c53b19c9fb4004084559c53c699db27a3359a0d811e5f6189dc260", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662111, "uuid": "06cf467e-113c-4ada-a869-eb90f281080f", "comment": "Malware payload (AgentTesla)", "value": "b3979d306c9d045443454872556b034ba5c18dc8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662111, "uuid": "410debe6-f57c-4bf2-948e-813d30c416c0", "comment": "Malware payload (AgentTesla)", "value": "e6fd02e2c53e40d5780d645a1de0a4a7eb6b5c0208ddca10acb70cce0930332058074238a354200fd0629843ed4f2fe9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662111, "uuid": "085c5d99-2011-471d-8b70-81edc19fad26", "value": "T11C15221475C1C2B2C87B403045D58B7A9AA674B287B8D2E77BEC07BB9E203D1A6771CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662111, "uuid": "f40aad8b-8468-4937-bab8-2e8383979e75", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662111, "uuid": "1f4106c0-4c8f-4e4a-92f9-c31f3369a75e", "value": "24576:wk70TrciMF+kmT3Hz0gTNCNAOs3vnbr5aB/cxPl+:wkQTAiS+kmDz0g5CNC3vbK/Yd+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662111, "uuid": "d04e1815-2e2d-4e9b-9b41-5680d21c7378", "value": 912896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662111, "uuid": "8a22bcac-5db2-45f6-a260-66fc9f344121", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662111, "uuid": "934a14fd-7450-49d9-bae8-1d2919a0f180", "value": "DHL Sevkiyat \u0130thalat\u0130hracat Faturas\u0131 ve Tasdik Belgeleri.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef8c7abd-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689661119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661119, "uuid": "42e38452-2f3e-437f-a148-69ec9f6fc5a8", "comment": "Malware payload (AgentTesla)", "value": "86c6b589396bd7069c39b4dc6578b1ad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661119, "uuid": "a33ee422-0a1e-4c75-aabc-99ef302d9cb2", "comment": "Malware payload (AgentTesla)", "value": "314ebae4b7fc2a469b7de3aea6246db22cc31f2e7ee443b6126cee0b8a10566a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661119, "uuid": "268f2755-6ffe-4374-8aeb-de767319f5fe", "comment": "Malware payload (AgentTesla)", "value": "f74ab2fadf5bd8b3ceed9cb2909f1920435d414f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661119, "uuid": "1ba9508c-de71-4cfa-9f56-fc2529b644db", "comment": "Malware payload (AgentTesla)", "value": "84eb39142bb9d8290b10cc11d52473d47418fb1e465eecc020239b23bbfa71e25b629f70b52d40f0d659bfe4a4747604", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661119, "uuid": "8c981041-75bf-4a5d-8060-fef482b290cb", "value": "T145238E5AE34F02658F4113B7631B0E899ABDB23DB35155B178AC933433EDC2E02666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661119, "uuid": "22f036e5-1e60-49dd-939b-36d8c969e2a5", "value": "768:YFx0XaIsnPRIa4fwJMGlMZVCA5iZv+nbV9XdGSgudgutrbdYd2b+y:Yf0Xvx3EMGEiZ2bDMFudguNbdYde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661119, "uuid": "c5a67ef0-c1ac-416e-8c4e-66dfe85a5339", "value": 47101, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661119, "uuid": "66f7e932-3170-44ee-9afc-3f5b3af7019a", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661119, "uuid": "d8bd370d-28f5-4a99-8cb1-8148f8895934", "value": "86c6b589396bd7069c39b4dc6578b1ad.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8ebd4de-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662289, "uuid": "1aadd1dc-fd09-4dfd-a0fc-b5d21d9892d2", "comment": "Malware payload (Formbook)", "value": "66730821c6262469431461d7ab1ad47e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662289, "uuid": "775aeb58-0087-4f9f-bfa6-a728a4d04bd6", "comment": "Malware payload (Formbook)", "value": "3166d4789667570986c7c36f66bd3cbf6cd54449cd0a18c23e9c8ff1fe467b90", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662289, "uuid": "be61df2c-f993-4b56-9d1d-3f7187692901", "comment": "Malware payload (Formbook)", "value": "7ed39b41b7ad56d21fa73e967c30c88fcff0b241", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662289, "uuid": "1d635f58-0fd1-48cb-9c1d-67891f19f070", "comment": "Malware payload (Formbook)", "value": "63b5a951c13a378e060876bf08b459cac69f3cbf940d4e3b20c9dc6fe926c13a1ca5ed8104f09051e15b8b02b034082c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "r01", "colour": "#68AAA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662289, "uuid": "423acac5-b66f-470e-acf1-e9ee6cd50679", "value": "T183F423F5021A89E6E4F3DACA765A0253BBB0A1B4A54C0FBF510BD7590F2711847F8E9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662289, "uuid": "f0a1a417-cd46-4a83-b772-43249ef6c7bf", "value": "12288:WNo56nKIvQYlqSqPt46KoiFhVk2lQpktG2KKlaRakyVO23g3JOj1GCVSAO2BzslJ:WhKIyneoOvdliktGmGvB2w3JOj1GCVSH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662289, "uuid": "2acbb99a-2cd8-428a-b376-9c7ec2326e52", "value": 731328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662289, "uuid": "336755aa-2138-4a4d-9df9-74f19d7ba2eb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662289, "uuid": "852ab28b-fc8a-4c93-9ac4-3c4b5a1a4e03", "value": "SKJjH877.r01", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e56ba23-2557-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689676820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676820, "uuid": "6d9fb246-b082-4322-9f91-91118be3fbaa", "comment": "Malware payload", "value": "d5914854742a1f47d783184d7b7820a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676820, "uuid": "cf162cd3-2ba7-4878-936c-9442cb9f9610", "comment": "Malware payload", "value": "32167742baa7c7209126c72a1e7bec2e8443d4ff1343967c865132e20eda60c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676820, "uuid": "c2866cca-c4d4-4460-be4a-2c32640e8c3d", "comment": "Malware payload", "value": "51bd17bc858941a530dac1fb9ef868b901a25270", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676820, "uuid": "05210494-fc55-49f2-8cf9-c2dc4e72e9ce", "comment": "Malware payload", "value": "061a2279fe75c76ed076b1d0f225d7f8bbefe63400f16875c1a8edff04bb57ad8ed111e2362f7dd2d489894dc358f20d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676820, "uuid": "fd474795-5bae-4304-b05c-f9db0651a34e", "value": "T164446B11B4D0C033D67338324628E6B24D7EB8305E659B8F67C909799F74682E729B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676820, "uuid": "4aca4aac-ab70-450d-aa39-ec3aabba7a38", "value": "8c0d97e36730a503ca32cb239693e246", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676820, "uuid": "c9e5820c-770d-4f02-b892-9d5049c72d64", "value": "6144:0eQMr6OkeAHYS2FwrkbibMLq70y3Ifos4PLQkSAagi196U51olR:XQuzkeAHYS2Fwrk2Is3IfoT9SMi196Us", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676820, "uuid": "b30f3751-00c2-4410-847f-1570facd8117", "value": 259072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676820, "uuid": "0a37d1f8-4c6c-485e-82dc-065643862d18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676820, "uuid": "8b5657d7-4119-4c75-ba60-714944215bba", "value": "SecuriteInfo.com.Variant.Midie.120442.23422.8700", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4de9445-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689672617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672617, "uuid": "9e13a203-7eb6-4d77-a448-eb5bce38fce6", "comment": "Malware payload", "value": "5c577cb55f6c1fd22ff7df65cb109d52", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672617, "uuid": "d14e2b2d-cfd7-4528-b8eb-b65772a08da1", "comment": "Malware payload", "value": "324d602472848d0e0306d1b95f0ef6e85fb7f6f9f02892105d70733a9d544b61", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672617, "uuid": "89d1d85b-c120-4a52-bdb2-dab3e3e897c7", "comment": "Malware payload", "value": "7b2fde7345da16b97cd08838887536517f6e0388", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672617, "uuid": "f6b0ecb7-24f0-40df-b863-b765e969bc38", "comment": "Malware payload", "value": "e01bf09c65959d9b16a688e69917e373528971b11b46fd61e344f9b1fa1d21e5a4d997b0cc86e8a2effc686bf2237a94", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672617, "uuid": "8e8dc286-efe7-440b-899d-2bd617a29953", "value": "T10253E168FA0CB53DE1129436D1894BF113C133411CC168FB79AB39EE2D0AA5F95BA2DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672617, "uuid": "3e66bbeb-1ae0-4a3d-8e0b-7fc8d1c5cfcb", "value": "1536:p2HKc9GkW95jEMszdgIZuou6MV8ZV4pBhTKr86qa:cHKc0nYpZgIZLjOaV4pBSpqa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672617, "uuid": "9913ae23-96be-4bc4-a16f-3aa9d947c37d", "value": 64354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672617, "uuid": "075e6171-3375-4194-8b99-d4c8a6ce4a74", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672617, "uuid": "8b16b1ca-9e26-4a86-9db8-aff0eb9b4806", "value": "REQ3460926 - Execute Script or Query.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5efe7d43-2574-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689689223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689223, "uuid": "1ff9f19e-73a5-4452-a3fa-4ccfcb91d40d", "comment": "Malware payload", "value": "532b352b46ef867b1544e79c9d2a044d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689223, "uuid": "0c6b94d2-85d7-4d00-8be0-5720ae7201f8", "comment": "Malware payload", "value": "3310dc5afef6ccd0c8c3a42ff40d669fc4b30477203034773b41610c7a0d97c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689223, "uuid": "eefbfe36-021e-40a0-afd0-534aa81fa998", "comment": "Malware payload", "value": "a40e7edc76946422299cafb5c38b7f326f5febed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689223, "uuid": "e7dd9d14-41be-4c86-86a2-5233fabe9698", "comment": "Malware payload", "value": "100946c27a8baaf60f211a2bfc335940b144cb1cbb985bc7bb3b42087dc6ba617378caea1a43485bb41f364118592190", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689223, "uuid": "32bf4e94-c639-437b-bade-fa2fca8d1f8f", "value": "T17B56B021F283C4E6CC7226F86B557364403C2933CED8783B7794896A3DE5EAB3525972", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689223, "uuid": "0531217b-5fd6-4ef7-9881-1949a307ef62", "value": "1dbbbcd79b879b270040089431be4013", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689223, "uuid": "cbe656d2-5610-4b0a-8efa-efe0e0123e00", "value": "12288:2bi4AKzNIvHYBoapFVtzPHXYwgM6BEL8s1RATh73PzXTwnT1cQ47gDckpPWUNQVZ:xV6ebapZzfUMq11L8+WdH/GPP7VknI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689223, "uuid": "a97b88d8-802b-4aef-8908-fee9eb71a64c", "value": 6413511, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689223, "uuid": "56f47f33-bd80-48b3-869e-f1d011a56b18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689223, "uuid": "3c793407-6c19-4a40-b56a-2586c83b6135", "value": "532b352b46ef867b1544e79c9d2a044d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1a580db-2510-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689646519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646519, "uuid": "004add40-a43f-4dbe-9bc8-ba88233605d8", "comment": "Malware payload (Loki)", "value": "173ddb52771f3ab59bf259ee554b0db7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646519, "uuid": "87c6ec3e-aa16-477e-90d9-51d5ce57f8ee", "comment": "Malware payload (Loki)", "value": "33922643495d4d3436142b57efe5a2023c23954f338e6633a861ba0afdf6ddd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646519, "uuid": "cc109adb-8fe7-4e68-b796-a47ece9131c1", "comment": "Malware payload (Loki)", "value": "124d7e8e37954f673f3037d47888be091701d18e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646519, "uuid": "1d3909af-9542-47a1-a7e7-fc65faa3985a", "comment": "Malware payload (Loki)", "value": "731b4ac9a67f42d475305b7721c55c5d289b7394d66fe31ce717d68fe225602d84a7230fd8c99f1aeac4543c603922a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646519, "uuid": "8779ae8e-75fd-430a-be07-bebc6029e472", "value": "T180E4E110322C8F17D9BD67FD5630651853F95A1B622FD7488ED33CEB39AAF404A4292B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646519, "uuid": "edd43697-5034-4b07-96a2-7a0577b023d3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646519, "uuid": "6b52417c-449d-4baa-9f8f-7e3f3b8f28c6", "value": "12288:wf+g8cW9Robqfb/WT4UkuZ8zFx+s9KIi6j1FN+PyF/I/GZmFeA8i:wGg8cW9RobqfzW/Z854s9B31C6FAeECi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689646519, "uuid": "89338eff-1309-431c-a609-7f1fc79507b7", "value": 676864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689646519, "uuid": "28b16af2-d058-4fb3-b0bf-227ad4427d4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646519, "uuid": "5d51594e-589c-456a-93cd-c37cec47ee69", "value": "Shipping-Documentspdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d275133-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685703, "uuid": "c9715caf-b030-48e1-be70-baf7b9c6011a", "comment": "Malware payload (AgentTesla)", "value": "82ec39a53231da37f5b95a0064220c0d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685703, "uuid": "889e832b-a9da-48f9-85d8-f6578390edcc", "comment": "Malware payload (AgentTesla)", "value": "339b656f202364608d6b3aab91f86de7cc68ae0b599da1380cd7ff9b31fe7c43", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685703, "uuid": "505041fa-5b61-4f5e-9fc3-a2bb9fe3088e", "comment": "Malware payload (AgentTesla)", "value": "2f1ace5994e3f5134577c05d9a099c4e9145fe9c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685703, "uuid": "ad195cb1-77b8-47fd-bd2f-8d323d067181", "comment": "Malware payload (AgentTesla)", "value": "f94e1d615860dcea11e9d5035601eb01925e06406c08931a9a14f799773d8f7b1b6e80e34e82d8ed37f1bec4577ce47a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685703, "uuid": "1b27e3ab-9e9e-4346-89ef-815c9ecc76e9", "value": "T167D423540E665817E94B2FFA101216F046670BD9BA06DF639C8AF1E6F72B70ECC91B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685703, "uuid": "43f18acb-6cda-49b1-adae-9549e7b68c3d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685703, "uuid": "fddb80d8-3f1e-4a5e-b0d9-ce89d6ccf130", "value": "12288:7CmAY2kcdbL4EfRo73RGp1whl85+PZlwFrHLrLzJSfUzB0ia:7LN6GEfRorRGAlXwBrrLzgUWia", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685703, "uuid": "4a77af80-14e9-48fd-ac37-cf61ede49570", "value": 629760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685703, "uuid": "4b19d710-7b17-4c9a-93af-15524e8eebe8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685703, "uuid": "695d5f20-2b45-4f5e-8c79-c11648b46f1a", "value": "DHL Shipment Doument_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4043298-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689662334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662334, "uuid": "1a5cd8ff-8b77-4e7b-803d-1ac00576b202", "comment": "Malware payload", "value": "b6ad6198e155921dc11c855c03d8c264", "object_relation": "md5", "Tag": [ { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662334, "uuid": "64cc1186-ae1d-49e2-8f29-e2870e50a256", "comment": "Malware payload", "value": "3464720807187af1e0e603324be2c1864fb4b6eda619bc35bd7c5e2c15ab43ff", "object_relation": "sha256", "Tag": [ { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662334, "uuid": "3f969de2-d1d9-469f-b00c-08006995efc2", "comment": "Malware payload", "value": "2a55857207d9b9d4ba7fc626892974d419392d1f", "object_relation": "sha1", "Tag": [ { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662334, "uuid": "646ad4bd-cca6-4c41-9163-b8dfea9ab86e", "comment": "Malware payload", "value": "cd97167d002b89f5ccdda68608d791f0047586251aca183f462455c88bf89d3cab878d1f456f629f3e2922f0f1bbdb3b", "object_relation": "sha3-384", "Tag": [ { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662334, "uuid": "13816109-2fc8-470c-b6da-e9ebccb6b23f", "value": "T18A44010D0CBEE915AC2B1A7049F34F52E18756BC02F5457AC329A3DE4F11FD249AF52A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662334, "uuid": "9a7f678e-b665-42d5-b772-d708166a9391", "value": "6144:NSHP0OhKRhbKvNLBrZ/eFCOWSeO6PXecNWNilu4PA:QZtTrZwWT/PfNSilDA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662334, "uuid": "b675a691-f643-400a-aabf-b34d0581f152", "value": 262836, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662334, "uuid": "95fdcb7c-a594-4444-bd9d-d51e9e5135d5", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662334, "uuid": "2b8b07e0-448b-4316-8e62-16c283470ea6", "value": "99138-1-0-21 -OFFER Stock-Maliye 2023.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07375234-2524-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689654716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654716, "uuid": "560901e4-fcfc-4dc5-ab3e-9b38e548758f", "comment": "Malware payload (AgentTesla)", "value": "86bd606a7a5e9a0bc82c5f154dd5668c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654716, "uuid": "af7fbed8-ee61-4a0a-86ae-494478a48121", "comment": "Malware payload (AgentTesla)", "value": "34a65eefbfbd390d4b3f24c47f860801c21f0c89fad49dfb5965850a0092d9b3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654716, "uuid": "7c748b00-79cf-4343-a3a0-697c5af550dc", "comment": "Malware payload (AgentTesla)", "value": "0f2819f547458a0076552e7262757f1e57b05b1e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654716, "uuid": "728446e3-5fe8-44f3-b952-77c385f8a4b6", "comment": "Malware payload (AgentTesla)", "value": "50c11bf78bf5cc2bb4f958f188af2a939f9fb30229dd778f2de0def8044f6a671ad88c098dfff967c817b4ed89b39978", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654716, "uuid": "4b171b7c-f764-4b4a-84a0-419ba258f7f5", "value": "T1A8D42341A9CE962BC8C445F89B75EA7033739E47503DC98C5B49FC9A3AFBE42034A197", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654716, "uuid": "1ab61369-166f-498e-b92a-cb458f7cc805", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654716, "uuid": "8a8d2b9c-9088-4a94-8b1d-5d304cc791ab", "value": "12288:pfb/WT4UkuZbPk1xkgvKbUfDqkX0IylrlTlIXdL+ngKG84TVaM1B:pfzW/ZbENSbUfDqaaB44na8IvB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654716, "uuid": "dde130eb-f901-439d-b417-ec6dc1f29d7c", "value": 604672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654716, "uuid": "052d3b89-a5f9-46c7-8fdd-82b086f4789c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654716, "uuid": "65e224b8-595e-482f-8ae2-d6be9c3d30fd", "value": "z86cqDxc27oUHuUt5Z.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b25371ce-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712126, "uuid": "aaf0546d-f0de-444e-929c-56d18067a968", "comment": "Malware payload", "value": "dd52f9bd24fff703e3a296e484c7e349", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712126, "uuid": "fc4708e0-9877-465c-ad47-d200e1344767", "comment": "Malware payload", "value": "35112043f8fbb6afadf54d30b56d37ed426e0282595e2b1f636b29c1c24a3299", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712126, "uuid": "f31e9aca-0ac6-42b6-ad6f-fd9e71816f9e", "comment": "Malware payload", "value": "3e74d850c7d10f88f3e6345b22c069569c015bcb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712126, "uuid": "8e490710-c1a2-469a-83c5-55fe8ec0afa0", "comment": "Malware payload", "value": "8b924695c47ead1e17d08014bc207e5a8d510feba1439c445f3f89c4d3eb8334b0229fe9c4549fd04381d49da9ed3de8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712126, "uuid": "bdd05072-a5bf-4d76-805a-b0b4885255c7", "value": "T1FEE2F2969BDE0911D9C7C4F547E39E748640E64AA7F08E5FE40E448391636DE8EE2930", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712126, "uuid": "afc801ec-3cba-4ad5-83a3-e7d00c87a1c8", "value": "63e6526996099d1e770320f1556eb5cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712126, "uuid": "a669ad6e-cce6-44fc-83cb-463f7b7db61e", "value": "768:E7+cf9SsqbqoMys6XwXs3IsI8MCwMkWsiD1b3MLTVPd6Y/k:E7dfiqZXcIW/jkFiBb362", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712126, "uuid": "5981d0de-5e22-4ac3-b2da-d84baa7fc176", "value": 31232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712126, "uuid": "530f1ff6-57a6-4ae3-ae04-9dabf1ae16f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712126, "uuid": "b836505e-24a0-407e-9460-456694a2bd71", "value": "SecuriteInfo.com.CRCK_KEYGEN.14086.10218", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10c5848b-2521-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689653444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653444, "uuid": "9bf7da63-4ee0-4dff-9903-dad1a01220ae", "comment": "Malware payload", "value": "5ce1a24da24cf9aa8e2644e90f7fade5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653444, "uuid": "ca8207fd-dce3-4f4b-9284-fb99912de47a", "comment": "Malware payload", "value": "362df742f035af82ecd9892743fe717a14266a10abdb686e0bbea66ce9ad52d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653444, "uuid": "a5b2826c-b36e-4a15-9af7-dca9e1743352", "comment": "Malware payload", "value": "a4c3ba6a06c645c7c58bd614ee064657d2eaf2fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653444, "uuid": "e5e70152-9868-41bb-9927-b2ffb2201709", "comment": "Malware payload", "value": "b217cdcf189739f8cd65098f2a85a55303c0b75f73b54cdd82679c03f86e5e8060f1f2e6d3980c3a419056583b0ae676", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653444, "uuid": "ec3e02af-3b56-47cf-9a73-719fdbca87dc", "value": "T123A3297C21EB4D35F46F5ABBAFF9B0698776F2150606F76E0CC215920F92B8189031A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653444, "uuid": "0a3f150b-8db4-4c53-b85b-6a9c2d01f186", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653444, "uuid": "16180305-1997-40f7-9411-248ef2de1414", "value": "1536:8LUNLKF3SNmyI/TaqLMuNhTEorkiDBk5SsGJQ5GyKFIaW9OfYQat8gTs:gtFH/RLTTNBk5PuQ5BX8eVQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689653444, "uuid": "abfcc3da-675f-4d46-bc4b-d584dc3d9575", "value": 101888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689653444, "uuid": "c9a10e2a-7d33-4a1d-a074-0596f6ff8bd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653444, "uuid": "9f265ad4-91dc-448d-a54c-e3310174134e", "value": "Syxytor.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0e5719b-259a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705789, "uuid": "69321bae-2bee-4da2-9662-da5414c6a2d7", "comment": "Malware payload", "value": "962b447996d774bd6b11a221ab39bd8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705789, "uuid": "717afa4d-073d-415e-9e70-defd3cd1cd57", "comment": "Malware payload", "value": "3752671d8ecafe3de17f8ec3a30ef23f137d8c3cd62683a13f6e9a56db5db4f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705789, "uuid": "33397169-f3de-4fb8-b32c-4641ea5e2df5", "comment": "Malware payload", "value": "aae4d7117ce9f6c493ed6f7c4d41cbc7c4f805f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705789, "uuid": "e54e3c50-1250-4022-93b7-e52d17700d67", "comment": "Malware payload", "value": "9f8d083524fa75a48f10a0fc9d2ba64677aef7604cc857f713fd32d9f26441af3e1ca633db71f22c31a8b0aa8d04d168", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705789, "uuid": "5a83ce0d-bf8f-4b40-a989-0c5cab77439c", "value": "T1BB35E0002A284F53E4B953F89248DF3453F9AD6A22AFD3264ED33CDB35B6B114943627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705789, "uuid": "91322cd2-c02a-4c51-b1e8-fb22c92509e9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705789, "uuid": "13d96b82-0653-482f-8e17-0f23221d60bb", "value": "24576:8GFKCcW9RoTHfzW/ZOaXxLvppk/suw0kIrhDhq12N3nCAIQ9:8G8CcW9RoT/a/YahLR2/9Yeh220A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705789, "uuid": "c8a306a3-5d2f-4604-9b8b-597e36c904f0", "value": 1096192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705789, "uuid": "8729d17e-14af-4e5a-91f2-8142567ac754", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705789, "uuid": "c2b73c6f-3210-483b-8fdf-611b516e08cc", "value": "MT103-Payment-SwiftMesaj.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f49c384-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689662058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662058, "uuid": "b53a1e69-b17b-4966-9f52-da5191e56616", "comment": "Malware payload (Loki)", "value": "37101b0f51fa2254b8dd787597959ba3", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662058, "uuid": "ee3345a3-3bbd-49b7-87fa-b02241ea6f96", "comment": "Malware payload (Loki)", "value": "37dadcc7a342113c89ac2938d664833c0338028eca81e46098d300a4943ff17a", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662058, "uuid": "31662f40-55f3-48e0-bd23-3129fe834ad9", "comment": "Malware payload (Loki)", "value": "04c3a95f020df6de171432ec4f0375a7c294b194", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662058, "uuid": "4cc727c1-b8c4-4661-b37f-5b9688c83df9", "comment": "Malware payload (Loki)", "value": "85bbdf2092406953e22d63c6cbfba1bd8757f3da7e0de6b2c0f44e11d3cd7dcbc673b899430fc395805a1087ccaeddb8", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662058, "uuid": "c6b6f42e-d309-4732-a955-f9aafc686e2b", "value": "T146E4E000776D4F13D4BD63F9A160A92453F9AE57226FD3484EC73CEB35AAF504A01A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662058, "uuid": "a300757f-6ea9-49ff-8b87-e8282c3630c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662058, "uuid": "e4015237-a57a-45fd-adce-ba0e81a957aa", "value": "12288:lf+msb8cW9RoHHfb/WT4UkuZ8MP6C9BJFtWQZdv6vRpF8QO38mh:lGt8cW9RoHHfzW/Z8MVBnJZdv6vF8QOP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662058, "uuid": "8f31b7e8-3817-4935-b20c-38cc6139bdb1", "value": 676864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662058, "uuid": "4704ca34-880c-4659-aeb5-b87bd328dd13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662058, "uuid": "b9cf8c9b-15a5-4e8e-8fe1-2677e9ac5577", "value": "DHL Express_F0524458.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56308ece-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1689661291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661291, "uuid": "54e1e44f-9fef-40cb-b51f-a9460d56bd5b", "comment": "Malware payload (Rhadamanthys)", "value": "8b6708fb2d7f70d9ed880e4ab0164cce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661291, "uuid": "238e7480-1f00-4e68-a450-cc339eabacae", "comment": "Malware payload (Rhadamanthys)", "value": "37f051b7ddfe793dc54971f79a7db5186b530d44551ecb8ca66e46d311a50f61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661291, "uuid": "2ef2ade9-70d2-4578-bb66-35c4acf16279", "comment": "Malware payload (Rhadamanthys)", "value": "50ab980c37f3c6193789ac135446f2fed27980df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661291, "uuid": "901e4785-ecc3-4312-ae2b-e0211ce324b2", "comment": "Malware payload (Rhadamanthys)", "value": "8fafc3192f40510fd067a069d438d04b5904b998d59b230bcf108ea29752e666f801c9c4e3619f31de0f6593ff334f9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661291, "uuid": "82a298c8-95fc-4b74-bedf-a42972dc997e", "value": "T1B2D2D724EFA9D736D3FF16BFA9E3531D0179D1E66503EBE74A65314A2C42B040C22E62", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661291, "uuid": "b591adb5-4919-4e1d-8a7c-00b796864cc2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661291, "uuid": "47a1ea0d-d262-4838-ad6d-366c50280d35", "value": "384:Vj5+TWithO6TZNXnIBMqJdJaagaZc3OF437ZQ/+t7INqHY5WOM5WwURlfOuGHgzL:VuWu4YdIBMJWc+F431Q/+t/pO5Au", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661291, "uuid": "bce23d9c-725c-4a9e-b639-06080231968b", "value": 30720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661291, "uuid": "dd774038-2ecc-4bff-9397-17e3b4316072", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661291, "uuid": "ace2e493-d885-4426-a738-9c6b5c696c69", "value": "8b6708fb2d7f70d9ed880e4ab0164cce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb2454e4-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684224, "uuid": "58bc9e32-e9a6-471c-8bab-c28e7e028d3a", "comment": "Malware payload (RemcosRAT)", "value": "fdf474e88e37de858b56210afd9f5a8e", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684224, "uuid": "fca83030-de91-475d-b509-193444f39c1f", "comment": "Malware payload (RemcosRAT)", "value": "37fe1989c187c6493c161901f4a0b5fa6659f311dcac5dc966efe91e6f42ffef", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684224, "uuid": "8a95a4eb-f62b-4792-8cb7-dd338440bd06", "comment": "Malware payload (RemcosRAT)", "value": "2672fe9a5c097d64ea5a2b79d61a9acd09506627", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684224, "uuid": "2c533ad4-0a9c-4fdd-9a9a-deba8e3b3e2d", "comment": "Malware payload (RemcosRAT)", "value": "744966dec6505fce2c6dc87de46e2a10ffa178c56d00344ae7341616da792f32377866907ca39f808ec0c5f1616fc6a7", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684224, "uuid": "7a50d766-4b2c-4f6b-9651-174cd5d22b9d", "value": "T1990501112A76DB12F4F5B3B481F2E42017F9310B1767C22E9E6CB4C5B6977A486A0F4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684224, "uuid": "7d6fffd9-38e4-47dd-9848-58f658ea890d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684224, "uuid": "fe80c68d-7b78-4f7f-9ee3-46a56c40780d", "value": "24576:UcZAXdCTeixyPrsNZbsx31sunYTuFFTTjZs8hhhhhBo5:UcVCJPrsNZ+SIWuFRje8hhhhhBo5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684224, "uuid": "010aa06f-91dd-4691-816c-b5a1c9f337bd", "value": 838656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684224, "uuid": "5e06ae6a-a73a-4dc5-b4bd-66a6942faf3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684224, "uuid": "90a75f41-0732-4d03-bf8e-890902a9f683", "value": "Halk Bank_ \u041a\u043e\u043f\u0438\u0458\u0430 \u0437\u0430 \u043f\u043b\u0430\u045c\u0430\u045a\u0435_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f730c9c3-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689661132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661132, "uuid": "a3cfbb43-0e17-4ec1-8726-d9874b090043", "comment": "Malware payload (Formbook)", "value": "041f6f5efc54c7da313ffdf9c69322c6", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661132, "uuid": "2f6cedef-0e61-4309-87c2-6c4a93001fba", "comment": "Malware payload (Formbook)", "value": "3880b045f8ac37a059cab5938f0fb792ff6f005da1f9186167d1cde77a7d6c43", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661132, "uuid": "c3720374-65d4-475e-89e0-5d22deacd79f", "comment": "Malware payload (Formbook)", "value": "2d9575f9f061100c966447788eaf388cc915e0be", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661132, "uuid": "d8724596-7782-45e4-9f69-107a270f1b10", "comment": "Malware payload (Formbook)", "value": "e45edb01b04a9cb2c7668b1155c186291d7a6e795e4241289bc53e99f045d07375be6a9fd5a7431277d79a220db78157", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661132, "uuid": "e1ac0428-1e51-4894-9557-4375d5135dec", "value": "T1A045E003D8049B83D40D83F47E530EE90F0A6F1AE999BDEB10537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661132, "uuid": "c3a6fa6f-e85a-4664-bbdf-06a96519837d", "value": "24576:xcu9V1ZyFw6VWAZy6w6VKQpbFcwTA5S8cNfnw/x:xcu396VWyS6VfFjTBNfnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661132, "uuid": "7401e4e3-a8c4-4943-b5de-5f1f40eb4a58", "value": 1211392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661132, "uuid": "639a78b0-4e40-4d8a-a854-ab18ce2ae898", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661132, "uuid": "61ef97b5-fc38-49e7-b37b-b94e2f5c5eb0", "value": "Notafiscal-NFI3713-Nota.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aee93c71-2580-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694511, "uuid": "86f52ae6-1da0-42cc-b470-d30d7067f536", "comment": "Malware payload", "value": "a9d4ba1fefc844e7231219f1ab16f6cf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694511, "uuid": "7996b7f2-c292-4cbd-8394-2c7e9b54fa33", "comment": "Malware payload", "value": "38a1ec2dc9a0739ce81abc1a8b5cf9ca47e13cd9520e2df4edf1801fa7145e76", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694511, "uuid": "473f888d-0cd7-4d76-b41e-6b71a925779e", "comment": "Malware payload", "value": "495910b766e932dcf3a192f045ca678c6f4fb175", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694511, "uuid": "466d5346-8031-4b60-b250-55e03c42efb5", "comment": "Malware payload", "value": "767ad7e765881109d1465ece953ef64a7b89141b8d962d3101bc5f3299d9877e3f871e3ae4dc523b9e71beb3ddb73dbb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694511, "uuid": "de3de171-d28c-4eca-8864-6a50e4f871a4", "value": "T15D337D457690C073DABA063929ACCA510A7F7C629BF884833FAE460D5EB15D07B3D397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694511, "uuid": "abef8830-2e52-4b74-8e32-0f100339d35f", "value": "90c2b41dbc64bf3f152f09646916224d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694511, "uuid": "123950b1-50b5-4aa8-a70e-038466b08dea", "value": "768:O1QBkXH8jd134ZK9Ps/Y5qGgbYyXEwQEWANKKXs4yxdjWTtB0P4DseLg:O1OkXUvNwY5qGhETXs7WTtBps", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694511, "uuid": "e3717edb-3e01-4f60-a0c5-5c644c68ecad", "value": 52224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694511, "uuid": "a004e87a-d93d-4cef-a41d-4963cb2fbb29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694511, "uuid": "f4cd735c-46b4-4071-83fd-dffc6b691cff", "value": "SecuriteInfo.com.Win32.TrojanX-gen.23205.20584", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52c13e4b-2534-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689661715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661715, "uuid": "7f8a75f8-16bb-4ccd-b750-d69be3ea373c", "comment": "Malware payload (Formbook)", "value": "f7694e5488663e4c07c6a49b870fa31a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661715, "uuid": "bfeb25bf-eb66-47c2-91b4-7b7fa501203f", "comment": "Malware payload (Formbook)", "value": "3931d6780f87facdf721f6e730ec38738afe7bb5378247824a1374802e2d04af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661715, "uuid": "927f9afc-edac-48a1-bab0-2bae8dfb81ca", "comment": "Malware payload (Formbook)", "value": "15a2fb017e9018e3ecfeb0cb8a6d7a97cc0645da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661715, "uuid": "f2a675fb-b75a-4ee6-ad1a-50abe206f565", "comment": "Malware payload (Formbook)", "value": "5ed2c75a7a0564d8d65e2f344e03fe82eafe87f1191f1bbf215e22d189f9b892c11659fabeac76c350657c5943c514ab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661715, "uuid": "7fe27602-ca0d-4b1d-8916-977ecc681d02", "value": "T1AD441214A5B9CAABD4E783328E3E2B219EACD93522F9930F1B145F5D3D67201964F313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661715, "uuid": "8e505e58-1440-4630-92f0-03fa2faa9620", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661715, "uuid": "5722f5cb-9901-4e29-a168-be2363193ce2", "value": "6144:/Ya6Nu5RJ1EzQDo14PKJatyP6anukAwARxGu9AGnBvY/RIBarWeW:/Y3u5RJ1EU6IKa86IajvY5uarm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661715, "uuid": "53befed1-38fa-46e0-80a1-1a5ac32d8819", "value": 260914, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661715, "uuid": "77a24d51-83f4-43d1-8f5b-cc0b21b62dd2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661715, "uuid": "97cb938c-9ff5-4c8b-a22d-24548d0152f1", "value": "SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.6304.24661", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c76fcaac-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1689661481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661481, "uuid": "7b055212-bf4b-4fb8-8fe5-089012a69dcb", "comment": "Malware payload (QuasarRAT)", "value": "12cd584f5b8eedb6616831c09b6d146d", "object_relation": "md5", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661481, "uuid": "a2b52cd6-a2b4-4135-b851-5989a829281c", "comment": "Malware payload (QuasarRAT)", "value": "3ad28762f94e924486bfcfff47531133cf31633181a1f326157dd607faf01c0c", "object_relation": "sha256", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661481, "uuid": "49dfcb2d-9e3e-4a04-b58d-7815bb4edfa0", "comment": "Malware payload (QuasarRAT)", "value": "80c6306510371d595d7259820986a341e15673f4", "object_relation": "sha1", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661481, "uuid": "bcd2aaf2-add9-40c9-a800-9757febca7a5", "comment": "Malware payload (QuasarRAT)", "value": "85c564e737bb4c62d55e1007ac451e785b69625988238e45734aa9457319ad066c8190728ca4579f479557c8108b53d1", "object_relation": "sha3-384", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661481, "uuid": "d5332b3c-90e6-4f70-82c4-e21a66241ec8", "value": "T18141E17DA383A9FB84C198388AD9A1754B7F8E033981DE3766C6C40CD1F90786D966F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661481, "uuid": "a92242db-d328-4d77-a1ba-fbd94cd1b90f", "value": "48:Y+dgTGt1LSwm3THRORsRxsB7MBaU45k/kqXtkkWLOGNPPWs:Y+dgABATH827sBIB9Xtkk0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661481, "uuid": "4614884a-cf85-4bfe-bad6-e4574577c2fc", "value": 1992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661481, "uuid": "94ce2d48-0167-4115-a2cb-5257c0e2b4cc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661481, "uuid": "5c9e7387-043c-4e8c-bedd-b28cb52e05b2", "value": "ps1.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c660b6f3-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705288, "uuid": "6f5b5a56-4c1d-429b-88f5-451a40b18fe5", "comment": "Malware payload", "value": "1dd8d534ec826fb8deb02581d9ce2a3a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705288, "uuid": "eab1dec5-6b8b-408e-b8b6-e8c17959b7af", "comment": "Malware payload", "value": "3b125c525ed85488e034a639a74c6c175f2c91530940e7067a7d2bc9d5aea362", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705288, "uuid": "cab346c9-0f10-4188-a515-719a28af970d", "comment": "Malware payload", "value": "afaf9a0b4e6d8b4496e496bc007485e0cfa5f721", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705288, "uuid": "d15510a9-9105-4ce0-83d4-92759f60d245", "comment": "Malware payload", "value": "cd0a51020c95e2984063e9784f03e50d96b49f3dfaa2df33ec74fcbdb7743dba9dbe42fdd93cfaf6bc8442d3b3bdcaee", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705288, "uuid": "711fdbff-ca70-450b-9727-24a31865a760", "value": "T1FB82E8EFF14F5C13DCCB23B8AC170E99AD29C6C628475F7A064900E13AF7A9CD552A44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705288, "uuid": "214dd7f9-241d-47cb-842e-8097ae35b1cb", "value": "384:y8YvhTqhfmUin4/oruIndEYNJvzQxkoz:UvhTqh8nEoruxYNJvNK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705288, "uuid": "1a34dd52-3bff-489a-877b-2082d3e0f9ba", "value": 18000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705288, "uuid": "35549b1a-1ad0-4b32-9dfa-77d740c0dd63", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705288, "uuid": "8b6a4572-d365-4bd8-96c1-5141ec04e609", "value": "SecuriteInfo.com.HEUR.Trojan-Dropper.AndroidOS.Wroba.p.16954.19351", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a3f4798-2561-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689681108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681108, "uuid": "b01ba7c3-c4bb-407a-8bc1-756863417a04", "comment": "Malware payload", "value": "b72ac023d91b9bfd622cc2c3c2e32a9e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681108, "uuid": "4e2bad6a-cf98-412c-b848-50a057d5b7a1", "comment": "Malware payload", "value": "3c37d2667425e332cd0e553904d6f759fc6e1c8e8caa7dc7c1f3906fe4a5b846", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681108, "uuid": "f0158d80-42fe-4ade-9631-d31ccc11457f", "comment": "Malware payload", "value": "64561310adb4596188a433d66eb3a12e7d713634", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681108, "uuid": "d5181a24-726f-46ac-b73f-9d123b465691", "comment": "Malware payload", "value": "49d002dc274e49682012e12171c49a859ede415c90be6dbe28ab2d4406f76175b7058593029203c83794c956fef8507c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681108, "uuid": "51612839-b349-4bc5-b4d2-f969cd51d6ea", "value": "T1137523027BC149B2D13319335A395F31A63D7C301F768ADB8394695EDE621D0EA32B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681108, "uuid": "dd99bd4a-5ee9-4700-a63f-3f581c8024a9", "value": "0ae9e38912ff6bd742a1b9e5c003576a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681108, "uuid": "277056a4-e9f7-498f-9552-5f54ef17a58e", "value": "49152:Hdgoe/YH8dhwi20OlGF5u9LoDMxmA74nym:Hahwi20vnEPxJ72", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681108, "uuid": "065801cb-4b3a-433c-b666-70ed6e5dcff2", "value": 1636767, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681108, "uuid": "0bf12158-7411-435c-806d-5754881ccba0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681108, "uuid": "d62473c8-7b2c-4514-b00c-1b16705d16e1", "value": "b72ac023d91b9bfd622cc2c3c2e32a9e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc9fbbc0-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705271, "uuid": "3acff271-ae2a-4dfb-9265-8cdc9909382a", "comment": "Malware payload", "value": "5b980357cba7a978afca609bf1ae321a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705271, "uuid": "4a5b27af-56f0-4078-94c9-f1e1a9a51adc", "comment": "Malware payload", "value": "3c55ae1096288da41ad7907954edccb318012337435698b0af35b9fe13973aa0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705271, "uuid": "ddd9c4a8-6779-4537-afb3-5f8cbc1d7aa5", "comment": "Malware payload", "value": "f3c4ef4f33e11b3031a90c1053aa65870bca9f98", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705271, "uuid": "969f1f4c-bde0-415f-961e-12f2095cbe89", "comment": "Malware payload", "value": "1f758217332c5bdb412d68bd3e87111f13d5ab49d6ef9683454dc665396dd2b7354ff4fe41eb38b7378bbc53101f7ab4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705271, "uuid": "05be876a-9ae3-4ee1-91db-5a5d468eb828", "value": "T19EC1D68B476445E6EB1CCFF41A778A0C8E345212025127B62B4BDEDACBB4B127853A8D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705271, "uuid": "ae267863-dc58-43a9-8ba9-202b8ea4da42", "value": "f4982edbc6781a2fa569735f052b2b1b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705271, "uuid": "06b9b946-97f7-489c-bbee-48e3209dd25f", "value": "48:CWGI4ujuDCXLX6OcerFZZhz9mfjhthFgkPmoyl1g4PzIM7/9pRuqS:5jNjXX9Xr/ZhxuPmoynvPzIMtx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705271, "uuid": "5c20d325-1608-4a55-85a4-e52774c2a5df", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705271, "uuid": "390d3d7c-8648-40ce-ac0c-b342cc1d765b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705271, "uuid": "21cffded-b05f-4112-8d30-7823c92a8085", "value": "SecuriteInfo.com.Variant.Zusy.447813.12144.15274", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0307b51-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705277, "uuid": "525c4282-70b2-455e-b0d5-bda107ad36b8", "comment": "Malware payload", "value": "2f6409ac30ccc8ae7dcce576a05422a4", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705277, "uuid": "0e94dc46-f688-4640-aaa6-a0c5ce0c538e", "comment": "Malware payload", "value": "3ceecfa55ff8ab8eeb0d99d8a84a7cace26e4bb5f20b3ec8f710bdb4647d97ef", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705277, "uuid": "c4f1f9f4-92b9-4b9c-9b9d-f18661f68bba", "comment": "Malware payload", "value": "0eb6663f5839715a9632efc0b1e5d6d78ab031c1", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705277, "uuid": "d87f31f4-81fa-4b15-aec5-bed55ffef2c9", "comment": "Malware payload", "value": "2902fa0dcd741b70f7586c96f6a89a4fa2d4f770cb196c6454a0ea466adf66e2673342aeb501a57df1f515c6b2719a96", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705277, "uuid": "d97ef4e5-969f-4254-8d26-9c18e8601ae5", "value": "T146129307FB41C633E899127D588B433ACA36C954D3A387437A0CF64D7DB13A89B8325A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705277, "uuid": "51c33bb7-6bd7-453a-8213-7f837a0c1a24", "value": "96:+AKPDPdyZX3Qa/eyVfl87lBHW8KOFLCL4ewyEA4z/sEsj7hmx0eTXQV:pePdyZX3QgeyVfsJjTFC40/4rIhg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705277, "uuid": "c4ad97ce-401c-4746-861b-59191943c059", "value": 9660, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705277, "uuid": "d6162b13-a8ad-42a6-8888-f396704c61c0", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705277, "uuid": "7941556d-d9fa-4483-afb4-816867ae4e81", "value": "SecuriteInfo.com.HEUR.Trojan-Dropper.AndroidOS.Wroba.p.8145.3782", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbd26611-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689661139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661139, "uuid": "2edebe27-f577-4a47-b3a2-30247b951a1b", "comment": "Malware payload (GuLoader)", "value": "922a4fe9ed2f9ad14b6b13e1a414c17b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661139, "uuid": "ad9b013e-b778-4071-8ec5-28a45c7c4ae6", "comment": "Malware payload (GuLoader)", "value": "3d408327065ceea0baf658a2a718d879d16a84ff9a07336e7a705cf3d874e630", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661139, "uuid": "df64f86c-de92-4fc8-a2b6-49bf608b570f", "comment": "Malware payload (GuLoader)", "value": "25011371b68b8755daf8ce768ef07b17c9049b15", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661139, "uuid": "5f1b65ad-9270-4070-aa23-00d5f06ce8b3", "comment": "Malware payload (GuLoader)", "value": "b49cfad030375b77f3a4a05aeb186e9e09ba019f6caa7738566a2aecbf89f436a600714a51b1e10ac6ec089a99b650df", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661139, "uuid": "d9649bba-feae-423e-bb16-32ccfd7b406e", "value": "T14B65F003D804DBC3D40D83F4BE530EE90F0A6F19E99A7DDB10667F8B3A71A62495A25D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661139, "uuid": "911dde3e-a881-4f77-ac49-0d7551d8b158", "value": "24576:bpu9VNZylw6VSOZyHw6VleHBlEzp7uyR0bgcwyA52CcP5YwVux:bpuPR6VSYj6V8hOzagjyPP5Yj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661139, "uuid": "5b7b253a-b307-480c-bd39-9091ee2b43ac", "value": 1436672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661139, "uuid": "d1de500f-5244-4cd4-897e-5dd4e5f44426", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661139, "uuid": "7d0499a0-5cb1-47e9-bdd0-94c00f6aefb3", "value": "NOTAFISCAL-NFI3713.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "159625e8-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689683946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683946, "uuid": "aa9c8730-6658-431b-b022-888d89dcb12f", "comment": "Malware payload (RedLineStealer)", "value": "478a0e983e1f62c9be3fd31c3b8c9574", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683946, "uuid": "41c2f96d-c369-4379-9f1c-3f541a18ef28", "comment": "Malware payload (RedLineStealer)", "value": "3e7110114b3b56de50de8d4191be9812083d45e82d80f0acd33b4f7077145b11", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683946, "uuid": "0566ab82-2125-4003-b3c8-82dafd23782f", "comment": "Malware payload (RedLineStealer)", "value": "bde74a80205aa7c322eae5765cfd87b61766c5d8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683946, "uuid": "cada0303-fbc9-462e-8c9a-588e0cbba89f", "comment": "Malware payload (RedLineStealer)", "value": "93e81f845535587a7adc94c25520f070e69c643e8155012e7b9607f0b68caaffb67c4185d8b60798cf97859848328df7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683946, "uuid": "77f40c79-52d4-4080-b470-70bbc22d5bf1", "value": "T131840113E6E89473E8F417705CF707930B3A7C62AD78976B23549C5A4CB2A80E57236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683946, "uuid": "6ff87cfe-7db0-4e4d-ba62-9ec428ae777c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683946, "uuid": "df39173f-ab0b-41fb-959e-a5e71264002a", "value": "6144:KOy+bnr+9p0yN90QEp+9jzMIofpdUhNp29Npm/vXXfEgxbBYMDiV80Pe1vG:OMrFy90rsHMIDyN0HXcgxF0VRPEG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689683946, "uuid": "60eea489-7079-44b1-a1a8-5e9772bd7d41", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689683946, "uuid": "40eef273-efff-4c00-b1cf-826abd10146f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683946, "uuid": "e96e7e55-464d-4cb5-94fa-ccbe69b03e28", "value": "478a0e983e1f62c9be3fd31c3b8c9574", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b394b85f-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712128, "uuid": "b9d87a37-b6f3-4536-883e-e61e91ea5887", "comment": "Malware payload", "value": "ec2e25a3e23b5352707e87a274a09b1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712128, "uuid": "bcf9cddd-b42e-4bed-9fb5-7d2bc94f8489", "comment": "Malware payload", "value": "3f2785765dcaf47f69137f90796284abd9802da6c07dc9108137461cc563c462", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712128, "uuid": "6f149ad9-7719-4644-841c-3c51ffc4bd4f", "comment": "Malware payload", "value": "37d73aff3425c8967692015ba3a7c964f03cc18e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712128, "uuid": "6eae873c-7e24-429f-8c11-8fe6a7bf9d5c", "comment": "Malware payload", "value": "a186241f8f524fd4015291e72ab2eb6fefbd3429314ae29b2a4cded8a49e2fd15218d5864729532b6121bf96cb092d56", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712128, "uuid": "68fcf3c4-c1c1-4759-aca5-786671d7e16b", "value": "T17522F89BAD856773E02BD0B810534BB1DF30D0B220591A1DFB9CC66A3752B38BA1F10D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712128, "uuid": "7a479898-463e-4dc0-9b59-aaed723fb86c", "value": "2d158629fb38a6082bcfe5e34b4159fa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712128, "uuid": "de6a8e66-c945-4dfa-adb0-4fd6a8a2c40b", "value": "192:xbayHmnytBD+0Lhx0TGcL74uJ/YOXLBq5IF+7s2mOw:ZHOMqIhx06CPQ5ns2mOw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712128, "uuid": "8f7b4ef0-8a24-4fcc-be10-c7619cbd47a7", "value": 10752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712128, "uuid": "0a85b10b-3745-4074-be2e-b5602202576b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712128, "uuid": "e97df103-8816-4ed8-8e2b-dac47a87174a", "value": "SecuriteInfo.com.Exploit.Win32.Aluigi.gr.20095.30026", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf4e77ab-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705276, "uuid": "1d84849a-4021-4606-b298-544abc353c94", "comment": "Malware payload", "value": "d324283aa6c0c8931425684333d62cbc", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705276, "uuid": "63373b6b-9da7-4502-9dd4-cbd56b9a31c7", "comment": "Malware payload", "value": "41a928b432f9749f3cc2eed61bf80689bc126ec18dd9df89d9f6196a2335f4d6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705276, "uuid": "6898aee4-ba89-4710-90cb-d2890bec11e7", "comment": "Malware payload", "value": "bb6eea9c556c48897d114b480e689c306800e70a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705276, "uuid": "404fbcd0-52f7-4e24-8f24-40aba9dee8e3", "comment": "Malware payload", "value": "a37f030ebabe71f7f5ef8f73595c6990ac1880ed7a2b4230dfbea019eed756a6c9830e74a6c31afe483119f35e679c72", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705276, "uuid": "3f58ced1-ef1c-4234-b046-02b18122d918", "value": "T17943312B6711096CE2D8D57CD3AB681BB355FF8E7DE6702A2F40EB5618CAF814B1120D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705276, "uuid": "23602875-8b66-42d3-b27d-e6dc8a3e879b", "value": "768:PrUhI3vf61MvVUraGmjmUG+cgfrCs1KNiyFJqsndXiCdrCzmlU9KO8Kz+WLxh77b:PQUn6QYltgfrwRlF50FFPx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705276, "uuid": "588126c4-027c-4f07-a78b-07b9a735c5b3", "value": 55288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705276, "uuid": "9273b1c3-8b82-49c8-96ee-3fc28731a71b", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705276, "uuid": "bac8c8c6-f02b-4952-99de-a01736ddc5ce", "value": "SecuriteInfo.com.Trojan.Generic.33167932.15868.1800", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2233aa2d-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641017, "uuid": "3eb502d3-f0c3-4751-b42e-866824087656", "comment": "Malware payload (Mirai)", "value": "abd62a9e321baeb755278475bfe64ace", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641017, "uuid": "045d9e8a-1e40-4f58-80b4-cfef4485b686", "comment": "Malware payload (Mirai)", "value": "41b3b00816c8b217a9745c6a69d224008431b4b77232917d132c1636152aca62", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641017, "uuid": "095ce2b9-bf1e-4f73-94c4-2f61386922a2", "comment": "Malware payload (Mirai)", "value": "d84cfc9625f278df40b08d20e0fe93edb102c26a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641017, "uuid": "90422c56-99b5-4022-9861-e8c701fe5988", "comment": "Malware payload (Mirai)", "value": "1938aa45378c3889974ee61408b344ec7fcf21de8f0f09a881ccd0134ac050ef96b3e2f4bf9d42ee35803f563e594fbb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641017, "uuid": "6a484fb5-c190-4612-b44a-63b84e2b9a11", "value": "T1DFD2E16CD95D7905C69E3EBD50CE86F6294CB4C0A35DEACE17224448BA1BE8BEC070B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641017, "uuid": "99321dec-00e5-4d3b-8e72-6ed1e07757a1", "value": "768:a1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KNMKJbsWUF:abDs06t4BEub4sU/MbU9gF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641017, "uuid": "78128a62-f1df-4121-bb6b-e9a2078a4316", "value": 30324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641017, "uuid": "b72e9a07-73bc-4ef9-bc3a-5e3a2d58c89c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641017, "uuid": "43f12b2e-83c9-4d52-a3c4-393cf62361a9", "value": "abd62a9e321baeb755278475bfe64ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68f75fd5-255d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689679361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679361, "uuid": "c2603f74-2bf1-49e4-bfff-a575aa97cd32", "comment": "Malware payload", "value": "e103bf08c01a6631599d6f9fafac6bf6", "object_relation": "md5", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679361, "uuid": "e9365b7a-92b5-41da-99dd-3e4b04bb3145", "comment": "Malware payload", "value": "42996300c3b5e84a6e070e92eda95a0cd34cbe995be23881d87b3865c3e2a5d4", "object_relation": "sha256", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679361, "uuid": "46e3d5c5-379d-4bb5-8c36-570ca7bf4fcf", "comment": "Malware payload", "value": "7fb33e741b7030bd35ab4aa6fb924cad31d5b14b", "object_relation": "sha1", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679361, "uuid": "665f5255-24fd-493c-985a-1355ce573cfd", "comment": "Malware payload", "value": "0719426b2de3c726b95a6d1b6cd41d89eaeda72d6036eb90f9a92e133177747ed5c8faeabdf6ad2b9238e9b2557da9a3", "object_relation": "sha3-384", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679361, "uuid": "bd7ac6b7-42c2-4c8b-86ca-3a1df5892006", "value": "T1C346334BB8CB1F32D1294775709F57CA9EA94E040B47063763FBB28538F27147AB849A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679361, "uuid": "41e6258c-412b-447c-b7fc-d330b2dd021e", "value": "98304:ktWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD5:ktWMyLOiv4GRemc6zEVtBt7Q65qqXxQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679361, "uuid": "ab513a63-348b-47f2-b55a-f175e2588720", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679361, "uuid": "470bdb10-ad7d-488c-9ecf-b2c7aed9e7ae", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679361, "uuid": "9a56b0cc-240a-45e7-8043-e271766a829d", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c72ed16-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680307, "uuid": "b0661932-8748-4ca4-a4a2-d1a893f1d94b", "comment": "Malware payload (Loki)", "value": "4c72dc78103369692b4400c79b5f2a46", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680307, "uuid": "988e75bf-5e15-49fb-848e-e67c3ee9b0a9", "comment": "Malware payload (Loki)", "value": "42d59b1e16bfe7cabcd964b6eeb487fede914bea5290aac7fcdcef636963085f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680307, "uuid": "4a93fe12-9dcd-4b5a-a637-80ae6cead77a", "comment": "Malware payload (Loki)", "value": "c4c1adacf6f1c5fe0f2fa9fe3e8d6127e6c04035", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680307, "uuid": "eaea56b5-5399-45b5-af22-f9703cad6d83", "comment": "Malware payload (Loki)", "value": "17b224779f7a2f1b1a70e9f7009184691b518dde9cd2fb89037ad2359160828f201ddb227f6cf4dbd254954d4d6881e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680307, "uuid": "30f95bd9-0895-49c4-a355-b65da153d011", "value": "T1EDB422565A611FBAC89BCBFC292061301BBE93EE7C31C3454C46A0D85F76B4A1981F6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680307, "uuid": "b09a51b6-853e-4ee3-abf9-5bff23e05405", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680307, "uuid": "daee0492-8220-460c-a8a4-4055258a19ea", "value": "12288:tCPmihhhxn2ouTSFOQ312JGVgadZTuJg:IDhhoSw+cLuuJg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680307, "uuid": "f1ff6236-c966-4f27-ab33-ece4dc052402", "value": 509952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680307, "uuid": "8d973608-33b8-4660-8b53-e9b343cbfee8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680307, "uuid": "c6adf34f-1888-4dcb-a6c6-427c28fb6c37", "value": "STATEMENT OF ACCOUNT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beaf6c77-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705275, "uuid": "df9deb7d-7664-47e1-8e9a-12708fb627fc", "comment": "Malware payload", "value": "648a7089981a326f37bc676783418aa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705275, "uuid": "7f510999-7aaa-433d-8e96-3dab9d89053e", "comment": "Malware payload", "value": "42e586e1248564a35f6ed6507a9808ac889122db85281a5e77edb415fb3921e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705275, "uuid": "5837f94e-edc9-46d2-92cd-dc00177ab9fa", "comment": "Malware payload", "value": "62b7de6117f9fe44db146eba90fa04e345a9b7c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705275, "uuid": "b5c84c8b-e6b1-4c1f-9691-afc0a9406645", "comment": "Malware payload", "value": "fb3bba4f3e7e5d43256c30c5066118a8c110b20064b1657b8a274e67446b11946628be1a8919ec3f407f7476d7fe7e6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705275, "uuid": "93fd3dca-cd26-49bf-87e0-80802fe547f7", "value": "T1EBC1D58B476445E6DB1CCFF01A778A0C8E341212025027BA2B4BDEDACBB4B127853A8D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705275, "uuid": "b0a47e14-70b5-4242-8fc7-1511aaaa38fb", "value": "f4982edbc6781a2fa569735f052b2b1b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705275, "uuid": "cd1660a4-6169-456c-af5a-3cac37642676", "value": "48:CWGIqujuDCXLX6OcerFZZDz9mfjhthFgkPmoyl1g4PzIM7/9pRuqS:5jDjXX9Xr/ZDxuPmoynvPzIMtx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705275, "uuid": "0cb71210-bd85-4162-9b47-a22f481fa527", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705275, "uuid": "d4f668e3-6f12-4c42-b50f-6a7723fb0f66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705275, "uuid": "eb05f602-7e2a-42f6-b50f-6297100a994d", "value": "SecuriteInfo.com.Variant.Zusy.447813.22320.10461", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b73368c1-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712134, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712134, "uuid": "255ef62c-cb9c-4f01-9a35-33a316cb7772", "comment": "Malware payload", "value": "d31363b6e51c5f08edd6b3682880231d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712134, "uuid": "571411ce-aa40-4f98-8f32-20ff448c0e53", "comment": "Malware payload", "value": "43c5f4aedc42cf8615a3797a97f9a3524132a13fa07b0dfb42b3d49acc4e429a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712134, "uuid": "0494a099-1e8e-47d1-9803-400c2c2840f9", "comment": "Malware payload", "value": "9cef5d913a0261422ae2344e7070de6ff3565cb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712134, "uuid": "b88de761-1a57-4cfe-90bc-775712835277", "comment": "Malware payload", "value": "aee6e4283a703504162c96eca792f292a671cc6c614a76ff505af069b196ac2b209a6cf88a2cb5283b950e72b4e50c3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712134, "uuid": "3b694d6c-b2b2-4d9d-b3ab-1bbf560a86c8", "value": "T1E8241257E2D7C90AC169BABD907B8A050792DC9D96670F1B8F815A0CEDB0B03FE3151B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712134, "uuid": "4c9ccbfb-0374-475c-8905-ca53bceeeb51", "value": "09d0478591d4f788cb3e5ea416c25237", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712134, "uuid": "aea085d9-9f17-4685-89fe-b1859b7c2828", "value": "6144:lP//1DwpgAPfiR1n6eh3jezka5g3/55dv:VNogAPE6eh3b7p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712134, "uuid": "3719a839-c966-4b76-8618-5cbd4bfd8fb4", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712134, "uuid": "7229e0c7-b402-4ab5-9944-eb60fb10b11f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712134, "uuid": "1eac6309-2f60-4974-b95e-8b4b10458441", "value": "SecuriteInfo.com.HEUR.20659.2715", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "189f634b-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680086, "uuid": "6537952e-e1a3-4309-a416-b3308502f5bd", "comment": "Malware payload (Loki)", "value": "b3d3e055711560f09f2485397e0c4a15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680086, "uuid": "9f9ba08c-ca56-44b1-8743-5d89a719ae42", "comment": "Malware payload (Loki)", "value": "43d6dcbb19f1709f0b2bc34976e2b7dc05d2927cd99563cbefd2e9195d0f412a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680086, "uuid": "142eeb0b-93b0-42ce-b1ae-c0ad1323c9c5", "comment": "Malware payload (Loki)", "value": "4bbdd7e3f054f25829328d3cc8cd509bf377d82f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680086, "uuid": "b8cd5108-a361-4e22-9cc7-465c304a24e8", "comment": "Malware payload (Loki)", "value": "a9d4d0bcd96bd28c72be3a0bc3318c74d96a09966b89b7302af9ea35d21d273935cebbf2519446cb25c6d092a4a6d54f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680086, "uuid": "2cb915d6-9781-485d-9f6f-882ac8b24caf", "value": "T139C48C3850388BAFEB97C7F6D430255613F412666AF2E39C8CBA64DF3E35724A540972", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680086, "uuid": "b0e6df76-e3a2-4724-b2f4-828cfde77a8b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680086, "uuid": "f1832e3c-c3e9-491e-8d92-d3042aae6b27", "value": "12288:dCg+su9NWuLPaJwfMz+ScFzkG/Ff0LqqTrQaSejL8Z:isu9NWAPaaMaSMAG/50LqqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680086, "uuid": "80a497f8-bb69-499c-8b04-a11af8f502d1", "value": 561152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680086, "uuid": "5c80f0bb-11b1-4306-8f8c-c0868dbfeab7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680086, "uuid": "4752c91e-aba9-4f73-bbc8-82c619febe68", "value": "payment advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec65554d-2523-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689654671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654671, "uuid": "300ae310-280b-4208-b5ef-6c688b761bb1", "comment": "Malware payload", "value": "21aef45f24a7921ba22d001853233d51", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654671, "uuid": "dd7e6fda-b4ed-40ea-a010-a984aefd9b50", "comment": "Malware payload", "value": "44154d7171647bfce46e82e1f2bff980bbf16f900cfe46f94ea0c93e635fbcb4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654671, "uuid": "c1eaa251-18f1-48e4-8d71-38e7c2b21b0f", "comment": "Malware payload", "value": "9f55f9a4e17ef360eeb0537230e85c7dbf008d89", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654671, "uuid": "7da6362e-1fba-4b58-9a87-c3ee822d18b9", "comment": "Malware payload", "value": "b73b996c0617cefa841b8395b0d6b4c73c6b8730ac7511630b1b1b2ce9c3505fc10182afbadcae96b62031ea3fb96bb2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654671, "uuid": "182d1e4f-3b9e-4a35-9bbc-1c10f2a6881f", "value": "T178326D3DE74342A6DF7E1D7F199AB84D05356222074922E39742880E4DC0BF7F673A96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654671, "uuid": "2023711e-54ca-4d2d-a68b-6c01f89fb5e4", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654671, "uuid": "7979efbf-b3ff-404d-a587-643f66887b38", "value": "192:+IZ7OTTGdoTtXiA3scN6rIxUuZegQfMX:+K70eoTtBTjWfMX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654671, "uuid": "80d06437-2e13-4ec2-aadb-7ef75ce56738", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654671, "uuid": "afd95e1c-fb5b-4bdc-8d76-a99e481a19e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654671, "uuid": "7feb5d67-b47c-4e76-876e-93ce325f6b4e", "value": "SecuriteInfo.com.Win32.InjectorX-gen.32026.27716", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0cefb7b-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689686407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "fa615b2d-6a4b-4201-a582-fd6af2e1ed0a", "comment": "Malware payload", "value": "cbdbaee0061786a6213eba254a81dd88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "a188631b-3a4f-48ca-818f-18a64f57df59", "comment": "Malware payload", "value": "445b083048cd2e7ced4e622e8aff246544938f9ebe20da317a2e755fe0663985", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "7c5129f3-cd47-4692-8412-36f1f5883f7a", "comment": "Malware payload", "value": "646ede0673a752058790b1c6d171875a1e5c616e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "d99cf568-c1dc-453d-a5ba-9bc78ff74d1f", "comment": "Malware payload", "value": "3255eceee766c97398f1d9e11795d78910400eebb229b052eb560f29ae4bf4671ad61ced3651c2919d4da35e95bc78ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "d1d22925-f867-49ce-b281-cf06293fe72d", "value": "T1DBE37C2175C080B2E573283256A585B15E7CFC700FA67ECB2BA41E7A2FB05D1A634DE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "b35d3619-e565-4af3-9483-ad93f00e57c0", "value": "dcff091e2e9aba82a244d7ff6e487382", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "d4c66863-c284-4d60-b289-579c5db2f95a", "value": "3072:ZHaao+zz7NjiRqJwelYpKlurlESRLXfHXW:asjiRiwzcirPXW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686407, "uuid": "31709742-23a1-4573-a048-2c17016cbfbb", "value": 150016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686407, "uuid": "e784cde2-c93f-4183-b535-5f215fa69089", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "85b0f6f7-b9ad-445d-a768-c387f94eca2a", "value": "cbdbaee0061786a6213eba254a81dd88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6fe7ee9-2575-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689689854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689854, "uuid": "51063eb7-4661-408f-8a00-ae378311aa45", "comment": "Malware payload (NetSupport)", "value": "1e5cdc61c20f82875d66454601948bca", "object_relation": "md5", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689854, "uuid": "af2aa234-61e4-415f-8667-a66a5946aab1", "comment": "Malware payload (NetSupport)", "value": "4466dcf5c40ed4ed3a69d6f3d551f1dd959e9b17fb80b59099eb2236c5c1a39f", "object_relation": "sha256", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689854, "uuid": "86af7ea6-1858-4bad-b607-67cd56837449", "comment": "Malware payload (NetSupport)", "value": "613bf205d0d52449a76789d8e02d5556bced815c", "object_relation": "sha1", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689854, "uuid": "384f82c2-23fe-4dc6-9c42-d5b0f227ec66", "comment": "Malware payload (NetSupport)", "value": "9012d374a56cd28774be86dfe4ff1cd197fd3de827ff55085358d49ac5c103ab78f76a9b96c0021693f99b79596ff85e", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689854, "uuid": "3f9fa752-f05f-44d6-8451-3edbb0f1bd04", "value": "T1E2D05E1A0787877B8514909ADFBE9ECCC4A54D187F892B15CA244A6D9529849B9CA204", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689854, "uuid": "ccb65878-8deb-4b5b-8941-112fe17096ec", "value": "6:CxBR2Bn23f99oRfFlIw8UlLAHbKx48mfHF7IHF41Bn23f9oHy:cn223QfF0C0vZd7IlS2d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689854, "uuid": "924d61ad-fa7a-447e-aacf-922f648d373d", "value": 242, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689854, "uuid": "cfe68386-c02e-452a-b237-2380db22d05d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689854, "uuid": "0c459929-ad11-4c68-875d-3bc0405c538d", "value": "sett.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9255666-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705292, "uuid": "b070870c-3842-427d-9352-f7b4db2478c0", "comment": "Malware payload", "value": "66650c40ff0d28c82efa46f3c8fb904f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705292, "uuid": "dc542ea6-183f-4b93-a425-eb9b09cc9059", "comment": "Malware payload", "value": "446c3098a17ea81d3ace2dac1dd43a68118e7b1f5aa28f0559812f98340ccaab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705292, "uuid": "c7dbb984-c845-4d02-881d-51da3e7a350b", "comment": "Malware payload", "value": "3167a43da6e4e625eed828c0052405330573aaed", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705292, "uuid": "fcf10b40-dbc2-41cb-8a06-5297eda53701", "comment": "Malware payload", "value": "e9bd8d127ed7949092c1d9ca85bf83f6dde544646c04494bd0147c1a3ebc7852ae9fd93dc8278cc63f7093b3054f1441", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705292, "uuid": "e61f8bce-32dd-41e2-84d6-4b1917bc706b", "value": "T13AB36B01B5D1C032D8B6183119B0C9B51B7EFD704E219EABA7C8163E9F746C29926E7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705292, "uuid": "473c985c-a791-40ab-bd19-a56a78957c38", "value": "408f42a7a531450f59ecf2eec967e1cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705292, "uuid": "6c8f2e6d-83a4-4151-8703-e82e4a126b5d", "value": "3072:BsMLKLilGbDYkI0F7AQIZkI9+HJa6OIpHl9f/4bj4Y:BaWlGNItkVa21", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705292, "uuid": "b5ab42d6-3054-4dbf-845e-aef24c4d66ba", "value": 115712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705292, "uuid": "178ac309-6dbb-45ef-8196-a9d19217473f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705292, "uuid": "781c30d4-14d6-49ed-8914-56d2a01d65b9", "value": "SecuriteInfo.com.Variant.Midie.120512.25563.5182", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa4b6df5-259a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689705670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705670, "uuid": "1f3895af-2c65-4807-90b9-2037643fc87a", "comment": "Malware payload (NanoCore)", "value": "c093e70e25815d53321bad6051703feb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705670, "uuid": "47aa25d3-20f8-4425-a4ca-de2e10c6575a", "comment": "Malware payload (NanoCore)", "value": "44814d480211c0c7ebac68b7747789b1d2aee342e2353a16563f086283f152d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705670, "uuid": "d8c0338e-4fa7-4def-8210-7e7ef8d7e7b5", "comment": "Malware payload (NanoCore)", "value": "14f34bd95776dadda1e06000abfe11ba19566b3f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705670, "uuid": "283e79b2-4b7d-4c1a-bc79-244aa2c4eeb8", "comment": "Malware payload (NanoCore)", "value": "10fd2e1fda277639969f3535dcef905062c7a4ef8492915f6827d9182f56420d5f944c48ac0619315eecd662c8bc07f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705670, "uuid": "7768e50a-dad6-474f-b82f-42592dcbce43", "value": "T1ACE423A50E9AA11FD55B3FF600006AB08BBE06D13546C6570D1EF1BEE626B8FD918F07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705670, "uuid": "c27f9aed-a1e8-4529-a9fd-c856ffe2207d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705670, "uuid": "299ec4cf-36ea-44a0-9e5c-6cf00ccc420c", "value": "12288:BmAY2kcdbL4EfAahAK3y3Hf9KT9tEpw4QJpmjrs4jcWo7HKMr4uM:8N6GEfdAKiXfwTTdhJMXs4j67q6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705670, "uuid": "7f7a3079-61f2-47ef-9a13-a00d75b1d561", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705670, "uuid": "54cf94c5-8891-4686-8a29-0feb4c738cc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705670, "uuid": "aecd72cf-f1ca-4ce6-9b5f-9095cad68bd2", "value": "8OkKMo1w5YDsM2P.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce2be2e0-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662351, "uuid": "3d361372-2b46-4d4e-b0be-14c72d20cb4e", "comment": "Malware payload (AgentTesla)", "value": "6425e5c1b4d68671c42b6cb0953e8a7e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662351, "uuid": "98408c0c-0e33-49ac-b9d9-e57450f5e2bb", "comment": "Malware payload (AgentTesla)", "value": "449947dedfa89870f0f4d5dc86edc66c4656a6f94504167bbe4f803cd5c16076", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662351, "uuid": "28b4ebb2-127e-470d-8f5e-0060cff8335d", "comment": "Malware payload (AgentTesla)", "value": "1f48a1e6a665c4e2200a0ff7bc30310a92d1d2e4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662351, "uuid": "7894e261-8656-4d3d-8090-dd48b73f6fe9", "comment": "Malware payload (AgentTesla)", "value": "cfcbed6f57faaa4b1cec6905c55f1e0813895770d373fb8a0edb7efbb73bc84ef869d1879f213a56f19d7f9f8ea75322", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662351, "uuid": "2f8b0917-e207-4acd-b378-b22703ae2f56", "value": "T1A9D4234091DC4227D9E455F187E3EF0476F64F80017ECB1C8A86FD9AB9CBEE2A241676", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662351, "uuid": "74d66f6b-4f77-4524-99d3-97bb2d319081", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662351, "uuid": "5c4b0976-fc92-4986-b14a-1bd4f39e5c9f", "value": "12288:Cfb/WT4UkuZbqm4wFxUYVQ5vn3y9H8X2xXTkRmtMIEPS/BVgMNdOJG:CfzW/ZbcwFxLVQVn3GXT4+SPQOJG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662351, "uuid": "911a40da-1d08-476f-b1ae-08ac7e8ef28a", "value": 606208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662351, "uuid": "d4813633-4f3f-4566-a8af-880bbef33373", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662351, "uuid": "40cd766b-b9b9-4d66-9b26-f91d7981d589", "value": "Drawing sheet \u60df\u8056-PO#SWA0378352 140HQ FAEC-SAMEX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab92c4f2-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689662293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662293, "uuid": "be13da17-c6f3-400b-a4aa-467aa0e68acc", "comment": "Malware payload", "value": "98fe58925c50fcb6cfdc2dd4fd3063cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Killmbr", "colour": "#D99058", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662293, "uuid": "bbc20449-0014-4878-b399-c9eb55684ce0", "comment": "Malware payload", "value": "4586d9560e9e20278af712a966bfb8109ac627b45b4180cd9bbb195eecf3c76c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Killmbr", "colour": "#D99058", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662293, "uuid": "6cca493d-4a44-40d6-a6ca-c825de845ea6", "comment": "Malware payload", "value": "e65ac34bbaf25bfd5e1bbabec3d801bf6dddc035", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Killmbr", "colour": "#D99058", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662293, "uuid": "5909314f-e5cc-4a25-9ac7-e8b573ee95f6", "comment": "Malware payload", "value": "4eb7dabf8c85cdfb37f9a8afaa5708a4639e98c9884896397b8f11ae93f1e9489c2021d5d057cf773b4639092f12a8c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Killmbr", "colour": "#D99058", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662293, "uuid": "fead8db3-0cf0-4c50-a9be-3d79b76eb9be", "value": "T16C040187FB409897DA0402714A6BEF3882B5AE606ED09A4337D0BF5F3EBF5129D35484", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662293, "uuid": "0ce6545a-f1bc-49e5-a829-4b613c3ab698", "value": "f6e985cd8769e461a986b0eb46af18c3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662293, "uuid": "8c7e4fa9-2dac-4148-9755-bab4e2f6bfb1", "value": "3072:2mXVAiMmolcREZLEwM2AJnMEEJOUwXPCU6j5QAQmltjreX+j5akuUCY0F8uyJQu:2mlemdKZL+bJMEEJsXP1fAlCuUkuU90q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662293, "uuid": "32b0f4a7-9886-4f18-a339-12d37f12b272", "value": 178688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662293, "uuid": "037013bb-cac6-4f1d-b46a-870c345b9925", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662293, "uuid": "bf307076-5137-4646-b0aa-074595e61472", "value": "4586d9560e9e20278af712a966bfb8109ac627b45b4180cd9bbb195eecf3c76c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0847c20-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685521, "uuid": "42b317c9-29bc-459f-a38f-bd303d5bf9e0", "comment": "Malware payload (AgentTesla)", "value": "e3cb47d343e755df1b7a9b0c6c178f41", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685521, "uuid": "e3646b64-19fd-4c07-a332-875d6e68358b", "comment": "Malware payload (AgentTesla)", "value": "45b41b91bd67b7c902855ea8c70ac83bb61c4dc08332b9f90e57c607ddaa4686", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685521, "uuid": "de4f289e-6f57-41f1-bf8f-b63e4e8dd4ec", "comment": "Malware payload (AgentTesla)", "value": "3059409bfb1b1ca97649e6d44069434bff9d9033", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685521, "uuid": "2d8dfe32-f973-494a-8a34-39c5789a6420", "comment": "Malware payload (AgentTesla)", "value": "f4a4900d741ccf990949c42a7e9776f4b5bb1d809585bb98c9a562a5204f425ff55f0d8fccada57c358a96e454fa8e89", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685521, "uuid": "e1dd1f84-bcf5-42de-931f-817f18c05772", "value": "T16645E003D8049BC3D40D83F47E530EE90F0A6F1AE899B9EB14537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685521, "uuid": "5a3bf333-4cdc-4f8e-bde4-25b2d042a34f", "value": "24576:2zu9V1ZyFw6VXAZy8w6VncAfExb3pbU8cNfnw/x:2zu396VXyE6VnLf42Nfnc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685521, "uuid": "9fbff28f-972d-427f-b362-c3edf34b56f1", "value": 1211392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685521, "uuid": "3005edfd-6233-45a7-b0c3-8b7133d0bb2a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685521, "uuid": "0d926e3a-496d-4c0e-b1aa-f6475938676b", "value": "PO20230718.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8a0d420-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712137, "uuid": "12dcd081-2835-490f-bdf9-9ee371741066", "comment": "Malware payload", "value": "9453ad1f24895c6a7f736e769a608324", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712137, "uuid": "bfa6a68a-a7e6-4556-86db-28efa2df958e", "comment": "Malware payload", "value": "45e97083b6ffdbd8d906b7de0420d7a9c0b96eaa3bda47e763928b5843454209", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712137, "uuid": "93f8d14d-3ff1-4f6b-97ea-1d16eaff1b4f", "comment": "Malware payload", "value": "a09ab57e6ab9a6829d99c75a8819269fabd560bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712137, "uuid": "ebf036e0-b2de-46c0-b4a4-a9cf22d3c7f8", "comment": "Malware payload", "value": "c9a3ab5ac0823f410768ef0834fb55e3c6aa8743405aa4fc156a0d4ef93e1d2ff755c4e4a15f4fd92421de326f87c80e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712137, "uuid": "53936e39-c4ea-4090-b6f5-09562dfb49c2", "value": "T17BC47D62F2E18437C1671A39DC1F96646D36FF012E2869876BF52C0C9F397913C2A297", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712137, "uuid": "43687dd3-e4de-4536-a183-143fb3a06446", "value": "12288:8q9t0xB8D5t6YkcIEzouqTtjoXN6dBfR2j6DN/i:8Emg5t5IR7tOwdBfro", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712137, "uuid": "5c4c5d7e-ae05-4a30-9123-165caf8bbb7c", "value": 578560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712137, "uuid": "9775212f-0861-4847-a4b9-1741101ce0a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712137, "uuid": "12cfdf9d-bade-41c8-89c0-d55443a6c323", "value": "SecuriteInfo.com.W32.A-62389890.Eldorado.23603.18787", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b19d3ef-25a1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Adware.DownloadMR)", "timestamp": 1689708571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689708571, "uuid": "e42b395c-3d97-4e9b-a434-7a75c0b0c4f2", "comment": "Malware payload (Adware.DownloadMR)", "value": "190785b2bb664324334c1b5231b5c4b0", "object_relation": "md5", "Tag": [ { "name": "Adware.DownloadMR", "colour": "#005C2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689708571, "uuid": "d3ca7a40-7eaa-4987-85c4-10ebefa69ef9", "comment": "Malware payload (Adware.DownloadMR)", "value": "4731517b198414342891553881913565819509086b8154214462788c740b34c9", "object_relation": "sha256", "Tag": [ { "name": "Adware.DownloadMR", "colour": "#005C2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689708571, "uuid": "620c2a19-d9cb-4bfd-8e39-fd3044af5fce", "comment": "Malware payload (Adware.DownloadMR)", "value": "07539abb2623fe24b9a05e240f675fa2d15268cb", "object_relation": "sha1", "Tag": [ { "name": "Adware.DownloadMR", "colour": "#005C2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689708571, "uuid": "7e8d5844-1945-4f43-abba-d4c21c2e8337", "comment": "Malware payload (Adware.DownloadMR)", "value": "a45ba89a822f8815f6a29a07cf7d370b54d08edf9cb9465b6d7e64903f66ebe6960994b3733da5479597282d7e112f3d", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.DownloadMR", "colour": "#005C2D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689708571, "uuid": "ee0316f7-9a48-4a12-965a-ee292f2b9617", "value": "T18FF49D177981807FD1B60630899A6B75E9F6BE640E378A472388BE2C4D76E01DB1737C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689708571, "uuid": "02bc0305-f116-4d3f-878e-0b3b1d8c5577", "value": "b10a793c1a95ae4dec9f30aff80c71f2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689708571, "uuid": "0e1e9f03-9f26-4260-8710-7b449dc7dea8", "value": "12288:8YdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzagH:HdNikfu2hBfK8ilRty5olGJsxNH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689708571, "uuid": "7a6a5789-04c7-447d-8397-ebb314e2b438", "value": 743704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689708571, "uuid": "7b5ab884-55d7-4926-86a9-342dbcbd6f4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689708571, "uuid": "87a889ab-04fa-439e-954f-644131150ce9", "value": "GWPEx64_10_07_2018.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c79880d7-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685533, "uuid": "9fd07e71-ae08-4e87-8a44-c8db2430ab90", "comment": "Malware payload (AgentTesla)", "value": "216174f069f376a3173e920b32543d87", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685533, "uuid": "603f6075-8690-41b1-897b-601ed00a0a21", "comment": "Malware payload (AgentTesla)", "value": "47811af505eb2a00016a2c9e5507ee4e8b99f5d756304582bd7ed5733f8404ef", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685533, "uuid": "4ab02545-1ce5-4b04-93ba-909d598e66be", "comment": "Malware payload (AgentTesla)", "value": "6c7b0e096a63e30fef0a7ca79da52e9d7f2e9b7a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685533, "uuid": "eea39aff-9529-48a6-bea1-71fb03f528fb", "comment": "Malware payload (AgentTesla)", "value": "52aed5a0118dad15631865ba7b2f1495d1d7945c513c69b22ced1d80e31f2c5305045f9f6b7b44d8166a091370234565", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685533, "uuid": "18c19510-fd7e-40ac-9dd8-534d4ee0c88c", "value": "T15113495AE78F02658F5112B7571B0A899ABCB63EF35450B174AC833433EDC3E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685533, "uuid": "df72b70f-ecde-410e-bdb9-1a8e4c6ca320", "value": "768:mFx0XaIsnPRIa4fwJM8DYX6+Rcu6EILOXCB8Z273rbla4SGQ9cS4:mf0Xvx3EMv6efISCiZm7SGQi9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685533, "uuid": "68df636f-5d39-420a-8f1d-c4a94756c5cf", "value": 43190, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685533, "uuid": "0f74205e-9437-4b16-869d-91abb9f63628", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685533, "uuid": "a1350aae-75f2-4526-9e5f-baa8817fa2b2", "value": "216174f069f376a3173e920b32543d87.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bd65106-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689685835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685835, "uuid": "19e8082e-e396-4ba9-ac30-912264e2d151", "comment": "Malware payload (Formbook)", "value": "32b51af938a9dd76609407faf862d18c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685835, "uuid": "6a4974e0-7076-4f75-ad76-66228cf000dc", "comment": "Malware payload (Formbook)", "value": "4a30ba2e0012dd756f7d6fab584e78fe144a306d134921502819330a6978d328", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685835, "uuid": "d2110b12-1375-492a-80e2-57586ae57cce", "comment": "Malware payload (Formbook)", "value": "bf3c35c840403dc7fa997630457615a2a417d20c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685835, "uuid": "59b8b272-d167-4122-ace9-b24bdd9bf1d5", "comment": "Malware payload (Formbook)", "value": "5a4ece52b60d24c597ca245b2f62428c41cf8cd8b9c9d8e9651f83a4e84dc8605881258cffadac81e2858d75b9d78101", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685835, "uuid": "8cbd16e0-72e2-4816-a4b0-cb8735edaba5", "value": "T11CC4CE39503C87AFEB53DBB7E434259622F013961AF2928CCCBA256F3D79238E1545B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685835, "uuid": "625c341e-4439-4a38-98a4-4946b748b2a0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685835, "uuid": "169cca5f-e9dc-4413-96b3-fda25d4d9255", "value": "12288:RqTrQaSejL8Z5w0dpl5gsPyaHjBb67IwfEKr43XRVY86YSWBlvhB:RqTrQaSejL8Zff5gwy06IwfEH3HSWf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685835, "uuid": "4a6b5975-28fc-45a3-8585-1670de88425f", "value": 566272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685835, "uuid": "0f2fd598-80a3-4992-bbbe-e98395fc5489", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685835, "uuid": "dd1f386f-c5b0-4b3e-9580-de241d9107be", "value": "New order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91af638d-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689697898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697898, "uuid": "ffa8edb0-4f6e-40f3-984d-64b2c977fa4c", "comment": "Malware payload (Gozi)", "value": "32e7ae2c7ea17e394eec3262d00ca2cc", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697898, "uuid": "9b6d3fde-b1ee-468c-a038-58c3c9e97737", "comment": "Malware payload (Gozi)", "value": "4a44bf781e5ddd0a77dcaa97caafb1be31392fa6fc63891ff7e595318030b540", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697898, "uuid": "b9538aa4-decc-43fb-93ee-5823fe4f4384", "comment": "Malware payload (Gozi)", "value": "b1d4a8da261109f7c55923938f0d7f3507792db2", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697898, "uuid": "6f2e5dbf-dadb-4055-af63-9972d6d3b34b", "comment": "Malware payload (Gozi)", "value": "84bdba584210d7840363b7e5671f0ab7807469dcc2c173f0ec568e6f2d304b8167003bb887f27db39a5b8f27b71d8851", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697898, "uuid": "2891cc33-e48e-458c-b16b-b6132671bd38", "value": "T1FB22AF5F52CD4D0FE5AAACF18E53DDACA72096A0840DBB42127D743047C5DE546E2FA3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697898, "uuid": "fe9b236d-8660-40a2-8f37-01a069d0bc5a", "value": "192:7jRpAsVb6q6tIrRMpKZjYMgxhqeacz2PqhYhn/xrTKwswSo8eez:PTAsMqwIFMpKebDqzcz2VhprTKwGoTM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697898, "uuid": "8789d538-beb4-4cf1-b85c-f3ddb012bc3b", "value": 10636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697898, "uuid": "ea42464b-9e12-4890-9b44-e2a3dfd70d6b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697898, "uuid": "49064604-ace6-488b-985f-a29d7bec03e0", "value": "Invoice_Details.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b17828d4-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689661015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661015, "uuid": "eeff627b-8976-42d3-817b-92f590cef5a2", "comment": "Malware payload", "value": "f7d1117ace1e63a2a3cf9d45cb94b9b5", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661015, "uuid": "522c0a53-f4b8-41ad-9547-75d84e87ecc8", "comment": "Malware payload", "value": "4a84d6c38aa517a0d9de7061f11ebffb73f6580eabae4d7e3d6d888d3ac7a611", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661015, "uuid": "86a26737-5e41-4375-9eef-a041d4f13d83", "comment": "Malware payload", "value": "09855f01b837fe3bffc0d38ddc713da070072f5f", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661015, "uuid": "d09f5375-a0fc-40e6-94f5-dd6400f9ed7d", "comment": "Malware payload", "value": "be3a4d4eb60db84cad13e088e27ce36aa19f84ae62b8a034f729cd80eafe2b2b44dd869bb71a90d63b1909cd2a1e136a", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661015, "uuid": "33220951-7b8b-43cc-a0f2-3e623278a53d", "value": "T1BE924B447BA45123E77A16BFD9D32280077593173423EFABEFD8804949D2349AA92BF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661015, "uuid": "af63e916-86f1-4ad3-8982-67366efb8db4", "value": "384:Hm6GfkbfZO01twZeTSlxTSSifV/1Sczw/FZqcqTDV08KCTL6sy0iHog23t:HNq701+Ze2l0d/zzwv5qvVvlL1ynHo39", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661015, "uuid": "53fc2ddf-fa1f-4a88-b3f0-f41a3022cac1", "value": 19968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661015, "uuid": "53aae57d-9df3-4ffa-9487-dfefc296be97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661015, "uuid": "ac609622-80cb-4a5f-9430-bb8449eb20d6", "value": "f7d1117ace1e63a2a3cf9d45cb94b9b5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e2372b4-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689662217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662217, "uuid": "9aa84db1-ce17-4204-beea-1c5bcfe35b3f", "comment": "Malware payload (STRRAT)", "value": "a7b8f1015d5fb55e920b3b02a09f8ede", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662217, "uuid": "ff4b4e2b-e0cb-4579-87e7-dd549b4abc4a", "comment": "Malware payload (STRRAT)", "value": "4bf781354d02ca0d67a3a180fd6f0d183c6fba763caa660f986752be8b4bb586", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662217, "uuid": "e60b37c7-91fd-4126-b859-d4b6fb2be141", "comment": "Malware payload (STRRAT)", "value": "f603f984a40215b231ae74aa85a42ef57ac99b0d", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662217, "uuid": "1d3eb111-2c5f-437b-be29-67ad6bbba839", "comment": "Malware payload (STRRAT)", "value": "7b0fd6152156f1c0adedebc5a8f2a3a08c6407828f31f01c8ef7722403d0d024181b8f3747fb58478783f022571460e5", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662217, "uuid": "f0f10f9e-b38e-4e23-8956-740a58c97bec", "value": "T1ABA3DF5EBCDBD0BBE40741335A10C232A65C59D8E0ADA6AF75EC96492E30CDE07129DF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662217, "uuid": "bc6e1afb-2151-4e8b-b1a0-628c8f19a009", "value": "1536:7ucP/zF9kmtcqUD5rdJczatQlD7A/CRlMuUPqkcSPDbYJ0cRe0xUp8c5:DpepdSutQB7A/1ZPnDsW0xUF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662217, "uuid": "00ee99d9-d312-43a8-8b6a-e8d4d18c9228", "value": 103821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662217, "uuid": "611b9dea-6f95-442c-8263-015ac512ac37", "value": "application/java-archive", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662217, "uuid": "a2e806d4-24ec-4e8c-a1b9-813306a263ff", "value": "SHIPPING DOCS-BILL OF LADEN.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2299aaa8-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689680102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680102, "uuid": "46ddf170-53bd-43fa-b7be-fa9a9803710e", "comment": "Malware payload (Formbook)", "value": "dc244fcc2c14e1ff3aa8975b5f3f69b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680102, "uuid": "2f24df12-a058-4293-add0-b45f0f26d13a", "comment": "Malware payload (Formbook)", "value": "4c0306a3bc97e18ba8ed1b8a3de3d2430431aae2cb682daa173fcf3ebdc694f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680102, "uuid": "0a81d044-dac8-475d-98a7-05600b38f0af", "comment": "Malware payload (Formbook)", "value": "4d7e4c21ae638f7e44081ec11fd65d56dd370812", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680102, "uuid": "5e20ac63-71f3-4d64-a88f-f600e54b8c76", "comment": "Malware payload (Formbook)", "value": "5e35f6db00b9d72085057d85d97e7c4cbdc6b495015ab895ea2fc9c5664c2bf10e1c4731dab2f6444aa5298c288dbfde", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680102, "uuid": "2c010614-102f-4e67-8868-bf2858e30e64", "value": "T118E46B0B3DD0295BE42E426E007C6A6CEAED961E427FE964342DC3A3B2F654C194D74F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680102, "uuid": "72fcddda-ee92-44ff-85fc-453d47f991a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680102, "uuid": "19a7285c-6987-47d3-b867-f285d6c4c3de", "value": "12288:9PKGQIut7DTWmjiKnk6LG/LY1geryJr6ZVz1mEOFX2gI2B/s:oz7XrznkGGT1e8MG1f/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680102, "uuid": "48477cf7-c895-44bf-a334-0d86b236105a", "value": 720896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680102, "uuid": "4433dd84-c86c-4696-9530-e15f48a9fd26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680102, "uuid": "86725fda-614b-4555-ac6e-5001598771f9", "value": "Unit official request for rate offer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "341f24c6-2554-11ee-a6f9-42010a9c0055", "comment": "Malware payload (VanillaRAT)", "timestamp": 1689675407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675407, "uuid": "a4a901e7-a72b-4488-b0fa-526c8f0873af", "comment": "Malware payload (VanillaRAT)", "value": "17e792b0bb256533ce3fda3a2c4a093a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675407, "uuid": "16be6c4f-935b-4566-ad58-b94496550ad1", "comment": "Malware payload (VanillaRAT)", "value": "4c477e0e78863415e64ce9656ef2d1db0e45e60d02ccd21ad52ae51f637815f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675407, "uuid": "afd30211-33ee-4e8f-9376-20c07e1f531f", "comment": "Malware payload (VanillaRAT)", "value": "901d60993c45332419f9f8619dec044e2a9fc41a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675407, "uuid": "1a88a8a6-e8f2-4b3c-ad81-e3ed37afb6c6", "comment": "Malware payload (VanillaRAT)", "value": "747c9c9311c20aac1ae79d78a3ad77d7b790d02e82e2c8aa640de6a8f5b2b6e90a7ec46c5a5aa65acc327e19771a6daa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "VanillaRAT", "colour": "#F5ACDF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675407, "uuid": "9704f0e0-bf4e-4d98-a30b-2b9bee354d8f", "value": "T102A4C6A82D95C58BCA380D73F8D3959B47702D1BF5B1EA22ADD473AF6A36380080D57D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675407, "uuid": "1d4e012f-976c-4840-ba9d-69ea86d6f0f9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675407, "uuid": "4cceec09-29eb-4985-9d8d-a1872bdb5f42", "value": "6144:hqly+DJZKBI0FyYeY4eoiJ+sCFv1A4Inlz+:SOyYrZos+xFvIl6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689675407, "uuid": "b315f263-6cc3-4823-a8cb-283bac21a5c2", "value": 481792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689675407, "uuid": "091b4f40-ee20-4f4f-ae7f-4ca03f4a8b6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675407, "uuid": "5d54a7cc-41b0-4659-b11f-9cc141091aa9", "value": "TeamViewer_Setup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad7cb2f6-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662296, "uuid": "1c4678bd-726d-45aa-aad1-ac6ea259a366", "comment": "Malware payload (Formbook)", "value": "fb8f5907dea7f91643212ede079ebc4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662296, "uuid": "6a2a49b9-d8f2-4410-ac35-38f10341572b", "comment": "Malware payload (Formbook)", "value": "4c7657ab48af02eaee9aced386140d9be5b6a77fd1aea45563d480ec28bdba49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662296, "uuid": "e94785d5-f486-48c5-a61f-3564a306480c", "comment": "Malware payload (Formbook)", "value": "af2d21284c38f2772e4a6cee4010f8223c353133", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662296, "uuid": "788c622c-7cb3-45a4-9e70-9314c02a1ce1", "comment": "Malware payload (Formbook)", "value": "2266f674dfa86fcc10914f0da94c8ad490be8921ac18c7e8a4b6d1efc562c4ff853dcaaf6b89ab6e89e658f4c4a18cff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662296, "uuid": "2ea65788-1969-4137-91ce-57149e37b8e7", "value": "T19394F1213081C0F7C876057445EAC7794A3934764B7691EBB6EC2BBA5F213E1A73A1CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662296, "uuid": "f18b6918-d868-44ba-8a59-1c96838ee7cd", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662296, "uuid": "9fc6508d-f8a9-486d-ad06-957376e5f2a8", "value": "12288:Th1Lk70Tnvjcbw/Z3ZeYjV0Guf8d+zkUAJ:Pk70Trcb8Fx03mJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662296, "uuid": "000a2c71-3650-41d2-a6bc-084bdcfcc3b8", "value": 446464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662296, "uuid": "285e7b34-a895-4ef5-a1af-a05be000e363", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662296, "uuid": "def41bbf-ec75-4ad7-9777-bd6f3ab8c926", "value": "SKJjH877.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a63e559-2561-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689680947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680947, "uuid": "34bd5a3c-e559-4cd4-b515-b2e65a829fbe", "comment": "Malware payload (Formbook)", "value": "ee5b1cf5c117fc86fe1bccfec9a8cc46", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680947, "uuid": "694c886e-eab3-4d9c-9202-6d83e048bfb7", "comment": "Malware payload (Formbook)", "value": "4cd8d66fb0f643bf560702da7398ed5c27c1516ca15b7c9242f9583a162049a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680947, "uuid": "255c1102-2648-488c-81b8-9bb14bf09e49", "comment": "Malware payload (Formbook)", "value": "57b12bf0338f22d7603ff18c85c35725fc9b4f63", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680947, "uuid": "7843f1c8-6303-4e92-859b-13f26ce2a81b", "comment": "Malware payload (Formbook)", "value": "4130f34d1688ba56d115a4ac094c684b1c66fc5ef76a571b324c162bf4fc0dad2e4df751b4d1cdb23c778d488454d2dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680947, "uuid": "7a289ac3-8ddc-47d3-bcab-1264c68e3e22", "value": "T190E46D1B39D02A57E42E026E047C6A6CEBEDE61D427FD928342DC293B2F664C0D5D74B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680947, "uuid": "9cb4ce64-9c9e-48ad-a1b7-1653e9df3bff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680947, "uuid": "f7725928-5ca9-434e-8a3f-52bf581830da", "value": "12288:GgERGQIut7DfWmRXtrGKXRtjxkxwm32cHO15UV7fmYiK13fJJ1:hERz7TrRXt7Xvjx4wmmuO14hiKBh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680947, "uuid": "0efc154e-6307-4009-a21e-eb6c494e9d49", "value": 718336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680947, "uuid": "6f6124cc-18b0-4aec-bc00-a686321b6098", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680947, "uuid": "90228806-581c-4c10-8d46-05359df1744b", "value": "Doc-633-17-07-23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07ed2667-253a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689664166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664166, "uuid": "b7a9516c-e56a-458e-bea1-fefd4c4bd08e", "comment": "Malware payload", "value": "8d68b5595da14b99b7004264e8858440", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664166, "uuid": "d9d75ecd-ad5e-46a1-af9f-c3ab39b1ed12", "comment": "Malware payload", "value": "4d578ecdd2559d52993e7fd6e6e4ff379dd1e992df5fe33be5550db787afe967", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664166, "uuid": "89bf238a-3054-479c-8e86-d45bc330360a", "comment": "Malware payload", "value": "f14c512bf6d23d9b6c53a67cc97cc5aeb47162f2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664166, "uuid": "f7535f2b-043b-4d5d-b19a-9593cd05f881", "comment": "Malware payload", "value": "8e5a83a24f45e3063c0600637dfc8aa1bbeddca666493982df470266c525c5ef6063d520cb074b7a87ada2aa021c28fc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664166, "uuid": "a4a4dc61-a60e-4d68-9d9e-f91c2f53fafb", "value": "T16CC319423141C817CCD919B1CDADDAE93A64BCE58E1049F372E07FBFF932291991635A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664166, "uuid": "1bd7d235-3a6d-4350-abe4-d5ec25516055", "value": "2338a03d068ae36ba28407dd723c74a4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664166, "uuid": "521447a1-36be-45cb-b76f-1ca2b50fe4f4", "value": "768:OHVOK8Y3pqQV9+lT4dCLT/GlWFwt7RtHtHL7BaEEEEEEEEEErSdkWzt3RrwIO:OUK8Y5DzGEILTuZ5Ttr7BVSHIO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664166, "uuid": "39e54e1a-ac8b-4a17-8240-bf0390cd087d", "value": 118784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664166, "uuid": "88c9bdfa-a82a-4ae1-ac07-f8626dbcb057", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664166, "uuid": "8ecb8054-fb90-4de1-9352-aca9f2e2e50f", "value": "8d68b5595da14b99b7004264e8858440", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d67ba3a-2557-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689676819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676819, "uuid": "d2e62ca5-6d51-4361-8ef7-29e8f5445958", "comment": "Malware payload", "value": "ee558e1d6116a944763394180769dbf8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676819, "uuid": "7b7d4bcb-50af-4b5f-8870-34e6592da6ad", "comment": "Malware payload", "value": "4da5fea1b926146058bc4ba1a5b617e9e7c17a3f19a83397bda6c0cb70950d48", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676819, "uuid": "0f5b29aa-a4d4-405b-a483-90b0197336ea", "comment": "Malware payload", "value": "52e4ec6a7bd6f927cb6839965f7ccf9c9f151415", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676819, "uuid": "897e6229-895c-4a26-b1f1-268c2d9c4105", "comment": "Malware payload", "value": "6d2bd5346dc333159fd9681a2a7c02f97be299ab8c34a945d155ea6c8a614965128ea349c43a7c5e749f90c747667fa8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676819, "uuid": "7e536ea6-66b1-4824-956c-32ceb70717c2", "value": "T1DF835C5174D1C472E5762D324870C9B05E2EFA754E719E6B3798423E0F343C29A2AEBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676819, "uuid": "8ca3ab10-a0bc-4de5-869f-7f8d45618df5", "value": "87d23666eed4de810d9f30f0a8f34ab4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676819, "uuid": "b7e32b89-e71f-40cc-a3cc-01466c0730e3", "value": "1536:v+AJHMGR4DGjFpK5sFtNTphbr1Rw4Ilp+rUmqpQ1VGHDubmfs71:5HMGR4oX9tNTphbr1Rkp+r9r2SF1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676819, "uuid": "1eb9f91f-b365-4aa1-9e0c-072851ade792", "value": 82944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676819, "uuid": "334cc324-f572-490d-a36f-e53e2c744f02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676819, "uuid": "54d64380-0536-4610-884f-7c00b86318b9", "value": "SecuriteInfo.com.Trojan.Injector.DII.20149.32383", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a3b8197-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680115, "uuid": "1d73796f-dc16-40fe-98e6-60ab17c088c6", "comment": "Malware payload", "value": "28fee53a7bfe62ef7e327b723691d0f5", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680115, "uuid": "b2448540-5248-4df3-88f2-5184f9d17af7", "comment": "Malware payload", "value": "4e390b0b63aae266fa62477a27244868c228951a7fe6aaf47e3f0d0413b30817", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680115, "uuid": "27289da7-6ca6-4482-a3f2-0e7eba0ec9e7", "comment": "Malware payload", "value": "adc44bae0aeb08be39a1c69f8d1a48182ef2497a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680115, "uuid": "00dacaa2-94b5-47a6-9eee-d3873619511e", "comment": "Malware payload", "value": "98c18050b8a573460aab68c580ed4d185d2ab7ff2732e9ecf1e557d42047f522a3e6d918ea967b992e28054b6a8c751a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680115, "uuid": "3e281c1d-a54c-4247-b20c-38496cefeb9a", "value": "T1AC6533FAC22492FBD167BB735409AF68640879D7408876E7765BDAF9B2B1C18871330C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680115, "uuid": "96471cbe-3292-430d-a989-5168414556d8", "value": "24576:KscRiXSmVHhxAa2H2h1eirCPsu/r+aCW01vDzOcHkMgra7TOHU1EOrFHwVX:KscoXz8a2virCjrtcHOGHgqx1LtwVX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680115, "uuid": "ed68183e-96d8-40f7-ae17-e2e3facf39cf", "value": 1424449, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680115, "uuid": "5bfe3cc2-dfc8-4329-a320-36f3aa842f6e", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680115, "uuid": "cd711185-772f-4228-a5f3-95240d25cc05", "value": "SAICA TN81804BM.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6da15b8c-2575-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689689677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689677, "uuid": "20869cd6-b45a-4b41-b58d-1a6164f85c65", "comment": "Malware payload (AgentTesla)", "value": "221b4dce039b2a7feaa20a87cffc4dc0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689677, "uuid": "3061f001-c678-4d1a-bf6b-d85684087e5d", "comment": "Malware payload (AgentTesla)", "value": "4e3d57bec4f060ce042685c2eab68373d297ef3506a2a53e65efebefa5f084fd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689677, "uuid": "5a6e14fd-9b17-4ffa-baf3-6c02fe6b23c2", "comment": "Malware payload (AgentTesla)", "value": "4e0e55f8b9afc959aaacc217327722d3a9db2f97", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689677, "uuid": "0dbcf49c-1490-4d0d-be67-f9b655600628", "comment": "Malware payload (AgentTesla)", "value": "0170cb08772a7aa576f5c3802f3b8ec4c954bb6ff5848b9061c2b22b6be1239832276f492c5c34073a89a43e6c56aa06", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689677, "uuid": "690c6ff0-d647-4961-821e-6ccd8e6041a8", "value": "T186D412005DAA5B23E0172FBA444225F2867B47E67915CEB35C4EF476FB26B0EC861B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689677, "uuid": "6d11b8af-b91c-4df6-aa38-215f4960907d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689677, "uuid": "86176703-3690-43c3-8365-77dc7ce6d0a8", "value": "12288:dmAY2kcdbL4EfTvq84aF7+T1Hp8eetrLuPIs0C:oN6GEfTifW+ZHp8ewrLu2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689677, "uuid": "bca66048-5c04-4fde-bf19-db1543e1b487", "value": 627200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689677, "uuid": "b89e2c86-e692-4711-96ef-1c582b0694a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689677, "uuid": "f2602426-dea4-488d-98f9-285fdc4819fa", "value": "221b4dce039b2a7feaa20a87cffc4dc0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edcaad16-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689685597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685597, "uuid": "651bceec-7b10-4f74-8c48-8fa7a928a54d", "comment": "Malware payload (Formbook)", "value": "efb9c84739b1722573de55e574202c46", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685597, "uuid": "b9464bd4-5a0b-434f-b869-81bb51ad357d", "comment": "Malware payload (Formbook)", "value": "50c201f5a6577ba3d171a019f584451486f19d532172790a9cdc6c923fcd983c", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685597, "uuid": "198f3e31-ae72-493f-a7db-f027069a3440", "comment": "Malware payload (Formbook)", "value": "d8cc6702493d0903cb8cb259109072e1d1b3eb3e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685597, "uuid": "cb5b71d0-2459-46bf-8469-a8a5a39ae618", "comment": "Malware payload (Formbook)", "value": "5f4b3536abbbd974302774a4011d475f8ac28fec5941b284443e34d754c274002791d917fbf77a51ad897ace768b870e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685597, "uuid": "6fd1f2ba-6c42-49ad-9423-ce57410d0f8c", "value": "T16623B05AE78E02648F9113B7570B5E899ABDB23EB3505171386C933433EDC3E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685597, "uuid": "70bbcdcb-eb50-4600-a770-3e721d552b00", "value": "768:cFx0XaIsnPRIa4fwJMTPmyxcTi9wpN1zEIeEWChbhWCnUqkDLC8JwH:cf0Xvx3EMLRWmcNiqWChbhWCnUqkDL9+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685597, "uuid": "79f8dac1-69f7-4f47-9e30-b2177a47e135", "value": 46703, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685597, "uuid": "0358ef14-12ca-4117-8afd-a6fe3e6ac2f9", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685597, "uuid": "49b26742-3b44-4b66-8419-dc9dc07f8a78", "value": "efb9c84739b1722573de55e574202c46.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f89a7f9-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689686674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686674, "uuid": "73dc2b9c-f3f6-4bbf-801d-57cf804309f4", "comment": "Malware payload (NetSupport)", "value": "3cdd5c2e3f1d9536363db26297ccc3ee", "object_relation": "md5", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686674, "uuid": "cf1c010f-421c-4d60-9f56-a353578819aa", "comment": "Malware payload (NetSupport)", "value": "50cf3d4f944c6e90718dd37ede3a9f1cf728b4ffde4ab6e525de0c5b73e8f30a", "object_relation": "sha256", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686674, "uuid": "f1ccc127-2643-4dc1-a857-96ec5da920a0", "comment": "Malware payload (NetSupport)", "value": "60c59a6729efb3ca395e596c58ecc3ae92be4f0f", "object_relation": "sha1", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686674, "uuid": "45f98cc0-99cb-4b89-bd76-1c224552fac9", "comment": "Malware payload (NetSupport)", "value": "62fab7ff4385d9233c7e3bfd2651e6f5a4a006c622e24852f4aed876078218d7355d5b9081d7c319b1672114db93641f", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686674, "uuid": "ba6c0cc2-d95d-4e77-a5c3-d5dde78c893d", "value": "T1BDC41254AF9992FBCB8C5928803C9E0C79657D4054A3DB6EDD81FA339F87B9221C80F5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686674, "uuid": "7d1a0a98-1baf-4729-b189-9b77127ba58d", "value": "12288:Mw6lc81pZlUUUUMtKUK1KSKPKCKCK/Zp8wDlj4W4f464y4W:M7pZlUUUUMM3UByRR//8clQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686674, "uuid": "e0d8cd04-600e-4586-af83-fa4db14135e8", "value": 585894, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686674, "uuid": "74d26766-df06-4383-8dda-bb1a1501e82e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686674, "uuid": "a815b4c4-0db7-4801-b12e-79d4022f372b", "value": "3cdd5c2e3f1d9536363db26297ccc3ee.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b452192c-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689685501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685501, "uuid": "5c69d79d-2c5e-41ce-a975-675bbd823e0d", "comment": "Malware payload (NetSupport)", "value": "3a0000407dd239c1e4247138def47413", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685501, "uuid": "5eed6b82-8872-47c2-a326-7c147ef9285e", "comment": "Malware payload (NetSupport)", "value": "520c6cf87d2903886a274134a2a94466de7a4315b4c48c97d0144dc995cef84d", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685501, "uuid": "ee4f237e-bb9f-41c2-ac0d-d17123e9f687", "comment": "Malware payload (NetSupport)", "value": "6c88ab844b433590300cd44b2ae49e71f99e5974", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685501, "uuid": "cfdf9da4-7e5e-4bd7-97cd-e55184abee88", "comment": "Malware payload (NetSupport)", "value": "6dbf987f3aa9ab529ef3eb24f3fe82ed47a2391a672d1d1a5871edd1f8d48186159814bfea7b6cad36474cae45af5b4a", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685501, "uuid": "a0ca8622-2e67-44ab-a3ff-997475a5ed9a", "value": "T160F099236B0EFD0D0A1BE28A21B454102FDA8840A46FB9129BD81C0E8F329A819CF854", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685501, "uuid": "3d871668-d5da-4dcd-910e-a641bc6fa12b", "value": "12:0AMx/vONhH+vI8nJGSyDWVTXuZ7/PfY8oK51WGXK5ubluLi4Fjn:HMpOheQoC1l1Z3BXK5uYi0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685501, "uuid": "852a2efb-26de-4099-bd48-7f17b8f1337a", "value": 637, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685501, "uuid": "f62660e9-1e52-4c0a-b0ed-c15fd408fd24", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685501, "uuid": "2c051584-0c23-4f1c-8d90-bdd6fb4fea82", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4af081e-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689679891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679891, "uuid": "4bfc0efb-bd8e-4988-8a9a-4b0ea1894d2e", "comment": "Malware payload (AgentTesla)", "value": "0465827232105643cb826e49a1c2f634", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679891, "uuid": "1fab9032-0e7b-47fc-936b-bdb1dc3f99fe", "comment": "Malware payload (AgentTesla)", "value": "52c3f20d0519b4e85a154145042e66963411a4582998067525076ca85489b89b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679891, "uuid": "9e17d583-9079-48f9-8479-489a2543ebe3", "comment": "Malware payload (AgentTesla)", "value": "40173b5eb8a674ad5c70f81cd6d95f386ff0cdbb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679891, "uuid": "f98a527d-7cad-4393-ba48-88083915c217", "comment": "Malware payload (AgentTesla)", "value": "3b60e2d9e20d2b890719d83a94f4b9e45b5d27a0133023d4a439fd74ecc4de1dcd2b53ed70f1d74d397225b11bb8fd0f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679891, "uuid": "6dbeee97-7901-44a7-abc0-5f436538545a", "value": "T13D327E3A68C81C6FF617D0B640572304F2A461A7522E6D3E7F72B95EC5B91CE6A00AD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679891, "uuid": "50479897-b722-4ce6-bfcd-472a0cb3005a", "value": "192:nya0NM7VLWBARgZVPCK44AG9xXSJ+Ej7tJY/KwoKAT9WYncWe6V:nyXM7VLWBANK4499xXSJf7tJY/AEYnXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679891, "uuid": "e20d1683-a46d-4873-a16d-d5ded3173222", "value": 11083, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679891, "uuid": "a26bbac0-4bf6-46b6-ac6d-f95e24a7941d", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679891, "uuid": "bcb8775a-c1d2-4120-9b2e-2ac3670da6d6", "value": "PO PL101114.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28edff6e-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689662074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662074, "uuid": "aea3520e-03fb-4343-8e39-0fd167ecb421", "comment": "Malware payload (Loki)", "value": "cfa0444386011ff47c140f5e476badf2", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662074, "uuid": "332ceee0-e13a-496a-bb95-dcc2d7323d95", "comment": "Malware payload (Loki)", "value": "52c57b48d18cc204ce5703306dcf0f036539f6c4503bc9831c584a0245c1f070", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662074, "uuid": "d1c95829-7a55-43e3-8ba9-007cb22e7c63", "comment": "Malware payload (Loki)", "value": "a566d876b49d25cdbfac4913eb52f887fa134a8d", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662074, "uuid": "bb00d5ba-e233-4738-ae52-ddc7aa06b961", "comment": "Malware payload (Loki)", "value": "e592f3cecf735b213df11185cda0ba04fd05de85b9802dc0a7d2f8c1c184e3cfefc735998baac818f4809ec4720a6fe9", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662074, "uuid": "c5fd2233-dfab-490e-8c7c-9c78bf9356be", "value": "T119E4E01037798F13D4BD63F99024661493FA6E5B622ED3588EC33DEF359AF504A02A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662074, "uuid": "031205f6-31f8-4b55-b907-d659c0fd545f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662074, "uuid": "de62e348-74f6-4ec0-833e-2f0394520a35", "value": "12288:wf+kSkYXcW9Ro8ofb/WT4UkuZTFzoU4DthVeobNdevTmm4RDMl9TmEf9vSKjyj:wG//XcW9Ro8ofzW/ZTF8JVeEN0rD9Tm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662074, "uuid": "74360bc0-dbc4-47b2-ad8f-b04ab1375994", "value": 677376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662074, "uuid": "1c0f0098-df48-4a95-b11f-386d875e539d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662074, "uuid": "ee816587-4245-4113-8694-c9a5e46310c3", "value": "DHL Receipt_AWB82147507884178.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f22bcc0-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689672527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672527, "uuid": "94307290-c6ab-423e-b2b4-ed57dceab163", "comment": "Malware payload (AgentTesla)", "value": "1856780ce368c804d161c4ac210b3ac3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672527, "uuid": "eb7dbca0-65e0-4d73-a063-da24de954865", "comment": "Malware payload (AgentTesla)", "value": "530818a929752565849f8b1fab483a6a78d76488472db01106114046e2dd3466", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672527, "uuid": "11f97553-2463-43dc-aa1b-ee34b1a901c8", "comment": "Malware payload (AgentTesla)", "value": "aeeb309333e51c957c9186d85529cdd0b36d8aa8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672527, "uuid": "2eb8bdb0-52d9-4db3-b605-7c815101e9c0", "comment": "Malware payload (AgentTesla)", "value": "8a63f0e3edaf15c8491b62611e7937894d25f16adfe5552a3351df6a15185e9dfdb93678a48c271a807875099df659dc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672527, "uuid": "2a5cb90b-b26a-4abf-96e3-c5fd9af0a024", "value": "T137E4CE8133788E35E46EC2BD2429219CDB79B43E74A2E25A5F5B34D12E20F77371A643", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672527, "uuid": "3892cd1a-3f47-468a-850f-e81d916d7a4d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672527, "uuid": "30119fe6-5252-4eb6-a65a-3d707af4e210", "value": "12288:eDp8BHpXxeH2RINKDbmxYJJh+kBeVgRhLa/l5fi:3BJXxeWuNKHmxg+Qgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672527, "uuid": "ee440814-b6cf-443f-b5bc-056cecf5e9b6", "value": 658432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672527, "uuid": "ce4f675f-53a3-40a1-bcfa-e27b9f5ef7be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672527, "uuid": "64266faa-9925-4f59-90c4-ed338d16e723", "value": "zkE0sgJhETMO1uB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "179ce334-2598-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1689704565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704565, "uuid": "f7041b65-46cd-4098-98ea-d0560a263fde", "comment": "Malware payload (Cobalt Strike)", "value": "f2338a27778925ed4f5439ac9dfde43e", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704565, "uuid": "891d6b17-5182-473c-ba27-872bdbf956d0", "comment": "Malware payload (Cobalt Strike)", "value": "53c31c1987e6d560be5ed2cea896b4f7053aa9719ad9e9909bff6cf503b7921d", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704565, "uuid": "3c51dbbe-d332-4d25-8814-5e026b99e2f8", "comment": "Malware payload (Cobalt Strike)", "value": "90c1e6e39015649bce8c75232ed156a1afb4b4d2", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704565, "uuid": "25cfde68-e2e2-437d-a77e-8a2dc850fc62", "comment": "Malware payload (Cobalt Strike)", "value": "1fb2abf2db2398ccc08c291e9c1784f6cc9c521865e36bf6693575f1fc05268cf677b1a4c7180834dafdd6e864732c2e", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704565, "uuid": "c09403f5-a17d-4c14-801d-843f1a32d4dc", "value": "T13CB69D33B94165B8DAEDE530C5215602BE743C4B5B3023C73B55B2BA2A7BBD49E39390", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704565, "uuid": "d8a08c70-f7ea-401d-992d-56df40c33d2f", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704565, "uuid": "015a7970-e186-4108-8dc5-6ed8b651aa1c", "value": "98304:D9FHs5BIA/xTFRElJQahXXs1CiCfVq0P20Tv304bm:ovZIlXXCCiqE0P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704565, "uuid": "6b635719-8101-4810-bc79-4bbd20474431", "value": 10896896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704565, "uuid": "2774f39d-ec02-4f1c-9377-9954390bb8ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704565, "uuid": "317aa033-22db-4a54-9d7f-ee896416d374", "value": "DF6C0E32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15f9e2d3-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689686094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686094, "uuid": "cc623aec-e886-42f1-8d40-3208aad2c0a0", "comment": "Malware payload (RedLineStealer)", "value": "4ea23845a1dd8575bb6f129ebc281803", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686094, "uuid": "c773749e-e28a-46bc-ac3c-a20c0c69e7b6", "comment": "Malware payload (RedLineStealer)", "value": "54347c92b3f40ffb6e06b6c2491094dd9a35c84a2eeb09ec15e20ba0b69e1cd5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686094, "uuid": "4f5a36e0-db96-4f87-862c-989d57b00645", "comment": "Malware payload (RedLineStealer)", "value": "68dae183622d64386414e44784d83a9882c70b74", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686094, "uuid": "558614e9-9e25-44d0-bb1b-7d9412225779", "comment": "Malware payload (RedLineStealer)", "value": "aa691b769ff9c12f703f2de63684956c647457c49f6a094931964405ef776182ed58185ae523c754df362f1970f9eeb4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686094, "uuid": "84ed4330-294a-4a65-9600-332c6d8cd477", "value": "T1C594F74392E17D54E9258B729E1FC3FC774DF2508E8A3B6A6219AE1F00B11BAD1B3714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686094, "uuid": "2e14483c-6880-4bf9-a328-a2bf4eb75b81", "value": "1f46cd2f6fa2b68be3021a7a4bfd8efb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686094, "uuid": "3a5b5c20-02e0-432d-b1fe-eadb220eb16e", "value": "6144:dZxLbep4hNIK3FrW83PB5CrcTTvl8C4D2QcwDaKXOZFys6T:pXeaj/ZfPB5Cre98C4DjcwDJ1f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686094, "uuid": "90acc91d-2407-45a4-a580-71f88b095f88", "value": 420864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686094, "uuid": "8e06ae52-19f6-4947-b163-0364183efd56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686094, "uuid": "9c1f5f4b-4fcb-47b8-87be-884d0851c54d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5078aff-252b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689658121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658121, "uuid": "f4877364-efdc-413a-a022-47daf2636266", "comment": "Malware payload (AgentTesla)", "value": "0a89eb7f0603dfc6e6283b03a260d9d3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658121, "uuid": "cc043f58-34e1-48b7-b5f3-ae096ef373ae", "comment": "Malware payload (AgentTesla)", "value": "55d62602fbaca82ec54e520aa021690a91a0d5d1f6783747a4a2a97f282231c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658121, "uuid": "ad63be38-b380-46ed-aeb9-d9ae875c19ca", "comment": "Malware payload (AgentTesla)", "value": "eb589b8ddd713280d407d3646dca9055673df5ab", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658121, "uuid": "0d360233-94b1-413c-93d9-2a907679b16c", "comment": "Malware payload (AgentTesla)", "value": "67e832035845e48918bbdcba53b41c5fc77adeb227d6334ccf908d130e466146c2668c8ac7d717d5b0b6e5f1a4c2c034", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658121, "uuid": "61b04d35-28f7-42c6-8a21-85836165fa87", "value": "T157944B606BE5C963E6AFB376E0B60204B770EC1AE29AE75E484474E51C333017E1676F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658121, "uuid": "eb4cee85-134f-451e-83ce-002b1afe40a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658121, "uuid": "d9963ed2-7bc4-4ff5-b191-39452b085538", "value": "6144:Vb4F2TdvAm4v/coYqf+gYQSQzE/XZUNNoYS3Gv:s2RvAm4v/coY2+gO/JUN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658121, "uuid": "54ca561b-2d10-46e6-9152-df920d08c18f", "value": 410112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658121, "uuid": "fa031b62-5f57-4ed2-b0da-9462474d165a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658121, "uuid": "4ddd536a-94f0-4828-b54e-1feea4adec10", "value": "SecuriteInfo.com.Win32.MalwareX-gen.12909.6026", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4443a044-252e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689659113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659113, "uuid": "2950e5ea-edfc-4de0-9b42-9aee049fcb20", "comment": "Malware payload (AZORult)", "value": "22fbe5afc59b103b2e61d057b43f8347", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659113, "uuid": "c77485e9-6d0a-460c-82b4-7a32d932afb5", "comment": "Malware payload (AZORult)", "value": "5629a3ae6193f39e3d63b927f028e1e06cde3a1e7fd1c11a1bd22859db3be241", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659113, "uuid": "3614bd42-97f4-4d68-85c4-3c6162d80120", "comment": "Malware payload (AZORult)", "value": "9244689871941902ab5de2b54b75a1f3918a1d62", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659113, "uuid": "ace13669-2296-4100-afaf-0e56bdafd8ac", "comment": "Malware payload (AZORult)", "value": "a2b4fe9ae9c9f959696463774e20307e4bb031d04a7ec916d59b625e7a14f25f55e005ab45ab06764aad8efed65e3f70", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659113, "uuid": "7ef68041-3d1f-42ee-9334-98be493528e3", "value": "T1DBC42344158C801BD8F518F0E7B1B705E1B64E924379C30A57DEFDA0F9EBB924B12AC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659113, "uuid": "e80c64c3-4db7-4f74-9445-2a5dd0fb0158", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659113, "uuid": "f849d082-1a4b-4db5-8ddd-226008079adf", "value": "12288:Qfb/WT4UkuZbZ6SJp/5k++aqcs6mUaGVx86tJ/s5v4P:QfzW/ZbgG5+ahQCVM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689659113, "uuid": "d74017ff-8dc6-4e4b-9439-e99783b66d1d", "value": 545792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689659113, "uuid": "9160ec2f-5ddf-4382-8993-ec8bb6a6c901", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659113, "uuid": "99b87164-3bb5-4a56-bddc-cb57e4e7abe9", "value": "Purchase Order CW289170-A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e862790e-256a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689685159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685159, "uuid": "5a3e9363-bc81-489b-9033-c99b592b1e84", "comment": "Malware payload", "value": "91c084440857157ce1747217f3074a98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685159, "uuid": "0ae2066a-49ef-4dda-b961-51de7002aac3", "comment": "Malware payload", "value": "563b100a6b1320bbb3701eba4e2059f183ad6c9ebc0aa691871625510346e12f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685159, "uuid": "fb415af8-2b52-4107-a246-3ad744a198ca", "comment": "Malware payload", "value": "05c6423c2a9531543f0c6f5e593df8c858cf1740", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685159, "uuid": "c311aa03-23e0-4b87-be0d-31a92127c843", "comment": "Malware payload", "value": "45f056f3f5346ed4fd373b8e11f99c6c30281a43d823c612af5f068657e7278337672810662fbf3bd2e74016f3424d02", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685159, "uuid": "1f16b1dd-5c1f-4bfa-9bce-fd734ecbee7e", "value": "T1A1343C05B7E4CB51C35405B6C0C72524A3B79796B772EB0F3A4422E61E02BDAFD8B64E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685159, "uuid": "c98f8f3a-f243-4788-a049-17d517c54b26", "value": "6144:3Rb8OClXTSgmcm7Nw8RuXVa5c9clQDhq:B43lHIN3RWa2UQA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685159, "uuid": "4c51114c-f138-4c22-ac4e-072d083ea632", "value": 241152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685159, "uuid": "840a34be-a495-49b3-b112-c8bad637d07d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685159, "uuid": "6476f88e-6ee9-4569-ad38-fb42dc57b4e1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b92b87f5-251a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689650720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650720, "uuid": "9273aa12-de7c-4b8d-83a6-ea77cec0dfec", "comment": "Malware payload (STRRAT)", "value": "6cd6e92cf5dd47f6ff750ebc9391c811", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650720, "uuid": "4f0877cd-1322-4bc6-92ad-9954b47a4383", "comment": "Malware payload (STRRAT)", "value": "569f5f6de156bec90f9b0b0e4e707a702c0fea26ab6a0711e32f4a413995ae7c", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650720, "uuid": "70f67ba3-22cf-4911-8309-f402a1de9f84", "comment": "Malware payload (STRRAT)", "value": "04013d4ecc70a37880c9216f544026bd7933f2a4", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650720, "uuid": "ab27cfb6-2151-4d32-b297-d9215972eadf", "comment": "Malware payload (STRRAT)", "value": "9c1163566aa9cebeb0cf95e9e2ccecae7be50b3b2ce9afcf990b76092fa0d17a6f0f4d1f2ec7e2ea8355858a2ba1cbe3", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650720, "uuid": "d570c57d-ded9-4696-b0ac-945d3b4a2a79", "value": "T1245402EF7896D0AAC007417BE280D677681D0782C099D2372DFF3A664934D6A1E15EEF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650720, "uuid": "12608b11-e7ce-433b-86a5-1abcf8606a79", "value": "6144:MncBcGGAC6JKpELOVJCDuSsBlvOz1hPkoVsdVhacijUz:IABJKpOOVQDuJB0zLZydV7g8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689650720, "uuid": "1914431e-2958-492c-acf5-d42a2175d37d", "value": 281010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689650720, "uuid": "3e9d1176-088a-4be7-8a50-f517e966cef2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650720, "uuid": "7c1dac7c-13e7-48c8-a614-96857f84f14a", "value": "ORDER-237017.pdf.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed0cfa27-2523-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689654672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654672, "uuid": "cc0bdcb3-6d15-4efe-8ff7-105a30ae6f20", "comment": "Malware payload (Formbook)", "value": "06f84a3f8bff9e5772a06bc9e913a540", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654672, "uuid": "2a033b16-2a12-4c98-b5d2-0ef246de85df", "comment": "Malware payload (Formbook)", "value": "56ad658ef29551d86add3dc7f16538402f1d894ec746bdf14444a4b01deabda4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654672, "uuid": "0c6921de-9e96-412c-b3a8-640a4e7ca7aa", "comment": "Malware payload (Formbook)", "value": "555f56f4e633d8ed987f887a58bb98a67dcd4223", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654672, "uuid": "ff522b2b-37be-4258-9917-75528a4df130", "comment": "Malware payload (Formbook)", "value": "d84cd2ee8ef647840074230983b286f91c6f7f5f425bfe20563a77648c5a079fd63538d53c174b3d1114e5599c3156f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654672, "uuid": "ce1bf718-0d52-472d-b901-72bd12eb0d61", "value": "T15805F10076284F0BE4BD53FAA1549A6453F85D5B226FC3488EE33DDF3A6AF504741A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654672, "uuid": "4ca8a2a4-ecf3-42a0-8f13-e88e197f7236", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654672, "uuid": "b99f0807-9476-48cf-aae3-a0e2aaf29624", "value": "24576:VGDRcW9Ro2yfzW/ZPkW34VX+IoKago8ySPF1b:VGDRcW9Ro2ia/OjiKagoUPF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654672, "uuid": "e928dd8a-604b-43da-a0b2-334f0bd76a42", "value": 795136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654672, "uuid": "95228037-3a8c-415b-91c2-cf7b04b0477b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654672, "uuid": "e9640b09-3112-4f02-bf9a-aa216f4d7b38", "value": "SecuriteInfo.com.Win32.TrojanX-gen.14410.8743", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2987a4a1-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689685697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685697, "uuid": "626570d4-097c-457d-959c-a0acad0e7275", "comment": "Malware payload (DarkCloud)", "value": "d0ecd4c406fabe7d6007ba0fdb8601be", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685697, "uuid": "415e8938-0de8-4c86-9b2a-24e4a6eba642", "comment": "Malware payload (DarkCloud)", "value": "571cc0498824bbf035b1291c9dc08726c93a943411a21659916d2ed27e6fa3f0", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685697, "uuid": "6b88347d-c9c7-4a38-96fc-4e5ca1fd8155", "comment": "Malware payload (DarkCloud)", "value": "222b803a73362c82403e9d54c6bfd77520ee3df4", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685697, "uuid": "93a83d6b-cc0a-4c2e-9996-4325be12a997", "comment": "Malware payload (DarkCloud)", "value": "0bc95e6e3d0e53a6b4d0389f81c3604e0bac71688257e313f4cf5f998a2a59f68db17c995101e31099fe02ac5bdc2f2a", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685697, "uuid": "53bcd770-91aa-466c-ab3c-67a96e328d8f", "value": "T1290523388D978E17EA5F3F76005033F082AA1DC87629CA275C04F5EAEB19B1F8D51997", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685697, "uuid": "2aad1ffa-d4c2-4635-85fa-de048dfd07e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685697, "uuid": "1043bb6e-8311-4ec6-ab50-37f5e0cbe304", "value": "24576:yN6GEfZvSDSkd6fDQ6eC5W2YpRvgDpnLT2bI4hwbOQoEf4d8:C6hf5SukMPgbpRvQLCc4hwCcE8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685697, "uuid": "7c09360d-5ab3-48ab-b6a1-e7ada895131d", "value": 864256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685697, "uuid": "e536950d-6a6a-44bd-b800-66b6be71ee8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685697, "uuid": "f7060a46-96df-4153-abf4-6ea3dd1eddd1", "value": "DHL- AWB 7344827125.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "360c1b8f-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkTortilla)", "timestamp": 1689662096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662096, "uuid": "244e255d-019d-43a1-be50-0b40078ea292", "comment": "Malware payload (DarkTortilla)", "value": "d5fb520198fb28dc645a8757fcd7dea3", "object_relation": "md5", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662096, "uuid": "170b9ace-5521-4413-87d2-d8082b74bde8", "comment": "Malware payload (DarkTortilla)", "value": "579decb14fc21f6ab8e520a2eacb56ffc1bc573df67356fc6cedc108bd8cea8e", "object_relation": "sha256", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662096, "uuid": "080e85c6-e1ab-4190-90c6-992f35133200", "comment": "Malware payload (DarkTortilla)", "value": "03a79f6b3a52df8c65285f10b71341f70a7707ae", "object_relation": "sha1", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662096, "uuid": "f91beecc-df2b-4fa4-9db7-2bad2f93f245", "comment": "Malware payload (DarkTortilla)", "value": "94110c84d5e7e9fad25b262758d100967a211b36c5be2e809a7ba3a5a703e8a712d2388c1e43838339adebdf15179d72", "object_relation": "sha3-384", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662096, "uuid": "b14f3360-53aa-4d2e-b29a-f6685d26052c", "value": "T18F455A1DB2D5D992D9257238D42484B02BF0ACF9D255E41B38EC7F7738713C11CABAAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662096, "uuid": "37946614-6351-4bf9-bb2c-095c99ca3a75", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662096, "uuid": "aeb54ca3-a579-41cb-9d0d-8657742cb477", "value": "24576:fqnzg/xqtGzIGHe/eXvmHTRCI/smwGhxVFUk+1pl:WzIYsHe9TRlk6W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662096, "uuid": "d9594b90-7b1e-4b5b-85fc-ea167ecb8a2e", "value": 1190544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662096, "uuid": "73616a5f-ee6e-4754-b14a-5bdb12eaad29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662096, "uuid": "e55c93b0-ce80-4e29-bd1f-12df3ca8cd24", "value": "DHL_IMPORT_TAX__INVOICE_3129143010_KRJ202318092409sq.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "004bde20-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WSHRAT)", "timestamp": 1689685628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685628, "uuid": "70cb69db-4839-4833-9829-669b88f44858", "comment": "Malware payload (WSHRAT)", "value": "dcdd70327905af1b3bee089b4f47a343", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685628, "uuid": "41621347-221d-46cc-98b6-2d84e013f72d", "comment": "Malware payload (WSHRAT)", "value": "58f1b6a6931817eaef17e92901372bc6032dd0e6aa0636f82c7b3176c1ded8ea", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685628, "uuid": "faae02cc-d908-4e4f-8654-2ff025767fe4", "comment": "Malware payload (WSHRAT)", "value": "fc26fd4b71a7d6f94d191eca8ad1e4303a679075", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685628, "uuid": "28b3940c-1bea-49a6-8de0-9884053fffce", "comment": "Malware payload (WSHRAT)", "value": "baf45f6b3e7880e2ed0c403ed079cda84fdaa55ae68044003e8ed1d564a504c2d379fcad764be6dde93284518854eed3", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685628, "uuid": "e5688aca-a55d-4de7-9301-8030295028a4", "value": "T1FA4645D17CF8663DDB93602ED7937FA5A850200F6CA79E849A8167CE6D3FC44A834E05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685628, "uuid": "3dc6d7ae-1f24-4cd5-b233-c3f5aaa2d60e", "value": "6144:XgHrlNOv7uIeLpJMaO/lfSiSiV/r3ZPuK/v4lOVdMorRpVDBqP3nvBrXQklUOu6z:iPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685628, "uuid": "89cdb6ef-9a35-4a52-96f5-9dba7705133e", "value": 5568808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685628, "uuid": "1879ae8e-cab8-4046-adab-f929d63b1837", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685628, "uuid": "72fb3989-193b-437c-8d76-e8d54d0af355", "value": "Scan005510.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae31203f-2580-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694510, "uuid": "e39486fc-a690-4858-87c7-41a7bc65dad6", "comment": "Malware payload", "value": "1700bb9bbf594ed80edf78568ac28d61", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694510, "uuid": "010c2a12-d042-492b-a6b7-ca5c657df906", "comment": "Malware payload", "value": "58f82c1a8e1cd80398758c7509cbfdd8e635eebfda67648a67d39830faf36e9a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694510, "uuid": "1108b649-cd7f-4274-9034-e4e2ef991316", "comment": "Malware payload", "value": "47c35eddd1bbc909e47304541bda9026c778f569", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694510, "uuid": "6e89a674-6ed8-43cf-99d4-22a78afbce23", "comment": "Malware payload", "value": "76a4eaf987fae5870175a192db1ccd8195f799a23a3ee17434e30c0f14a65e4c59407d5fd966feffa9f57f7fe32f215f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694510, "uuid": "4fa0f3f3-fb87-4bef-ab31-d2a7f6c54eb2", "value": "T118336B457660C0B3D9AB023959ADDA220A7FBC525BF480933FEA064D9EB11D07B39397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694510, "uuid": "2568d461-3c70-4af0-ac5e-766c011d063b", "value": "90c2b41dbc64bf3f152f09646916224d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694510, "uuid": "d4b491a9-40f5-4708-9617-72c74e9a4cf9", "value": "768:m6EyZ4XjKhDHCoNk5TmS4zUdbY9sEdxWANK/Xs4yxdjlTtByLDSPLg:m584a1AqS4zUqWXs7lTtBeS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694510, "uuid": "cba46c37-ae89-432c-a129-924c58757fbc", "value": 51712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694510, "uuid": "7450e246-867d-46c5-b9ba-bba73ae06535", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694510, "uuid": "cffd2857-a9a3-4751-b29b-36e120cf6d0e", "value": "SecuriteInfo.com.Win32.TrojanX-gen.13430.16956", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "066ec081-2598-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689704536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704536, "uuid": "69f2695a-5312-4805-8e7f-87e0629bc795", "comment": "Malware payload", "value": "474293e5db664ac96e59a9f4f2f7ab35", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704536, "uuid": "3696af73-db7b-413f-b79e-bfdd67caeda8", "comment": "Malware payload", "value": "5925a8542601bdb1f752802b19c81f668eac04f2e63292c9a545bb47962a9727", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704536, "uuid": "6d7c2326-2c7b-411c-acbe-9bc73d5e96fa", "comment": "Malware payload", "value": "e23cf411cfcb8c645cad26cd653ead0aa9b9d762", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704536, "uuid": "70c1b1ce-0b95-400d-9c22-b80802a2c96c", "comment": "Malware payload", "value": "06165c92b5d8e3690a7d29449e48a82c9cca6ba724da941df6d865d10af75182fbb9621d5b841ae2105404dc4a1887d3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704536, "uuid": "8ff7f751-111f-4a38-95a7-152559ca805a", "value": "T1A6D3494E73B9505AE176937D8A924906D7F2B8200753CBFF05B193BA5E27BC0AC39760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704536, "uuid": "e36eb1ff-65e3-4b1a-99e1-39a2b23b1cea", "value": "150c026d59899221bdd1d565da5f91bc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704536, "uuid": "611dd610-cc1f-4503-8d7f-965cbcd853c2", "value": "3072:ni/QhtPjMiqUyqEBzJvl+AKetjEA0e06OHFEGuWk41:3DjMdFJvUbuWkw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704536, "uuid": "31f98c3e-664f-4bfd-a255-9ed0a8fe15e4", "value": 139121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704536, "uuid": "19f26090-6586-47b6-9889-db70c3c2ffd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704536, "uuid": "8ae3721d-be7c-4d8e-8d35-86d04cd32c9b", "value": "698502.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c303aa42-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685525, "uuid": "152a2426-b08d-406a-8555-9a774ca104b6", "comment": "Malware payload (AgentTesla)", "value": "eae3a2b886252835382260e8e59469cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685525, "uuid": "8afcce9f-cdb8-40d1-a971-83984ccf15f1", "comment": "Malware payload (AgentTesla)", "value": "592c5d47b909ad9ece554b27fdb17cea5530da799af2bfd84bb3004a5710ca71", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685525, "uuid": "d5a59337-1ca1-4e3f-89b6-923c71942ae8", "comment": "Malware payload (AgentTesla)", "value": "e4367d7b2ab6c119674c785f2f447a38e463ce00", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685525, "uuid": "5acc9d61-f9e5-4a2c-bf12-a56bb8b9d036", "comment": "Malware payload (AgentTesla)", "value": "1f7d8501fe9f1b37f68d461d4092d9d6c02fe7bbf09e8ab6c6c3ca609bfa21c127623f61664339f588579735444d46e3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685525, "uuid": "2e7a79fc-5b37-4cb0-983b-592e15ea0cd8", "value": "T1B203E55AE79F12A4CF9102B6671B0E88A6BDB22EF3505571346C833433DDC3E46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685525, "uuid": "4cb431bd-0671-4ca2-9285-3b203f1a06a5", "value": "768:QFx0XaIsnPRIa4fwJMSXO1B/5XdlLVRLqOQLIvYxZ:Qf0Xvx3EMSXO/BXdNpQkc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685525, "uuid": "331973b3-68b0-4554-807b-2b9b32d5677b", "value": 37817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685525, "uuid": "8517d6fe-715d-451a-b540-1d48b089b1ef", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685525, "uuid": "e5744d0b-639e-4fc4-a56f-483747d2839f", "value": "eae3a2b886252835382260e8e59469cd.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5709d30a-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684485, "uuid": "a0a63c93-c32c-423b-a204-a73f22424d78", "comment": "Malware payload (SnakeKeylogger)", "value": "1aa0c36d4fb2ac79a6cb902da1cdf21c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684485, "uuid": "20d1bb2d-2eac-4fd6-a392-c47c052348de", "comment": "Malware payload (SnakeKeylogger)", "value": "5958de331a0caeb250569736c1e1d2634f0ed18526488f4ea55e7731b879c077", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684485, "uuid": "bcb0aeda-875b-4fae-85e2-4f6fe8f2e416", "comment": "Malware payload (SnakeKeylogger)", "value": "e539ad8f06b90105cafd5ce497be6049dd19edde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684485, "uuid": "71f56c36-7345-4d79-82da-c4fd2281f224", "comment": "Malware payload (SnakeKeylogger)", "value": "8313ee7b55909a241e3395fe58432c10362dfb0f57aaeb7dba087a5fe61721d8584c7cdb076e9301882bccad624b098c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684485, "uuid": "ec0d8303-581b-48d4-be22-839df27ba1eb", "value": "T18BE4AED3445493AED97C867AC15B5C672F87FC33C3A0F2156AE8719B09CB2128A6FD09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684485, "uuid": "45540c9c-7e20-4885-876e-82ca10a987a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684485, "uuid": "51dfffbd-b204-44de-bccc-bb88f7fe97a0", "value": "12288:eDv0SxNm1rC5X3NCPYC1zdIIXGo2FwM04sGNn/lBij2l0/eGRYpyuD8Iy/Je/XCr:CMKcZAXdCPYyIbo2t04sGNn/lBij2l0z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684485, "uuid": "2b889bdd-d479-40e1-a145-332af4c00a61", "value": 678912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684485, "uuid": "3c437edf-3986-481c-9642-91ece8a421c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684485, "uuid": "e667426d-d56a-4156-bd4d-8a28af7679b7", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "465a7208-2556-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689676297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676297, "uuid": "d562a5a2-4c46-44e6-a87e-e22d1703cb6a", "comment": "Malware payload (AgentTesla)", "value": "e8350a068539bc7444af66046c37901b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676297, "uuid": "035d8df6-2057-422d-84e2-998c0e2d4a1b", "comment": "Malware payload (AgentTesla)", "value": "5968701efe2fca7f9cc3c54288f2c4506562aa84453d8c6afa3a801f89485ba0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676297, "uuid": "37cd37e8-0824-47d9-8068-9bd87774ddf6", "comment": "Malware payload (AgentTesla)", "value": "c5287edb7f96475ab4cd9d50bea7d1322f0fb845", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676297, "uuid": "929adec9-515a-449c-81eb-f70a12b9be49", "comment": "Malware payload (AgentTesla)", "value": "e09eb849ea8e474b9ce4b8be67c61ea40178991dcfbd7a6fe34367e777c12946f6b1f8b93a0d734b08b2f89493dd67f3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676297, "uuid": "7d1dfefb-988c-4e0e-b997-05f10bfeca3a", "value": "T1A7C423270E155BB5E047348D64707369F3C6D20D36288AA23BBCD8AF560DD9C7BEE990", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676297, "uuid": "661e3f18-1ad0-44e7-a017-72edca435630", "value": "12288:vGimtu89yadFJAqs7w1RQqevIZ8kouc0U9MJRseaU4sQS2GqyD4JXF:vGi+RssqbuRUiJueaUDX9cXF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676297, "uuid": "a16325f8-a9f6-4f3e-b856-1726e10e58f9", "value": 595128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676297, "uuid": "e02a030d-f9eb-490d-868f-76ae84ae031f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676297, "uuid": "e0a3473e-3f9f-48cb-922a-fbc6eaf724d1", "value": "Sea Shipment INV - Final .20230705001.pdf.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e6335db-257c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689692577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692577, "uuid": "5e805454-baab-4565-b095-96cf550d5a62", "comment": "Malware payload (NetSupport)", "value": "6011bc3aa00cc9eefa63bd07c9676678", "object_relation": "md5", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692577, "uuid": "9007d6ae-72d0-4121-8424-eb0fb2dab757", "comment": "Malware payload (NetSupport)", "value": "5a8a48a2be136200954f5f81de68363d5dd8c82489dacae5d6b717b598634079", "object_relation": "sha256", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692577, "uuid": "b2f9ae1f-1ef7-44e4-b425-3cd22b6ce0a3", "comment": "Malware payload (NetSupport)", "value": "9c8fb9c006ab9787254bd6ade3194a90c24d66c9", "object_relation": "sha1", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692577, "uuid": "80112bc3-c6de-481f-a4d9-6a501d3b951f", "comment": "Malware payload (NetSupport)", "value": "c48df157d484a4a114f614fb28546eda4aa8747f4fdc8e8d2a6b3618e18dadb1b8474f9263c7708f78c94ad35d2122e1", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692577, "uuid": "1e0adb0b-d666-4795-82ab-3e431eccc398", "value": "T135D097170787872D040240DB8F7E5BCCC02C88086FA9170CCA20852C0034C0E75DF384", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692577, "uuid": "2d15142b-bec4-4ef0-9396-a27c9e3f49bd", "value": "6:CxBR2Bn23ffTHfFlIw8UlLAHbKx4WImpMB1Bn23ffQn:cn22HDfF0C0vPmip2HQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692577, "uuid": "c51200c0-fc32-4d11-9c08-0005e92c24e3", "value": 232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692577, "uuid": "32f35871-da0a-4378-9d18-de01d8d38d74", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692577, "uuid": "1e2d7701-1fea-4e53-96e1-69064f702a08", "value": "2_1.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b20adac-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689684599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684599, "uuid": "83153fcc-3112-4ba2-9029-3f02d1716f80", "comment": "Malware payload", "value": "6c0cc1280a480ee78ae07861ff8476d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684599, "uuid": "7e1fb0c4-c7ab-40e6-baeb-cbe9c3811bec", "comment": "Malware payload", "value": "5acac023c7d890d3074e9a783157d765223bbe7e4a5c12ab495d4711e0b9e440", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684599, "uuid": "c0de79a9-6afb-4788-b4e7-28a42abb19d5", "comment": "Malware payload", "value": "88918d610ed6a8a3e56ea0c80937e8420d576caa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684599, "uuid": "df227026-afd0-43a1-af96-9ffead6d4732", "comment": "Malware payload", "value": "2d133ce291965099ad9d246e69368acdaf7080af142875da62b06c1afee39b62546f2629af14ed94df9f93d6110b50bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684599, "uuid": "3b62a90b-451f-4d85-a5d9-2ad77f93be23", "value": "T198752201B6C04A72D6772833563A8B60A97C7D302F72CDDFA394656DAE321D09631BB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684599, "uuid": "d4814fec-3243-49b7-bef8-01333d789ddc", "value": "0ae9e38912ff6bd742a1b9e5c003576a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684599, "uuid": "7b83d6eb-a5fa-4eed-96a1-6f9e1f87d8b8", "value": "24576:ntH5sAdXEIFcUo2reDuT3KVcRtMDI77BNiCTH98k+3Fb1C8SX6uRJSBkT7FsAaM1:HdgVBWtpTH9aYXjC87Fpa4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684599, "uuid": "b2ae2193-66a8-4c0f-be92-ffc9f7f8f3e2", "value": 1626599, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684599, "uuid": "ae579e6b-6848-4081-b3a9-2b3ceece4083", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684599, "uuid": "7a1f722b-5896-4886-862c-381d24f1ed37", "value": "6c0cc1280a480ee78ae07861ff8476d1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fce6485-2561-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689681118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681118, "uuid": "aec74b65-11f3-48d1-8a8b-79a47e867152", "comment": "Malware payload (Formbook)", "value": "275b7f6aa4108465bd8bbef68eeffc7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681118, "uuid": "e26f3df4-06e2-4737-a1c1-9b8d1a540171", "comment": "Malware payload (Formbook)", "value": "5ad354e8575a8c5c293f1fa8a1a25de41078a35c843b330a4b7529ec9b042d9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681118, "uuid": "e1030624-f785-409c-a378-aa96f4cb5278", "comment": "Malware payload (Formbook)", "value": "ccacf3c60aa50d621ad857a56598be4d324ea3c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681118, "uuid": "ea667ef6-d264-4f89-a923-ce22b997abd5", "comment": "Malware payload (Formbook)", "value": "f4712a5d3b9576d4d04312ebfecfaec64dd0b8de4f2e4f86f9a1a87c0ad223fd34db2eb7f388a3aa4b0b397799358edb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681118, "uuid": "7f0dea51-9c4a-4bde-89dd-f7a9164d0310", "value": "T19FC4D039803C87AFEB57DBB6D430169322F003A66BF2939C8C7A245F3E7A634A154571", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681118, "uuid": "41febfae-c931-4292-b2d3-c85abef4a2df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681118, "uuid": "d2237613-5511-4ccb-bd71-cb8db356254c", "value": "12288:/qTrQaSejL8ZBBlLjCqj5xlDL4bbasSNUQHLjBw97Pdi17:/qTrQaSejL8ZBfLGu5HDkv5S3rjBaU17", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681118, "uuid": "e599bfdf-0639-4908-9376-8629a8f4377e", "value": 564736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681118, "uuid": "68be99dd-a31c-4b12-944b-7e57a4049369", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681118, "uuid": "cde320bf-b3f3-48a0-9ea4-a4113292424f", "value": "TRIAL-RFQ NO,67TTRPAP-IJN-554321778.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bcfb5a8-2542-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689667823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667823, "uuid": "d1bc73a7-67fc-4c5e-bda7-5a13874e4043", "comment": "Malware payload (RedLineStealer)", "value": "6f40af3a5bd3819fa12956c493e92389", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667823, "uuid": "7a9129d3-8671-4928-b70a-494cf3dbd203", "comment": "Malware payload (RedLineStealer)", "value": "5b29f79768ee0d8a152cb1d3d43a46391760f8af164fd05487a901de652ed8ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667823, "uuid": "2173c9f1-7bd1-4bea-9ce8-d6dfb0838da1", "comment": "Malware payload (RedLineStealer)", "value": "b500adf30f04aa56d371f401e3242806c2c6d803", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667823, "uuid": "1337f518-4d15-4a64-84fe-1eab2be5aec6", "comment": "Malware payload (RedLineStealer)", "value": "417ca2e3228cd70d32983e84031347b937f737b00cdf7ef57374e57edb12d74ab6f16bdda4632ca2aa2429e784f2dd97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667823, "uuid": "76f22e5b-b5e7-489f-a50e-d7720d8ca285", "value": "T1EB55BE006454C725E42CB8B29473DF89DA94A63C2B7FB56087A41BE2BD3FF5C826D352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667823, "uuid": "47c95693-267c-4a34-955f-985bc5358b7d", "value": "372e4e4870a9f350530e0a006218a951", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667823, "uuid": "38f58ac0-de13-4fb9-b258-7c053a1feb18", "value": "24576:zgDorhMYIPLYsdOC7z3QUVgaOM9EiXHWI7Gz5TVz/6bZ1dvahmM8hrRe/3AwBVuh:zgDqIP0s0C7z3QrablmI7CTB6b8owBVK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689667823, "uuid": "2be25ded-2b48-43eb-b2d0-e90e509d5f30", "value": 1374528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689667823, "uuid": "66ffec78-90b9-4ec1-99e9-7c08eb134cd5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667823, "uuid": "f40ab195-42fa-4a47-950d-2da632811b33", "value": "6f40af3a5bd3819fa12956c493e92389.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "346e8297-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689662093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662093, "uuid": "5b8948d0-07f5-4c17-813b-7bb0e4830595", "comment": "Malware payload (njrat)", "value": "9b690fe2b3e9d47575868b45ccd2689a", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662093, "uuid": "ef258f06-6b16-4172-b8f8-3e56757b91bb", "comment": "Malware payload (njrat)", "value": "5b4e06025a6cc4c4911a822a512a092e86dcf58134a84f57f03cf25b0f2b08c0", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662093, "uuid": "6d967e23-fed6-458c-a1ce-00c9ad764125", "comment": "Malware payload (njrat)", "value": "8368a7f4818853138a6484c3f204e9227efa079e", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662093, "uuid": "980fc5d1-e4c4-48e8-9a7c-81076216c1f0", "comment": "Malware payload (njrat)", "value": "b742141c2799589da0cdf4e1e0b4323a30824659fda861845c5e5a43d9e0e45c592fc6a291a0ba811bacf249b1592aa6", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662093, "uuid": "5a5144b3-0c51-4886-8863-65850a4551ac", "value": "T138D4C0313AA55761DC3CC735A132058017F2B917E726E65E3EE601CB2673E04877BEAA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662093, "uuid": "bdcf70a7-f774-4677-a579-36972c12257c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662093, "uuid": "5037e9cf-7ecb-4699-9fb3-bed52614d17c", "value": "12288:pZ+qnwSg/ECh9jCdmKFxqazWvkePOHZ25P:Kqnzg/xCma+3OHZ2d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662093, "uuid": "3f589f41-a59d-4831-9a45-9b62baae652d", "value": 609608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662093, "uuid": "b4a0b3b7-8750-4523-99ef-5446f86e5915", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662093, "uuid": "3972f657-c6b8-4ee9-b280-1f3759aa4d96", "value": "DHL Sevkiyat \u0130thalat\u0130hracat Faturas\u0131 ve Tasdik Belgeleri.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf5c9189-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661038, "uuid": "4b09d796-62fc-4ba3-98b8-d62e495ed4b2", "comment": "Malware payload (SnakeKeylogger)", "value": "d3bbd821283d5f3feb81c065963aa8f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661038, "uuid": "a2c73803-7011-4141-b98c-ccfb27128c87", "comment": "Malware payload (SnakeKeylogger)", "value": "5b58b0a97dac112b439fde1aa15dff60527dec77a0caa4d059e9b6121bb7db95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661038, "uuid": "c130a23c-6fd3-4b92-b3f3-b4b5ea49e024", "comment": "Malware payload (SnakeKeylogger)", "value": "cd4b89c106342b060c334f2e20d273a6bcc387e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661038, "uuid": "3d0b22a9-fcfc-4cdf-8e3a-78658790e676", "comment": "Malware payload (SnakeKeylogger)", "value": "28eebdc991960ab8785f5a0de6e4b06f5933b8114a361a8b57a780f151d1b7eb7544a6c91512113adcaefcbbc5fac3e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661038, "uuid": "069ca9ae-5cc6-40ce-a0d8-9396fbcab26f", "value": "T1D1741B242FE48913E6BF6376C0B61204B7B4DC5AE65AF74F884470EA1C22785BD117AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661038, "uuid": "a39b2f62-7fbd-4268-b212-f809656cf3aa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661038, "uuid": "8d65259b-4c3d-4a96-9586-316c59e03aad", "value": "6144:Td2Gjfd7G+rZwqmDOf+yYQSQzF/DBlxmxhRp:R2GDd7prZwqmDK+yb/VHmX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661038, "uuid": "ca224293-f4ba-4d58-9a68-9a4bb9f1728d", "value": 348160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661038, "uuid": "3cf3154d-9913-4538-a180-a9747c3ba48a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661038, "uuid": "6d0e615c-cb23-477d-80a8-a413061ae002", "value": "Xigjlw.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1889c969-255a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CryptOne)", "timestamp": 1689677938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677938, "uuid": "81862909-38f1-4faa-9499-8e694562a86e", "comment": "Malware payload (CryptOne)", "value": "ce7be26c43124385795924180591d847", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677938, "uuid": "d82fb03f-29d2-472a-9052-ef963ad08b2e", "comment": "Malware payload (CryptOne)", "value": "5b7d0ba935c00115f524c0eb840e29dd45c212c6fd647c8cec8a89598f4b2090", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677938, "uuid": "c5f45205-adb1-42fc-9a60-9cbfc969319c", "comment": "Malware payload (CryptOne)", "value": "901068cde897f89efd532efa47a6b598a608c8b9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677938, "uuid": "adb2a0ad-4efe-4d73-b28e-b5e596f42d18", "comment": "Malware payload (CryptOne)", "value": "dad1dfcc9d837520bcbb41b4de93025db77e01f2e11e955733b28abdc5b5091b617d978741e6718d6cd05d51e4a0baa6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677938, "uuid": "c2c85d9b-c497-46bf-8b06-2f6585c3bae2", "value": "T11F8523027AC141F3D26329325EB1AB71AA7EF8200F51CDCFC794997DBA35AC09639716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677938, "uuid": "8e0fc442-20fc-4bc0-832d-333b1c19430d", "value": "0e806fd55a4f41060c8e206a25d6875a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677938, "uuid": "10d98c3e-100d-4ed5-a686-130d28514856", "value": "24576:z43EKHWhADGeBfJXAEN4U+SuNbs1ra8fh3rh5YkQGbzX2FINcy7TzyKhMAShNlSG:beWh6RBfJXAE6UUU+8fhRKOaybyNld", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689677938, "uuid": "b3e084af-1306-454e-889f-36cb86e2f88d", "value": 1765921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689677938, "uuid": "ba6ca5ae-a665-4965-a44f-830c6e916870", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677938, "uuid": "d568889e-3f53-44dc-8acf-12b33f1a7ac7", "value": "ce7be26c43124385795924180591d847", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd621473-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner.XMRig)", "timestamp": 1689705273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705273, "uuid": "c8dfe68b-8965-4f06-afc1-f645cb091bdb", "comment": "Malware payload (CoinMiner.XMRig)", "value": "95ca970b99b80e1637f0058223ef20d7", "object_relation": "md5", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705273, "uuid": "3da332d5-a8da-453a-903e-e3b3a1885c2f", "comment": "Malware payload (CoinMiner.XMRig)", "value": "5bbe6ef920b3ba77b1f08a6b8fc3359dd5f4ede3899928ff59266a8cc11dcfa5", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705273, "uuid": "66c68066-a7eb-4bd4-8e0c-28cf3ca8c1c2", "comment": "Malware payload (CoinMiner.XMRig)", "value": "15fffa0937e2fc4a5b1adfea795f0e111327e86e", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705273, "uuid": "72e741f8-ac31-4315-874d-30b4bd1f5c50", "comment": "Malware payload (CoinMiner.XMRig)", "value": "f8ce9b80895725bc5924da4517b6d78ebc801ee78ca76b2f3289dde80dd024addb095974581eb8585fbeb0f790ffe05f", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705273, "uuid": "a49e78e0-9edb-40af-ae34-94b9c99c04f1", "value": "T1D4B5022ED9465E0DCCCF05F156E6A0722851AE0B1A8E0A9C7D76FE6837B43C44A1F58F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705273, "uuid": "365bb986-2911-494a-bf31-d59afd29a5d9", "value": "979c5e4f81631220f9ef1e732e1a3f3c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705273, "uuid": "bcbe1da7-9edb-411d-9c01-b5e0ddbbafee", "value": "49152:2PqtTwUpl5X+V/Dwo88/YNO8cc6FCq87zgX69Im0E8O+GAH:NJDmLwo8AAxFg87zq698Vj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705273, "uuid": "226318ab-9f06-4835-9dd7-3869e6a4ec54", "value": 2393088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705273, "uuid": "9a8eee05-6b3d-45e6-8db3-326169f1d6aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705273, "uuid": "493f761e-a98e-4599-8d83-2143a2e30a7a", "value": "SecuriteInfo.com.Variant.Tedy.269264.19645.29012", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d843f25e-256a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685132, "uuid": "ad37314f-86c0-4b44-a1d5-fa9d856d684a", "comment": "Malware payload (AgentTesla)", "value": "9e175623471f50c8394f866900a93f42", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685132, "uuid": "bcd9f188-3c86-44ac-9173-75c1bcdfae49", "comment": "Malware payload (AgentTesla)", "value": "5c1f9e75c8bd4068988f6a852ed0b2690c829d2f3b57a68089e5114101db2077", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685132, "uuid": "0e1405b8-9658-4431-a02a-e47d578b15d5", "comment": "Malware payload (AgentTesla)", "value": "db3d7c58553cc8855fd4e2c02503049dbba1e67a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685132, "uuid": "86929ffa-db60-4026-96e2-29edec5c4cb4", "comment": "Malware payload (AgentTesla)", "value": "1b5efe94dc490959b97d1b8b161e84ed582ab5ecd105bfb3709c2f70e3cf441bcb9ed91e0b7997a21373905dee497d1d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685132, "uuid": "4964d0ed-dcd0-419d-af44-3d9297b127fb", "value": "T1D1158E0B39D02A47E42E426E547C2E6CEBDED20D466FD969382DC2A372F664C0D5D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685132, "uuid": "a5edd98b-7a79-4823-bc0b-943c28703f3e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685132, "uuid": "27e87c5f-fa0c-4ace-abce-758f6de36d2d", "value": "12288:mRLWmfROgk0Bm/Kl1/Qw1qYCwEBu6XVFGQIut7D2G5JKT5b4jadr4:mVrZOgE/KlRDMtz76x4G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685132, "uuid": "3ee0c28f-5a87-4e49-baea-434eb47f4f34", "value": 927744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685132, "uuid": "233b13ff-e0ec-4063-8406-00f37ffedcf2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685132, "uuid": "0abeef62-d964-41e0-a5a8-438eaa430cbd", "value": "rJUNESOA062023=USD1,256.86.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ada5f8c9-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663585, "uuid": "49cc7f13-3211-4cc1-af20-f478dc98e1a8", "comment": "Malware payload (DarkCloud)", "value": "61b30297e49629ede1caf19c61181cc8", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663585, "uuid": "af556998-af2b-4692-9693-3fca9146f604", "comment": "Malware payload (DarkCloud)", "value": "5db211cc922b9dd6d4b90f93dbd9a7cb0191ab8e02cd39fe058cd69ab4ff02c1", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663585, "uuid": "8f9bb047-0125-4c7a-a5a5-e82a63d6e367", "comment": "Malware payload (DarkCloud)", "value": "195800c5e6a9dea59d3d29f4841bd81346d015c3", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663585, "uuid": "a6401019-229e-42ce-9f1a-08c8a4c5d95c", "comment": "Malware payload (DarkCloud)", "value": "a7b65fff7ec822d8e3c6b320f46b4d1e535a1218b6ab1afd695736b394b1406b26e51fd64f0724aedcc1c87798ff4f8d", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663585, "uuid": "4ec6caf2-16db-4f4d-a8ac-995a9fe0d854", "value": "T18D052391F29E961BC5D12AF877E4E72653704F8040B6C08C4F2CFCDBB6CA95587226A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663585, "uuid": "722d324e-990c-4d1c-a8a8-d182a9c8e870", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663585, "uuid": "9ffccafa-1f14-4910-afae-1d4c724bce3d", "value": "24576:hfzW/ZbrZuuu/Yq/QQ0aDKQwLjyOGDWzkS0Nl:Ra/1rsL/jQYuLLjyOGDMN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663585, "uuid": "6fb7bf35-a31e-4a4f-bcae-88274df4953e", "value": 836608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663585, "uuid": "c72421cd-9d6f-4c3b-98a7-d31219bddcb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663585, "uuid": "ed155cfc-7569-4a42-9b25-607f135243b1", "value": "FACTURA_.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "052651a3-252e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689659008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659008, "uuid": "b923054b-b248-4b4f-bf50-fccbde3ceabd", "comment": "Malware payload", "value": "040dbc9a965878ddef9b06bea8bb3b30", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659008, "uuid": "0684af63-ab82-4f70-81d1-808d94bd7daa", "comment": "Malware payload", "value": "5dbb8c640475cbfcc276818f5ab216d7170a0e051df5ed3b74a2432144504254", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659008, "uuid": "e1a2b72b-bb26-4084-b719-16a0b1bf339d", "comment": "Malware payload", "value": "e291b04fc76554bffaf9c1580acb9c0d01dfeda5", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689659008, "uuid": "5b25bb04-fea5-4934-9a62-d48fc2e09330", "comment": "Malware payload", "value": "bd4a4f3feaa9ca79505ddc86d58a6c6954696b1e40ee2cfc1997dcf405ec83bd7d16d91d895afdcea682e4ac9d32abd7", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659008, "uuid": "4cd62fe6-178d-473a-9567-85ab70485b8e", "value": "T130A500273661812689198C1671CF84EA7A7E41CB7C86CD295B9705B71FC20CEC61EE0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659008, "uuid": "234eae72-3cb0-4a91-b6d6-f8604712e957", "value": "12:QjFjjIngZGBdMGel5WkdiaJ9NQ5FjjIng55w5aJ9NqZZZZZZZZZZZZZZZZZZZZZB:QjFWBrMGo3IaJveFWqaaJvU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689659008, "uuid": "f8d0b8b0-51da-4986-b153-7bce8859a118", "value": 2077801, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689659008, "uuid": "5df53b61-04cf-40e3-833d-874e2b548557", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689659008, "uuid": "516769fe-800b-429a-9e18-cca5105cd399", "value": "Note_Pad.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe170738-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WSHRAT)", "timestamp": 1689685624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685624, "uuid": "f44db177-739d-45b6-8a0b-74c72b323fd0", "comment": "Malware payload (WSHRAT)", "value": "fc71c87b2465e63c5205674f9aeb730a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685624, "uuid": "a7b7a9c8-209c-450e-886a-fac1ca6a26a9", "comment": "Malware payload (WSHRAT)", "value": "5dbf39f65d41bae9a5762be44f9f1815bb76c2caabb63d1b2be274bcba2e63c7", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685624, "uuid": "7cddc613-7052-4018-90ec-cd2500f3af42", "comment": "Malware payload (WSHRAT)", "value": "2854cf5945ab636c2b78d68d1caffffedf4f0827", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685624, "uuid": "a3a6bcfd-6813-4060-b26c-312654aa1f61", "comment": "Malware payload (WSHRAT)", "value": "369ba210c76f69b5125d055afd704a4b010158350c62ef0fa5c077dc7e932ba0fd0f0c8c507e7756b0580c15b9bcf425", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685624, "uuid": "5a61779b-af53-4db2-a0e1-bfca821683ea", "value": "T10D2507C929F86D1E1322E5A8C712ABA3ED74D3073CA72DC175C87A4E7D36C586D39A04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685624, "uuid": "838b0ed9-a528-42d2-a104-f97492f30f62", "value": "6144:QQ1Umw4NGuO/GyTSVddI5qh+7StXtwTx+PrL0Srx7mnDtEKD2uEF2oEA5iUVyFWT:Tn15/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685624, "uuid": "9a0fde06-626b-471b-a767-2475b9a1a784", "value": 996490, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685624, "uuid": "aaa692fa-860a-416a-bfce-56d05d905803", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685624, "uuid": "6d2c382a-da21-4ad9-b697-a6ec4b1eeb2d", "value": "Request For Quotation.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e18fa38f-2578-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689691160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691160, "uuid": "f4d2432c-6320-4949-8a4c-2ad3dc65f48a", "comment": "Malware payload (NetSupport)", "value": "6b376abf9b2b4ce75e301c031fa63b31", "object_relation": "md5", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691160, "uuid": "0424a836-3ae4-4e5e-ae74-c765cba0c4ae", "comment": "Malware payload (NetSupport)", "value": "5df24ce278cd7706c15cb88f231cad45074c77f00965e54e999ac70da183575b", "object_relation": "sha256", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691160, "uuid": "f82454db-40d2-46ae-90d5-cf64d1da9f9a", "comment": "Malware payload (NetSupport)", "value": "5655e1fadd240ddc930f46d3cab13171e19fcbc6", "object_relation": "sha1", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691160, "uuid": "f9a57672-0883-4f36-ad64-8cbcf3cea2d2", "comment": "Malware payload (NetSupport)", "value": "aa91e989d3d9e2dad5ad0bfeeb485b50466a4236ca62279e85d5a630cc71d85c7740d543abcf5f291cb7c2999bdfb706", "object_relation": "sha3-384", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691160, "uuid": "a604b8c9-5741-4b92-95e4-8463afc909ae", "value": "T176D0A7578782836D496340DB87356E4D91F49E192BA7338F9B08896C222AC4D796F7C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691160, "uuid": "1564d45b-cacb-4083-aa5e-7ec81bbc0aa8", "value": "6:CxBR2Bn23ffTHfFZIGCTTvRiTmJOmoALOzETImpMB1Bn23ffQn:cn22HDfFLCTTv4T6OmoALImip2HQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689691160, "uuid": "be0f59c7-f175-4eda-b48f-58c1cf01fd09", "value": 241, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689691160, "uuid": "cd40da4e-2cbb-453a-8b4a-3b67aca0698b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691160, "uuid": "04587225-d91f-4f8d-be3a-dfdfaf1ea41a", "value": "2.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e708bc7-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689693920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693920, "uuid": "ae825b81-2e2e-48d7-870e-961e5aeef361", "comment": "Malware payload (RedLineStealer)", "value": "076d0fdedd93687d59a2666359eae306", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693920, "uuid": "75cd2aed-dc30-424e-b23f-861645a6b289", "comment": "Malware payload (RedLineStealer)", "value": "5e1e53376a7e99f742181bf9b13fa3c8f6118727d670d94d1c182c5c8fea1196", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693920, "uuid": "061d238b-5617-41ec-96d4-b0e5c5edf40b", "comment": "Malware payload (RedLineStealer)", "value": "96caca16bc36206612534a7ef59352059095bf3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693920, "uuid": "0422593a-bcca-435b-857a-3c7b7c6654ab", "comment": "Malware payload (RedLineStealer)", "value": "3b7cf1ec788658f6fc52ad23db0c210cf638c92047d622cd9d202cbd9796b1a75bbef29cbbd01ae39373acc1af13839d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693920, "uuid": "d34ba0c6-0bb9-4eb9-9cee-64bad348f908", "value": "T15755E127F2E08433D13329789C5B9768A829BE513E64684A2FFB1F4D5F39B813425397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693920, "uuid": "1478cfe3-f5eb-4d6b-9f91-812503019327", "value": "45adeda61c1e19e97ace24ecc6b8d02d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693920, "uuid": "380b4331-3405-4b26-a509-e8b8fa13569c", "value": "24576:w9lxVG6TmLtm2q3n0gYCYNpFbCmNLldQr1nY1lpX5D0Q6:wb2580BNpFJdQxnxQ6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689693920, "uuid": "3703b56b-cd11-4fdf-88d9-64607b75afed", "value": 1306866, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689693920, "uuid": "3c6804f5-bac6-4bbf-836a-a23c41ed63a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693920, "uuid": "d1c5ce81-f98e-498d-98cb-9a7a4a108ae5", "value": "FzLiiWr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95bbb0fa-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689697905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697905, "uuid": "28a76c4c-c67a-4087-b8c3-b6d09eef80ab", "comment": "Malware payload (Gozi)", "value": "22067f54377e90dc3fdd5f384c1fe3ee", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697905, "uuid": "5a37e772-3fa5-466c-a1ed-6e492a1ebad8", "comment": "Malware payload (Gozi)", "value": "5e5722af27fc7ae05a9f9705ce1d680fec5fef27a67019c37e2bd768c8e7c07e", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697905, "uuid": "63f43232-a139-4510-a0af-44cb86abb8dc", "comment": "Malware payload (Gozi)", "value": "56b2afbc94b67f1c1f5e0a2340e25ca066b9baad", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697905, "uuid": "0703f4cc-6aa2-4458-806c-2bfcf0e6d56a", "comment": "Malware payload (Gozi)", "value": "c5039b9f6636493a5deea32b50fc278e920f546c48c8e04949042e1564f22a4ec7c0aa6e3f1b867a5ec978d7f9ed78f8", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697905, "uuid": "2894e6e9-4905-4c10-bcee-2cf78b4b48c8", "value": "T1B3130C2A766D1311062E56F7FE1A528DE701807C124B06E4323CE79D3B26A1F6BB4EF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697905, "uuid": "9f671602-737f-4fb5-a012-bf09e708ecdf", "value": "384:kac3is6ZeUS1ogXzxmOP0U4OmB/P9rVOKeHBYH8Ffu+wtizOdKUmJYgqEq4SjoaM:/7ylm9FgH1gTP5C1XfW51TJfmh1EE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697905, "uuid": "4b5d77c7-cd96-46ac-aea2-712a85892380", "value": 43342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697905, "uuid": "72bbd99b-4973-413a-ba4b-5ef09b65187f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697905, "uuid": "c005d8e0-d6e0-446b-a739-6d27491c2794", "value": "Invoice_Details.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c88e4be1-2578-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689691118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691118, "uuid": "5af4775d-8ade-4c95-897a-a832670edce2", "comment": "Malware payload (NetSupport)", "value": "5caeff946c69e805784f667e988b113d", "object_relation": "md5", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691118, "uuid": "a3aaf2b2-fe63-46c2-888c-d848bf647a1b", "comment": "Malware payload (NetSupport)", "value": "5f102302b7c59dbb570a8041f05e64df2795ef799b7d0e6dbc4213239331d542", "object_relation": "sha256", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691118, "uuid": "eee7a8fc-2bbb-43e5-a44b-4f66ed5d6e78", "comment": "Malware payload (NetSupport)", "value": "c0365064e43cae9f5e832a00e1cfaba05cc60fd6", "object_relation": "sha1", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691118, "uuid": "456bc6e9-49cd-4ac6-a289-fa541b05b65a", "comment": "Malware payload (NetSupport)", "value": "a3dff13ffe5bb2ae418e7c0ab89040b39acaa52cec3ba1b335df6f483ed30546bb72c4b1eb7430dea31ab178b76cf581", "object_relation": "sha3-384", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691118, "uuid": "d7ff33e4-7357-475f-9d5d-3df0eb28c59f", "value": "T18831CF6BB709505984EF84E5D241C42AF15FF953C64CE2CA674D60AB33EACC9335F892", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691118, "uuid": "0d678095-6d2c-4adf-a6a9-c87563154840", "value": "24:QeLfEwAmDmLOcu5CTTgmxLvGiL5CTTgmxLWLa65CTTgmxL3i1t121m:LLvYB0G0AbG0AmzG0Ac", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689691118, "uuid": "dc70188b-3590-4ba1-8193-f2c9d0a525e7", "value": 1741, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689691118, "uuid": "682d3d3e-4af9-48fd-bbb6-fde5ad2ab1a7", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691118, "uuid": "adce840c-e0c5-4fc5-a8f7-1b0d47377b95", "value": "IRHMCRPVoJHsfBGxPfVdEtcMzsNwtsGo.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "572fa611-253d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689665588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665588, "uuid": "7610aa82-1495-4671-8a04-c010aa710567", "comment": "Malware payload", "value": "23362677dac57cbacaa0a95038e6e420", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665588, "uuid": "d2da547b-1766-4310-a765-a4b0a290772d", "comment": "Malware payload", "value": "60324284efdde88b13842edce8e4ba4c544124dfa8ec9f6a3e169e470c49cf8f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665588, "uuid": "30dc87f1-eb4a-43a7-9573-43b3e4124055", "comment": "Malware payload", "value": "28a583c1c25c285643cf3b3e5cbb78bb7e63a0e1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689665588, "uuid": "e9791056-7ea8-43d9-82e8-6fc4fd3ff455", "comment": "Malware payload", "value": "3c9b43d996859fd118b4b1929e4b98eba34c0b6463c7cc7ecc7dc2100afeb241e0e5df051591f1e85a0ca28c27be3ac5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665588, "uuid": "f597b6ac-71fd-4bd5-8e44-954a83bea6c9", "value": "T19F526C7962C75AE8EEBB09BF0AEF350D411462F147694AD36342450D8FC0EB2F572B91", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665588, "uuid": "5b491686-9d86-45c7-8fc3-1c80d4e9654a", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665588, "uuid": "3ed7b161-4088-4955-89ff-adde67615c32", "value": "384:DK7yeDTtJLQb5z8T5abu6Wa5CO0YE/iPPnDt+9:wTtVQ98lbjO0YE/iXw9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689665588, "uuid": "8d71128e-a517-4b33-b083-59af7fdf07f2", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689665588, "uuid": "ecda895b-b6b3-427e-9cc3-2578613342f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689665588, "uuid": "6f5b30db-af8f-48c2-a233-4432ffb9dbcd", "value": "SecuriteInfo.com.Win32.PWSX-gen.3615.29207", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "375fa5f9-2574-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689689157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689157, "uuid": "79c4a01e-0be9-4470-9a7a-42a5de4c6f60", "comment": "Malware payload (NetSupport)", "value": "d915e6d4a7e64a25bfe1717ac1f5b501", "object_relation": "md5", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689157, "uuid": "7d63c4c2-889d-4777-b32e-ae90ed2587c7", "comment": "Malware payload (NetSupport)", "value": "6054f328f8d54d0a54f5e3b90cff020e139105eb5aa5a3be52c29dbea6289c30", "object_relation": "sha256", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689157, "uuid": "00e72fc2-14bc-48b3-b2d5-71e508fcf819", "comment": "Malware payload (NetSupport)", "value": "06e40f582d31d9d1b9d7817e26fd348859700800", "object_relation": "sha1", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689157, "uuid": "327eea58-87f4-4676-a8b4-ac393bfea067", "comment": "Malware payload (NetSupport)", "value": "24098e0e2cee2807c4d0c5e5078b102c223d484329d7c6e836ad439fb82461d486f7df82fe1d34fea25b6c1afed5a728", "object_relation": "sha3-384", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689157, "uuid": "eac1add9-9a97-4f71-9c1a-222e49f33144", "value": "T1E0425A2C1AC10FCFB03AC816E563C53E1A8FB97E536FA4D77478B76548E2619E40E291", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689157, "uuid": "a7546c30-f071-4a52-8eb9-712632c90e54", "value": "384:CsH2gXWsqXSObLUq/PAQG/6cZrQZDHluO/h24LdFmFZdtd3kvCAoz:CR/IQNxdmZdtd3kvCAoz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689157, "uuid": "34df5ec0-4543-465a-8715-02d676014cff", "value": 12584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689157, "uuid": "8178725f-2c9d-4f14-90ae-d3b68700ed45", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689157, "uuid": "1611cdb2-5a94-4d6c-87bf-6bd9b5bed0f7", "value": "tUUPQygorhzFkIcHuB.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6f36bb5-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689685505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685505, "uuid": "ed31387d-1077-4e2a-8b08-96738056ec03", "comment": "Malware payload (NetSupport)", "value": "7fe2bee0b9d6d9c2aedfdfae743edb43", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685505, "uuid": "9867c532-12f0-4abb-9ec4-d7e7ce5df6ac", "comment": "Malware payload (NetSupport)", "value": "607004619d872f82b0b77524fb14e33163c7780c1aa2d9b981812c43d4212f8d", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685505, "uuid": "94296a2f-c2ba-4e98-9624-a26d7e266546", "comment": "Malware payload (NetSupport)", "value": "dc2206cf660dcecacc7a08ee870ca7a20e08b39f", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685505, "uuid": "3258a797-0038-417f-ac94-0e4ba83556e1", "comment": "Malware payload (NetSupport)", "value": "ecb3c4da6d90e72f61aa524178c81b929d8d337e8027005790622c2912a3f95259ef4e15d1d52f20fe4b9acad7f88179", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "savastijir1-com", "colour": "#C2673B", "exportable": true, "hide_tag": false }, { "name": "savastijir2-com", "colour": "#F97E62", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685505, "uuid": "dde3bea3-bad3-4a8b-8d50-40023731debf", "value": "T13701BD13174FFD1C2A0BE2C571B841102FD74440A17F79126B985D0F9F3299945DF845", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685505, "uuid": "9fcd700d-8eeb-464e-b816-7ff663b81027", "value": "12:6x/vONhzd+mPfGSV8n8WVTXuZ7/PfY8oK51WGXXfDWrCYubluLi4Fjn:6pOhzEmPfR31l1Z3BXXfDmuYi0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685505, "uuid": "3e939f1f-e2c2-4565-807a-fe322900df43", "value": 765, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685505, "uuid": "f6736bcc-788b-4ef6-93d7-236cc359ec6f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685505, "uuid": "a847631f-b4a3-4704-9042-7c6cb885055d", "value": "client32_2.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27f5726b-257c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689692567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692567, "uuid": "7df6a957-d912-4ee1-b40c-136789e5baec", "comment": "Malware payload (NetSupport)", "value": "4b2794840b114be5011da81ad4c462d8", "object_relation": "md5", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692567, "uuid": "4d500b5d-e12c-47ad-9cd3-cc37387471a1", "comment": "Malware payload (NetSupport)", "value": "60dbaed2358a02ed2102cc2158c05fce9bba87674d68f1114198423bd8460a93", "object_relation": "sha256", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692567, "uuid": "28131923-e123-4e6f-a797-30475fb133bd", "comment": "Malware payload (NetSupport)", "value": "66cf9461efa6fb1e55af037515121d2a856670ac", "object_relation": "sha1", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692567, "uuid": "8baaecfe-438b-4197-8082-618013a44c06", "comment": "Malware payload (NetSupport)", "value": "d1b90f5ae6cd4aab3802eb3b2956c1ddf95b681263b37ac7d9c457fb480ed9934ae7ae131b35e824c8b120f20b76209b", "object_relation": "sha3-384", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692567, "uuid": "4c340403-7067-4522-9e70-503c37531aed", "value": "T1A51209B08AB38B0F74CC801ED1629C175DA7F0BF5AE564BAE15B3CAC079570EB1C55A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692567, "uuid": "d840afa7-3a44-400e-89d2-f0cfa5e9f28d", "value": "192:JhSy/Ogy0+OPN3b9h5gIZpiuhHA9waK+FJYY9gUeYzUEo1UfUu:JhSy/Ogy0+OPN3b1gBuRAzKEJD6G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692567, "uuid": "b6bfbe53-c13f-475d-b2af-23f25764a51d", "value": 9509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692567, "uuid": "abef829c-4e02-4e19-b7f6-8a98a9e14e9e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692567, "uuid": "f77ba341-faaa-4d0e-b9e4-71f2c1d41b7e", "value": "VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee4fe9d8-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689664123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664123, "uuid": "9fdcc5ff-5c2c-4be5-a3fc-0d44d5b8593b", "comment": "Malware payload (Formbook)", "value": "dd4f4d6dc2c71e6ad5a6b0abf45f8d5e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664123, "uuid": "98101380-adde-4e6a-b081-2c883dc31064", "comment": "Malware payload (Formbook)", "value": "61894dd6d947ab1237c08e4f020e6462fdc7a96903c7cf27523d4e21304c1612", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664123, "uuid": "33fc7cce-2baa-469c-a69e-5ea55a33a4a3", "comment": "Malware payload (Formbook)", "value": "e90bf49def5509412e3c1f10f959c7a8ce121e9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664123, "uuid": "9cad1c5c-7048-4743-8ba3-036235c62896", "comment": "Malware payload (Formbook)", "value": "9c03dcd345dd12975482d889886d5c18edb994f0f014c6f0c6ebc49871d1dd38c768d435b018b09e58f43d46fdd0b6fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664123, "uuid": "375bffa2-5cf8-4c21-a24d-c9646e699270", "value": "T18DF4F100362D8F13D4BD53FDA164A65453F66D57622EE3188EC73CEF399AF508A0292B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664123, "uuid": "648e0e92-30ca-4de5-ad55-eb1f5885337c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664123, "uuid": "b2b05631-50d8-43ee-a54f-e5fc694a9662", "value": "12288:Mf+vUyubcW9Roj0fb/WT4UkuZKXP0s95N3KO6GUPy1h8F0XgbeOTRqymNBoIlz1g:MG8VbcW9Roj0fzW/ZacsB16NP8+7UycC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664123, "uuid": "e66b958c-4067-4ed5-974b-20b53782ff6f", "value": 770560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664123, "uuid": "d8e0d722-d6fc-4d6d-a5b1-657c9ef69465", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664123, "uuid": "404d3c68-30d2-49d2-a3b0-d8b22b4cb7e0", "value": "SWIFT Transfer (103) 022FT10230717045.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d9e94eb-25ae-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1689714024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689714024, "uuid": "8417c628-d018-4f5f-b4eb-8e757e760797", "comment": "Malware payload (DCRat)", "value": "6556df628ef9920f1f5ceffbf86caae2", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689714024, "uuid": "e7675dbc-c180-4699-b76c-cceb38fe8cee", "comment": "Malware payload (DCRat)", "value": "63364802300b3ce3112c20e60e35142e3caa5d23eda2f0b7426dab32c33c8f06", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689714024, "uuid": "bb986ef2-40cc-4a0e-9d76-75a04a49ecce", "comment": "Malware payload (DCRat)", "value": "7667427c17eee79665265b7e63cb89757e8dc497", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689714024, "uuid": "497a992c-2cee-47c5-b3d9-bbb05f0452ac", "comment": "Malware payload (DCRat)", "value": "a7089163f728453cc04839e93e9e398aeb24f456799e3b61f1bc9dafeacc5845b020308fce535ed7c6876ddfa413f9fc", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689714024, "uuid": "d98626b8-48dd-4c39-b17f-e939f9d7d37e", "value": "T19A3518127AC6DE02D029163BC9EF842847A9ED027762D71B7E9F3B9C21563A70D0D1CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689714024, "uuid": "f69be960-7465-44f7-b2a8-67e4096d4427", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689714024, "uuid": "40589255-2496-48ae-99a8-c7f3675c8787", "value": "12288:+Qc51+926cHPKywR+IH+QFycRjS4vGxqYUg7Q67N0eEDpwmi7bvWqn4:+Qs49Wyj+IHJFycVtCucN0eEtOzW+4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689714024, "uuid": "31268cc1-961f-456b-b838-ad454ce26b53", "value": 1095680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689714024, "uuid": "1aed5ece-c18c-4d9e-9683-07b9575388f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689714024, "uuid": "d3d87309-22ec-45cd-be45-b659b7c2d000", "value": "HEUR-Trojan-Spy.MSIL.Stealer.gen-63364802300b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05d53bee-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685637, "uuid": "602bbf27-859f-4327-ad6d-88476ee3e934", "comment": "Malware payload (AgentTesla)", "value": "302f38904199a32f18caa05b7f8adecd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685637, "uuid": "4378f41c-35cc-4ad8-a88d-dd285e5a963a", "comment": "Malware payload (AgentTesla)", "value": "63a0e61bcfce343f765451db6ed886925a28fc0f9f222a9d625b4acc045b6515", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685637, "uuid": "67e19746-ad94-4c9c-afa9-9bc9a8b1c905", "comment": "Malware payload (AgentTesla)", "value": "c1e4bcedef0e73f9fc32f2f0c7877f172edb318f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685637, "uuid": "ef1788b2-1290-4855-bbc2-db5fcf9eb492", "comment": "Malware payload (AgentTesla)", "value": "9506778c56b6eaa751d3d4ffb066233d0c5198ca00f54c6987b9442c0f6b072e3fd4b86d4cec70c3df0f92f8e2951d8a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685637, "uuid": "e6364c2d-7d83-455e-aea0-f5a68fc5a128", "value": "T1B31402367571C1BBD5E26B312D34077ABBE6EA244896970F03900A9E37209859D0FFB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685637, "uuid": "42f6dbf4-674b-4093-a1bd-8882c05adbf6", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685637, "uuid": "d434c84b-8719-4db1-861d-f9d99daaff54", "value": "3072:XfY/TU9fE9PEtuwbzSMqaj+881gubzNtXLNjwLAQhu64Xn20ir/QmvYuxsqX6DeY:PYa6M2Ml69LzNt7Bmhu6unp2xxdmsEYQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685637, "uuid": "a9ff8dea-09a4-4fad-8be3-21bc444653cd", "value": 194903, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685637, "uuid": "63362635-f614-43fe-9ad0-9a11ca87bd21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685637, "uuid": "a5d866bc-e847-4109-aefd-d845ecfaf375", "value": "payment invoice (2).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb4aa8a2-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689686801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686801, "uuid": "02968712-47c4-4cbb-b289-1f258a3a2271", "comment": "Malware payload (Loki)", "value": "f3fca96a7b2dbbd19c62c9a798e4ddb0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686801, "uuid": "5393291f-1093-48d9-bcec-31153ad2ebc3", "comment": "Malware payload (Loki)", "value": "64c59b9bd4ef36c9917f79a1cb0ae377739e2a980ddb6984599dc2b7c4af3016", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686801, "uuid": "931c5819-217e-44de-bbfd-de593f0b5356", "comment": "Malware payload (Loki)", "value": "28d84cdada0af9f41cb2aa2817ba3d5c220795fa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686801, "uuid": "75217ec2-972d-42ca-9921-e0b03823a57e", "comment": "Malware payload (Loki)", "value": "9b371eead740baf195fa5379bec8d4f3190ea22b7828e6841802ba5e5b782a85312f3a3454cd0ee8102aa763214105a4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686801, "uuid": "e61ea649-9086-40d6-ab17-ff27b0f5e1c6", "value": "T1BBC412885CA5D913E62F2FFE040125B4823A49E6B516D7630D4EF0BBFE56B8EAD00747", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686801, "uuid": "4bad11b2-d648-4b1d-9fdd-b1c1df541cd1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686801, "uuid": "f3d1f0ca-276d-4780-947a-5c589bf5e0bc", "value": "12288:qmAY2kcdbL4Ef5WXHLSIDsHit9SGVKuGgeEeNf:zN6GEf5qSIDsCtkGguRTA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686801, "uuid": "8bca1c31-5bf6-4d4d-9ee5-8c2a7d318bf4", "value": 553472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686801, "uuid": "e9d94016-1f8d-4395-8b94-b6828671a092", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686801, "uuid": "1ea5a2b8-7252-4459-90a8-b49b17b7b3dc", "value": "f3fca96a7b2dbbd19c62c9a798e4ddb0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c0aaa2d-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689663421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663421, "uuid": "6f53c5b9-ead9-499c-be67-560ae39dd26b", "comment": "Malware payload (AgentTesla)", "value": "2fea3e4bf710d748c9cb23109af3a3cb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663421, "uuid": "b0a1a595-64f3-41a5-96dc-bbc088c6c941", "comment": "Malware payload (AgentTesla)", "value": "64d63223e23705dc8b278f039e7b1fa092760543a3527ffaae0c0a0d43835d00", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663421, "uuid": "f47451c6-66a1-4124-82a9-6f1490938c79", "comment": "Malware payload (AgentTesla)", "value": "98ecf275558a81474d356f108c830efec6d9be6f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663421, "uuid": "75c3f9b9-308b-49ae-a1dc-ba5cefaaed82", "comment": "Malware payload (AgentTesla)", "value": "c0ea8409e7b4f17ffb2360b47d70dba1190d4c3279ccad30445902103811d5fdafe7156bae803b3be49065b26bcfc5b8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663421, "uuid": "118366ed-4efc-4c42-8882-1085286603de", "value": "T1A0157D0739D11D07D61A423E807C6A6CD6EDEB1D056FD618302DB2A3E6F2A0E6E4C75B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663421, "uuid": "056a74eb-a4b0-410d-a64b-1948eaa8c795", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663421, "uuid": "cd18b2ee-e188-4d9b-85ec-ac93e5df2325", "value": "12288:dIFGQIut7DO2xK6oZlsroYuLxafY8dXEUSdNSZxXd0kYxWm0fJo1mJxRHHE6mRs0:dIFz7RzoIMY/Y0UUSQxXylr0fJYOW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663421, "uuid": "c5f3f6bf-4d40-48d2-af64-c5ffc422935a", "value": 911360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663421, "uuid": "23d2ab2a-d79a-4a8b-ada5-24e1992d8240", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663421, "uuid": "c97ce8b6-9f17-43d4-9d2e-33c32b7facc2", "value": "Invoice_HRD231022.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aea2d342-252c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689658433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658433, "uuid": "d2ab7836-ccb2-472c-9b27-b1af99bb499d", "comment": "Malware payload (Formbook)", "value": "28054120effda1f940bff3c6fb9c125b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658433, "uuid": "b4308f93-bac0-4c3c-b60f-c2d1e4fdc6a7", "comment": "Malware payload (Formbook)", "value": "6510c3886e8ddeb0b7b164f915cdb5af33622d9f662b4ef814679e75657daff1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658433, "uuid": "1d07334e-2595-4fd0-ab9c-828119680d9b", "comment": "Malware payload (Formbook)", "value": "4b5bf6e512d4971aa85e3e279f931eb6d33105ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658433, "uuid": "48ac82ec-3ffc-401e-b9ed-1ef4437c22a8", "comment": "Malware payload (Formbook)", "value": "fa0e90be895e1838e72ad5dff1933b9c6719534d47408174c21a055328ecd9189e7fac5100bfa3a903fdde548399e489", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658433, "uuid": "89763700-174d-40d4-a6e4-48c3cba4fecc", "value": "T12BE42301AC66A713C6926FFE6240733147AD4FE5641BD36A0ECBF2E6ED36B804B11197", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658433, "uuid": "b3923209-c999-43bb-82b7-0f7b9b93c961", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658433, "uuid": "d8d8ca03-68e0-44e9-b302-229feab56668", "value": "12288:ox9pR5AITvJYjXaiUp2m65HB38Tt4lLHEbVdrDImvsYeduo9Wg0nqn90u5iI2dxf:ox9pDAqvJ0Xc2L5HB3WilLHEzYmvsYeK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658433, "uuid": "658c2534-0eb9-4db4-85fd-69f2821efd59", "value": 704000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658433, "uuid": "e6a16bc3-d27c-44ab-9de2-b71acbebd4b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658433, "uuid": "aedb8772-4181-43ad-80a7-4061c3765996", "value": "28054120effda1f940bff3c6fb9c125b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b449155b-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712129, "uuid": "a8ec6ccc-ddb4-487b-9581-f6e1b3a87be1", "comment": "Malware payload", "value": "b5a4090d75c9a6ab18cccdfb4d1e0fe0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712129, "uuid": "24e73661-760f-490e-a907-57b660be88be", "comment": "Malware payload", "value": "65bd186d6efce8bbb3228a695ddc33ebd8db630a045687b511a4a779298b162d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712129, "uuid": "ea7eea6a-208b-4bec-8a2a-d75eb887c965", "comment": "Malware payload", "value": "3b04369d90c89fe3085651dc1f807a02c76a962b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712129, "uuid": "8f2ee4bf-e399-47fd-a4e3-a3cb40d73993", "comment": "Malware payload", "value": "da2c7e45a2db741ffc6e9e167b1d52680bba19d24e79899837255743c62b52a951ba49729a465972d50f0ef928a336b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712129, "uuid": "6b85e0b8-46f7-4c2f-9ab2-b374cc330104", "value": "T161829D9AB310C9CAC58845371D13EAFC76A43D3A9D155E073BC0570F3E32756EC0695A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712129, "uuid": "b41cb6d6-edc2-4480-b424-1da7eafeec1d", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712129, "uuid": "a8bc3e09-9ffe-49cb-9aa3-cc07cca22703", "value": "192:nQx8qwO8qU/LDZJpuuU8hsTJ6jPyztWz8lpZ2vlr8l+Sykth3et24Yvm1PHwlBuZ:zLDTs8hsF6qtK8lzQ8+Sych3mYvCPHxZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712129, "uuid": "f37a6ef3-eb41-4df5-918b-57f0067e6679", "value": 17843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712129, "uuid": "ee0c881e-6caa-4554-9876-a638ae238769", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712129, "uuid": "3d018dc8-45aa-4ce0-a922-6aa5e147e7e1", "value": "SecuriteInfo.com.HEUR.5062.1213", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c70099e7-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705289, "uuid": "02486aa2-7689-45e6-93dd-6d265d0f9326", "comment": "Malware payload", "value": "eef5af80881e0f57211a8e68fb54e4e4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705289, "uuid": "226786d3-a8d4-4135-a6bc-f34442622f6d", "comment": "Malware payload", "value": "65c3a8b45f08392ea275ac035ebebc75f4b8032b5781d748185d528b32a3e2d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705289, "uuid": "7f9ff8d4-a872-4b38-85f1-29e6892fcb70", "comment": "Malware payload", "value": "31a8ce948b626ffd6508342bacd34b0e926a2a96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705289, "uuid": "949d2cc9-6806-4ff4-aaad-291f8a3616ba", "comment": "Malware payload", "value": "3bfbb2772c4f83a246e6f9feba3d7c89db558063ab8c7740cfb98f73fa2a6f280c0db46945e90fd1887d6510e9c6b412", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705289, "uuid": "8ad7ea10-722b-4f3a-8c36-79e8b3b55202", "value": "T174335A0636A5C032DC6602700978C6124B7FBE634E70E55B7FE8564E5EF26C16B2A3B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705289, "uuid": "2e9913b8-07f9-47f2-89c9-068adc5991d4", "value": "66508cfbf8a3550adad13f7a52bc266c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705289, "uuid": "5b730c4c-d7ea-4d7b-8d94-49c339fa8322", "value": "768:Nh1VzJWGSDi3MRUlUyd58bYdREeW6Yeq4ReXkz/QGuNKBW7MdTJ:PkGSDiQWz3jRB7QGXHJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705289, "uuid": "6ac726f8-b4a2-4f4a-aa53-c37c6b6a07d8", "value": 51712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705289, "uuid": "0724c7b6-703d-4df7-899e-de4d49a38ee1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705289, "uuid": "a01bed2b-e3de-4dc0-9606-ee13423dd427", "value": "SecuriteInfo.com.Variant.Zusy.447907.10461.8539", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1619fd23-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685665, "uuid": "6f96dee9-772d-4d8b-826d-c0ba0af1fe5a", "comment": "Malware payload (AgentTesla)", "value": "5b2bfc92058c844f282833822796ffc4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685665, "uuid": "7d36c962-ac44-4a27-8800-b78314854ca2", "comment": "Malware payload (AgentTesla)", "value": "66559a620120bae83346077c331fa493ec8f3c32f760aec990d972e72ff50578", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685665, "uuid": "ef5d0a84-9f12-425b-a9c0-e40db841323f", "comment": "Malware payload (AgentTesla)", "value": "eafc8fcdd0cd2238f2b10e593868fabc52779169", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685665, "uuid": "9e8d7180-2c5f-4ac9-a6f3-e1b14b4ea8dc", "comment": "Malware payload (AgentTesla)", "value": "4adb6ede1cf9cc57044fe899d2eecc3150d35a5246eb9e07dcc401fc385e267697b20f94227af27578d69672f3a9ba18", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685665, "uuid": "45f31d56-6bd5-44c6-8fe4-e2cf6594aa76", "value": "T1185412E86AF0C29BC4E18B314876472FEFAD350220649B5F33605E6D3E73181AD6E752", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685665, "uuid": "7e39eea7-7acc-4230-9565-c40cd012398f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685665, "uuid": "e9efffc7-733a-492c-846e-26471b73c631", "value": "6144:vYa6Xi+flsXNaJiUhT0sIo0D0hfZbkkf8OqxDVNl+ME/RBIYFa5q:vYV9fsNaUkobo88hkkkO4b0MEJBnMc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685665, "uuid": "f02980cd-8d7d-45c5-a54b-e5b1bf142e0b", "value": 293543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685665, "uuid": "c0ee93d3-d3f4-4a21-82b6-db3b68f53d7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685665, "uuid": "fdf84f33-b4aa-4aec-b13c-561218a15484", "value": "TNT Shipment doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e678f1a-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689679880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679880, "uuid": "efa3ac30-8fa8-4a59-b556-e5aefdf0477d", "comment": "Malware payload (Loki)", "value": "e20de2c4ff1c4e6f4de14b972146fd1f", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679880, "uuid": "b3302f4d-a954-4f65-a333-e4ca8a3b51f7", "comment": "Malware payload (Loki)", "value": "67c4c81ff08737abbaee6b5ebf2b7398b54aacc7478e544270b605464081fd92", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679880, "uuid": "1c728213-f7a4-412f-bfbe-0082177e3d8d", "comment": "Malware payload (Loki)", "value": "16ab37bef0f50815f4e871e7f23b1a70a4c5f6cf", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679880, "uuid": "d48a6edc-752d-4deb-893b-e026e7f77905", "comment": "Malware payload (Loki)", "value": "cb92b3410e11c8cb2faedd716fff5b7c38681aa39ea4507b6096729c4818f7394b2e1a59dbbf85d3b0b5c9acaf04add9", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679880, "uuid": "8638c470-37bf-42e1-a34a-d66d2195a8fb", "value": "T121327D3A6AC42C7DD647507D80F52134FAA42493A22F5D0A7B70BA65CEF17CD5A10A9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679880, "uuid": "66e7d2a3-e052-466e-9479-d2d510a03225", "value": "192:Iya0NgI9aWeARgZVPCK44AG9xXSJ+Ej7wJYGKw7KY1kWYccWekLLl:IyXgI9aWeANK4499xXSJf7wJYG7RYc/t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679880, "uuid": "46b673c7-bdec-4041-877b-421e5468f2a2", "value": 11084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679880, "uuid": "c5f335c9-b71a-450a-b96a-3b21e9d492be", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679880, "uuid": "2c8f03c9-f8f4-413f-8a2d-f68755a1332a", "value": "JUSTIFICANTE TRANSFERENCIA).docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b43d69a-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662051, "uuid": "8665218d-6220-4cd5-9abe-223e346d1df3", "comment": "Malware payload (AgentTesla)", "value": "a5aeab34b87f0a986f7b409c20a3fbfe", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662051, "uuid": "2c8ae2f2-2edc-440d-9814-c1039136ac5e", "comment": "Malware payload (AgentTesla)", "value": "685c0426486e575b97363649b440198dda823627b0067ab5e07a39aa830863f7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662051, "uuid": "312e72fc-8749-43d2-993d-2956b4a4696d", "comment": "Malware payload (AgentTesla)", "value": "08188e776d65125ed9b58e1e32a9eebbdac3f1ff", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662051, "uuid": "5cdad575-1620-4c07-9192-395d2c02325d", "comment": "Malware payload (AgentTesla)", "value": "20a832dfba57ccf01967047e6b0468318e00215832279c71744c1873770962553c81afb5797e1a078c4f1e7a2255981c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662051, "uuid": "27fcf503-1c66-4850-b589-950f30fe2b24", "value": "T178F4E00072284F17E4BD67FDA160561857F96E97226FD3444ED33CEB3ABAF104A12A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662051, "uuid": "ee62bf2c-58ef-4e9e-809c-50926133d612", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662051, "uuid": "34fbc064-cc20-4723-8cbf-e1eaff15c886", "value": "12288:Ff+/eWycW9Ro3Hfb/WT4UkuZNrx5KE+SClZdsOkHrPf4MeZbAq24t/nsX2ykV:FGhycW9Ro3HfzW/ZNrnvCvaOkHrPgnbB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662051, "uuid": "327412f1-88bd-47f5-947c-1e722261ee0f", "value": 758784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662051, "uuid": "2de2ee7e-73fc-4c64-a5e9-99fe81d1a510", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662051, "uuid": "46bebad5-8c05-4e26-a4c3-1c86316f3939", "value": "DHL EXPRESS TESL\u0130MAT B\u0130LD\u0130R\u0130M\u0130 - AWB 9420174470_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3d8d0b1-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689661019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661019, "uuid": "5b5568c5-de9a-48c1-bdb5-46e009e81df0", "comment": "Malware payload (DarkCloud)", "value": "3a11f5f7dcb6e3dd51ef7a864c29403f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661019, "uuid": "29f84bbb-7a6f-4c99-bd3e-d6a2c41d2727", "comment": "Malware payload (DarkCloud)", "value": "695196a548978cf3d42fbc0e3cd203a580977262cbae0c96fa8c0128df4d91f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661019, "uuid": "06b61fdd-7bfd-4dc0-b7b7-304a4666ef33", "comment": "Malware payload (DarkCloud)", "value": "de1261dea7d3d3a0b075dc8b04ae1c9268e449ce", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661019, "uuid": "4f989bdd-ba89-47eb-a0c4-8d11edf43968", "comment": "Malware payload (DarkCloud)", "value": "0953f94e9ef32f464a67d6428363bc2375dafd4db75088e3ba045e5cce12d5622688ed79f3948e1c5c55ae3169bbe81b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661019, "uuid": "fffeb867-e6ca-4e4c-a732-2bf6bd18f45f", "value": "T196942338B3D480D7E1E3BB315B38952AA9BB990215F4478B77904A1E36D7E53C60E363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661019, "uuid": "25924e72-9946-4dd0-878f-e4303f38a44d", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661019, "uuid": "3f3a3b67-4526-4f3b-8105-2c9cdd1288b7", "value": "6144:vYa6Nocp5OR8tmQz0lS9+kT15f2h1s8MAP0U0wiBy5J3yO9kX46Nt/E2ViAjKBLx:vY3vp5OM5EOf2UlTUh7R9vYt/lN2BbGY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661019, "uuid": "caf0f91a-0684-4436-8399-2d6b0df6f0af", "value": 419799, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661019, "uuid": "f810c1d4-6a24-4439-920d-7a1946aff929", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661019, "uuid": "cd06f4fb-8e31-495d-9f02-f5caf6dd532c", "value": "3a11f5f7dcb6e3dd51ef7a864c29403f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4bf1704-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684267, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684267, "uuid": "c2d545d5-6fd7-4573-b3b2-12ee6d001c68", "comment": "Malware payload (RemcosRAT)", "value": "be9bc1e6b9470a11366adce7861eff11", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684267, "uuid": "3fd56bb8-e398-4afd-b9d1-a2be10b7701d", "comment": "Malware payload (RemcosRAT)", "value": "69cb61375bae8db7278ca4adee488faea6723d8052270908010541c4850e8dcb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684267, "uuid": "28163ee3-23a7-4aca-ba72-fcdfae01b3b9", "comment": "Malware payload (RemcosRAT)", "value": "d415341824d12e7c5c045815619986a2ba80d7fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684267, "uuid": "d9f7b5e4-3e3b-43a1-9b20-746dc39888ec", "comment": "Malware payload (RemcosRAT)", "value": "284289b527a904d172bc6bf39033f24050b0cb606ffcd7e86d223bf713979f1802798ac08b026b63fbf87ef7028e410d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684267, "uuid": "b3e18a52-ab32-4fe8-9aeb-10e0206ab8ea", "value": "T13AC4020BFA6CA7AEEAAE8BB2773D02304B48DF6311152909BFD5FE1D153154C69163C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684267, "uuid": "13566cea-fc68-4b30-8541-4e78cd6f6d64", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684267, "uuid": "10356928-e38f-45bc-b6c1-91f9330f1d9c", "value": "12288:0YZimEaTxx695caM9ThbqyU4C/z2/ExdNCAgqKi14i4tZP:0YZilaTTa8ThZURd0AqimLP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684267, "uuid": "1509af62-9bab-46db-9c2a-ff508b560301", "value": 560342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684267, "uuid": "c2779cf3-62ed-4180-b8bc-76cb552a560c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684267, "uuid": "2916b4a2-cb1f-491a-8af6-1853251eb344", "value": "FOTO\u011eRAF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9eacb1e3-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686753, "uuid": "be932879-e7fb-41ae-aee5-c31c6e232e85", "comment": "Malware payload (AgentTesla)", "value": "16db425be9bad426da8885521e42ac5b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686753, "uuid": "e8b0734e-5dfc-418e-adde-58e1c8e81458", "comment": "Malware payload (AgentTesla)", "value": "6a1199521d9590a15689f05f34a81edac516fcc592dba18927b8adde0fe07cd1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686753, "uuid": "a6700a72-bd3d-4336-9f0a-18c5527de78a", "comment": "Malware payload (AgentTesla)", "value": "e6cab88d6bc7c0e62b9fbc94c3cd4c780224f49d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686753, "uuid": "f95406c4-e73d-432e-84e6-c1887b0abb06", "comment": "Malware payload (AgentTesla)", "value": "34cb6527f514234b7e4a1f9e1d680f50dcb36045bd14caef72d9d5415e933ef2d4b6db0c5e711d620e10a309667fe33f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686753, "uuid": "ad7d0961-bf88-4600-8799-1ac98b82d639", "value": "T1FAD422981DA75A2BD61B3FB9601222F253A65BC83416D7931C8EF1B6FB4D70C89D1383", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686753, "uuid": "652b0b78-cc63-4955-a827-0e4704f65d39", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686753, "uuid": "d6bb7e2c-331d-411e-a1f4-023da105c3d7", "value": "12288:FmAY2kcdbL4EfmNFTeBKjOxmK+2dnuKbuqYSwp29m6qAmO+Ywk:wN6GEfmjqBKjUm8uqlwp2d9mOwk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686753, "uuid": "fbca05c2-ce35-4cfe-a701-7339b9d3f763", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686753, "uuid": "9b915d8c-62cb-4b8c-956b-b5f929ea8f91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686753, "uuid": "ab0839da-b545-4af0-a286-be1b8cf50cf9", "value": "16db425be9bad426da8885521e42ac5b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7c77f0d-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662341, "uuid": "756c4dc2-b75c-46e6-9f19-50036143b514", "comment": "Malware payload (AgentTesla)", "value": "3b08a8842f9e44dedac40cf4175adc74", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662341, "uuid": "abf3012b-9df1-45f0-bad1-ac29ea849cfa", "comment": "Malware payload (AgentTesla)", "value": "6a3bc2efcecdd25c5257e19e630b5785dc9e8ebb259773d40d2fc4c19e377285", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662341, "uuid": "a77319df-4aa9-4056-b9ca-9fbe390dd9fe", "comment": "Malware payload (AgentTesla)", "value": "be1a12931620e5e982bc7f3fb7d6c4d09d85ff74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662341, "uuid": "6c135c4c-6b1a-4256-84a7-d59c9cbdc042", "comment": "Malware payload (AgentTesla)", "value": "dd4caabdd6eab2c244b0fffc13c96a0476de119009991b1a23d44815f0cc7fffe5fe6a255f8c75007cda765c7b5d3627", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662341, "uuid": "658a8a9b-d46c-4d7f-84f5-41c312f588ed", "value": "T112C4DF39513C83AFEB43DBB6E434259222F013A25BF3938D8C7A246F3E79538A1545B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662341, "uuid": "70a39b34-f9ff-4162-a590-b85bf0c7908e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662341, "uuid": "9aa81c8e-1d39-4ebb-986f-9095ecf3326a", "value": "12288:VqTrQaSejL8ZNoUqYFIO+1f2tdpYuZTgi41Ba7Gy9OplC4PaGoMP2dIDvLLJOFKO:VqTrQaSejL8ZNoUTFIO+Rgdpjcik47G6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662341, "uuid": "7ee2c4c4-6d08-4f6e-beb0-c04174185552", "value": 588288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662341, "uuid": "1e18f5d2-4737-4dbc-bf94-aa2ee3e1264c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662341, "uuid": "a86d8693-fe04-4dbb-85e2-00927953c38f", "value": "\u60df\u8056-PO#230707023-\u52a0\u52e4(\u76f4\u9001\u5de7\u52e4).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6db0876-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661077, "uuid": "cd51bb8d-1bb4-464e-86f9-1cd1754b3366", "comment": "Malware payload (SnakeKeylogger)", "value": "720945f18dd98a6d3cb0a176d21dd124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661077, "uuid": "8f5534a2-d3ff-45d3-a56c-65329f66bf51", "comment": "Malware payload (SnakeKeylogger)", "value": "6a6a58b907102aa75633a511d8ed5fad8b89aa637f4ddfb72d8f4cb0d9175166", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661077, "uuid": "45d904bb-a976-4b27-87e5-a1f71afd7fd5", "comment": "Malware payload (SnakeKeylogger)", "value": "537325274165d6c30d923d070d1aa077ce2d8d09", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661077, "uuid": "c32dd601-18bd-4cc7-8fc7-dfad5b791b15", "comment": "Malware payload (SnakeKeylogger)", "value": "1ca3a6b0f156c6a628c2fadafea87fe497609b19e527a82e8fdee2a0d571cee36e77d97b1ceb99ea120be0b4b9e36063", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661077, "uuid": "58c8a1b4-b1bf-4254-a8f8-b4104ee77fd9", "value": "T1A3C4BE3126E49F60E4BDDB76923545904BF1BD06EB61D20E7EEA31C71AB2F810273726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661077, "uuid": "9dca7503-4ed4-4348-b9cb-0e88ba8ede05", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661077, "uuid": "c9e032ab-3684-47b5-ad91-244cdd6f0e1d", "value": "12288:XZ+qnwSg/ECh9jKTvk4XRyJbIXj/alrDymiYXF:sqnzg/xgydgjylX9iYXF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661077, "uuid": "8535e04e-99ac-4a79-a502-d0e52bc61a5e", "value": 548744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661077, "uuid": "0e4a500b-c02a-47ec-9f2e-ad0b4f609b75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661077, "uuid": "9474fdb5-367a-46c0-877f-ab298c2a6697", "value": "Hesap Hareketleri 16-07-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f7184da-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680285, "uuid": "bfc2aa3f-a695-4aa0-8d22-50387c49ffc6", "comment": "Malware payload", "value": "3b05e2439c5ba42a30ef3b1628d97ed0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680285, "uuid": "ab24d1e9-31a0-414c-9ae1-0f604408a7bc", "comment": "Malware payload", "value": "6aa5a16f0da76aebd1ab04fee7e8b6b3e749292dde74a742cd639374e426911b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680285, "uuid": "6d18632c-fd9c-48bf-aa62-23aabaebde3f", "comment": "Malware payload", "value": "3a5456710979d273acf7e2d106796f5c0b0bc140", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680285, "uuid": "e0039130-1acd-479a-b865-37f1c356eed3", "comment": "Malware payload", "value": "5c296b355c6485503f5ddca7985f15a93c32e83b81eda374a337178ae3b2f5ee8443109475429d391d3b4e5d22f8aed5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680285, "uuid": "ef6de836-6319-4bd5-af5c-f0868ecd8f73", "value": "T19F64BA03F15AEDC6D2E27A438787F1B847F7B6D8093E829A41CC89095BDDA5C86097D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680285, "uuid": "40596d83-7771-40e2-b6b0-deb88c06d689", "value": "384:12222227iAh5iXLGenj22222iN22222wqlY993h1fc0Vn/D2UuAHU0zaYimrqrv2:/2nrqMtc0NDv5HU0zaYimrDrz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680285, "uuid": "112fdda8-2caf-4ed9-9e68-71a1166efda9", "value": 328964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680285, "uuid": "b61c1149-0268-4848-a7cc-1075177b495f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680285, "uuid": "1c98e5af-d168-4d49-a88c-aa9c099acd89", "value": "&nuevo pedido#..vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2d1f094-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662332, "uuid": "1d496200-c2a0-4ebf-ac9b-94907f3f17da", "comment": "Malware payload (AgentTesla)", "value": "7e4c2955a261eb97633589c095105b19", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662332, "uuid": "84b69813-6e0e-4f49-9288-7ff9f5a5ca22", "comment": "Malware payload (AgentTesla)", "value": "6b6b0c127f7e29383aeb93e5fe487e7dba752c8e8a9aebd544e26975d684e400", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662332, "uuid": "ad1ea2d3-46c1-4dd3-b5f8-47012ff6a239", "comment": "Malware payload (AgentTesla)", "value": "4b0bd2924b32efe2c6f8d3a90f8e8a0a11f6ec2f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662332, "uuid": "a9e5e97a-bb9c-480d-85bb-a149f89f39f3", "comment": "Malware payload (AgentTesla)", "value": "3afcbbdfa22b3cfaedb189530febb91651e4a2cb5247d0a6133b7ec4ae1fc4c4467217f18a257e9283d1fce4463e8e1a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662332, "uuid": "c37f71bb-3680-4524-9405-1f9f0f6d04ed", "value": "T195F4E000362D8F17E8BDA3FD9064512453FA695B722ED3548ED33DEF35AAF504602A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662332, "uuid": "a7fd1306-45f6-460b-8b9d-f19f2b9cbc98", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662332, "uuid": "6b6fee1b-af4c-4590-80ae-70c269eaf07a", "value": "12288:pf+QnTJmcW9RokZfb/WT4UkuZZ4/AgwpKidLJ8+UzKbE71nkX6Iu7DH6uUcbT:pGOdmcW9RokZfzW/ZZeAgwpvnUzKg46B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662332, "uuid": "73125210-8668-4dfc-a7ec-774f25854717", "value": 751616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662332, "uuid": "d9513e7b-2676-4892-8bba-b6b6449a67a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662332, "uuid": "2a41992b-5826-4d9e-972c-4489de63dac5", "value": "\u5355\u51fb\u9644\u4ef6\u4e0b\u8f7d\u5e76\u6253\u5370\u6536\u636e\u3002_Html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "703e32ae-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689684527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684527, "uuid": "04b33a75-2b31-4e63-b7b0-5b29d80659ab", "comment": "Malware payload (RedLineStealer)", "value": "dc1938e1f2b777c8cbab51ee0d6bce5d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684527, "uuid": "e16465d2-88f9-4f51-960e-94b679d02637", "comment": "Malware payload (RedLineStealer)", "value": "6bf76e6a2d5a925a4f4eb368fb7d50178fa1aef073dfe395586cb6ac9b7acf80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684527, "uuid": "a25e089b-0bc3-4624-869c-6cbfe60294cf", "comment": "Malware payload (RedLineStealer)", "value": "33e2564e81d3f9708fed6a86a2fc491340b9c129", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684527, "uuid": "2780532a-f72e-40c2-b99d-9456d688d3fe", "comment": "Malware payload (RedLineStealer)", "value": "ea4293e3ed059890c36dc5c7c64d018d38f898234959561bb7181b61094f57b1b283ae9cae455bebe435b9b94dc87ead", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684527, "uuid": "f3e4b5ad-67f1-4c91-ad9d-39f6b58517a0", "value": "T12E840202FBEC9177C8B4277058F703931A36BCA25D74426B3B89A8590DB3A94A53177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684527, "uuid": "d6cbf7e3-384b-4c21-8edc-5f4bb830dc00", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684527, "uuid": "338b8d3a-2887-4399-9aa4-a6c47cb7cb90", "value": "6144:KFy+bnr+4p0yN90QEjZz0CaRe4Cjxe5s43XWxvyLGt8saGWeO5DJ8IcP9wmQFla8:jMrgy90RZz0CaWx9JOP/52Ic+rvbp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684527, "uuid": "9756cb0d-1718-4d60-a7cb-144e9f2593ee", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684527, "uuid": "01a6e711-b7be-4dbc-987c-f94b295fd852", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684527, "uuid": "a437c1a7-fb75-482b-9371-b7cd3893076d", "value": "dc1938e1f2b777c8cbab51ee0d6bce5d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62726a4f-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680209, "uuid": "d14e6a81-2a71-4975-a974-fb44a6f3c019", "comment": "Malware payload", "value": "ed0f6b9c5a0dc40bbc6ca735b598f3e2", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680209, "uuid": "7245ea9f-a417-4016-9961-6d946a87943c", "comment": "Malware payload", "value": "6cf5eb81d932e600c8ca6662cdd81fad871d2a31733a39154862062782d1a58b", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680209, "uuid": "9eada419-2df3-4d3c-bbfc-3be662691f19", "comment": "Malware payload", "value": "ed759b9b984748146933834be8ad9e987fd3312f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680209, "uuid": "12b6b088-6437-4cc2-bac5-c1073ae38acc", "comment": "Malware payload", "value": "481c8d5c966ff02b552c3d556b38dfe6852baae5963f5c4e42a7d2762069f0a35b6f0c0380e8797b7d231059077a3ee8", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680209, "uuid": "3f0c83a3-8f57-4e40-a309-175a2c60aa2b", "value": "T12005231A45F1A29CD3AC4AF933AF16D70AA030385D0BAD6555B3AC1D433F49CFB9A50E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680209, "uuid": "899223ae-9041-4a26-a186-441fd7c6f998", "value": "24576:kmvYX86P2mqH2vfbhCjcPms/a9pDo4MYQ//ZCfgV10:kmcIxEhdep9pDo4Mv/4fi10", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680209, "uuid": "30a5e46c-727e-463d-a652-8e67e5ea68f8", "value": 852919, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680209, "uuid": "4fe65b35-b7a6-4f15-bde3-a08d10d6dd6f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680209, "uuid": "6320a52a-6584-49ec-ba4e-c27b276239a8", "value": "transferencia_Hsbc.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b688d021-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712133, "uuid": "97a65106-bafe-480a-aa59-fccca96ef504", "comment": "Malware payload", "value": "aeaef5e0832484fad2051bfe57bd411c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712133, "uuid": "99733935-9680-46ef-8c99-1dedb9beee3b", "comment": "Malware payload", "value": "6d8bb3ee7fae66d1b2b16c6d40c4a6e8b3875a944d079895ed46274ba7b6ddcf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712133, "uuid": "dc75dac0-fe86-4741-972c-8aefab615d14", "comment": "Malware payload", "value": "973a8ed260162597c9a994f7e70d06415403247a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712133, "uuid": "a170de89-d3ed-4fde-984a-1ec8bc82b5b0", "comment": "Malware payload", "value": "69bdf9d6a67ccb50a845ceafaf70cbbe7bbb730f30573fd288ec331325d37c66e143a166f4ddefa46ed277347c5fb80b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712133, "uuid": "2bc87291-fbaf-4856-b820-eff6a30bc89c", "value": "T19833F1E164B4FBFEFB516ABC48B54EF13A984FEC708215BA0958488F70FB16250B5781", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712133, "uuid": "9acffcd5-cf26-4672-ac52-e8d2c8e57157", "value": "3efe5b996b146bfc86cdf25e3e2e308e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712133, "uuid": "cc529052-d7c7-4867-9a18-b5057d03628c", "value": "768:Bt3t7/qVKzrf/MqDEzwBpwg6myS39zzLibs8YfXEEJW+6x8sfK:B5t7/rzrfEqDG7q9PubDY8x8cK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712133, "uuid": "bfab55a5-366c-4fe9-ac71-3c598750b0a3", "value": 50176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712133, "uuid": "abd183fd-68fe-4408-83a8-c880cbf27625", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712133, "uuid": "a904ccf2-52b0-47c2-ba50-d5a55f744142", "value": "SecuriteInfo.com.Trojan.Sankei.17353.3259", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2e8454e-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705282, "uuid": "639b06d6-633b-4dab-bc26-1d531bab9807", "comment": "Malware payload", "value": "71f20b057e7cdcfa0052971862a0a4fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705282, "uuid": "431e870e-eacc-4b16-92df-1561103480a1", "comment": "Malware payload", "value": "6e590ad5a609a6a7eb8da1b1a04f40e28856358e82842c59a0b44204ef89f477", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705282, "uuid": "334f0516-e73c-4353-bc18-b1de22c89fa6", "comment": "Malware payload", "value": "5168555af9de34f0a83372e89222621b79f34ab5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705282, "uuid": "5400b4f9-7388-4510-94b2-516cdb0f0639", "comment": "Malware payload", "value": "2aa3855372a8459e3944d6e98a32503ace04708144346936013bd1e631ecfe289fa740d5541194d5face0964b00ec306", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705282, "uuid": "e251b448-f902-4507-b484-a834f8f38998", "value": "T111836D8174C1C471E5765D321874CAA44A3EF9111F719EAB3B88073E9F706C29A36EBE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705282, "uuid": "69fb84d9-a21a-4569-862c-760f09463098", "value": "e5c2ba31dc0f58e9ced1780c10fa3390", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705282, "uuid": "175b52f6-a022-44bf-8781-0a81cbb17677", "value": "1536:JfyDOjSDHATN2kT9nuEj8t2fkf04ZQ+53fSnNMdTpx+zyIJEcsWB3ecdvqf:jScR2kT9uOmf04ZQ+53fSETvIi4v8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705282, "uuid": "c0e44270-446a-437d-a234-07a6df3520e3", "value": 86528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705282, "uuid": "793008f8-8286-4bd6-b919-2310268a7348", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705282, "uuid": "42c3e222-a685-4bc0-b207-f186961ed908", "value": "SecuriteInfo.com.Variant.Midie.120421.5038.30900", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd1876c7-252b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689658054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658054, "uuid": "fafb7bf4-0eb3-44f6-9a62-cddcb15dd3ec", "comment": "Malware payload (Gozi)", "value": "665a152dc746deaaab11e1c0af4b513e", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658054, "uuid": "884b61fa-514a-4d24-9c9d-ab44fd31cad4", "comment": "Malware payload (Gozi)", "value": "6e8b848e7e28a1fd474bf825330bbd4c054346ad1698c68e7a59dd38232a940a", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658054, "uuid": "26e3c9d0-31ae-459d-a87b-55ccb1f9f03f", "comment": "Malware payload (Gozi)", "value": "5a7021b7b1d05321f95b8464339688007ac502ea", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658054, "uuid": "130a761b-d503-4ea1-ad70-c1ea36103922", "comment": "Malware payload (Gozi)", "value": "53e6f834586051ba30d3c028367112df8a5e898dffe7e3ec4069e330e60aae55163201ad7da5c7122ab8c5d40c608c16", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658054, "uuid": "08341e10-b735-469d-a892-3b99c5581151", "value": "T1BED02314F643C56DC331334474485C3478A547DBE1001FC019C1168DF8D25E3958B088", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658054, "uuid": "cf2fbadd-9dee-4a30-b5ab-e6a08c66b2f4", "value": "6:QH51seWgKAl+LgyKBM34H6sw83F1tut2YN8mjpv:Q7se8Al+LgyaI4HRlAtvN3jpv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658054, "uuid": "f1c7cbbd-2da8-48f1-bf65-5c66f28cdcde", "value": 224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658054, "uuid": "6af63ba5-4142-4fcf-af1d-250d03103441", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658054, "uuid": "c50d3e21-97a0-4105-9a1a-eb7df5fe4fc0", "value": "ToolAbout.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0e7a774-2578-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689691132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691132, "uuid": "30d8674f-a051-42c3-b274-0c61230a2843", "comment": "Malware payload (NetSupport)", "value": "a5ea704ca1a1be5d2ef7eff9a0317eb8", "object_relation": "md5", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691132, "uuid": "5c6d5c3a-9a47-4897-bccd-fe7454f4b220", "comment": "Malware payload (NetSupport)", "value": "6edd15ceb24c8b7c2ac23707a4750b625b6a041db9d8be7aa09103ab57891b9e", "object_relation": "sha256", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691132, "uuid": "cead7cbf-2d43-406a-873a-c57d069e3605", "comment": "Malware payload (NetSupport)", "value": "52f9af97cf302438a5f6c346f1754c379b1664e4", "object_relation": "sha1", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691132, "uuid": "3e124ac8-2701-4148-8d12-ba3b08aa739c", "comment": "Malware payload (NetSupport)", "value": "140a19aa11d495aa268e3b4dcf26401b3f7f4c6e579699a15ac1867ecc932c893af5d5433b0282d2e39b8fa1aa75a6d1", "object_relation": "sha3-384", "Tag": [ { "name": "2 bat", "colour": "#AA2205", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "bigbirdmarketing-com", "colour": "#E33175", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691132, "uuid": "316cc5c7-c0ad-48e0-b7f9-593fecfdafb2", "value": "T11AD02B25838142A94C5340EBD6355B8E95F04E066FC233268F0C49CE220A84A7667700", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691132, "uuid": "652a9167-2411-4845-b0ac-74aef15590b3", "value": "6:CxBR2Bn23f99oRfFZIGCTTvRiTmJOmoAL9oUmJB1Bn23fyuvn:cn223QfFLCTTv4T6OmoAL7mJp2agn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689691132, "uuid": "d438a18f-f484-4b68-8e86-4afe8abd4677", "value": 257, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689691132, "uuid": "7fb28f0d-7ea2-42bb-ae40-a8188e642f98", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691132, "uuid": "ce18a7b3-9b0e-4635-88ff-0339fe4c04d5", "value": "sett.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1d198b1-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689672692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "fda7592f-0369-4c92-8651-d4520b37fe5b", "comment": "Malware payload", "value": "d387e700d3de3abafab61f1b5d3b8f27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "bc253749-0c2b-4b57-9e15-0d344533eb3b", "comment": "Malware payload", "value": "702b9733802587b3bcfb93a7a3bf6d163784dc6f7aba169ee8432af48a7e3054", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "36e75ee4-4ee9-40d3-af8b-fff042a03770", "comment": "Malware payload", "value": "d31d72676cfdcdc2c33155b685d05c27e3c1987a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "0b596f90-ba34-461f-8587-5c03e830f8af", "comment": "Malware payload", "value": "44e92343677f339295df3ce939730f30dbab6d06b4b6fe5bd25b91db5c6bbeb2ba8b2eefbbe6311ffac0616059b53989", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "7f72d743-976d-4df4-a0ec-28807e5c373f", "value": "T1CEE42349526220C7EB73D07CE8EC75972B7953996285EE34872880781FC93DAB709D3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "523151c9-6593-494a-90cb-92673dd05187", "value": "12288:bYgMfiCODrTe51fHhVqQDCeNNscTleozSXJfc2X0TxyolhARUYKAaV8VBYnH:FKODPe5pP7NpSX2g0lyIaU/x8s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672692, "uuid": "acc659fe-abb7-419c-9bc2-5bffa2595481", "value": 701016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672692, "uuid": "0cdaa1be-2af6-4616-a0bc-721463e121d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "b5ff617b-bbe3-4c94-a45f-19f64bb65df4", "value": "SecuriteInfo.com.Variant.MSILHeracles.90725.9423.18869", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76aa327b-257c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689692699, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692699, "uuid": "d6d9966b-d19a-4c9a-ab8a-6d40503ba9bc", "comment": "Malware payload (NetSupport)", "value": "3f4686b1c2e6d44110bee11e61ee4533", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa21.com", "colour": "#3EFFF2", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa23.com", "colour": "#14D3ED", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692699, "uuid": "a722c90f-f0e0-44a6-b342-022a538957b0", "comment": "Malware payload (NetSupport)", "value": "7092327e20574cf9a3c3e90022adee5184b84b8478c8e7cd3f391f76cb4526f2", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa21.com", "colour": "#3EFFF2", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa23.com", "colour": "#14D3ED", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692699, "uuid": "27b268ba-3db4-4d01-9b2a-0ffca72a608a", "comment": "Malware payload (NetSupport)", "value": "ca7d0e453c3ed22235b2d9137ac595c1318bffbe", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa21.com", "colour": "#3EFFF2", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa23.com", "colour": "#14D3ED", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692699, "uuid": "62fa5b90-913d-43b7-9f3d-06576149d434", "comment": "Malware payload (NetSupport)", "value": "f82c7e79c6f987ce9a329a8c8b40b517eda28967265f77edd737afb17e907f39374f4487113720920cbe1371c502ad0f", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa21.com", "colour": "#3EFFF2", "exportable": true, "hide_tag": false }, { "name": "Dfaiernewa23.com", "colour": "#14D3ED", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692699, "uuid": "8ef9095b-9675-4d23-8201-eb510c0d0322", "value": "T1D3113216664A7C8C197BB2C6767110D02FD29440F1AE3512D714690F9F3687D85DF4D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692699, "uuid": "c63a5549-e0fb-4ac0-9c5b-2b867f2b59a4", "value": "24:7epOhuZmPTxapnsHlLl1yXmYDD+e2Bmux:CAwZKxzlp1y2YWe2BmS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692699, "uuid": "6e8f8bff-9923-4ca4-9f96-f730a631045e", "value": 1027, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692699, "uuid": "d798da5b-a000-4aae-9787-b3474bfc78f0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692699, "uuid": "9e2bca81-64e8-4d35-a618-242c952bf5cf", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3eda652c-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689661252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661252, "uuid": "37e76ea8-7eec-43bb-9ea9-94083c64ed10", "comment": "Malware payload (RemcosRAT)", "value": "2a243f80d9bebe3c4863e53e75ea37c1", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661252, "uuid": "4a94346f-d8a4-48cc-845c-0fc1c848eec6", "comment": "Malware payload (RemcosRAT)", "value": "7111b259042f51a8572694bdbcb1dae9065d8f96377d3e7e086a8c0e1f4c851f", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661252, "uuid": "1ab58f69-e78c-42f3-bde3-471c3f81d1d0", "comment": "Malware payload (RemcosRAT)", "value": "9d86d50bd2729254956a993df0c526889f58925c", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661252, "uuid": "c9e699fb-5875-442d-a686-46593ecd76d1", "comment": "Malware payload (RemcosRAT)", "value": "8fa9cd732d6811302d5db2015f2ae5daa9ff19c6e4c25b336e0e18cd7106b3d6b748c4f6c8770831f1ce735a21829da4", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661252, "uuid": "51465cc5-0aa1-4f94-ad0a-f294b4fbe903", "value": "T1A29423A35489DC73EE14E62C09EB946281F65D5EC384CB37373B12E19406ECA6CE853B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661252, "uuid": "dff65eed-ede5-4021-a2d7-ea6967628c38", "value": "6144:xDLd6ctjpwajoVPm0Q2gYGHyAgwxiJ7l1FS/iauxSm3g3CKdyz7DQXV4cjjTf/+z:BLBtFaN70YVA9i7f/EV4cT+dqarCHp4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661252, "uuid": "8d768576-9129-4da0-a4ae-183d3ab04d38", "value": 413397, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661252, "uuid": "c1034419-04e2-480c-96fc-4b39e51d1357", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661252, "uuid": "e227518a-299a-4b3f-a40c-0f350ca1092d", "value": "Zahlungsbest\u00e4tigung.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "118b2033-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662035, "uuid": "71d05f8d-9813-4317-ba5d-2ad96a0c4438", "comment": "Malware payload (AgentTesla)", "value": "e7129aeba220ad982efa80767ec1fea0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662035, "uuid": "8e96bafc-d034-4de8-9014-c1818b28b36e", "comment": "Malware payload (AgentTesla)", "value": "7114b6ec1eddc884b1d4466a35e513180a96f88d0ae22dc7511d8149abf6904e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662035, "uuid": "cc864238-7f97-41e5-89d5-8c9aceb6ca79", "comment": "Malware payload (AgentTesla)", "value": "2ae996a6bc08ce3586ee14deddbb05c243ba9216", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662035, "uuid": "23b712b2-bf15-4254-9dc6-e05468684e5e", "comment": "Malware payload (AgentTesla)", "value": "2c821e2596f4fa2603916a634d654944759b886b2d66d37b1cff91e43a3b49cb107ed9f3aab4ac6a785b41bd97b09bb3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662035, "uuid": "9663fc91-3c3e-46cd-8250-6bda16f7a3ad", "value": "T15CC4CF79403C83AFEB47DBB7E434259622F013A25BF2978C8C7A255F3E7A538A1105B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662035, "uuid": "f9032947-f945-452c-9d90-b71368d02514", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662035, "uuid": "46513440-44dd-41e2-8f50-bab43c046b4c", "value": "12288:NqTrQaSejL8ZTO6pyavjbErJSnYeR7d2g0n4zVJ3:NqTrQaSejL8ZqlgErJmb/hf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662035, "uuid": "5cdb2047-e8b8-42e6-88f4-9bd574932b4a", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662035, "uuid": "268e08d4-25bb-496c-a3a9-4b4910d87ec1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662035, "uuid": "b38b9ad4-dfbb-42bf-bc53-942ea9c24c33", "value": "Halkbank_Ekstre_20230717_080713_458894.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afd26460-2553-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689675185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675185, "uuid": "1723b73e-a8f6-4b1b-b9c9-ae1ccb3ccd00", "comment": "Malware payload (AgentTesla)", "value": "82f2ab8db7d2ad671478e0a925d99c76", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675185, "uuid": "8a1f1cf4-9b20-4270-9daf-f08ab02737c0", "comment": "Malware payload (AgentTesla)", "value": "7137e863f0c972af8aae99cb8b8743441330952294bf504d4ea175c8381a2892", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675185, "uuid": "ed6c1244-fd44-427e-b94b-1e398ded4be8", "comment": "Malware payload (AgentTesla)", "value": "c89965df875b405bcf3391d6b057af091ec80010", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689675185, "uuid": "a767deec-4336-4dc9-9fe7-d84a08005f54", "comment": "Malware payload (AgentTesla)", "value": "12cfd17553723d49049b9ff5d13c29b2ccb085524fb17ea5a50385fa383390b3b1c0be898b42fdea997488c06f997537", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675185, "uuid": "5c19fc39-5e99-49a2-a442-8179e233c9b0", "value": "T156329DFF49D429AED30710B580A9A104F7A670839339BE0F7BB1B954C7B12CD7A252D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675185, "uuid": "6ae3f7f4-0699-45c3-873a-28364b3d078d", "value": "192:pya0NXu2QWzARgZVPCK44AG9xXSJ+Ej7jJY1fKw4K5A7WYBcWe3maM2U:pyXXu2QWzANK4499xXSJf7jJYppVYBBx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689675185, "uuid": "ebb046fb-edab-40f3-83b0-7bcdedc5d71d", "value": 11087, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689675185, "uuid": "3f259ae3-994e-418e-bd29-fcde9871e049", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689675185, "uuid": "41e623f2-f90c-4dbe-a4ba-2cb0240d9c5e", "value": "Inquiry.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd76eafb-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680416, "uuid": "ef438148-5aff-49e9-861a-3d4bd8d1e5f0", "comment": "Malware payload", "value": "286e591d32c4c67c5c8d47056a529e55", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680416, "uuid": "50c1e0c8-11e6-4a70-81a2-fb4ca2a21ae3", "comment": "Malware payload", "value": "7180196fcf42ce4e2d40026844889ede2b804fa71adffe5f61016b0d79d56950", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680416, "uuid": "94ffed38-33ba-4ed7-8aa0-48dede8a8787", "comment": "Malware payload", "value": "e763f9d933ec7e2e632dd5a5df30da1b1204cdb0", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680416, "uuid": "933c1fdb-3956-40cb-b14f-1a0809d55ca7", "comment": "Malware payload", "value": "4f23a02c29b560caf55b10e019d8df89099b5d605eabdcd119206d0c6ae64e0e113c30c299585722fbccac1a57390a7f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680416, "uuid": "a9240fd4-35f3-4ef8-b4bd-d56d6680f928", "value": "T112F433FD1CED770993A69F71B23BD24A132A21289D1B9846CB9677C0C577C20F16A2CD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680416, "uuid": "b9864830-d0d1-4688-942a-502b2a3dfa6a", "value": "12288:uML7nvXmvP+9zfv94ytHOpQIh1cDmb26u3NXEGg+4+Ts9Ejzo5hXCJpQJS:LmvPETvaJpQIz66WNUd+ZY+jwXCJi0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680416, "uuid": "f1ca1c57-b740-4cfb-ab7d-c3e11b63f5cd", "value": 742618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680416, "uuid": "b47dc0f6-0e19-4cba-b0a1-df91c913f510", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680416, "uuid": "96e79de6-a309-401d-b604-02edc89803f6", "value": "Nuevo pedido de compra.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3786113b-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689662099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662099, "uuid": "3e87dafb-ff1a-47e0-8039-4dd9d1ede3a7", "comment": "Malware payload (GuLoader)", "value": "33f639ff058c4ff248751af94cb4ff7e", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662099, "uuid": "8fe38ef3-4c0e-4b4c-aa68-334b768e947c", "comment": "Malware payload (GuLoader)", "value": "7207402ce10d13e8175274944f90580a97fcad13e6f91ea7292b6d5de24cc0a6", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662099, "uuid": "074b959f-0cdf-45e8-8e35-76fe7874045f", "comment": "Malware payload (GuLoader)", "value": "05cd86ec3ad3426a77eadadeb56e65b6159225d7", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662099, "uuid": "83a7f268-7018-439e-996b-4e65a2a80fc1", "comment": "Malware payload (GuLoader)", "value": "a38ab50fb7bd885c86a07740b747f169494c180e083d63b7220a13fc76742ce3adbc1bb0765dd6ea762c4555b91aafea", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662099, "uuid": "819b68d9-1084-4016-804c-5190d48586db", "value": "T1F5847C4CF763ECE9FA260279257158163F819C1E61D9289D228DFB263C36213509BDFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662099, "uuid": "c384f681-9ad6-466b-9aab-a19da946b7a0", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662099, "uuid": "c5138e4d-d45a-40f4-984c-529fa202305e", "value": "12288:HzMpTC/yxq7XbeoFoScz25Jex37t6rVObb9:YTIyxq7LeqYz2+3p6U9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662099, "uuid": "fa0ad624-2d17-44d3-aeaf-1fa29cef7475", "value": 402270, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662099, "uuid": "91d68074-08b4-4562-8739-8d47989abd76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662099, "uuid": "92fd34c8-dd49-4179-8588-9e196beaef12", "value": "DHL_IMPORT_TAX__INVOICE_3129143010_KRJ202318092409s.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ad87988-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680170, "uuid": "efce8296-026d-4248-89e1-7bd0c13d7d65", "comment": "Malware payload (Loki)", "value": "2b593df9051d908e31101d013cbed848", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680170, "uuid": "fab3fb19-6345-4360-8147-a43694706e85", "comment": "Malware payload (Loki)", "value": "72d7d4091c5455a385be1415a5e0653cc793ccb4d6efc4adbe17d2665b27af7d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680170, "uuid": "3ce2dbdf-f469-4fde-aa9f-494b65b85146", "comment": "Malware payload (Loki)", "value": "56550d7602930cbe5f10c8f3f5a938266f2eabc9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680170, "uuid": "98c0605b-80fe-43af-a64e-766abb223f3f", "comment": "Malware payload (Loki)", "value": "ea05cbd8db66a288001ee0c04622b1780dacaa7f2b046825fa52f5a6672e93d9e8a1c992a3b4e1ea92ec750347fba368", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680170, "uuid": "9cba57bb-ba0d-430b-86ad-629783f020e2", "value": "T193C4BE4573B49E31E86ED2B82429219CDF78B43E64A6E21A1F5A34D11E60F77771F203", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680170, "uuid": "4143da1b-a113-45e0-8a39-01d4c8b4bb90", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680170, "uuid": "eb257773-aacf-49b6-aaaf-81cd2b1f6df1", "value": "12288:TDp8ukBZFz8WAKVqb9OS2VUaFBiB5b4DHy:uu0Xz8PBYU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680170, "uuid": "58c00236-22e9-4e1e-bf6f-b273e25068f6", "value": 584192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680170, "uuid": "c373c63d-504b-49b8-99f5-6bc71857cf03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680170, "uuid": "49b8ece6-4ef9-4c73-a2b4-771f0b25fd7d", "value": "remittance-slip000957484.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6825f8d-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694121, "uuid": "e6b42033-d3b0-4016-ae54-2bf5c8e04df2", "comment": "Malware payload", "value": "75cea77e4aef0b9639cdc64e7a58e0d0", "object_relation": "md5", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694121, "uuid": "7f761227-eea4-49ee-8247-b46a606fe885", "comment": "Malware payload", "value": "72ed2917e47372de0e04e6dbc77c6e818907b63047ecbd664cf2843097af2785", "object_relation": "sha256", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694121, "uuid": "cd2c7291-608a-4aec-be76-670677b16e2b", "comment": "Malware payload", "value": "bc3c431e7a131d3d1c4f7daaa65310ee4f624a24", "object_relation": "sha1", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694121, "uuid": "868801de-59ae-470f-a84f-c2dadf734fb6", "comment": "Malware payload", "value": "6eda43eb963e2f482b0213a990a7dc7bfedcc100844ceb1980b9aa2820772e1a61e9b4f97823af311c1a3f56726f09a8", "object_relation": "sha3-384", "Tag": [ { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694121, "uuid": "f1b79a42-6323-48d9-ad4a-57a174a17694", "value": "T118F059146B6E93594EBE717CE184A8C3F529209A512356E4E78DC20D20E18108678BA2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694121, "uuid": "7e45744e-72e7-40a6-a7d9-4303ef0d92aa", "value": "12:s+qsPAupJycfj1K5lYgdOatUXQ78dvMn1:ssouBx8ldOatUXQ7kkn1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694121, "uuid": "889796a2-bc3c-4aec-b503-646695259049", "value": 513, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694121, "uuid": "7b8a99b0-aac9-4907-acf9-b1c55ab19b51", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694121, "uuid": "384161bd-2bda-4540-8928-f0ef9df2bea8", "value": "72ed2917e47372de0e04e6dbc77c6e818907b63047ecbd664cf2843097af2785.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f5bdc3f-254f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689673225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "8c2de1cd-bb5d-4e21-84c3-38430a7af3a4", "comment": "Malware payload (AZORult)", "value": "ab2200f5e4c9681fa4fe25222273c6e7", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "9ebaac49-1fe6-4844-bbe4-29bb2e99f290", "comment": "Malware payload (AZORult)", "value": "72ffc82b01f8ac87e36ff179df7806f66601c65c60f477b9bbcd2cbbd812dc92", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "a63ad89e-ce3b-4a21-ab29-f77a640652fe", "comment": "Malware payload (AZORult)", "value": "a7666c9ac422d604e2d80201a92b2b3eabca2665", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "b51f935f-61e9-4f1e-9353-425fcffd8010", "comment": "Malware payload (AZORult)", "value": "2d8ecdedb6368b05a12530ba8b9df363bbf6dd9148e7906551cb36940c99f54967884d31109a13c76216d7a9617bc3ec", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "f3634ae3-aa75-4148-b813-9dc419341212", "value": "T127E3020A3151D8B3DB7706B3697B6347EFE5D5125052868B2B84BFC774A62C3C18EE82", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "d52eeda7-6ea4-4f7f-b0dd-9e3ab48f583a", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "6763c9d6-2fed-40a3-a1c2-ead823517aa9", "value": "3072:+NzPHk9MpcQbYEbC/fKhoY2g8e75McB/K3O+jlvs+:+hRFYxfwoY2xe75vyVF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689673225, "uuid": "a6075852-06cf-4e56-b6a5-84d0ca4adcaa", "value": 153956, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689673225, "uuid": "a63b785d-a48a-4f5c-9891-9fd927726b3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "df868951-d485-48cc-bcad-104642435f06", "value": "DHL EXPRESS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bab658c2-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1689672627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672627, "uuid": "362858ae-f729-4e86-be9e-3319035de528", "comment": "Malware payload (DCRat)", "value": "a3893ff6244ac5198d5ff2f6463a5a45", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672627, "uuid": "5c67e128-4970-4d60-b244-15d1c3728100", "comment": "Malware payload (DCRat)", "value": "73387abd4f9966ec875dd96feb2f8ea23743564ec817c11e4d311588a8a424b1", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672627, "uuid": "d3996025-66b8-4ca4-a458-78a106316565", "comment": "Malware payload (DCRat)", "value": "20e5a8dbab21667a0cb32f600e9df4f09e29c331", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672627, "uuid": "2d0a9792-d8cc-4930-9b5f-c7a62105b4e1", "comment": "Malware payload (DCRat)", "value": "1358cfbc142765c56e83b1b97a96c1c6815a0c752bb6a15f35758849d47bdfef785e93001fc24dd60702044466c37b38", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672627, "uuid": "2a9243a3-3215-4fb2-896c-331c44623d6d", "value": "T1D4B633506549C9B2C087443046E1CB933FBE38201B259BD7AB947AAF93F79E2DD283D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672627, "uuid": "9ec1d6fa-25f0-4823-a054-6a34877ae461", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672627, "uuid": "acd96d50-eb61-4584-9152-84721798e937", "value": "196608:AOqwcXTdr+WZ8VRWwIs4j6axmYFPQLf9XEZcL0M2bkPI8IUjKkVvBnZbIr:PcXZ+WZNVbj67yClXEoXwHk1bIr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672627, "uuid": "670de4c2-1889-419b-8db0-4326638ac9e6", "value": 11417803, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672627, "uuid": "373134ed-3c5a-4d09-95e2-7eec743c639b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672627, "uuid": "085f5e89-109e-4cf7-bc2f-cb7730768d5b", "value": "a3893ff6244ac5198d5ff2f6463a5a45.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "569d4fff-2578-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689690927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690927, "uuid": "685f64fb-73dd-4d73-a969-351d91e32e15", "comment": "Malware payload (njrat)", "value": "067797f702b8ce0ae731ec03c76d04a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690927, "uuid": "ed537f76-bba5-4278-b80c-68b60f5d0940", "comment": "Malware payload (njrat)", "value": "7497acc615b03c47eb8d1b79ec1c316d4dc5bc224753efcc94a6f3eb16e0851d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690927, "uuid": "912fff61-f3c7-4bbc-b840-ef4be7c83d3a", "comment": "Malware payload (njrat)", "value": "c692bf63fc448e92cc2594496937be3c89be7990", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690927, "uuid": "44cdec02-0a77-4fba-a45d-6dd1a6a024b1", "comment": "Malware payload (njrat)", "value": "1f644fbea725f65334cf0a6fc98474b334982989c525f83673bb571ac99a952e9a1410b08dc2025d67f3abe3e12143d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690927, "uuid": "7d899ffa-2489-4c54-bfae-d33fe7494965", "value": "T1ECB4F102FDC185B2C5310D325A69AB51653C7D201F248EEBA3E46E6DEA341D1FB31BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690927, "uuid": "d1a852f0-c36c-4350-9ea1-d7e468383ea3", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690927, "uuid": "6198bd34-bef2-490e-871c-10a0029bc7e1", "value": "12288:8zxzTDWikLSb4NS7ET+tG1XIpeSi5MTkHiZhX:6DWHSb4NhepeSgek4J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689690927, "uuid": "990dbc1e-c539-4f29-83e7-afcec0e89ff7", "value": 503020, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689690927, "uuid": "7c761612-cac6-4120-b133-dd1a9a21a26b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690927, "uuid": "a9e3609d-6918-44dd-bd67-7533bba0f576", "value": "HEUR-Trojan.Win32.Generic-7497acc615b03c47eb8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aee8dfb-25b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689717080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689717080, "uuid": "aaf9b162-a446-447c-a868-b319e95dd381", "comment": "Malware payload", "value": "f4c8d0d7ae61dce74a33f5dd6af9ac5f", "object_relation": "md5", "Tag": [ { "name": "Adobe", "colour": "#A47D8A", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689717080, "uuid": "f00bb8ee-ab15-4276-8190-bb8079c8099a", "comment": "Malware payload", "value": "74a1fe6b07a0752de53cbbf020633407b370997330209dc11b3f02c30f8b9d38", "object_relation": "sha256", "Tag": [ { "name": "Adobe", "colour": "#A47D8A", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689717080, "uuid": "1951a461-4829-4215-a0dd-34226009a4f1", "comment": "Malware payload", "value": "838f7e684246ca1ebf11e105b7d32d5609bca155", "object_relation": "sha1", "Tag": [ { "name": "Adobe", "colour": "#A47D8A", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689717080, "uuid": "f817db4d-15ea-40ea-92f7-7f7550b21329", "comment": "Malware payload", "value": "651a15b4d02267540eed18066640b19d8811e3c0703e0e56e03d88170dc9b7fa7392a27e2644ef7d7ac1b59d6aadde50", "object_relation": "sha3-384", "Tag": [ { "name": "Adobe", "colour": "#A47D8A", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689717080, "uuid": "50fc9fd6-7576-410d-8a75-bac7818c2a18", "value": "T1C164F17EB20D154DB7A60E2AD27C5181DC8A6C23DF8DC506BD893B8DBF0B671D431A09", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689717080, "uuid": "329e7ab9-0010-4544-be00-b43b39912423", "value": "6144:IIoIy35Cn1Loq++BgjNgHfI0jr5pmQGVLNdM3HbQWHpVOiFe0Qs/Hrlu:I0y35Cn1r6N45pXoPMfkiU0HvrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689717080, "uuid": "37906355-b3eb-44ff-be74-3d284d6d9d31", "value": 326844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689717080, "uuid": "07da8434-0f79-48ea-a1ca-30d9dd276ec3", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689717080, "uuid": "da649795-e74c-4fc0-8d30-ddb2a8cc265f", "value": "adobe_phish.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "607a2602-255d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689679347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679347, "uuid": "81600c9b-e314-4ed2-b9f3-eb3124de79df", "comment": "Malware payload", "value": "0980293d8cbddeca4cf4022b62102f82", "object_relation": "md5", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679347, "uuid": "5aa3a48e-5c64-4930-88d7-fb73a81fecc5", "comment": "Malware payload", "value": "75d73f0da49ae0e87420eb7cf535a53b4ac8ae7b9df9ee4bb6c9a5b8f22442d1", "object_relation": "sha256", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679347, "uuid": "ee7cbfd9-3327-4159-a520-5f749ace1781", "comment": "Malware payload", "value": "7182c3c5b5d5b0d0e3af18ed842bca9dbae5be3e", "object_relation": "sha1", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679347, "uuid": "019369c8-8835-44bc-8166-ac5af89c7727", "comment": "Malware payload", "value": "9a554d23812e83ab4026c4ff440f801b87ee2b5794f34faca049507fba6aed04208eb4fcc2b99821573e47b2517866df", "object_relation": "sha3-384", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679347, "uuid": "3473e0fd-00f9-4bc8-a4ad-020545878b5a", "value": "T1F44633EA7FEAD8E2D805A0440FD27B966E9FD07509367DF8D298F8314D7612B22D8470", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679347, "uuid": "62745782-93ed-4598-96f5-0b0b3c32dee1", "value": "98304:8LOuxL4RI1BcI1wg6tybm64N8oAGOWO2zo3YBMSRimmTYf062iIF0X/DYJ9l81H:vuxhj1r68i6ToljvsYBMl62iIF0XrY2J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679347, "uuid": "07244f2f-cce3-473f-99ec-7ccb80e62f44", "value": 5687138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679347, "uuid": "2e8fd4a9-0c1a-4670-bafe-42d044a63841", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679347, "uuid": "a9c89a9f-d359-469d-8f80-1e806d8c866e", "value": "AiGoogle Install.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f54619a8-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685610, "uuid": "f602a55e-fa89-4fd0-a094-a6ea9971bc39", "comment": "Malware payload (AgentTesla)", "value": "134d6c37f2edf74d9a21b3b3c545315b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685610, "uuid": "a2dd8f3d-6265-432e-91b4-ce83135986fd", "comment": "Malware payload (AgentTesla)", "value": "75dc109cb1489fcae33f5d991fd6cd9307287630afc73dabad40b2045774c184", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685610, "uuid": "f1813adf-3b9c-4436-912c-caffbe3aa3a3", "comment": "Malware payload (AgentTesla)", "value": "933d9c9a0ca720a111c45d9f169bc79427fb25a1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685610, "uuid": "6dd8b88c-b5a7-4f92-8f6b-cfaf064e03f7", "comment": "Malware payload (AgentTesla)", "value": "e064a5002cf2f18568ae9b45bb4a055e008b3fd606452aad019a15f727116cac66afc5dd0633049c565de12952ad7e91", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685610, "uuid": "f8b6a1ab-5eb3-47e7-8ebd-0be009e3d5c2", "value": "T15513905EE79F02648F5112B3171A0E8996BDB23EB35151B1386C837433EDC3D46A6ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685610, "uuid": "ec380aa8-c631-4cdc-8cce-2fac100c91c8", "value": "768:OFx0XaIsnPRIa4fwJMNGZ0squBEydKx48wDIjHZN46Bzxl9i+/:Of0Xvx3EMNGS1uBEp4TiHZJRxl9i+/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685610, "uuid": "f97b9fbf-a0a8-4707-9082-e569dba9d61a", "value": 43390, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685610, "uuid": "80c4618d-573c-4898-ab56-2b4735d41265", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685610, "uuid": "d0748a87-b86c-4902-b043-43130f9c491b", "value": "134d6c37f2edf74d9a21b3b3c545315b.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1944ee12-251b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689650881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650881, "uuid": "f9e66c12-ee18-44da-b81a-99f79ae9c066", "comment": "Malware payload", "value": "d07d6b44b4c5e25f1fae8f8c071203c8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650881, "uuid": "5f5cfb82-4655-42fc-affc-5c186c15ccc0", "comment": "Malware payload", "value": "7609f887b65dea122ef987ba18fc3793adad7f24d8d2c081650732d13c7611a5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650881, "uuid": "fe7e87e2-4526-4f0f-a6b3-71792543e887", "comment": "Malware payload", "value": "550e11cffc97ac0807b04ff92f1b6d3906a856e2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650881, "uuid": "4c3218f8-2524-4f1c-a86f-13ac22ae30c7", "comment": "Malware payload", "value": "9dd32fdf837ba273619a34f5a3facfbf1183bdbcc6e618c301bc60f3f71ef72383dffaaa86634da1d4db4f17698d8ff8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650881, "uuid": "68075a0f-fc1a-4a0e-8bd2-e73185ab3709", "value": "T1D5526D3A97CB56DAEE770FBE5A9F2818411523A147590AE32692440D8DD0EE3F1727D0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650881, "uuid": "d5f5e77d-3c9a-43ff-bf0c-7e968645a9d4", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650881, "uuid": "101a2da0-2691-4792-bb12-9675b036a6e9", "value": "384:CK7IeDTtJLQb5z8T5abu6JafCOyhr2SZjPsPS:dTtVQ98lo9OyhiyjEPS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689650881, "uuid": "1b553cd1-4d26-4212-bd7d-cd01ece64cfa", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689650881, "uuid": "870961d1-2ae1-499b-955d-b68d187fd134", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650881, "uuid": "4cd9d8d5-ad8c-475c-8e42-a21142ab44b9", "value": "SecuriteInfo.com.Win32.PWSX-gen.5533.22426", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9ba6fc9-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705293, "uuid": "4e37d8b4-5889-43b7-accd-a4c768db9ef3", "comment": "Malware payload", "value": "c435ad40facda2939a8bd55134f620f5", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705293, "uuid": "9aa2daf8-1b15-4b1a-b62e-6e2bc92b01eb", "comment": "Malware payload", "value": "7663bcaca2e5925507fdccb8ef23c1300d2170006d364a6fcfd209911a76ded4", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705293, "uuid": "ee218336-ef20-4e8a-ba46-a24a001fae0d", "comment": "Malware payload", "value": "7511cbfaada850373cbfb410bb16a44a49ed94f4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705293, "uuid": "3ef3089b-0df6-4324-abc8-0fb1308e198e", "comment": "Malware payload", "value": "a9c603400f45380cf942278db33cc8dbd5f86d2816c3c09ee621e96b00b165d700108ed4a544dc59dd6ffbdacae3773c", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705293, "uuid": "973cc5a8-be61-4f87-8ddf-cf429fb91353", "value": "T1CB222127B75CCA3BD18C233C5C974324B671A50CB34107A33A2E56196F836D9AA267DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705293, "uuid": "a4d954c6-af7c-4862-8f64-5b64c7ad38c1", "value": "96:7Ygoa9BUxDqS//MoJ9aOpskaPjtMvajzgv27PG88888888888888884zX+ME8EY9:Boa9+DpxJAOpDHAXFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705293, "uuid": "59b2fcff-d539-43f5-9aef-04b951953216", "value": 9992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705293, "uuid": "d7223580-2515-479f-9656-98246418d5c6", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705293, "uuid": "4c14ef17-7a8d-4796-9bad-148e324d1bba", "value": "SecuriteInfo.com.HEUR.Trojan-Dropper.AndroidOS.Wroba.p.28235.7279", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a340f2e-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689686719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686719, "uuid": "0e8c8609-13cf-424b-bf03-a50e5ff743d0", "comment": "Malware payload (NanoCore)", "value": "09c7f0cc2c672d501a4772267b7086f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686719, "uuid": "69ec3862-9760-4581-a239-13a8fdc1fe8b", "comment": "Malware payload (NanoCore)", "value": "780d049994ab5ffe68311633d44a7d807e4db84717d1c182bbda4edb5edc5531", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686719, "uuid": "33aa9652-5e2b-4d58-92e7-1c401da74334", "comment": "Malware payload (NanoCore)", "value": "1e795b46eef59d26aac4f0b03aba02a8420fdd00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686719, "uuid": "8b6214b3-81ca-45cd-849a-b534fb2dbb40", "comment": "Malware payload (NanoCore)", "value": "f53a7933e86b24740e0bb9edc3f045b52442cf5bd50301e58601d8e8a73fd39792c8a5d6bd47d54f8a916d29e59bc89a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686719, "uuid": "a571d6d8-70e3-4eaa-9e46-c34f83c1d043", "value": "T185E422582DA9D423DA5F3F7B001122B6C26A8DE4B022E96B4C4DF4EDF71D68F4990B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686719, "uuid": "6f3561fb-913d-4140-8c52-9377844aaf17", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686719, "uuid": "b07848b7-3649-443f-9ff0-7814de466e53", "value": "12288:3mAY2kcdbL4EfWyBgOoYEwwYugT7/hVB7eCOX3PWIYAX3Eu/J8PRw:WN6GEfWyBuYNv73ZeCOX3PLYluBeu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686719, "uuid": "a59c65ef-536c-4f2b-bff2-b35f63e04a26", "value": 668672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686719, "uuid": "b7ec55db-2ae3-4b72-85e6-6beb43e5db3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686719, "uuid": "dab0c0ee-1e75-47b8-a4d8-285747f2a553", "value": "09c7f0cc2c672d501a4772267b7086f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb743a94-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705270, "uuid": "3d4db676-6689-4185-b557-9fccf8df229c", "comment": "Malware payload", "value": "386cc3677f14f7a1a13ed6b3ebfa6b93", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705270, "uuid": "9850eecf-e877-4052-a310-47eacf1bda5e", "comment": "Malware payload", "value": "785b2a3bae21b0829a762f63f440f4c5a8e3a0ae05d69e51cbcd508ba9fbf847", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705270, "uuid": "f614f862-eee0-4925-895d-be5355ef9c62", "comment": "Malware payload", "value": "0a7f80660d58861f4c754569f0954570c294bae6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705270, "uuid": "d775cfeb-ff08-4a0e-9f70-3a031256da1f", "comment": "Malware payload", "value": "3dc4cfae79f92679077c824c94b9fba1c4d3c7ceeab0d901697ddf66d349fe5333c00ff96576e642f9d000874220f6ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705270, "uuid": "f934e650-bd4e-40cd-8549-789a8263b4bb", "value": "T1C7835C5174D1C472E5762D324870C9B05E2EFA754E719E6B3798423E0F343C29A2AEBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705270, "uuid": "001a666e-7ddc-40af-b281-0bd913335720", "value": "87d23666eed4de810d9f30f0a8f34ab4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705270, "uuid": "686f661a-20a2-44f1-afcb-7375e886d218", "value": "1536:v+AJHMGR4DGjFpK5sFtNTphbr1Rw4Ilp+rUmqpQ1VGHDubmfs71:5HMGR4oX9tNTphbr1Rkp+r9r2SF1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705270, "uuid": "7fcab825-bef2-4bbe-9c7d-3a98193a509e", "value": 82944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705270, "uuid": "f3ff2336-aa35-4180-8c59-c5a3b9a58f60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705270, "uuid": "4594b899-c951-4b1e-9698-df42227ff080", "value": "SecuriteInfo.com.Trojan.Injector.DII.23968.20033", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7e38f17-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712135, "uuid": "d87aaacc-4d8b-4b88-a8df-33dd2b991ba0", "comment": "Malware payload", "value": "7e5bd6aa0f60db96146583549ecd5c2e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712135, "uuid": "ecc7ea87-3a29-416e-8ed5-33d8062aad3f", "comment": "Malware payload", "value": "78fb50b42092344d4246e4ae9b27f446bb4f738ec24063880c1fc672fedde922", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712135, "uuid": "26905c5d-51d9-4124-8f4b-d0ad2e85f5a0", "comment": "Malware payload", "value": "998d112803e9219d4a2893e33c577651002d5be9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712135, "uuid": "3dcec7b3-aff4-4e4d-940b-e2b02045a13d", "comment": "Malware payload", "value": "eb21ebc4235549617ca59a45423f0ec49acedf7f2f433198dbbf8f88787b48ab62c9c2b2eea6a58ab8d0ad8c6b1c39b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712135, "uuid": "74305895-2efb-4191-8e93-6fa210ab3ac7", "value": "T14FC24F58EE40D778E5C38ABC069B9E78A83D3B99691470D90651073F302E7E407E58FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712135, "uuid": "ba1570f6-ec9e-46f8-90a4-856d7d5838bd", "value": "54ca733c00f525cb21425b023407aeeb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712135, "uuid": "f8c89459-5653-49f2-bd85-7e3d95ae12dd", "value": "384:3+MfNc5R8C/nq1bINzKknZBpTG+dinKLk+/XjSCDDMI8tcw:3+kN2nq1c9KEZ3YKLk+/XjSCHu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712135, "uuid": "1932f320-d446-49cb-a7ef-9158211bf9b0", "value": 27136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712135, "uuid": "96fda003-7556-42a9-8ecb-729a4df482ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712135, "uuid": "89157181-5d44-4f81-87a2-3b9e48e2a1f2", "value": "SecuriteInfo.com.W32.Heuristic-162.Eldorado.29121.190", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c097007-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689680145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680145, "uuid": "18bea614-8ca0-42e2-b65f-8ce574258dca", "comment": "Malware payload", "value": "fd17d5e1f7778cbc8fa1188ac7da59fa", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680145, "uuid": "a4cc0984-362b-4321-92df-86ae78121cd7", "comment": "Malware payload", "value": "798ca3d1ca400865fbef12dd12e057b3000eb86a4ce9393360e5573039e5ee74", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680145, "uuid": "9c5642c0-3d05-406b-a637-a7441b43c3ec", "comment": "Malware payload", "value": "86eed63139190762010f7270daf63a9f52c03f18", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680145, "uuid": "acf11f36-38f2-4f21-a393-5eaaa24b6d1e", "comment": "Malware payload", "value": "4213a3f3e7ef0bcfbdb6a95cc38b46bf16ad2da5a83f623ad597b1ea0106b9ed8701d66f593b4cf5f286e04eefc8c1be", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680145, "uuid": "f5bd7615-b77d-4e7f-9022-28eed4f913e7", "value": "T11DF433D6E868B3F4F76AEB39C34330113686B34899008C8B61B0B1655969F4E7D5D737", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680145, "uuid": "d5a51021-b0fc-4412-b30e-84048330709c", "value": "12288:eML7nvXmvF+q15RjuBEoPplSJd7f7cgtRD5mwCb/f8fnmki50AsJNhi4fhhnz6o3:bmvFR/SBEoRlSJ1PtRZCbe6atZhnz6aN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680145, "uuid": "2d97c12e-7d09-440f-a066-d3fd8378e5e3", "value": 741938, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680145, "uuid": "cc0ca2d0-2308-46c8-9091-24b97a95c985", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680145, "uuid": "6ef6f297-b81e-41f7-83d7-83446fb4bcc5", "value": "Factura Proforma140723.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e09d14b7-2500-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689639619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689639619, "uuid": "00f2b250-1c86-4777-894f-5d3fab1d2fe9", "comment": "Malware payload (NanoCore)", "value": "dd43a149d982fae6460328f0583f2b97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689639619, "uuid": "75a338dd-ee71-48b1-919e-ece61ae6739e", "comment": "Malware payload (NanoCore)", "value": "7b5bfbc787d75cd1d8035161fd5b9139f3133f93d295e26cef10f677d9e2c879", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689639619, "uuid": "953503e6-ab8d-4835-813a-238dfdb8e569", "comment": "Malware payload (NanoCore)", "value": "a76202a8e9ce38278726f09e64437df417f60085", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689639619, "uuid": "68e0b266-c0ba-44bc-91d5-bb0c13252c5e", "comment": "Malware payload (NanoCore)", "value": "4f00392e00902bead806681c6c11be98bee69c9cea41a5dbde5f9a104b775da30792fc6cd52307d85c9a7b396482ccee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689639619, "uuid": "2df45d97-9a28-4ebd-afce-1fc41be43703", "value": "T169E412835D5CB517C4984B373A69AB0D111B9F8DBCF5E38B1B8EBEA8F3B76840111492", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689639619, "uuid": "30cc2b84-f4d5-43e4-8779-582e4c8fa389", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689639619, "uuid": "4844c8cc-69b7-46b8-86ff-f9751b0ddfd3", "value": "12288:8fb/WT4UkuZbLgi8UFmHCKQTBwrpdzWXYwwgziF9/a:8fzW/ZbLiCK4BwNdPd9C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689639619, "uuid": "e2f9793b-c0cc-4262-9542-3be3c8ed01e9", "value": 711168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689639619, "uuid": "6518cf4d-50f5-4313-9ef0-d96725237723", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689639619, "uuid": "bfb19ac3-bbda-4d86-b914-2683a591aebf", "value": "imag277.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f84a5866-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689661133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661133, "uuid": "70b0a89c-a39d-45b2-8f87-9d17d6d5fc8d", "comment": "Malware payload (AgentTesla)", "value": "479e992a7ce7706ebd31a56f0d126f4e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661133, "uuid": "e1b86920-0da7-49d7-8639-22da51b62271", "comment": "Malware payload (AgentTesla)", "value": "7c58eed1d9cdea2185170b62d033d2ed11347277f9c9853b88ae16fde08fd332", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661133, "uuid": "68e7a9fd-cd86-49d6-aff9-b2a430862ca5", "comment": "Malware payload (AgentTesla)", "value": "2181b6fb66d9cdf80bf72eeefbd944394818e678", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661133, "uuid": "ae6f56cd-4555-45c3-ac36-b4b08828e5da", "comment": "Malware payload (AgentTesla)", "value": "3c08a90b2a6948fef07df450f198dd3120fbffef2c871e5061cd0813610e1f2de756ca4a4506ce8789ad7508932ee1fc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661133, "uuid": "67193a56-6248-4dce-8598-5cfd36c09309", "value": "T182036D5AE38B02A48F551277571B4E89AABCB33EB35454B1346C833433EDC3D4666ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661133, "uuid": "95f01b07-2012-42ca-bb59-1b8a4d0b6221", "value": "768:nFx0XaIsnPRIa4fwJMRWtP633NF9Qwp/C1IbYS9i7U:nf0Xvx3EMRWoD9QS/CSbfio", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661133, "uuid": "b1018aa7-4d95-47a9-834e-8299c1744c0b", "value": 40298, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661133, "uuid": "f5235e8e-b63d-489d-b515-dc2926fa346e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661133, "uuid": "b3eb9525-8280-4ef1-b97b-154c8160dd78", "value": "479e992a7ce7706ebd31a56f0d126f4e.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47407e3b-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662125, "uuid": "0192f5e1-a87a-4c10-953e-ff2107dc2aca", "comment": "Malware payload (AgentTesla)", "value": "c03d3f3fac3615256c7c0805743819a2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662125, "uuid": "584dd265-d695-4e48-92d5-ecb3b340c302", "comment": "Malware payload (AgentTesla)", "value": "7c9d8f3b2f5bb94e50c4d1aa0e4136851e5671d211584abce1a6879933e916e8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662125, "uuid": "f50b3be8-b379-4d45-89c0-b5740c6b8635", "comment": "Malware payload (AgentTesla)", "value": "edb2096b1065550825ace73f5450b2594de35d2b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662125, "uuid": "7020d1fc-b3c4-41b1-a2ab-cc94ba205b0e", "comment": "Malware payload (AgentTesla)", "value": "61e6b19143b67ad994cbf47b2da0a9aba17004be6ea23b98b7e3584666d56c8ab088a81b8cced698e02b9002a085b47b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662125, "uuid": "500d5562-93f7-43b1-8459-3a1a09cf0e61", "value": "T11B84F1267B01C567E3D40730ACB9D63A4770BD283D519A0777D9BFAF7E363A4880A294", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662125, "uuid": "51d9c46a-54f8-4754-bafa-b374b2cf8f3b", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662125, "uuid": "fa3b1c93-8ef7-49a7-a35a-20a8633afacc", "value": "6144:CPXoDQpcUz+TfBDma1bMPeakaPMbXtuYv1m6EIzF8FihlIn8HdmD:aWDfhhBXtzv0fA8FiLIIdmD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662125, "uuid": "5f9b70ce-9fab-40f8-809b-051994dbbb09", "value": 400488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662125, "uuid": "275ad9b4-b860-4bbf-bea2-f2be43e848cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662125, "uuid": "bed5b150-ca3b-4fd0-a96a-d8a7c605c092", "value": "c03d3f3fac3615256c7c0805743819a2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0422322-2512-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689647296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647296, "uuid": "359169df-9241-47c8-91d7-1445962ec374", "comment": "Malware payload", "value": "3fe678300ec39493d2e7df470ce75ba2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647296, "uuid": "2f759e4f-74cb-43ee-ac61-b2d855ae6e89", "comment": "Malware payload", "value": "7e1596372ebace6e25be388de7b4a86d54493c75e2b3f68905261395cf234345", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647296, "uuid": "d27bb021-913c-49d0-b68d-d7425109230b", "comment": "Malware payload", "value": "06f09bf6bde364b3da654d3ca413ae7a4876bfe5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647296, "uuid": "9476dca4-f2e3-4068-a1bb-2bcd316760fe", "comment": "Malware payload", "value": "f4d8df8468cf018553e497bba94bb1de75cb98b730a4867be3e6d1ea6c98117512a63db502b05760735152f3b2c44fdb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647296, "uuid": "8406fdde-75de-4449-9eb6-4f967b0d47f4", "value": "T124325C3D930303B6DE7F193E6ADEA84C0925A262475D25E353428C0E9DC1DF3F6B2685", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647296, "uuid": "a0efdd67-4d19-4104-8c3b-52ab759a9501", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647296, "uuid": "5fc5177b-5643-4866-a9db-98592e4f022d", "value": "192:QIZ7OiTGdoTtXiA35+7Vms6ZWbssYoj54xSHMjp:QK7NeoTtBnXkbsy5ISHM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689647296, "uuid": "4b251f1e-67e5-4786-9e14-a231ec21b1da", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689647296, "uuid": "b62468e5-1a08-4110-8ee6-818723ef1f27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647296, "uuid": "452c9f74-8b4b-41f3-bdee-5bc053f20dee", "value": "SecuriteInfo.com.Win32.InjectorX-gen.11074.14013", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2fbc73e-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712127, "uuid": "ccb01ce4-19ad-4ea1-9b2b-ba844bee88e4", "comment": "Malware payload", "value": "57b15b13793eb2f1c266a813f14f1db2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712127, "uuid": "175f2562-ffdd-4ae6-8a9f-a7524dc1b1a9", "comment": "Malware payload", "value": "7e56abd955946f49ffbb6a5b00913b7f795bcde8e0dd550a77e6c7671e4b63a2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712127, "uuid": "14c874b9-da51-44c7-ba37-730883e7cb2b", "comment": "Malware payload", "value": "d47b1e3343e67411c1cf7a927c75853d673c6747", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712127, "uuid": "6a10b864-e011-4af0-9b1d-7dee058c733b", "comment": "Malware payload", "value": "c8f8644bc45d2964b04a3ba93f60dc486f3e646192f82d5b87b92cc2bfa0385fef03defa14e462b4c11e3972d933d0b3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712127, "uuid": "7e830fc9-e8a0-4893-b261-9d091b28b31d", "value": "T1041533E60DB03955E6F9BEFE192135204D05EF3949BA424009697BF6AC332CBDC2E01A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712127, "uuid": "7ac0766c-55e0-4568-ac6d-462906b9cf5c", "value": "2eabe9054cad5152567f0699947a2c5b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712127, "uuid": "03397bfd-27a4-48d0-b9aa-985e1f116edd", "value": "24576:LzHNTFS+/pcvpsxix28J0SczfErz8h3tFrWCuXo9:XHKKpcvpQLSIfqmPrx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712127, "uuid": "d22f7993-34bd-473a-95c0-fcd88e87acb4", "value": 892928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712127, "uuid": "0565340e-67fa-4150-a1b2-3be6a5817594", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712127, "uuid": "0fcf817f-d44f-4a70-9a45-531a9013e1e7", "value": "SecuriteInfo.com.HEUR.8455.20870", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e193edd6-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689672692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "dd10d5e6-197e-4a4f-890f-2bbc1c5af285", "comment": "Malware payload", "value": "57f845f834d0882cbdeff71cf950d804", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "c483b60b-47f1-4b0c-b97a-2f8adc64fe0f", "comment": "Malware payload", "value": "7f1e32d24defa7c69a8f14a9b910a4f59ca71ceb6b874ee754f407723cd46b52", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "1ca5e073-d889-4eb0-bf60-59bc4de89714", "comment": "Malware payload", "value": "cf845fccfaa013250496ff71812e0bc6cdb07a95", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672692, "uuid": "ebdc6ed7-70d0-46c2-919c-738135b8de92", "comment": "Malware payload", "value": "3861ee25848f439e4f7a035b35d06a54f0580eec275f94a1a2024996bf4e81911e102de18dd12a13085bb186ea93b956", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "7230259e-f19e-4cef-b329-4637a5c26711", "value": "T18DD533FBC978AA95C04DC43F1AB66A35D62D786C9F5C59109C4217C81C8BFFF8E86122", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "a9bd976a-517b-4e1d-9844-e0545863691b", "value": "e82dd51b077167be63c004bed23d0c1e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "b388e5c7-0da8-4752-8a7b-786937460a50", "value": "49152:rbuXAmSb3E/RwR1SAwLzH4Afl3uhkdKLOJh43SbA8bhWGffx+qDC/:/uwmS7Eq1SAozYUl3u9Yztbhfffx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672692, "uuid": "e3f01ad0-e266-447e-a0b1-47668c6f27d7", "value": 2792448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672692, "uuid": "c1983ceb-d4a3-4e60-b2f5-545a8e3a46a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672692, "uuid": "ed9cba7f-c7c1-4f4c-8629-82d671ab9ad5", "value": "baha.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd5c0d39-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694159, "uuid": "2193d35f-1c3f-40c5-8969-751edc479fc2", "comment": "Malware payload", "value": "73836e31d7c9b2de278f375d9c878c61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694159, "uuid": "a1c90103-297a-48cc-ad03-f035d81590cf", "comment": "Malware payload", "value": "7f3d3fc5cb86205af5252d9b10035dcaba7d726d93644cddc86962465c91a5e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694159, "uuid": "e2dc38c9-37b8-45da-b7c1-379082339640", "comment": "Malware payload", "value": "82475985a4bd1c2d7e3549cd1e7b489d8fda3984", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694159, "uuid": "d251502a-28a4-49e9-a03e-5a1488304900", "comment": "Malware payload", "value": "bc66a2d02fab9caa4defe84a23f44f9ab85105d2034270a2f126308f145d9f2458536e95c350fa2f8a07fdc8e657cdf4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694159, "uuid": "32f4a78d-f4de-4cc0-ab2a-e5e153f24cd5", "value": "T13E869D0AE3D106D6E42BC630C92AD733D7B1F8661735E31F1814D2461F77AE28EAB265", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694159, "uuid": "23e5f55b-7bf4-428d-af57-59b475f051b1", "value": "572ea895b3fe6d98c3f4f1f93481f81b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694159, "uuid": "79498374-59a5-4b2b-8771-d8cdb879505f", "value": "98304:Cax/iwMYcvO4IPOTHXexjH2ca34XUHjpEGqOJ0:rxKwMG4IPgHXexusUHjpEGqOJ0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694159, "uuid": "742d2cc0-bec5-4ead-9773-8b55d308a6ac", "value": 8595968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694159, "uuid": "e68814f3-a624-43e3-a8fa-335db07fe4fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694159, "uuid": "93c91c1e-07f8-402e-8933-90c5e67d3550", "value": "7f3d3fc5cb86205af5252d9b10035dcaba7d726d93644cddc86962465c91a5e3.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67eec825-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1689662609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662609, "uuid": "353e692d-60e8-4894-87a5-08cd50986563", "comment": "Malware payload (QuasarRAT)", "value": "8bf941fe11f5fd2ed9ee4af6f7fdeab5", "object_relation": "md5", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662609, "uuid": "4e98a474-d382-4f7c-bce6-4829b730bbed", "comment": "Malware payload (QuasarRAT)", "value": "7f917c73bf60293d433f8cfa6ca652360277c981fc6c9368b218b38e4a9594c7", "object_relation": "sha256", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662609, "uuid": "ff45a87b-b9e3-4498-995c-308fc3806396", "comment": "Malware payload (QuasarRAT)", "value": "2c86a15a80f13f38fa4c0e609c4ab22f4d41769b", "object_relation": "sha1", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662609, "uuid": "6ca9e027-a65a-4909-8aec-fa91a96ec476", "comment": "Malware payload (QuasarRAT)", "value": "d3dbf05b5cc96fa8441bcaec4be72640d09a2a9f5d6b326a76485286fc235b760fb48df16a170080279d11b8dbf70a6e", "object_relation": "sha3-384", "Tag": [ { "name": "51-77-167-52", "colour": "#4CAFF7", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Nugeta", "colour": "#18015D", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662609, "uuid": "e5946136-40f6-42ec-a3b4-9105e06d74b4", "value": "T1F1C36C5B76A501BBE5B78239C8230A06D373785106B1DBAF43A4162A5F273D19E3EF70", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662609, "uuid": "e95fc2e2-caa3-47e7-9af8-cefb20cf71f4", "value": "e0db59edaf7c62a12d356292d6f1c286", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662609, "uuid": "600354e2-93a5-4596-aa7d-6c3284b3e75a", "value": "3072:bj1r45w8FGif8cfH8h3BMUDszGcX/HevqQckPxiTl8t:bJ78v8cGxczzHot", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662609, "uuid": "5ea6751d-bdbe-48e1-bb74-bd84a0470058", "value": 122880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662609, "uuid": "525b3058-18d5-444d-b0ec-025070895ebd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662609, "uuid": "04db796e-5e0d-45a2-95ed-ceb8dd6070f2", "value": "version.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0c33839-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689661121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661121, "uuid": "46975bfa-78ee-4be5-8d6d-9c328bc054f2", "comment": "Malware payload (Formbook)", "value": "90f426d0949aebe925d9f9fc922e2546", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661121, "uuid": "60786c08-f176-4dfc-9aba-2d456bf0b55c", "comment": "Malware payload (Formbook)", "value": "8007357fa8b52a81e6214a0fd1e138a9cf6d9799fbf599fe7e0776c8fa9b70cd", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661121, "uuid": "a4ae8cbd-2277-4327-8dfd-5817add0c721", "comment": "Malware payload (Formbook)", "value": "cce8695f0c9f91c051da1812cceed4811b229d45", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661121, "uuid": "c90dab1e-0b00-40a5-a116-63258d89010b", "comment": "Malware payload (Formbook)", "value": "bf81fb88873994a7db0fb1ae7fe72d9baf5f6b70d675aaecfee2d724ad3fe96b08492e605b1cad7192e18e3a218debfa", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661121, "uuid": "d05e6053-ed18-4f9c-bdc3-b639b2222777", "value": "T1C93423F132D083E2FB99C945448B614238BD0BDA51D48F4BE68F55E86ACFB4AC819F17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661121, "uuid": "3a03e165-f4f1-4f63-bb99-674fb0545cdd", "value": "6144:7EGzfmk4Y7JurwMQoENwY2aoSVcPys0qg+QND:7zX4gEQNHVjs0qgxh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661121, "uuid": "72887c59-094b-4b36-b31b-4e691baa43d4", "value": 245251, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661121, "uuid": "b2b82ea3-6026-407f-aea6-4f8ddd749b58", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661121, "uuid": "ff935598-8ced-4e66-afec-5a5d64f9397d", "value": "PI.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd613ecf-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689679959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679959, "uuid": "85466562-5001-401c-bf9a-26a2ecf15fe6", "comment": "Malware payload (AgentTesla)", "value": "72c4a37aecd31f2e1cb91574f983a8e7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679959, "uuid": "e6a1f5ee-689e-4ccd-936e-67c616faf5fb", "comment": "Malware payload (AgentTesla)", "value": "80cd0fa6562ae06d793faa5fedb70f78aa61b1e280e9cab225597a647f529812", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679959, "uuid": "4ba75f6a-638a-4182-bfd9-42cdde244f41", "comment": "Malware payload (AgentTesla)", "value": "395ee0a64dcc3a21a81410f0000897558c0bf541", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679959, "uuid": "d41963d0-6fcb-4509-bb6a-cf371b69a03c", "comment": "Malware payload (AgentTesla)", "value": "21267d9b6481b0d2be002f40892c44eb9a162ffa6fad59d3429de4e510d6876ba93d3967f531bb3d53865400dd86b119", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679959, "uuid": "4d19017c-39c8-43bd-a709-8794844b6a9d", "value": "T193326D3A4DC92E6FD216507650A43145FAB432A3523D990EBE70B999C9B538F6A003D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679959, "uuid": "46e5882e-f1c3-4c61-ae4c-dc134fceb1c2", "value": "192:pya0NtU8GWLARgZVPCK44AG9xXSJ+Ej77bJYpKwkKD6HWYtcWe8F9JHlVvr6Cvi3:pyXtU8GWLANK4499xXSJf7nJYpXvYtbo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679959, "uuid": "b812aa2f-1409-4ede-98f3-72b8434f9d3e", "value": 11083, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679959, "uuid": "3d37c9bb-7395-44ba-beb2-495edf4918dc", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679959, "uuid": "3beb1b96-0122-442e-a7d9-0cc942251483", "value": "SWIFTCOPY 20231707.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebcaf2ae-2523-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689654670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654670, "uuid": "556844d2-132f-405e-984a-d5a00e97c6f6", "comment": "Malware payload (Loki)", "value": "9d35d496dd09ae810b69ebdf8cbe2a7e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654670, "uuid": "4689728b-bb51-434c-8070-c740ce25a901", "comment": "Malware payload (Loki)", "value": "80d6d2c92cecab658cfbeb75c1735f4379d63a19d6a9c3637a17b58a2bb8788d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654670, "uuid": "b8749063-9f4c-4bb1-bfd7-f54ae3c45dc1", "comment": "Malware payload (Loki)", "value": "381800f84abe314c7deb6288a7b51d038253136c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654670, "uuid": "d66468f8-a89d-4e94-8278-addfdc60747e", "comment": "Malware payload (Loki)", "value": "0b0a6e0965cd8e34680ee92980753657f4ec91e5ae05a10619ecfe8bccc00aafd7a65938cda2ad6df8783cba9620c002", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654670, "uuid": "63679166-e07f-47d6-baf1-c9c63cafb336", "value": "T113E4E010362D5F13E9BD53FD9024962453FA6957622FC3588EC37CEF39AAF114A0292B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654670, "uuid": "119b2dcf-6c48-43f6-bb4b-8bf5afb1caaa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654670, "uuid": "2c456087-5fe7-4727-9a07-0689b0c5b2c4", "value": "12288:Jf+1Dvo4cW9RoxZfb/WT4UkuZoYvp1WZdJVONL4gp7bnXXf9KEdSA2m:JG1Q4cW9RoxZfzW/ZB1YJw0gJnnJv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654670, "uuid": "4a522071-e149-485d-998d-b897d86b1507", "value": 678400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654670, "uuid": "544e1f19-d25c-41c6-8bfd-9435600459ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654670, "uuid": "436bc349-412b-445d-a96c-d8d7110c5251", "value": "SecuriteInfo.com.Heur.15039.23364", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60472122-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684501, "uuid": "ad8fbda6-37c2-4d6a-aebb-703229c1b484", "comment": "Malware payload (SnakeKeylogger)", "value": "92116c2a95014e01082aecf0be665235", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684501, "uuid": "2248f0f7-8ad9-42af-ab38-829fd8c0958e", "comment": "Malware payload (SnakeKeylogger)", "value": "810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684501, "uuid": "e58cb8f1-d78a-4243-b204-682126c73858", "comment": "Malware payload (SnakeKeylogger)", "value": "86c6e4262292efcaf5d340440a3d33e90911320b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684501, "uuid": "f72b4f76-b6c8-4743-b0f1-1906ca65edd2", "comment": "Malware payload (SnakeKeylogger)", "value": "a591e6e460c6d863a513dfa5688cfb5e51bb97580b2fc6a00bd676ec3c8939817efbc4061d60e44f3e294f3671f8455d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684501, "uuid": "5b74ba4d-a9dc-4a5f-8e08-b2cf5a4a630e", "value": "T1DAC412A40ED68927D65B2FBB500131F0426A57D93503E25B2C4BF0DBBB6578E9D81F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684501, "uuid": "d70ee8af-601f-49cf-bdb5-5f14f60a99f1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684501, "uuid": "bcdc7b48-f974-4296-a33e-6e4248e6dd18", "value": "12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684501, "uuid": "25dbb5bd-feef-45e9-891e-fc4492b2081a", "value": 586240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684501, "uuid": "56c9698f-66a8-42c4-9326-0e6b3cda6f39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684501, "uuid": "acd1355f-c94d-4bc7-91e8-7645a28a0dc2", "value": "Quote List-789000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26210091-253b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689664646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664646, "uuid": "c4ba94fd-afbf-49a7-838d-7393a07fb1bb", "comment": "Malware payload (AgentTesla)", "value": "a52b1e1dc68673081d7b8330f4222736", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664646, "uuid": "2e4f06ad-e88c-47e5-97c7-0e4f43d59bd3", "comment": "Malware payload (AgentTesla)", "value": "813490a4f54269088113cdf7e413b2c9eae7ebdd9a88a51195b324ec6a0fcd3a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664646, "uuid": "fdf538ec-fa97-4686-9d96-648ac610eb6d", "comment": "Malware payload (AgentTesla)", "value": "5df0085f8771d64f6b271deb3d60dc1ca9eaf056", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664646, "uuid": "a718d405-131c-40b7-b320-a61aa15cecd7", "comment": "Malware payload (AgentTesla)", "value": "e4d5c88272f7c139883e9c1c5a7b50270f9f1ea63b176846fc887f4527ebe9f8af019de4d36acd296f27361561d946e5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664646, "uuid": "4337926e-32f9-4338-95bb-d6e806a2df5a", "value": "T1B7057D0B39D02A47E42E427E547C6E6CEBEE910E426FD964342DC2A3B2F664C1D5D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664646, "uuid": "0dd9a1a8-cb34-4b02-8852-65d6ed650da7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664646, "uuid": "5e88780f-7b29-4082-b327-737c471c30cc", "value": "12288:eTZWmjzocUj9sAfoLL5RV+ILgzIkhLxmpDUCyVFGQIut7D2G5JKT5b4j:e1rjzocUaf5/+ILrkp4BUCCz76x4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664646, "uuid": "f4a801e2-493c-421d-a0d4-9b76d70eeb46", "value": 871936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664646, "uuid": "e8134b69-f0e9-4041-bb59-3ad82c2434db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664646, "uuid": "015d8675-c4ac-42aa-9f51-816529af0dcd", "value": "SOA FREIGHT SLIP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16a1532c-25c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689723891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723891, "uuid": "1073e2f8-6bed-43da-98fe-e0ec66384ad8", "comment": "Malware payload", "value": "54cabe95e89d794e769cd158b6cfb9b0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723891, "uuid": "1613efd9-1b0a-460b-bbb6-1538a2857481", "comment": "Malware payload", "value": "820f415a1bbb3c31cf8720845cb47272a66bba699994e51a5304660a1b1a4848", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723891, "uuid": "4dfe9863-971b-4579-818c-d2f9b73aedb1", "comment": "Malware payload", "value": "3d833fbe23df2e575b07462f27885eed5868614e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689723891, "uuid": "2b8cfbd1-3ab8-48d2-8967-d5521cdc4c0a", "comment": "Malware payload", "value": "38ea0d140d673205eaf8462ae1c2c884223b9b3cd4b3e192126a295197d1e141500f7ce885ba29bc02bb63105c55ebcc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723891, "uuid": "e5d723cd-ffe3-46b4-b3cf-75d43af3f7ce", "value": "T106332FE07EC45CD6EA20677C95E6D236263CB5D0CB434B53A93077321B23E9129D626F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723891, "uuid": "312c856a-9f5c-4bb2-89a8-1a8addde9b86", "value": "103b95c97915a7bdf83a665e6d126d3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723891, "uuid": "feedab94-08ee-4311-aa24-b13e19e6f8e4", "value": "384:s27LWZisb6J6bVVbrPsZmUwO2gf70017Dfa3Bp5UTLogWcICOIwFdS1KF2LdB:svDGJIrPsZmUj0ADfoog0tzwEKF2LdB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689723891, "uuid": "df5f2a20-8b60-4dc8-b77b-a9b568dc4363", "value": 52776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689723891, "uuid": "0f1d7ea7-0240-42ee-9c60-b2adca45f7f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689723891, "uuid": "188184e1-e841-44dc-ab62-be18fd5a0c25", "value": "FaultRep.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4c73c43-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663624, "uuid": "1ec4ddc9-82ca-499d-b172-51ba40b47b9b", "comment": "Malware payload (DarkCloud)", "value": "4622988e97b1ebcd9b1e6907516d6cc8", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663624, "uuid": "dd68450a-f8df-45e7-ab9b-4a31e2f41696", "comment": "Malware payload (DarkCloud)", "value": "82349f545e2f4f42e757a693dc96bb73f9f62527849698f83b452494a4cabe1d", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663624, "uuid": "ff857fd5-3b7d-446c-9fb2-146207e3e192", "comment": "Malware payload (DarkCloud)", "value": "fcf6bbe83e0f55b1a43ed602455c87ca7e693cd5", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663624, "uuid": "d351ce1c-1284-4081-b39a-13cd6e0ef549", "comment": "Malware payload (DarkCloud)", "value": "56dbd3bec114afb5d13b9ef4dea23b970f322748cbc596d9ed51d169335bb6a22ea081e40bd435b86ee490d37c950940", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663624, "uuid": "23a81f18-5d02-4030-b75e-954c5ae4decf", "value": "T1776423FDF85025190D5941503C97D935CE2973EA4BB08212382ED174ADECF296EFC5E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663624, "uuid": "ea039ed8-23bc-46dd-9a44-e9c45ea6120b", "value": "6144:epU8PLhAsVJuQDpwKVM3NwF32wft1w0HNj7EwK1fWQlXYUIx8BnFokB6kJW:4PL2szDE36F2grw0tj7EwKJWiIxmoA6R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663624, "uuid": "2d9113e3-3bba-4c96-9ef7-ac0c79990a6e", "value": 313786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663624, "uuid": "8b51146d-7cf3-412a-bd41-23c6d6e675d3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663624, "uuid": "49ae1539-7219-4f1b-b08e-229d88497125", "value": "Sample Image.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dab9c027-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689685565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685565, "uuid": "136df5c2-1eb6-4bae-98de-ff9625017e37", "comment": "Malware payload", "value": "64cff510ec54e1356e7b1c0054ed5660", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685565, "uuid": "92078c9a-46ec-412f-967f-9283dc5f72a3", "comment": "Malware payload", "value": "82f252762260bfa7db81c0a9f35bb5d0162d33b4e7a4149125a1623f02b29dac", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685565, "uuid": "6e61f43a-289b-4751-bb36-e368c259ef11", "comment": "Malware payload", "value": "f087f486538486a149c1443c266165896b90640b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685565, "uuid": "1f210c07-3790-44e8-bd49-8c57dffb703d", "comment": "Malware payload", "value": "c7b5f9c0cc2911262cb40fac512129646e85da7a29a3c9cd960e2de4d63febad7f1908230f878aead87b1defae7fce4f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685565, "uuid": "6ec85ce9-2d65-4262-bb43-31f8879631f0", "value": "T1BA45E003D8049BC3D40D83F47E530EE90F0A6F1AE899B9EB14537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685565, "uuid": "40ae861c-f6b7-4069-a324-43e3fe99c357", "value": "24576:Ktu9V1ZyFw6VtAZyPw6VoipbmcwTA5p8cmuwwzx:Ktu396Vty76VDmjTSmuwQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685565, "uuid": "990b2b93-4cd5-48ab-bd5e-ae21c52b0c2e", "value": 1210880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685565, "uuid": "0315e96a-0cb5-4079-882f-5be30763a4e5", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685565, "uuid": "d4733a78-8d88-4c87-8f52-3f24a745f416", "value": "order list project 072023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1532774d-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662041, "uuid": "b9a6387d-5d44-46a8-8352-dbb5b527244d", "comment": "Malware payload (Formbook)", "value": "802b5fe7efa993985e56f6636c0c8cca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662041, "uuid": "17825cef-f483-4e51-ab07-95a2b4a4eac7", "comment": "Malware payload (Formbook)", "value": "8349d0c4d9914eeb0d1619a23d5bfe062d00f94e64883483d12b0054d27ac376", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662041, "uuid": "eb76200b-ceb8-4630-883a-6866a2e988d4", "comment": "Malware payload (Formbook)", "value": "e53a075410bfa5d505ea6663e2b04adf3dd7ef09", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662041, "uuid": "10512b9a-cc65-41be-90c3-366236ec0f14", "comment": "Malware payload (Formbook)", "value": "cdb30c2a9e4abe35b7edde2b3b865a995963c13c34f13e7d0c89923795f8fc1a83294ed71a1de0305190c239663b97c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662041, "uuid": "57f06090-2dd3-4eb5-8dee-4070d66f046c", "value": "T18FF3025D2141C1FBCBB62BB12D35EE66CBFA85260101574B5F50AF57B8221E2C2AF6C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662041, "uuid": "a63d3b16-219a-49a5-953b-290d3d945861", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662041, "uuid": "e17e1bf3-91f4-4b54-95b9-105a6e18a3dd", "value": "3072:+NzPHk9MpcQbhPjOKlkITN9lgNZXOXcSdfcLP66o3DuxDgKbxjVvdEd63Q21zo+y:+hRFh757TmcNfa2zgDgKdVCQhy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662041, "uuid": "0eed0c9d-ffda-4f95-aef1-d2d764dd1935", "value": 165743, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662041, "uuid": "ab6c8aa7-7669-41a7-9ffc-87ba35c52f6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662041, "uuid": "da232e33-503e-4ed8-96a5-60554191e336", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5d2c55d-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712132, "uuid": "90410f00-ac31-4c44-aebc-42eead2c623c", "comment": "Malware payload", "value": "495a95943dc8a9a595c463dc71d7c208", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712132, "uuid": "79c0793b-335d-49b2-a618-dd4e94b0e89c", "comment": "Malware payload", "value": "845aebecfecdf6c8b8bbaafccb616d3d7dd7fbdaab0cb28084fe16e13fe006b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712132, "uuid": "4c8cec76-ac9f-403a-aeb2-d7a803e6a347", "comment": "Malware payload", "value": "fb5c630616abc1b0ba1b69b00b62a9a5bf974d58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712132, "uuid": "2d01a971-7f68-4fc8-b598-022c717cc515", "comment": "Malware payload", "value": "a56177788d9a4be241fbca30ba9fe5bac087328317bcb1e62a72738b1e69bf95d9f9ca63dd224a335d2a5883735cc91d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712132, "uuid": "15b42903-b4bb-46c3-8196-b1425ebb776c", "value": "T12D05233BDB610513D4244CF0D0D86AE8B33DACB28A7E170636A971F459BEFA905C6CB5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712132, "uuid": "3fd6e7fd-fb53-460b-a43a-d7da5a3036e8", "value": "d03de3cbaf3720f5849b20dcde10fc0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712132, "uuid": "a226d503-133b-45a5-98f4-a0c560eff321", "value": "12288:am9YYCH7KdyIIN846onZLLARURaH22kyxPT1XiOIuxOAWs0nyplL/iSNhHO2Y:am96bVIIm7oRwxPhlInU3Nh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712132, "uuid": "053a03d7-5b07-4b24-a931-b638b5333975", "value": 826880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712132, "uuid": "f6691ff3-b4e9-4d5f-8b8b-1001742d8e5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712132, "uuid": "105bba7d-5d6b-44f2-bf5c-3547971c494b", "value": "SecuriteInfo.com.Possible_Virus.19276.29653", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5e8be2d-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1689661129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661129, "uuid": "162c7691-197d-44df-a886-ecc3d14e2fff", "comment": "Malware payload (Smoke Loader)", "value": "ecb215c449f5f2da3f17322b9e02fec6", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661129, "uuid": "ae15857e-3fc0-46c7-b2e4-1a7e04204814", "comment": "Malware payload (Smoke Loader)", "value": "8468f6e913606e807195d7b49c4bed104e2dadb94a663000f7b173d37f447615", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661129, "uuid": "ea237022-33ea-4dee-92e6-b26da44082f2", "comment": "Malware payload (Smoke Loader)", "value": "5baee7de1f257ded084326bef798c2740e919f5a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661129, "uuid": "8e7bd1e8-2d03-40bb-8c9b-12ae410dc585", "comment": "Malware payload (Smoke Loader)", "value": "c3b84a19c3e2277ce08fb37cd6a63fbad856dd638b8e4364f7d42e03fd304b78afbd60dbd3fd350dd1b39d7043c173fb", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661129, "uuid": "64142249-7f70-4a85-aafd-2a3abf41852f", "value": "T16145E003D8049BC3D40D83F47E530EE90F0A6F1AE999B9EB10537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661129, "uuid": "9f177428-0db1-4420-8b4d-6dce47387693", "value": "24576:vgu9V1ZyFw6VkAZyFw6VNQpbFcwTA5S8cNfnwLx:vgu396Vkyd6VoFjTBNfng", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661129, "uuid": "2268ce11-671f-484b-81c1-ffd42eece00d", "value": 1211392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661129, "uuid": "2358c9f7-82dd-4f4d-b666-ebca4969c1d1", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661129, "uuid": "0515bbb1-3b98-421f-873c-9e038325c38e", "value": "Shipping Docs INV & Packing list I3839.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e34a3f9c-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1689680426, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "042e4183-62e0-4861-86e6-eba41e4ccb63", "comment": "Malware payload (DCRat)", "value": "c156959521629ec4aa8eb6e4247b7745", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "20993d45-ee88-4ead-a3b6-fad2d58817e6", "comment": "Malware payload (DCRat)", "value": "84927410d7cb1695e3a3ceb1289141562cb9de9a6950277fe6a6a4b767f32684", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "2f587f58-9fa0-4ba8-abc4-58b471e6418c", "comment": "Malware payload (DCRat)", "value": "a61dc2c711a24887d6991cb87e51bfd8cf0a7685", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680426, "uuid": "d161e32a-50a5-4899-b4e0-5c8723bfd516", "comment": "Malware payload (DCRat)", "value": "0625cb507a3639a53a1e5728aca7da6eb8116db400d831f108de8b4be41cd251a8e5478c422ccaeb29852666ac21eac5", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "be78181e-1efc-4117-bf7b-61432b665f1e", "value": "T171657B027E15CE51F0591233D2EF455887B0AC526AA6E32B7DBA376E21123B37C0D9DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "92c238cb-2818-415f-a78f-a42b0b9913ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "0a482f18-b48d-48a1-b541-ccf5ef72d21a", "value": "24576:hVH81zg3hnahpfI3B+djy+NOJBdU0EzA49nfZEjJsjP0norXlc5qHNs1J:hVc1z2neIBgoBccMnf8sjsuZs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680426, "uuid": "7d654fbd-9639-4035-a25d-f9abb643103b", "value": 1527808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680426, "uuid": "b1e89b64-0e99-4a90-85c9-37d215b9b000", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680426, "uuid": "5ee34b39-2a24-43b1-8bcb-6e3b6058a987", "value": "84927410D7CB1695E3A3CEB1289141562CB9DE9A69502.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0aee713-2518-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689649820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689649820, "uuid": "88159414-a0b6-430a-8261-16594623009a", "comment": "Malware payload (NanoCore)", "value": "4b8f63977b572956fa48bd5cbf525483", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689649820, "uuid": "7b733d24-7f6c-4163-82e1-b740e04a9de0", "comment": "Malware payload (NanoCore)", "value": "8510b99e4bd38e8adcd3092d7e9a9ac23014efa2a5ff96ad0f971da1dbe6d532", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689649820, "uuid": "1192f5b0-afef-4c90-a459-1e3b44fe245a", "comment": "Malware payload (NanoCore)", "value": "94be8058e7c4db07eed4afd1a06c8e5bf90ddc90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689649820, "uuid": "caa54273-756e-4d68-b081-b214bf4b438c", "comment": "Malware payload (NanoCore)", "value": "8231f789ed9ab7325c178a2ba9d6a8b63b7f23f2ba8341945481cf2e3f3bfef27c9af1276ac9a4d4d7ac8636a4ba76fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689649820, "uuid": "31bc0772-70fb-4e06-9a35-fa4a0499310c", "value": "T1EB05BD2062695BD2E4B85FFA9C1091147BFA5D0AA91EC24CCEC63CEB3577B90C6015FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689649820, "uuid": "ba48cd14-6d7d-4761-b733-d6179edb2388", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689649820, "uuid": "e208f6be-f2f3-41c8-812a-73d553cb9938", "value": "24576:xGuacW9RobGfzW/Z6vRXxoRfNO1ba6p/HGqQ:xGuacW9Robua/mJWFOFaYr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689649820, "uuid": "1954fa71-832b-4d36-8e25-d30d3b179b71", "value": 860160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689649820, "uuid": "94199616-e53e-4a59-8912-aa5873e19040", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689649820, "uuid": "232a4984-8ad3-49b0-bd88-6e5c70d8bbc6", "value": "swift copy of payment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea6ce8a2-2523-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689654668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654668, "uuid": "4238432e-6093-440e-a4d8-b1c4980a95d9", "comment": "Malware payload (Loki)", "value": "ace6314d826a967a542ee19e03dd24e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654668, "uuid": "84900346-1e09-4bcd-a775-df7a92f068fb", "comment": "Malware payload (Loki)", "value": "8615a11492e27f4a2d4b3028ef8a94f179d7e4b2f8d81f3088172378db2e9df2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654668, "uuid": "b61a5c72-569e-473d-a636-95d70bfbf715", "comment": "Malware payload (Loki)", "value": "3c2682192004ef589803950ae50950fe97195575", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654668, "uuid": "710fa7c7-71f8-4389-9ab9-b06a1d64fd46", "comment": "Malware payload (Loki)", "value": "9650e4f45d56e994239be03648f39600a398e7bbd9ccb6ddd9a8bfd050331fae022552c91b03346daacfdd2a631c7672", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654668, "uuid": "00c17965-c457-4e91-ae70-b26a2a5d8668", "value": "T1DBE4E010323C4F17D8BCA3F99560661453F95A1B622FD7888EC37DEF39AAF414A41A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654668, "uuid": "ee329abb-4fed-4ff8-a591-3995b0e3810e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654668, "uuid": "2ebbda94-d7bf-45d8-9324-0d8c634ab11a", "value": "12288:Lf+F8cW9Ro3xfb/WT4UkuZjmX8/Bw7ZJSO1oEMtsWA/T5IURP4CZo:LGF8cW9Ro3xfzW/ZjmX8JQFeEMWB1RB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654668, "uuid": "89fcb121-24b4-4029-af37-8c5e2fa0b2bc", "value": 674304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654668, "uuid": "dd7e7cbc-0810-43da-85db-25a070f28d36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654668, "uuid": "be184ffc-0117-4389-91eb-449d4cbc55f0", "value": "SecuriteInfo.com.Win32.TrojanX-gen.6449.3416", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1830d0d1-251b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689650879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650879, "uuid": "ff98a2a8-14be-418f-81f5-e5c8113672ca", "comment": "Malware payload (Formbook)", "value": "607cca6a1cbfd2f8aa3b69515b706162", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650879, "uuid": "ee2dac72-a38f-48ca-a2ac-e866a6293c34", "comment": "Malware payload (Formbook)", "value": "86d4e06d459d993e94c995dc65bf75afbc4f91386ad7b10a1446bbb994c81d64", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650879, "uuid": "abb48c21-7acf-47e7-8076-7633e3879d67", "comment": "Malware payload (Formbook)", "value": "4a4e5053bed95e0638d21d529a0518270c6d05c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689650879, "uuid": "64484769-29db-4312-bfc6-8102019e4d8a", "comment": "Malware payload (Formbook)", "value": "1195f6d5a2b5c56ba506e4028ffe214cb12ea2ac5895bccfd0b9939240fc2577738120d0a91b209083904f1962f16e9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650879, "uuid": "39f47f48-be80-49f9-a591-6f0dd4a324e6", "value": "T12C44126066A1C06BE4234B31DD751A2BAFE77D260079DB4F63106B987F31289AB0F771", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650879, "uuid": "05b54da4-27ce-42dd-ae50-f76c270f1edc", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650879, "uuid": "86fa32b0-07cb-40e3-972b-badc4ceccba7", "value": "6144:PYa6J8qOUCO4EkeJ1Aa/zEUaaY417XcYYh6+:PYjIUCikAAa/4hUrI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689650879, "uuid": "b12da29d-0d3b-4785-9967-38b956466c0f", "value": 260756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689650879, "uuid": "8bc4326d-1826-4ced-bdeb-be296713fd4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689650879, "uuid": "14b48a34-0bca-4739-a286-159e882db905", "value": "SecuriteInfo.com.Gen.Variant.Nemesis.25368.22016.26548", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f90e885f-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689662423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662423, "uuid": "505f992b-a329-44b1-a9fd-fb56f1c01ce8", "comment": "Malware payload (AZORult)", "value": "d5d3f11ec57ac1722ca2ac9fab41b480", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662423, "uuid": "20f67365-0fb8-4cfe-85a8-033152b6c442", "comment": "Malware payload (AZORult)", "value": "8749c26002857510a8faf45fe42730aaa48bd73cc7f99fd181e776b383729f36", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662423, "uuid": "545eaa94-0dbd-49e5-bc60-94a4152149b3", "comment": "Malware payload (AZORult)", "value": "01afaeee09ed81e9f209899ccb8653ee74005f1b", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662423, "uuid": "0180f44b-04b4-468e-b196-1469f95660f3", "comment": "Malware payload (AZORult)", "value": "a70e037bc9025319f561ba27e9351655555cb114034b2157801c8e0a54911285c7ec46e07e26d977d91395fad041a873", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662423, "uuid": "472799ef-545e-4662-9de8-68e4bab416af", "value": "T1FCF302A763D0D4F3C7B747B02D7B6A63EBE6940A0164A70F6B1076693E265C6422F0D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662423, "uuid": "54727146-70b9-49c4-a245-564bba8cda2a", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662423, "uuid": "d88a4f2b-52d4-47c7-ad7d-93f52427e54a", "value": "3072:+NzPHk9MpcQbnlKmVmoq2JgcMgtytP29vSWjIVloAXLUxg3k:+hRFlcuYksWOoAbUxf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662423, "uuid": "cd0ad683-2967-486f-8b5c-c63c3210e9c7", "value": 166415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662423, "uuid": "7ab5a47c-5d0b-41ab-b51a-22ccc66f9393", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662423, "uuid": "81021955-f245-4251-94ad-5e9f68ab88ef", "value": "d5d3f11ec57ac1722ca2ac9fab41b480.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24f27dce-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641022, "uuid": "3cbf7e48-9647-4f24-af28-b02dab5e35fa", "comment": "Malware payload (Mirai)", "value": "027ea4e4fc8d10193d6f362884551aa6", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641022, "uuid": "af246b2d-f7ca-43fe-bea6-082eeb571f9d", "comment": "Malware payload (Mirai)", "value": "88315bf2427e16943c0ade4fee3ed7f64e7d15c869e57b353e4e525d613b3a22", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641022, "uuid": "cf069fd3-055a-415e-a91d-0141ad6272d8", "comment": "Malware payload (Mirai)", "value": "17c9b1d8305ba57b638f45f885cd3b3226534a69", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641022, "uuid": "112a7123-48db-4825-b4b3-b078fabb58b8", "comment": "Malware payload (Mirai)", "value": "e493711e7cd8ec1534e22210f03110b8558d7c7b7a73a31742946b534116585ffc2338d332e9ec203fc1d385839c9e3b", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641022, "uuid": "9f98e52c-ee26-4cb8-b982-00f147d5ae2f", "value": "T1C7D2E0E7E1B762F8D8F2B870386ADD80F595307B8324535941AFBE81EAA734C5134A12", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641022, "uuid": "31162ed6-7a45-44ef-b5a1-49c7b5dca9b0", "value": "768:bYSoXdJZgicCHD+C98MP7L1YVPb2X2Sx0s6:bYJdJZuCj+CiE7L1APbaJt6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641022, "uuid": "4cfc1b1b-7f7b-47b5-8c45-34e331499c8b", "value": 29440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641022, "uuid": "ac89622d-d067-40a8-9e8d-80d8fa57ea04", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641022, "uuid": "6298d9fb-d03a-431d-903d-9ddb7a851fc2", "value": "027ea4e4fc8d10193d6f362884551aa6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b657021-2556-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689676305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676305, "uuid": "bbc2541d-0056-4a1b-b7dd-c89036e8a76f", "comment": "Malware payload (AgentTesla)", "value": "03a8e7e02b995c25b3959520452c8747", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676305, "uuid": "3a22508f-05cd-45a0-bee6-1ea3be48436c", "comment": "Malware payload (AgentTesla)", "value": "8870531d4e128acc53f46c599578c3b3b6ae82712bfe4a7c008332b4394cb331", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676305, "uuid": "eec1f8ae-4e90-4c79-8f64-a8b064f4fc0c", "comment": "Malware payload (AgentTesla)", "value": "db62184f0a75f088a1ec8f7d921e325263517549", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676305, "uuid": "2cf2d089-1821-4126-a8d0-a664992a767f", "comment": "Malware payload (AgentTesla)", "value": "f5e1ecf3953a8f29adbae3ec54b7df394aa50191d868ed7f8e313cce355e9c80ca9c7a696ae074da14e4337a80f91103", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676305, "uuid": "6ff5db67-df51-44d3-bf5b-465fbde8bc4d", "value": "T129D412163DAB8513D00A2F7BC44022B54392DBCA7927D64B3C8F7265EA1A7CF0E95B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676305, "uuid": "0cc2873a-1f60-4b57-854f-6bd57531e189", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676305, "uuid": "00ea3748-050d-48be-89cd-32a06183154d", "value": "12288:msC5vmAY2kcdbL4EfVAH6l4EJ5jouFO4BjddN+IZ8kcuc0G9M9RseaK4sQIkEOVY:msbN6GEfV3l4EJ5jq4dddNuNuRGi9uen", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676305, "uuid": "fa24ed57-fab1-4d3b-b53d-93c0cf477e74", "value": 647680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676305, "uuid": "c69f5013-bf65-4743-baa1-6f3e3d37a2d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676305, "uuid": "4373ec3a-0e15-45a3-80f3-a98dba71b416", "value": "Sea Shipment INV - Final .20230705001pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b830bea7-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663603, "uuid": "9138173b-afdb-40f0-98fb-1fd4b92c15ef", "comment": "Malware payload (DarkCloud)", "value": "021c932abcc285e8c090b9da98f31d6f", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663603, "uuid": "8ff6fe2f-04b6-4f24-97da-f1aba5620ae4", "comment": "Malware payload (DarkCloud)", "value": "88a6501cd30a7b4d8e78311dd8d5f1ac4849bb92b25a17b8450e45d33f3f6828", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663603, "uuid": "d6f0a67f-e7f4-40ea-9752-9b545d0fe2dd", "comment": "Malware payload (DarkCloud)", "value": "a070a6a23ddaeb850d47ce622a95937884a8ea1a", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663603, "uuid": "2fe26945-15f9-4260-ba5d-6e184a0758d8", "comment": "Malware payload (DarkCloud)", "value": "1be7947b18c895c3411c08c3ffab1c4d961b3921d5bf37c065996a9bfca273aeda3e34873989e07477e121b778ac586c", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663603, "uuid": "b1666f5a-7f13-4272-910d-6f1402a62fc4", "value": "T1D005234BAE0EC86347799A9D323683BE0481E0DFD4B916375682C598AF3C7E06DF5784", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663603, "uuid": "15ae0363-7091-47d0-887b-3dc43cb099bd", "value": "12288:vqA44gf65z9/Q5uvYKwD35ndE58qlfcxSQZQFVMblGPYuSVwgwFatdesZtHg42+G:iEjIwYF3TqlfcZMwVagwFatXA42Wzc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663603, "uuid": "6955619f-906f-4754-b14f-f8de202a9ee3", "value": 804141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663603, "uuid": "ba910ace-6bb7-4a1d-b259-c6dee9e2763e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663603, "uuid": "d23b60ec-d984-4778-a134-f5de68480724", "value": "FACTURA DE PROFORMA 1689.pdf.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9702bd83-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662259, "uuid": "d3000d16-6845-4869-9492-b5632ea9006c", "comment": "Malware payload (Formbook)", "value": "009a24792496f65b834a3b8d2ed97c97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662259, "uuid": "64b64beb-78b8-427d-b527-197508ca73db", "comment": "Malware payload (Formbook)", "value": "88c0a4f198b99be42be456d49cd61731bec58522a81fc170ef44f92296a39e04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662259, "uuid": "22ae1188-9107-40f6-be51-135965044b29", "comment": "Malware payload (Formbook)", "value": "34924a324da597c6df88b1719af7907fd2f6df73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662259, "uuid": "41971e7a-eea4-4e07-8307-01192be38852", "comment": "Malware payload (Formbook)", "value": "7f7bb1746e7ce2e53881e01540629bad2b1247fdb1bea6d9ccb04c4ce35d79284e1ff9fc9b2bece9787a6df96c023ee1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662259, "uuid": "56d2cad2-c7c7-4de9-b2e1-d0dd6aba6187", "value": "T162D4CE39603C8BAFE757CBB6E430115213F017A61AF2D28C8CBA759F3D75724A540AB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662259, "uuid": "cc4b121d-865b-42cf-9321-389848d24d54", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662259, "uuid": "ff9419b8-415d-4924-8c95-f5ef70b5e370", "value": "12288:UcdIYZ9hQfrtgqfyz1gMneWW32THeqI2xg5p6E+qTrQaSejL8Zb:UctYrCqfy0WW327eqI2xgLGqTrQaSejI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662259, "uuid": "4a6c96e0-dd3f-4e7b-9569-e3f87191908d", "value": 614912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662259, "uuid": "8ce60982-1bae-4300-9629-dd2c2c722798", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662259, "uuid": "4a4d3dd9-4ff6-45f4-85e4-63d6e97fb597", "value": "Nossa ordem.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f51628c1-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689661128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661128, "uuid": "0ab45c6f-7faa-48a5-bc0a-fe67d4464d91", "comment": "Malware payload (Formbook)", "value": "5122c5e52b4b71eb8e21fa425e035a62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661128, "uuid": "efa3eb30-1601-4bf8-84da-8d78c0ff4367", "comment": "Malware payload (Formbook)", "value": "890f1ea5f0e86fd180f4767b52a72d81d5f6116b545838f10a3cafe93379c3fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661128, "uuid": "4a4deba1-71fd-4e50-886b-10d89da1ea5e", "comment": "Malware payload (Formbook)", "value": "20cc37a6bc602097bad9a29a523562ba62388195", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661128, "uuid": "cb934285-1cec-40fd-a71b-a68d69eef98c", "comment": "Malware payload (Formbook)", "value": "b95f427492d75e14f0388d177734c9853344a51d21ce3997adc837dd3649cd5bb9dfc65bc5c4d6d009ba4b4690805898", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661128, "uuid": "87210377-d609-40da-9b76-959ea756c5a2", "value": "T1754412486FF1C0B7D1E147333F7597D69BB9AA1234A0670B23905B8CB826261ED4F762", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661128, "uuid": "da0bfc0c-a123-4c7c-a18a-37f2ad121cbb", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661128, "uuid": "5841f81d-d23b-4cdf-8712-46d90b6bec46", "value": "6144:vYa6b5O3+jM5UngXVSfEmeC0GAUcdKobiN2esZmG77Yib:vYJE3+AGngSZPcEobc6ZmoHb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661128, "uuid": "6942627d-667e-4396-85bd-3b7a4bfb63e9", "value": 261158, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661128, "uuid": "e9129f47-900d-4613-992a-9662e455332b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661128, "uuid": "ee43e21b-c97e-47ae-9ff4-ad3ac98f1ffb", "value": "PI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e08938b-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689661170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661170, "uuid": "912f6880-1dfb-46fd-abb0-0085cd6149a9", "comment": "Malware payload (AgentTesla)", "value": "7c026b1f4922240045942711708456f1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661170, "uuid": "6b5bff3d-1300-4894-9b3f-d060b78c453a", "comment": "Malware payload (AgentTesla)", "value": "8928097a04660fb9456f7d2636b848111d5ec160dbdccf57204e09ef704a09a9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661170, "uuid": "ae6a6055-80b8-4a4e-be79-1fc475863c6f", "comment": "Malware payload (AgentTesla)", "value": "ab4fb97be2b8eb89699993a06f08e0ce13d17dd8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661170, "uuid": "bcf7114a-cdb7-45ea-84f0-d02e790ccf2b", "comment": "Malware payload (AgentTesla)", "value": "069028c178886129f9f514880a385c737729c0a7a6698f9c87c286b0ac6d3b7ecabe8aa7d3a41e3b9d9d19b13fdb0b04", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661170, "uuid": "2d113572-6f66-4d6d-939c-0776d1a7c2d4", "value": "T1C7E2C35AE79F02648F8102B3671B0E89A6BDB63DB35155B174AC833433DDC3D426A6BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661170, "uuid": "38a86329-9aee-47ef-9d26-436545e02422", "value": "768:XFx0XaIsnPRIa4fwJMqt/nsg7jeWfO0Hvc7:Xf0Xvx3EMYDlfOSk7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661170, "uuid": "083fa998-50fb-40e2-a985-6dc8fd67c9e7", "value": 32377, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661170, "uuid": "6cd915f5-6bb3-484f-8cc9-86d634d7cac6", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661170, "uuid": "9c067676-de5e-409e-b6cf-ad859825fbb7", "value": "7c026b1f4922240045942711708456f1.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d09aa068-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1689686407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "2253754a-4907-4fcf-893a-c6604de3c515", "comment": "Malware payload (Tofsee)", "value": "c7a2f7b9ea049f89198b1f25ae640925", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "bbf63afa-f814-4718-bf87-a63dc815b2a3", "comment": "Malware payload (Tofsee)", "value": "893eaae1e936f68d1467d13d1c920a25b2aea39061f6edfea4449303e7196bb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "77829650-b958-4c5c-a56d-3f7427e7a79e", "comment": "Malware payload (Tofsee)", "value": "2eadd5ea6d72d26631f9dfea43b6a5e28d47a868", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686407, "uuid": "32c9c9d6-f9f7-42e0-b7c6-1cba24f29270", "comment": "Malware payload (Tofsee)", "value": "3c7fb0ee248d5c6ed07e6b5a6107e8605d2f129ff95203400d476f3085942b16099a5009091076be77b136958a85dedc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "488cca76-20d7-4aec-a239-2c4f1cac9dcb", "value": "T17964724392917D44E9268B729E1EC7EC730DB2508F8A7BEB6219AE1F04B11F6D1B3714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "2a348fee-2bf9-4f89-8e68-97e8730dbb55", "value": "1f46cd2f6fa2b68be3021a7a4bfd8efb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "c108dfbf-9cbf-4d27-943e-17f92193b9ed", "value": "3072:Qytp6speLhx6DGpz0WOGDvzwh6k1Grho2tTMTcGmv25CUkdGFB6TR:Qk6LhxGGyIwL19RwGs5Ues6T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686407, "uuid": "eb412067-4a59-4fb1-8331-0542540213a7", "value": 331776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686407, "uuid": "2c58e3d9-50dd-4e43-ac9a-8171b89ceb81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686407, "uuid": "143bc767-138f-4d54-b128-02e4d1096628", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13ca8877-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684372, "uuid": "c7b67a74-00fe-4ed0-aa38-b8f44135cfd0", "comment": "Malware payload (RemcosRAT)", "value": "b6ead8e6a8ebf20989083e4a6e0f81b8", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684372, "uuid": "fafa0d27-603d-4673-ba0b-a642a7acb909", "comment": "Malware payload (RemcosRAT)", "value": "8996cd3afc7625910ffaa38e25b819d73469c4ba72cd97d6057e698e7b3009b9", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684372, "uuid": "5d63aaf1-2679-4a66-82f3-842830826338", "comment": "Malware payload (RemcosRAT)", "value": "771ca944469475227599a962e548cd22a954050d", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684372, "uuid": "43336326-8ed8-41e7-80b2-fb68c3cc1ed2", "comment": "Malware payload (RemcosRAT)", "value": "bcf8d9549dc0fec8af1d83029e568d743c3cc5008a406ab35ac3770a777de886171e40421afc7d4bb69b509c3e1a2ddf", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684372, "uuid": "43a5f687-43fc-4bb6-adee-830a7fffeddb", "value": "T14E0511D1EB6DB064C9114EF9007C52A512FD3D9FB922FD58621DA0FE9E2394287BAF10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684372, "uuid": "b0191357-8379-4826-9b91-55309c2a0446", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684372, "uuid": "019eac20-6d10-43a3-81d0-c50925ecc48a", "value": "24576:BeurzpIQzQpvUjmNEoHKlk0AYFBhQiXZYG:BeurzpI/pC3lJVLx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684372, "uuid": "184f600d-33df-4f37-8deb-7176e7643f59", "value": 840192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684372, "uuid": "58ec4a0f-77fe-4249-b477-ad57e0c23b23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684372, "uuid": "b7cda487-e9f8-4706-a20b-1120557bd825", "value": "Payment Advice Copy_ FAB_180700023_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a49516f-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689679713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679713, "uuid": "1e65359e-b75a-49cb-ae4a-07e6c2d023df", "comment": "Malware payload", "value": "960a58d3a385c842ee5fb116a4ff2dec", "object_relation": "md5", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679713, "uuid": "7c44aca1-efdd-4ac0-93f3-1172e8325694", "comment": "Malware payload", "value": "89bbfee0d4ea4db205fa44397deb08848bf424636feb5e05e60fa1421228fee1", "object_relation": "sha256", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679713, "uuid": "912318d1-8a49-407c-bd05-abb58b17eab0", "comment": "Malware payload", "value": "e9ccc1f7f10b128f24cbe644b0fcbb5b430dc9df", "object_relation": "sha1", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679713, "uuid": "0681b63a-bab5-4995-8e20-ed2f3568d8a6", "comment": "Malware payload", "value": "df07679f61154f0865abcf4913646c28c197a4a58b494756beee7f1b11c2ab9d6d37a0bd44b83e36ab825114ffac8076", "object_relation": "sha3-384", "Tag": [ { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679713, "uuid": "99f60d24-42d7-4f8d-b819-1d8db299a7fd", "value": "T1CD82AA9D32459B9B5FCDD853AAE89ADFB122DD2E42CC39A3835DB84F05AC093D0D44B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679713, "uuid": "10b74ead-4f8b-4d90-b862-91cbe23a6c68", "value": "384:NGhP8R29QGmd/oXzRQ06qeKmJBc5ZW+4j4ynztIwuzIv:NG82mGCodTWKm/6c+a4qQE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679713, "uuid": "b61aa21e-dcbf-47c8-b51c-90c360305f23", "value": 19149, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679713, "uuid": "bb70cd30-bd98-4186-aac0-ae032cc12b74", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679713, "uuid": "a8dd1a11-2621-43ae-b5c6-04201ccda89e", "value": "_C1588F250B5541A0A271F1D110EB0255", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71aa4a21-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663485, "uuid": "bd106b10-f85a-47e7-bed5-2f9356323fb4", "comment": "Malware payload (DarkCloud)", "value": "2d2d2d51c9dec0a7811ff8ffc4827689", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663485, "uuid": "f57b19bc-a317-4522-a366-9dd0ef3a6bbb", "comment": "Malware payload (DarkCloud)", "value": "8a0c61f29aa2697e44a61977bc06c3cf4c2bd8228ebc0fa00ac057b7375ff2ed", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663485, "uuid": "afa30594-1e32-4657-9204-3d4b138bb92f", "comment": "Malware payload (DarkCloud)", "value": "ebf524dbe0a9adec78fca81308574a26c7c466c6", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663485, "uuid": "33d0f302-ebb7-4fe4-aa91-7af4cc778005", "comment": "Malware payload (DarkCloud)", "value": "8fa33065f804bcc0ae317f9a7d49e1274b99294235aa00541adff45a6536936ad27079145cb04abe3d5a1c03fdd4e5ec", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663485, "uuid": "ff351617-8128-47cc-b333-c5c3867ca36d", "value": "T1E1941275F6D0C1F7E59981B245B92A661FF28323946CC40B0338EB94B5375B2626BF42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663485, "uuid": "e6352185-cadc-4f77-afe3-d524d86ef7df", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663485, "uuid": "22656410-4116-4f58-98b8-1f0e488666b0", "value": "12288:pYbyIfr4roCQxOCz0oPcujV0qtaGSTv8mY/L:pYbRf8r5zCz0oPcAO27SomYz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663485, "uuid": "cac345c7-0a59-4075-b3a5-4c67f1a2be09", "value": 436229, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663485, "uuid": "fe3eeb76-99e3-413a-8753-81ec97438c0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663485, "uuid": "1c81cc64-1458-4755-b819-f771ed68c508", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c460571e-2598-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689704855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704855, "uuid": "ee0f4412-5969-4b36-b40d-5d31ed12b5c9", "comment": "Malware payload", "value": "ee8e198bbfa8155a84a12dc412461939", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704855, "uuid": "8c47e95b-eadb-4eaf-8665-67ced0a13595", "comment": "Malware payload", "value": "8a7fdf431ee50660c8846ead9cd6ca2e7f9855e2ec150565f0e336f778c8418d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704855, "uuid": "338e3ad4-361f-422d-802e-62629ee88656", "comment": "Malware payload", "value": "63d5ed2c2241564e3f6c860887a3c652c1fdf472", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704855, "uuid": "972437bb-549b-4e2a-a4b4-303e00f82216", "comment": "Malware payload", "value": "b907bb314d13ffeea8ec834eb2404c11b66805bb44078d355b77a7797f92508d87ae93e1284380a2469f2faf0868ff9a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704855, "uuid": "b4f561a2-b42e-4bda-b28f-4f9f47de1c4f", "value": "T1E81523EC2F77102BA3F4A470E1E2999E1BF8F46A41311ED005E7FB5486AF56C445F22A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704855, "uuid": "3a2aa6c9-3065-450a-b5b8-64fbbcfb5449", "value": "24576:lmvOSPDUPkxHOFhXuPcu/l9RV3S8SHCCT1fj8qJbkd:lm7DHKh+PfN9D4ii5jTw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704855, "uuid": "fedf4ec0-86c4-4d42-a363-42622ac353f2", "value": 880802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704855, "uuid": "f70f196a-2a4e-4520-9b90-e061de3b3c79", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704855, "uuid": "0896ed16-03d5-47da-b010-5708299aabb8", "value": "Detalles del pago.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc6736ef-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689664147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664147, "uuid": "718309c4-b880-418e-9256-bbf624daad94", "comment": "Malware payload (AgentTesla)", "value": "b5a21bd46973e36c0fd8e0187547d5e6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664147, "uuid": "421a07e2-e41b-4880-88d4-367fcfa8d636", "comment": "Malware payload (AgentTesla)", "value": "8a8b2c88b95ccfad7225240dda7ad984f068987500ccfe2cadcab357f0fe46ab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664147, "uuid": "bb1cbcb9-926a-42f4-9397-3e61cba42869", "comment": "Malware payload (AgentTesla)", "value": "54e6318ac7d79934f293f08209ec0c3b224c893e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664147, "uuid": "0b5eef83-92a8-4f0a-80a4-0228b47bdbd1", "comment": "Malware payload (AgentTesla)", "value": "5802be4ad7f218980dd8e5c758af3c3cdf035025559875848639e8a809229c7c22bd47358d55f2d22b401fb4b4422882", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664147, "uuid": "19514c09-0cd8-4a99-9bad-b1e1bb433482", "value": "T10EF4F110722C8F17D9BDA3FC9124661453F56927616FC3898EC33CEF35AAF504A52A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664147, "uuid": "8f1fb2d5-8de2-4677-8a03-a168861c5b91", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664147, "uuid": "bdddeb47-6e58-4bb5-ac25-7984ead20553", "value": "12288:nf+dlcW9Ro8sfb/WT4UkuZEx2yuqQIdXq1TfuDmuWO85jRDw14C81hmno4:nGdlcW9Ro8sfzW/Zo2yf9WfuDmuWhDwH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664147, "uuid": "9058b4d7-2c9e-422a-9999-348b739cce8b", "value": 750080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664147, "uuid": "da84ff9e-7564-40b4-87b3-dc2d96615102", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664147, "uuid": "d5a583db-ffc4-4e90-9cb3-ffdd9dafaea4", "value": "Shipping documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a644ce6-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684383, "uuid": "f7320175-0fc0-442f-bb24-1543ddce0ea3", "comment": "Malware payload (SnakeKeylogger)", "value": "c12fb918ce3aec104d05bee3829b957b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684383, "uuid": "08f43f06-03a2-48fc-a97c-1e2114dea571", "comment": "Malware payload (SnakeKeylogger)", "value": "8a8dbdd76d8797ceb381340c441af6d1e2d4c6f55cb0583c2677d1371be74a33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684383, "uuid": "895109ce-dce2-421a-bb83-c88ba5d66628", "comment": "Malware payload (SnakeKeylogger)", "value": "d111b0c4c1e815c8bf182f920ee2cf8ff4c280fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684383, "uuid": "668fcbbd-3425-42a7-8f35-0158eced0001", "comment": "Malware payload (SnakeKeylogger)", "value": "6a691811edc921412854362357f318f5ddfac29f72657ca41eafb505ecafc3b8777ace97add772afc3612326689e93e7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684383, "uuid": "48e767c4-e9a7-48db-8e78-d7a810bccb0b", "value": "T1DAC422042DF4EA37E16F1F79400532B162670AE47525C66B1D4EF1BAFF5AB0E8820B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684383, "uuid": "fc62806b-3413-42e1-9302-6c44ce4b0306", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684383, "uuid": "cdc8d7ed-de5a-4ddf-a5f4-07eae35d4988", "value": "12288:gmAY2kcdbL4EfPJ/9vfsThbgPKCVw9xpHEdXyfb0F9eoIO:FN6GEfPJ9XukVw9LHEdXv9e4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684383, "uuid": "2e6505cc-303e-4c88-9408-94d69e795646", "value": 586240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684383, "uuid": "205e50ea-44c1-4278-9b83-d3b06595c991", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684383, "uuid": "15e79974-284d-4a03-b276-a847353a4792", "value": "AMS FREIGHT DETALII LIVRARE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b151aed-2545-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689668950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668950, "uuid": "83e16aca-3af9-4bab-8dc5-7ad548b3ddd5", "comment": "Malware payload", "value": "4aa5e32bfe02ac555756dc9a3c9ce583", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668950, "uuid": "8951b05a-80ca-439c-bae0-74d91b30787d", "comment": "Malware payload", "value": "8a9235655b1a499d7dd9639c7494c3664e026b72b023d64ea8166808784a8967", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668950, "uuid": "ebfcf4e1-defa-47cc-b72e-484703ff1967", "comment": "Malware payload", "value": "50b52a46ad59cc8fdac2ced8a0dd3fceeb559d5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668950, "uuid": "5bbaeff0-f521-4e29-889c-aa3187380cd9", "comment": "Malware payload", "value": "3561bd2f880ce90c8188b4a4122771f7d84d5b3415c5d7acbeffb9b1dc551964c14d56a5e7ae75ad71cda9e45d95f315", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668950, "uuid": "5ba2955a-7b9d-4dde-b017-4072d877e4ec", "value": "T13253FC88765071DFCC67C876CAA82C74AA6074A7531BE34BA05316FD9A0D9DBCF190F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668950, "uuid": "5b147aef-83ef-4193-9c96-a22dd7f66c65", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668950, "uuid": "2ea93ea8-ea32-4f2b-a8c0-d0d4ec91dbc4", "value": "768:+vfLyCdU0puufOIK1Nekmd52a3bCnP2PmxeETwM:+3LE0pu59ikmdYebCnO+xeEsM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689668950, "uuid": "d39c7de3-3a38-4ad0-88b0-81c8564bc256", "value": 63488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689668950, "uuid": "502ec143-6647-43b2-bdd2-7e2bde7e9b7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668950, "uuid": "c83c1bd5-d32f-48fc-bf27-136c80bfc662", "value": "SecuriteInfo.com.Variant.MSILHeracles.40131.24759.22053", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b76b6a7d-2521-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689653723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653723, "uuid": "869cc58b-1df9-4db9-af00-35baff11e154", "comment": "Malware payload (STRRAT)", "value": "26da342748aa3edf5a5cd07053bf2a13", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653723, "uuid": "2d7de652-fe4e-4a6a-9212-09f047bffe88", "comment": "Malware payload (STRRAT)", "value": "8b235767d5a49ed7fdcdc6964f6c0f2cd9b389e4f9de7121814c9947796ccf28", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653723, "uuid": "e15e3a93-1c94-43d8-861b-961d8025192b", "comment": "Malware payload (STRRAT)", "value": "1494b07921135f27ddac809c4d3eccc44ec1b857", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653723, "uuid": "f767ccf0-c8ba-4818-931c-e82c968ab284", "comment": "Malware payload (STRRAT)", "value": "d323105b69b45fee808d246ba1a45acb26deb3763360d44c313e6fdec647e4ce436abac46ebe93461d64ce678a5d2e97", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653723, "uuid": "417b7f3d-05b4-4b6f-9972-891064d8e74a", "value": "T1F963F2EE15B29338F957C8FDB051C83632448E94F79AD8576BB8D05D29307C24B48B9E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653723, "uuid": "4a86359e-66e3-46c8-97cf-e9742a2703fa", "value": "1536:AupCj4pmcCR3a0aEIt1cFpEF2HyWM9/1EB9yZhg1UDuO4tgj0e2ktxa:AKhpmHda0pucbEF2gEBihglOw20wa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689653723, "uuid": "78558f25-c4a1-4bb8-beec-7947f47ae7f9", "value": 72319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689653723, "uuid": "0676fe5c-c002-4db4-80c9-03dc83be486c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653723, "uuid": "bfad3a8d-436f-4330-8b19-3378f351fa8f", "value": "PaymentAdvice.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7ee8a33-2581-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1689695009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695009, "uuid": "633f68c2-bd41-40ac-94dc-abb044218e57", "comment": "Malware payload (Rhadamanthys)", "value": "5b4e9c25ebf1d7e5a91e85be8c2e4594", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695009, "uuid": "d3632ee4-7eac-4e73-88d4-755cf8ed67fe", "comment": "Malware payload (Rhadamanthys)", "value": "8be2a3d913c8851bffa0a682c9fb393d614a108e142344987ff9c8712d48c8c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695009, "uuid": "58352673-f34a-41ba-90ab-d72d1bf4afae", "comment": "Malware payload (Rhadamanthys)", "value": "c970499928cb585afca8bd215625afe18ffda098", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695009, "uuid": "df3e0265-40c3-452e-b002-adb9ee393c36", "comment": "Malware payload (Rhadamanthys)", "value": "37cf7e9217df2adc321ce2cbae41396c196d141db2ef49b1f3c978cfd2c64d06ea2da8301217054204e7f1a0a111a1e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695009, "uuid": "378b80ed-758c-4a5a-9fc7-d02df2be72d5", "value": "T1A824BE4A63E420A6E4BA53B558F642875A327CB19B3986FF12C4D57E0E337C0E532B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695009, "uuid": "43382ce8-09b5-42f5-81de-64b70337dd02", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695009, "uuid": "76c7273d-1b14-4c19-ab12-5d7b325495e4", "value": "3072:1ahKyd2n31a5GWp1icKAArDZz4N9GhbkrNEk15+gkcu0EcDVsBST:1ahOap0yN90QEWqqD2k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689695009, "uuid": "477fc54c-a526-44ee-a2e7-f78c902c5301", "value": 217600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689695009, "uuid": "b82d628b-ad10-43e5-a191-4713b95313f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695009, "uuid": "20f39ad1-2a3a-4db4-93c6-138357a1775c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31a6e3c1-2524-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689654787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654787, "uuid": "9658f33b-8c77-4b43-aacf-25893f68d6cf", "comment": "Malware payload (Formbook)", "value": "d25144113d589199145f36f955130cf7", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654787, "uuid": "9ba19168-0544-4f01-b489-7bef105ab505", "comment": "Malware payload (Formbook)", "value": "8bef9464ac422885b5b20a734c625cb6ed73ea3c06a88db1f844e987702896d1", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654787, "uuid": "708ede3e-7312-4367-bb77-e0c3502f411a", "comment": "Malware payload (Formbook)", "value": "bd90d58b0bbe5671606244870c5a209d40278289", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654787, "uuid": "c8b3c43d-ea1c-4dcc-a107-1d63d87385b4", "comment": "Malware payload (Formbook)", "value": "ff0b487cc9d3c372466e38e40d91eea7bddd944f857fe63488eb68e2d407d6d6e523aa55b7bbe1378fcebc1053ea2e3e", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654787, "uuid": "26fe729e-5b94-420a-8615-8ade827c8a9e", "value": "T13245236642AF0663D4E212F51691FB2627346F418016CF693FCEFD48F7EE2825762227", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654787, "uuid": "ff31f3ef-0dbb-424a-963f-a4f4085262dd", "value": "12288:wfb/WT4UkuZb7094jPiJfTnH8kvjyqsXcyqSJgMFg6JNYRiNxt1l7P4:wfzW/ZbNgTnHfZsPqSJlg6Jestv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654787, "uuid": "fae360a6-d6c8-4574-aba8-5ae4578025bc", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654787, "uuid": "5d58dd09-95b6-485f-8666-7819c1e5d254", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654787, "uuid": "81db7da0-f332-4812-aca9-b51b4aacbb9b", "value": "nDHL SHIPMENT DOCUMENT.IMG", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a2f47a1-2540-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1689666774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666774, "uuid": "50dda2ed-72ee-4be7-9c39-c016e9bd1ff8", "comment": "Malware payload (AsyncRAT)", "value": "2f8a3dfa7e89ffc2fd4166dc2db5bbe7", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666774, "uuid": "b8126c4e-a2ab-498a-8801-8fd27ff26ef1", "comment": "Malware payload (AsyncRAT)", "value": "8df2fc7eab6cc0ca190d0ffe2e58956727a8cd614ba4e7f361904f4ec0416762", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666774, "uuid": "6a95e74a-3070-4b71-9755-32a5d8da6c1e", "comment": "Malware payload (AsyncRAT)", "value": "9c4d2840e5e000c6b44116adc6241b9f31e35af9", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666774, "uuid": "eaf4d88a-2fff-475d-a8f6-6c8d1bfcd3a1", "comment": "Malware payload (AsyncRAT)", "value": "286140eaa2e62f1491b28d32bf77f3895d29a86c44d2b784478f56fe683cafd1a59a4cda8e4d5e30a1938023cf23c780", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666774, "uuid": "89abc6b9-482d-4fcb-a5a5-45ad41bcd825", "value": "T11E654B456A9C0AF9E8A68138D811C537E67BFC320F20C66F13DC7A572EBB2905D2E751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666774, "uuid": "d318bf93-9f77-4d8c-a17e-b3b8699cc16e", "value": "c95936a7ff606d2f9826be1078f01c5a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666774, "uuid": "d7950900-99c6-4de6-bf3e-d1771d2e2c58", "value": "6144:hkdT8kRK5AnIEyfjRohRqINPhFWi5gXhm9+utCeU4:SdbmAnYtouEhRSi+KX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689666774, "uuid": "248dc4ec-7fca-447d-a124-5f7c88dd6502", "value": 1461760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689666774, "uuid": "d0d445f8-1088-40b7-96f6-e1a46c97d64c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666774, "uuid": "6ac369da-e7e8-474c-9f8f-69f4fa62685c", "value": "2f8a3dfa7e89ffc2fd4166dc2db5bbe7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "582f738e-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689685776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685776, "uuid": "69b66789-9659-471b-98ab-9ce7f0816db7", "comment": "Malware payload (Amadey)", "value": "7bd87547abe694ea73c8cc5c4ad142e1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685776, "uuid": "dbd40c8c-f0af-4993-8462-aaba65919b7b", "comment": "Malware payload (Amadey)", "value": "8e6c08ec1ca5a8b0e5817eb7d07c526a20804925c4c4b8bc94ce28ad3f6abd56", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685776, "uuid": "94431ef1-11e8-4021-8274-9625e672124a", "comment": "Malware payload (Amadey)", "value": "fc2dd14f3d0bd26bd0dcdcc04fb27d7569f0fa9e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685776, "uuid": "81d17a6f-6cc1-414c-b26a-8c133dcda488", "comment": "Malware payload (Amadey)", "value": "e199fd1f872c01c4b2fea1b9d5377dba3c30724ff2016e24e7ef88d1de00ffa05bea3f6adf5863adb96b4db5706fcbfb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685776, "uuid": "4fdbda5a-37dc-40d5-8bda-d26e1fd9c753", "value": "T167B41253E6E44132C8B02B7459F623830B3ABCA1993893BE2752985F5D737D4A53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685776, "uuid": "56b3fc98-f145-4a24-8a02-7f0d7e5b3171", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685776, "uuid": "ac45edc7-70b6-40e0-ac88-8ded09dc2694", "value": "12288:fMrly90IOW2B8Roq5ZzZJVPOmM4fZqRMyu2Ax:6yrGQRPOmM499h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685776, "uuid": "bd5e1324-4a96-4846-a669-a8effd2f775a", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685776, "uuid": "d3437978-045f-4375-9524-d6533287d8d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685776, "uuid": "525b515f-1f97-4e1d-a628-119800248252", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e2ac9eb-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1689684524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684524, "uuid": "03716ceb-b351-422d-b6c5-7345bbb8a3de", "comment": "Malware payload (GCleaner)", "value": "6621f60b12d7ad6a9b1434bc157ab2d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684524, "uuid": "1b78d2ff-d05e-416e-8fca-91ba7dd465cf", "comment": "Malware payload (GCleaner)", "value": "8f4c1ec0371f704f03a7d822156d38c2d227a986d331a5c403de5b555161b2f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684524, "uuid": "dde1c106-c124-48b3-b878-d82cabb6236f", "comment": "Malware payload (GCleaner)", "value": "5a32d433213061ade1cae7ae33ad854bb6ba68c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684524, "uuid": "46e99bf8-db22-4f88-8383-4a78540e8ce9", "comment": "Malware payload (GCleaner)", "value": "e3847932ee70d3fe31fca8866a42c882db00ddaf5171c2782c1040321db9b0b910f593aed3992a645e9b9783176a8ec3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684524, "uuid": "8698cecd-ca5c-405e-8b09-71232a13bcd6", "value": "T1808533A352F9117EF0B68EB45C35C2119B63B8BA7F20492C326D5ABD1F4B1D980C53B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684524, "uuid": "ca6fdb73-6004-43af-9542-ba1a44ebbbd3", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684524, "uuid": "b47dde0f-7ce6-4144-9689-f9739866c842", "value": "49152:v2YLzy5qY6ki/4e718rgeUg+hAgzFSKMzvn+p8sbB6:u96kigeJre1+Wgz4/j8B6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684524, "uuid": "61998cdd-59b3-4248-b877-4520677afee3", "value": 1753819, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684524, "uuid": "e87c58a9-d41a-49be-be6e-68e74d6c6129", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684524, "uuid": "38beaf27-4680-4882-aa70-22f0e77cae4a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "959b8d6d-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662256, "uuid": "3a4a2313-e932-49a4-8194-35e045cf797f", "comment": "Malware payload (Formbook)", "value": "26c05324ea257351d8c9416dd6397bc8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662256, "uuid": "6bfbe81e-9239-4e10-8662-321954694894", "comment": "Malware payload (Formbook)", "value": "8fd2d9faf25aba59789745ef7ff598c4394240738712b25286bb887d1c963c0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662256, "uuid": "fdc5d50a-2abf-438e-a631-67dfec8adb7a", "comment": "Malware payload (Formbook)", "value": "e5373cb41812ed3384b58e817faf6905f8802a97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662256, "uuid": "f660711b-e4ae-4a25-afb6-22d211b53740", "comment": "Malware payload (Formbook)", "value": "77a92891076f7ca5e005893353a0619e8e1ecd1ad3d50c8a42a8dc8b7fe246e33d372b73a3f57258d52292cc633ef377", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662256, "uuid": "d5798b35-b581-4d37-a60e-7f094eac5c77", "value": "T1EBF3020D2370D8FBE7D912716DB316A6EFF56A2920604B4B5F41AB8736A61C3CC0F216", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662256, "uuid": "5cc55173-6d0d-4361-ab4e-b3c6fcd6efab", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662256, "uuid": "a0d5a702-8b76-4240-b6d4-ec47eabd987d", "value": "3072:+NzPHk9MpcQbYExUX+po/VohS7kn696JiiT3E4P1IrRCDBpXiCgDGG1NSaxH:+hRFH+XZ4+Qw6JZ3EZajXKGGvxH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662256, "uuid": "89ecb382-9492-43cc-bcc5-53d3f7fa85f9", "value": 169067, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662256, "uuid": "9bf5f04a-3b26-4514-aa74-162242ab53c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662256, "uuid": "b4f2e40f-ae4f-4a67-8d61-c5aef30981d7", "value": "E-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a19236cc-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686758, "uuid": "9a5b85b5-e3f0-4c8a-b111-c233b450083b", "comment": "Malware payload (AgentTesla)", "value": "81f3216baebcf184942d243662a0cd25", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686758, "uuid": "0042ed00-330f-46e5-a5a7-f192afabbe78", "comment": "Malware payload (AgentTesla)", "value": "8fd3fe63894b618245c1f7ae22b1c53e7a7fadfc009bac8de2c33b4a53e75a05", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686758, "uuid": "80e11397-c660-4a12-8663-ed49dc107a9a", "comment": "Malware payload (AgentTesla)", "value": "60eb433c1a41df7aadd5a49f121bcebf2112d2e9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686758, "uuid": "b7d70a2e-6573-46c7-b327-1bdde1b78a14", "comment": "Malware payload (AgentTesla)", "value": "2e7a68c56c922a3c3bdff517afaf45894df5ccfd26d5e7bb67e8e45909385db572679c9d7ea213bd26a89d2a3d68bb57", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686758, "uuid": "ec118be9-97d8-4710-b4d1-a81b6ef8c9b4", "value": "T157F4F000732D9F17E8BC63FD9510561453F56A57616FD7888EC33CEB39AAF604A02A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686758, "uuid": "57cd38d6-c0ac-483b-b2be-823a56c9f1af", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686758, "uuid": "b261b37f-ed9a-4158-ac8a-52be56a0e74b", "value": "12288:Gf+hpdCYcW9RoNgfb/WT4UkuZAAMldvDEq8x1DyQzedY+LAyCBLGXoVG1HTYZOGR:GGbgYcW9RoNgfzW/ZAnvyxo9Y+EyGSjl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686758, "uuid": "bac77316-a506-4164-b63d-79f9b85b9364", "value": 750592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686758, "uuid": "4d1402a3-4373-49a9-bf27-8652bf42237e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686758, "uuid": "fa162229-42d8-446e-871a-5ca7237a3e32", "value": "81f3216baebcf184942d243662a0cd25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4dfb7dd5-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662566, "uuid": "2eb0c0c7-2755-42ad-932b-1ddfd5306be6", "comment": "Malware payload (AgentTesla)", "value": "121508ff5373c507d3fdc4f252c7973e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662566, "uuid": "6fa99a1b-d80b-4b40-9221-8cd57ca1224f", "comment": "Malware payload (AgentTesla)", "value": "906c7bdf9ca68d10957368925fd95cf364e469d56bda4926c64b1753df33724a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662566, "uuid": "8a814405-c731-4811-92ed-d38acc4581e5", "comment": "Malware payload (AgentTesla)", "value": "d864db1c0127b99fb1e5b3d3edc73df634a25a78", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662566, "uuid": "cc3a5d8a-4618-4655-ba45-6ed69aeec985", "comment": "Malware payload (AgentTesla)", "value": "5bc5b256f5d34d316c14c21a4c46c38b1059f9775ef8e71a7bc297dca8ce1591300c7f9ebe0a53f922502344fd513062", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662566, "uuid": "d6103642-a5f8-4f06-a4d8-846ad4aabdf6", "value": "T1C6C423DDBBB140414EAF629763DF1ACA01E5F736710920076C6AECF1B99D8BAF9C8144", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662566, "uuid": "27753053-2c23-45f1-84d8-2b8c05c12491", "value": "12288:zE/UPs8o/jeb6s9dNzxMPqzChWiAGkseVUki8p:g6s8oQf9bxIqm0iAGkFBia", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662566, "uuid": "6584c958-4ab1-4404-a139-800ef7984a39", "value": 570720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662566, "uuid": "912373f8-0f8b-4878-9739-096b8225fb11", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662566, "uuid": "8571ada1-4984-4657-a0bc-38262ed712db", "value": "invoice and PL.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "272f6126-2545-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1689668943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668943, "uuid": "717d3d20-5a4c-46c7-9465-d8e9fcc837e0", "comment": "Malware payload (IcedID)", "value": "3dc36afc6ab6c830f7b6ee9348392c2d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668943, "uuid": "a1738c71-6001-4691-b5be-79935c99f09b", "comment": "Malware payload (IcedID)", "value": "90be1d1908fae05adff001fcffc24bf6a0230f428e886f28bd0e19492f8c3721", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668943, "uuid": "c199691c-e585-44a9-9a03-44062c5c69a5", "comment": "Malware payload (IcedID)", "value": "3a2791466f5e6fda1799f6508e5477f6a18a883a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689668943, "uuid": "d999b612-d913-475c-8efc-bffae5fb0fe8", "comment": "Malware payload (IcedID)", "value": "2b4228003724d6404bb9ad6b86f2757a812932f80919b3bf207c34a02ef9c18cc5757292f608ee36c13fd6980043f9ea", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668943, "uuid": "b84c68f5-169c-4f50-995d-d26fbd5d3fa5", "value": "T1C6D3494E73B9505AE176937D8A924906D7F2B8200753CBFF05B193BA5E27BC0AC39760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668943, "uuid": "ab33c68a-c52e-468a-b32a-a033e57c5abb", "value": "150c026d59899221bdd1d565da5f91bc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668943, "uuid": "4a836d7a-90e2-460a-a117-1189971a625a", "value": "3072:ni/QhtPjMiqUyqEBzJvl+AKetjEA0e06OHFEGuWk4c:3DjMdFJvUbuWkl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689668943, "uuid": "1a8fd5d4-4e9a-43b4-b2ac-9c4298927553", "value": 138761, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689668943, "uuid": "6c47dd83-b1af-4ce8-8348-4071927a7921", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689668943, "uuid": "98a5c523-d890-4d48-9c00-cce5556b7b2e", "value": "03fdbbbb.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ee4e8c5-2559-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1689677680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677680, "uuid": "1e5faddc-14f5-4eeb-9b83-233f5353a737", "comment": "Malware payload (StrelaStealer)", "value": "7e94906a24ad210fd638901b9751ca93", "object_relation": "md5", "Tag": [ { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677680, "uuid": "771a7c2a-eafa-4669-937c-44ef659d2da5", "comment": "Malware payload (StrelaStealer)", "value": "90fdd5813bf115673f5220b77dc68f450cac9f467700b6f1abaeb5260ccd771b", "object_relation": "sha256", "Tag": [ { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677680, "uuid": "81eb5144-130a-4aca-a073-11d05b66ea0d", "comment": "Malware payload (StrelaStealer)", "value": "7fe1a4a9252d6e75679129cc1c860c2240b84217", "object_relation": "sha1", "Tag": [ { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677680, "uuid": "921d8e95-479a-4395-9b46-2d5468705e0f", "comment": "Malware payload (StrelaStealer)", "value": "f3578dd4476d1e849997aec86316f15a1d03693bb3826101621ac996afa69861be644774eba949a0b048aa1152a6d9d6", "object_relation": "sha3-384", "Tag": [ { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677680, "uuid": "f5e41bf5-51b9-4e27-9fc2-c4011cdae75a", "value": "T129C412A90E27E7E4AD5F11823981329B0EE3C4529D46DE3424F6A1BDDD07BB30CB5B91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677680, "uuid": "49b5ce18-ad51-4a64-a8e3-f2868576da56", "value": "12288:rZfzh36Y+RHGYsYovkBcuLRLltMw6+nhToD:lNqjHGxYokmuLRNtuD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689677680, "uuid": "45e32ffe-5dfb-43f5-8eb1-096d32604990", "value": 576848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689677680, "uuid": "018d15ba-ab3f-40da-b54c-86b3aef01487", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677680, "uuid": "8b12994b-b18f-4259-bd30-165ba67cad02", "value": "6639950729836.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "391902c7-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689685294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685294, "uuid": "86aaacdf-6d2f-4282-a259-196cd3082252", "comment": "Malware payload (AveMariaRAT)", "value": "97727f878b0cc9ee19bcbd21947c4952", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685294, "uuid": "535174e9-1c2f-4df6-89c8-e4d4bd9ccbf4", "comment": "Malware payload (AveMariaRAT)", "value": "91125b626d89755f79e2e87675a0d61fcd0109f8b7293b72946930d1d0bbe388", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685294, "uuid": "6f1e293a-4d70-4e53-b784-42853eaf30ea", "comment": "Malware payload (AveMariaRAT)", "value": "81a72193db6d1bc14eb7935e16c6d641fe0e9bf0", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685294, "uuid": "687fda04-251b-4fb6-b657-6b42aba26012", "comment": "Malware payload (AveMariaRAT)", "value": "44c4fbba0c565852cc82cc3031b3bf757fcee5a56fd8eb7ddaff170cfc7358ced471ec24c3ef8efa38c171d0a7306b2b", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685294, "uuid": "b71bb950-a467-454a-8e02-0006444cd66c", "value": "T1A7D2C52577BC0A2BE6FE57F45A61111037F66A663722F3DA0D84B0EA05F278D0243B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685294, "uuid": "1ae05595-411b-4613-a6d4-186ac43477ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685294, "uuid": "f04b294a-f376-4511-9ea7-5a76d7a1296c", "value": "384:e7clKyHKcjtj7yesES5giBO8LM70+EEGgHY8xzmc/6gAf:eglKOexr508B0mc/6Jf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685294, "uuid": "4293296e-f6b6-4887-b715-575b48366f73", "value": 30720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685294, "uuid": "aa1806fb-ce86-4154-8ea0-4d6bf536e0e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685294, "uuid": "908bad3c-e56a-4c83-ba56-06313e74f7f6", "value": "rSTATEMENT_OF_ACCT2023JULY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6767c0f-257b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689692376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692376, "uuid": "1f47ea12-3f4a-48b6-a1d9-3ab74d2607af", "comment": "Malware payload", "value": "4107a02fb898ab0edcda333ec5352fad", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692376, "uuid": "b6e564ba-442d-4022-8e2f-c769be90ec50", "comment": "Malware payload", "value": "91c2b65aad28b716023add3f92419548cf244d3b6b6322449f09376969ab821a", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692376, "uuid": "447718dc-7303-49e2-aa17-00778f214550", "comment": "Malware payload", "value": "0f4a2d5e85893e0fc42f45a76dc5e68da5b1ec09", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692376, "uuid": "2cc912c7-a534-47f7-824e-f5d21147cdb5", "comment": "Malware payload", "value": "d8315a110250c4a9cfd600666a2755bba094b529fa1777f3b5fd6d8d45e636cd55e01d1e9a5e84ae02e1655fcfa8c0c7", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692376, "uuid": "663e00d2-effa-4beb-9f4f-a801073353f6", "value": "T10AD4AE5BF7C7FAB0E6BE867A82B1851C527774520260A78F674072896D23392493DF0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692376, "uuid": "9add70c3-7351-4d9b-991c-0891eb6ecd53", "value": "a31761b5a590c4c499d5f4a347d75c12", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692376, "uuid": "5e0dc9d5-8de8-40b5-b715-6d89ab3be393", "value": "12288:En/zDvGHAykHSzLW/4+8bzbBSreMdgLOFTkavgFK/UqWJ:mzbGHAzHAjX1pakEcLJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692376, "uuid": "d65dc0ca-41f3-4bb1-8306-3b7f5d67a08e", "value": 655872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692376, "uuid": "876782e0-b1ce-4cbd-a2e9-8966bdf509a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692376, "uuid": "99fc1307-2777-448a-a670-6094e65af282", "value": "4107a02fb898ab0edcda333ec5352fad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7382055-25b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689718657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689718657, "uuid": "bf75e96e-30b6-49c8-a165-eb3e533b0f67", "comment": "Malware payload", "value": "6595d664baff3054f79b3308034fe679", "object_relation": "md5", "Tag": [ { "name": "anti-debugging", "colour": "#697EBD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Microsoft", "colour": "#F763C5", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false }, { "name": "phish", "colour": "#06C62B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689718657, "uuid": "024e1e06-d01f-4ab3-baf5-c109fe536b60", "comment": "Malware payload", "value": "91d067a84456b0e3a9d3f33996c8e6d339f73fda62301185298c080f9e5bfe4c", "object_relation": "sha256", "Tag": [ { "name": "anti-debugging", "colour": "#697EBD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Microsoft", "colour": "#F763C5", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false }, { "name": "phish", "colour": "#06C62B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689718657, "uuid": "1e257f8a-02f6-4f12-8a9a-0477a4919379", "comment": "Malware payload", "value": "6f1676ebd0ea7f331957c040e36bd38179076d3a", "object_relation": "sha1", "Tag": [ { "name": "anti-debugging", "colour": "#697EBD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Microsoft", "colour": "#F763C5", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false }, { "name": "phish", "colour": "#06C62B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689718657, "uuid": "d156e81f-9a8c-4ecf-a22f-65499b93256d", "comment": "Malware payload", "value": "0d5ff945d520219348f7777c0f335046fb9b0d4e85676710ba12a0a2dd5d193993677b8e9910d1b9c1780935a234112d", "object_relation": "sha3-384", "Tag": [ { "name": "anti-debugging", "colour": "#697EBD", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false }, { "name": "Microsoft", "colour": "#F763C5", "exportable": true, "hide_tag": false }, { "name": "obfuscated", "colour": "#0E3395", "exportable": true, "hide_tag": false }, { "name": "phish", "colour": "#06C62B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689718657, "uuid": "006c4975-d4a8-420a-99ba-6f9120c4e214", "value": "T12943CF3101892B644F908C3A607DC363ADF2F6B7EA06EB46717FFD78A6EAD4C5145089", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689718657, "uuid": "e2f4e14c-5c7b-4c32-afd1-5cf3067da2e5", "value": "1536:+N1JeS6RXu1mx1tw+SHXb0FLAIGFBCjI2tOEP:geS6RQ+S3g8CjImP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689718657, "uuid": "e1ab30a3-aed7-4831-b9a6-5a36ce22907f", "value": 55875, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689718657, "uuid": "25669d75-1b24-4efe-8bf9-56940805c460", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689718657, "uuid": "321fa12b-0173-4be9-b30f-4d8aecd5189f", "value": "microsoft_phish.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8b2d99a-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689664141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664141, "uuid": "ce77f097-30e3-440d-a5c9-ec55323eb658", "comment": "Malware payload (AgentTesla)", "value": "9a92588a8f9b77c6de1d0290c3b81af3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664141, "uuid": "488532af-5a99-4116-8119-09d8d7de35c1", "comment": "Malware payload (AgentTesla)", "value": "92bb3c0fffc15ea8cf121bde2e27f5792a4710f5141d6e93f0e211959db01a88", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664141, "uuid": "65344c3b-bb9a-4841-b0fd-28ece20f48cd", "comment": "Malware payload (AgentTesla)", "value": "c5d7a1cea60749cd3580d6f4517b9a1207b5c40e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664141, "uuid": "28523261-48b4-4f5b-bf71-4a33a512f580", "comment": "Malware payload (AgentTesla)", "value": "869b7f689b252450581f48dd7d6882597e13a40d8fa2ffc712b6eb54dafb5b3a2fae8b164f03488856070270ca621190", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664141, "uuid": "496b1164-70ae-407c-90ed-55d72d931d24", "value": "T160D42369772BDE0F96005B49D58A272DFFC2D970CD2A83E3D52409F9D267AC8873B112", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664141, "uuid": "ce7c7023-5644-4f37-8f7f-d4a4115942a1", "value": "12288:WX0KRjQEmqGyQIrXcPD91vmiO1LDW1So81hEYSDKW38w:WXIEPV7sDbp+DWUo8cjKW/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664141, "uuid": "d58818e2-57a0-4bec-badf-f1eebcac7a4b", "value": 616952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664141, "uuid": "589a44d7-e762-4c13-9428-60092e91da70", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664141, "uuid": "7e40c95e-f6b4-4245-b2b9-9eeac2b3f770", "value": "Shipping documents.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e9dcc4c-257e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689693625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693625, "uuid": "33688d56-1682-43a0-9add-70d5d25ff790", "comment": "Malware payload (Loki)", "value": "3e284ed96af78790e195f0332fc871a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693625, "uuid": "8852932c-42b8-4a06-a982-9c622b9f45bd", "comment": "Malware payload (Loki)", "value": "939aeb001b01eaef754f7bd08dd070ff6266a75106f4e05414134a054ca17467", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693625, "uuid": "406e2858-2f0c-41eb-8b81-e826b41cebaf", "comment": "Malware payload (Loki)", "value": "10de167f867cf5d90329419b7b8d2b1ed62b32d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693625, "uuid": "bc929b83-2ba6-46a9-a6f2-1e73b8b1800d", "comment": "Malware payload (Loki)", "value": "9a60b64b00ca60d5e899a5fd4cc88f533ab4b7b8cacd37a41b0f69677d467b922efc66d8adabcc6069af70b304e19e5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693625, "uuid": "96377fbc-dd48-44a0-bbe6-59838c74c38b", "value": "T13FD49E21E2A06437C0D216FD7C0B46789C26BE51392D5A46EBE5DC4CAFB83B1F51A1B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693625, "uuid": "78e4ae85-3a18-4723-a810-e1240b20f8e2", "value": "15f7c759e835cdbc95135c1972c420cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693625, "uuid": "2398ac72-0d15-4fd5-b3b6-55d43b04ffe0", "value": "12288:5sUML1/s5tVs5NApy6EUowkbTInbeon2CD1:izLimARZsT2eonJZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689693625, "uuid": "415f7667-c0d0-4d8a-bf1d-d4746c4558c4", "value": 601088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689693625, "uuid": "e9afb726-c427-47ff-a4a8-163dbce01e63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693625, "uuid": "5c45701c-bc94-4565-af86-5d7f5d8d189f", "value": "HEUR-Trojan.Win32.Kryptik.gen-939aeb001b01eae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d18c94b2-251c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1689651620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689651620, "uuid": "b190dd28-1741-4eab-9472-97f89ca0843e", "comment": "Malware payload (CobaltStrike)", "value": "3aa02a07fdced15af06de0886c39d7af", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689651620, "uuid": "acbaabbe-9da2-47e9-a345-96d462e007b3", "comment": "Malware payload (CobaltStrike)", "value": "93bfdfde9a2f2cb9d8f3ff79dd0a04a1fae35c6e769316f5e911c9ab168d2d3c", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689651620, "uuid": "876de5d6-3a9f-441c-940f-b91d6d4caf2b", "comment": "Malware payload (CobaltStrike)", "value": "331005eb772647d577a25809e13bbaed6fd98de9", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689651620, "uuid": "e992e610-63f8-4530-9900-03253128869f", "comment": "Malware payload (CobaltStrike)", "value": "dce166de568474306eed5da1df65163b734fc0443ca504657be59f6c7bdd3709f09c11addd251ac3554ab429c95c38fa", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689651620, "uuid": "9a2443ee-a030-45a3-904b-1a3ce529ca9a", "value": "T1B2E14C5ACBD891B1ECBF0732A893531089B4D6085D6BDB6F29C865077F2F7180E527A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689651620, "uuid": "c5717475-99a1-4d66-92dc-9d38909bfda5", "value": "96:Pxyaaa3FBaEJ7Tx+ssYSaFaSgQuYEBsmJnuWhchzlpLzNt:pysaEJmgdgjYEBHnthcnpN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689651620, "uuid": "b20d29d3-386a-4828-b68f-193938b13940", "value": 7168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689651620, "uuid": "91bd7b70-2939-4972-94ce-7f81c9a581d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689651620, "uuid": "c3ef76ed-6b54-4412-aa22-0a5aa364de99", "value": "3aa02a07fdced15af06de0886c39d7af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96b864e5-2524-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689654957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654957, "uuid": "5f0e8fa1-94a3-4669-a8ed-3ccb3b622537", "comment": "Malware payload (GuLoader)", "value": "4c657eec9af70a8027e1842c7effbe9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654957, "uuid": "819a6179-20c5-452e-859c-b2c86c324d69", "comment": "Malware payload (GuLoader)", "value": "93ed7e400500fb1e4be9421400e42ddab0b5cac500929f28bab9fee0c8afea00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654957, "uuid": "00e48838-5798-40fb-9569-4f67e0488233", "comment": "Malware payload (GuLoader)", "value": "e37ff77323fe993dda213813246bd0184fe59142", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654957, "uuid": "756227e9-b30e-4ea7-9313-fafca27b8dbf", "comment": "Malware payload (GuLoader)", "value": "8bb8c0b7875e3ff5f9015a31288fb25dc9f9fe34b9ae326d25482a12ff892d3ca09aebf5e4991c61769ccca6bf31355a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654957, "uuid": "bbc25937-ecaf-4f8b-abde-5d1f563803a9", "value": "T122F3011632D1C4B3C7B70A741E7E2A69FBFA56150406075B67E19F4A7A36283870F3A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654957, "uuid": "5af6687f-b7bd-463e-b51a-f9c4bdd77b31", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654957, "uuid": "d6af6774-4077-4036-8942-c9f5005c96ac", "value": "3072:+NzPHk9MpcQbe0/tU8VmX0KvW8fSPi/mrjubLJ986/J0k+wgTePEGAkjoD+XFgKc:+hRF5/28VmvvEiQEJ986KNTePEN1+1g3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654957, "uuid": "75884bad-3677-4f3c-8647-7a07eb9b9385", "value": 164022, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654957, "uuid": "115ed441-3158-41e8-a066-fa57d7510279", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654957, "uuid": "44ae819f-f1f0-460a-972b-ab47676453b7", "value": "rFATURA_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee82fd87-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686457, "uuid": "efdd23d3-5792-42c8-b589-16c6e1003c01", "comment": "Malware payload (AgentTesla)", "value": "35c0b9f6859720c011ed999524d1e8cc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686457, "uuid": "23c324c0-f18a-41d8-9c68-ba4ae5154100", "comment": "Malware payload (AgentTesla)", "value": "942ef672b6f7e6f67a1d4de06e8c25bdb316a74c27ab4602d0ef01c33c9c5e36", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686457, "uuid": "3203f049-3860-47e2-9bf0-ee54a1db4993", "comment": "Malware payload (AgentTesla)", "value": "eb2ccec805828ac196b4c1d3367fefe5342242ec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686457, "uuid": "cce80629-a728-4fb7-8d13-a5238ff2f136", "comment": "Malware payload (AgentTesla)", "value": "8c731ed12087e91e0494277d6ab9afa32a89c4fda1825cb194e862b042bae25c7ddfa629e9ef50cf07ec1b21debd00bc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686457, "uuid": "7f360db8-d2a2-415f-9b14-eaeca3a7b352", "value": "T1E9C4CF7C503D87AFD717C6BAE030214223F443662AF2D3CD8CBA65AF7EA667491544B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686457, "uuid": "4b2284fa-43d9-43b2-984d-4ea5a348b9d8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686457, "uuid": "0bdb8a49-cbec-498e-ad96-6470875fbc69", "value": "12288:05ljNODmLZ6THJeqvJJiM+IPUaAFntwDcz4SqTrQaSejL8Z:0/NOD0ZEJePwPUaOO2xqTrQaSejL8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686457, "uuid": "0e30d7c0-e2b1-48e1-af53-d3a433048260", "value": 573952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686457, "uuid": "636b4114-e4a4-4ea0-93da-78d0d265665d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686457, "uuid": "0929a590-56f9-46af-9348-abfe5d307a94", "value": "35c0b9f6859720c011ed999524d1e8cc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c5af503-258f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689700842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700842, "uuid": "ef647d0d-a414-489c-9a4e-43287e5f1827", "comment": "Malware payload", "value": "a272f470bcd451a90d37870b4f55235d", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700842, "uuid": "9030d26f-adf5-400e-b141-12977626c27f", "comment": "Malware payload", "value": "94a154e17819374c909d1e081a6032cf26b622f916ee6a59f8d8ddce9b50f901", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700842, "uuid": "d71ea770-7b53-4c88-998e-b1cf56532ef3", "comment": "Malware payload", "value": "64748535e6ec3cbe2b1e5c0c2c97eb768b65f6ce", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700842, "uuid": "8e7615e1-c96f-4a50-bebe-a7df6b42fb93", "comment": "Malware payload", "value": "5c3ed23af93dda9df888065162010c1cc2b3f1bb676b062ae190e64392839f14b15fbfedf07d9cee48f7786b2e68374f", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "banker", "colour": "#5CE45B", "exportable": true, "hide_tag": false }, { "name": "FakeApp", "colour": "#D5FE4F", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700842, "uuid": "06a12ff6-c6a9-4675-be4d-8266f0780e9b", "value": "T1AC173313F6A4950AD0B39332697725B671350E28A35362B2B04C73F9BBF7EC49B085D6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700842, "uuid": "239f98b8-ba25-43f1-b6a7-9b752318e35e", "value": "393216:4zkF7O4P49K6MnFw+wIGY7og1I99RGKl4JquaQ+pBXYbQe/hzvZlsbD:4YF7/PDKD3Y7Lc9RJqnUXYbJzvZlkD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689700842, "uuid": "9a98c306-97b0-4fdd-8296-1ebdbb8c7d73", "value": 18515138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689700842, "uuid": "820f707b-e701-43c8-b6d7-f859b8c73c21", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700842, "uuid": "5202b0d8-5d25-46fb-94d8-de6ef06879ed", "value": "GTA5-v1.08-apkmodget.com.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15bc7cc7-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689640996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640996, "uuid": "59cb4bce-1f7a-450f-99bf-3b032635580b", "comment": "Malware payload (Mirai)", "value": "b4806be5a33be987c352fcc1d658f603", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640996, "uuid": "d4459ad3-ea4c-4190-93c6-c5cf42196de7", "comment": "Malware payload (Mirai)", "value": "967337d44658aa1a9af84d7f797b77716d9a575a169a5d4cac2ad961590e23da", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640996, "uuid": "42c51b55-7418-4967-9d92-38a1f3b02263", "comment": "Malware payload (Mirai)", "value": "69ad6482c43963f010cc668981ac881fe6052cb5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640996, "uuid": "348db86c-664b-4d49-ab26-b4495e050ca0", "comment": "Malware payload (Mirai)", "value": "c40d63c7c13395dd37cbe84148cb811cf81379f2f5b60ce5c064bbde7e72576d3078dac3f238dafc7015a632ce14b241", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640996, "uuid": "6799d558-e6ef-4ee8-8223-7dbd12a038c1", "value": "T13133026257AE29E251B08777BC33BC1A669C17F95C77309A2CF0661977C18064FF2286", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640996, "uuid": "7b3b9908-f1ee-4716-a0f7-52afe7f03045", "value": "1536:s9O/ZMAXIxNUk074rLcPqF1aBexo4opKZb7:s9O/ZNKyf2LGqFUFW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689640996, "uuid": "f2253f55-3755-4e81-b20f-eada608ba1ea", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689640996, "uuid": "8613e40a-a232-4e8d-ab04-5729c0db6137", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640996, "uuid": "f65a96c7-2736-409d-9e5e-15c2f063b504", "value": "b4806be5a33be987c352fcc1d658f603", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e59e4d57-2597-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1689704481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704481, "uuid": "4fb2d05a-d1f7-4b41-8ea2-b44da7a4143f", "comment": "Malware payload (Cobalt Strike)", "value": "95a7f1a09575c0a96f479ba25c132b25", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704481, "uuid": "9d5f2aeb-7677-4bfb-b1ca-f0ec99c17fa6", "comment": "Malware payload (Cobalt Strike)", "value": "992f98e70bc5bdfbb7c2c2f3250caf97f831619ac56f0aca3f67dccdb923f94e", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704481, "uuid": "dae4d79d-b0b8-4604-b31a-87f5ae8427c2", "comment": "Malware payload (Cobalt Strike)", "value": "83da8180f9cc3726715b1e64cb711b4bca8e458e", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689704481, "uuid": "d61435ba-ba40-4c02-b27c-f2caea99cd09", "comment": "Malware payload (Cobalt Strike)", "value": "b794e158381bc149094e7738bec11de7a4aa7b810aadb3924ea2cf77d261ac2f094874f714d40f907b5a4b0a569217f0", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704481, "uuid": "89d1a8f1-acaa-42cc-9bbc-cdc1e01b4b19", "value": "T1F9445916E165DCF9E81EE0F482565561BD3A7C840B31FAEF16B472322D37AE0AE3D244", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704481, "uuid": "d11d08c7-8f23-4c05-aa25-3291dd488779", "value": "6de6115f20bca3362af8264a13983232", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704481, "uuid": "afecf49f-2e90-49a4-8777-55a87bfadeb2", "value": "3072:p+ypGi24jaWfcKVNfGqNfMBCZ+6984iaKmLCz0YkxZf5SM+sQ:Ey724j3Xh0bjuCzZgvS3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689704481, "uuid": "b69b121d-5433-4059-b894-f630a4c4efbf", "value": 259584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689704481, "uuid": "638ffc11-80e0-412f-96df-a2ace0d13f49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689704481, "uuid": "ff5d05b7-773b-408e-94ac-1ee45abdd9f9", "value": "992f98e70bc5bdfbb7c2c2f3250caf97f831619ac56f0aca3f67dccdb923f94e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2be1b803-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkTortilla)", "timestamp": 1689662079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662079, "uuid": "7284a49a-33b6-4ebe-85be-a6895ede87fe", "comment": "Malware payload (DarkTortilla)", "value": "b426ef331a63d00073020ba56ac398de", "object_relation": "md5", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662079, "uuid": "7e0d5ee2-c362-4a46-b0c3-8210fa250e73", "comment": "Malware payload (DarkTortilla)", "value": "99acb4ebe95189fc0aa25ce10af9d5fe2c009aecb6fb5dfe72ec1ca54cc1a021", "object_relation": "sha256", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662079, "uuid": "a957b0f5-461a-49af-83a9-2ea71a579b26", "comment": "Malware payload (DarkTortilla)", "value": "97785ed279407c913a3d977020495dfe5802da2e", "object_relation": "sha1", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662079, "uuid": "4ea65688-b743-43c9-b767-48fcd1b6f19d", "comment": "Malware payload (DarkTortilla)", "value": "0f5f086ca517867c0b63db9026ebdd8154d28c63ba1556811c1b6bb8b3d48858ba895305da6db734ce737af6b98f6287", "object_relation": "sha3-384", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662079, "uuid": "fb8a60e0-cf4a-4c6d-b82e-922654877893", "value": "T10335291DB2D5D992D9267238D42580B02BF06CFAD251E45B38DC7F7738713C12CABAA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662079, "uuid": "d01944ea-8acc-4787-94e6-04520a577f89", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662079, "uuid": "46f0c899-c232-436c-8468-cd32c2b6e394", "value": "12288:HZ+qnwSg/ECh9jnVaFlG1rrSsQRiDQJUQm5mqvG3xxVFUEl+1pl:8qnzg/xDYorEOQWmwGhxVFUk+1pl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662079, "uuid": "cc07d729-6cf5-453c-8691-934a91d1dee5", "value": 1072784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662079, "uuid": "2bcb2d04-a9d7-4535-9265-4fc9a78492da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662079, "uuid": "b553a632-f968-41be-9278-b1e15f7a7a5c", "value": "DHL_Express_Shipments_Confirmations_KBJ202314049.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dc93452-253a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689664176, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664176, "uuid": "6c25c0d3-7204-46e2-b75a-8d36ad893808", "comment": "Malware payload (GuLoader)", "value": "caafec374594c5b93a986bc31df97f17", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664176, "uuid": "c9a8780b-1061-44cb-95b1-373e193e3c1d", "comment": "Malware payload (GuLoader)", "value": "99db3b5192d77a3db297df19db4e486c3af98416b0c023720fa2f3e88d6086cf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664176, "uuid": "ac6f10fe-4a0c-46f6-a0a1-bd3013127b8a", "comment": "Malware payload (GuLoader)", "value": "8c2e069e2f715e6172492e1009e64009dc8b2558", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664176, "uuid": "6ea47878-92e4-4504-a344-d5eb67eda822", "comment": "Malware payload (GuLoader)", "value": "99de7d7b73eda04387e2132569776e602cf5daab070621ead47d6ee1bb4bd5b0e23f8bf2db0c5c5ad21a51c84b1ac52f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664176, "uuid": "df20ad27-78f2-4e24-8924-fe220f5697e0", "value": "T1A394F11A3A51D667D2C10A70ACB9D7361BB07E283D91960337D1BFAF3E35BE5C50A1A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664176, "uuid": "ee91ec4b-bec0-4d57-b6e0-71fbfbfc5fc4", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664176, "uuid": "f1500dd5-74ac-4d49-96d5-b121ebac16b3", "value": "6144:NPXoDQpcUz+TfBDma1bXGBZnvjFh64S07Qfy6JdRpNWMv7PW62swd:NWDfhWBJjF6aezNWgPJ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664176, "uuid": "1ddee828-2e8b-4ef3-807a-b55a822b800b", "value": 412256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664176, "uuid": "ce2efef7-ed6f-4aa4-81eb-cc66da61894b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664176, "uuid": "1df28dc1-782c-4c7b-a0a6-4a69fb042af6", "value": "caafec374594c5b93a986bc31df97f17", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b41d4e3-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689685351, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685351, "uuid": "626a582f-ad28-4549-8330-11145250f30c", "comment": "Malware payload (Formbook)", "value": "8b1af984fc26e45feaf0aac62544de57", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685351, "uuid": "95c485cc-ed82-402a-b193-e2ee04164d5c", "comment": "Malware payload (Formbook)", "value": "99f691c398ce3639516875cdb250082980bd1c63e9045b6b60325e96ba3182d2", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685351, "uuid": "9979e541-8cd7-4e57-937c-779752671cf5", "comment": "Malware payload (Formbook)", "value": "98576afd0d3a60d07f6be5efdf4f23bcbe97b7de", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685351, "uuid": "7a4487ff-c49f-435b-b40b-b9651daee3c2", "comment": "Malware payload (Formbook)", "value": "ffd2fe636db08768caf33d9eb8ad56b831e23b9e7ff46411d152973f74d49950a47910999a0cf915d237343e4b26440a", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685351, "uuid": "29658028-f716-498e-98b5-d4b1a66c81fc", "value": "T1B61423C4E4CD54F9ED847FBD9059C6116E056A820421925BE89CA7C388DE4EF37BF22E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685351, "uuid": "13461e9b-5a1d-4ee5-8960-60cc4ad88f11", "value": "6144:WZNoLT1TQs+KP0/ebDZetP1oQMnlTub+d:iST1Pd3DZ0MnlCI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685351, "uuid": "136f426e-eb08-4ebe-8ea7-30dc706a40af", "value": 203540, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685351, "uuid": "0eb92068-89a0-478c-a873-a96968aebd4d", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685351, "uuid": "b9e028d8-26a7-4737-8af1-c4ce441b26e1", "value": "nIMG_2023718_0018.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c61b4f85-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689686819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686819, "uuid": "e942a45b-2aea-4523-9270-348345b969d9", "comment": "Malware payload", "value": "aed387c2000a4a37308a90431ddf9070", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686819, "uuid": "7c3b7425-f4be-4532-b507-5636989b898a", "comment": "Malware payload", "value": "9b1195da0384083aa583b862ca6f9c1397c5ae162f15576d37ebd40dbbdd1e73", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686819, "uuid": "9535b6f2-e72c-4e37-80fc-0a4b1023b0e4", "comment": "Malware payload", "value": "7a94e6c33ac6d0d3a0f548c63c79d1ae3868b222", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686819, "uuid": "439981af-c291-41fe-b0cc-583d1968c8bb", "comment": "Malware payload", "value": "7eea534496ea52b6ece1066d3772bb6ba80bedb993eb0fc747ede0b02c695bc028d0915b20224efed7221f8a45e2e17b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686819, "uuid": "d5781ab4-5d6e-4eb9-b5da-1e81c9f0f495", "value": "T19703175AE79F02A48F4103B3671B1E999ABD723DB35154B134AC933433EDC3A42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686819, "uuid": "83e0268f-df33-4dc5-97bf-d2c695c5f95d", "value": "768:lFx0XaIsnPRIa4fwJMOc8MT+zDAtA1qwYo5kIQB1kmVwJAhv+bQWMbXC:lf0Xvx3EMOc8MT+wO1YIQ7kl++bQJbXC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686819, "uuid": "9603bdc3-9895-440a-b523-a264910dc86a", "value": 38036, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686819, "uuid": "c04ccd92-ec58-4757-ab2a-23a5bcdcaeb4", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686819, "uuid": "f5519caf-e428-46f0-a3a7-2dd4669ae3ae", "value": "aed387c2000a4a37308a90431ddf9070", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e5fb0a3-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689640984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640984, "uuid": "84506bf7-e875-4940-84e5-3bc470d1a0f9", "comment": "Malware payload (Mirai)", "value": "f0953c96a7b52d374ec485db265ea7d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640984, "uuid": "f252904d-2978-4ab1-966d-6ee5e871659f", "comment": "Malware payload (Mirai)", "value": "9b299bea505a65fb54dc0924c87a0e4aff5ccfec0b1f123b593451252bd72aa4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640984, "uuid": "d9f119d3-38f9-4c0e-9756-526d1469abc0", "comment": "Malware payload (Mirai)", "value": "482a9802665c2f00f18e3f89fa18285c79810bdc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640984, "uuid": "39482169-6ae3-4d0c-a480-8c8009258aa5", "comment": "Malware payload (Mirai)", "value": "f20e7facb58f72754ad69b8df9abd24c830ab1fdeea5eaf2f8dc80e6bccb69c077909d12cffeb63ea876f08a806a3aa1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640984, "uuid": "715459ad-ba13-400b-b2bc-19b7c2122034", "value": "T14FC2D13096AA2CB1CB500532E7B857C57A530F7DFAEE2890124097BB7982C452EEDDC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640984, "uuid": "843f7f26-cc07-4191-bb0f-c07906e05d92", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNE0fIyTchymdGUop5ho:A8soTAZ3alkXLvFh8nNE83ws3Uoza", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689640984, "uuid": "1b75adc3-7859-4dd6-9a83-8887aef16ebe", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689640984, "uuid": "a3c8012d-5c6b-4242-b8be-82dd1bcd89a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640984, "uuid": "81c0ac7b-83dd-445e-a666-7f7a16d3b5ab", "value": "f0953c96a7b52d374ec485db265ea7d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9147e0a0-259a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689705628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705628, "uuid": "f1eae584-bc7c-4949-9e9c-76f86c37b243", "comment": "Malware payload (NanoCore)", "value": "981225f6a4ff1147ee075cc5336250ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705628, "uuid": "28508572-ac8b-448a-99d9-e448c4a1d14e", "comment": "Malware payload (NanoCore)", "value": "9b8a796bf8ad5cfa6f9faae6430ed652538433b25f68be842c673cf343854bed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705628, "uuid": "1a6a10d8-e404-496c-ba9b-cc3116ed7898", "comment": "Malware payload (NanoCore)", "value": "73665a35469dc812494e9e4e7d388d44583139e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705628, "uuid": "ef7b92e6-daa6-4b9c-8194-6778c346305e", "comment": "Malware payload (NanoCore)", "value": "725282c9a6a8c6fc14efaf4363f7c7f7846f94700d8fe2c9ebb4c48a4d788b6716acaa2656fa291742086d37f5e7035c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705628, "uuid": "8ea705ad-7ff0-4936-b07e-99e655a668cd", "value": "T16505F11036298F63D8BD67FD9110555853FA6D5BB12FD3448EC73CEB3AAAF404A01A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705628, "uuid": "b83e4555-c7f6-4b76-953a-5361bd544e24", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705628, "uuid": "99e6022c-ad09-48b9-ae90-aaae090a0704", "value": "24576:aGf5ScW9RonufzW/Ze0OjuZIHAa2uZEDin:aGRScW9Ron2a/8nEIHaHu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705628, "uuid": "5fb2a19e-54b2-4ff9-af5d-61b91ba2e80c", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705628, "uuid": "7f68d673-097e-4ee6-8ed6-f5f29fb62f31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705628, "uuid": "d4ec28ce-f12d-4dcd-be04-0eba854053dc", "value": "PAxHJCQ6s4eo2l8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16d95aef-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689662044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662044, "uuid": "4da16ba7-7630-406f-adb0-500148a2b4df", "comment": "Malware payload (GuLoader)", "value": "691d1f97904703c50d416f2f533f0c08", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662044, "uuid": "9650140b-095d-44ed-b9f8-5c0a9e6fd24e", "comment": "Malware payload (GuLoader)", "value": "9c23bf8227f31da7ef679f4baf41239dd7774df662cf4d78f4b8b3de88981776", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662044, "uuid": "586d3586-9c5e-4500-890f-84264949719f", "comment": "Malware payload (GuLoader)", "value": "e06ba81ffe751eba60378e0e220bbfa1ede12cfb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662044, "uuid": "a5074082-d916-4835-9f67-af5da29c6d59", "comment": "Malware payload (GuLoader)", "value": "c608c83e1f89098b73d4db221c42c2d4675005e10cec3eec42f13b4c5eca75d7e5f887bdce16c6f6e13ac549e01dc291", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662044, "uuid": "84e3d0f5-0ca5-4c37-b89c-6afc4ed5bd5f", "value": "T13EF302662AE0D4FBCBB64B300F7A6946E7F48629110113AB87803B557D336D2AB1F5C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662044, "uuid": "179c5dea-ae9c-4bc8-9dc5-b994a042224f", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662044, "uuid": "9b8e9435-ad0a-4a9d-bb17-2f654e086a90", "value": "3072:+NzPHk9MpcQbtL7oU7pYpgQCW+OXTb0Kd5c0WPAXGbrm0G+3tmv7:+hRFqU7SUWdn0KzBjGm013tmD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662044, "uuid": "04208476-e091-4a6b-a9d2-ade7ee546bb8", "value": 163002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662044, "uuid": "ffacda2b-597a-49cf-8665-308a697db35f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662044, "uuid": "a59fefcf-91f3-45b8-a15a-9eb86de7f372", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c207e8a0-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705281, "uuid": "7fc8b536-6f48-4fbf-b2d2-a4382dc6a7d5", "comment": "Malware payload", "value": "e2c27cda7c9dea983f8ffe47598cb346", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705281, "uuid": "dd768fb6-9be5-429f-b644-6f652c47512d", "comment": "Malware payload", "value": "9c246e7215d89accb9b3dbb1b048ea7f9127f85bd2735768aef8912878df97aa", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705281, "uuid": "5a5fc9c1-be34-4ab9-b8f9-55090709bece", "comment": "Malware payload", "value": "258d1ea5714b14e4938a1f00fd2c2e313c2d62c9", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705281, "uuid": "ff69f75b-3d1f-4630-bf4b-2ae532a0f2cb", "comment": "Malware payload", "value": "e7451465052a61d48bd6743fd142a875e39791f71c5f4f5d78c2ead48ca99ede3bfe8e0142ae713fe4fb7d459695ccb5", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705281, "uuid": "b0f5d010-fbff-4d53-9662-2e8da061d772", "value": "T12603B867F85CC716C44120B3285748C7ECFD8986903DE7A2F5ACBA3239942F867E6395", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705281, "uuid": "4a889a5d-3fcb-4138-b33f-52765c60c763", "value": "768:wQjqVKpLhZDgGOloKlxnuwpCqVfoZHkM8YYN:3jqVgPgGOLxnNC0foSMQN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705281, "uuid": "0849017e-82fc-472d-8091-87669c24530f", "value": 38604, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705281, "uuid": "fde3de59-2e96-4db9-b30c-5692e274e6b5", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705281, "uuid": "14753ae7-7833-4fad-b989-1d20061e751a", "value": "SecuriteInfo.com.Trojan-Banker.AndroidOS.Octo.1150.20455", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "540c6446-2534-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689661717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661717, "uuid": "8d6b0e58-14f8-42b4-88bd-2ee70530d657", "comment": "Malware payload (AgentTesla)", "value": "bee38d354425c250cfe5f8c160f8c541", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661717, "uuid": "574aa6e5-8de7-492e-b2ce-f41dab2a9d3e", "comment": "Malware payload (AgentTesla)", "value": "9c629d30ee820dec4c476fecee2be0ba23db86ad1de1eb989c33bc594b7ea21f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661717, "uuid": "a1986ae6-8b8f-45d4-93a1-4cbd8f001d10", "comment": "Malware payload (AgentTesla)", "value": "45be527212022f5cfb59581c996684a85506018a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661717, "uuid": "3d400d9a-cfdb-4ef6-93a5-27745fde0599", "comment": "Malware payload (AgentTesla)", "value": "963879a77c9e1841df5b9f8299d284a78d38930db17f6028035a0e8b42af613b7cafb242c56db1c9a933c4a048d5a3c8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661717, "uuid": "22faf916-3dd4-42cc-a2fd-d6fe8209173f", "value": "T1B9158D0B39D02A47E42E426E547C6E6CEBEED50D426FD929342DC2A3B2F664C1D4D70B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661717, "uuid": "1eae6ff2-6706-445b-b3b3-f641fa4e97f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661717, "uuid": "b78b7436-09c8-417c-ba1c-df5d999f14dc", "value": "12288:CGGWmmoAb1wW9iotIhKeenPfVFGQIut7D2G5JKT5b4jR:CZroBwZotIhrenPjz76x4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661717, "uuid": "daaa279e-ca3f-4851-ac6b-cb18e18c7ec4", "value": 876032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661717, "uuid": "6388a24e-5497-4d10-a79c-9a7280fd839d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661717, "uuid": "6b6e4f76-16fd-44c1-b59d-2ebfa68ba399", "value": "SecuriteInfo.com.Win32.MalwareX-gen.3838.1241", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c38bc0bd-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705283, "uuid": "43fe69a0-90a1-48c8-b753-77608de3fe24", "comment": "Malware payload", "value": "3e67f37d699b42f54053f911ba7d9318", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705283, "uuid": "c7b18ce3-4a38-4e44-9f68-ad165db267c4", "comment": "Malware payload", "value": "9c685d8e44f9ba9f7846f1c12be0b10986d76d29a7dd0d9ab71ef25094322a89", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705283, "uuid": "e8397d20-a779-4462-95ba-ba3dbf1290f2", "comment": "Malware payload", "value": "4b4f35c9e088688a931c6a02267fd75d8566647f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705283, "uuid": "bf2be584-ce1b-4569-add1-11be5f482c72", "comment": "Malware payload", "value": "25f2f3c33e5b8c8bc398f48af2aed500b7d0c1e326e3e2ee82768f30d8acd1979dd5faea21f671079936f7ce88dcb40d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705283, "uuid": "0baea02f-6146-4733-8f3b-3af58dc827ea", "value": "T133B36B01B5D1C032D8B6183119B0C9B51B7EFD704E219EABA7C8163E9F746C29926E7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705283, "uuid": "83f6735c-454f-4fd3-b372-79d23fa6748d", "value": "408f42a7a531450f59ecf2eec967e1cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705283, "uuid": "6fd6963c-ef8a-4593-9fa7-eac393e5bc63", "value": "3072:B9MLKLilGbDYkI0F7AQIZkI9+HJa6OIpHl9f/4bjFY:B9WlGNItkVa2o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705283, "uuid": "a580c884-1b6d-4e18-bd08-482e5354ed8c", "value": 115712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705283, "uuid": "4a0cc4de-0a91-4509-bb53-545565821732", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705283, "uuid": "daa006d6-8c0f-4ad9-8a4e-29eb07fa94ba", "value": "SecuriteInfo.com.Variant.Midie.120512.17996.11669", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdbdb8a3-2559-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689677893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677893, "uuid": "b87983f1-6b99-4a6c-ad9b-a5180e20a0f0", "comment": "Malware payload (Formbook)", "value": "72131181cd81f99d1dd51f7bb9925af6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677893, "uuid": "6b70cdbe-2dd5-4c11-94ae-711db5997aaa", "comment": "Malware payload (Formbook)", "value": "9dea27ca0e29fd1b414242802ccc3801451b183af6a753bcc83d84bb0827b08d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677893, "uuid": "a819e0e4-5fa6-4d30-80c4-b934898324ce", "comment": "Malware payload (Formbook)", "value": "629c80c08525e04f3657987789679a0b054f3c9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677893, "uuid": "8b147d25-e678-4744-be66-021439e589a1", "comment": "Malware payload (Formbook)", "value": "306f26d6aa3261b38ee63e2904baff22188fdc81c73dbbbdbc6c2cb9c826e4279adf146f16cd99ffd17983e02b1df459", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677893, "uuid": "1bc9a81d-4238-431f-9d4d-e32d5a645a45", "value": "T17F541211EFF0E0A7EAB10BB33D7D6F391AF4252161955A0B13204B5F3768292A44FB71", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677893, "uuid": "c745b44f-9986-4199-9b02-0d96b203f68d", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677893, "uuid": "912677fb-034d-403d-9d75-29827279289e", "value": "6144:/Ya6ZZhitfgENiqtA710lHfqpsGr3VheR83lvFUF8OH9U:/Yr7UfgmtA7eHfqaoX88ZFk8IC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689677893, "uuid": "87baf1f0-f7f2-4532-9c1e-b5fac23a7b7b", "value": 279267, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689677893, "uuid": "a54a3112-c923-47f8-9be5-8cac4f5fe802", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677893, "uuid": "509498dd-9ff9-4c20-90a4-b598965c2883", "value": "Vessel Arrest on court Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "451136fa-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689662121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662121, "uuid": "265847d9-4ebf-4f6c-9a97-4d218b82142c", "comment": "Malware payload (GuLoader)", "value": "4edf82bc0913f4beb569224c19f6aee4", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662121, "uuid": "1397176b-ba0b-40e5-8fb9-2f343a5771ff", "comment": "Malware payload (GuLoader)", "value": "9e3b2bc80176cce7a6cf760f186448bbb97eb834446e492a86f1994881c5f11f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662121, "uuid": "edf24cc9-4574-4a10-9add-7564a041f621", "comment": "Malware payload (GuLoader)", "value": "cb6edd09b62240e0c9f331f1b4468627c3e35777", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662121, "uuid": "8185ed45-9c8c-472d-b28a-81782faedc3e", "comment": "Malware payload (GuLoader)", "value": "3cbad4128bea593e4074c8cf0d77735c384f2ff3ffdb7972fa6e8a1bfb00055d6a54333edb78a5e37e00810ac73493d1", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662121, "uuid": "21f88187-282f-44c6-b850-f5e56d2310bf", "value": "T1D0846B4CE767ECE9FA660339257119163F819C5E61E9286D228DF7263C36203509BCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662121, "uuid": "c6ac1751-72cd-4aff-bce6-94ea3adc8bb1", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662121, "uuid": "2db90785-490d-4a33-a067-c199eb861c53", "value": "6144:Hwq3NpAucuYtKyoDZOambjqOgRHRRk92c+EQ9E6tom8zK5eKbe:HzMpHtegpGE0EVm8CPbe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662121, "uuid": "14608685-9800-4e40-ab7a-7669848df269", "value": 372413, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662121, "uuid": "43c9fdca-0da2-4564-b945-18b6c9c56c95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662121, "uuid": "e48978b8-b5a7-4ecb-8135-5ba153ff5c24", "value": "DHL_IMPORT_TAX__INVOICE_3129143010_KRJ202318092409.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9144ae6-2559-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689677885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677885, "uuid": "a5bc1c76-10d9-4290-be9a-af0bf9ec1c15", "comment": "Malware payload (Formbook)", "value": "2c457f67b1a39f558c3088c0bff27f8d", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677885, "uuid": "527586be-577a-4e26-94fb-dfdf9664af51", "comment": "Malware payload (Formbook)", "value": "9f47c2b85a53264bfdd0bc52b9fecee0df8057718ee552c45b056827c4a2a36e", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677885, "uuid": "16d83616-5a8b-4d66-a96e-4a7bf36f9b12", "comment": "Malware payload (Formbook)", "value": "a138b0d81f910b6511c46c6a3802ef79078a53f4", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677885, "uuid": "f9bb4eec-2286-4a90-852e-77a3f3d88330", "comment": "Malware payload (Formbook)", "value": "ae8647713907c8ed7fe88b502a4254e95b7ddfa4717f24cb963afde3a457148ade645e70b6f9a119e541dd6ebf57ac56", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677885, "uuid": "bb15187c-6acc-49a8-accc-9b4c3f162a83", "value": "T1F044235CBF48F36FD4356253154FC4C8FFC70CAB8BA475A9624A105D43A812AEACA5CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677885, "uuid": "4c538b01-aa7d-4591-bf7a-66cbba64aabd", "value": "6144:SpKqnFiCSPTvGlgQL8YXdSOOLzzhf9ykCQaDsn:ilGvEh3er6nQ8sn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689677885, "uuid": "9a4a8d81-2d53-4dff-84af-5fb89a5455f8", "value": 263460, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689677885, "uuid": "cab2cc21-8ed7-4f1e-bd9a-084ebc690b4c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677885, "uuid": "debc174a-2424-45c6-9b72-a94c18e53343", "value": "Vessel Arrest on court Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c6ea332-2557-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689676817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676817, "uuid": "2bb0fcbe-ca6f-4918-8ded-7ce15fc47663", "comment": "Malware payload (SnakeKeylogger)", "value": "c69ad29b13b8a81780fb8dcc19a9e860", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676817, "uuid": "5ea40900-1556-4694-8881-9b3b8c0d140a", "comment": "Malware payload (SnakeKeylogger)", "value": "a07e48874a69880208333c95cc881484421695b907c107e9e75593c75ec59eb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676817, "uuid": "ee9a2c8d-e8d2-4264-936e-4b5c384d9d8a", "comment": "Malware payload (SnakeKeylogger)", "value": "c651aad27968d6963efd00752b4d9342948cd70c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676817, "uuid": "68f061bd-0a47-4e58-8c90-1ea633cbc09e", "comment": "Malware payload (SnakeKeylogger)", "value": "bd70f3c10bd2c3506b0d177a3f21840f498bb477dbf565860f2a77c916b13688aafa0f9b0c6cae81126bfc4ffa30dd26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676817, "uuid": "9afa4044-1aff-4272-a64a-485c25a4fe0e", "value": "T1AFC412191D996E17C51F2FFE010236F183239AE97541CA6B4C4AB19AFB6E74F4CA1B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676817, "uuid": "55f43a71-3c91-4ea7-9699-54be5480a34a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676817, "uuid": "59c34833-e1e0-473c-85e1-552f5ab7d82f", "value": "12288:zmAY2kcdbL4Eft4mYwADdLJI0sCCjO9Y8mpc9vfipjFXrJoW3PQLS8jNc:yN6GEfzYFJLWRjOrmgibJoyQdN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676817, "uuid": "86fbcfd8-c5f8-4caa-af99-570c12b3ab1f", "value": 586752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676817, "uuid": "39ea27cf-1a1d-4543-9b17-55507747260f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676817, "uuid": "78d7b4c0-1920-4246-a9b8-629cfaa76f06", "value": "SecuriteInfo.com.Win32.PWSX-gen.7989.2626", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea7b62b1-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661110, "uuid": "e721c7aa-be13-485f-9e94-36d83131324f", "comment": "Malware payload (SnakeKeylogger)", "value": "2e4dcd52a819ffd488b91e89d743ac9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661110, "uuid": "c6f480bb-8fa0-4198-aa3b-1f8329bdea6e", "comment": "Malware payload (SnakeKeylogger)", "value": "a11ef9d544cbb542549304eb4e297740f5cd06780218300085751c4ca0050309", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661110, "uuid": "f2701bfe-091e-4494-8875-d1ced6eb7e12", "comment": "Malware payload (SnakeKeylogger)", "value": "27a250adf633fdc423ee330ccd2afd5b56cfd66e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661110, "uuid": "60380602-0fe5-4e96-8eef-530b56bb45ef", "comment": "Malware payload (SnakeKeylogger)", "value": "16a0eeb04d90fe472d4a6fc8d5ee91a9cd8d4884cd6626aa3fb0645c3519597718c973d4bf1b811852737673ee42f541", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661110, "uuid": "7c95762a-4d4a-4ed7-97b4-f190b2071fc1", "value": "T105157B322E47C114C9AE4FB5FC22E1C20FA95DEA05A6F2255DFCB2691CB1E9B460077D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661110, "uuid": "9251ec1e-f699-4279-8ba4-b5c80f3e8bc8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661110, "uuid": "4ed1da92-b0bb-4006-bb11-82389f9da8ef", "value": "12288:IWVt00/eseSFpd/upd/E2PKhk246c4MxXn6TUYlf8RYxu7ns:IWT00Gd5PKWTxX6TTras", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661110, "uuid": "4645261b-b324-458b-a3e2-ed6e3fdc5a4b", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661110, "uuid": "3c9a6a6f-73ac-47ad-94d0-9a39c5e671e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661110, "uuid": "babb7fe2-dd3c-48a8-9bd8-14e1e454e308", "value": "2e4dcd52a819ffd488b91e89d743ac9e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "157cbba8-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684375, "uuid": "e3939f2c-8ff1-4bc9-97e1-7783f2f88c2b", "comment": "Malware payload (RemcosRAT)", "value": "43e1067108bf892780fcbf14287060f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684375, "uuid": "4350c6d4-db69-4c22-9f63-81cdd7643507", "comment": "Malware payload (RemcosRAT)", "value": "a2485cde3bc28551bb1b37681a4da65c9f6ef0fca1305141da97a34d1602ec1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684375, "uuid": "bac1672c-4c17-4136-a748-a7640e0aa923", "comment": "Malware payload (RemcosRAT)", "value": "9b6e8274ff1b3f54fb7f060f1811c5762f6e38a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684375, "uuid": "df862c75-7e43-45e3-8b3f-c11f527028f1", "comment": "Malware payload (RemcosRAT)", "value": "38ad9ed0eba0159c030926e4024185180e944d4e9ead8ef2eeb6f8c4bb7e84930b9d9547c7139bf75e56d9f9d9847449", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684375, "uuid": "8296d7ca-ddbd-4aa7-b2f0-ba2e60b5926d", "value": "T186453781D375D3FEF62CA1B89704F2C41DB42EB8E4A0F95A5C2A71AD31F5640228637E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684375, "uuid": "9345710a-046d-4f54-92e0-2b1ce29adf56", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684375, "uuid": "273c6706-1de7-46b7-9cab-f40af18b5ac5", "value": "24576:0gCDxZfwaLs4NTvDEXHcXXoypgzmI/i8A1TQQ73BWAqctMPMM:mDxdhLQHcXXocF8A1TQsk9cmP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684375, "uuid": "aae6d6f0-0105-4e52-bcea-f61aa76dfd7e", "value": 1190400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684375, "uuid": "e9cae2e7-c0c8-4d60-84e0-09793d15625e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684375, "uuid": "866cada2-8fe2-4284-9107-89c462ef9a30", "value": "43e1067108bf892780fcbf14287060f4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fecc858f-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689661144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661144, "uuid": "cc5b7f33-e442-48e1-9a16-c7e05b8ae811", "comment": "Malware payload", "value": "4c67ee1f39fbbdc5fa1ecaba1792b0e8", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661144, "uuid": "e9dae298-b0ec-44bf-90e3-3ed18cf311d7", "comment": "Malware payload", "value": "a2577fc056cfff4025b8cd15f49b2d2cb150c3f7f3fb0c1ee8067afc9f5c807d", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661144, "uuid": "18566122-c83e-4b09-9b6e-a55f2d5e6b07", "comment": "Malware payload", "value": "3f189e1c935ea707976626bb907485e90eeb6811", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661144, "uuid": "fa4fc0b5-f983-4295-a74c-3cac7021609d", "comment": "Malware payload", "value": "bce8d997fc4594f837a549d832bb66d00e39d37880eb44b4bdd013d0ad66c220e0e4954682fccdd24eda30869686d709", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661144, "uuid": "5d794075-7337-48e8-8a1a-b7bf3d70daf3", "value": "T147B4F100368C9D9DE2826BFDB976B18E901CBD3372C5A1D76BC8B70A8476FAF541B411", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661144, "uuid": "76ea48d0-e20e-4e80-935e-7ea9d3126d57", "value": "12288:KOZioWQmmme6v3QLQuEZBWQmmme6v3QLQuEyBB/1EOEx10JGUFb8cje76/:vWQmmav30xKWQmmav30x/BhG10FH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661144, "uuid": "60578b69-e887-42cb-a2a5-6d3d46aed081", "value": 523776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661144, "uuid": "87c999cc-ea4c-4539-82d7-466a3725199e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661144, "uuid": "4b8f936c-f210-46a3-9e48-252853526583", "value": "sales contract.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e4687de-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689686699, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686699, "uuid": "51413c63-1632-49b5-9d13-4de0a7d254fa", "comment": "Malware payload (NanoCore)", "value": "2ae8c9db3ed641c45b017c220de075dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686699, "uuid": "6272fb55-6fdd-41c5-b840-8b43a1de7b63", "comment": "Malware payload (NanoCore)", "value": "a2ccf50221d78c73a2015b13e340ee631d3c2bea60dbdfc74e1f5df8c920518e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686699, "uuid": "adbc119d-4d89-42ca-a086-f41d4d970cd2", "comment": "Malware payload (NanoCore)", "value": "159727a79f619ce59c7ea38d7251637a64a69ec0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686699, "uuid": "80d70440-00e0-4d59-9d40-eb3e22d4f71f", "comment": "Malware payload (NanoCore)", "value": "c4e92a6516dbcaf2770cde05558a01fffa4e19a3220f4c842959b272d57c505cbb497ebc708ff38b4293105c31c31acd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686699, "uuid": "34c064f9-2e8f-4901-85ad-f6953ea7d696", "value": "T1A3F4E110366D8F13E8BD63F99110A51453F66E5B622FD3588EC33CEF35A6F514A02A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686699, "uuid": "370ec965-ed1d-4ad2-813f-5dab848c841c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686699, "uuid": "87493c82-71c7-4025-b90d-f21f42f3e017", "value": "24576:vGMydcW9RoEGfzW/ZzcU146BCi90L2+5EBT2:vGldcW9RoEua/aS46BxK2Ir", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686699, "uuid": "06fba9db-46ff-4794-8d0f-21025ef630e0", "value": 792576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686699, "uuid": "811e8824-930a-45f1-934e-42dc0149b80d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686699, "uuid": "9f7f0c73-f5e7-4e63-81a9-cad656e46789", "value": "2ae8c9db3ed641c45b017c220de075dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10fe4a91-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689640989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640989, "uuid": "70f128ee-e478-4bcf-b8bc-a8233053081b", "comment": "Malware payload (Mirai)", "value": "c630f0142494afb7104ee0bf6e1c56d9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640989, "uuid": "1fef6ab5-a473-4767-8bc2-77d97c1f8230", "comment": "Malware payload (Mirai)", "value": "a2e8704e1489728becfc3616ccb0a301423af3978fdeb3fbf48a5629ec40e091", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640989, "uuid": "de344e99-f1a7-4978-ba73-b41d75a559bd", "comment": "Malware payload (Mirai)", "value": "b348f4cb2117d8cf01bf0c2246323ab256c95f82", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640989, "uuid": "cd384558-4186-401e-b69f-ca8ab79aeb91", "comment": "Malware payload (Mirai)", "value": "243ebb41c23c58c187b6ac5402218e206bd7fd05095cb00d8188e8d091f5b19fd72ee358adfa02c2d0ae8b0aa79f1549", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640989, "uuid": "b53d790b-c98d-4739-b56a-5173c4d1c3fa", "value": "T166C2E1E63E377EA7DE35013934A9CD374674E016D75EA653A240924821131BCBB329DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640989, "uuid": "904ab102-79d3-44e3-ad76-6db322e457e3", "value": "768:0MwoDZLFbBy6HQHRYfeAxdd8I4/5weH0Nm:0olcYfe6KW8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689640989, "uuid": "70f233bd-dad1-436a-8814-42502b2364ee", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689640989, "uuid": "17d9cca9-db3a-4bee-8f12-76d3c6ce4a2d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640989, "uuid": "2e90ba78-cfbb-46d0-a9db-772abc105af2", "value": "c630f0142494afb7104ee0bf6e1c56d9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5beebed-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689661075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661075, "uuid": "4fdbfa9e-a393-46b8-84e5-02490c05f381", "comment": "Malware payload (RemcosRAT)", "value": "e9e6e0d8ddc9de7f659bd4ea324962e2", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661075, "uuid": "91f61945-e30d-4b9b-a74d-6ee4923625e9", "comment": "Malware payload (RemcosRAT)", "value": "a38bf342a2a0879774f5404f4ca240e91f38be40f30cb13974ce3cf94a75bad5", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661075, "uuid": "2faddd49-5a90-4de9-8aef-be99a18ba3a0", "comment": "Malware payload (RemcosRAT)", "value": "59c694d73b23b6ecca5da7f5fd4ccf4ff3d6ae25", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661075, "uuid": "97d89f81-eb68-4b44-86d1-f854413bdd5c", "comment": "Malware payload (RemcosRAT)", "value": "fb8fb6604a55615108f19e4f2ff78582b205516bd84cbf3a528cbdf1e14897df3d3fca89d9ea6f6e2a00eaf304d2898b", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661075, "uuid": "48d6aedc-61a6-45b4-9ae8-ad060830810d", "value": "T14164AD90E2DDECE5DC1253794C77EC262557FE399436492E212EB6286B7328330A7D0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661075, "uuid": "b6b3868a-da4a-42ed-b5c8-d296f9aae311", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661075, "uuid": "6464ad32-6d8d-456b-b290-2208e420a3dc", "value": "6144:NB+pqUQiXd44Scy47IljpYXYGqAS+v1SI/7va7hfQ2+VojyXjGYV0m3:NgeitN4nyXYgx/78NW2a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661075, "uuid": "5f2860b8-9fca-4088-bf1c-0c05011c428f", "value": 332829, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661075, "uuid": "aff9ad2a-37ae-4f90-b0e2-cc972c1a8e68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661075, "uuid": "6d2fda24-e03e-4b2e-82c6-41e6b248e7ae", "value": "DHL TAX INVOICE 5375980724.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3edd8715-2591-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689701625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689701625, "uuid": "d962ac67-b3b1-426e-b091-364752a3407a", "comment": "Malware payload", "value": "cec434e1b94beae9dbbf0eb371e78f4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689701625, "uuid": "fe7b45eb-653e-4cdb-b1f6-721f0a2d6162", "comment": "Malware payload", "value": "a4428ea2a84c197502595fa85062995ea128355f66d695b76c8911bd6c519bef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689701625, "uuid": "12295e85-5faf-4ccb-a3ee-cd3cfc4830cb", "comment": "Malware payload", "value": "e318e77b036852ef9f4780b07e33e075635b93a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689701625, "uuid": "6dcea0f1-fab9-4408-9d0c-68a073b37ad2", "comment": "Malware payload", "value": "13cac08c9b9fe460fe9088bcff1788f994396100926c4d0d550df42f5e8cba22fb6bba9be8b66e85f4af330771778223", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689701625, "uuid": "dd4f7d3d-b9e1-4bd1-9e54-899d97da0d59", "value": "T1A97523527BC98AB2D4721933152A5F20B63CBD305F368AEB9388645DDE321C077357BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689701625, "uuid": "216c6655-d5aa-4cae-a4e9-97e49d7fa7fe", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689701625, "uuid": "6b1de0f3-f23d-447e-80a5-5ff4cb429282", "value": "24576:WiIy60hvWIUiQjUo7zRb+YSqs18b6H9vOWQx1WvxE1ENo0fbSSvC4PnUue6VIsma:mb1x459mWwwvxEKoyvCWUuexH7PCWc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689701625, "uuid": "95779b4c-13be-4400-8634-e7fca77c84ab", "value": 1664327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689701625, "uuid": "d4f340a3-c422-404f-9735-8869493948b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689701625, "uuid": "11c08a4a-4da7-4d7c-aa75-44379205655d", "value": "SecuriteInfo.com.Trojan.Ciusky.Gen.6.21004.15926", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be6d2ad9-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689684229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684229, "uuid": "0197e07e-2cd9-4e41-be2a-02f78ede5e99", "comment": "Malware payload (RemcosRAT)", "value": "090ff5be96e85eb18ecc96acc93dc763", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684229, "uuid": "b15b1082-eacb-4002-881e-7ac48f4aa688", "comment": "Malware payload (RemcosRAT)", "value": "a54c57d081e28c09d26a5ef8d3b471af22e6b4ab2f65b1a89bb2a79c23872135", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684229, "uuid": "ed3de3f0-cd82-479d-9b12-ced0c5314ceb", "comment": "Malware payload (RemcosRAT)", "value": "3c4d16233938c9dff42d9996a869377b6b24e91a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684229, "uuid": "b882cb2b-f2ad-4624-a777-dd53a02c8c02", "comment": "Malware payload (RemcosRAT)", "value": "390162ec869f18faf1c224defe157261d0e2f1ddfc41a7c04204b948e513f17a339a2a006d2d91279fa55bbb4c2ca15c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684229, "uuid": "a6d0a57b-d356-4dc7-ad5c-d2c122405689", "value": "T1A9E4E00C1A4B8C19ECA6373D03765639ADE7FD14746B623A83C9FB1FB6B628139C5046", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684229, "uuid": "e105391c-ec52-4918-ad99-3bd39e277d60", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684229, "uuid": "9de001ed-44dd-47e2-9750-cf6b8f5831e7", "value": "12288:AYHiv/h2rvsV6wYjvP7he1hFWFYpdU4YQTCGCPmMTcDq0WS/s7bq:AYHiv/h2rvsV6wYjXwGY03QTtCVTc2q3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684229, "uuid": "9729fa3a-3fea-40b0-97f0-8534c31466af", "value": 658438, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684229, "uuid": "c9afdf6e-4e60-4f64-b8ec-c3baad9f4c75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684229, "uuid": "f9ae882c-688a-420f-8ac8-43d57365f0f3", "value": "PI-ZY202307050010 ,xls.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "340783a5-257a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689691728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691728, "uuid": "94fc798f-f62c-4114-98e0-990e48cecc16", "comment": "Malware payload (NetSupport)", "value": "a252f22f61f960c54fa32ae0de7dd17c", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "deperekanuki1-com", "colour": "#825D54", "exportable": true, "hide_tag": false }, { "name": "deperekanuki2-com", "colour": "#A06E86", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691728, "uuid": "7968ae5f-eb1b-4b55-b2bf-7b6c50804016", "comment": "Malware payload (NetSupport)", "value": "a5be7a73bbed8ec4e1a7819289da5412fe9ddf628941aa3b35fbe7454f148618", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "deperekanuki1-com", "colour": "#825D54", "exportable": true, "hide_tag": false }, { "name": "deperekanuki2-com", "colour": "#A06E86", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691728, "uuid": "341028d3-1a4c-4c90-92fd-e8e7f0b74f95", "comment": "Malware payload (NetSupport)", "value": "00fe1097e70f1f6307e6bc68f40d49abb01dd2d5", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "deperekanuki1-com", "colour": "#825D54", "exportable": true, "hide_tag": false }, { "name": "deperekanuki2-com", "colour": "#A06E86", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691728, "uuid": "55eeeab2-f3b2-4ea2-9f8d-f31a1356f389", "comment": "Malware payload (NetSupport)", "value": "3216e900ef35234420d4b6a0af9b8d8c37e9f7053065134584cbb02c5cedb204f91af202a54a95adfbe29174c8ab86e4", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "deperekanuki1-com", "colour": "#825D54", "exportable": true, "hide_tag": false }, { "name": "deperekanuki2-com", "colour": "#A06E86", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691728, "uuid": "6d92649a-3769-43da-b284-b6dced2a28fe", "value": "T151F0AC26164FFD8D195FB38A696058501FE38600A55E7932874C6C4FCE35CBE69DE844", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691728, "uuid": "c3c850c9-0095-4f2e-bc1f-62efd4d474ea", "value": "12:UERx/vONhH+KGSyDWVTXuZ7/PfY8o1TTDGXv05ubluGg0Tfxvi:UERpOheKC1l1GGX85ufc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689691728, "uuid": "92a8be8b-7c40-4739-a8b1-93491636cd31", "value": 605, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689691728, "uuid": "5865b53b-2c9e-4460-8129-68c005916e86", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691728, "uuid": "b6fa87cd-1d7d-4c0b-bde2-d128e3af40b3", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81b6e712-2557-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689676826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676826, "uuid": "590894f7-3e07-4795-a370-216ed9fdfafb", "comment": "Malware payload", "value": "89559c4954df47871b4a9cebab8f2347", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676826, "uuid": "7a8ba40a-751a-46ea-ab48-a49e78f65001", "comment": "Malware payload", "value": "a6270cc54b6be66c1f0e5288fc5cd2dcf3eba4a2c9c30db73fa2c6bc401413cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676826, "uuid": "ab734d4b-d524-4969-9f2f-1613d8f29d9e", "comment": "Malware payload", "value": "045966c65dc3a145a9dd437737e6206dd9869f0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689676826, "uuid": "db6de2a0-825e-46c3-9683-624d5bb09334", "comment": "Malware payload", "value": "42db50ab4129b75ff29d4f7e51acd1e07307fc4ef17e92347f9fc84391a6eaa42a6699984c9ba4283d509e08eec62f58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676826, "uuid": "0dd5eb69-1389-493a-852d-672bdeabf527", "value": "T196F633C68C55292AC78F2B304CE31C4D16009507AFE7AA67FE604EEB4C8E51EA5D4F9D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676826, "uuid": "84061f16-3ed7-49c1-8ff0-111696c59f9b", "value": "0a3459ac245ca78ac433e7a0ba4a11ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676826, "uuid": "3a902392-7d1e-44be-a952-30dfc7fdb9b2", "value": "393216:uhaZXBbufumA7BuRQ6rakWPcCfWE/qxlxvj59hnPYUr7Y:gIRAumBvraU6WXzj5bnXc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689676826, "uuid": "ac27c5a5-e727-4d69-a5c1-db1b93a039db", "value": 15781144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689676826, "uuid": "79677d24-4226-422e-9151-8dc6238d2ee3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689676826, "uuid": "2db504ee-d8e2-4025-990d-0ee0774c6530", "value": "SecuriteInfo.com.W32.PossibleThreat.27566.4549", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acfed533-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712117, "uuid": "b23e7c9e-f505-4d09-b20a-e0595f000c08", "comment": "Malware payload", "value": "0d71b61db86f84404a6d88e26011b1a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712117, "uuid": "c6728845-7d5c-4402-a58a-3e33d607fd09", "comment": "Malware payload", "value": "a6df1177af3bd9b8f72c40c689f7a0fce2a20acf5286bbe320e9cdcfa50002ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712117, "uuid": "ba929fb8-c94a-48f9-b28d-e56a4b397328", "comment": "Malware payload", "value": "7bf7e08b540904c2400e16da42238d44e1d47b51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712117, "uuid": "d5794f6e-6caa-4996-b59c-23cf7256577f", "comment": "Malware payload", "value": "296e01ecde2c05dd87f8d560c176a619a1f7bda2e726f0dfb5572580e83b16855d53fa2de5b4d42d37778e8c7988d3b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712117, "uuid": "04aafa3f-0602-46da-afb7-e5e0f9d7bf3f", "value": "T1CCC39E0DA5FBBA60EDAD47F680F86A1C50D43ECA4B06D4B7C5391DE7F859201CBA81D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712117, "uuid": "0790ec2a-a907-4016-9862-7c7979ea7dba", "value": "e7b9db2da4eb485095dfe7b82b1f91b9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712117, "uuid": "4bfd3f1b-d440-4ef4-ab9e-6c44e62bfd3c", "value": "768:0ylmqXjUD+C8XbhY56UoKZpOaU1dEgkX/GR3Vm:9BXj0p8XbhY5QfR3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712117, "uuid": "0139ef67-76f7-4b74-ae4e-00f9d0b74840", "value": 126976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712117, "uuid": "912bcca5-b39b-4ef0-99d7-cd2302073d69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712117, "uuid": "e336f6fc-9408-45a3-9470-8e607152d742", "value": "SecuriteInfo.com.FileRepMalware.21653.10386", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75f9a6d0-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680242, "uuid": "9560ad74-f248-4236-82f6-fca7a95e1939", "comment": "Malware payload (Loki)", "value": "6d156b57d3eed0f5c5b285437cb711bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680242, "uuid": "c550536f-32bb-4886-97a0-2ca4d60f7416", "comment": "Malware payload (Loki)", "value": "a7a2151c314a329c44df6d43c6f2757bd8994a5c6ec4c7aa1e9cb58713796b2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680242, "uuid": "e6fe1c2b-02ad-47b7-8f9d-67536e928f7f", "comment": "Malware payload (Loki)", "value": "d43605e4fd4bfc002728e49394feb879b63b5d15", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680242, "uuid": "69e41c06-6b7c-424c-b0cc-e81d1b04fa1c", "comment": "Malware payload (Loki)", "value": "2a556db084845eb2d9009edb4ad717b67e6e78cee33b5fb2412e59ebf8798cf0ace06be2c8378f5f745c1bbb651ac2b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680242, "uuid": "f3c98374-2aee-489c-8b05-2ec73bebd0d4", "value": "T16EC41228AC7A2B26C7314BF50450367093BF45DBF972E3534C8AB0DAAB12F418E55B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680242, "uuid": "1f8b7476-2ae6-4590-b6c5-5220209c69ab", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680242, "uuid": "a413f44f-8e2d-410b-a796-fa39b4f296c1", "value": "12288:z8PIRHM3dhsH4D4nGFET3ajt4VWd72CiQ661:YcHM3HR4n0c3a5V72Cb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680242, "uuid": "032d635b-86c3-4013-849d-204765185c2c", "value": 549376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680242, "uuid": "7b6d183a-c006-4c62-bd44-141400df4beb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680242, "uuid": "9e3b7e3a-112a-4c08-815e-c387f455b4f1", "value": "Invoice-pfi705-704-705.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b7f3f14-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689686694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686694, "uuid": "2e808176-2d7c-48a2-8b30-5a7d0c523ff5", "comment": "Malware payload (NanoCore)", "value": "12753301cd66cae54cdbd56d45cb9069", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686694, "uuid": "2d3294d8-467e-4efe-9f27-d664ae18bf7b", "comment": "Malware payload (NanoCore)", "value": "a8fcecf459448b45be84bfef1fa7d1ab4146716dd7591515438c15c979095eb3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686694, "uuid": "6cd40e7c-33a9-403e-9bae-975abc39a548", "comment": "Malware payload (NanoCore)", "value": "766f2234988f6acee2aa33570a94aa851b4f5f00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686694, "uuid": "73fa96b2-7557-4d9c-8f1d-e274194489dc", "comment": "Malware payload (NanoCore)", "value": "5a5fa4f7afc4bb8ab56fc829c319b686e8686c625f978f27afe85a729003813d86f60ec43a9c40a37e43a2c344ba875e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686694, "uuid": "54dd0c95-9a40-4188-86ea-8dd9a3342152", "value": "T1D3D42390D29C8A0FD5DA63F8436776A482B38E8491BEC3881B5FFC4DB0EE7419B155E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686694, "uuid": "2166fb5c-77fa-470b-8c09-0aefa1d74170", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686694, "uuid": "87faa6be-ac45-4343-87ae-ac01b7a804e9", "value": "12288:kfb/WT4UkuZbzDDLEfamOwDMHBczmbnaJIAAWb4ApaMRXeN9DW67DSHZKG:kfzW/ZbkyhwYHBc6bEI1G3paMtw9K67X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686694, "uuid": "00772a16-4b0d-4544-8482-59d71517ca4d", "value": 645120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686694, "uuid": "03ab1220-07ef-40d8-81e6-d76526e9b945", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686694, "uuid": "45a8d0bb-346c-42c6-951b-b5ea68f1110e", "value": "12753301cd66cae54cdbd56d45cb9069.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec81bef9-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685595, "uuid": "018fa544-3305-489c-8acb-87375219de08", "comment": "Malware payload (AgentTesla)", "value": "ce8cdd4546f3c1d22d3c0c3834c2a73b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685595, "uuid": "56899f59-8bad-49cf-98b3-1daab6c47dcf", "comment": "Malware payload (AgentTesla)", "value": "aa3cf6cca9a6b711b17a92b8fa323514b0926971babfa48f6997661f5bf5e5b8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685595, "uuid": "b4552669-5f8a-4393-9ac5-45f1baf02bfb", "comment": "Malware payload (AgentTesla)", "value": "a2aaeef225ee75044c04e604f7492151777756ff", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685595, "uuid": "596bd874-a9b5-424b-9d01-908a260d8612", "comment": "Malware payload (AgentTesla)", "value": "394a532b7b7379776e439264daa8b685752be3394cb6b7717fb6b2b897d020190163e715a18ba280a892c3c1187814cb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685595, "uuid": "5af9159f-b255-4ff5-93c3-4ed31bc3e205", "value": "T1C103284EE79F02698F410776671B1E88A6BDB22EB35094B1346C833433EDC3D46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685595, "uuid": "4b0ed126-dd02-4c90-839c-ce41d89d7c92", "value": "768:J+Fx0XaIsnPRIa4fwJMS12Pt0zD5YwKSg9dd6L8nSiP:J+f0Xvx3EMS1zD5YwKT9X6wn3P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685595, "uuid": "33b1086d-e15c-4a75-97f0-fa0e9752e8ac", "value": 40045, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685595, "uuid": "121b408d-bfd8-48e8-8423-d3d0d3311757", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685595, "uuid": "89c62fc8-ee31-403c-a83c-93a5f10fb8d3", "value": "ce8cdd4546f3c1d22d3c0c3834c2a73b.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c69032cf-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662338, "uuid": "619e0d23-ae43-4a9a-a42e-f2319e90a4ea", "comment": "Malware payload (AgentTesla)", "value": "4bbcfab93e68c96c8d95938cf1b62a08", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662338, "uuid": "6a6bd84c-ad6d-4187-bca0-bb17815f4547", "comment": "Malware payload (AgentTesla)", "value": "aa92ab5924fa611096cc9baeefd6def9e017e068f82e81ba8e65e1a49a8061d2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662338, "uuid": "5fe381b7-bc90-424d-94e6-0b41ee7a99b8", "comment": "Malware payload (AgentTesla)", "value": "723ce61769f9c09723ca69a58802fc1fa42ea0ae", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662338, "uuid": "7bd0ae0b-c105-4e4b-96dc-33e8aec203ce", "comment": "Malware payload (AgentTesla)", "value": "9593c5bd0505e740b4215c142d01f9a17ec7525bf6293f3ea776293c85d0119889e08bdbc79de76215b128a2408fc828", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662338, "uuid": "10d8203b-8cd1-4c52-8b9c-55040243c0bd", "value": "T1F713AFE0E68195D0DF595776A2551ADC4238313FFEC510883060B3F92BA7A6A990ACFD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662338, "uuid": "ad729335-52ab-4cba-ac54-41c632100a7c", "value": "768:+XdeOP6eborO+KkBxVFB4FbUHXyR6QIUAQpc5ya+EJLF:+Xgarboy+KkBx/B4FbkRQIUe5yrEL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662338, "uuid": "75408923-5d4b-4324-837d-d1aad0156c8a", "value": 42904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662338, "uuid": "ffd77bd7-686d-4522-9414-1ff08c8df89a", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662338, "uuid": "de9f597a-b6ba-487f-a398-0e1323307648", "value": "RFQ from Mejdaf.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e905ef9-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689697920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697920, "uuid": "8af75296-553e-4f70-8e63-5b3cb5fa628c", "comment": "Malware payload (Gozi)", "value": "579f9bd0dede301f7442eb5ee6a0d35a", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pw-123", "colour": "#2ACF29", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697920, "uuid": "53bda828-d0d4-4af1-9715-7605d63a5ab0", "comment": "Malware payload (Gozi)", "value": "ac2e0ea966d0a2d648fc6681c61f86617bd9acb960efda7d17521e3ebaaf3a36", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pw-123", "colour": "#2ACF29", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697920, "uuid": "c6bf2fec-80c7-49f0-bd9e-35c72788039c", "comment": "Malware payload (Gozi)", "value": "7fdfffb492298a0755adf6a16b6743aa89322c97", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pw-123", "colour": "#2ACF29", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697920, "uuid": "3837e222-bfbe-4874-b33b-cf24a1411332", "comment": "Malware payload (Gozi)", "value": "6bd33d9c86b27773892219fc60c373238c9ce0be50dc23e3e55c18559638217b251c74113303e3069a13ef354b672c94", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pw-123", "colour": "#2ACF29", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697920, "uuid": "57a2f4aa-4f00-4235-8d93-edc6d760fb7e", "value": "T1B57423684A8254411695CBDFB5B1C5183A7DE6848F0DBFBCB4A5FF68023887E5072DF2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697920, "uuid": "914ef2e7-079b-4ca1-b1c8-e8687b753485", "value": "6144:vvapfDMvWQakRSo2Dc12e7mXQafMuTiA4g+iSIMT7DimmAydomjo4rVds6QN:vvahAvrpRSDO56XnR+iSIOBm9P3s1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697920, "uuid": "f67698ca-5bd3-45ff-a16a-b5f02c0f817d", "value": 345786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697920, "uuid": "31a80e55-12ca-43c9-8fc2-a4df9df65d81", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697920, "uuid": "31852cdd-c4c3-423e-ad8d-6983d975de48", "value": "3939.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76c9a8a9-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685827, "uuid": "7ef6e75a-0bbb-4a79-b069-49a168d80a1e", "comment": "Malware payload (AgentTesla)", "value": "25ec50d7010d4eef0c321f9e368b8386", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685827, "uuid": "b752e320-109e-4797-b069-d9b69c861f23", "comment": "Malware payload (AgentTesla)", "value": "ad1aac126da7ccdeb2c437b8ddb826c6885659e23d53fff1b04dc0496567b003", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685827, "uuid": "a46548eb-01f1-4ca1-93fd-3541f99e49dc", "comment": "Malware payload (AgentTesla)", "value": "bdf44973891474959640c14ca19bc99a5e36ecaf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685827, "uuid": "87d09434-708c-40a4-8c9b-fca01d660dea", "comment": "Malware payload (AgentTesla)", "value": "d26cbd0e5f4d0da461ab181542357952a60c88ec7b29330a5f6806a0957db230bebc2a9354b8c9ab0227d137d322c5a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685827, "uuid": "b1a34fe4-5aaf-4795-a705-71599498c989", "value": "T142D1D61167848733E6B20F71DCA38740937CFBA15D96DF6F3DC8620BAD022840A62BB5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685827, "uuid": "15f32320-a862-4e04-8121-421aad3d5914", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685827, "uuid": "54693456-50ee-47bd-aaaa-10c7609d044e", "value": "96:gYm3iYk8WmBabIQQtbp+8hUFX4mvjl3sA4EfjVfIBl0LzNt:N8W4COpp+Is40y3EZgD0N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685827, "uuid": "19d0a1b3-89eb-4f5b-ac03-83aadd52d8d0", "value": 6656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685827, "uuid": "0c72e926-0c48-441f-893b-9cd025dcdfd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685827, "uuid": "8b1006c0-4293-4bbf-b987-615aea8f4c6a", "value": "ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a94b24b-2574-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689689296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689296, "uuid": "a614ba1e-47b2-4d49-8d62-4da6524e8749", "comment": "Malware payload (NetSupport)", "value": "99c9a23ca6754f0cf146a095e9e666d3", "object_relation": "md5", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689296, "uuid": "979e207f-31c1-421c-b936-8cfb4a1f1c0d", "comment": "Malware payload (NetSupport)", "value": "ae1399c7b00710cdd7c119bee4b42c107bfee79c399b27a497a19094150f53ad", "object_relation": "sha256", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689296, "uuid": "12293ee5-c9ad-4f3a-9cc8-a6345e4b74e3", "comment": "Malware payload (NetSupport)", "value": "817ebba693f606c1cb8c5524360961b13642e6b9", "object_relation": "sha1", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689296, "uuid": "2a1f79b1-b592-4f02-9264-1fa7d1b746e2", "comment": "Malware payload (NetSupport)", "value": "df9a156010c2bc108c0902c42d69701aaa6d24472df03598453e12c8cb75bd3cc6813e0a7a10f83957439efffb3b0b57", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689296, "uuid": "b7cefc33-08e1-4d2b-9b6d-08ae05748143", "value": "T1E5019C16154BFD6D115BF29436B401901FE34400D4493D61AB485D4F9FB286B85EFCB4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689296, "uuid": "4734aaec-f363-426e-876d-cce9ab0a4e0d", "value": "12:iOxS2h3q+jhGSGpBlsVTXuZ7+DP98XTKIDWss1CYubluh1fv09GJ/:iOI2hFhapBlLoGXuIDvsPuEs4t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689296, "uuid": "f5c621d8-70ac-4782-b330-b0e8224695ff", "value": 713, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689296, "uuid": "fe7c967b-710d-4c27-a60a-4e3ec513e60b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689296, "uuid": "8e65db9d-b33e-4e1f-86c1-876f49bec5bc", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e745834-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662030, "uuid": "40d810f2-9858-47ea-a20d-ddf851d1bd89", "comment": "Malware payload (Formbook)", "value": "73813d02ab35db71ea6a4fedff72ab9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662030, "uuid": "58a39e49-0a88-4290-8cac-8eb76f9ea601", "comment": "Malware payload (Formbook)", "value": "affc74db906a6b57d940a90471204922b9778426e1defb4be5b645308b1a3da5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662030, "uuid": "58784441-e7fd-44a5-88c2-f577c67a658c", "comment": "Malware payload (Formbook)", "value": "dce5decd11e16806194c3051e23b203e080d3475", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662030, "uuid": "3b5327fb-d4c5-444b-a92f-d4516b21723d", "comment": "Malware payload (Formbook)", "value": "5f83a1e1b8c980da5c230f50e9779ae9a82c157e855801dbec0f3e7292e6de7664a03f65f287a0e8324c966f11f571e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662030, "uuid": "b6c9b01d-117e-406d-821f-9110f73ae935", "value": "T166F4F01033399F17D8BC63FD9560661843F96957222FD3448ED73DEB36AAF404A42A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662030, "uuid": "b1ac2f57-b1da-49e2-b428-246ef82ef424", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662030, "uuid": "d087f972-b34a-43b0-95c3-8c4c2eaa57ec", "value": "12288:kf+Z1Q8cW9RoFDfb/WT4UkuZzRwEYjwpo/l2gG9GMw7F50hQQ5Ua4Gbiu2oX:kGU8cW9RoFDfzW/ZzRwB8pVgGevnVjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662030, "uuid": "74c151b9-ae53-4462-a2cf-b2c85ba41ada", "value": 776704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662030, "uuid": "0fbe355a-e8dc-4637-9386-5bd951902bc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662030, "uuid": "2bb70895-0ce2-45cb-bacb-e8b91eb69863", "value": "Halkbank_Ekstre_20230718_080713_458894.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39237179-2575-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689689589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689589, "uuid": "28781ec1-999d-4d97-b8a9-e0adfed636f8", "comment": "Malware payload (NetSupport)", "value": "531bcb4db878a3c7d1f573319bae9354", "object_relation": "md5", "Tag": [ { "name": "2bat", "colour": "#E2C36F", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689589, "uuid": "82b48e84-c633-4583-a66a-9e5aef89141d", "comment": "Malware payload (NetSupport)", "value": "b0008d65a2522f3e9df20f08dcbc898b67c60752fb52054494b3a07125551eb0", "object_relation": "sha256", "Tag": [ { "name": "2bat", "colour": "#E2C36F", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689589, "uuid": "3489027f-c62b-4747-9457-2039eeab839c", "comment": "Malware payload (NetSupport)", "value": "0661f4b0cac4d9e7b52de992ba05bc6db19340ad", "object_relation": "sha1", "Tag": [ { "name": "2bat", "colour": "#E2C36F", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689589, "uuid": "263ef4a7-c4de-4c07-9ce1-0425962a7f7f", "comment": "Malware payload (NetSupport)", "value": "370789875df7fbc5173c78a36cf7be37d4384419d061a8ab0a0c36d5eec087170293e0bd60992de53ac6787c5afb1415", "object_relation": "sha3-384", "Tag": [ { "name": "2bat", "colour": "#E2C36F", "exportable": true, "hide_tag": false }, { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689589, "uuid": "a5cb2ae5-8a16-4466-b647-f5a59b35e2d6", "value": "T161D0A7570FC3876D542690DA8F7E5B9DC05D85186FA9170D9A20496D4434C4E75EF384", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689589, "uuid": "342a1213-38f5-4b88-a714-01f97717d7c5", "value": "6:CxBR2hn23ffTHfFlIw8UlLAHbKx4WImpMB1hn23ffQn:cnW2HDfF0C0vPmiJ2HQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689589, "uuid": "45ffb2e0-d82d-4b4c-90c9-97bd4dc47c75", "value": 232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689589, "uuid": "63bf7200-36a8-4d57-80bb-ae45af9e565d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689589, "uuid": "caf387b0-6022-461e-8dc9-7e67734ff0b4", "value": "2.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "480c1d19-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689662126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662126, "uuid": "1a420b58-eb0f-4f97-8cdf-e520032d69b4", "comment": "Malware payload (RemcosRAT)", "value": "6e7c98e1220feaa449203144c761e950", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662126, "uuid": "e4b175fd-35d8-436a-8bc0-93c00dc05b18", "comment": "Malware payload (RemcosRAT)", "value": "b04369170c0182553f274c330797459fe60ddcb269d04d71b49994cacedf98c2", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662126, "uuid": "591bf88c-8054-49c3-9e99-d156cb21a68f", "comment": "Malware payload (RemcosRAT)", "value": "c9d5e3dbaa2d48c6c9e8cad575e336f975ba966b", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662126, "uuid": "35eb2f85-7869-48b8-b977-65710b412cab", "comment": "Malware payload (RemcosRAT)", "value": "0b89c6b620f7c815501af2cc73af398d2059a7e36ed26cd81fe4519073274e944d485fa9cb703a7c58bbe42bf0f77df4", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662126, "uuid": "0e3f9202-4064-402b-adde-76a483a077b2", "value": "T1E34189101FE50724F7B39B3568BAB7118D7B7C4AEE06CF8D015183882465624F4B9F6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662126, "uuid": "e4e70000-74e9-46d0-a2e5-8ec57cc56541", "value": "12:8eUm/3BVSXvk44X3ojsqzKtnWNQC0GopW+UcCsvXIelOG5e6lzbdpYrn1IlI5u9B:8s/BHYVKVWWCDX+/CW4YO2dd79dsHmB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662126, "uuid": "6bf6c319-03ad-4240-89c0-5123061bcd9e", "value": 2022, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662126, "uuid": "db1ad1b9-fa31-44fb-a9cc-689630cc3cbe", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662126, "uuid": "13f321ac-955d-4c5a-ac3b-88aa76df7da7", "value": "Price request N\u00b0DEM23000193.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a0a1798-2579-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689691443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691443, "uuid": "0a5a6702-8fa1-4e22-b688-acd06e6e2e7e", "comment": "Malware payload (NetSupport)", "value": "8e8445e38149d6323bd43911a7a9d173", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "urukurubustar1-com", "colour": "#7DBBBE", "exportable": true, "hide_tag": false }, { "name": "urukurubustar2-com", "colour": "#B1C976", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691443, "uuid": "b57d5b87-931e-4a88-8051-094f81825ca6", "comment": "Malware payload (NetSupport)", "value": "b0687bd92a466817fc2863296f584d8a3b52b208368701b52eea337735dbc483", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "urukurubustar1-com", "colour": "#7DBBBE", "exportable": true, "hide_tag": false }, { "name": "urukurubustar2-com", "colour": "#B1C976", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691443, "uuid": "b6303f4e-5b3e-4b63-9a70-704485e307a4", "comment": "Malware payload (NetSupport)", "value": "4434e14f30d71ea458dd25a5b5ede09565c3ccb0", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "urukurubustar1-com", "colour": "#7DBBBE", "exportable": true, "hide_tag": false }, { "name": "urukurubustar2-com", "colour": "#B1C976", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689691443, "uuid": "b35ee40f-6dc0-4791-932a-8dfec03944db", "comment": "Malware payload (NetSupport)", "value": "274223794b108c1634aa06ac731db9beb06a32a31c04ace060c5fe155ce86125b4bf44fe4f069c2bdae030578b3b7236", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "urukurubustar1-com", "colour": "#7DBBBE", "exportable": true, "hide_tag": false }, { "name": "urukurubustar2-com", "colour": "#B1C976", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691443, "uuid": "6633c537-8628-4676-94f6-267aa3539d07", "value": "T18DF07823171BBD1E19ABF2C5AAA40A201FE78004A41D3D32C788294F8F358B94ACE848", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691443, "uuid": "5c36a248-b303-4c68-be49-df7b17ea42be", "value": "12:Ux/vONhH+KGSySeVTXuZ7/PfY8o1TTGDpGXv05ubluh+aX1m9d0MPGY:UpOheKnNl1GnX85uG1m9yef", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689691443, "uuid": "8ebc85d6-b36b-40ec-a0f6-2ee335a448fa", "value": 603, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689691443, "uuid": "cfbaa749-fdbe-429a-9fe0-3f0e68f04a6e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689691443, "uuid": "b1037208-791e-468a-8482-40feb238cf8e", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31745445-256a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1689684852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684852, "uuid": "3fe30783-dd2c-414f-900f-0a03a08f990c", "comment": "Malware payload (Fabookie)", "value": "57159846d43120b2361a7524322347cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684852, "uuid": "9a4ea4b4-2dbc-4baf-9712-fe018761d01a", "comment": "Malware payload (Fabookie)", "value": "b13e645a7634318051fc5eb56a87f527419d003e267ed0811d237aa688155ac1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684852, "uuid": "566b6ab1-94b3-4cba-b93b-4b265d005fe1", "comment": "Malware payload (Fabookie)", "value": "baca794b8ee691744b21ed48fe166def0a80e6c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684852, "uuid": "80fc97c1-b901-436f-b02b-07d167439fa7", "comment": "Malware payload (Fabookie)", "value": "42ab614294339bd26348e44b2607cc6075b6860739e2848dd7dfbd04f2ef5fcf145146585774871870fb562a1c408058", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684852, "uuid": "e7baf2db-191f-4799-81aa-306041a4660b", "value": "T113F42B56FBBD4272E051C135C9A6E7B5E6B27C855D30970B2346EB2E2F335118E3AB20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684852, "uuid": "4db8a1d3-e1e1-4462-9752-eca7b63da4b4", "value": "f2fcd0efb031ebebeaa83cd4cd21090b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684852, "uuid": "fa8e2215-0691-4b43-af33-2dcd1dda2ae0", "value": "6144:nA01NdXuvxQW7SYY3E57in+MRxQ7cUBmCUiJbc77ZvfuYuEdGxTC2hWf7xLUnw+V:nd+5QWGBn+9ShtdGxTC2P5JL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684852, "uuid": "3d621a1b-7682-44a2-85b1-337fe54a5981", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684852, "uuid": "beb2c112-9cf4-4339-92e9-313e2fac8fd5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684852, "uuid": "3f8427cd-56ba-4dc7-beca-48f07c440ffb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fc7651e-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689685708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685708, "uuid": "ee3a4b78-e69f-4903-b1fd-a9a71331d05e", "comment": "Malware payload", "value": "ff6e3c31793cd33342187855dbed1244", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685708, "uuid": "e045d448-af7d-4d82-9f96-a8ca7c84fdb5", "comment": "Malware payload", "value": "b175b40f2afd37a24df79c50f387e37e3210fbe76c5d18cbbf5c28d005dbd756", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685708, "uuid": "8a5a534b-a540-4126-898e-1470fcddf919", "comment": "Malware payload", "value": "f3d403e55c13e1782aba5d40fb53e4db95b8540b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685708, "uuid": "878b5525-d929-485b-a9e6-aeeef54583b6", "comment": "Malware payload", "value": "76fd5cf094c5672952ae25b559d262915527b011a2e62a37e1deeec7e4cf13926c1e117081fe3df0cd37327c163219ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685708, "uuid": "5a11ebb4-6e51-4f0d-9301-110b095f1daa", "value": "T1E1148DC693A86905E869ADB8E0F6C9F305B77C1C5C66F75CAD9CB01A5F74BF0240132A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685708, "uuid": "b33f21f5-617f-4e9a-9f08-6926ee59e3d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685708, "uuid": "8522c0bd-c030-438f-b83e-aef9dae5a926", "value": "3072:EHsweT++sLYvjcvLn3PnF73BBDeK+K7bBEAumEeASrwX1wxwLPxZ:rQcju9OlKKAkepwFwxA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685708, "uuid": "95e90090-8314-4f77-9a2f-8d3864f25a7c", "value": 200520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685708, "uuid": "5831161f-6349-41c3-af0b-bd93594aa983", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685708, "uuid": "9ca54d85-f30d-4176-829d-992b09bb3b0e", "value": "[IMG_5247] Lonely_Girl_At_Home - At_Ryeom_Mia_Kyong_Studio - By_Hong_Jae_Hwa_Photographer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7103ee6b-2575-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LaplasClipper)", "timestamp": 1689689683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689683, "uuid": "7621f74b-d888-427f-ae4c-b78eb5c5f73f", "comment": "Malware payload (LaplasClipper)", "value": "e1cd1c30f4761a2bf4c878ef0a723435", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689683, "uuid": "c510bffc-ffa9-449d-8294-ccd6d0658664", "comment": "Malware payload (LaplasClipper)", "value": "b20d74c759e6d677148c3cf1ddac1056631d69ec738f098d2c8103782d8d82c6", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689683, "uuid": "7e9c193a-8162-4298-8d45-fe3570c12614", "comment": "Malware payload (LaplasClipper)", "value": "8fe5aaf4f0906bbc33c73819fd27eb838cc096e0", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689683, "uuid": "f4b52321-f701-4a43-8c4c-27eadb427dbf", "comment": "Malware payload (LaplasClipper)", "value": "7bc4616b531443e387253e6c1b2cce50dc9669ae7b4e4b15eb488128d0561022576b0352c0de417d5bb1d4f8deff42f2", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689683, "uuid": "7e170e11-30fd-4d57-9967-0d921306052a", "value": "T17C1633A9F904298DC0CD8877534BF0A967D4ED1E2C86BBD93180B55FAE3B6EB0DE1054", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689683, "uuid": "3bc70b72-5672-4903-a002-4f427dec5f8b", "value": "79b3362178937bf9559741c46bb9e035", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689683, "uuid": "ef4472c6-80f7-4196-af0b-3141f88ec7c1", "value": "98304:jBFr1GYY6ihQXeuhAgNcpdWK07pWUd/nwdAS:1/7kdEQUd/nwuS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689683, "uuid": "cfbea477-cb2a-45f9-b60c-d3ab985ddc83", "value": 4191520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689683, "uuid": "adf5cd71-6318-4cc8-bcd5-6823c15e81b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689683, "uuid": "848a206c-d140-459e-85f5-f4a250c99544", "value": "e1cd1c30f4761a2bf4c878ef0a723435", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d714abc7-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689698014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698014, "uuid": "4abfa041-85d7-4128-8162-075467201164", "comment": "Malware payload", "value": "44edf9449b0dcea982d7fd52736580a6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698014, "uuid": "dd0590cf-7afc-46e5-b320-13aa315aa156", "comment": "Malware payload", "value": "b4c4c01c56bcb731e238d85ea988807856275e49273071632f9600f04c18b1b3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698014, "uuid": "2e47b192-f39f-4792-b744-f0115fc44433", "comment": "Malware payload", "value": "8a5dc95eba224763dd7078a7134e97c3d0a15c56", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698014, "uuid": "e930c0a8-1907-40e5-bd30-f3af1c94f42a", "comment": "Malware payload", "value": "75955517cb47d29fda24c2127a9063ab649bde814d37b5b345edf8308a1bd387b04a0bb60b198f76b7e2669a346d96ca", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698014, "uuid": "43fdfc52-fff6-4d42-ab7a-6572ce9fa488", "value": "T1A8337D457660C073D6AA023929AD9A120ABFBC625BF494C73FEA020D5EB15D07F3D397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698014, "uuid": "1943684b-04b4-49a1-ba41-17c2d64861f0", "value": "90c2b41dbc64bf3f152f09646916224d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698014, "uuid": "f23a49cf-cdc3-4c68-bbec-78a7a8906fcf", "value": "768:HjLC3GDQuyd1jFOa94BR/YgZbYTCEbNWANKVXs4yxdjeTtBjWO2+oLg:HjiG07/gBYgEwXs7eTtBj2+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689698014, "uuid": "28684d6b-7601-4ef4-854d-5124b5e01b36", "value": 52224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689698014, "uuid": "4cad0f4b-6478-4d2e-bd31-eef95cfa57ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698014, "uuid": "1a92e9d5-810e-4332-bb19-a925c75c0899", "value": "SecuriteInfo.com.Win32.TrojanX-gen.1830.8250", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1759395-2512-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689647298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647298, "uuid": "0bbc9311-c4ba-4a3a-90e9-d3e6ed72e594", "comment": "Malware payload", "value": "b186ecafbd986b4512e167adba85451a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647298, "uuid": "5e7d95f9-5a3d-4cbc-8572-b1f191f93e94", "comment": "Malware payload", "value": "b4ca08c2946b637a59846756433d3853e9176313ac5cdfcd3ac0d1321c84deb2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647298, "uuid": "4979c6a5-fffe-4979-9e53-780064c5a2a7", "comment": "Malware payload", "value": "1482299cb2edbc2d4f45c9517ba54671e93f4cad", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647298, "uuid": "f714810d-c7df-4dd2-8bf5-c4bbb1314723", "comment": "Malware payload", "value": "94b7688f48baf4209d30a7db9f2ea86fe579ef75b176277a28265377942a8b8b2b74f6a0f2dbeb6c841074b407ba173e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647298, "uuid": "d1ffb368-af4b-4022-8e52-1569b6ed236a", "value": "T108526D3992CB56E9EE7B0EBF59DF2808812532E1476805E31792850E8DC1EF3B6727D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647298, "uuid": "5b728fe6-cf05-451e-ba90-a16f288e21fd", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647298, "uuid": "7610231b-665f-48fa-a2fb-caa243b4a9a8", "value": "384:OK7eeDTtJLQb5z8T5abu69yaqCO3dPCJS:jTtVQ98lRuO3dqJS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689647298, "uuid": "857b0fe4-d142-4a0d-803a-15fd34d9ed11", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689647298, "uuid": "dc791270-1527-4682-b518-8f929862c9a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647298, "uuid": "62f0ffe7-7bb6-49f2-880e-4cd76b24dd04", "value": "SecuriteInfo.com.W32.Injector.BOI.gen.Eldorado.32613.6305", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0cbab97-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705278, "uuid": "b8e05cc2-91b3-4d35-95fb-bbe1f13b3d16", "comment": "Malware payload", "value": "e79e6b7c9f14179689c816a602da38a1", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705278, "uuid": "29ace394-7d72-4cd5-8256-d1b752dc9b38", "comment": "Malware payload", "value": "b4e943ff9fff3a51cb6b26d9d47aaff3679170e9b66e6c1aec183d1bb72e97d8", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705278, "uuid": "93ac8dd0-ebc2-42cc-9156-bb7bd3ff872f", "comment": "Malware payload", "value": "1e6cd462050880607305227a72c758b16ad3b7ce", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705278, "uuid": "2926e0bc-a630-436e-990b-841dedf91824", "comment": "Malware payload", "value": "ba604a28c810c8f1b469e935467e0cd82f13370f049e76db85080e2733e04c3bcd5ed9ee5029a2f2e16bd2f58cbb8778", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705278, "uuid": "5de85eb0-5f53-459c-9ee7-4e1a3ff2d9ff", "value": "T1E322550BF7519A3AD8984738889B42653734E94CF703136B366CB7743E923948F17A8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705278, "uuid": "27db5d83-843b-4670-8515-dcf1bd313de9", "value": "96:RsiOl0liB6IyAjeI+DgIZ4OgQgzPjK0rz/scLs8ZWxWM1G:Rs0liB6fAadxgQsK0rrPD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705278, "uuid": "35d843d1-f091-4281-a620-5d411f0030ff", "value": 10264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705278, "uuid": "1a075d85-9101-4784-b717-8a299c0a3ec0", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705278, "uuid": "c1d77bd0-6518-4dbd-9b42-e6a1c6b588d6", "value": "SecuriteInfo.com.HEUR.Trojan-Dropper.AndroidOS.Wroba.p.12809.25257", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6133d17-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689661022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661022, "uuid": "0326ba50-633f-48f4-82e8-358d49634d51", "comment": "Malware payload (AgentTesla)", "value": "3237ac71bbc1b1153dda35c76e1b80b8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661022, "uuid": "6b589553-dc1c-44f7-bc8d-f652a9093801", "comment": "Malware payload (AgentTesla)", "value": "b69fa87af7243d3e9bfdcbe659a0c03626ff00f327b0a5627cf2405ce78c3e12", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661022, "uuid": "759ec270-dc47-4c2e-998f-8b1c69da2b3d", "comment": "Malware payload (AgentTesla)", "value": "5740e1514f9b534e4d38d2229c15c2f474e5fabd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661022, "uuid": "c88d2334-79cf-4654-8671-b38f483aa449", "comment": "Malware payload (AgentTesla)", "value": "a5601aef58a0ef4390cfc269d3432b70ef12b64d85cdb8ad6558b931243e344b23ccb8dbab170e6d658494705a885dde", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661022, "uuid": "f18aaaeb-aafb-453a-87cf-1623d4ed086b", "value": "T1104412452FE4E567E6B217732D7C4F2723AAB53104A1774747602A5E3AB32B1AB0F312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661022, "uuid": "c4c14649-f00c-4c49-97f9-bc46d8e9fa50", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661022, "uuid": "cbefff4b-b8e9-49d1-872c-554af720f246", "value": "6144:/Ya62SvUCx4ThZ02EZ+kpwXAm0/mXr4roet5i9/BP1Q:/YQtZuFpwXAm5koet5mJtQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661022, "uuid": "d5a6232e-6324-4eb0-8513-dda097f4e435", "value": 272745, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661022, "uuid": "f15c86dd-b45f-4809-bc56-2c26fc61a32c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661022, "uuid": "5912ca7b-b34c-42d2-be47-4ff0089300a7", "value": "3237ac71bbc1b1153dda35c76e1b80b8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd92b21-256a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689684869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684869, "uuid": "5a630101-02e4-4f6d-bdec-b412bb66cb02", "comment": "Malware payload (RedLineStealer)", "value": "ea866afe65a766382b74e99544fda1af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684869, "uuid": "1b7f37ab-1b69-4d58-bd4e-eb27f39dfa95", "comment": "Malware payload (RedLineStealer)", "value": "b6a1f7a46ead00ddc8691bc83782d299934ef81a8dd9517d09aadd4296120ef3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684869, "uuid": "f642a5b8-a6ec-40eb-90bf-45a7a1891a53", "comment": "Malware payload (RedLineStealer)", "value": "e353434d52b387db73d30a426eee26990780d8ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684869, "uuid": "f90603f7-9f39-488f-b5dc-153f5f0c5314", "comment": "Malware payload (RedLineStealer)", "value": "88286186c7a6eeef8c031bb347ff3f61fa49a725695799dd505a3d4bdd2a20426577d308075c59db917829c540eca382", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684869, "uuid": "b02c2104-d273-4a07-8499-f43b92fe8ca7", "value": "T11BC4120667D820AAF4B643B5A9F2414749327C368F7997FF22C4D0BA1D23AC4A532F53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684869, "uuid": "17a86d54-f658-45f5-b91e-e66b424e4be8", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684869, "uuid": "b152c58c-9007-4597-8e99-925229aaa53e", "value": "12288:xiKy90SypyM6XGL2daGeamqbbtY/vluYmC/EOPvtyQIExve:xdy1yp7EkGyqbby/DmcEOPvEExve", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684869, "uuid": "2678086f-4882-47f2-b45c-1f2f84babae2", "value": 593408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684869, "uuid": "517bdf4a-724f-46d5-a853-761ece2362cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684869, "uuid": "eb7a1bf4-7c90-4737-af02-db4829933426", "value": "ea866afe65a766382b74e99544fda1af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92c4ab54-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1689686733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686733, "uuid": "552e91e4-ae5f-41e7-97d5-5f625896cd29", "comment": "Malware payload (Fabookie)", "value": "9a06e842181a3d49a3ecfe3777941c68", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686733, "uuid": "53b7cfca-3ef6-4f0e-a85d-5812fb52b2db", "comment": "Malware payload (Fabookie)", "value": "b7237c2cb72c7ad699a4877b44b212805a7c88282f06a5b879288051a45cac4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686733, "uuid": "4b16236d-cdf7-4798-b78d-cc5c6d0937a1", "comment": "Malware payload (Fabookie)", "value": "6ec5299c8fef8b31d8d60ba4337792c8e4e2b6ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686733, "uuid": "e43cf0a6-7248-4809-917c-2a4f5679a6aa", "comment": "Malware payload (Fabookie)", "value": "8c516addd0d0e032fa6bec76a4a698ca27627c13466aa9acc77250989007b2bb039151c89d13a980821be61e23c001a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686733, "uuid": "855dbf83-8ab4-4796-9f4c-20b9d1f881fc", "value": "T19F44BE2233E9C0F2D0A75A304571C7A26ABFBC72577585CB3758263E0EB06D16B78396", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686733, "uuid": "5e05ae2c-465f-4a4d-8f78-988873322df8", "value": "fea21946900c67709c480be544d07381", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686733, "uuid": "d310a8d7-ece4-4400-ab57-6ff57abb8816", "value": "3072:tJt3HwIy38838JnwvhTjjN9B3pTsB6nkBJa6nF4K+AuuIVUnY:13M38hwpVpAjnP2q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686733, "uuid": "713ed9d5-4d55-496a-bda3-d21afd65d165", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686733, "uuid": "6aa6fdad-d692-4408-8f60-931797276f29", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686733, "uuid": "aa6462a3-0a33-4003-8992-67d41be0b4c8", "value": "9a06e842181a3d49a3ecfe3777941c68.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa5ccd51-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WSHRAT)", "timestamp": 1689685618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685618, "uuid": "d105e98b-13ec-40ed-b227-01e802d6c5f9", "comment": "Malware payload (WSHRAT)", "value": "ab8fb67d6a83a17522570aa8a995dfab", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685618, "uuid": "da41a918-66b4-42fa-8d71-5d4bd9092362", "comment": "Malware payload (WSHRAT)", "value": "b74a0e8adc5f0681405c94a684d6b887fdc20cd6d198d069f0981d6ba7d658c6", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685618, "uuid": "b5c1f5a1-c810-41ff-a42e-7210d27934aa", "comment": "Malware payload (WSHRAT)", "value": "dd6915a56f453933511a30fc9d235e4c52393bb6", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685618, "uuid": "40b23f50-e522-4dbf-a955-437c8524fbc5", "comment": "Malware payload (WSHRAT)", "value": "45391f8c90bd67315c4e03fac8e7802694743a59a0383fd8b5486c0b6c0d09fee0faac93df1b9fcfff4c6f86dd8e4db2", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685618, "uuid": "211c5372-19cc-47bf-9450-e7dcf0787760", "value": "T1273558A92E81310EA775C320D3078606A96C7B47348725C569A09BCF7FD1F307EA5A9F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685618, "uuid": "75b836e6-a530-4018-8370-b7795786c1ec", "value": "3072:QQ34n7OrQn9IfjRbFo0ivJYmFyyUaKYCHc1I4Cb1ch:QQVo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685618, "uuid": "2c85692b-f936-45e6-a919-14ac9ddc2da7", "value": 1101920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685618, "uuid": "20598d5f-5c5c-41a5-b3b1-30655dd8fdf5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685618, "uuid": "a55496ba-4c42-4784-868f-be05acfa0121", "value": "Tax Returns of R58,765.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0fefcb8-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712124, "uuid": "60b07c13-7578-4d14-97f4-c1665a7650df", "comment": "Malware payload", "value": "878daa0df513668699b9178dfdec942b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712124, "uuid": "6eea91ff-b1fa-4a68-b18f-3b8669e4d6e3", "comment": "Malware payload", "value": "b9172b4c3dfd36865503114aa1c9f7e51c6c3b221e2e8e040f5bdb5df6291268", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712124, "uuid": "643b274e-4a37-424e-a12f-8688a9b296e6", "comment": "Malware payload", "value": "7da37418deff594fa2416304bb3d2cfb90d5061b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712124, "uuid": "3f9d1d1e-2da9-4dd2-973f-9cb36c3c25a4", "comment": "Malware payload", "value": "dbc010050bfaf343040c4a87593c0a12cdfb30bbb327bc79f4dc22b54e8fb2560839e761867f3b2cee5ff8046f84bc76", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712124, "uuid": "c1818ecc-c276-47f2-a123-ccd252aed2ab", "value": "T181328D0383A54A32F35802F917DBCD85DEA3A0308022969F1F03EA5DA4F17B2CD9F594", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712124, "uuid": "59c56748-c6ce-4407-a104-0786fd2765a3", "value": "87bed5a7cba00c7e1f4015f1bdae2183", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712124, "uuid": "4a8059c4-8716-48c9-99de-12be7d466504", "value": "192:ntuUXLGw1BxOMK9N99PhUCtc0hhIXQHQp:tfD1raawcs6gwp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712124, "uuid": "fa26ae63-2cad-4330-84ac-45275a01c3c4", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712124, "uuid": "92b446df-2d74-414a-b6ec-62a93fe138f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712124, "uuid": "a381c941-3223-45f2-9bae-ead8e665ae21", "value": "SecuriteInfo.com.HEUR.24003.28685", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "892cd1f2-2526-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689655793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689655793, "uuid": "a60bc8ba-2ae6-4c62-9857-aecb8ae17067", "comment": "Malware payload (DarkCloud)", "value": "6a3154595de5779cf6f0facb0c8c3cec", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689655793, "uuid": "18c4d2f6-7999-4f68-9b9c-f9121fd38bac", "comment": "Malware payload (DarkCloud)", "value": "b99842b985a6f2f3f6143250917607ccef271d03b631331fa498d7a2b1caa7a1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689655793, "uuid": "23bc7277-3e78-4ab6-8585-26270113c6e2", "comment": "Malware payload (DarkCloud)", "value": "352e285d044720c51b9eae39f8f70fba8b2d11fd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689655793, "uuid": "00d188de-ae42-4bfe-8c6a-686d11218c22", "comment": "Malware payload (DarkCloud)", "value": "40a63098fa1e1291350e31c1a1d8037e3739137a1aa2784f6bf3b0d42de9786b8874166018f38c37e76b47252d79ea8c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689655793, "uuid": "fc445b28-0b1f-4a65-8744-f4a2ed19a569", "value": "T1F9942264B351D4B3ED2A07763C615B5736CBE42245B4BB43278C5F0EBA36282DB0DBA4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689655793, "uuid": "93ce7148-b51c-4a1b-a674-c3a55f6b6e2a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689655793, "uuid": "c7370a43-1919-4125-9e9a-c1ef69b6971a", "value": "12288:vYyqocAaqRCT9ulR8RMnQ6YC61QtQHjUrud+lH8Q1omB6JqW:vYynpam09BRMjYC3Ql+lHv6mB6kW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689655793, "uuid": "48ad5bc7-4d20-49b4-a143-9bee7bc1d41e", "value": 419000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689655793, "uuid": "5ebbcf5c-1f40-426a-877a-7099fb5f075d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689655793, "uuid": "c01bff1c-7c8c-4825-8460-054e3543c168", "value": "6a3154595de5779cf6f0facb0c8c3cec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "133cc2ad-2539-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689663756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663756, "uuid": "c39353e0-fc78-4e3c-8ee0-8191cc8ac6dd", "comment": "Malware payload (AgentTesla)", "value": "0eae6f26aea2b99b0f211dabca8ffe0b", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663756, "uuid": "e556d3c6-e4dd-4e04-a9c7-4f815f3e7794", "comment": "Malware payload (AgentTesla)", "value": "baa16c9437752ee3fdabbf9362933f378f723d559269767cbb926303c120ee01", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663756, "uuid": "26086c94-6291-4c6f-8bf5-9fc3baa45509", "comment": "Malware payload (AgentTesla)", "value": "b4a4293333a01e934c511dc956f4036c9b99e738", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663756, "uuid": "c16cac3a-f0e0-4de0-814c-d7d4e099bb38", "comment": "Malware payload (AgentTesla)", "value": "accba334158413f68f40d7bac0711ace8ce4911e2cf30185e0b2437c2b310f24b7d61666808a4ea0f362b640290fae49", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663756, "uuid": "045d07e4-42b6-497f-bbe4-6024be9e1570", "value": "T112A423AEAD5BD366D747D0B037A5E1C4B1F28DD91032083F93F412F5AE1A76151AAF02", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663756, "uuid": "2af58331-df82-412e-92df-e30826c33662", "value": "12288:uff7cmIH/3UCVvkThqPbBhvpnAYVB0XWY:ufNIDJhRnlP0XWY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663756, "uuid": "e99d810f-9b50-41ef-9199-6898efdb4193", "value": 450527, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663756, "uuid": "ccd20f7a-494c-4935-82ca-565d2a5a3ea5", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663756, "uuid": "5cc9ea21-a747-4f49-b00f-32cd8abff0fc", "value": "Bank Slip Confirmation.7z.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb1972b5-2523-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689654669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654669, "uuid": "35d1ea6a-0cb9-446b-affa-cc1b54716a54", "comment": "Malware payload (Loki)", "value": "955c1b781bd31ce1e0f115ed235110b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654669, "uuid": "b444deb2-0e1f-41f7-b9f0-e9d071c274af", "comment": "Malware payload (Loki)", "value": "bcccc3dd621eaf3ef0fb11100aa38b53c4c891c7d95c1ce5553f3849ab6568fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654669, "uuid": "617600fe-a77c-4920-88ee-befb701c296d", "comment": "Malware payload (Loki)", "value": "13bedda84bbcf4715b682fbe6de8867e8529ca18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689654669, "uuid": "2e65513e-b1da-4f87-83a7-d6635e19557b", "comment": "Malware payload (Loki)", "value": "270bf47dfd0dd1c2ae41b3c8a9c76485d62e500ba548728d3750043e62fa17f16ca9e5733f2026f5705eb1767c145901", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654669, "uuid": "6c5633a0-9c61-4d1a-ac3b-52b97308e1a0", "value": "T1A6D4AD927ABA1D73CE7D04F9C0805A0483FD575A212FD3C91DC26CEAF1D5BE16A1A24B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654669, "uuid": "47a30471-5c55-4508-80bb-37b04d23e498", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654669, "uuid": "414cebb7-a492-4225-a425-19d656957597", "value": "12288:Ij5aBHpuNSzQhYJfb/WT4UkuZNNdLY8NUdq+nskLBlAG5A0L/hYC7A6NypLMON:i5aBHp2SzQ+JfzW/Z/BY8AqydZ5L/hYZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689654669, "uuid": "8720bf12-b6c7-432c-b68b-c190a2a60b6f", "value": 650752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689654669, "uuid": "e7b410a6-4b22-4df9-978b-d23878cd4466", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689654669, "uuid": "71b332af-75b1-43d4-ae32-726ff7ffc91e", "value": "SecuriteInfo.com.Variant.Lazy.353591.3103.13933", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e839dffa-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661106, "uuid": "fcdb7f39-08cd-442b-a09d-e2d9aa318765", "comment": "Malware payload (SnakeKeylogger)", "value": "8ecc3968cd65b69f9df3a1014d329871", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661106, "uuid": "41ed09ec-ff3b-4753-9ca5-8b7cda2e4dd1", "comment": "Malware payload (SnakeKeylogger)", "value": "bd4eb83d522fcc6d6cd86b5c3dd95b3aa94216ceb808676b4bdb41e3aad822ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661106, "uuid": "fd8f1a05-e947-4f43-8d62-f2917cf4f45b", "comment": "Malware payload (SnakeKeylogger)", "value": "1a2f285df6c6227da4ec40154e507eb505f0c0b1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661106, "uuid": "2b602581-d6f4-42d6-bc00-520c4fb4810c", "comment": "Malware payload (SnakeKeylogger)", "value": "ebbac87ed75f3cccce7bd894eeaf9ccf4e6261822b025822867002f534d41e2fd53a5135e44978b28cc0ebfbd14af525", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661106, "uuid": "515d6ee0-f1b0-4c81-b314-07ad9b17aee3", "value": "T186C42392A9DC522FC09D16F467A2DBB516120D8004EDC34E5ADBFD60F8D2B42E3E259B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661106, "uuid": "65bcafed-114f-4ec6-ba70-b5928de45d43", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661106, "uuid": "b633555c-1fe1-4344-aac6-c39deb02909c", "value": "12288:Ofb/WT4UkuZbknfh+r1sQVyp9XyQ1K+l7jH7F8JRmqgdb:OfzW/Zbk5wuQuX1hl777iTmq6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661106, "uuid": "2526de02-5343-4818-ac63-1daef421ad79", "value": 563712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661106, "uuid": "8c9a5a76-ed3c-41db-8125-ab6dcfd3f26c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661106, "uuid": "a2549c14-09ae-402c-a9dd-f77b773488ae", "value": "PAGO 69585.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7904e77b-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689662208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662208, "uuid": "58c4da38-730f-4afa-a451-71acde456aa8", "comment": "Malware payload (STRRAT)", "value": "1904ed0bd55ce5942ee95a85b55d2ef0", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662208, "uuid": "1f71c8b5-9899-45c7-a363-a785b020aff5", "comment": "Malware payload (STRRAT)", "value": "bd746671977b6b14234f2e00ab0a9c71e31f849a26a70a9266246e84bd83cc16", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662208, "uuid": "d633430a-b1bf-484f-ae9f-4cf5e93a87bf", "comment": "Malware payload (STRRAT)", "value": "65dd5b7c99f877aafc364a19ab6dc71ccefa1d4c", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662208, "uuid": "d392231e-8fc3-41fb-b450-748da7ef6909", "comment": "Malware payload (STRRAT)", "value": "48b347089e18dfe612aad3f993ae25986a4180c0212c7bfab667f9e732d35cd3ebb23ec1a68fcb3af81fda6869d28f9c", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662208, "uuid": "62e86fd4-6520-4f1a-b2e3-a39dce99ccde", "value": "T1F86301FD3A76E114F80761B7360064177B8A78CBEFA2A31795952D3D28B2C1F4B10BA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662208, "uuid": "7a322f2c-d1b4-49b7-b666-6c9d0806e69b", "value": "1536:cd0j310IG/I4jgOJqAvXIsHXupbilYXQr83Gvy0p:/3y/pjxp73uRillb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662208, "uuid": "24786527-0cf8-40ca-ac93-3ddb7c054252", "value": 72265, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662208, "uuid": "459b658e-9b8f-4b5b-bd67-906be29efdf0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662208, "uuid": "f21705f3-017b-412a-b16f-18c906b92fdc", "value": "Upit-za-ponudom.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5c632ce-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705287, "uuid": "d33aeaa7-f210-4108-bb42-a0936bcd6843", "comment": "Malware payload", "value": "82b268946a38d43664d092461d57a2d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705287, "uuid": "7137fc50-b23f-4788-9682-27a6f1523d07", "comment": "Malware payload", "value": "bda02aca6084288da4e4c4674b7b1733ff03056ec12836629201926e60df3ecd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705287, "uuid": "b42efb35-8d07-4e50-81a4-fc3b983db64e", "comment": "Malware payload", "value": "b70369dd3b3b2eb8976a7b4c01ed8f4cd5dd93bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705287, "uuid": "fd9cc142-2ab2-4b5d-a211-c441566650c0", "comment": "Malware payload", "value": "9ff792b239de35c365497ea55120da4f04b1b4fc140174921b2050480fcf28f11c45039d7d1ac573dae240ddf0c745d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705287, "uuid": "316b5415-c3dc-4a17-b3b9-ffa9dff1ef94", "value": "T12AC1D68B476445E7EB1CCFF01A778E0C8E341212025027B62B4BDEDACBB4B127853A8D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705287, "uuid": "50ff5d00-993d-487b-a62d-f3523040c4e2", "value": "f4982edbc6781a2fa569735f052b2b1b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705287, "uuid": "50234291-d0e8-418b-8622-dbdc4f8f051a", "value": "48:CWGIOujuDCXLX6OcerFZZfz9mfjhthFgkPmoyl1g4PzIM7/9pRuqS:5jvjXX9Xr/ZfxuPmoynvPzIMtx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705287, "uuid": "8cd43b83-efbd-453a-b461-2c311d78a2dd", "value": 6144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705287, "uuid": "247e4a45-3e0e-4156-aa9b-d3932d69b101", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705287, "uuid": "8f49ccad-70f6-4a34-859a-6b98226f242a", "value": "SecuriteInfo.com.Variant.Zusy.447813.24543.3663", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afb148e6-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712122, "uuid": "48ed8788-f5b0-4b56-989e-f049bc16cb48", "comment": "Malware payload", "value": "512bba855be076dcd77c38f019d16732", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712122, "uuid": "7c74804b-818c-47e1-9e7e-26df894aeda2", "comment": "Malware payload", "value": "be432835dbea024afc9bb287cae293b99d35ed5cdadb1ae1570aa48beb44e87d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712122, "uuid": "1fcdb312-5182-4339-a021-6edbd51aea77", "comment": "Malware payload", "value": "4bfbf747011adab2bbb438db641f87bc95f03ccb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712122, "uuid": "38396cab-13fd-4b4c-8be4-8b27d30c2b8c", "comment": "Malware payload", "value": "af8060cb49424062816a0fab903bc40146d2c7be5d7970a9f92494bdbdb3034c3198da49958793a38ca8a5b8566c37f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712122, "uuid": "9c05fc7c-d8cd-43b8-ad21-ad33e049ff03", "value": "T146A3F67E56E45131F1B29F7017B91ABC577ABD526D39E2CC9500F0BA1BF2AE0A920313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712122, "uuid": "bc56ab9c-f603-4e86-b268-57dff993887e", "value": "e6b81d8bed178e59226c6c6bb0ec9e23", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712122, "uuid": "1d56cb13-308a-4299-8e94-e9e46226a17d", "value": "1536:/XqVpLsOewQGjes7YCYG7OU/2mtRKllq0MFldpJDyXAwy:SVLvQGj78CYgOEyl0Jlw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712122, "uuid": "3c5ab9b6-c227-4371-b906-72b030ad7b9e", "value": 105984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712122, "uuid": "3c510f7d-c3f5-4f13-9a84-89f554c01f2d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712122, "uuid": "298aa456-a647-440e-b623-3a5b9e874998", "value": "SecuriteInfo.com.BScope.Trojan.Tiggre.28934.28427", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc7eea60-255d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689679528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679528, "uuid": "fa8b1da9-8f2a-4940-9bf8-dd988558c751", "comment": "Malware payload", "value": "b965ddb38af64d9232ee55c04676545c", "object_relation": "md5", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679528, "uuid": "efc84b9d-9fda-4726-bd40-3c2778958516", "comment": "Malware payload", "value": "be828ddf1e2a8c84f4198412ac0da20f387e2748009506439061d0f5b6acfdd8", "object_relation": "sha256", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679528, "uuid": "6a591e9c-d788-4589-b9a3-95be1989d753", "comment": "Malware payload", "value": "12b3b7b9ff68d1cb406f41cb352e8b82a01a7689", "object_relation": "sha1", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679528, "uuid": "80c1f897-2075-40cd-a953-467810a7ffe6", "comment": "Malware payload", "value": "877b976c5f8baecf89c41a5a8e2e1fb57ba7079d70279fdf4194280de9e16399ddb4c5755bfa2e7a261db83999463ab3", "object_relation": "sha3-384", "Tag": [ { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false }, { "name": "intellithinkhub", "colour": "#F99C3E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679528, "uuid": "a9d60722-3074-47f5-be95-7f40c8263841", "value": "T15646339A988F3D87E5359B5E314994C6FDEC6F58178A422BD7FB73C2248134CAC28427", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679528, "uuid": "8a2c63ef-8e9c-46e7-97bf-29dec8848d98", "value": "98304:ZWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD5v:ZWMyLOiv4GRemc6zEVtBt7Q65qqXxQ+U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679528, "uuid": "f58d5ba0-7176-4694-b841-e3e63a472384", "value": 5649920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679528, "uuid": "436e7336-ea8b-40fb-a01c-6970059b9c40", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679528, "uuid": "bb38b90f-aa08-4d46-971d-b6476b7b8cef", "value": "_8FBDABD546BBED09E82D6297AAD21501", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f7833d2-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689685654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685654, "uuid": "9aa0b43d-4603-4a68-aec1-a8e67401950d", "comment": "Malware payload", "value": "3e61aca9af54b1264637b745135ed107", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685654, "uuid": "f3bf4690-1a3d-44f3-898e-6edb704717c7", "comment": "Malware payload", "value": "bfa79dc913e0b0f3badbff43743f7e694541160a3f2638406e346fddf12a8cd6", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685654, "uuid": "6983ed1d-9787-4499-8bb3-7cd6a83f6978", "comment": "Malware payload", "value": "9255c38bf09a94ca426178522a8c508b7452649b", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685654, "uuid": "6c29fad7-a142-4038-86c9-46f1cfddd1e7", "comment": "Malware payload", "value": "1458ff65ffe5d2e84caec5e7f9e52ed5eb43a5f79b9c2592ea5f802d50f817070ace9390f326b53d5ac80b8b50ac359f", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685654, "uuid": "88018c1b-8ea1-43b6-89b5-dec16809260a", "value": "T11363A362B7E6CD52D66507364CF2D3B66B32FC465E72830B3284F31E2FB1A909D12252", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685654, "uuid": "91286b19-e4f6-4242-8103-016979a6f7b1", "value": "1536:qfZ+RwPONXoRjDhIcp0fDlaGGx+cL/W3lWM2hrNttAUlyrW7:qfZ+RwPONXoRjDhIcp0fDlaGGx+cL/WG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685654, "uuid": "f25a0199-b981-46ee-a137-198694a3821a", "value": 68608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685654, "uuid": "6412625c-64c4-43c0-bbe3-2d2fff0ee22d", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685654, "uuid": "32702338-aea1-4971-b99f-f4a0ba237dd5", "value": "8C3245A6_3e61aca9af54b1264637b745135ed107.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcc0712e-256a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689685139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685139, "uuid": "d13e0635-4ecd-4c99-a028-99a65508805b", "comment": "Malware payload (CustomerLoader)", "value": "c5f8c4c788e5609886255ebb98005ef4", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685139, "uuid": "1aa31a06-edf1-4f6d-8cb0-d16912d9aa2d", "comment": "Malware payload (CustomerLoader)", "value": "bfaf95fc7c62311c327097888ee85ae1979ba74ea93090368977674c420516d8", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685139, "uuid": "b951ce2d-b3ff-473a-a623-c8fd9f6c0759", "comment": "Malware payload (CustomerLoader)", "value": "d984aee223e3939a337e88ba8ae91db5a85539be", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685139, "uuid": "40be969e-f2da-408e-8d2f-114601d9c539", "comment": "Malware payload (CustomerLoader)", "value": "a8c20ff0e266ec0c8f03f0dda04c172c17eb127873db21349d5716bf58e9b23f2762f8edbd479c226cefadbc1811a0ca", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685139, "uuid": "4cc6ecfd-ea80-4493-a385-bcf7eacbc669", "value": "T197438D0827AEC15AE1A606B4CC51C3F127F92E572D97EF1BABC87E4B7C07640BA06165", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685139, "uuid": "dde69986-9b80-46f9-be88-129ecd50820d", "value": "768:WlnUOicO+ML3M2F7Tllmu24Ra2DovIieNhIPVQPan8MF17TxfHIIIFPg:X+Mw2JTll92m7ov0oWvk7TxfHIIIFPg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685139, "uuid": "b0abc39d-3e4a-4da1-8d16-ea713a86ff9c", "value": 55808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685139, "uuid": "369fcce1-65da-494e-9913-2a7179937539", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685139, "uuid": "2c8fef33-006d-4ffb-81c8-b2609d590ee4", "value": "rRFQ4200320466_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0db3d0a-2512-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689647297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647297, "uuid": "d1c52099-26d3-4397-8f67-127c6509aaf4", "comment": "Malware payload", "value": "93b78008b5703dacc28af8eeb6bf1ca5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647297, "uuid": "ef4faefb-5968-4076-a521-754f3c6ae74b", "comment": "Malware payload", "value": "c1740d285242accbfca9ed40659b5d6325d7960da03577f348b9a15eae76bd30", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647297, "uuid": "802474e1-3e69-4bf6-86a5-6fb0b5172069", "comment": "Malware payload", "value": "1c81ddb591102733136b2b16c4fabf406fe4cadc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647297, "uuid": "34936677-34f4-425d-888f-b4dec71af62d", "comment": "Malware payload", "value": "25b2c14e02ff50818f363450e2461b892b1344c3158bef5c3067f4920751f0f5910857f50419155703b6f9f990a86dc8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647297, "uuid": "6418d4a7-38b6-49ff-855f-392092138e79", "value": "T19D326C3EE35745A6EF7A0E7E95AFE86D05392221078C0AD3835740099E84AE3F6717C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647297, "uuid": "6aa5a3bb-ed9b-4971-b6fb-a7ca82db670c", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647297, "uuid": "387f51ab-de7c-4467-b882-1168d7bc9f9a", "value": "192:9IZ7OPTGdoTtXiA3fV+5t/hNRDIzjjdGZEnuQC+E:9K7YeoTtBN8RajjmGuQC+E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689647297, "uuid": "d80660ae-37cc-4723-b565-07cdf9c09b05", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689647297, "uuid": "d4ff630a-bc1a-48d7-9833-e17175e73157", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647297, "uuid": "970fb846-5e2e-422e-9ca9-630fcc55ce09", "value": "SecuriteInfo.com.Win32.InjectorX-gen.17121.29258", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d37d4f51-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685553, "uuid": "98ca4a0a-255b-4e49-ac64-2bb2f1976231", "comment": "Malware payload (AgentTesla)", "value": "730041eb0f81098b8da5228bedd17a82", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685553, "uuid": "38ee4b41-188c-4e32-b7fe-11a8de34bb78", "comment": "Malware payload (AgentTesla)", "value": "c1a9f1091c27198c7ff349c330a6db20e50ca2c2e7c67986cc6f646b736bfb61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685553, "uuid": "3e6f2bb9-f12d-4c9c-b34e-d54a54fd277f", "comment": "Malware payload (AgentTesla)", "value": "f869873a37ddae8ada58083ceb2de16ab312e250", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685553, "uuid": "5fe91ff1-69d6-4e13-87da-9a97bf5de23e", "comment": "Malware payload (AgentTesla)", "value": "3ccaacdf4d6f3f4c2210fe66357ab5c164f0fcef1c30d2a01ba718c516a4e4e84cd65e7d788049addfbc50eb2a374ad7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685553, "uuid": "b6701256-c498-4cd5-9d48-3a16aa2ebcc7", "value": "T1E5038E5AE39F02648F511277171B0E89AABDB23EB351557174AC833433EDC3E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685553, "uuid": "9ec78f88-cf20-4e69-9001-e03178362b65", "value": "768:EFx0XaIsnPRIa4fwJMCFkNniNEH06zUFT1M0OOv:Ef0Xvx3EMYkNiNEH0iUFTi0OK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685553, "uuid": "d171e694-289c-4116-b8f4-85fb8450673d", "value": 40815, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685553, "uuid": "286e0352-0cf4-4109-88cb-888dd3a2fb4b", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685553, "uuid": "b2ce977c-21c9-403a-873c-5a92d4ecb0b2", "value": "730041eb0f81098b8da5228bedd17a82.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d899430f-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689698017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698017, "uuid": "f2e4f860-07d6-4ffa-aa1a-a24dba32d159", "comment": "Malware payload", "value": "c74b706ecaa058e6e71e7b4b64dff9df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698017, "uuid": "37d3f6ef-440f-4f6a-906a-fe30f9b9b93c", "comment": "Malware payload", "value": "c2520a713db1ddda557dc6d4ace41e12d02bde143df9275e5fcc48a0fea8a21f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698017, "uuid": "0066f7e5-b1bd-4f8d-8c6e-55beee64c1ee", "comment": "Malware payload", "value": "5fa641b867716e397c449a7eeae77e37a0c8c804", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698017, "uuid": "a5d6efb0-6dbc-4c15-9124-fb083c154766", "comment": "Malware payload", "value": "76001ec9eed9210aabd2f9d59643ad08c5d199fb837570d0df5644725263a965a5ba2c053d17e068509c848b05c7b1d4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698017, "uuid": "24721efe-041a-4b5c-ab8a-36ecb1209925", "value": "T1F9A6333936B9DC92D1F490758B69E77715B5AD8003212B1631EBDF8FF805AA23F39209", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698017, "uuid": "b9d4fc28-13a4-4551-ae83-0c47b992ecc0", "value": "35a81d16af9f2ba6d515f11152d0364b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698017, "uuid": "028d7c8d-16c7-46da-b567-f10d269da71b", "value": "196608:1eEh/wahCzMraCScy0AP9juUvsIsbr2wSPjxcntvAa9VkGhAUCc:1eEx/hwMLzwaUvIrkPafkGhn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689698017, "uuid": "982a2512-2813-49ad-bea6-c44b57cc1fb3", "value": 9664176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689698017, "uuid": "5121351b-18f1-40d6-953b-dc88ec3b1ae9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698017, "uuid": "8d28af8e-c4cf-40cc-9131-0c23d649963c", "value": "SecuriteInfo.com.Trojan.GenericKD.68233246.21856.32145", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4323430d-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689662118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662118, "uuid": "167b6ae3-24b5-43f3-8228-434c3c6ed0d9", "comment": "Malware payload (GuLoader)", "value": "23b53c5a46edb96074fa72673a13b94f", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662118, "uuid": "df07d766-bbea-4cd8-aa6c-a24bfa655097", "comment": "Malware payload (GuLoader)", "value": "c3b8c2966ebf82260e14bc0d95b2223dcdfef62c1e7fe0e92aafffa05e4b695f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662118, "uuid": "71f6a3ac-aa48-467a-886d-8f6a662b29d4", "comment": "Malware payload (GuLoader)", "value": "2df91abe31779634ba2809a2ff1953b279214b70", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662118, "uuid": "62336af9-5b9b-454b-bffd-92d0fa5b86f3", "comment": "Malware payload (GuLoader)", "value": "bddfe3a38640aafd7969205ebd5fb7954bc322f46e3885ffcd40371df1d0b55a5d0736bbedb205c0e28762c9a1e93c28", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662118, "uuid": "f7ce77fb-b283-42ae-b2aa-8926f9e30254", "value": "T191D46C162FC8D813C3A225749641D27ED33ADC390A05A6C5DFEA7DAF71B4AA5DC4B203", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662118, "uuid": "0f4db86f-438b-4e88-b1f0-c1e8e74754f4", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662118, "uuid": "090e2a27-eed3-4e3d-861a-9229aebe7444", "value": "6144:oDX6o9FL7SV8ccs0KyrEtMGTLLzxB0TzvZxTNwfY4GXr2S/Pid2zk87bdW2+I7kW:D9LfcTzxfw1Arm+kUF+ek3e4lUbUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662118, "uuid": "65293e5b-98a4-4f44-acef-527a521f8fea", "value": 643141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662118, "uuid": "d45541f3-a053-4af2-9634-324bb4d425a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662118, "uuid": "642b623f-95ff-4cca-a8a6-1878e24d945b", "value": "DHL-Shipment-AWL-0010993954-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b35c6507-25b3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689716423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689716423, "uuid": "a15b1e33-ae91-447b-983c-556fc26c8cc0", "comment": "Malware payload", "value": "1799bba80dc6812676ad149e1003dc1a", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689716423, "uuid": "1f1e5392-57cb-4151-a5e5-8cc547ae8f24", "comment": "Malware payload", "value": "c480fbd55803cc86541daaf866e50dd4746585c7c5ae2508fc5d1008177b1820", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689716423, "uuid": "a6425ce2-ef67-4298-ba83-34b664599b12", "comment": "Malware payload", "value": "539093386219378926598b32841e5bb964081eb6", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689716423, "uuid": "ac53cde2-a8b8-422f-a9c6-af6e94f159aa", "comment": "Malware payload", "value": "67152dfcb02538414fd8d560dc78b2874fb023bed8846685ee3966fadf543c1250fd38a7d692595b6b1e6c18a17a2283", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689716423, "uuid": "5dd721de-ef72-46c0-8a9a-cd71129ace09", "value": "T15713FD2B76AD5301062E66F3FE1E968CE701807C114746E8313CD79D3B2A92B5B69EF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689716423, "uuid": "d93fb780-2565-46c7-8267-702e61d47a09", "value": "384:nV7s5Z7ty5OH78srd1EdovcF4KwKIHV37o2DgDmaKiml6OkxL0M/ImLB11zghqN6:V7Owod1HvbGKE08HbjdHpe1Gn7BGnbj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689716423, "uuid": "4c4c409a-ebbd-470a-a402-7329a1024749", "value": 45326, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689716423, "uuid": "c699a56e-e502-4ecb-b2f3-c67cedce5c0b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689716423, "uuid": "b8bba8df-a29f-4607-aac9-65ea1044c151", "value": "INV-Details-Jul2023.pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f675f20-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689685761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685761, "uuid": "2cb9751b-d636-4f24-b8df-13d127a33e8c", "comment": "Malware payload (GuLoader)", "value": "47ecc41063372ace1e3e53fda5673132", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685761, "uuid": "5c3b8ebf-b100-4390-b2e2-991090ea4483", "comment": "Malware payload (GuLoader)", "value": "c551230f0d09e43c5a1ae8e1f33f057a6ce56a7d81c32b495900ec0a85c53bee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685761, "uuid": "8396267d-594c-4ebb-bc14-dd4c45cf8436", "comment": "Malware payload (GuLoader)", "value": "c5be7282a111eec6e7083a9478b6ba67cce67158", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685761, "uuid": "c9b7c329-6fe5-4ed2-b19c-2f01e72533ef", "comment": "Malware payload (GuLoader)", "value": "7a243f1e4a72c1b7cfe571436da47a8836db863541af6999dbfd2fb8861dbc213eaa56c72fb9c3ed3582e57aee419c7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685761, "uuid": "d5f3223e-be24-4c01-a131-c49a012070bc", "value": "T145F302163BD1D0F7DFB605302EF62D4AABF1921624A2971B5B800F957E366E3A41F183", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685761, "uuid": "f640e0e9-00d7-4150-bfd7-00b19cd30ef0", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685761, "uuid": "fe104127-605f-4eae-b6e5-c464214f032a", "value": "3072:+NzPHk9MpcQbqJSY6fqxA/S9lT0ew8q/RSh1c+44jRmm25yq73abrQGWBncl7z3f:+hRFqIY66y4T0ew8xpjRmm2I6abbKls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685761, "uuid": "46c09ff4-7d0f-4d84-a0cc-a66b269c834e", "value": 167746, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685761, "uuid": "4b389e77-e394-4cdd-842d-a697f646126e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685761, "uuid": "b428dc76-bf07-4ac9-aa75-c0e7e067bda8", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afaae242-2580-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694512, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694512, "uuid": "8b81cbcc-b436-49fd-bc8c-9bd8b3ad51e9", "comment": "Malware payload", "value": "ebdf63663754592f28efe12b66e4403e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694512, "uuid": "b45a5dcf-81fe-42e4-a113-c2b5242fb2cd", "comment": "Malware payload", "value": "c7c4b0c69bd01cf86671aa0e5d21f55fbce0a556f2bf4ad1355d4b7abf15f625", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694512, "uuid": "0070785f-f6bc-405a-845a-b4d54b0305e5", "comment": "Malware payload", "value": "35762a3df57d33000a1a5942652a01daf8bd3438", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694512, "uuid": "598b807e-4602-4617-bca8-08098f3c4936", "comment": "Malware payload", "value": "168efa776fe29e2f8ad7b103f1611f180355b30bb93ef245f291ba5657d4121fa15c4649ba7be12f25255013b2799ea9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694512, "uuid": "e7b25614-20f2-42b8-a986-9d8f16b675bd", "value": "T14A337D457660C073D5AA023969AD8A220A7FBC625BF894C73FEE120D5EB05D07B3D397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694512, "uuid": "85c99e1d-d601-430f-b912-778f75a52a96", "value": "90c2b41dbc64bf3f152f09646916224d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694512, "uuid": "bb85583a-01fd-454a-8741-1f38dbf4d375", "value": "768:BRLLCXGDQAvid196NInRvYgpbYTCEbNWANKFXs4yxdjnTtB6hZK+C+hLg:BJCG0A9aRYg0AXs7nTtBGIB+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694512, "uuid": "93db1c8d-dfa4-4db8-8773-1407576f8876", "value": 52224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694512, "uuid": "54125cab-ae54-4319-a9f6-b8a77cea2706", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694512, "uuid": "05d52bbf-0f00-407f-845a-299eb2219665", "value": "SecuriteInfo.com.Win32.TrojanX-gen.8592.19999", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f68131ef-256f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Phonk)", "timestamp": 1689687330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687330, "uuid": "27948d15-3212-48cd-a841-2a92b6341537", "comment": "Malware payload (Phonk)", "value": "c95e304e66d37ee0885aac25d5048de0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687330, "uuid": "6b443342-c062-4d4e-bfbe-e8df3a0e488f", "comment": "Malware payload (Phonk)", "value": "c7c7c74f5db7cc59903a4a0fe446dc77ddd5589308c8e4d0ffd63d89b285040f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687330, "uuid": "5c83baeb-7292-48e2-9237-c15d408002f2", "comment": "Malware payload (Phonk)", "value": "c9777a8bb8351f7ff89d363ae5c786f806c2ced7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687330, "uuid": "3bab8ad2-189d-4961-87a0-31d5c5bc324a", "comment": "Malware payload (Phonk)", "value": "eb526e595ba6dd50cc027d17cde9f4bcaf465355654c8c0a56701d1dc19fadee480728d175818e93692627667c11087e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687330, "uuid": "21199102-0de0-4249-859e-3361aa3973cf", "value": "T1C265E55439424862CD7D12F2DB6FC65C6B509D222B1CDCAF25937BCEEB2D1C3A94E182", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687330, "uuid": "2c61bf96-65ed-480d-af9a-15ec57185cf4", "value": "12288:IiN/1LtIiCUZi4GKZ1v0/tkwJ3cKiiznVznf/HCovHhRE5MEl1sEp4bk9S871aQG:lt01PKZFqLXCo0HlDuk9tdrivKc4oyt2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689687330, "uuid": "dbe85386-9758-4098-9f0c-1bb80124227b", "value": 1526912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689687330, "uuid": "f75d5fde-4c4f-4299-84bd-bacab92f24cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687330, "uuid": "2d720428-b800-4a49-b896-a08372e769ee", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78ae2620-2550-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689673804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673804, "uuid": "bf729742-3b3e-4e82-b071-8503e21ac207", "comment": "Malware payload (AZORult)", "value": "5a44b50b3e3c0dff6873360be4bb3fb0", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673804, "uuid": "657cd29a-c524-4c59-97c2-e1dd09524624", "comment": "Malware payload (AZORult)", "value": "c828cbb41945322c3294bd70c8c6423ae001604c3fa725422d0de59dd7e653b7", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673804, "uuid": "54dd2e67-7e42-4c3f-b5d8-4df8a2bbd58c", "comment": "Malware payload (AZORult)", "value": "ee0c582eaa44a1f710f99766fcaaed2860f0ea6c", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673804, "uuid": "199601af-2d51-47e5-a9f0-ed83adcb9908", "comment": "Malware payload (AZORult)", "value": "7475861e417f41b0fef4c6c8c18f1e85ec06d75bcbf6fa9d7360296207c5b0ae617ab2e5e7d865ee8eb6d992140e9d71", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673804, "uuid": "37200939-0611-497c-9edd-e6b14a15be18", "value": "T114F301653AD0E0F7CFA782311F369B6AE7F7862921460A4B57705D85B1F31C25E2E2C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673804, "uuid": "4ea8a0aa-7a73-4d49-877f-d57723479b2e", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673804, "uuid": "828fb998-496c-4475-a326-f31068838ba6", "value": "3072:+NzPHk9MpcQbM7pfJPDd3SFTb2v68yAuOFobuIfaK/yjwx2eVR:+hRFipf1DUF32CEkaUamy424", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689673804, "uuid": "a5e6869c-0701-40d0-aaf7-2a0e912e431c", "value": 168150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689673804, "uuid": "ed9a069d-1ee5-4e6a-b5d7-f2218b436012", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673804, "uuid": "900b2228-3865-401e-a22e-708ce34d30ce", "value": "BS014701-Docs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5779323a-257d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689693076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693076, "uuid": "ad326206-7e2d-4baa-ad0e-9ef5e1dc82a7", "comment": "Malware payload (RedLineStealer)", "value": "69bbe9b13a4066855382c3144ad938aa", "object_relation": "md5", "Tag": [ { "name": "charlie", "colour": "#1C989A", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693076, "uuid": "7b04b5f7-05ec-40fd-bd43-436ba0604868", "comment": "Malware payload (RedLineStealer)", "value": "c87d1c5f947bd3245fa0e64cf0c64e65806547dc844c3039cfe6998d1574e5db", "object_relation": "sha256", "Tag": [ { "name": "charlie", "colour": "#1C989A", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693076, "uuid": "8a3d98a7-cd71-4809-8af7-d29ef19d73a1", "comment": "Malware payload (RedLineStealer)", "value": "9f47bddfffb6c83cde1dc3668772a4c5e409dbd8", "object_relation": "sha1", "Tag": [ { "name": "charlie", "colour": "#1C989A", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689693076, "uuid": "39612994-91e8-4ef6-9831-e7c57367cfd6", "comment": "Malware payload (RedLineStealer)", "value": "be8fbe01840f7e21b9fb6f71bd36227c69a124f195b6ed6d691578387ab6c2958c3585ee34844d0ec849aa0ac8a0b593", "object_relation": "sha3-384", "Tag": [ { "name": "charlie", "colour": "#1C989A", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693076, "uuid": "c53c2277-2d63-42c5-94cb-29b3b9bfa393", "value": "T19B1533FF8342E542EC7707F84312EC9569D741E1D7A9852D7E2B1CDB27A31E5D8A0A08", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693076, "uuid": "69a58a05-cef3-4521-bac6-b323c6dc4811", "value": "24576:cCgQy/Mw4ZhNoQQYoYNnm3zlrvTh109r5D96w:cCgQyJ4ZhOQNIrvY9b6w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689693076, "uuid": "23b492aa-56bd-49a6-8f33-6d2c59c8d058", "value": 920957, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689693076, "uuid": "8b518c7b-ac77-4145-b777-bac101c545ea", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689693076, "uuid": "3d1d5b7c-6cbf-4e45-92a3-3d51ad42b903", "value": "FzLiiWr.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "961ae2d1-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680296, "uuid": "d6db24bb-a0f8-4a6d-aa2a-9168a1e354b1", "comment": "Malware payload (Loki)", "value": "ea1faf5523c76af6706f84401b9809c0", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680296, "uuid": "8789dd81-5087-47fb-8b6f-1f03f0c3d652", "comment": "Malware payload (Loki)", "value": "c99dd5534b0e39167b1e995ab122665560815fa208ae07450564d82cc7b46860", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680296, "uuid": "5c9e525a-545f-47e8-b0f2-db02cdae6828", "comment": "Malware payload (Loki)", "value": "3853fd3ecd73ad6a419211d257fe9b92be8f58a7", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680296, "uuid": "8cf7d60f-9d61-41e1-9020-a5f759b8c086", "comment": "Malware payload (Loki)", "value": "38ed0129c7857c26e63931fce6c2a64630a37be123a92b3eec63e21cd87b4dc84746510b158126cf68351c6d3272d7f1", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680296, "uuid": "56837565-1b74-442d-ae8e-775e72a3e113", "value": "T1841533FF46526245EB21DA31117045BB2FA8D38E44877D33AA13BA6283F2955DF3A0C9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680296, "uuid": "8e59ee78-290c-4b14-9130-0559e7d082b3", "value": "24576:+mvS9g80c4ndQBUTjqaP3GH8p1LZjT/qs94/cRhnS:+mO5BGdQKN3pLZjT/qsXS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680296, "uuid": "edc60c6b-520e-44ae-a0e8-8b0ded04bf8f", "value": 890044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680296, "uuid": "ce9f12da-0bc6-41d1-8487-5bdaca882212", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680296, "uuid": "363143b5-7902-4b60-b7dd-a42e22b50eda", "value": "facturas y datos bancarios...xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29f80427-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684410, "uuid": "14c124c4-6abd-4f7f-a68d-fb920b17af5f", "comment": "Malware payload (SnakeKeylogger)", "value": "7ec449704168846bcc6fdb466409ba31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684410, "uuid": "b307ca25-205a-4cb2-9afa-9d99255c660a", "comment": "Malware payload (SnakeKeylogger)", "value": "cacc7162b9c5dacdd807215b37e7a0325c8d98de656b5845dc69d4cc467b0ab7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684410, "uuid": "0744e9f2-5b59-47ca-aa3f-77af8b00ff00", "comment": "Malware payload (SnakeKeylogger)", "value": "8d976bdbe34abe5bc2f2e681402226abdeddc5f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684410, "uuid": "a67f6e38-6279-44bc-bc16-d4749042faa1", "comment": "Malware payload (SnakeKeylogger)", "value": "4ba3459a7876eecb760d684a6c811cb947d63edeaca5b109dcfe383a6350735e612a6b1549f236ac6c85aef8392d4cfa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684410, "uuid": "93928a18-191e-4f83-9ffa-33216e482b09", "value": "T1C7F4B537BE9687E2E25D1736D6AB4804C7A0ED83732BD71B794E339605433EA9C4160B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684410, "uuid": "7455cf33-e342-48eb-ab0e-1da1b6122008", "value": "12288:RDQzYLnMjO9VcKeuwVdn+Hx72AZUB8sQok7Qre1ttJ1wf:RDiAMjScKeuqnA72AZUKz/HA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684410, "uuid": "9e94fe3c-9780-4bc7-a8e9-7e1fc2def290", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684410, "uuid": "be020587-359f-4da8-ac27-d6ab2d4f037f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684410, "uuid": "fbdebef1-1621-46ef-b0cc-5733e67221e2", "value": "Haopelehp.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "021ef617-2580-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stop)", "timestamp": 1689694221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694221, "uuid": "9d72195e-18cf-4bea-b18b-ba2fbae63735", "comment": "Malware payload (Stop)", "value": "1a50136e5f6948d64cce40cba8fc0d88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694221, "uuid": "7b311302-1efb-48da-a616-1fad1a077c54", "comment": "Malware payload (Stop)", "value": "cb8f8ae7e59b790be9d1f5471a54742917d54699952dcb8d5f3d3e2e8d3c8e12", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694221, "uuid": "01dea5e0-da0a-4f98-9b4a-c977375cc8c2", "comment": "Malware payload (Stop)", "value": "f913bcf45c00212ee7a52cd01d55fd43ffca802b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694221, "uuid": "3d89ac5e-e4fe-4c76-8ef6-8d47338b2e05", "comment": "Malware payload (Stop)", "value": "aa97c3fb978bf536d5e1b5f4293f08667864b2fb494be50d6253dad2b717a188a78823e2b456def5ee7c8ac1375ae772", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694221, "uuid": "9e307b22-2035-41d8-9acb-021cf93e5ae8", "value": "T16505E10393E1BD40F9168B729E1FC6E8B65EF6508F5E7BBD22189A1F18B1172C163712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694221, "uuid": "8cc5c021-a079-42a2-a493-9627aa38d5f0", "value": "2a3a93b2b6b38765ba5a38d019695eff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694221, "uuid": "b38116d4-167b-4d03-8c86-4a7e41d02bae", "value": "12288:FTGKA+B/awZMt/DPjCX5i9q1OVhVESyo3y7y1YPDVLdvM:lNRy/DjC6hPPaEY7VLdk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694221, "uuid": "bcfb1bc1-d27a-4d8d-8eab-fbc90aec3900", "value": 846336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694221, "uuid": "07ae69cd-9ed0-4fa4-ae81-e39d8a9026b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694221, "uuid": "e2866fba-6ae4-4ac0-b9bc-85b3a3d3c06a", "value": "97B4.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7a02c44-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705290, "uuid": "4bf77d9d-7d57-433c-aefa-26b888fd0feb", "comment": "Malware payload", "value": "a72c1f4bcdfc9de7e0b7df0ff50cb067", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705290, "uuid": "5ab8a355-cf7d-48ac-8844-df91552c2989", "comment": "Malware payload", "value": "cba5b5ff4eb593a4a5fdacc5bb628f96b0896e541dcfc3735abbd671322b2480", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705290, "uuid": "be2acbde-7828-419f-98fc-49437902fa9a", "comment": "Malware payload", "value": "cffc58bd0c9caad8c72924f09743491f3940dfb5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705290, "uuid": "e77a85c8-7445-4213-8146-8339e5bd332f", "comment": "Malware payload", "value": "302bde4d69b24fb8e560d971099e9b461c1a857f318c50a6269a974f67b004d11c3b7e0436a275b48ce00eb5b34ebe98", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705290, "uuid": "a00a7afa-e481-4883-848a-9d9ce66d175d", "value": "T135137163E601EAA2E1C1637324778775562CF2312B16AB83EFD97AF40D032879179D9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705290, "uuid": "13ae494a-c049-49f6-b268-a391850f86fa", "value": "768:bDeIPCpmQoBoo7YWsqB7iR9CHwj2mOuZRouaeAd12gDYbRWtUxXwdHgl1kY8Ahaq:2Uex/Xyc+cfooan1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705290, "uuid": "eb34c26c-3854-47a0-a4a5-565fa9510079", "value": 42208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705290, "uuid": "62312e56-a371-4c39-9a49-d0fef36e2576", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705290, "uuid": "3a4ac2ad-9e28-45ea-ab8f-1692fea7a743", "value": "SecuriteInfo.com.Trojan-Dropper.AndroidOS.Agent.5729.14261", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "770881b4-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662635, "uuid": "ffb47a7a-d9cf-43e8-9f2d-4fef910b1c88", "comment": "Malware payload (AgentTesla)", "value": "e5e451cad7fdc03b39aa47a9a2b7ed91", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662635, "uuid": "0b0caa21-e480-4855-a093-62caa5c96ff0", "comment": "Malware payload (AgentTesla)", "value": "cc2e949db82610bc2e8238736d3a78d42c0977573ca5a5f81cec4b593bd1e62f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662635, "uuid": "bac481ec-1ee7-4f8b-991b-e67c544bfa07", "comment": "Malware payload (AgentTesla)", "value": "7cc1198c8d355eacd7a8a5c2137dccfe937f9937", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662635, "uuid": "b35f11e5-82ee-44c7-bf83-b2f0e806517d", "comment": "Malware payload (AgentTesla)", "value": "48448a0e3c505aaf1103a9ed3ba173c6e348cc7045721d2620b64aca52aa6467f1aad9a06cf61df3561e92fbeed27c33", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662635, "uuid": "e0449031-b96a-4a6e-9a1f-17f3c31678dd", "value": "T1B2D423A8E1EC123BD3E597B84A3AB31429B08FC11070C69C8F4EAC8979C6FD5574B765", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662635, "uuid": "7b96f406-fd0c-4aae-bd0c-0d71cf56b0c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662635, "uuid": "0732206d-b16f-4be0-8039-48db5cb034a9", "value": "12288:Vfb/WT4UkuZb4X9bx9DvJmqYjeMsrki1kfIQschsruOI:VfzW/ZbE9bxuU9rkfwC6I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662635, "uuid": "b12fe9e1-a632-4b68-b815-4862d7c0a7d3", "value": 602624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662635, "uuid": "926b9666-dbdf-4843-825f-547fe35d8b41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662635, "uuid": "22981efc-e290-411d-9380-878a87107886", "value": "PO 0130717.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9e7ae45-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686450, "uuid": "d036955a-40a3-477e-ad6d-164a3028a06e", "comment": "Malware payload (AgentTesla)", "value": "8dc598efe0daa12e88e00cc725c0642f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686450, "uuid": "5abb08ab-4ba7-462e-a528-eed8fd0b7238", "comment": "Malware payload (AgentTesla)", "value": "cc4fdb08add53fb88359e79433559140f40f61edd79058e62a83a7ae1761093a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686450, "uuid": "c7c7c17a-1de4-42a1-afac-18c1118ce3ba", "comment": "Malware payload (AgentTesla)", "value": "7ef0a69812d3c4ddcaad4cda1fb631d523a85bd8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686450, "uuid": "00ab84aa-6276-44da-98a7-838a96dabff5", "comment": "Malware payload (AgentTesla)", "value": "db07569fdce5d51d1494f9ba1c6cc8d0dc2a1315914eda6d719ac279cc8c6114a0b05f0b967b837467a1a60108c8c706", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686450, "uuid": "aa02dac3-a94c-4732-97cf-7a9d331981a8", "value": "T124D423D37A4C832FD5E901749A75EB4010362F9044BEC36D9F4DBE49B9ABB0462461FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686450, "uuid": "a331ea96-f53f-4a04-9150-70de5e190c37", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686450, "uuid": "2660f4f0-ae36-4d92-8744-73cc2f76d57e", "value": "12288:kfb/WT4UkuZbaXg2OXZz2y457D4lP7gs9sUMEXGHP7U:kfzW/ZbaXg2OJzf4hEEcsFE+PQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686450, "uuid": "a692b219-c46e-48fd-aa92-88fc7704cbea", "value": 602624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686450, "uuid": "a984fb04-0185-4123-9de6-4893385be002", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686450, "uuid": "ea8ab0b5-ede0-4647-a7c3-fc912496737d", "value": "8dc598efe0daa12e88e00cc725c0642f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7144cce-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689672620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672620, "uuid": "4849002c-8f9f-417f-b2af-23a6cfc129db", "comment": "Malware payload (DarkCloud)", "value": "3eecbfd98036e3feeb655393922036f1", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672620, "uuid": "1fcc379e-8987-4503-8abd-438d9e49a6a1", "comment": "Malware payload (DarkCloud)", "value": "ce5b0d3a638824e886d386e3bd551f0a7a304c318a06ce19bc07235384720338", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672620, "uuid": "b2d40afa-2a56-40ba-88cc-dfb3cc8b9ef4", "comment": "Malware payload (DarkCloud)", "value": "52038e806fd0efc3d40254b752c6cdfdcd2f5e80", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672620, "uuid": "d4f0b4fd-a5c5-4e38-82c3-d0206a4a8704", "comment": "Malware payload (DarkCloud)", "value": "a7c9e1d32ef4407d19298749147251b7ae6678e3f5747462f95f54c3f7b123610d76c77d9c7fc8f437869b84fdd25588", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672620, "uuid": "14d422da-2cfb-43a8-bf90-1920ecec27d9", "value": "T12C1533B27398E4876C307F35F69A407FF1852EB6078812B628EB14558FA06754C72FA7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672620, "uuid": "ab9b8a27-8e53-4393-a09c-c95d636fddbd", "value": "24576:dVfffYrn89c6d8/5hd0sGofaPXm7sDzkMDD2izgunRlW:dVKf+++sRCPXdUyx5n/W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672620, "uuid": "0e25ae9b-66c3-44dc-a926-8402ebcc6aa9", "value": 909835, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672620, "uuid": "ccc0d12b-f4a5-4d33-bc38-7a77a706bb67", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672620, "uuid": "691af1ab-6012-48a8-85c3-38de8db1acc3", "value": "PURCHASE ORDER.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7450b972-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689686682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686682, "uuid": "f60324fc-c232-4f54-ade6-dd7f7080e8bb", "comment": "Malware payload (NanoCore)", "value": "5d8ac031d505648cb6e129427ede84bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686682, "uuid": "48074f67-80ba-4b71-bf19-ea6b4a55c72f", "comment": "Malware payload (NanoCore)", "value": "ce5f21e6926901d346279d3e0ec41bc1928afa188c554c733db0581a7e0ebb69", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686682, "uuid": "e54cbd04-d13a-402c-80c6-69a99e2ce138", "comment": "Malware payload (NanoCore)", "value": "e8ab19a6be5e7d1bf16b556b2725067b2ef5e3b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686682, "uuid": "da6183e4-1152-4793-82ca-2e9decc423d8", "comment": "Malware payload (NanoCore)", "value": "7fe7b555d1d661cb04abc4e1fb14428f13cefa3f6d5c491d2c95ecc4bb9f86feb07a23c8f5a45d3f219e229da297e74e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686682, "uuid": "d034651e-9315-4da6-8c4a-c255a25f7cef", "value": "T100D4CF39513C87AFEB57DBB6E434145223F013535AF6E28C8CBA649F3E75724A140AB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686682, "uuid": "4fd0afbd-e8ad-4729-9c79-35aed5667b00", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686682, "uuid": "2dc9335d-d10d-49a5-8292-e969355d9f0d", "value": "12288:CUc2v9YHHMBM+8QkrmyYVYrJ4RDYdEFdBt23InQu7tFsPgqTrQaSejL8Z:/ZveHHMBM+y6xVU4RD5n23e9FfqTrQay", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686682, "uuid": "931198ad-1fbd-49e9-bd9f-bb25b04b1c04", "value": 611840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686682, "uuid": "3db4a880-a967-49dc-bf3d-5b06caed3e6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686682, "uuid": "be8f9fb8-1378-4432-9f73-eeac7aa7cf6e", "value": "5d8ac031d505648cb6e129427ede84bb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c5fcda6-2540-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689666965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666965, "uuid": "5043f28d-ef80-451e-b431-63d59183ef57", "comment": "Malware payload (AgentTesla)", "value": "e0136729814d1181533fa90b3213527c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666965, "uuid": "313d680c-fc03-4599-b599-7276b026c3bf", "comment": "Malware payload (AgentTesla)", "value": "ce683b26018a84f023bcb4b52378b88f5fea654c50a42aa136ef47b67898fb40", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666965, "uuid": "73bcd475-fad6-43c4-8024-cb37e0b65a8d", "comment": "Malware payload (AgentTesla)", "value": "3b2c19c272d461885c2bf16e0e3ca02e6caefbb3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689666965, "uuid": "4d62d17e-a737-4c24-9caf-b8df3c948151", "comment": "Malware payload (AgentTesla)", "value": "c095140129fc4d2218d1f06bb430520577be9996da0e52fcf87851bc27bdab9293b20140edbdb0344d54d286c78abce8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666965, "uuid": "6d3c1d73-7a37-42cd-bbef-311635fa0f05", "value": "T145F33A6992855915D73D41B8C4B0F3491BB3A186962BE76D0EB1DCF63EC63C3322ECA1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666965, "uuid": "431c4da4-b3ff-4bd4-9db3-063ff1d9576b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666965, "uuid": "3cb633b4-545e-4f46-b99d-bc2de6b2b5d9", "value": "3072:xXlgycF65ypOpAdx9LLT2L08Qz820e/+n5vyu:xXqFHOGdbFzL0Nd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689666965, "uuid": "8541f019-c9db-4cc0-9827-3b770e0819e0", "value": 172544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689666965, "uuid": "82d0aab8-ac37-4371-8a94-80ebfe088cb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689666965, "uuid": "32b27d03-ea61-4406-902a-fdf3383c256e", "value": "1689666964ed886437d0935a7070c87615849cbbd94c2612f97c503beab7a4480fd1271d15440.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4723d8e-250f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689646041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646041, "uuid": "d7dd471e-c8a0-46b1-9814-5dcd3eb09ce5", "comment": "Malware payload (njrat)", "value": "5d4c903e2ba132fe886be296c10707e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646041, "uuid": "234ce3fb-54ab-4f16-a55b-937201ab0b53", "comment": "Malware payload (njrat)", "value": "ce6f0090d1c38351a4a9dab52bf4ad817c3f2ea5a6e5cef4dd139311ea1e4c54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646041, "uuid": "af90eaae-b025-47f2-ad57-ddc75ff5c5aa", "comment": "Malware payload (njrat)", "value": "e313fc9e2f4ce3499ba5fe8de0ce3533ea5a55d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689646041, "uuid": "f50fa4da-31f2-49b7-a4b1-dd8f56e6077a", "comment": "Malware payload (njrat)", "value": "e67e66ea13951eb547b024224d92c027c9d4c7e72b6979977ebc5f429878c6b120c238ead9cfc09ed38bf619dddedd17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646041, "uuid": "45c41c64-e8eb-4afc-87a9-e19e6877cc4c", "value": "T1A4C229593FA08176C2EF6BB406B2D72102B2E2074A27DB5F4CD844FA6B777C14D81AE5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646041, "uuid": "223e2c73-10c6-4dea-955c-4cc65b228f9e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646041, "uuid": "9487dd37-f6b9-40ad-a1e0-bfef86c85070", "value": "384:/Ld6haZIVi/dMkt1cpDkjetHzCYe/eBY2OzRLTm3yilqr63sbTtFvGf:zw0IVi/dMc1uT5e/csEQFvGf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689646041, "uuid": "2cd93d60-e894-4365-9ea5-53a01300db52", "value": 27136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689646041, "uuid": "402591f6-9c57-4660-9834-4e6eefab5237", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689646041, "uuid": "de5c46db-5f06-490c-b757-1eea8a457851", "value": "bOtg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2295e86-256b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689685578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685578, "uuid": "3afd571f-4178-471c-b5b3-cdeb12a22e7b", "comment": "Malware payload (NanoCore)", "value": "fb1088051e83099a69187cf5f760fd94", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685578, "uuid": "d2af0d02-5d06-4685-8140-0bb68ae51ba8", "comment": "Malware payload (NanoCore)", "value": "d05a234b2f160e955d449dd8d6e14dcc389a501053cc8044879a2d50753f6e52", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685578, "uuid": "38195432-35b6-40b8-b7a2-26582dd17779", "comment": "Malware payload (NanoCore)", "value": "680527ab318763fbae75f732e698e60694235e8d", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685578, "uuid": "110fc525-6ab8-48a5-9bd9-8daf515fbd2d", "comment": "Malware payload (NanoCore)", "value": "93d7ca0224f9cbb445f51227ad42cfb640552485d7e5fb144f3c302782dad460a9c58e457d0f15ce2b0f745c280262cf", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685578, "uuid": "56301b86-b55b-4888-aa0a-78d54b6293e5", "value": "T107039F5AE78F02A48F511277131B0E89AABDB63EB35045B174AC933433EDC3D42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685578, "uuid": "5cf95b37-9095-4eb3-9210-7cb36f820d90", "value": "768:PFx0XaIsnPRIa4fwJMN3Jv5ym6D3WW1FN1mm6i/2JLrhXgrI0uYE5rGu:Pf0Xvx3EMN3JBg3X1Fzmm1/2SI7Y2rGu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685578, "uuid": "4326a4a6-b64b-4c72-8af0-3a9e66f4e48d", "value": 39991, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685578, "uuid": "ff94ff20-92c2-4a3f-9112-29a129726643", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685578, "uuid": "6b5dfee1-757c-4de4-a927-ec04bcdd5bc3", "value": "Factura 009487112023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4263a9e2-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689661258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661258, "uuid": "97606c2d-3eea-4f5f-be6a-2b7f57cbc22a", "comment": "Malware payload (RemcosRAT)", "value": "937a058f44242f6aab9b8634bad4c811", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661258, "uuid": "54c0e436-1237-4dc3-ad56-c515928d301c", "comment": "Malware payload (RemcosRAT)", "value": "d07ed07ca4d684aafb94c3aff1750c2c78297fb7406b1ee3776431a6e213cd78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661258, "uuid": "0d90f8a6-508c-4792-aa1f-aca05794e00c", "comment": "Malware payload (RemcosRAT)", "value": "9819e0f03b9405ec28bdf9920fbd09e47157d132", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661258, "uuid": "12422305-0892-4782-a6b1-49f375aea091", "comment": "Malware payload (RemcosRAT)", "value": "fcab6a4cd8f02349ed1ec640156f5bed4ef734fd0fdbe85bc7af88940e4126460abee196a3daa16856a27c907e6a9a7f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661258, "uuid": "791e1105-f052-462c-b3af-e1f62a5f9ae6", "value": "T1DD05413D14CA9567D238EFB64424EA19F2C36B4237834BBE75D2E6618122339F6C139D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661258, "uuid": "440e10cc-4d4e-4f28-b637-629ad78b7fdc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661258, "uuid": "c83ced08-847f-4e75-95cc-e40130679322", "value": "12288:IWqbbHMmNdpHsKr1d4IcqXMkP8afi1F9csWjEAmD:iROOQys6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661258, "uuid": "7f5f88ae-2d0e-4775-a5e1-5a634282717f", "value": 816640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661258, "uuid": "fc11f791-0b63-48b9-b58a-21b682e1b8f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661258, "uuid": "3424e0a4-21f7-4733-a86d-b9c864a0ad9f", "value": "GST debit note -june.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0acaea6f-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662023, "uuid": "520d43e0-04f4-4116-a61b-0db871a4457d", "comment": "Malware payload (AgentTesla)", "value": "0b3877ce7322e42c78efc3c11dbb589a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662023, "uuid": "fe2b181c-7ef7-44f5-9f8b-72fca9cfbbbb", "comment": "Malware payload (AgentTesla)", "value": "d12b63b47e5dcbef8bd4e4665c4df9269e532df3c9b589c7c2b1ed81ef1eddab", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662023, "uuid": "dab80bba-1110-486a-84fa-1989124e7d64", "comment": "Malware payload (AgentTesla)", "value": "cf1154e1e96f605c21732f3be4306374da5e0f0e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662023, "uuid": "a0e7e4a8-7bab-44ed-8331-e1851b5232fa", "comment": "Malware payload (AgentTesla)", "value": "20df6eb7a69d425adf82b40fa6422e8d69e2f5914dbebb3124c8dd86ffb4970c29241b90d6300603388143863f692bf2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662023, "uuid": "b75cff72-6bd0-498e-8895-4b71a7467ea4", "value": "T137D4F1B6B34DF8DDE5062C764CB9510000B7AE8BB82AC61F7C09389899F36836767D17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662023, "uuid": "36027e69-9199-462c-ad8e-2ef6d8183bbb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662023, "uuid": "0aa4b64b-1af5-4abf-ac75-3c046f932010", "value": "12288:xdTe3/MhIaQkESIQOQFZ/yAcK+jmjmbZzZfQvgLt3Zz9qVgz:TTeMrzpIQtZ/yjDZzpzYez", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662023, "uuid": "4e38b88a-e723-43d4-8126-11a141608268", "value": 633856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662023, "uuid": "ef1de693-d7bc-4939-b1ec-5510814575ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662023, "uuid": "b436d0d3-01e9-491c-8812-8365c2271318", "value": "41570002689_20220814_05352297_HesapOzeti.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e42eb218-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689679998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679998, "uuid": "15a43345-907c-4cc5-99ae-28b59711b2de", "comment": "Malware payload (AgentTesla)", "value": "273a3d14379f11b1c71abe7e17acd57f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679998, "uuid": "66280da7-1c81-45fc-9753-a3f04d85f24a", "comment": "Malware payload (AgentTesla)", "value": "d1408bd2517c4e2119fff02159563cab8944db221e1e0b4cc988dbf093f0a6c7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679998, "uuid": "e1bf514c-e1f5-495c-ae4e-5f2e83e21edc", "comment": "Malware payload (AgentTesla)", "value": "f60716e4af66a18cdb1de94fbf4f270ac61dd950", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679998, "uuid": "b82fcb70-87be-43fa-ab54-861e8d91e87a", "comment": "Malware payload (AgentTesla)", "value": "b9fd144d4968420e0d15798b44a2ab5eaa3308c15972445ae1387db145ec7c3d50d77bacce0e8af974cd11c37f90c61f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679998, "uuid": "41a01bd5-e96b-4fa2-90c9-8f807b7a1803", "value": "T1B20402763A80E873D3F612310F7EFE9696F5D21A2021661FAB141F8C78321D6A55F8D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679998, "uuid": "e2e6539d-8bba-4d4b-93fa-95d8a78fc689", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679998, "uuid": "064a359e-4e62-4556-8904-b7492edfaf36", "value": "3072:+NzPHk9MpcQb40m6GFxytXNRy+EqWdFpCdELodcsOAk0lXg:+hRFWnQHy7q0FoVvOAVw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679998, "uuid": "79dd5a21-8aab-46b9-b1cc-7011fa96269f", "value": 175669, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679998, "uuid": "0e3eee67-a5d8-4609-ab12-4db6a02c32d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679998, "uuid": "a748d49b-9fc6-4492-ab65-0334e1c0ac08", "value": "BSSP-13501.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "065139b1-25a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1689710120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689710120, "uuid": "113ed7af-91a5-45ec-9dc5-17f5cb2b6817", "comment": "Malware payload (Fabookie)", "value": "5d64b2eca5d964e75441efff42be4a26", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689710120, "uuid": "67e0a615-5434-4fef-b210-c33f859a3804", "comment": "Malware payload (Fabookie)", "value": "d2179480c587c85ea87b203dd378e3b20ac543a5f765f8268b247b5e0f10b7b7", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689710120, "uuid": "a29bfede-ffab-4d6d-acbb-10af1ef3808b", "comment": "Malware payload (Fabookie)", "value": "74aee569d5f5146b0c6c5a6a1ad991ce6cf309ea", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689710120, "uuid": "04e79622-86af-46ba-9cdd-97f79041b2b8", "comment": "Malware payload (Fabookie)", "value": "0dfee63344cf5fe845420a1f1adc273258be31d38ab01d158c42b18fcda9339ce40f94e7336386fd1d55b31217a302d8", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689710120, "uuid": "64a8ca2e-1343-4ab8-bd92-eeaa9aff6743", "value": "T140F42B56FBBD4272E051C135C9A6E7B5E6B27C855D30970B2346EB2E2F335118E3AB20", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689710120, "uuid": "a3cf3a92-5c7e-479d-a38b-bad0068b4692", "value": "f2fcd0efb031ebebeaa83cd4cd21090b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689710120, "uuid": "42fb678e-08cd-44a6-8701-4af3f2ae28f6", "value": "6144:nA01NdXuvxQW7SYY3E57in+MRxQ7cUBmCUiJbc77ZvfuYuEdGxTC25Wf7xLUnw+V:nd+5QWGBn+9ShtdGxTC235JL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689710120, "uuid": "a6227d92-4c3b-4e67-a21b-15ec1ff67ced", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689710120, "uuid": "a4d624f2-44c8-46a8-a98b-aeca05f04d30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689710120, "uuid": "c20f4f94-f65e-4072-8b17-cd6dcf20f6cd", "value": "5d64b2eca5d964e75441efff42be4a26", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82476119-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689680263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680263, "uuid": "ec39f169-2fe4-46d1-a088-be52e053714b", "comment": "Malware payload (Loki)", "value": "03288281d694f1dd4aeaed2570637ff0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680263, "uuid": "471e0c73-4da7-4d73-949d-6596b71f188a", "comment": "Malware payload (Loki)", "value": "d3e989f804393e78ea6dbbd695be438350b450745df755f72139ab2d5c0c516e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680263, "uuid": "747b9840-6d9c-4263-8e90-ab24d4c16b7c", "comment": "Malware payload (Loki)", "value": "89f050e00288e7037bc16da667bbf4df5632965d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680263, "uuid": "ef1439ff-c8e8-4095-ae3c-8b26b2b104c2", "comment": "Malware payload (Loki)", "value": "67a2e21e1483279170f281a8b8bb4ae4ba274eab0421e9492be53fe28c2f4167d3f3acadfc5b52ba7b13e4c3b807c2a2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680263, "uuid": "8f3661f6-0677-44c2-985f-333c8a7c32b0", "value": "T19BC4129A53649C32D285BBB08FA25169B3B1E1B610AEDFBD4BB53C01DF013C52D50AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680263, "uuid": "2acbf12e-832d-41b7-b528-5555560ec3fe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680263, "uuid": "5091e0d6-5ef7-476f-8681-729f2c9983da", "value": "12288:yBqD3ZxjJE8ERFtwuQhijnMX9vpd+X9RoajBRWidmQik/QqxJyCB/:yoLZxj6XFtkhwnMX/d896ajBRqeQoyCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680263, "uuid": "a33e0be5-5d4c-4b84-93cf-45220f4dbc0a", "value": 584704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680263, "uuid": "72cd5a49-2739-45cf-afda-447d79202c6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680263, "uuid": "528da30f-6537-428d-adc2-f5c0f286b578", "value": "denominations and breakdown.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0368f530-252c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689658146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658146, "uuid": "89bd058e-27be-4e61-ac6c-cbabe77b08fb", "comment": "Malware payload (Formbook)", "value": "3b08d70445120f2ef571828dde9d6be3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658146, "uuid": "5a84ee4f-1459-4a58-8906-d002ffb968e7", "comment": "Malware payload (Formbook)", "value": "d402a53f58b386e523432ddf1c94e44cea111587c6a2714681b0669f2304cb30", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658146, "uuid": "ec534e88-171a-4c20-a0d4-188354dd9284", "comment": "Malware payload (Formbook)", "value": "f4cf3dab48219ced0092e9046f22956333df436d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689658146, "uuid": "4816bfcc-d1b2-4851-bbcf-50221665b26b", "comment": "Malware payload (Formbook)", "value": "194637c8d9781e63edb2150161caba5cef4039a0a618bf1e1841e2aa4cc7782e9290799fffc5c0619a5fe413933d159b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658146, "uuid": "f9369cee-04e4-4988-a22c-d2d91989bdf6", "value": "T1675412041AA4C593E87307F03E7A6F769BA188161168A75B17908EAC7D37990DD3F3E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658146, "uuid": "b7a68900-e80d-4f0d-a042-d7bdadb2661c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658146, "uuid": "e66e5761-ab2b-4e04-8e9c-eef6debc6de6", "value": "6144:vYa6HRWFm8hpwLZFlJ+bi5GQ8lqxMz/wF0N:vY9bKetF6etLHmN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689658146, "uuid": "b696167b-d3a5-4be4-91c0-6eb1bbef27dc", "value": 291795, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689658146, "uuid": "0f84a49d-cbce-4a7f-8a4b-752fa477ae6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689658146, "uuid": "cf9f557e-2b7d-4f97-a1da-0420f586c799", "value": "3b08d70445120f2ef571828dde9d6be3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8800a1e-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705291, "uuid": "c57d4420-9041-49c4-985a-bb7d6ea4e5d9", "comment": "Malware payload", "value": "af7687c8c37cec6e761f9410fad937db", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705291, "uuid": "795a61e9-e429-476d-a7d4-20a9e86dd920", "comment": "Malware payload", "value": "d4085a9cb03d5efec3af9440a49dca5f49e79bc2755371ac3e7af7a122ee7c60", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705291, "uuid": "4c797468-d8f3-404b-b18a-9d9a12e2c9cf", "comment": "Malware payload", "value": "be62e5e844a97e6bc85c8df441e73c03619eccb2", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705291, "uuid": "56e75df0-ecc5-4de2-a97e-8919d7a24492", "comment": "Malware payload", "value": "f5a3a9f9e528a04620a7414b0d51aa61177bc27a10255b27d6d84ae4aa4aeb2271fc3a864db73d88f7eb75754d280b3c", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705291, "uuid": "8217644d-6df6-42a0-abb8-4d451a9b122b", "value": "T1DC33316349983F7AC7CFB47DA81F42ED25EB35A10235916B4CA3AC4F09CDCB68952D60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705291, "uuid": "1bda5d44-ed15-469c-be4a-a2c7a8cd2860", "value": "1536:sVlguNfwId8GWeDxfDjof2/7UAJyNblWesnS:snDfwId8GWeDxfDj2AJyNhWes", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705291, "uuid": "3c19231b-3084-403d-9873-1975df13bbea", "value": 51368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705291, "uuid": "ff54db50-c344-488d-8cba-c7c0387ca57e", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705291, "uuid": "cb901f60-86be-4760-ad87-cf2d43ef5f3d", "value": "SecuriteInfo.com.Trojan-Dropper.AndroidOS.Agent.28035.28447", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aec8442-2563-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689681834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681834, "uuid": "6c39960d-0572-4b36-b240-f782d3045007", "comment": "Malware payload (ModiLoader)", "value": "ab6099d4923edd6c0bf705802b0dffb4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681834, "uuid": "b9d92958-06f1-4e1c-9ab3-867b4e557b90", "comment": "Malware payload (ModiLoader)", "value": "d4c465f27047a494b15d0cd45c9506d7e8acafb93d02b2acf601b7b36599d1af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681834, "uuid": "b38f41ac-60be-48be-80ea-6c97dcbf42d3", "comment": "Malware payload (ModiLoader)", "value": "553db1a7e3ab38ec9cfeee4cb5dc5776c3b9900d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681834, "uuid": "0e3559ee-d9f5-4759-9705-c301f9f8e998", "comment": "Malware payload (ModiLoader)", "value": "f209ef5850ed5fd5e54ae6c89ba3adfe144b0769ddf4cc317e6a23a0eba6e81b0a4e0c6511ce82f0e989f5538ff6a76a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681834, "uuid": "64c8188b-854e-4273-a8c5-d55e5a8cb099", "value": "T148E48D26BAAD0736C1F29AFFD80F7765981CBE701E18D4055ADC3D1D2E79281782922F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681834, "uuid": "ff84ddd3-26ad-46ef-ba1c-f1b6b0131d21", "value": "9e10928b8d989366a4bb46fb419f8422", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681834, "uuid": "cee49dba-7a18-4cb3-a9b1-9e2bd08a95fe", "value": "12288:hhlRos7bQ9K8xBX9d7JD66ibw2zUoR+g2jm4QOUR4RC7AQ2:hfbb2Bb7VRibwlg2jm4QOZo8Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681834, "uuid": "ffaa1b5b-08a0-41e3-b30e-a307e44d62ef", "value": 715776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681834, "uuid": "3f7d43e6-86d2-41f2-bb98-edd17dff20ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681834, "uuid": "b1806f7c-f435-47d7-afe4-794d8017a87c", "value": "0383726352632323.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0560fe7-2560-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689680823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680823, "uuid": "c470a989-ad0c-47e3-8e46-57a0c244cbe0", "comment": "Malware payload (Amadey)", "value": "9695218dddcb61990f92336bac798562", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680823, "uuid": "b9a92c55-acb0-4c8c-a259-11975fcf7bba", "comment": "Malware payload (Amadey)", "value": "d4f4fd0cc75c6175804b1d865aeeb1b2a4b6070fc4ca578a88140b29e9812888", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680823, "uuid": "d7ff0e63-868a-47ba-b52c-ebd1eabd664c", "comment": "Malware payload (Amadey)", "value": "f0dc2fcb4590e33a2ccb1b0fd5ad9ee7cf5b004a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680823, "uuid": "a4902420-3f71-4522-91f2-7d08fc8fa633", "comment": "Malware payload (Amadey)", "value": "38f162e2b29c4cf77889b8565012cc35502385e5b4213e7de008e12093b89d6f2bbcda428f83dfa6ad1a5a0d84fb5bcd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680823, "uuid": "970dd795-e620-4d70-a029-1cb421dc7722", "value": "T167840152BBDA80B7D8B827B058F703930A32BDE18E34935B23459D6B0C726D1993577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680823, "uuid": "9938de96-b8aa-4e00-a2b9-5b965dc9ec2f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680823, "uuid": "0466e0e1-e1ac-4ec1-930d-fc02a82a43ba", "value": "6144:KEy+bnr+lp0yN90QEryfLruHepZhZ5XUKcFCpwGnp9aQf4uq7LwhIRi8IpvuT20d:kMrFy90dyfWU5EqwkhRgLwhIw8IJu+a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680823, "uuid": "a1ad84f8-4532-4dd4-8863-7d4f3459c883", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680823, "uuid": "22ae1d59-bca1-4cb7-bfa7-0dcbad81d705", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680823, "uuid": "2c6c2298-0b3f-4c3d-9d36-bac6b146cc2a", "value": "9695218dddcb61990f92336bac798562", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4eb17c5-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689684186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684186, "uuid": "e27168d5-0fd4-4498-94eb-2b4d5de61d08", "comment": "Malware payload (RedLineStealer)", "value": "6611c346195622a1cd5edc04aa03faee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684186, "uuid": "2054c0ff-e620-4abd-a4ec-87d22edbe007", "comment": "Malware payload (RedLineStealer)", "value": "d66083551f8ae90df7e5649b96d02551322707019c6721e59346341593baa6d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684186, "uuid": "9090d56e-c291-434b-a1d2-70ff8f82d624", "comment": "Malware payload (RedLineStealer)", "value": "e1277086b58032d9ced044966aaeff8597ed6127", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684186, "uuid": "470f1adb-f0ef-4fe7-95d9-531c7ac2216f", "comment": "Malware payload (RedLineStealer)", "value": "ce7c8598e0b1e55e35d182fd012213ae2e15fc412686b76f066ce9c8dbc7a62fae2230c84d028a185685b11147333ca9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684186, "uuid": "0a4ce2e3-aab9-4900-b830-b762c6ff173f", "value": "T1BBE46B517CB0C672EAA270FF42ECB730055DE0A0072459C756980AEAFE671DFBA32B55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684186, "uuid": "fb90df16-5e32-412a-a91d-84873e5e18ba", "value": "366b889fbf8b867e33436fbbbc4d0c58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684186, "uuid": "1f168b07-082a-4de5-bf4b-f3911fe80547", "value": "12288:gHlEtGp/N7yKB9UyTLrY1XzBlflu2qwC5Y75Uda/EwYbyaZ:OGGp/LrYdfxC5Y75UE7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684186, "uuid": "616a5f7a-d400-4705-a19c-f8f15b4e265f", "value": 701440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684186, "uuid": "9d3f657b-ec97-461e-9783-bb39bb0a887d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684186, "uuid": "75f2faac-fdca-45ca-bf2c-762caa7ef79c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d98d1ed6-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689698019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698019, "uuid": "d6baa2d2-03a5-423b-be72-11004eb4aee6", "comment": "Malware payload", "value": "d5b59873f32de2db3bf7f8aad36f8c42", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698019, "uuid": "f9f6d00a-611a-486c-9c02-1a2d63e713b0", "comment": "Malware payload", "value": "d78b4c2c76b3b4c87c3399d6385681e251f508b5fd8e587acfedc420384c3ebf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698019, "uuid": "1a01896d-8a64-43fc-abb7-db6a84566b0d", "comment": "Malware payload", "value": "9d710417923d2504340b5d00006bfbe6ffa759b6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689698019, "uuid": "0234633a-784f-4872-aab3-8bc3ca07d975", "comment": "Malware payload", "value": "2da73903dc7715d676df7dafe93f21f25e38f73a08a34ca988d0db626096ec3af0d04bcccf4aa0788843a78efd6545b8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698019, "uuid": "c70f3db4-3761-4b89-9621-818010489ca4", "value": "T1FE337D41B691C0B3D5EB033529AD8621467F7C629BF4C4873FAA060D5EB15E07A3E3A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698019, "uuid": "37dc49cc-27bb-4e19-aefe-b166e4dd7d33", "value": "90c2b41dbc64bf3f152f09646916224d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698019, "uuid": "8c8d17b0-4bb7-4078-91a0-9cc0d4360616", "value": "768:HBjEVPSd0la9o7UfY02pbYrqEDdWANKNXs4yxdjGTtVQ98lZTOigalmSrLg:HBjE9UmoY028IXs7GTtemg9S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689698019, "uuid": "59634426-3ed8-40df-adec-dd4d4152b119", "value": 54272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689698019, "uuid": "72f7073a-81d2-4aa4-96c4-3008c021ff43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689698019, "uuid": "400bb957-8015-45d6-903f-963b1a9b29b6", "value": "SecuriteInfo.com.Win32.TrojanX-gen.29125.29679", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60ab84c0-2561-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689681065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681065, "uuid": "54b64c20-15d2-49a6-84aa-04ed5d399e1b", "comment": "Malware payload (Formbook)", "value": "c5792ae5288912a466821f76ee4c3c4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681065, "uuid": "6ccb955b-a7e5-4515-9b49-d0699deaf110", "comment": "Malware payload (Formbook)", "value": "d88b5bb03d499cee62afae5d7c4b7dece78434f5fbaa667fe397093aa60c4dd3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681065, "uuid": "eb6701fd-12c1-41ca-a25a-2ff51d8c4779", "comment": "Malware payload (Formbook)", "value": "fbbcd5a2d56b76efa3b85a322a78022c3ebce8cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681065, "uuid": "75579624-a35c-4472-9efe-a65eec7078b2", "comment": "Malware payload (Formbook)", "value": "32bf8582e4a97b54711ac5485f13a0302fb85203e8099075b4d7dda18da881544273ffc5ef597efc147cfa0baba4c94a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681065, "uuid": "104b39a5-1a64-4156-875c-f33365957c40", "value": "T12A2522193280C13AC4FB457004EACA369E3575360B7996C7FB9D63F6AF642D1633A2D8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681065, "uuid": "532b5f10-b84a-404f-ac23-ac118f14c45b", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681065, "uuid": "5c4ba137-e5a9-47ad-9bc4-31c297dbf84c", "value": "24576:vk70Trcl7bwYmRQt/s6fWYXZXSQNkq/FiJOrNohxMdp:vkQTAl7bzmRk/5WaZCQ1IorNoAdp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681065, "uuid": "0d5b5dee-97d1-4855-a2b5-7c7b3c479944", "value": 1035328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681065, "uuid": "a66b8108-108e-48d6-a384-5eee4e29e127", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681065, "uuid": "c24fae49-26b0-4f9c-b42e-8517ae1da0e9", "value": "PO_98383737.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53607b76-2534-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689661716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661716, "uuid": "b2e9968f-38c3-4b3e-96ba-ccab2f15d478", "comment": "Malware payload", "value": "2934929bfda0116d6244ff8ea1c77f82", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661716, "uuid": "536887c2-7ded-430c-82d1-0b058268617b", "comment": "Malware payload", "value": "d89688f38228cea710aaeae8b519a81ae7c0ce461087bba2dd39ce0917eaaeec", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661716, "uuid": "0fd8a51f-67fd-498b-a3a0-fdfe2816235d", "comment": "Malware payload", "value": "74485d4501c8486480d9c8a5eb6f2c97bfa77dff", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661716, "uuid": "bf4cda0f-50ba-4031-b0a0-23693c9606d9", "comment": "Malware payload", "value": "b311ce1bf59e620caee4f38e4826a2b96fc5034473c26dfc837482a12518f038d7680f4be0b3ed35672c1c99b2df1de4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661716, "uuid": "bf240736-c669-4991-a077-a8e38e26a67e", "value": "T177524B7D92CB5AE9EE770EBD59DF2409451532A087A809D352C3940A8EC0AE3F671BC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661716, "uuid": "f9aea706-24fe-481e-998d-ba816853777d", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661716, "uuid": "761a4032-6d07-412d-b597-ab1f62c257a9", "value": "384:YK7WeDTtJLQb5z8T5abu6ia1COyiHBom2R//qPuJ:lTtVQ98lbbOUm2VCY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661716, "uuid": "831da005-1adc-4c30-932b-baf909727945", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661716, "uuid": "2ba18630-aa83-447f-9786-b61a84b33e37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661716, "uuid": "f8c44ac9-7f7a-4bec-bdbb-5cd99021a178", "value": "SecuriteInfo.com.Win32.PWSX-gen.17739.4986", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8eb23c08-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689697893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697893, "uuid": "559ff621-774d-4235-8d49-e8a3928069c8", "comment": "Malware payload", "value": "82b700b321f4a07c0c0d4a7c368b2bab", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697893, "uuid": "5d724e2b-4cc4-488d-ac64-dc9a1a1b86e4", "comment": "Malware payload", "value": "d96bd7bdb83932a81c02ceb4aff61ae804a542b40f45ec5fe3d0ad2c8492d4fe", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697893, "uuid": "0274c028-7e8d-4475-97df-cafa0991e4f1", "comment": "Malware payload", "value": "44025232b042dc222963f319f49aa643c221d3af", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697893, "uuid": "44c6b069-0242-48d2-8bd4-3a70bdddcafb", "comment": "Malware payload", "value": "c6197ce512130f31a9856d599a04ec35c119a5e55df55f36181bddbd19843f756966e40bf9adb19280c060192ae45a00", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697893, "uuid": "50891cdb-6da9-47bf-8780-a19bd23a0b65", "value": "T147F2BE14C59638DCE11223D21B6D789F266EB136B1C941C13EEECFDB4340EAA9943397", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697893, "uuid": "2ca5d31b-343e-4534-9451-24e2ac66cae6", "value": "768:yjIReeOSxVaD/oc3onoO8fVGLisOwVcN6imgSCmedGQQXDllTj:gfVGLiJX4imgSCmSi5N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697893, "uuid": "31c394ea-ec3b-4035-b0bb-add3d4b3df31", "value": 34843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697893, "uuid": "4a164724-4b48-4179-b879-d07e764506a7", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697893, "uuid": "57cd1781-8bb5-4424-8eea-824272f30a19", "value": "Invoice_details.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93aa132c-2584-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689696183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696183, "uuid": "81142093-13e1-46eb-96fe-76533a2276ca", "comment": "Malware payload", "value": "009ffd114695ef56b9ada42b9d476625", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696183, "uuid": "7894ceac-14ad-410b-b510-838e2229128a", "comment": "Malware payload", "value": "d9ade9a87de196d78e3b0802f97d72a0cf5070c8b273a10ef5f0295615b87bee", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696183, "uuid": "053334bb-7391-4320-9ca7-c2c301c7f46b", "comment": "Malware payload", "value": "f78ede7a17c6ee3f54244759768646a528ff5762", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689696183, "uuid": "59e19039-2a6d-42df-a854-ff8756009f86", "comment": "Malware payload", "value": "f1be6483d2162962173d73fed18e4d928ac28def8d37994a96d4ae68c43a5d3c1af68330fed333cd1f83244d16454908", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696183, "uuid": "e699d8a4-6ee2-47b7-8f3d-30ef979bd0c6", "value": "T1B5F2AE10CDDE7CCDC15067865B6A7007ABAEF131B0C985923EAFCB9B4355F1AE823216", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696183, "uuid": "1a0d0513-b0bb-40c6-b5aa-c1f5fc6c7ecd", "value": "768:yLIRreTFxixD/ocgnvoeIWTaSv1Plqfg3G1WFUe70Ow/wfXCeJAnpedGQQXXl1L:I3Tr9digcePwo/nOSiVZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689696183, "uuid": "e3ba6d95-ce0a-4af3-9c4b-361091c83d04", "value": 35382, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689696183, "uuid": "93effcc2-0f94-48fd-9b88-58f0fc1812d3", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689696183, "uuid": "ab3ba4cc-6f0f-4bb7-9601-45e8158457d1", "value": "INV-Details-Jul2023.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "737f49e9-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662629, "uuid": "747d5945-3602-49e5-b05a-75aeb044440f", "comment": "Malware payload (AgentTesla)", "value": "4d7790985fd2ae786c9ab220fca5dbdd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662629, "uuid": "5eb8468f-4790-489c-b63f-17a6c618e0ad", "comment": "Malware payload (AgentTesla)", "value": "d9fd1be078e464e7aa527b0f05f65697e84c4f0b855578840e5eafac1bbbedb2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662629, "uuid": "861b6059-e98c-48ca-8f81-9d353b89243a", "comment": "Malware payload (AgentTesla)", "value": "72433bc44e7231e003734f2768215438cce01b4d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662629, "uuid": "d132d698-e102-49a5-901c-17a751ddaeb0", "comment": "Malware payload (AgentTesla)", "value": "5ef8c73132ef131a89dbfdff114632d0358e0d6ae7cbaf42d3652554da1808a96b053769aa7f6e009a03bb37f8bf0352", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662629, "uuid": "dd71c8e5-99e4-4074-91c7-71ce5fb2208f", "value": "T11CC423AC12A57BE982D2EBA5A13C38212C3343510634A3BCD95D5F3A37CA7F115DEB19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662629, "uuid": "028c8bae-b6c7-4b82-a426-02e6bda96c06", "value": "12288:W7Ut/yaZluuVo7GP7cbMUj258Ms70ifkZkAscSxra3VlxD:WwpyMwP8C970Zay4a3VlxD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662629, "uuid": "d8f66111-17a6-488d-97ff-f03d35943bd1", "value": 573984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662629, "uuid": "1098d615-d6eb-4459-8ed5-6096a68b0cf0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662629, "uuid": "9a83a744-8e6c-4dd7-8444-e0c276bf9d5b", "value": "PO 0130717.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a99a5d80-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689663578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663578, "uuid": "0ccf650b-c0c1-4423-acb2-fc741c7f00c1", "comment": "Malware payload (DarkCloud)", "value": "414b462ee07a7308d79183380bc5a174", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663578, "uuid": "b8cf8f95-6f0f-4148-bd27-addd5f9c1044", "comment": "Malware payload (DarkCloud)", "value": "db14271dcd74f1839612cbb0f040e997310696f91efd6f7e4abde11471f4a3e9", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663578, "uuid": "ed351096-0edd-42ba-bb6e-8009eaa31850", "comment": "Malware payload (DarkCloud)", "value": "b5a14307bc381c946c57933f24155475fd0f9bfd", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663578, "uuid": "96039cfe-86a4-4c0f-a453-549a3d3cd999", "comment": "Malware payload (DarkCloud)", "value": "ff1cb7e2572111855191df92899238cafeae700995cfa1e7338b0138d6c958c7943efa606059d188185882ea2b843b1c", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663578, "uuid": "f62b2674-255f-4c0f-a4cb-828410b3f331", "value": "T1E8652391F29E961BC5D12AF867E4E72553704F8040B6C08C7F2CFC9BBBCA9518722697", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663578, "uuid": "3826b095-44da-4b0f-b123-578221dc41c8", "value": "24576:LfzW/ZbrZuuu/Yq/QQ0aDKQwLjyOGDWzkS0Nl:ba/1rsL/jQYuLLjyOGDMN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663578, "uuid": "8495678b-b1d6-4417-bffe-f7d136c680b3", "value": 1441792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663578, "uuid": "e048ec0f-ccbf-49f5-b2c5-9c38cfa6296a", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663578, "uuid": "79253faf-9097-4cca-9e4a-36713220c7fc", "value": "FACTURA DE PROFORMA 1689.IMG", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "188cd49c-2568-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689683951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683951, "uuid": "d779ce94-e139-49d2-bc7c-7706cbedab10", "comment": "Malware payload (RemcosRAT)", "value": "51173f4615fda6188760cb468b593a27", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683951, "uuid": "d7f6be6f-8d15-4b14-b630-947cc944f936", "comment": "Malware payload (RemcosRAT)", "value": "dcb2c88a0e980e5d5b2227eb3ede87e3aed37ac3a1126bbc547671763a1c102e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683951, "uuid": "408932d4-e1ae-4025-8987-ff89b46459c1", "comment": "Malware payload (RemcosRAT)", "value": "24795a56a6d1dcd780922eb0b8879f65019849cd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689683951, "uuid": "92b0d1d0-1d3d-4df4-96ef-30a8ecdafecf", "comment": "Malware payload (RemcosRAT)", "value": "92a6be9d1cf241385b575922f4e4d6f7cf6faf99dba1b01d105581181f9832c7ff8a63970f56bed18f18bf6dd74b9d78", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683951, "uuid": "a85abbaa-104c-4367-9cf7-fe36596580c0", "value": "T1D305F1C3B75423EDD474A6BBA13800852779A97F6EAFE1659FF0F1E102A5B06C120D63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683951, "uuid": "afe277d9-e1c0-4e37-ae14-57721ecb2210", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683951, "uuid": "6ff322e6-ebc6-45bd-a8f2-9db74754624d", "value": "24576:uVI6+51cyQkbzsqkC3ecuPRE3oravDlwYCl:uVIFj7IqkCuZRjSlwYCl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689683951, "uuid": "faa7c5f7-9cdc-48d1-9ca6-a2017fb191e8", "value": 851456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689683951, "uuid": "f04ead79-98ec-4a9f-96b8-29e972f12919", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689683951, "uuid": "bdf0e4d2-72c6-4dfd-a51e-705e13bed559", "value": "51173f4615fda6188760cb468b593a27", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1edcb58-255e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689679940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679940, "uuid": "250ea4d1-f893-46f4-9978-d0949ad4de53", "comment": "Malware payload (RemcosRAT)", "value": "5f9a404fb500bbaad6bf88e91969a766", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679940, "uuid": "9a5cff2a-fa73-4af9-953b-efb166ce5ec0", "comment": "Malware payload (RemcosRAT)", "value": "dea2b2d4989c276db78b0aa40ec756acf6d5b9f69fb1898f32e59f8bb28e11e5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679940, "uuid": "f78c9b9c-406d-4722-b437-d8fbb94c4d69", "comment": "Malware payload (RemcosRAT)", "value": "89677b0d9ded2afd98f4176ef82b026c3de8337e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689679940, "uuid": "cc4d5294-ced5-440e-840a-f44682e86c16", "comment": "Malware payload (RemcosRAT)", "value": "f9f393cbf9908ba55d9ccd36dfc8702d132612b96dcfd8824116368bd97f1d65de6974f74d99ee5ac43cb53a7324e1e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679940, "uuid": "ae585502-4696-4d11-b72b-97c057418ddd", "value": "T1F774AEA1F2DDECD5D80613754873ED262557FF29A435092E222E7238AB732937067E0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679940, "uuid": "5805b7ac-52f0-4ebd-a493-73a69fa671d7", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679940, "uuid": "ebe2f060-6d8a-484a-aa82-98a530de292b", "value": "6144:NB+pqUQiXd44KyjvJvIGhOr+8nnCcC2h9R98KYe/pmXst:NgeitNLjvvhCCD2vX8KTpmXst", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689679940, "uuid": "87f485e6-7168-41ed-9cbd-af5584ea5334", "value": 337308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689679940, "uuid": "4d5d5792-df1f-4215-9029-f75271ddea48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689679940, "uuid": "0619dd05-4703-4c9c-8ce2-8c8c1bb87f46", "value": "Purchase_Order_NoTD58222184.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45ff1650-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689685745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685745, "uuid": "5b6cfa71-d79e-4783-bb51-af252ee76e94", "comment": "Malware payload (AZORult)", "value": "62ac9aea4e119b22c1bf55b69ea6c8fc", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685745, "uuid": "4ffb82a1-4891-42ea-8260-3eb57b3a0780", "comment": "Malware payload (AZORult)", "value": "deb27dd84a5d2550f12fa743d1e1993e2f5b98305a35fb55e5bef5d0dfa98c3f", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685745, "uuid": "51e58ede-86a7-4a66-bde0-7dba8fdefb81", "comment": "Malware payload (AZORult)", "value": "366d01e6f59e1c8d8caa2fe5a911aed42a3c2dd0", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685745, "uuid": "529ae01f-f03f-43ec-be18-542ae0606e3d", "comment": "Malware payload (AZORult)", "value": "f491811b79e8b7194d28485b8f6dadfa0d369f8de64405fe99b408fe4dc797b70d0e2470687cf9eb99ae996f6da5721c", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685745, "uuid": "35b5ca60-b497-471c-9fd2-7c6f6eab57c3", "value": "T1D9F302362110E2F7CBB843B01D329F4ADBF7861B1118694B63D47F6A7D226C2990F557", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685745, "uuid": "9811b9cf-c2ff-45ae-9195-dcb5666dfa30", "value": "57e98d9a5a72c8d7ad8fb7a6a58b3daf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685745, "uuid": "7e0661b6-078d-45df-98dc-bee5e3470c50", "value": "3072:+NzPHk9MpcQb0JDSDgFLJVhrqhKnlqGfJiIavobzTDIx:+hRF0JDSDgFdXugllWvobfDIx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685745, "uuid": "bf1913b9-a6f9-4412-8ad5-81639ad4fffa", "value": 163335, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685745, "uuid": "47667b59-b29a-4c69-8fa3-0a1af4756022", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685745, "uuid": "36b343fa-b5e9-4e0f-8331-37565bd54e8e", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1555a77c-2541-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689667195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667195, "uuid": "f78a0b61-1fd8-47d3-a209-ffcaabd0b692", "comment": "Malware payload", "value": "854d09701a87d34c1c3f1b0455cbbca3", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667195, "uuid": "3d0ec0ad-c1a2-4bea-b3a9-e5a389dc2cee", "comment": "Malware payload", "value": "df95ee1a5f2bf5e253d75ac9d778dd4cc70a49adf1ff79fbb9ba90193703bc7c", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667195, "uuid": "e3723282-752b-4d75-a197-02028ccb773e", "comment": "Malware payload", "value": "bb0f7830fe22dd312fc648a70dacd8576f0382d5", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689667195, "uuid": "db1b6aa7-88f1-4d40-b335-8f51c2b5c401", "comment": "Malware payload", "value": "495fad1e0998df9d971aa29454d2b5a8222058fbe28cab6b1d127a4e4953c0d14a1dd3ee4b25e64fea7d9d5e8f34139a", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667195, "uuid": "7103163f-456d-4d38-aa5d-1d548f3c7075", "value": "T10E35F1483FA8B0CFDC54CA3186397A1A1FED8C11977B93175E907A197B33295093BB92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667195, "uuid": "7154f4ed-60b0-4c8f-a508-ae840699664b", "value": "6144:4Ya6M70WF5pFJNhMrAEjhGE2/nOthnMrU:4Yu70NrAaG50MrU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689667195, "uuid": "c3cfcebc-1c96-4b27-80c6-7cfe3033abbc", "value": 1116160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689667195, "uuid": "daed28bc-daca-498e-aacc-acf90ca3cc1f", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689667195, "uuid": "10333535-8b2f-4d59-b55c-3f9d6e585858", "value": "df95ee1a5f2bf5e253d75ac9d778dd4cc70a49adf1ff79fbb9ba90193703bc7c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff7093fd-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686486, "uuid": "d703c453-24dc-41b7-8773-34e90c247948", "comment": "Malware payload (AgentTesla)", "value": "474cfa5848c8b1d403994eba41fbda21", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686486, "uuid": "98ffceba-f26f-4b7a-8297-2ff6870a7241", "comment": "Malware payload (AgentTesla)", "value": "dffd7160962de91f0859e87eba3e6d2ea8cbd3f4ecdc7e27d2db556e027d6173", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686486, "uuid": "aead37d9-576b-4068-b7fc-3b674e2f8781", "comment": "Malware payload (AgentTesla)", "value": "ff44b17c5d82a2d5c9fa800e4a4c2c9bbe0503b9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686486, "uuid": "ba4a052a-eb86-402c-b270-281f154aa7fa", "comment": "Malware payload (AgentTesla)", "value": "9564674e8abceecae02620fe3a53f87bbb748d57739e7ac90e1814396b288740958d96f6ecf575ee8b10539c92bf745e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686486, "uuid": "e39017eb-d202-4fbb-9c08-7f516bd16c33", "value": "T188D42371A27C5927C5F405B4AF61FB10A6B2EFA8040CC25DFE8CBDB8F1D67961392612", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686486, "uuid": "80f9789c-170a-48b4-91aa-00eb153d0c39", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686486, "uuid": "9a10a1f2-19bd-4835-90b4-55986a589911", "value": "12288:4fb/WT4UkuZbbxSej7IBFH/mwdQ4uNmTve6VMkBoga6enZu:4fzW/ZbbxSejuFfmwmcT2h+aR0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686486, "uuid": "134fa034-9945-4423-bf2a-62c449b3c8b5", "value": 603136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686486, "uuid": "0ac67f0d-6fc7-4ae2-8732-2d0028ab744e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686486, "uuid": "2bc3e37c-1594-4a97-9f3b-547305e4278c", "value": "474cfa5848c8b1d403994eba41fbda21.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbfd65ba-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689686399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686399, "uuid": "7b596384-e781-43f0-b598-9f64472951f7", "comment": "Malware payload (CustomerLoader)", "value": "e27fe886b1533db65678ed325d3ecbbd", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686399, "uuid": "f3c75884-1a57-456d-a753-52772cfe3db5", "comment": "Malware payload (CustomerLoader)", "value": "e0d6388ebe45705e7b9bf545aabc2cc83c663849c5653ca2614ddff8e99def12", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686399, "uuid": "c6cdf2e9-a218-4d46-a7f6-bc4582423573", "comment": "Malware payload (CustomerLoader)", "value": "0a119f54a0c2122a8cd721114925e94a0d2a8dcb", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686399, "uuid": "db6a165b-5a27-41e9-9678-3de7863c8713", "comment": "Malware payload (CustomerLoader)", "value": "6e83428436eeeebbffe5028de0da183bf7c50fccff23776bd6003d806a120c4c4d273df3bd452754b63a66a2ee572f2d", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686399, "uuid": "c4d34fa7-e6cb-4a0c-83d5-8030b4075543", "value": "T128423C00D7E8413BD6BB07BD9CB752414239EFB76633EB5B1488914A1C633546E173B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686399, "uuid": "3b964752-1638-4d0a-92ba-639d6425b18b", "value": "192:/WtMpITVt/cNMvyfWwY5TIIK7mLyJtsx9x7Q:/Wt+ITVt/F0Y5TqIrk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686399, "uuid": "5bb824bd-5d69-4f1a-bb86-d615aeccd2dc", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686399, "uuid": "50c5d98f-3f53-4326-8468-173f3e891b3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686399, "uuid": "d0a6f5dd-04c5-4e10-9cec-7f7a50e2c912", "value": "e27fe886b1533db65678ed325d3ecbbd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e698900-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689685706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685706, "uuid": "da2c6758-94ed-4439-b279-e47b3c46165c", "comment": "Malware payload (NanoCore)", "value": "501e97352306ef9e2c77a3d92035c6fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685706, "uuid": "f948ab8d-61ee-44cc-b4ae-3fe95fcfee97", "comment": "Malware payload (NanoCore)", "value": "e0f2fd55c87f8954875f54e8d6d467245e197d4a18af3123c5baa4519abba4d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685706, "uuid": "1b7e9da7-5bc3-4c65-9bf0-8571ceed7037", "comment": "Malware payload (NanoCore)", "value": "76c7cb2275240a1aa135369c81d80682c319b929", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685706, "uuid": "533eb3a6-32a7-45bc-855b-dbb6a7d03d0e", "comment": "Malware payload (NanoCore)", "value": "4f93104152dff797747e2260c580a47e224dd6c5e9c7f3d5617c1dac09bdc0efc304fe5f3cf487ebc45a2ab40870ec61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685706, "uuid": "f3094ddd-8183-43fa-ae3f-67e4c7526c9a", "value": "T14905237269C1A0DEF0A69C350C75AFB55A258B324432475F13A1FB3A7FA0143DE5B3A8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685706, "uuid": "084fb637-cbd6-4ed7-9321-02c7557627e0", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685706, "uuid": "119cdca4-ddb8-45f0-86a2-3209db16fce7", "value": "12288:ug9XMpkb5Jl6Gyb3qidNKA+KeAQFaGYHzed888d6pscs/b/ufZBoxQiPPCWHG:NC05JGb3BjencGCpAphiufjQQUHG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685706, "uuid": "dfedd854-194e-44ed-b1a1-20dc31e3424a", "value": 799552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685706, "uuid": "772d3f6e-4a1d-43de-963b-83bf8f4ba846", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685706, "uuid": "9562d1e9-3eae-415d-b2d6-f00f8585a18d", "value": "1 \ud611\ub825\uc0ac Hot Line \uc900\uc218 \ud611\uc870 \uc694\uccad\uc758\uac74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc0fe346-254d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689672629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672629, "uuid": "8d551fdd-9302-4e86-a6ef-a087b05f8dc3", "comment": "Malware payload (DarkCloud)", "value": "687acf4479fbd86277fdf370e9535e85", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672629, "uuid": "70d9d6e4-5964-4da4-8056-59609df04292", "comment": "Malware payload (DarkCloud)", "value": "e1156b2e6b8500afa5e8a45d46a3420a33be357d5af362a224dc39e253fc720f", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672629, "uuid": "27c1a520-1160-4a3d-806e-a955912d0821", "comment": "Malware payload (DarkCloud)", "value": "87411fc5d13aef29b17d5a54cadb4dbb0245d78e", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689672629, "uuid": "279fc3c7-6ffb-4b0d-b273-61f35a7d908c", "comment": "Malware payload (DarkCloud)", "value": "5bec42fdca7de0dd2de44c85b45f600c5d789a634f1a8e5d133105489ca78009472342611a8657a55bc00f0718b682ae", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672629, "uuid": "1d73947c-f86a-4b46-8b74-6417ce1bf439", "value": "T1591523B88DA76827C46B2FFEA41052B103B58EED740BE2570D09F57BFE26B494910787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672629, "uuid": "5731a024-56f5-4a75-9b12-7ac19fdb9102", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672629, "uuid": "cb0108d7-3929-4a28-8c79-636bc84bc249", "value": "24576:RN6GEf3tyqvbEtsJElhBstN+YDFt9/FGm72BZcHuE:b6hfgOQtMB/Hl8hZcHuE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689672629, "uuid": "c962ecb8-45f4-4b94-a87b-fe6ca2b72cb2", "value": 956416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689672629, "uuid": "8df108da-9424-4c12-a3cf-612d30feac62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689672629, "uuid": "b1d671a3-2ba9-425c-81ac-6f694a48cdad", "value": "PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c38da0f-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641007, "uuid": "03ca0025-bbf1-44a1-acec-bf08a4bfbec2", "comment": "Malware payload (Mirai)", "value": "9931fa204730c95fdb47ab019c8ccb62", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641007, "uuid": "ad6bc2ca-353b-4a69-a572-3f3de2e9a462", "comment": "Malware payload (Mirai)", "value": "e2d044735fe3dc1584968a12857c77162fcae7e343357f60d494555bb47c7c4f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641007, "uuid": "a81bf379-5d51-46ae-84bf-2ea4b41f3432", "comment": "Malware payload (Mirai)", "value": "73b6614de5fbd3b93a6fd47a5fc8dc9b591e9d4c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641007, "uuid": "4556c8fd-6601-4028-948a-c82ddcaed38d", "comment": "Malware payload (Mirai)", "value": "fc323e0fbbf17b0e8bc3893a902fda4a5f9f89941118effc857686fea89af5020804c9c98ab90149958696f07ca8e5d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641007, "uuid": "bdf49e06-c157-4841-ac92-11737258355b", "value": "T198B2D1A48765AB06C1B0B875A27C8F926B3B11E4C2F639262A30937D958145633FDAC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641007, "uuid": "7e30ca71-b91b-4ba5-9362-ecc029332196", "value": "384:4GHKXlJIDFUS0Mggks3aIrokYVDoDDRRKj55N7LB9U+BziO1hymdGUop5hu7m:4GHKQFH0rs3zWoDDRsjt7LB9U+Bz31s3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641007, "uuid": "b842103d-19b9-45f6-bb61-1325bd5f041d", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641007, "uuid": "3b1a22ce-35a8-4660-bd73-ed0b2f4d3a8f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641007, "uuid": "fc2cfa6c-fdb3-4541-83ae-146920a4b17f", "value": "9931fa204730c95fdb47ab019c8ccb62", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e15f4e60-2520-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689653364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653364, "uuid": "7ea7bb1a-3647-4b18-9a0a-9ba998f16049", "comment": "Malware payload (Loki)", "value": "45940981fe909cc104ec39b580478b4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653364, "uuid": "dccacd62-0c83-497a-9f08-644c29fa842c", "comment": "Malware payload (Loki)", "value": "e315436194fc3393c84aac01a11d3bc646eba90cb6a1a103e60c1774bc7e2b4b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653364, "uuid": "8c7a2e1d-6412-4551-81e1-d2a188fdaf47", "comment": "Malware payload (Loki)", "value": "8e488051c1c83b3d2d907bfe44f091089a1fa02a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653364, "uuid": "35d2c026-3ea2-4639-8dde-87ada8a3733d", "comment": "Malware payload (Loki)", "value": "8af91c0d8b787a0d28abf806919bd553ae8526d86e18ff73c81d144a02e09905d8188a88c83e9a3f0be1638c2d0bec55", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653364, "uuid": "f1273c3d-5b95-44db-8d10-c185e5cb377d", "value": "T1C7F423197671F0A7DEC44F7023E640768FB46D2826B1604F0B50BE787ABF7429789E1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653364, "uuid": "6154f69e-e2bd-44e9-97f1-5af8badcf5d4", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653364, "uuid": "5d6376dd-d16b-4c76-b831-a5890421395b", "value": "12288:Tg9mdK89EERUXCS3rDsFYih//SZUnkdovlo1MfxmVISRfwelsIDS5pEA81ZM6:UmdK2naCqrwrh3xkd2x6gelQf2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689653364, "uuid": "70514e62-a896-4ce7-a828-1fbbc171eda5", "value": 758264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689653364, "uuid": "165d1e64-e937-47c1-8cfe-85f399f8aa6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653364, "uuid": "0bc54ef3-4fbf-4141-9f30-668b00009bd9", "value": "rPedidodeOfertadePre__o_USP2307-17BR___pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee479da6-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661117, "uuid": "6726167d-2e93-4d53-83ae-6e26f6fb02b5", "comment": "Malware payload (SnakeKeylogger)", "value": "5380ad94fbf1377d7c954a3b7459ab57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661117, "uuid": "f1da8ce1-dd85-4a56-9135-61c7b5ef799d", "comment": "Malware payload (SnakeKeylogger)", "value": "e439f3ec822a900ee19b986b14d2871bdfc6472117419f43b183fd08c83e14fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661117, "uuid": "fd95df49-9549-4906-8135-133274f15958", "comment": "Malware payload (SnakeKeylogger)", "value": "a6adc6359f11b332dbfee61e115c231eb6b55c73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661117, "uuid": "cf24cdc6-3cca-496d-af92-b827a9b68539", "comment": "Malware payload (SnakeKeylogger)", "value": "ac68aff228fa46fb76f4e556af5f3de43a4be97dda940fc9abf24eb4d692ce46f17f513502ff668ca8874471a6aca858", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661117, "uuid": "b1d99b1a-1aa2-4c45-90ab-a3da4be85eaf", "value": "T1FB54E10336BC8B26F97C0FFC59A308402376686955A6E37E0DC572DD3A73F624A91687", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661117, "uuid": "33ff1ba4-5436-43b9-98ad-a9184ea1a75b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661117, "uuid": "feb2fdfa-466b-44bc-b979-c4bcd702384b", "value": "6144:jTFA1alxb0btB3kI6HI8mSaNeJwgKj+puFG3xj4LTbBNOotlrP/Jp:jTFAolCBUI6HI8mSaNeJwgKj+puUxYbl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661117, "uuid": "2cfbb42e-0a0f-4ad9-ad55-04a3b23defd3", "value": 281600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661117, "uuid": "3153e246-08e2-46f2-85a0-036966723b37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661117, "uuid": "f0229606-135a-4728-961f-e33759d1d782", "value": "Hesap_Hareketleri_17072023-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "392bac71-250a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689643633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689643633, "uuid": "50d7421e-1e95-4075-a651-b68fe4d3d8fe", "comment": "Malware payload (DarkCloud)", "value": "55d78fadb9549aa45c7ce3632276dcd2", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689643633, "uuid": "ec32f7d1-2f88-4737-8214-e007b0f7d7da", "comment": "Malware payload (DarkCloud)", "value": "e43d1424c912e7c255bba16e116d51d856c4c2c5ea103fe5ea21f6077e72c9c2", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689643633, "uuid": "a54b5277-9b4e-4d36-80b3-fd1f1adc0735", "comment": "Malware payload (DarkCloud)", "value": "2b23d3291bba9753a57771b9bc456d77db6ec9c5", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689643633, "uuid": "62e36cf7-dbbf-47ae-b2e7-da33c9f5532f", "comment": "Malware payload (DarkCloud)", "value": "43d9fa9d8ae3349fd31438ad56b50bb88ea7bb5001889e107defa0ce6d72dc898f9f50e7ecc29d550a03c1bb61d44014", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689643633, "uuid": "d8c60ba8-7490-4117-b2eb-08a94a46b750", "value": "T1C6641368B690846BCD6201701C77863BEFB5E3561AB0C30B3724C6687DB9B41DE5E771", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689643633, "uuid": "5a4e385e-df9b-4291-92e1-350b36384283", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689643633, "uuid": "a142e681-6d22-4968-b0da-df406e4c184b", "value": "6144:/Ya6l0L4KV2tNwFXawf1120HNj7KwKPxSQlhYkIxgBnFyBB6kJa:/YP0It6xagj20tj7KwKpSKIxiyL6Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689643633, "uuid": "56d474e1-038d-4422-a4d3-ec3aa64eb4af", "value": 328597, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689643633, "uuid": "10c9cade-5586-483b-b0e3-9db939da9c04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689643633, "uuid": "aa74c26b-f31d-4a9e-82c6-57ad0bdf542d", "value": "SecuriteInfo.com.Gen.Variant.Nemesis.25268.9427.6181", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4b5a692-253b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689664966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664966, "uuid": "cc2791b1-bf3f-45c7-ad55-e14089c85c8b", "comment": "Malware payload (Formbook)", "value": "656b3a7898ab377ea449a63ee418eab6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664966, "uuid": "372b0eb6-c24a-4ace-8062-85095fd40295", "comment": "Malware payload (Formbook)", "value": "e45a7904b4a10f7130338040cea85d323aaabeaa52c85b28fa1b439f5ffb0f04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664966, "uuid": "a3c0e1a3-c4ff-4e36-94b5-c58872be5f13", "comment": "Malware payload (Formbook)", "value": "39dd76e1b059e4b34cc3f6d0f41e7c75f32c6bc6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664966, "uuid": "53b8aa8c-de65-454b-894a-e60d821cfdc8", "comment": "Malware payload (Formbook)", "value": "83631280f024ee763885aeafc169fb17d279ea180163dde9b2bcb0f75fb682cdc45b4629736902d862a0962961881a6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664966, "uuid": "9eb866d5-99ab-40ff-9a7a-6c42a3b2baa7", "value": "T1A544121479A5C0E7EBA263710F724916AAF8FD211EB4674F5BE06A0C7E72090D41E3B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664966, "uuid": "5b9d2797-b51f-4d85-b55c-b268aa84e701", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664966, "uuid": "bb1dab68-7818-4830-b645-c1b315ee0953", "value": "6144:/Ya66SI63Qrs6AdLru2Kd9Xl7sDszclojbmgGGn2Ru:/YUNUQuRYfrzcyjb3GGn2Ru", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664966, "uuid": "0e204b41-f723-4d5a-83ab-b677fceb5a82", "value": 260901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664966, "uuid": "f33f6d4f-a5bd-4242-9ed6-61022b02acb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664966, "uuid": "48954ed0-d15e-4753-8baf-db85152eed58", "value": "Revised PI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53a8576a-2533-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1689661287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661287, "uuid": "025de6be-a684-44f7-924a-88989153c5c7", "comment": "Malware payload (Rhadamanthys)", "value": "f1942d505bda7b64924f8d1e4c69adb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661287, "uuid": "56f87c22-7377-4fcb-8dfd-f3d0550a0b9c", "comment": "Malware payload (Rhadamanthys)", "value": "e4caafbf1fe59315a6f9b31274f749948dfc59c4a82335881c88460701072ef5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661287, "uuid": "3780db9e-0cd6-46d4-a1de-4193ad98cfdc", "comment": "Malware payload (Rhadamanthys)", "value": "46349c62e5f42982db2aa0661fa85fdd454d7f66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661287, "uuid": "770600c7-e87a-4310-ba82-9c33ab8386c0", "comment": "Malware payload (Rhadamanthys)", "value": "1529a7ae00da585c6db3512728b56668e54c0a088a0643d0b71fd825a58f5896941b8abdf56b47e1331c8fa1e71d24fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661287, "uuid": "1178f5d3-8354-4505-8c14-3a3ea2558ad8", "value": "T1B7D2D734EFE8837ACBFA06B95CA7531D1638C1957603FBE78958749E6C477090C26E22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661287, "uuid": "2c16984d-d3a4-46ac-a786-462aa8aa4086", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661287, "uuid": "d490d119-c8d1-43de-b6b4-657218b1fbe1", "value": "768:8mHDQmgIBuIeQ+Fj9I/CvvocKiGiTk+sxN5h:8C5zSjOvcKiJA+s3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661287, "uuid": "589b2e3d-430e-498b-a434-5b2461ff4ae4", "value": 30208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661287, "uuid": "c551546c-9714-436a-becd-e975cf85c180", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661287, "uuid": "8f6feca8-b6ad-4c4c-ae51-95f761cf0041", "value": "f1942d505bda7b64924f8d1e4c69adb5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d59ec896-257f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689694147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694147, "uuid": "a8440cbc-3b7b-4ff4-8e2a-dcf644c475fb", "comment": "Malware payload", "value": "e22b106252ecf59210262c67e1a8877b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694147, "uuid": "4deaadee-f105-4694-9a6b-585745fe8904", "comment": "Malware payload", "value": "e4dcead9d58de1edb041678f4437de4a43dcef1ba6e16a6e3cf4cebc8250d6ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694147, "uuid": "d9c26dea-62be-4bdf-9a94-183868a69dfd", "comment": "Malware payload", "value": "f58f36609fcfd7aa3e6581c50107135e13738dd0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689694147, "uuid": "415f2bc4-6166-48db-9580-6815ee858f8c", "comment": "Malware payload", "value": "8cff1d172a442e227c529ccede62ea9e44920bce92230bdcc768fd0a38f7757ccdcb6653cb60d12bff06d9e6129dba1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "impala stealer", "colour": "#3F5412", "exportable": true, "hide_tag": false }, { "name": "Loader", "colour": "#BFC5AA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694147, "uuid": "371f9bce-77a5-4599-8624-b5c8659f3e65", "value": "T119C1D701ABD8A373EF7B83B1987353100274FB62A9A69F5E15C4550B6D33B040A12FA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694147, "uuid": "bae8a347-1236-4f6f-913a-d096219214ae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694147, "uuid": "e9eacb89-1588-4cb8-a4bd-1c187c830786", "value": "48:6surn16uZHxD6CEVY11ScXNMLh95D5UIOSqkYRgTzQlh4AsFapfbNtm:f6xWHVY1EQBSic+zNt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689694147, "uuid": "c2e27551-050b-41b1-9a99-a593d2f971ff", "value": 5632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689694147, "uuid": "8b27e97c-8efb-4c2c-bc77-bd261fe77757", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689694147, "uuid": "51d99698-09d4-46d6-8c35-aa040c5efb04", "value": "e4dcead9d58de1edb041678f4437de4a43dcef1ba6e16a6e3cf4cebc8250d6ac.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d728d9a-254b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689671638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689671638, "uuid": "c554c7dd-639f-4887-8ab7-12b07b51b876", "comment": "Malware payload", "value": "1f614c879e2e49b804fa9a41573e2e32", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689671638, "uuid": "63cb11d2-3d45-471d-a581-b52917334560", "comment": "Malware payload", "value": "e53e0efd95c602577e910303effa29344a929bd9600984d3c261a68949273e22", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689671638, "uuid": "b141999b-5fc4-482a-8c40-943cb66bb550", "comment": "Malware payload", "value": "b88ed6ff67bb5b76e049781dce0b3735cc1d66e8", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689671638, "uuid": "8665d303-9c65-4b2d-8dc3-0a696072df3c", "comment": "Malware payload", "value": "457f256f182a8669db2d8c0abd356defa9712557485ef881894b4771aadede47eb3081320ee9f95bf7dfb50373d808a7", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689671638, "uuid": "806877bc-3575-4bb1-a586-821e1ece7aec", "value": "T190763368FE46FAF358E0696D8CDC5E65833BFC5AD247603288C81E6E7432B1506781DB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689671638, "uuid": "ec60e4f4-8718-4648-b4fc-8120786bade3", "value": "196608:FP8Ersjz3VydvNHTHqogxkYdNMWoA46hCWtDTFUXwFixd:B8ErezFydvNHrkWYTM8BuXb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689671638, "uuid": "f5418e3d-fcf4-42fe-a7ac-e862007ab00a", "value": 7335965, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689671638, "uuid": "7ca1c129-a0c0-461f-9356-ab1897cdbea2", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689671638, "uuid": "4172d66d-536d-411a-8c0c-f773c67b41a6", "value": "double.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b95e0e41-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712138, "uuid": "75ebaad8-e66e-43fd-a52d-a15cc7463134", "comment": "Malware payload", "value": "6c9648cee5d120f6d624bc29265be36a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712138, "uuid": "e0da28aa-ccd5-4665-bf8f-0d9068d25c87", "comment": "Malware payload", "value": "e673707ba74eb577fbadf4246a1f6a531cbad2da326e1110b852796375db9058", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712138, "uuid": "f9f25d84-e5c3-4fd2-9440-c9b1dc9e7197", "comment": "Malware payload", "value": "347c7c6089fdb42b86952265a5e243b71d488714", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712138, "uuid": "7ecad6eb-fb59-4e87-a56e-9dfa525f8d62", "comment": "Malware payload", "value": "20810fab68fe08aa856179c247d3a4cad26090b04342373acee85f6e02560b625aa4775125d60fcb5a69b420f840f29b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712138, "uuid": "d02aed12-1735-408f-b0e3-5af077fe4654", "value": "T13C5523277EC217BAE91B01FDCAAA0EF816C0FF81D9805ADF0546715485BF1E6C8162E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712138, "uuid": "53665380-ba8f-4a10-9c15-1faee8343c5a", "value": "cbda4b628b054d334708d642fec2e924", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712138, "uuid": "ca82d61b-2793-4d4f-951f-dc5c795e5346", "value": "24576:B/KRW6ASeDihYPn4UGo1C6LbG29cEe1uD0+rk8UkBMQ3nQ5Y+y+hvTV:BB6aDic4U5k6Li2qFMD0sk8bBMQ3Q5YE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712138, "uuid": "d00b0617-713e-4b00-bb7f-ee6c330e8ab0", "value": 1284096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712138, "uuid": "8c4c6602-bf30-4256-8c5a-1ba2ade13abe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712138, "uuid": "e27c529f-a64c-428b-84d5-26543d0259ae", "value": "SecuriteInfo.com.BScope.Trojan.Download.8268.30701", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be159aec-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705274, "uuid": "8e04a8f5-be47-4608-894f-dd2b277fa9c1", "comment": "Malware payload", "value": "b2bfab36a886a8e2a91101629f04b542", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705274, "uuid": "12a2b5a7-c15e-468f-8b61-f2e0672334cb", "comment": "Malware payload", "value": "e6eb582263483a2124bcbc449fad044973c034337bb832ed2991ca2d9685e15c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705274, "uuid": "554c6e72-d508-4348-8fd1-792cea36cd55", "comment": "Malware payload", "value": "be97bdcba08cb39661828b46c022ac1a2f5b306f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705274, "uuid": "e9701b93-aa4b-4e13-bb24-a1e0f4f0234e", "comment": "Malware payload", "value": "037462d861dc9ae27dc3ab04b1ba48d13563132d80a6b2633ae23e583925a17c0cff5c71e3b73b54892cabac0afdd52e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705274, "uuid": "38f129cc-30d5-4ed5-ab4f-af03e20666d7", "value": "T174447B11B4D0C033D67338324628E6B24D7EB8305E659B8F67C909799F74682E729B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705274, "uuid": "8d154e54-3f16-4746-9c36-d2d4ae9fab37", "value": "8c0d97e36730a503ca32cb239693e246", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705274, "uuid": "102859f3-f5ba-420c-b22a-b531b84e7f9a", "value": "6144:reQMr6OkeAHYS2FwrkbibMLq70y3Ifos4PLQkSAagi196U51ojR:iQuzkeAHYS2Fwrk2Is3IfoT9SMi196Us", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705274, "uuid": "d5f8df5e-1f56-4a77-b108-8655758a3c96", "value": 259072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705274, "uuid": "dac7a27d-dcfd-4c39-8515-b96953b3e788", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705274, "uuid": "88fd59ea-8fac-440d-b1ab-f8883fbd0c9b", "value": "SecuriteInfo.com.Variant.Midie.120442.29336.27011", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ac956f1-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1689680197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680197, "uuid": "4e91ae41-6e24-4466-807c-c035bb779d74", "comment": "Malware payload (LummaStealer)", "value": "9c44cdb43340fc9b7e3de6f4e0b95b29", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680197, "uuid": "ff6a0166-9d09-4e0d-a9c2-241b14df57d5", "comment": "Malware payload (LummaStealer)", "value": "e712635bcf6dfae53c0b3679f053bd3a4e509e26295c0d3991887abc3e37f5b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680197, "uuid": "6ba61759-34b3-4852-bdf7-e3358eca55be", "comment": "Malware payload (LummaStealer)", "value": "e462d5b74202a1156a005ba5c032af092b3622fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680197, "uuid": "1a9cf033-e5b0-42e0-b38c-dd2cf1e5251b", "comment": "Malware payload (LummaStealer)", "value": "fe67fcf37adce4386971df1b98f5e440ed9d8e9829ba8d36dc6a5ab84e805cbf01e56a87cce5dfb9fd1810414e18b726", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680197, "uuid": "49c4242b-662a-4448-97b5-1d1000de1628", "value": "T150847B4CE762ECE9FA660279257169163F419C1EA0D9285D228DFB263C36313509BCFF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680197, "uuid": "81578d06-186e-48c3-ad19-a9a96312e5c0", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680197, "uuid": "47606b9c-79ae-481a-9248-9e7bfe8698d4", "value": "6144:K4t6LsvuyXOLT/plOJb0r6iSeysFkHnhHMQ/4iw67Jf:Kkvz6/KJ06iSeLkHnyKAoJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680197, "uuid": "725d2e87-df7f-4f76-bce8-107156a12480", "value": 389424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680197, "uuid": "0cd8b134-74f8-4000-bb9b-a1f0f782769b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680197, "uuid": "1fb662bf-d6f4-405e-a50c-52eb925f3eb2", "value": "bill payment notice #43782 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c52d0b0e-2599-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689705286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705286, "uuid": "08c6a5db-7a6e-4da0-96ee-36708178244c", "comment": "Malware payload", "value": "2cf2b0886a404956b449faf43e438c84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705286, "uuid": "a86991d0-3ac0-4c7f-b580-3902edaeb544", "comment": "Malware payload", "value": "e795b1f5b11d6a95440f548c2e9f3beed1e1a1ccd1c34e0196b69dfc4fc4e1ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705286, "uuid": "9f339955-a6c9-4892-972b-036d27cb6128", "comment": "Malware payload", "value": "6ed78077e5f8ee479d555f5a73520b4756dad5d1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705286, "uuid": "487e303d-e709-4a6a-bdf3-a0a6a20ee685", "comment": "Malware payload", "value": "ef5c0439e3a8894726693605aa7ffd37dadc330e29121cacade7b85ad465ce5544c428b16af0912d11798cbfb669d0c1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705286, "uuid": "aae75c84-647d-4677-aac2-dd01ee875ca3", "value": "T128B36B01B5D1C032D8B6183119B0C9B51B7EFD704E219EABA7C8163E9F746C29926E7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705286, "uuid": "ad56b597-53e3-4906-ab54-4ecfb87c3b7d", "value": "408f42a7a531450f59ecf2eec967e1cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705286, "uuid": "0224662d-30fa-468a-93c3-2fd2f0cb9eb4", "value": "3072:BuMLKLilGbDYkI0F7AQIZkI9+HJa6OIpHl9f/4bj6Y:BQWlGNItkVa2/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705286, "uuid": "30cf26e5-1440-43fd-8912-c206b6cd9307", "value": 115712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705286, "uuid": "87e14245-6b6a-4ac1-9a93-bc2dca03da7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705286, "uuid": "b851b801-903d-4d30-9573-5bb1e0affbd8", "value": "SecuriteInfo.com.Variant.Midie.120512.13967.24743", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6fde218-2562-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689681613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681613, "uuid": "cbd9b57b-f670-4dc7-afaf-6b3ec0ca2347", "comment": "Malware payload (AgentTesla)", "value": "8a7730c3296a88de34aa82d782f1ffa4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681613, "uuid": "b8e1daac-1d0a-4df1-acf7-9cc3e7431fb2", "comment": "Malware payload (AgentTesla)", "value": "e7ba59df8952792cd33c2a73b4f0b432fd4fa0fef5715bbadc74e499847501de", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681613, "uuid": "3cc8c623-3437-4bee-a3a4-2693781941f1", "comment": "Malware payload (AgentTesla)", "value": "e79e409310c9b90df14f0799977eb5e73ea3deb2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689681613, "uuid": "b71e3513-dcf2-43bf-8b57-608d127d964f", "comment": "Malware payload (AgentTesla)", "value": "5f3b5082ce0f009fc9f7b4411c07b4ddbf96341ed481bf7bdc23ccdae0a510c834f6ae7e375f8083b125c82a9cd8dd42", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681613, "uuid": "e354a1a0-6f15-426b-95c9-f65b11d170c3", "value": "T19DE44D0B39D11907D62F427E907C6A6CEAEEA61D117FD529302CC3D3A1F660CAA4D71B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681613, "uuid": "7542db82-e911-44f4-8cee-4b87226878e8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681613, "uuid": "7099768a-f491-4367-9a9f-5ca5417a9c83", "value": "12288:1BzGQIut7DYWmeH/3UCjvkTLqPwBhLpnAYKB0X:1Bzz7krehih9nlQ0X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689681613, "uuid": "3a313cf3-0a45-4c45-bedb-e04f092c5c8c", "value": 697856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689681613, "uuid": "6faaa0e4-7e08-40a3-b68f-0d8113bb8205", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689681613, "uuid": "412dd146-de3c-4983-97d2-803993f794d1", "value": "Bank Slip Confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78d7984a-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689685830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685830, "uuid": "08e97084-b078-4b85-81bc-9762ef217ed4", "comment": "Malware payload (CustomerLoader)", "value": "f8a94e4cd826b6cb398e04172f7e17b2", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685830, "uuid": "fbc2c775-7942-45f1-9525-274deadb3908", "comment": "Malware payload (CustomerLoader)", "value": "e9b89c91baf30931ff00e18e04d957edc7735cbc9e44eec035e8f395f6c4b6dd", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685830, "uuid": "decca8b7-ddba-4f55-a2d7-ad17036e3871", "comment": "Malware payload (CustomerLoader)", "value": "d50ae154ebefd0e14bc363b9beaac4cdd2f9e7dd", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685830, "uuid": "cb9b046a-2b6d-4949-bc77-85852884ad55", "comment": "Malware payload (CustomerLoader)", "value": "34ad4e8b41a4876e3153f0de1319bb609a17e32448189598bd290483f4c67eb5e03dfe8d8e318784c47fe8fe3a310476", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685830, "uuid": "072da112-b28b-4956-845c-3d2fbdb56ea8", "value": "T1B4321C048BF8856BE6A707BA9CB34780413ADB767422DB6B29CCA2491D133545F773B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685830, "uuid": "22aa17a7-a574-4b09-aabc-26acd288f262", "value": "192:LL9+ULaXHXiee1w4cN8QtfddSEu/gLDw1LW/NW/Wq1/:Lp+UKHSee1w4UDdSE4gLDlW/WG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685830, "uuid": "44b93b21-18a0-4e81-8fa9-1a988f413920", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685830, "uuid": "aff9925b-d369-4825-bf26-8bf17d8b8833", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685830, "uuid": "da809cff-6f64-4235-9f20-7e15a9cf3639", "value": "QUOTATION_JUL7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f8ad587-254f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689673225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "6e175f63-e007-496a-a8c1-8c5d47ac8726", "comment": "Malware payload", "value": "b3e24e925c5731401f75822553e504c6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "2d5642c3-ed49-436e-a8c0-e5cdfc1bd625", "comment": "Malware payload", "value": "e9ca03cccffe0dc3876a8afc0a0a209da04a59f8ee97d642f21650906d6d3789", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "07dd6172-fe11-4738-9b65-02c6e3431bc3", "comment": "Malware payload", "value": "def2d798951481c2c06cbe903830a63aaf3c055b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689673225, "uuid": "f50202c6-59ee-44d7-98bf-cd762b0acb18", "comment": "Malware payload", "value": "8a0a7a84377b32a33f6fce8296213e057aac2f901a338fba70116c09da6db6e8efc4c287e2578ba8bbf88c790c447953", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "66602d23-ba52-49cf-bece-fddc818b71df", "value": "T171452313DFD1F1AAC596FD31230E9321D334E83596389A1AEB918F9464B29D0CFB6316", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "315ffefe-2683-4684-bef1-65c92673249e", "value": "24576:6pxWuCSTTnZEDCbwFIrvFZCY2QzalF9NtfJ1f8NMLDL8V:jeTnmW3vXf23F9NF8WwV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689673225, "uuid": "23eb328e-1c6b-4db3-9696-1f0b81c5333f", "value": 1207296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689673225, "uuid": "52d23204-e91d-4a72-b262-5753584241ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689673225, "uuid": "d0d37bc0-223f-453c-a28a-087ebbfed6ae", "value": "paka5.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "668ac94e-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684511, "uuid": "e6ee2c45-01d8-437d-8d52-271056fb78d9", "comment": "Malware payload (SnakeKeylogger)", "value": "dee75e523ae85c613fe1cbf269de7e25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684511, "uuid": "e4ec494e-4d06-47e0-991f-6c516b0df1be", "comment": "Malware payload (SnakeKeylogger)", "value": "ea14e71e40ef5c0214b407a983fc0c540ccccbbde1a8479c55adabe286469589", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684511, "uuid": "41118c09-1b55-47d9-8a9e-68ec06a85a13", "comment": "Malware payload (SnakeKeylogger)", "value": "a6b79aec1ab2c19d303b82025515bdd8ea83d4d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684511, "uuid": "ddad47e5-0773-417b-9ec7-4d7188e96755", "comment": "Malware payload (SnakeKeylogger)", "value": "d4bd4299e6466a06343f207f10008575bb4b2fcd141326b5c6b08ff41df84a233e403b3570da837f160d0c60de02d86c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684511, "uuid": "06cb464f-3190-41ac-ae01-5b5a8969c306", "value": "T19CE4E110762C4F17E4BD63F99024665893F56D5B622FD3588EC33DEF39AAF404A01A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684511, "uuid": "c47043db-0816-4a06-8880-9cd4c2a07087", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684511, "uuid": "349d44b9-f476-4534-b2e4-e169c5f24085", "value": "12288:Wf+bDv9BcW9RoIOfb/WT4UkuZOtFdMyvqSq51l2Xtt6A0VXpd5Rha5T+p1YP:WGn1BcW9RoIOfzW/ZO3b8cXtl0V5dFaf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684511, "uuid": "28a7bc51-a20b-4c87-87d8-63a930e670c9", "value": 711168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684511, "uuid": "e288ea20-8b98-4ee6-aa7c-9ae9c90b33af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684511, "uuid": "dfe304ee-940f-4a01-83eb-9850446b9ae1", "value": "IB_23071847557_attachment.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b51c13a6-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712131, "uuid": "8598fd09-7c34-4b67-b04a-9aef82d4835d", "comment": "Malware payload", "value": "5f93ad895baa3cc9bde896e875383260", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712131, "uuid": "a6c819d9-6cb8-475d-9fd7-7033d092ce9d", "comment": "Malware payload", "value": "ea4f59616e50cef67ed789faea5629b25e5861ef701da45d946658e064d11676", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712131, "uuid": "fe3d7250-7f72-470b-a657-fd9ce0ecc7f2", "comment": "Malware payload", "value": "2174f3f3f45571912afde7b5ad1a5a48b44488f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712131, "uuid": "e351be27-a270-4791-a6cd-3bd51c5d08b4", "comment": "Malware payload", "value": "11f80424762291c592848ddd7110b580c0976339c171ed3a84070b5258d3a47f2dacc6db4148582440ee3f3ca74054d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712131, "uuid": "89f2cc4d-9b57-46fc-8157-09eac178c98d", "value": "T164C56C25B6608407E12769B5EEABC1EC2816BE446D1499573EF47F4CFFB07C138282A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712131, "uuid": "c3621a6a-9568-48d0-89d5-2636223c78fd", "value": "24576:D1nDFYIXKK1Iq9kz2SHShJdvSAtI4GpfUt1dBeJdKfpKU+LKxs1tRjUi8CPhJF41:HKK2yweDtI6B8dlXjUinvCeM91Gk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712131, "uuid": "2f80dfe6-c998-414b-8260-fb9768ca9320", "value": 2633728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712131, "uuid": "196c9ee3-995e-4238-981d-8471bc884c72", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712131, "uuid": "0fac82e4-66d2-43f9-ac2b-6d4983474cfa", "value": "SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.2165.3453", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37031a8a-2558-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689677130, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677130, "uuid": "aef20348-9b47-4873-a1a6-4895579e47ea", "comment": "Malware payload (Amadey)", "value": "8233f8cb9a2bcd82da768d1dcf9cfd39", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677130, "uuid": "a84d2349-9757-4e90-869e-1f790b68b2b7", "comment": "Malware payload (Amadey)", "value": "eac6ff3966275b86a58143011c6e59ca907dc55ef3e533b089cf376bbceb0572", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677130, "uuid": "48c3fdc3-ac91-48c7-946d-8aeb55b581af", "comment": "Malware payload (Amadey)", "value": "702831ba7bb05ff0f6155fd04549cfbc610d01a7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689677130, "uuid": "3c965604-da4e-404f-ad6a-32fcb42a7801", "comment": "Malware payload (Amadey)", "value": "01210092187151e0167b6b63fc222810629f19b77753c6e8e6c06f25cc294cf9028da1308abcbcce84b25915fce3df51", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677130, "uuid": "12b87cae-6276-470f-b24a-0b8d51ccceb2", "value": "T114B41202FBE98532DAB41B7018F313931736BCA15DB9936B7749884A0DB26D4E47633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677130, "uuid": "1c8f196c-b8a9-4467-b61a-ae0d53f051cf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677130, "uuid": "f5bdaf7f-4e5e-43d2-9486-f11cea99fda7", "value": "12288:0Mr5y905mlwbxFjgJF+i42VN0Qh42jpo9SrbIn4zP:VyUwwbrUJFl1jhVpvFzP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689677130, "uuid": "9397bb34-5b63-45b9-9273-4466bba53e10", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689677130, "uuid": "242a9f5c-42f1-4fde-9c14-0b6d71fa3021", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689677130, "uuid": "4a4332ed-c2b4-4b9f-b148-831d5ca3bbd3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b0e1ea9-2575-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689689673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689673, "uuid": "88a119bd-6a8d-40fe-bc35-e8abe8765350", "comment": "Malware payload (Amadey)", "value": "f808cb962a303c64274c6509edef6d88", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689673, "uuid": "c850f33a-df08-4736-a0d4-9a631912c409", "comment": "Malware payload (Amadey)", "value": "eaf897bc904d81bd19fc4caf22bfdfee7647764127d64f8984954fbd594dd3be", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689673, "uuid": "edf2341b-8fd7-4de9-84b0-3d036896e055", "comment": "Malware payload (Amadey)", "value": "f2c39beef25b883dc7e9099126e22070f0813358", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689689673, "uuid": "01e2d1cb-eca4-4e58-9f03-219f7e356fcb", "comment": "Malware payload (Amadey)", "value": "f58b6cdc0d137c831e97eb2fd1f4e07c5f5f99dee0cd079cbd53f396699fcbec004230352e47a84a1d6a3453fe214e5b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689673, "uuid": "9400a7c7-1218-48e2-9db5-5aee0df90e76", "value": "T170B40243A6E8A033EDF227B458F646830F36BCE19D38835B2741AD5A0D73684A971777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689673, "uuid": "d829a5a8-a2ae-4117-bb0f-426474aa666c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689673, "uuid": "7319ba34-6343-4722-be29-8251edb5b9f9", "value": "6144:Kty+bnr+vp0yN90QEb/N+ei7DSo2xdxkIqMYjrR8LKeGhmcu/PKG4bJs+wiBCG/4:nMrTy90S/DSndlqPrRNh1u/PpRZS02i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689689673, "uuid": "aabb8b17-2247-49db-a254-7578b23bdb51", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689689673, "uuid": "4a28873d-ebe8-45a6-a0ee-e9b5c2e10821", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689689673, "uuid": "8632ac06-65a5-4d22-af29-3a6d247cda3c", "value": "f808cb962a303c64274c6509edef6d88", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6129d50-2521-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689653721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653721, "uuid": "6780bb9f-330c-4f9d-9c65-10f68735e183", "comment": "Malware payload (AveMariaRAT)", "value": "84225ffdad0dfcb23a1604d30f4e8c78", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653721, "uuid": "337439e9-4d22-45fb-bdc8-6465739be31b", "comment": "Malware payload (AveMariaRAT)", "value": "eafdaa03650a22399281102a25abc8b5dcb3de2388bb13db78c94215f7fe1716", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653721, "uuid": "29a0411b-12eb-484c-b8a3-01a055745224", "comment": "Malware payload (AveMariaRAT)", "value": "31860c9cb75cfc96d6e2eeb460850587f7a632f3", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689653721, "uuid": "828a8ac5-68fe-4b6f-9530-aeaaf9e0f0f8", "comment": "Malware payload (AveMariaRAT)", "value": "49fa67d1e0841dae4f0a2bb6b024ca32ab9e07df9c453b17cef3510af24acc1287e1a4f5fb483e7ef2615c3384765336", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653721, "uuid": "b8b5ccc2-22a8-44cd-bd72-3b5a9d5658a3", "value": "T1F245E1146FA9C913E37F6377C0B502049674FC1AA65AEB0EA86470E56D33702BF117AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653721, "uuid": "8c35a15e-156e-4756-bb1d-6c9da4b46054", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653721, "uuid": "879d31aa-e82d-4f16-a145-944fd568270e", "value": "24576:lpKK5XazngvfdvIqer6ue4d+yi/A/Xe3RVi3RHbS//JHaMuCK2:qaXaLgvfdvDer6ueNyi/0GYbS//5Tu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689653721, "uuid": "35baa473-664f-4ba5-b35a-e9f5b3f243b6", "value": 1272832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689653721, "uuid": "d9ffaf36-52c3-46bb-b719-9adb5fcc7b09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689653721, "uuid": "f0f23a41-6682-46ed-814b-5dec6f1a8f06", "value": "PROOF OF PAYMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13adc3c9-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689662468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662468, "uuid": "08924822-2736-4113-aed8-4710aeb29e3b", "comment": "Malware payload", "value": "276bb90b32e23cec21d0304b488d9334", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662468, "uuid": "4adab9b0-bd76-4903-a648-071911cf27f8", "comment": "Malware payload", "value": "eb7a6cc6b72f0531463e9f43f11179f920ac534c4fa12650f2b157f378efb84a", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662468, "uuid": "87e196bc-0103-40aa-abb2-d0930d771ab6", "comment": "Malware payload", "value": "49610570be2968044e9343fe403642d047cce807", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662468, "uuid": "4a00b8be-6c88-4ba5-bcb7-90f95be88bc0", "comment": "Malware payload", "value": "e371651bb981bd62908e606b7d507d5c54a4cad45c4071b03872dffe5a0fcf51af70b98b2c3d0ce5fb80e7b9d9c9e032", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662468, "uuid": "7e5089a3-a2b8-4eab-95f5-eae5606d1788", "value": "T19C529EB5E4ABA0B9C78F057CB8C15268E318AE93675D06956F34D14C85F588F3BC23C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662468, "uuid": "711e3d17-6175-42f2-9dac-3477cdcf88dd", "value": "192:bERJayc7UHHNf9WVmJYunPZXctEzSPBkiOS+F7EmM//FYywPPAEjI:bERJPc7UbW4JY2xsQ45CFREYyvEI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662468, "uuid": "86d4f56a-b063-475b-9a8a-cc8f4382cee8", "value": 13430, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662468, "uuid": "3460f57d-a109-461c-acde-51f5ad673be2", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662468, "uuid": "a91cfefd-a418-47b4-96cc-073a5cc4decb", "value": "New Order.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a857d601-258f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689700942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700942, "uuid": "c3a39755-beed-4d3d-bc96-4e0eab911e78", "comment": "Malware payload", "value": "b8a4b3dcd75560545ba5d4e715c51aa8", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700942, "uuid": "0850955e-fe47-4d97-9362-9b2fa61595e7", "comment": "Malware payload", "value": "eb8458671e178c0159ba0bc3936739d6c0d573df00040d6bcc4ee699302a3895", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700942, "uuid": "076b3722-dbc0-4a38-8018-107d6819c146", "comment": "Malware payload", "value": "f15c1f4bca2d38d1f9b66f435f86535e09d4533c", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689700942, "uuid": "2f4d3a88-849b-4097-b41a-e69950579963", "comment": "Malware payload", "value": "06a0c346e5cbe27cbe5984f05a1f6215407c2c311635813ee21f69a0b3108d3051a65ffa1df46cc4e81be80340d6fc8c", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700942, "uuid": "96e0bf38-337a-48c1-804d-bdcf5567586c", "value": "T1E6133AC4A863EDF4DC0506B12277EF719E77F07A2169E9A7C799D933AD42A02D2061CC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700942, "uuid": "bef98a50-9245-4790-9e24-52996af518ae", "value": "768:Ds78B2CB/QrAlUgHAHctUmMQMsnNASsxVOjxw0kAtc/lqTBxV:DG8cQ/iAlUgHAHcODKNraOFzjtMsTB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689700942, "uuid": "921f74ad-eb01-457c-bd0d-1b28c43be402", "value": 41872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689700942, "uuid": "14414d66-15da-4232-8e1f-e48d317565a9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689700942, "uuid": "2f187ff6-0b6d-4b8c-bd83-174e58828e88", "value": "boxshell3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e422d8c6-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689661100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661100, "uuid": "3933de43-701b-4ee3-826f-586273946f8b", "comment": "Malware payload (SnakeKeylogger)", "value": "bf0711b250e3de6232e06e9a52a04685", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661100, "uuid": "f6d340b1-d02f-4cd9-b4a9-01b94b947185", "comment": "Malware payload (SnakeKeylogger)", "value": "ec50271e298600f2609f81b75362cafda6a7cec90e9927312f45629b72a14320", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661100, "uuid": "24ad7b39-8361-45d7-9712-c259b84f6d67", "comment": "Malware payload (SnakeKeylogger)", "value": "a05f826b4d13d91926d4281fdfae711371554516", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661100, "uuid": "15a87c24-d64f-413c-bf8c-20ae1a8d683b", "comment": "Malware payload (SnakeKeylogger)", "value": "2b7120b5937330deaed396061312a8e66efb6816bbbe355df877f842ea1376c4002f1207f99c27105b370f199a3a0673", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661100, "uuid": "47e767d3-bd0a-46b2-acd8-393dcaee75cf", "value": "T1DCC42311A1DE413FC2FA11F09BE0A72895369F84055EC39D2B8BBD9B35DEBC02352667", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661100, "uuid": "4fc25767-2687-4bd7-b1a6-25c09e3dd07a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661100, "uuid": "df1af240-efcf-4a7e-99cf-e10581029c6b", "value": "12288:lfb/WT4UkuZbTHx0AegU/FCMxsHsDry+IjVp30tPh18kO:lfzW/ZbTR0AeAMvDrnAXmPhOj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661100, "uuid": "cb238fc8-77b3-4340-b1e9-2121aeba1b17", "value": 563712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661100, "uuid": "8103886a-a0d3-4acb-aa22-12f0f6ef963a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661100, "uuid": "09d923bf-23fb-4a9e-8f9b-8a64326b65f8", "value": "PAGO3939.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc3c3b18-2538-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689663717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663717, "uuid": "92299e1a-89e0-4047-ba30-c92123285640", "comment": "Malware payload (Formbook)", "value": "84977e8580b21cf959af5155f28414cb", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663717, "uuid": "dd8bcfff-d310-4752-9cb5-25d4f103ac1a", "comment": "Malware payload (Formbook)", "value": "ed070adab0154f0936cafe969e7717fc63b9160644fa968baa604d00e13109e6", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663717, "uuid": "577065d4-462f-448f-808a-76a08581b31b", "comment": "Malware payload (Formbook)", "value": "5cf271e01a2e7b1a76ce0541952df2b41620596a", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689663717, "uuid": "1b242c5e-5bcb-47be-979f-033caf0ec095", "comment": "Malware payload (Formbook)", "value": "cf9b35d4bf1de764d092864e42a949fdff8c6d994fdcb8072f8b9d84e4fbcc161c8d92e493f45dac6638301e5586b2db", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663717, "uuid": "cedaf6cd-d6bf-486c-8143-a68155bb1dde", "value": "T11E342366291ECCA27E14B5A14241ADD5FE87F224473C3F75B84F60D07A8FE72CA21629", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663717, "uuid": "a215ee3b-ede2-4721-92f5-db3a26ec8d9a", "value": "6144:OuxQDUOxFhNM8bDKo2nDkbUdSkkKovyIX6qLyFNWjW:VxQoOxFhNM8bDKowZ0X6qLyDWjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689663717, "uuid": "8b0366a5-b630-4e93-9cc6-13bc4ecdea4a", "value": 244808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689663717, "uuid": "55b20bf5-a837-4c1b-9a04-d4dce34e855f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689663717, "uuid": "cf3e47e1-6c03-42ee-b9fb-d6fa11a076ec", "value": "BMTC PO Number - 11009810 Revised.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d33252f-2577-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689690589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690589, "uuid": "d2315bc1-3012-4d91-b2f0-006b7f7d3063", "comment": "Malware payload (NetSupport)", "value": "0a7a57804e1c3269898f111fb9692ecb", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690589, "uuid": "a435be3c-9b19-4d7e-9875-3dba50f4c73d", "comment": "Malware payload (NetSupport)", "value": "edf67b4b3f4cd56f83b03979d70530ed6c68461d2b0b60ec6d07663a8a19e222", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690589, "uuid": "800cfb55-b188-48cc-a853-f77c7e452008", "comment": "Malware payload (NetSupport)", "value": "3ad4849150015008d685d99dc7d488476861f522", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690589, "uuid": "bbe72d5e-6a99-4bd8-a76d-685014edf646", "comment": "Malware payload (NetSupport)", "value": "7c52655927bffcc2fb09cd12309e04b257e54f42c973c572cf1a99ed9af8626114bdd3d8f20fdf605ecdce293399ab57", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sett bat", "colour": "#72EBD7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690589, "uuid": "08abd75c-a278-4e93-b2f4-492a5e71e560", "value": "T110C02215439083AA0E1380FB4B7263CCD0A0490ABFC927219F0481CE41858867792300", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690589, "uuid": "166dcf84-1310-41d3-9eb1-ed60ee7855b2", "value": "3:CxK6OWR2IkVViE2J5xAI7pR7olXGCfFngXK2G6TNRcaFILfDZkREvcaFMB1IkVV2:CxBR2Bn23f99oRfF5z4NRcnmJB1Bn23T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689690589, "uuid": "2a7bc195-1860-4bb0-be97-fa9eb9014ccd", "value": 189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689690589, "uuid": "2f234927-be57-44e0-b14b-6ea05e00baa8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690589, "uuid": "0861e5f3-efaf-4c00-bcfb-17d565859649", "value": "sett.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3feda90-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689686815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686815, "uuid": "81a46af6-0f1f-4c21-8f00-f6269f0eb700", "comment": "Malware payload (RedLineStealer)", "value": "6029f71e5f5891a1caf28e5602d9da5d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686815, "uuid": "92ef7ad0-1db3-438c-a790-6273ae77b177", "comment": "Malware payload (RedLineStealer)", "value": "ef1bd19d537d68f10b784f39d1a2795b3c2183a4a992aea010c4d81b1c66bf53", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686815, "uuid": "a723486f-62a6-4016-aa43-f034ab08ab02", "comment": "Malware payload (RedLineStealer)", "value": "7d8a36c125fcd0bed66397a8dc73d02352ab703d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686815, "uuid": "e5192b37-c8b7-4350-930a-57033f65590a", "comment": "Malware payload (RedLineStealer)", "value": "8b526c962cb5f622757dbe77533025cbf69c66667ba68ff43c2055abe61c0d8fa7ea07cb1d839cc0395292fddc9e7d63", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686815, "uuid": "4a3c19ca-6efe-4992-ae22-3efd6179a068", "value": "T199840253A6E98033EDB6277054F603830F397CA16D3893AB27859C5E1C72694E4367BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686815, "uuid": "069dea8d-76de-4798-bdfd-3afd6297893a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686815, "uuid": "0379c4d3-8bee-4a20-9035-6683e55031f1", "value": "12288:SMrRy90A1g27QxcznpYLOBeRTi3o5ISn:byTDQxGn4O4RhR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686815, "uuid": "c3ae125f-677a-429d-9b0d-82d52cfdbd6e", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686815, "uuid": "0d9dd1c6-ae7b-4ac9-b76e-d2d1bde41283", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686815, "uuid": "559de881-ebec-4582-8e60-52062a3a1e0c", "value": "6029f71e5f5891a1caf28e5602d9da5d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80b9a6b3-2577-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LunaLogger)", "timestamp": 1689690568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690568, "uuid": "86aeadd0-0483-428e-adf7-a0637a7bf0c9", "comment": "Malware payload (LunaLogger)", "value": "8cebc5e01e3fe8d381e521460cbbf0c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690568, "uuid": "b6ebdf3f-081d-4bbc-8424-f345f750a857", "comment": "Malware payload (LunaLogger)", "value": "ef426378b036233b200380dd86da46ae5666c929cc8d8800e938938e2383be3d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690568, "uuid": "539dc330-b761-4535-9f21-7c6bfebd8f08", "comment": "Malware payload (LunaLogger)", "value": "aef77092ee39c199574c08c3b37c4c37f26c03b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690568, "uuid": "14bfbce6-8c2a-4446-9f22-bfb28bda699f", "comment": "Malware payload (LunaLogger)", "value": "e2943f1f5818b50f538e74738f451c2c36719ec2af0493bb3d8d844f32fad8bbab3d8565c3bc5f1f9b7a78c10d579136", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LunaLogger", "colour": "#B0DCF9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690568, "uuid": "d6d43d6f-d960-4a12-a260-fb456abeeed1", "value": "T11A1733A7A5A215F1D1F14336818BC814C671B91347B5DA8F03B87B2E1E93A90DE37FA1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690568, "uuid": "b3fb3cfb-07b2-4272-aa00-0c4c7ad1f912", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690568, "uuid": "b4c9ae0b-684e-4b04-80bb-e32d5a28984b", "value": "393216:5h3nJWQDv8ohZRobTlZ3S1bV4Oqf26Y4gzdCyddj:5h3EQj8ER+lZWRMWXr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689690568, "uuid": "10c597e9-1833-403a-9f58-541dbb8e71d5", "value": 19892958, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689690568, "uuid": "5391ced2-2216-428f-86e3-11341c15ddb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690568, "uuid": "87ee2a9f-536b-4c79-b61e-009e28deeb3b", "value": "Account_gen_for_epic_games_Made_by_me_D.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b78827d-257c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689692573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692573, "uuid": "ceae9b67-8aaf-44fa-8367-cfd62b4fd2c5", "comment": "Malware payload (NetSupport)", "value": "9c8e256f5fda613cd6ce0889ecf601ef", "object_relation": "md5", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692573, "uuid": "d2dda2ad-4205-4a2f-bb50-387555d593bd", "comment": "Malware payload (NetSupport)", "value": "ef55ff724e649918691224e7c6d1fc7ff5a9d73dc38b0ae70ce117f9c20009eb", "object_relation": "sha256", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692573, "uuid": "af7a73a3-2e5b-4539-9562-92ebb67336f0", "comment": "Malware payload (NetSupport)", "value": "ccba6c491a278c82145fcac7426a9f5da5dc933f", "object_relation": "sha1", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692573, "uuid": "9949c841-227b-4347-a1ad-edad022328ce", "comment": "Malware payload (NetSupport)", "value": "537e2cf9fc9d8059ce1dc62f7694cc513a2156a5c72750079d4165813f906bab963340acd2cf9e96bab05522e46d28a2", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-178-48", "colour": "#05445B", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ponraj-com", "colour": "#09C08F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692573, "uuid": "80c77e02-015f-476a-b287-50f1b441b13e", "value": "T118C1717D1AA207CABB8D8335E14A4D536E67BB3D527DEFAEECC8F918064EE055E11010", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692573, "uuid": "2576fc25-da3f-4e82-9ee6-4bc19d4ead84", "value": "96:3iZiLURgwza1MXu50YhoSV1boTOPUQNFybloAVzgq3nKa3LFjX3tzWFCM4cR6yPp:3ibVa63YH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692573, "uuid": "07ac3103-a869-42fe-8eed-15e0ce3ff4e2", "value": 5987, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692573, "uuid": "c0f1b350-8271-493d-96f9-dd7f398f6b85", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692573, "uuid": "b1be350e-05eb-420e-8603-c80519da3f40", "value": "2.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c19e5e63-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689686812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686812, "uuid": "1080d5c7-de40-49a2-81a4-e38bde408022", "comment": "Malware payload (AgentTesla)", "value": "2bbe7bfa4829bf0bcdc2952b93bd9bd9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686812, "uuid": "04028532-9ad4-4f7e-a31a-a1c3b18bc1cb", "comment": "Malware payload (AgentTesla)", "value": "ef63e0dd98836048f72145f44b71d716b14262817d75574aa04731ebcf231c90", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686812, "uuid": "dbe4c6a1-b18a-44f8-b223-c2f6d7638601", "comment": "Malware payload (AgentTesla)", "value": "ee0d230a52247fea2169a14a906ce21d28b8eb8b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686812, "uuid": "0ba07065-8240-49a3-9613-5eb92c867a41", "comment": "Malware payload (AgentTesla)", "value": "d0e069f99f91f9baa8d8009d2bec731a04c2b35dd34504c50e1cc8cb345d7fd556022c0c255907fdbdd0624d20e6e2b7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686812, "uuid": "df8d44bb-c386-4e70-b4ec-ab9cce2a5363", "value": "T156D423601DAFD617E85B2FBB62522AF5423A8BE47509D2130D0EB4EDBB25B0EDC50317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686812, "uuid": "cb503336-6ade-47b4-ae20-5e26c9270920", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686812, "uuid": "5d28888c-a157-4f8d-b200-0a5800c58515", "value": "12288:AmAY2kcdbL4EflwdOYjP6+JSU/MsAuOHlgY:lN6GEflm6+kU/MsAuOHlgY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686812, "uuid": "59123a68-00d7-4ecb-bfc0-1c55f033da08", "value": 630784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686812, "uuid": "08bfff75-7057-4813-b948-7384e9057a3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686812, "uuid": "57f624e1-5c21-4ca2-9221-672dbc91ff41", "value": "2bbe7bfa4829bf0bcdc2952b93bd9bd9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "133f5d9c-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689640992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640992, "uuid": "e95f058d-8b3f-4a32-8e48-5a603ce8a3a0", "comment": "Malware payload (Mirai)", "value": "6fe8e36e047e103dc4a5b641c31bced9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640992, "uuid": "bffb39dd-7de1-4764-b1a0-dc8fd445dbd6", "comment": "Malware payload (Mirai)", "value": "ef9366d1145d176416d6d138c4f6ecfb365ebc4df9996480a00da97501716899", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640992, "uuid": "f35be748-e5dd-4f4a-bb5a-ca595d349dbb", "comment": "Malware payload (Mirai)", "value": "5ad89e301c05709c7442cf5adea69cd8743275d7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689640992, "uuid": "5b96f0ba-3943-4a1b-935e-b00fef20a10a", "comment": "Malware payload (Mirai)", "value": "e3d4226b77a75594df7aece2a20dce22d6c23c743673ca7bad33334d2edf3aeec21e292435d0957cc8130c9e2e97eed8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640992, "uuid": "b8504775-e245-4040-bd9e-563e2eb33c09", "value": "T1E6536EC6B4119E7DF5CBE7BE84224D0EB821722150531B27BB6FFD83BD721A48946E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640992, "uuid": "531e134c-bac7-45bc-8629-d71964513ffd", "value": "1536:kPqRg0FGTbSX5xpLepSGorsF7QhOx2X/ZOqc/yA8E:p5VHV8I9cKu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689640992, "uuid": "5088ec95-a0d5-4d51-bb98-dcdb75ae7c81", "value": 66508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689640992, "uuid": "74368994-e398-4df2-9665-10b0fbc9546f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689640992, "uuid": "d90320e7-044b-43f8-92ee-b47d3a39f298", "value": "6fe8e36e047e103dc4a5b641c31bced9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77a5a8f7-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689685828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685828, "uuid": "f25db687-5397-48fc-87c7-83a9a092bef7", "comment": "Malware payload", "value": "7bd240f724f11e85d25209f5519f978d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685828, "uuid": "ecc40337-a592-4532-a220-949e1e8c24b1", "comment": "Malware payload", "value": "f0373d57b632dcbaee174c2ee5113cd6894ea5c95dd479b456c24681f4d37694", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685828, "uuid": "16f8176f-8be1-489e-95ea-6dd3551acc53", "comment": "Malware payload", "value": "449bfc9ffbec6fdc1492ca07b5bd220e8de3fca1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685828, "uuid": "f5ad834e-75d6-46c9-8826-64c1e8a63486", "comment": "Malware payload", "value": "aaf4321a01dca54aba3917577d4b126f3ed4d42a3b9aed1ad0766bad437583094fa00501e6af80773d863cb80d7792a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685828, "uuid": "ef335fc2-e44f-44a4-8c82-b276a056abb6", "value": "T1A584BE91E2DDBCD5EC11137A4877FD222157FE699431491F222EB628AA732933063E1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685828, "uuid": "45f57b88-b927-4f1e-aa8e-328813ad9abc", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685828, "uuid": "9eae2121-bcc0-4566-8b20-6f384300c33a", "value": "6144:NB+pqUQiXd44yf59PINJPbh/Wb6PcKxwJ/6KDpOiMpxKN5KmdNGy+H/5fXCFo:NgeitNE5FYPbFWQKDpOhkKCNX+xv5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685828, "uuid": "6f0fd684-9032-46f7-9b1b-be58eeff5e60", "value": 371998, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685828, "uuid": "312b3f2c-6953-41be-852b-e65893653aa0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685828, "uuid": "200c2196-d619-4a5e-b534-0e2825ef59f5", "value": "RFQ 6060088113, 60600195.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3ee253b-2588-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689697929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697929, "uuid": "827b5bcf-cc46-4f06-b094-67910434c674", "comment": "Malware payload (Gozi)", "value": "79c68cde8f43d762c4ecb97d359fc9c4", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697929, "uuid": "e9590650-7aa4-43b6-bbf7-12245ac4cf49", "comment": "Malware payload (Gozi)", "value": "f08827fd5dba2f6ffda8f931b5f2e1c18012b74ed753ea76a0a511e095eb1648", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697929, "uuid": "fa0a740a-a1a7-4f87-864d-059a9c1b0ad2", "comment": "Malware payload (Gozi)", "value": "05b04bc2e3a9c406b37fa7ba4c4b70deacae8b16", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689697929, "uuid": "92bf0e02-2083-498a-ac7b-72811fbdb458", "comment": "Malware payload (Gozi)", "value": "3f8d34e96af0f47c59c33f996949beac221d63160a5769a0b0e87f84ac85b1945467e15cffa30ad7f1d36620e449e2b1", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697929, "uuid": "e04de53c-0a3e-42b8-ac9f-dfb83bad388c", "value": "T16D05AEB7F89470D2DD26CDB7882EA167402DB25277A7973A73982A2406306B73D073D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697929, "uuid": "7f1e41e6-b412-42e2-a57e-03bef6fd3356", "value": "34188f9790f1e6bd6924e17658a1d977", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697929, "uuid": "795e068f-357a-47c2-a21f-39697c56e93d", "value": "12288:OU+W2RNfboq2Fxto4obJj6eO/VTzFGF1d3Of1ZB4kd8AzVhml7wIKHaP:p+TNfsq239obV6pNXIF1sN4kdJmpO6P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689697929, "uuid": "14db3a67-deb4-43f6-a93d-0856c9e0e86a", "value": 822272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689697929, "uuid": "5ab7d4e2-5ef5-4091-b9bb-aac7f0377c0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689697929, "uuid": "d11b2106-e48e-4164-9f03-448326fcc88e", "value": "3939.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34d0db01-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685716, "uuid": "c5af3831-94d9-41f9-bd94-4cb2fd1871fb", "comment": "Malware payload (AgentTesla)", "value": "2686ba2925edf276b41027777140295d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685716, "uuid": "d662f222-078e-457f-b05e-94636f65ab4b", "comment": "Malware payload (AgentTesla)", "value": "f08a95a75861e89bbf839652ebbf761d55f3b781e2cbd4c561fe83168a08895c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685716, "uuid": "71e8839d-ade1-471c-a018-228f953f81ce", "comment": "Malware payload (AgentTesla)", "value": "4bcd30f36fcf722859e680dbe669abfae42078c5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685716, "uuid": "c9b00659-232f-469f-bd42-a361060ac2b6", "comment": "Malware payload (AgentTesla)", "value": "99ad54c2e32432950fe20a1f19c0a9b98df0787ab701cb3f9f3a567ab2d879f370fa8af85ba2156fc1cf4321a11ea876", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685716, "uuid": "189e26d5-595b-4214-a9de-e8d7adfb52db", "value": "T196847D49E362DCE9FA660339257159163F819C1FA1D9289C328DFB263C36213509BDFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685716, "uuid": "6576a0a9-7e46-4625-9d35-9016505f9cd7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685716, "uuid": "e85469c4-eaf7-4356-9f8b-dba24b83347a", "value": "6144:uYa6ju9Th/8l+Li8EJihitZezyqRP6J1kQ8PWULcdBPD0jA2cIYXA:uYVIioCznJqQZUAdBPQjAgYXA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685716, "uuid": "38d93a7d-9d7a-47fc-81d4-ea40b95c435b", "value": 399101, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685716, "uuid": "f0ff05c0-c844-4415-97fc-b3df1f9b7dca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685716, "uuid": "cc726f13-55c7-431e-9740-d11895baca4f", "value": "Sat\u0131nalma sipari\u015fi ve \u015firket profili.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46ffe0a3-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662124, "uuid": "ef0c9cd1-bd0b-44c6-9563-a0f52de389b4", "comment": "Malware payload (AgentTesla)", "value": "2f4193ff4326d69ddaef834f0dc2e392", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662124, "uuid": "ce6bc293-f49a-4d9f-bd33-d2d84b140391", "comment": "Malware payload (AgentTesla)", "value": "f0fa77d698c8090d73a9c8af84fcfd63418bca7997367e410a15958b80c940bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662124, "uuid": "22e0c21a-ad86-4431-b951-c8b0c8a9b9a0", "comment": "Malware payload (AgentTesla)", "value": "f55b54fbae11b6b0b8b780c5f5fad47695f0d0e2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662124, "uuid": "5ddf731f-5f65-46ef-a94e-1686650c2fff", "comment": "Malware payload (AgentTesla)", "value": "5d240be51f0ae2c3d4b5788de5f586f041d3b79ddc7c346365c66488d577795c8ec7798b43b1f920c4db6b3b7341f73b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662124, "uuid": "1be280de-00fc-4ea8-be26-3fe3bc5a62be", "value": "T1C354120CB7DA91A7E46787302F35AF6B6EF6F6263840D34A8B81075C7917281E21F752", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662124, "uuid": "fb8cf0df-c8ae-40d8-a375-25fbe9ea64f4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662124, "uuid": "2828ac15-da5b-4eb0-910d-46326cbbcd82", "value": "6144:FYa6fQVAyPG9xMy89AiSc/4m00WIhN0Hvr4aKQmkDVz/dmPRJEWzxb:FYsAyP2PaSG00daKnkDVDwPRuy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662124, "uuid": "7711d695-4f12-4ea4-a660-bf5001799ef0", "value": 284889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662124, "uuid": "53d2c4d0-eb8e-4203-b9ab-7721939ec733", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662124, "uuid": "e2f7a4d5-ca3c-4e6a-b813-22dd512c11c5", "value": "way_bill_dhl_inv_bl_shipping_1707202300000000000000000000000000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2905b435-2569-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689684408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684408, "uuid": "208066b3-6d90-4ccd-8ee6-b80eed8e48b1", "comment": "Malware payload (SnakeKeylogger)", "value": "47670e60734e3841f76167ffe1e135d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684408, "uuid": "936921e5-253d-45f2-a7c6-ca857d8f52aa", "comment": "Malware payload (SnakeKeylogger)", "value": "f11985ed8f09689544e4eee025a8526c59de67423874d4fb8a33b73da723edb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684408, "uuid": "8bce0fe9-ba01-4935-9f33-d2e6281d3bf9", "comment": "Malware payload (SnakeKeylogger)", "value": "7ad2880b7ba30938f4ddfdb610102bf5e3fa5fad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689684408, "uuid": "412d5550-e783-4daf-943f-b52a3bdbc85b", "comment": "Malware payload (SnakeKeylogger)", "value": "88815b1a7e8c5607557ce4721c8643ae339ab19b49511a186b2e12538a28f5c5786b4591cce28b7e02cb9919411d1a94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684408, "uuid": "2581a1e5-2b39-47b9-a1a6-94404c84d0c8", "value": "T13DC423A52EA59E23C0BB0FBE54131AF2C3BA26C8B155CAB30C56F0E9FB4674D8441757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684408, "uuid": "7677c331-7673-4a1c-8c11-4bacfd135084", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684408, "uuid": "6d63ec41-2370-4c4d-8220-2188c708d9b6", "value": "12288:omAY2kcdbL4EfQVUsQ1dUUmFtP3uOnwlDMM7W3iGaC9hwpFTe/:NN6GEfjsQ1dUUwd3glDxcwpQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689684408, "uuid": "22919287-3d3d-494d-a1fe-a34e32f67773", "value": 586752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689684408, "uuid": "9a2ac40a-b334-4fe2-aad3-73fbebc503a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689684408, "uuid": "de726227-a227-4982-b3f9-d253c8439a7a", "value": "CA0001758617120.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7af65383-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685834, "uuid": "2a00236d-7ac4-4d35-8f8c-de9c56f06237", "comment": "Malware payload (AgentTesla)", "value": "b463566e783b196221c1ff63d4ac8832", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685834, "uuid": "644c184a-a59f-4782-96be-d37371d53657", "comment": "Malware payload (AgentTesla)", "value": "f16a919c90578b245317f9dcab4fc875ca1277055d271c5dded7ee0e601b9ff8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685834, "uuid": "26e3262e-ffff-4270-96e9-3dbc0de196b4", "comment": "Malware payload (AgentTesla)", "value": "3d87d9797de34910e28d385789619685e67b523e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685834, "uuid": "a516dcd9-d934-4a82-af0e-429dd521e46d", "comment": "Malware payload (AgentTesla)", "value": "fb8d16c9999fbe236f609fdbee15fabf8d5f524f18f35f7e5c5a5a2d76f6fd40984cffc7981a7524c35fe0e54d8674f7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685834, "uuid": "f98d2281-66e8-4a90-8da6-8eba65a30563", "value": "T168F4F004322D8F17D4BDA3FD9124955453FA6A5B222FD3588EC73CEF35AAF504A01A2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685834, "uuid": "bcdab378-1fa4-4ced-9d01-a7f9a76ed630", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685834, "uuid": "af0c39f2-667a-420a-b39d-3886391d8bfb", "value": "12288:0f+TSk6ccW9RoGlfb/WT4UkuZDuMWrqmWaF5ESHYMgjcH1APz/OIrApRi+pIsJR:0G+rccW9RoGlfzW/Zax1WaF0MyDrAhpP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685834, "uuid": "70019e82-8819-4bbf-a77f-f8389d3eba40", "value": 751616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685834, "uuid": "ff6ddc17-c3b9-4807-b72d-a80abfb060d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685834, "uuid": "e01b4af9-f12a-4ea2-a28f-23aba6174fdc", "value": "-CAB swift_1148590_Html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "801024f3-2577-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689690567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690567, "uuid": "a0fe1158-5813-47c7-b3d3-72cfbfe2a350", "comment": "Malware payload (NetSupport)", "value": "a6d60304c3c87b7ca21aa38c1ed9fb83", "object_relation": "md5", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690567, "uuid": "9c877d03-ae3e-4e82-836a-a6287bb06511", "comment": "Malware payload (NetSupport)", "value": "f1d371d8ac7348f9f37f35b2f13b98302ff9e0c881e1a364ed337a8a9df8d329", "object_relation": "sha256", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690567, "uuid": "f1bef3fe-7e2d-4bc6-8137-5bd9b64d1ff1", "comment": "Malware payload (NetSupport)", "value": "a81cef55deebd9ef78e80b423441cf2a0733317a", "object_relation": "sha1", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689690567, "uuid": "392c44fd-7f5a-47e0-89c9-709259654d06", "comment": "Malware payload (NetSupport)", "value": "606031c58cd69b2cfd0528adac288ab9bdf290102bbe4ba1343d145ab0c7c0403a3efcadbfeadea970615acf88b0b283", "object_relation": "sha3-384", "Tag": [ { "name": "1 BAT STARTER", "colour": "#B815B2", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "kororo-com", "colour": "#C66DA4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690567, "uuid": "6ce26fb8-0eca-4cd1-9c48-8585310ae5d8", "value": "T13C31CC6BBB18A05694EEC8E6C382C029F10FF553C44CD2CA234961AF63E5DC9335F452", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690567, "uuid": "8dad4c5d-ddb6-40d6-99a1-73ee098ec161", "value": "24:QeLfEwAmDmLOcu8NSGiL8N9La68Nii1t121m:LLvYBjnXCN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689690567, "uuid": "70200b3c-d1b5-46c8-8d76-4c9b82b66213", "value": 1537, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689690567, "uuid": "4a77f707-29fd-4e2c-9822-ae78eca6e9cf", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689690567, "uuid": "645c181c-b20b-4ad3-9e02-0fb6b4f10c2e", "value": "KjMLNNlbSwRjEriciGnpqBNGGsSj.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4116926a-255f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689680153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680153, "uuid": "f4a4096a-d2cf-438a-a537-c7f87dd4733a", "comment": "Malware payload (ModiLoader)", "value": "3fed9dd316ac24d0a1806d939f6fe688", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680153, "uuid": "c754cb04-5d1b-479c-8144-7ea4f5181d0c", "comment": "Malware payload (ModiLoader)", "value": "f1e3c1051d3047c71e2cc9e3ddfb48e389aad587f927251363b1aed6281c2299", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680153, "uuid": "e41e973e-f00f-495a-8e4c-2bfabaf99fb9", "comment": "Malware payload (ModiLoader)", "value": "4b138bfb98c153cba30ff99bb89c55e591ef25ef", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689680153, "uuid": "2ec26274-0246-4d30-9cf4-b377de9eeead", "comment": "Malware payload (ModiLoader)", "value": "891fb1b96c280c57e94753b14977367fed8df1633a681415f85b1205f364f10b855b1f44b1c208ad77580b1f519b17f5", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680153, "uuid": "8ae01314-f33e-4e97-8c78-9d44261b88b6", "value": "T1E125CF2292B0483EC6A35E7D8D2B83546CE87D712D29AC497BEDFD4D9F397803825183", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680153, "uuid": "61c5b572-ee88-4414-8f7b-f7f03876cd25", "value": "11556aabc369d21eda4d24ce812e31cb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680153, "uuid": "b38e0bf1-77fe-4db8-92c6-c7f5c7e1d401", "value": "12288:vtyXjSiFvE+VoE18zinynbKCCM9YWz9yAMeNslNB5ri5WFCAIMHH309e6:v4XLE+VoE18GnYpXASeL5ri5W5X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689680153, "uuid": "e096b125-af6a-4aca-b914-6c8a88ad6714", "value": 992768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689680153, "uuid": "3da2ae36-0ebe-4cc1-b2a0-e0f51e5c7724", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689680153, "uuid": "84a98ac8-63e7-4f89-a861-dbac7c19ab29", "value": "invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a74c8640-25b1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689715544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689715544, "uuid": "614eae8d-39e5-41da-837d-49ec26ce1127", "comment": "Malware payload", "value": "91739090889f1e8a3f32f0693864b5f2", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689715544, "uuid": "126733a1-761a-4f54-a394-3040a56938a4", "comment": "Malware payload", "value": "f214ba1ab578be2de132b51781d2a58dac0c86f133061dfd3c85ce1d14ac2cb5", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689715544, "uuid": "f6eaaf5c-c9a9-44ea-9801-54e6a4043917", "comment": "Malware payload", "value": "815154db234c2e2bee39cb863f5b903728c44224", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689715544, "uuid": "cf8f97f9-033a-4ef3-ba5c-6fe448a3f06a", "comment": "Malware payload", "value": "02b5c77b8d97dc229af31e4961a0c2195140f9e919a28bab754cd72d19126e0617828dabf9a02d3a362b338ec68e5ae1", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689715544, "uuid": "56da808a-f411-4962-9185-b214588a2c48", "value": "T1135423088EB0A8D0E3B598DDCB8ED0BEEE711CD94A534AB6413844D942EDC5A5EF205F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689715544, "uuid": "d8a97f23-6e50-406f-9955-c9e80e13519f", "value": "6144:vADvpgN0zQAevPwce8yDeMpu9IcGIF+lznCB:YDhgt3X9MFIYlz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689715544, "uuid": "6d5fccb6-094b-43d2-a88f-104f5b660993", "value": 290548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689715544, "uuid": "c435d54f-02cc-4538-be15-996c70ce61e0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689715544, "uuid": "7b796f50-2561-42c4-9b97-c79a2cc60cc4", "value": "11193290417.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cb05bd7-2593-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689702614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689702614, "uuid": "38a8ada6-51a0-40de-b54e-8d7501136888", "comment": "Malware payload", "value": "923bf10d5634dfd211b14583c3781cf9", "object_relation": "md5", "Tag": [ { "name": "FakeBard", "colour": "#DD319C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689702614, "uuid": "1258bb30-fea5-48c1-9c0f-049e20a5eb7b", "comment": "Malware payload", "value": "f26ed5601a8a2d5abfa4a527b468a18023311e32338dfabff987159d37df3981", "object_relation": "sha256", "Tag": [ { "name": "FakeBard", "colour": "#DD319C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689702614, "uuid": "febd7fed-c3db-4034-bcea-8cba5f5ebe1c", "comment": "Malware payload", "value": "b5f9b41676cce66adfd7e37012301f054effd7c9", "object_relation": "sha1", "Tag": [ { "name": "FakeBard", "colour": "#DD319C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689702614, "uuid": "9ea718a6-4c23-4d47-8bcd-bfd9654d435c", "comment": "Malware payload", "value": "6adc2d57a614f6834dd17f1e85e8317a4e98a9114c3c418dafee659ea90af9ad84f0d28e277c9fcbfba41ac04f74e35b", "object_relation": "sha3-384", "Tag": [ { "name": "FakeBard", "colour": "#DD319C", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689702614, "uuid": "2b3e8737-8623-4957-ade3-68abbbd3d2ae", "value": "T18A46334BB8CB1F32D1294775709F57CA9EA94E040B47063763FBB28538F27147AB849A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689702614, "uuid": "3c838bcd-1aa9-46cd-aef0-a7abbd689155", "value": "98304:fiWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD:fiWMyLOiv4GRemc6zEVtBt7Q65qqXxQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689702614, "uuid": "49b50fb4-1f47-4078-bc53-80b0047042f5", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689702614, "uuid": "d5f1994a-50d5-44d8-88c8-6090002ca863", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689702614, "uuid": "be2736c5-7641-42b9-ace8-51b62dd1beec", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3e50660-2532-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689661126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661126, "uuid": "26ddffcc-89c1-4932-a74f-d1214dab824b", "comment": "Malware payload (GuLoader)", "value": "2af278f13f2572db0d799869f889ad97", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661126, "uuid": "afae83d8-0592-47be-adb8-965359fd2943", "comment": "Malware payload (GuLoader)", "value": "f4e3c824d4bfa01aa21f5b5e9983ad302d47549761b2d36683516cf2b75b1a67", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661126, "uuid": "c6ef3c15-b57a-47b1-9e88-e303af7f3885", "comment": "Malware payload (GuLoader)", "value": "1e9ca837c13d6596aadb9a6bc056ef4d792da4a3", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689661126, "uuid": "fc2a085b-6309-49ba-b8b9-85cc95c07ec9", "comment": "Malware payload (GuLoader)", "value": "3b7b2e01940457dd5371582c8329dbc2d82104759c133775b5fa5ee7b5795f2cbd6b85c5fdf2063986cb3b99f4b7ef1f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661126, "uuid": "e5b0980b-6959-41bb-99dd-b4f32b1af85b", "value": "T1F245E003D8048BC3D40D83F47E530EE90F0A6F1AE899B9EB10537F8B3A71A72595A51E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661126, "uuid": "c9b82976-00ef-4029-8b11-749ec6bf8894", "value": "24576:aCu9V1ZyFw6VUAZy6w6VEQpbFcwTA5S8cNfnwCx:aCu396VUye6VhFjTBNfnx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689661126, "uuid": "66e088f0-8dba-40a5-918d-a36c45ad8f0c", "value": 1211904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689661126, "uuid": "8e627262-b7a2-412f-b8ee-942f90fd7bdc", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689661126, "uuid": "ea0ec6c4-abb2-4fcf-abeb-95bd6feaf964", "value": "LC Draft (LC No. 0687TF2314381580 Proforma Invoice No. 04782023).xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb9b1746-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662347, "uuid": "550f1749-64eb-4513-8560-ba3b39ebe8fd", "comment": "Malware payload (AgentTesla)", "value": "27ef25f5dd732d9dbf3269a68acdeb9a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662347, "uuid": "2f469b75-7e46-4aad-9f02-d3043adb3f7c", "comment": "Malware payload (AgentTesla)", "value": "f511a2a8c9dc2f0d4d1919143b53f5a08b977357894b50606c1ac253176510b1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662347, "uuid": "8aad83f1-162a-42fb-8b56-765973bbbdd8", "comment": "Malware payload (AgentTesla)", "value": "4f9297ec4a86d90046bdd593d3d991decfd2132a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662347, "uuid": "65f007f2-5ef3-4c6f-856e-5958c7864285", "comment": "Malware payload (AgentTesla)", "value": "d6d7616dd8722a81aa4405f5ea51992582b4ef737036f6b3c5a8d328ae195c1d8ffb404401162778a441f9983b788180", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662347, "uuid": "d04dd05f-e547-46f6-a5df-9440b3d32b40", "value": "T180C4CF78503C8BAFE757DBB6E434215213F013561AF2D38C8DBA659F3E79B24A1046B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662347, "uuid": "39674f93-e946-4d8e-a895-76056bf24c39", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662347, "uuid": "f297a058-fc80-4914-957d-f9fc7fef8a31", "value": "12288:os41Q640iowOuY7620mU1H4Vrqor1kqJIhqTrQaSejL8ZC:7oQ640iowOuYCmMYVrmq6hqTrQaSejLk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662347, "uuid": "b4f88ac3-9fb6-476f-b614-72ad7ba42600", "value": 571392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662347, "uuid": "a573f7e5-d2c4-4f81-ac01-2562a1a320bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662347, "uuid": "e02995fb-326c-444c-8bb7-e6f408788727", "value": "N.\u00ba de pedido 57687928932 para INTERMEPRO S.A..exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba13dbf4-25a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689712139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712139, "uuid": "9c22e6b8-0353-43b8-8727-c4932c8a49d7", "comment": "Malware payload", "value": "0cc22c1f28d58518bcc80fab674d99e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712139, "uuid": "a0f6d1f5-3798-4ad3-b3a7-8da483d93137", "comment": "Malware payload", "value": "f6469348be66d8d59a2638ae715b3e50692acdf650d7ce02f48dcbb5ce98e868", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712139, "uuid": "88c49f85-881f-4263-bf46-52662bd596ad", "comment": "Malware payload", "value": "b8c4c9ae5c193890b63da54257efa16de4de31ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689712139, "uuid": "e3152510-72f2-4872-a908-67b4dc0e8848", "comment": "Malware payload", "value": "42cdd7e2f8bbbf90a6a62b0e62e87b3de8c0110951decf5ff1a2236ffe9b1f45110757d5f9f759e7323e68fc28d42a3f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712139, "uuid": "18ac3c5b-4930-45ed-8f16-d6a242865793", "value": "T14B3422AF12DE4086CCE1D47949BD57E46AE56044D073AB93EEB878FE4801E935FA3B01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712139, "uuid": "49e0f788-76bc-4f72-ba54-fa6aa46e748f", "value": "500ff1538958cc73738bf0c262a1773f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712139, "uuid": "76b6bcb5-c997-4b80-ba7c-2fe00c325c72", "value": "6144:KSoXjeWf9gJpAhNzK/dOF/Nsr1Q+J7xN8+8isMEwp8s0rK:KSoJ1guBKFOFKrnrN8Nisk6Hm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689712139, "uuid": "8c1defaa-29e9-4795-b39a-80cdd08ee623", "value": 242688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689712139, "uuid": "8daed1d0-0189-4810-b689-8b5f31c429e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689712139, "uuid": "a558d42c-f633-4091-b735-2386b549bf2d", "value": "SecuriteInfo.com.TScope.Malware-Cryptor.SB.23141.10165", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51eac4dd-2536-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689662572, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662572, "uuid": "09872604-3b2a-4617-8bbd-fcfa5f095c44", "comment": "Malware payload (AgentTesla)", "value": "4332f541f65a548dee06ef747b4f4c15", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662572, "uuid": "ba4295a2-eeac-423f-9547-0b0a604fa4ab", "comment": "Malware payload (AgentTesla)", "value": "f71a25eba39e485b06a0d11f5dd097540200f52f5f25726b9d61c0272ffdb21e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662572, "uuid": "b6ff7573-9c93-4c90-a8df-451402944aa0", "comment": "Malware payload (AgentTesla)", "value": "04195583c4011c64fa5ab1c4fed7b1c768895a57", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662572, "uuid": "9bd8ce65-4a45-4beb-bcdd-e831f23ee201", "comment": "Malware payload (AgentTesla)", "value": "9fbff4f4c3c4f24ec549efce81d1d86f2d035aa3c4fb0a82090890d0e223480782ac3ec479c671a41749644d21754088", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662572, "uuid": "c91f6efd-c8cc-4ad3-b2db-be6b01dece8c", "value": "T1E6D423B0E58C623FCAC156B68B69E25456360EC088EFE71D634FFC94B4DAB409453B87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662572, "uuid": "609a831b-b92b-42a8-badf-1b9ca352861f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662572, "uuid": "340a589e-5d3e-4dce-a24f-851160a0864f", "value": "12288:vfb/WT4UkuZbqBOGvpInLwqiWanFWIe6i5rfkNzXrfbgmhEQzMm:vfzW/Zb0OGvaEqSF3e6iuDgatz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662572, "uuid": "9ff4e139-54e6-4701-bc14-79cb9524b91b", "value": 603648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662572, "uuid": "460facc6-7003-4891-878d-3a7477bbf013", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662572, "uuid": "33a9182f-641b-4c60-be1e-88c55555b454", "value": "invoice and PL.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b684a9c2-259a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689705691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705691, "uuid": "096c5cd0-a375-4bd3-9afc-4b8b5abf79ae", "comment": "Malware payload (NanoCore)", "value": "6ccf57d39464301de26e95efee0495b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705691, "uuid": "975733e4-c502-4d4c-934f-4928c5f65508", "comment": "Malware payload (NanoCore)", "value": "f7e80f5e92bd4d9267be950088a9f5b1117a873868329bba0e927701f87c8fec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705691, "uuid": "71e92c2e-4b6b-465e-8fa8-3ad020ce8552", "comment": "Malware payload (NanoCore)", "value": "bf49349bf4d86639e360f471e76076687ff85efa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689705691, "uuid": "f400f0d6-1895-412b-a3f7-03e039300a35", "comment": "Malware payload (NanoCore)", "value": "f29fb4908fad7b6ca6cc3f3a3e747cf690bcfe5ad89f8cf7459471e19dcbaca72e7c26cc6a95d257a542dbac41240576", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705691, "uuid": "46301ba3-7b22-4513-9400-695303242d47", "value": "T161D423809DDCA62BC1F097F0DFB1DB8196725F441031C7A06A9FFD50BCD7B8A6252286", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705691, "uuid": "ead20154-a5ca-4daf-8b6a-b8eaba645379", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705691, "uuid": "38d5e1e7-b416-4cc4-959c-f38ec94d8dd3", "value": "12288:sfb/WT4UkuZbFlOdF+7bxvJuBwE+mXH9oVRqYsk+Ostdel4QoXVLx:sfzW/ZbF8dF+7dhbAG2YsDbel4Qof", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689705691, "uuid": "7ad8f3c8-946a-4d10-aca8-eb942ef6e1c4", "value": 652288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689705691, "uuid": "507900fa-6386-431d-a7e0-3c1af92e003e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689705691, "uuid": "efd4c4d6-cdc4-41f0-8c7e-98155e94ae79", "value": "5Kk4IkGdzhwkzqG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18b39d47-2504-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689641001, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641001, "uuid": "42ba547b-3b84-4fff-8319-6c36b027910b", "comment": "Malware payload (Mirai)", "value": "6104a1f2e9ead8f1c402e7c767317313", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641001, "uuid": "9f055cf7-98f8-413a-bbc0-f00aed699f88", "comment": "Malware payload (Mirai)", "value": "f8093fa39f6935b6c11df1e4df91e438087c1c3b68cb49b09453603791999900", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641001, "uuid": "60e3becf-b3ca-44ab-a167-83ca70a4ca13", "comment": "Malware payload (Mirai)", "value": "269d2eaf506bf6dd049bf0762fd6d3cbdc02ed0f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689641001, "uuid": "470892a1-20b8-4971-b3c2-2ad0f8711f28", "comment": "Malware payload (Mirai)", "value": "8d0fb59c073cd6146f707a016ee6d0d269c7c81aff0880960f7d493f56e804c2d2541ecc022bb77f1f5d769ed98448eb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641001, "uuid": "2c86ca9f-3dac-4bd4-b6ff-403162bf1f61", "value": "T19BC2D044F042DE42DFE629F03E50DADAFBA42F1FAA528E8026A553C15B1C2A74346DCC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641001, "uuid": "93c2fc08-3715-44ab-947b-4f61c83b7028", "value": "768:CVdafO76jpmNJJKehmA7trpfIX9KeA7Pfpm4uVcqgw09s:mam+AnKehPRa9aHw4u+qgw09s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689641001, "uuid": "f773a476-91b1-427a-aa64-6a639c1642c6", "value": 27048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689641001, "uuid": "b616147e-d4f5-4c31-b2c2-d47eb2b9a081", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689641001, "uuid": "d3f2b81d-2fc7-44ec-9bcc-3b2c16f13dd8", "value": "6104a1f2e9ead8f1c402e7c767317313", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca22018d-257c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689692839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692839, "uuid": "ce44d682-17a6-41f7-b3c7-0730971717c6", "comment": "Malware payload (NetSupport)", "value": "4ba2a8de752105b9fff4b7652d699da5", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11.com", "colour": "#5AB2F4", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692839, "uuid": "7c069c34-5d5e-4e9a-b385-38fc5bbc36c3", "comment": "Malware payload (NetSupport)", "value": "f83587c168e56bab9a0a0a14cfe2c5a2c7f8418a4709b7b10665f786a622d001", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11.com", "colour": "#5AB2F4", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692839, "uuid": "4157c63b-0941-41be-9c55-4ced0ef49491", "comment": "Malware payload (NetSupport)", "value": "d9e46698a8bd8cd8e022f3fa3b01852a8a442e2c", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11.com", "colour": "#5AB2F4", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689692839, "uuid": "ce60a8c6-4c74-49a7-81b3-cc9402101378", "comment": "Malware payload (NetSupport)", "value": "01c27b67652b2b82d275c41f081e1166f9fac143cf2ac8c50bd678b6d5f7fa73745e31f823c675e0e3ac9cf37d618b3d", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh11.com", "colour": "#5AB2F4", "exportable": true, "hide_tag": false }, { "name": "pkvithtosh17.com", "colour": "#01F1BE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692839, "uuid": "58548b82-3626-4c62-9870-69426a45bd24", "value": "T1F5110012660EFC5C192BF2D6777400911FE34004F4AD3A626B24690FAF3396F49DF4A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692839, "uuid": "df63ab89-1d31-4daa-9a6d-9e8f8590460a", "value": "24:epOhuZmPTxapz1l1yXtIDZCPBmulQWUXDc:eAwZKxi1y9IoPBmQQWUTc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689692839, "uuid": "6258d071-63b0-4ee8-9810-e9adcd444cc9", "value": 922, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689692839, "uuid": "f16d7289-1786-4b2c-85ad-515abb8b6e39", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689692839, "uuid": "1b6ec1f2-909a-453b-8fce-29ef1c7e5c66", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b18d12e-2582-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1689695229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695229, "uuid": "f2c1ac42-93ce-4f07-a084-e31010a21e38", "comment": "Malware payload (Gozi)", "value": "1ff3761d62cc5ee7c888a8c1bdd9d1ac", "object_relation": "md5", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695229, "uuid": "98bc46b9-5612-416d-be88-0f071259201d", "comment": "Malware payload (Gozi)", "value": "f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4", "object_relation": "sha256", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695229, "uuid": "60458404-d542-450d-a16e-99210ed79f17", "comment": "Malware payload (Gozi)", "value": "093cb13d256ff3e367cc8c60fe68f96582a35f29", "object_relation": "sha1", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689695229, "uuid": "4a5dad56-c40a-4c7e-8558-4c30ce3eb69e", "comment": "Malware payload (Gozi)", "value": "7de5b009548eab804c354287d32324973553cf2fceec9c7029f8d91f4a4ad135c40d9c30c58108fb7a49b3f0b303151e", "object_relation": "sha3-384", "Tag": [ { "name": "20000", "colour": "#98710D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695229, "uuid": "19bb896d-3cfb-447a-a7b4-b8e6ee9e3fc3", "value": "T13C05AFB7F89470D3D926CDB78C2DA1A7042DB25277A7933A7398292416206B73E073D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695229, "uuid": "83e98bf7-d847-42cb-b9e2-66f556684942", "value": "34188f9790f1e6bd6924e17658a1d977", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695229, "uuid": "66a2663f-f5bb-4141-a61f-e501781598d4", "value": "12288:/+WNeJLmTo/dgvHKRNR7PlB5D9Di/2ytQLP647vpvWhRodzXo/fGRAkMwFroD:/+Q46To/dgPOVP35ZWrs6kvonx6o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689695229, "uuid": "44ba496b-18d7-4f1c-8f0e-63beaf4175d7", "value": 821248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689695229, "uuid": "663b19a9-d7c0-415a-8615-1707058ddc8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689695229, "uuid": "a005af33-3197-455b-9027-10e47feed9eb", "value": "f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfa7cea7-2512-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689647295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647295, "uuid": "7b8e0cd9-9cd9-486c-abf4-ee075fe0f5b6", "comment": "Malware payload", "value": "69a949fce10c6f4a7e1a81b8491d1b58", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647295, "uuid": "378a42c1-62b7-4cd4-97ce-0ff8129e4ae6", "comment": "Malware payload", "value": "f9423924822a969c410e8499091cbf81e2c5f1574259ef840b52d2698018169f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647295, "uuid": "da9a37d5-01d6-4a09-8023-7135fba0ec62", "comment": "Malware payload", "value": "ac90035678d358817c812baf959d1acabd8204f8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689647295, "uuid": "33580186-a7dc-4907-9fc6-e8c0ff8e413c", "comment": "Malware payload", "value": "a1de563b5feff34fbdd5019437ded47347badfde02ab211a1ffb1c78088b0b59540e4f2214a29865540a44b7df798cfa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647295, "uuid": "a8138547-b99a-410e-bef7-66a896bb57ef", "value": "T1B8326C38434706E7DE3E1EBE61AE785C0538A220076A15D32391940E9DD1EF3F932B86", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647295, "uuid": "52e3c90f-0208-47ed-9ee3-f2e7585cc35f", "value": "60b675c684a61b1079678f8beebd1dd1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647295, "uuid": "ad40f95b-a38f-46cf-a78e-988e0659877d", "value": "96:MUKdtz7+bq4LeQXcDY4c5JatcRGdfrUfTtXiAlVO0a7gsiL+PC41tuX88zC9Ad3T:9IZ7OpTGdoTtXiA3/OC89Gth/NvAcw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689647295, "uuid": "3a8fe68d-089f-45bb-a8af-86ccbbdcc6ce", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689647295, "uuid": "9a862632-23b9-44fd-b3ad-860596926814", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689647295, "uuid": "c95a95a1-ab4b-40f6-812c-e4f65d0418e0", "value": "SecuriteInfo.com.Win32.PWSX-gen.24382.12556", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf15ef1c-255a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689678217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689678217, "uuid": "0a35405b-0a56-4c1e-b7bb-25153841d895", "comment": "Malware payload", "value": "fcad4db6bf43ee7c2458e73d977186de", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689678217, "uuid": "fe40f19c-e6e2-429b-b577-2be384509d18", "comment": "Malware payload", "value": "f9430ec41806761aa165e278d49ed76349c5dd0592509ae0aed70bc74fe2f083", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689678217, "uuid": "27ebe921-d2f1-4728-a4d4-566d6ef6d7b1", "comment": "Malware payload", "value": "e54358491b47fba14aac3e461fa7ac0b0f7f12c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689678217, "uuid": "15367cb8-9c6a-4f83-81f3-1a03d6267835", "comment": "Malware payload", "value": "5e3ab1f61142c62fe05ff6fbaee18f451643d41d40764ec9d46d1f98466281792a9709dfd5171cfa5a3b575e4323b4bc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689678217, "uuid": "1d3e416b-b12f-4c51-8754-6e573b8dac7a", "value": "T19C952281B2C455B1D4621C336A6C9B21BBB97C300F19DADF8BB0355DDE222D0E636B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689678217, "uuid": "f3bdf58c-31a2-471a-bcaa-96970ed94c6e", "value": "0ae9e38912ff6bd742a1b9e5c003576a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689678217, "uuid": "2fb14d0e-a10e-4b59-9f13-9dc20c59fad3", "value": "49152:PaqbrDdcnwyCACHqepeUm/IC6dGc8HQaRMx+eMID:PFinCACKepkgC6dlTJMID", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689678217, "uuid": "17bf105f-98a5-49d9-afdc-3ecd9eee55cd", "value": 1894890, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689678217, "uuid": "39de9580-642a-4fdf-b8cd-fb1dac478780", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689678217, "uuid": "e317881c-2710-4772-8965-ae1ab0e8a4af", "value": "fcad4db6bf43ee7c2458e73d977186de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32cf1725-256c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689685713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685713, "uuid": "60ad7cb3-ac7f-41ed-ba5c-13d418633aff", "comment": "Malware payload (AgentTesla)", "value": "010dfdb174d3ce18a2819adffa0ac9b5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685713, "uuid": "b995aea8-ac7c-48ca-abd3-984b73cceb3d", "comment": "Malware payload (AgentTesla)", "value": "f99738284b0ba7e12d47262727f38eda4b685476a0d7805a344e0e054a4ccafa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685713, "uuid": "5d1ebd24-bb50-49ed-87d5-9afa73aff0c9", "comment": "Malware payload (AgentTesla)", "value": "24d323782bdc9bcf27aebddba554b20aac389563", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689685713, "uuid": "b7d9ecc6-9613-41c4-b424-0dbdcb1d4df8", "comment": "Malware payload (AgentTesla)", "value": "7250ef13c1f5f1f5d0b6c58c970b1ed34e2b13348b5b5406af76599542708d7c08f51784f9fc79ddc81d0eeca5c6aa08", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685713, "uuid": "9c006353-9225-4739-9353-ee59eb23abdc", "value": "T15A6412215390CC3BE6710330727E6F5B4EAE6E217948AD43DFC85A9DFC168709B2A356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685713, "uuid": "b7014c1b-b0f8-4de7-8d7e-a125c588b4c0", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685713, "uuid": "894f7015-9a20-472d-a879-27025dbdb6c0", "value": "6144:UVGdx6xKzuHalZeReve4w2WfQVHHBu2lKkHkqEerAhA/02wMk6Zq2qo:ojHalEedlBdlfEqBro2wMNZ5b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689685713, "uuid": "e07b9905-1dd8-4938-b50d-b77d929ed158", "value": 315440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689685713, "uuid": "f60c21b4-9bff-4b58-93e2-4c22b37ef3c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689685713, "uuid": "07002f7b-fdbc-43e8-9c05-9f95abb2f427", "value": "YEN\u0130 S\u0130PAR\u0130\u015e-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d164ab9-2535-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689662054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662054, "uuid": "63d4856f-057d-4674-82f0-0658c2e9d5a8", "comment": "Malware payload (Formbook)", "value": "ea578c3ee5226e1880d2ec5634f37c73", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662054, "uuid": "5b8d7e5a-ae6b-4243-a422-95366ec9b52f", "comment": "Malware payload (Formbook)", "value": "f9d8de2f2c358a5dd9e080b0f4f9b9f651e59cc7cecbec4c83e45197e1ffe13d", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662054, "uuid": "44f4b914-5e65-4d61-b1f8-3ce2f8b197f6", "comment": "Malware payload (Formbook)", "value": "d6256012eff236df36ec0b938dc0a07724bbacc6", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689662054, "uuid": "9a715f47-b3ce-44d0-b7de-3f7793939f50", "comment": "Malware payload (Formbook)", "value": "0e20931e1ecc020725cb1e83e647c6693be1fe8d558d5299c9bd3ea3b0ef4772f4211dde6e536992d1c7a13078ef6c25", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662054, "uuid": "f10eecb0-6cb2-48c5-86be-fa3a4bbdfc9f", "value": "T168F4F11436298F17D8BD67F99110921443FA6EAB216FD3488EC33DEF35ABF504A1192B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662054, "uuid": "aab750d6-250d-4a2f-b7f2-b4f65df8b6fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662054, "uuid": "c883ece0-fc09-4bb4-aafc-e81519d6cb02", "value": "12288:6f+JSkYZcW9RopMfb/WT4UkuZfAGItuQjuoF7vfHYf14verGUY4+I1uStZOE/CTn:6GMFZcW9RopMfzW/ZdIt/juYH8e2/sIc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689662054, "uuid": "708bd409-4347-4461-8821-7f2f69c09445", "value": 770560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689662054, "uuid": "dd971706-ad8b-4e19-a75e-cd870e6ae0a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689662054, "uuid": "5b961676-05bc-41e5-bd75-2719a9fdc1b6", "value": "DHL SHIPMENT DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8af76d9-256e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689686823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686823, "uuid": "d26f2d74-a833-4c6e-aea5-f42c460a8621", "comment": "Malware payload (Amadey)", "value": "f41303590e2f9071c9a3b6eed7814be9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686823, "uuid": "c360dce6-218a-445a-9a72-b3096bb515a5", "comment": "Malware payload (Amadey)", "value": "f9eb9571516d034b23750c17ec991ab6c593aed53ffdb694de9324ed30ab21ff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686823, "uuid": "79378327-15dd-41c7-96bc-9a8f88b5177f", "comment": "Malware payload (Amadey)", "value": "1803b1537b8ba0cd7383c45624f9a8f9a0bce6dd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686823, "uuid": "68cab72a-ce3f-43ce-8555-05be5cab7b93", "comment": "Malware payload (Amadey)", "value": "8907097dd85f54188ee7874b84594f6ce4312f4452e0ba728b2d94304574f931fda4f3da386527e391d7ed4fd0d59c55", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686823, "uuid": "acf0c13b-97be-499a-87cd-68f5f9576797", "value": "T13BB41203A7D99032D9B127706CF703930A36BD924D78476F22549C9E1CB26D9B9363BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686823, "uuid": "c0e0843d-ff46-4686-866b-89d44e9979a4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686823, "uuid": "d62e1095-9ef8-4055-b747-94815a916124", "value": "12288:MMrNy903i8Y9QoE3jZTCq3fjJ2hk4cZ8Hms0+J:BygiBOoa2q3fjJ2xcZ8Hms0+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686823, "uuid": "51446b24-6009-4e01-a82f-cd6f45841fa5", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686823, "uuid": "aff66956-d95a-4ccd-ab96-269a2d292883", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686823, "uuid": "c2627b96-f643-44db-abfd-c290bfa8b15f", "value": "f41303590e2f9071c9a3b6eed7814be9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfa4daeb-256d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689686406, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686406, "uuid": "629d25dc-2c4e-4626-8139-16e947e816fa", "comment": "Malware payload (CustomerLoader)", "value": "7902cf3b187c86961e9b017c2171def0", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686406, "uuid": "84f3bd61-b928-4db4-90ab-41152235bb82", "comment": "Malware payload (CustomerLoader)", "value": "fc21b89a48bb18b42b6831e01a41419b96022ca8aedbd5dacbe2c2064fa10fd1", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686406, "uuid": "d4bee790-b8e1-43dd-a13c-7663cd3ab812", "comment": "Malware payload (CustomerLoader)", "value": "a66ed67beb5e4279ae406e1b2d523f53160fe8e7", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689686406, "uuid": "36bbb412-7fe1-49ae-9ae0-4aa262cc4dec", "comment": "Malware payload (CustomerLoader)", "value": "edfc1640e0985f138353e045aa2287206532669526e8a1bd7eb9ace3a32b5b3a24e3831622ad3e5ea9d20b28bb700b4c", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686406, "uuid": "178abdec-4ecd-4748-ba99-c030dadfa75b", "value": "T136521A109BE8462AD76F4776DDB30741013ADF776513EB2E79DCA109294332927523B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686406, "uuid": "15e37991-6c29-4181-97df-aa6ffad9bf4b", "value": "192:dekG7oTmnlMRb5YWagXW9N8vyNVUi4nIx5wfQN31AqLc1Hlct+ikct+ic1n:okG7oTmlsbGWBWOpQ8fvrctmct2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689686406, "uuid": "d33b6053-c681-482b-b6bd-4fe44a0aaaf0", "value": 13312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689686406, "uuid": "3d10b2e1-653f-4012-bb3d-ccf9aefac0a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689686406, "uuid": "7be2bdc6-3847-4868-b270-88f470d8cb33", "value": "7902cf3b187c86961e9b017c2171def0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1050194-2570-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689687643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687643, "uuid": "cf6ff7fb-a607-441b-ba75-5b572aab94f4", "comment": "Malware payload (RedLineStealer)", "value": "0d98e6856019e13d44a0919fd29149fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687643, "uuid": "d0ebbafc-41bb-401e-8391-07fffdcc672a", "comment": "Malware payload (RedLineStealer)", "value": "fd31a663216bfb8143db8ea956edda60157228e4e26abd15724d28e34f435c66", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687643, "uuid": "8a14eb81-92b2-435d-b99b-70d57655e74e", "comment": "Malware payload (RedLineStealer)", "value": "ee3295acb45cd81ada18ab45616a4d5e23a25e7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689687643, "uuid": "da738fec-ea1b-4ca8-9392-bc59fd744095", "comment": "Malware payload (RedLineStealer)", "value": "93cc061ec99de441333e8def9c9cd57a33adc5f9cdd0a09c81174d5f6e93d19415cccaec3c36c3a2590a31237e035a5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687643, "uuid": "dbb19730-91f5-43e8-9811-e3feaf581081", "value": "T18225DF409858DB21D62ED17321B4EF6ECAB4AD702B7F36A147E967D18E3BF81D250312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687643, "uuid": "634d6325-ea80-4e22-8f2c-7042452bfc47", "value": "372e4e4870a9f350530e0a006218a951", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687643, "uuid": "e18a4b55-8105-4242-b315-4e2b82876579", "value": "24576:Tl+RGWDaZavSdgC3TSnFUVTBfslh05dLt2evkohROYg1dmwEeop7N5W5tlmQp2hQ:pDISWC3+nFoSHpoXdnCHmE2hqELXOkby", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689687643, "uuid": "b79cfcd1-3d8c-4d6f-8fba-7685e7a2b1a0", "value": 1048384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689687643, "uuid": "e7401ee3-0747-43ad-8eea-28937890af36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689687643, "uuid": "e0345083-cc21-4a8d-a421-1c61dae68817", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0e8a1d5-253b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689664960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664960, "uuid": "0c095290-47c5-4a2f-8884-ef6dacf6aef4", "comment": "Malware payload (Formbook)", "value": "3d8abfc6f5a8edd812ceb1c60c6a9596", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664960, "uuid": "11e2a8c7-cd11-4e59-92b4-c3433ac037bf", "comment": "Malware payload (Formbook)", "value": "fe706c527566e76231998c6a8fad91eea8a791cc713c685f0f8ea4ea55067d46", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664960, "uuid": "1e5c9afc-192b-4b26-8b32-6c9622e97757", "comment": "Malware payload (Formbook)", "value": "97b5ffefa6566cb614babb237d6cc0724b8b2643", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689664960, "uuid": "72ed8274-3745-43b2-bedf-887ab0411542", "comment": "Malware payload (Formbook)", "value": "c97ea91c41b4ddf11ae32783d8dce2bf7aefb09d814f329e35d78cde46278b0d45d350db136980279fb2252e84bcf07a", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664960, "uuid": "58e0ebbf-4833-4a0f-bc5e-fe832a61d6ac", "value": "T1E534224974DB1E7B4E833D686C6C5052DA4C05FEA93EB4E622EE93310792AD8D1D312F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664960, "uuid": "27d6bf53-72bf-4ad1-98bb-ca228b8946f0", "value": "6144:wjjRyjqPPCViCI3r/nHk8ehEqQHNaBQcgd+VFKR7DYfx:ydyjxVZw/nRehhQHatVKNDYfx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689664960, "uuid": "53fa8343-e84d-4391-a558-76de96e37acd", "value": 245008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689664960, "uuid": "5663449e-e2ff-4d7b-937b-70f5a40ef81b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689664960, "uuid": "3ae40a24-d972-46fa-a828-fcfd51b27c40", "value": "Revised PI.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }